CERTIFIABLE EVIDENCE OF A E-MAIL MESSAGE TRANSMISSION AND TO PRODUCTION OF A CERTIFICATE OF THAT FACT UPON REQUEST
Original Publication Date: 1999-Sep-01
Included in the Prior Art Database: 2002-Aug-29
Frederic Lockard: AUTHOR [+2]
AbstractLegal evidence for the receipt of a mail message is difficult to obtain whenever the mail transfer sys- tem can not provide a digitally-signed receipt, usual- ly because of network constraints. For example, when two Local Area Network (LAN) enclaves are separated by a firewall (guard), local policy may disallow the use of a signed receipt between the LANs. This is usually the case when the message originator and the message recipient do not both have release authority to the other LAN enclave. The originator of an electronic message has very lit- tle means to obtain concrete evidence that a specific message was indeed received by the designated recipient. The security audit logs of the messaging components provide some evidence that particular operations took place, for example, the recipient being logged into their system. However, the lack of detail in the security audit records affords a message recipient with greater opportunity to repudiate his/her actions and deny ever reading the mail mes- sage.
Developments Technical 0 M MOTOROLA
CERTIFIABLE EVIDENCE OF A E-MAIL MESSAGE TRANSMISSION AND TO PRODUCTION OF A CERTIFICATE OF THAT FACT UPON REQUEST.
by Frederic Lockard and Michel Musy
in the first part. The second part completes the prin- ciple to describe how would the Certifiable Trace Recorder be implemented. Finally, the third part shows how would the Certification component pro duce the certificate.
SOLUTION TO THE PROBLEM, AND HOW THE DISCLOSED STRUCTURE OR METHOD WORKS.
The Principle (Reference Figure 1. Construction of a Message Context Verification Block.)
A method for an electronic mail messaging sys- tem component to securely audit a message process- ing event, especially in situations that lack message receipts through a LAN firewall. The method requires a message component, e.g., a user agent (UA), mail list agent (MLA), mail transfer agent (MTA) or mail store (MS), to construct a message- context verification block from a portion of the mes- sage traffic that it processes, and alternately, from the platform operating system security audit log.
Obtaining certified evidence that a message was As shown in the diagram, a message (M), is sent at a particular date/time, without the use of the processed by the component at an arbitrary initial originator's set of private/public signing keys seems time, denoted by Mi. The message content (includ- out of the realms of considerations. The method pre- ing all or some message parts) is processed through sented within this claim provides the means to a secure one-way hash algorithm to produce a hash- record concrete certifiable evidence that a message value for that message, denoted by Hi. The message sent at a particular day/time, has been received at a component has an administrative cryptographic pri- particular point. Interestingly, this method uses vate key signature routine which will digitally sign cryptographic materials regardless of that of the the message hash-value to produce a message hash originator. In a nutshell, a message component, fire- signature-value, denoted by Si. This processing wall, message store, proxy, records a certifiable (hashing then signing) proceeds to the next message trace of the message, another message component (M,) through a site-configurable number of mes- requests the trace records and produces a certificate sages, n. Once the messaging component has the in- for a third-party which could be the originator of the tial stream of n hash signature values, it computes a message, one of the recipients, or another interested message context value, denoted by C,. This is done party. We give a detailed description of the principle by the message component producing a hash-value
0 Mommla,lnc. ,999 177 September 1999
Legal evidence for the receipt of a mail message is difficult to obtain whenever the mail transfer sys- tem can not provide a digitally-signed receipt, usual- ly because of network constraints. For example, when...