Patent Application
20080019530
The accompanying drawings, which are incorporated in and constitute part of this specification, illustrate embodiments of the invention and together with the description, serve to explain the principles of the invention. The embodiments illustrated herein are presently preferred, it being understood, however, that the invention is not limited to the precise arrangements and instrumentalities shown, wherein:
Embodiments of the present invention provide a method, system and computer program product for message archival assurance for encrypted messages. In accordance with an embodiment of the present invention, encrypted messages received in a messaging system can be inspected to determine whether the encrypted messages can be decrypted through an archival key accessible in the messaging system. If so, the message can be forwarded to the designated recipient in the messaging system and archived accordingly. Otherwise, the messaging system can engage in encrypted message archival assurance in order to ensure that an archived form of the message can be accessed at a later time by a third party.
In the archival assurance process, a set of encrypted bulk data keys provided in association with the bulk data of the message can be passed to the client for further processing. Upon receipt of the encrypted bulk data keys, the client can decrypt the bulk data keys selecting one of the keys and can re-encrypt the selected key utilizing a public form of the archival key accessible in the messaging system. Thereafter, the client can return the re-encrypted key to the messaging system for use in processing the bulk data of the message.
Upon receipt of the re-encrypted key, the messaging system can decrypt the key and apply the new key to the bulk data of the message in order to decrypt the bulk data. Once the efficacy of the new key has been confirmed, the new key can be added to a list of bulk data keys for the message and the message in its encrypted form can be passed to the client and concurrently archived. In this way, the messaging system can be assured of the ability to access the bulk data of the encrypted message at a later time though the client as designated message recipient may no longer enjoy an active presence in the messaging system.
In illustration of an embodiment of the invention,
Notably, message archival assurance logic 170 can be coupled to the messaging system 110. The message archival assurance logic 170 can include program code enabled to process an inbound encrypted message 130 to ensure proper archiving within the archive 160 irrespective of the encryption key required to decrypt the message 130. In this regard, upon receipt of the encrypted message 130, the program code of the message archival assurance logic 170 can determine if an archival key already exists for the encrypted message 130 in the bulk data keys 180. If so, the message 130 can be routed to the designated one of the messaging clients 120 and archived in the archive 160. Otherwise, the program code of the message archival assurance logic 170 can further process the message 130 to ensure proper archiving of the message 130 within the archive 160.
Specifically, once determining that an archival key does not exist for the inbound encrypted message 130, a set of bulk data keys 190A provided in association with the encrypted message 130 can be passed to the designated one of the messaging clients 120. The designated one of the messaging clients 120 in turn can decrypt the bulk data keys 190A with private key 190B and can re-encrypt a selected one of the bulk data keys 190A with the public archival key 190C for the messaging system 110. Thereafter, the designated one of the messaging clients 120 can forward the encrypted form of the selected one of the bulk data keys 190A to the messaging server 110 which can decrypt the selected one of the bulk data keys 190A using the private form of the archival key.
Once the messaging server 110 has decrypted the selected one of the bulk data keys 190A using the private form of the archival key, the messaging server 110 can add the selected one of the bulk data keys 190A to the bulk keys 180 managed by the messaging server for accessing archived messages in the archive 160. Concurrently, the messaging server 110 can forward the inbound encrypted message 130 to the designated one of the messaging clients 120 and the messaging server 110 can store a copy of the inbound encrypted message 130 in the archive 160 with the assurance that a third party can access the archived copy of the encrypted message 130 using one of the bulk data keys 180.
In yet further illustration,
In decision block 220, if an archival key does not exist for the encrypted message such that the build data in the message cannot be decrypted using the archival key, in block 225 a set of bulk data keys associated with the encrypted message can be forwarded to the messaging client in encrypted form (presumably having been encrypted with the public key of the messaging client). In block 260, the messaging client can receive the encrypted set of bulk data keys and in block 265, the messaging client can verify the identity of the server as a trusted message source.
In block 270 the bulk data keys can be decrypted using the private key of the messaging client and in block 275, a desired key can be selected for decrypting the bulk data of the message. Thereafter, in block 280 the selected key can be re-encrypted using the public archival key for the messaging server. Once re-encrypted, the selected bulk data key can be returned to the messaging server so that the messaging server can attempt to decrypt the selected bulk data key using a private form of the archival key in block 230. Once successful, in block 235 the messaging server can decrypt the bulk data of the message and verify the integrity of the decrypted message.
Notably, in the scenario where the messaging server is not configured with a private form of the archival key and only is configured with a public form of the archival key, the messaging server at least can confirm that it remains possible for the bulk data key to have been encrypted using a private form of the archival key. In this regard, using the public form of the archival key, the messaging server can determine if the encrypted bulk key has been marked as being decryptable by the archival key.
In any case, in decision block 240, if the bulk data of the message fails verification, the message can be discarded in block 295 and the messaging system can return to process the next mail request. Otherwise, in block 245 the decrypted bulk data key can be added to the bulk keys of the messaging server and in block 250, the encrypted message can be both archived for subsequent access and forwarded to the messaging client. Finally, in block 290 the messaging client can decrypt and render the message.
Embodiments of the invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements. In a preferred embodiment, the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, and the like. Furthermore, the invention can take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system.
For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W) and DVD.
A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution. Input/output or I/O devices (including but not limited to keyboards, displays, pointing devices, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
