Protecting content from third party using client-side security protection
Abstract
Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer-implemented messaging system, comprising:
a client for sending a message to a recipient using an untrusted message service; and a security component for automatically applying security to the message in response to using the untrusted message service.
2 . The system of claim 1 , wherein the client is at a trusted location and the untrusted message service is at an untrusted location.
3 . The system of claim 2 , wherein the security includes encryption of portions of the message and storage of an associated encryption key at a trusted location.
4 . The system of claim 1 , further comprising a rules component associated with the untrusted message service for creating rules, the message evaluated based on the rules when using the untrusted message service.
5 . The system of claim 4 , wherein the client automatically downloads and caches the rules to be used for evaluating the message when transmitting the message via the untrusted message service.
6 . The system of claim 4 , wherein the rules include at least one of a predicate, an action, or configuration information.
7 . The system of claim 4 , wherein the client is a trusted messaging client that automatically polls the rules component, which is a trusted rules service, for new rules policies and/or modified rules policies, and downloads the new rules policies and/or modified rules policies for evaluation of the message.
8 . The system of claim 1 , wherein the message is evaluated according to the rules during an offline mode of the client and the security is applied during the offline mode.
9 . The system of claim 1 , wherein the security includes encryption of a body of the message so the untrusted message service cannot decrypt the message body.
10 . A computer-implemented messaging system, comprising:
a trusted message client for sending a message to one or more recipients using an untrusted message service, the trusted client applying rules downloaded from a trusted rules service; and a trusted security component for automatically applying a security template to a portion of the message in response to evaluation of the message by the rules.
11 . The system of claim 10 , wherein the rules include at least one of a predicate that defines sender and recipient constraints, an action by a recipient that is specified by the security template, or configuration information that delegates control to a user of the client.
12 . The system of claim 10 , wherein the security template applies results in encryption of a body of the message and/or attachments, which is an e-mail message, to prevent exposure of the body and/or attachments of the e-mail message to the untrusted message service.
13 . The system of claim 10 , wherein the security template as applied to the message prevents an unintended recipient from decrypting the message.
14 . A computer-implemented method of processing messages, comprising:
composing a message in a trusted client for communication to a recipient via an untrusted message service; analyzing the message using a trusted rules service; applying a security template to the message based on results of the analysis; and sending the message to the recipient through the untrusted message service without exposing portions of the message at the untrusted message service based on the security template.
15 . The method of claim 14 , further comprising periodically downloading updated or new rules from the rules service to the client.
16 . The method of claim 14 , further comprising applying encryption broadly or narrowly to the message based on the security template and storing a key to the encryption at a trusted location.
17 . The method of claim 14 , wherein the security template allows exposure of a header portion and subject portion at the untrusted message service and prevents a body portion of the message and message attachments from being exposed at the untrusted message server.
18 . The method of claim 17 , wherein the untrusted message service routes the message to the recipient based on the exposed header portion.
19 . The method of claim 17 , further comprising exposing the body portion of the message only to intended recipients based on the security template.
20 . The method of claim 14 , further comprising:
caching the rules in association with the client; analyzing the message during an offline state of the client; and applying the security template while in the offline state.Join the waitlist — get patent alerts
Track US2018352000A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.