Browse Prior Art Database

A framework for flexible and efficient message encryption in messaging systems

IP.com Disclosure Number: IPCOM000028066D
Original Publication Date: 2004-Apr-22
Included in the Prior Art Database: 2004-Apr-22
Document File: 3 page(s) / 61K

Publishing Venue

IBM

Abstract

Message encryption is fundamental to many secure messaging applications. Frequently, messages being delivered have to go through intermediate format conversions and multiple encryption/decryption processes. This article discloses a message format standard and an associated messaging protocol, which facilitat efficient execution of such opearations.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

A framework for flexible and efficient message encryption in messaging systems

A message format standard and an associated messaging protocol are disclosed that facilitates the conversion of encrypted messages by authorised message deliverers and enables the avoidance of unnecessary encryption/decryption being applied to large message bodies. Messaging security can be achieved in two different manners:
1) Sender/receiver controlled encryption: Message senders and receivers are responsible for exchanging and maintaining a shared secret. A sender is responsible for encrypting a message before it is handed over to the messaging system and the receiver decrypts it after receiving it. Primarily, the message system just delivers encrypted message just as any other normal messages. The main advantage of this type of schemes is that messages are protected end-to-end, making it very secure. The main problem with this type of schemes is that the user is responsible for maintaining their keys, which may not be trivial, and the messaging system can not do anything to the messages being delivered, such as performing message format conversions.
2) Messaging system controlled encryption: Messages are automatically encrypted/decrypted by the message delivery system when necessary and the user of the system hand over their secret messages to the system just as normal messages. Typically, messages are encrypted while they are stored on a disk or transmitted across a network channel. To ensure security, crypto keys are normally designed to be private to individual components of the system. For example, the crypto key used by a particular channel is not known by anybody else. This means When a message arrives at the queue, it is automatically encrypted using the private key and then automatically decrypted when it leaves the queue. The automatic decryption is necessary because only this queue knows the decryption key. The main advantage of this type of schemes is that a level of security is automatic and the user is not responsible for any of the security operations. However, encryption/decryption operations may have to be applied to the same message body several times (as decryption keys are not shared across components), which can be very inefficient for large messages. Also, messages are not in a format during delivery.

    Because these two types of schemes are controlled by different people (the user and the system administrator), they may both be applied to the same message body during a delivery and unnecessary message encryption may result.

    Ideally, if required, a messaging system should be able to keep messages encrypted whenever possible without undue message encryption/decryp...