USOO7707624B2
(12) United States Patent (10) Patent No.: US 7,707,624 B2 TomkoW (45) Date of Patent: Apr. 27, 2010
(54) SYSTEM FOR, AND METHOD OF PROVING 6,760,752 B1* 7/2004 Liu et al...... TO9,206 THE TRANSMISSION, RECEIPT AND CONTENT OF A REPLY TO AN ELECTRONIC MESSAGE FOREIGN PATENT DOCUMENTS WO WOOO,25245 * 5/2OOO (75) Inventor: Terrence A. Tomkow, Los Angeles, CA WO WOO1? 10090 * 2, 2001 (US) WO WO O2, 11025 A2 2?2002 WO WO 02/25864 A1 3, 2002 (73) Assignee: Rpost International Limited (BM) WO WO O2/O93849 A2 11/2002 (*) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 * cited by examiner U.S.C. 154(b) by 952 days. Primary Examiner Emmanuel L. Moise (21) Appl. No.: 10/719,098 Assistant Examiner Shewaye Gelagay (74) Attorney, Agent, or Firm—John K. Fitzgerald; Fulwider (22) Filed: Nov. 21, 2003 Patton LLP (65) Prior Publication Data (57) ABSTRACT US 2004/O230657 A1 Nov. 18, 2004 A server transmits a message from a sender to a recipient. The Related U.S. Application Data server receives from the recipient an attachment relating to (60) Provisional application No. 60/429,080, filed on Nov. the message route between the server and the recipient. The 26, 2002. server transmits to the sender the message and the attachment s and their encrypted digital fingerprints and expunges the (51) Int. Cl. transmitted information. To Subsequently authenticate the G06F 7/04 (2006.01) message and the attachment, the sender transmits to the server G6F 5/6 (2006.01) what the server has previously transmitted to the sender. The G06F 7/30 (2006.01) server then prepares a digital fingerprint of the message and H04L 29/06 (2006.01) decrypts the encrypted digital fingerprint of the message and (52) U.S. Cl 726/5: 713/168: 709f2O6 compares these digital fingerprints to authenticate the mes Oa ------s 7097233. 709/24 s sage. The server performs the same routine with the attach s ment and the encrypted digital fingerprint of the attachment to (58) Field of Classification Search ...... 72675 authenticate the attachment the recipient replies to the send See application file for complete search history. er's message through the server. The server records proof of (56) References Cited the delivery and content of the reply to the sender and the recipient. U.S. PATENT DOCUMENTS 6,643,687 B1 * 1 1/2003 Dickie et al...... TO9,206 16 Claims, 22 Drawing Sheets
14 16 ESMTPDIALOG (TELENET CONNECTION) REGISTERIGAIt RECIPIENTS MAI TRANSPORTAGENT MESSAGE (TAGGED) TRANSPORTAGENT (RPOSTSERVER) MTA DSN REPORTS) & MUA NOTIFICATION (RPOSTSERVER) RECEPT
SEDERS MAUSERAGENT (E-MAIL CLIEVT)
18 MESSAGESENDER - 20 MESSAGERECIPIENT MESSAGE BODY MESSAGE DIGEST
ATACHMENT1 MESSAGE DIGEST
MESSAGE BODY ESSAGE DIGEST: ATACHMENT ATACHMENTn (ESMTPDIALOGIS) DSN REPORTS)
ATTACHMENTn ECRYPTED OVERAL MESSAGEDGEST (DIGITALSIGNATURE)
U.S. Patent Apr. 27, 2010 Sheet 2 of 22 US 7,707,624 B2 FIG 2A-1 200 205
To register an email by an originator RS sets the Delivery Status of each (e.g., "John Smith at email address destination to "UWSEWT" jSmithGadomain.com)
206
RS generates and Stores Message Digest (hash) of the body of the Originator Creates an email message message using any Internet Mail User Agent (MUA) (Note the message may have multiple destinations and attachments) 207 202 RS generates and stores a hash for each file attached to the message, The Registration System (RS), acting as the Senders MTA receives a copy Of email . 208 203 RS Creates a second copy to RSWill Create a copy of the original modify the original message message to be stored until the registration process is complete 209 204
RS Creates a database record Which The Original subject line of the included: message is amended to indicate that The time at Which the message Was the Copy is registered (e.g. by received, pre-pending (R)egistered") The names and Sizes Of the attachments of the message 210
The name and address of each destination of the message, A notice that the message is The time at Which the message Was registered by RS, together with links delivered to the destination's MIA. to the RS's WWW site are appended The delivery status of each destination to the body of the message, U.S. Patent Apr. 27, 2010 Sheet 3 of 22 US 7,707,624 B2
Email headers are added requesting a Mail User Agent (MUA) reading notification in a variety of header formats recognized by various MUAs, The request for notification directs the notification to an destination Whose name is the address Of the Originator of the message and Whose address is a post.com account Set up for this purpose, The notification Will use the address of the original sender in the name field of the MUA request. (e.g., dispositions-notification-to.jsmith0adomin, COm KreadreceiptGrpost.com.>)
Transmit the message (GOTO FIGB)
FIG, 2A-2 U.S. Patent Apr. 27, 2010 Sheet 4 of 22 US 7,707,624 B2
I
IZZ ZZZ
U.S. Patent Apr. 27, 2010 Sheet 5 of 22 US 7,707,624 B2
U.S. Patent Apr. 27, 2010 Sheet 6 of 22 US 7,707,624 B2
U.S. Patent Apr. 27, 2010 Sheet 7 of 22 US 7,707,624 B2
240 System receives MTA Notification FIG, 2C 241 System scans incoming mail to post.com for addresses containing "rctp f
242 System identifies meSSages addressed to "rcpbXXXXXyGrpost.com" 243 as delivery notifications for destination System Scans the y of message XXXXXXX, Subject and body of the message for Strings indicating delivery failure, relay or Success 244 24 5
Change delivery status
Motification of destination y of indicates Successful meSSage XXXXXY tO delivery "DELIVERED-TO
2 MAILBOX"
246 250 WOtification Change delivery Status Save copies of indicates delivery of destination y of MTA Wotice and failure message XXXXXX to 2 "FAILURE" attachments 251 248 Processing Complete
Notification Change delivery status indicates message of destination y of elayed onward message XXXXXX to "RELAYED" U.S. Patent Apr. 27, 2010 Sheet 8 of 22 US 7,707,624 B2
250 251 From time to time the system For each meSSade Will review the Status of all g pending messages the system Will 402
Examine the destination Status (DS) for each destination
255 DS = Examines neXt "DELIVERED-AND Since delivery WAITING-FOR-DSW" 256
Get West
Destination
Since delivery "DELIVERED"
YES
15 (Note: DS="RELAYED', More "UNDELIVERABLE", Destinations "DELIVERED-TO-MAILBOX"Or 2 "FAILURE") WO 260 Delivery is complete F.IG. 2D Generate(Goto fig Receipt 2E) U.S. Patent Apr. 27, 2010 Sheet 9 of 22 US 7,707,624 B2
FIG. 2E-1 270 The system generates an email Receipt Which includes:
271 A message identifier for administrative purposes, This identifier may be or may include reference to the originator's id and/or the value of the Internet Message-ID of the originator's message as received by the system,
272 The Quoted body of the message together With the email addresses of its intended recipients, 273
A table for each recipient listing: The Delivery status of the message for that destination based upon the Systems recorded delivery status, The time at Which the recipient's MIA received the message and/or the time at which the system received a DSW from the recipient's MTA.
274 A list of the original attachments of the email together with there separate hash numbers.
275 Transcripts or abstractions of the transcripts of all the SMPT dialogs generated in the delivery of the message to each destination,
(F) U.S. Patent Apr. 27, 2010 Sheet 10 of 22 US 7,707,624 B2
276
Quotations from the bodies and the attachments of all received DSNs including Whatever details of delivery or disposition of the message that they might reveal.
277 The system Will attach to the receipt copies of all of the attachments of the Original message,
278 The system will attach received DSN messages and their attachments to the receipt,
279 Having generated the text of the receipt so far, the system then generates an encrypted hash of the body of the receipt,
280 The encrypted hash is appended to the body of the message as a digital Signature,
281 The receipt, now being complete, is sent by email to the originator With the advice that it be kept for the Originator's records,
282 The system may now delete all copies of the Original message, attachment and DSNs,
FIG, 2E-2 U.S. Patent Apr. 27, 2010 Sheet 11 of 22 US 7,707,624 B2
285 The system receives MUA Notifications at an e-mail address used for the purpose. (e.g., readreceipt0rpost.com)
286 Extracts the address of the Sender of the Original message from the address of the MUA Notice Where it is found in the name field of the message, (e.g., TOjsmith(Gadomain, COm KreadreceiptGrpost.com.>
287
Creates a receipt which includes; the Subject of the MUA as its subject, a heading e.g. "RPost Reading Receipt", the body of the MUA Notice quoted in the body of the Receipt a time/datestamp
288 Attach to the receipt any files that may accompany the MUA's receipt
289 Generate a hash for any files attached to the receipt and record this hash in the body of the receipt,
290 Generate a hash for the body of the receipt and its attachments, encrypt this hash, and appended the result to the message as a "document digital fingerprint",
291 Send the resulting receipt to the Originator of the message,
292 Having sent this receipt, the system may delete all internal records of the transaction,
FIG, 2F
U.S. Patent Apr. 27, 2010 Sheet 16 of 22 US 7,707,624 B2
700 Users Submit receipts for validation by forwarding them as emails to a specific post.com address. E.g., authenticaGrpost.com
701 When a receipt is received the operators of the system shall; CD 702 Detach and decrypt the document digitalSignature appended to the receipt,
703 Generate a hash of the balance Of the document O)
704 Does the neW hash Value WO = the encrypted hash 2 YES
707
Are hash Values for attached files included in the WO body of the receipt
2
For each Such file 708
YES 711 Generate a hash Of the attached file. 709
Does the Newly Compare the newly generated hash to the generated hash = WO hash Value quoted in the document, the hash recorded in the receipt 2 FIG 7-1 U.S. Patent Apr. 27, 2010 Sheet 17 of 22 US 7,707,624 B2
705 Generate a report indicating that the operator of RPost cannot authenticate the receipt as an accurate record of the delivery or contents of the message described in the receipt,
706
Generate a report indicating that the operator of RPost can authenticate the receipt as an accurate record of the delivery of the Original message to its destination: that the body of the message Was as appears in the receipt,
710
Generate a report indicating that the operator of RPost can authenticate the receipt as an accurate record of the delivery of GK) the original message to its destination. that the body of the message Was as appears in the receipt, That each delivered attachment Was identical to the Copies appended to the receipt.
712
Generate a report indicating that the operator of RPost cannot CD authenticate the Submitted receipt because the attached file appears to have been altered since the time the message Was delivered,
713 Appended a copy of the receipt to the report
714 E-mail the report to the user Who Submitted the receipt.
FIG. 72
U.S. Patent Apr. 27, 2010 Sheet 19 of 22 US 7,707,624 B2
F.IG, 9 To register an email for a recipient. 900
901 Receive email for recipient acting as an SMTPROP or IMAP server,
902 Generate a hash/digital fingerprint for the Content of the message and its attachments
903
904
1000 Recipient Submits a copy of the receive J F.IG 1 0 mail to the operators of the system Who:
1001 Decrypt the hash attached to the body of the message,
1002 Generate a hash of the body of the message and attachments
1003 Compare the document hash(es) With the decrypted hash(es) 1005 1004 The operators can Do the hash(es) match? Warrant that the email is as originally received, 1006 The Operators can Warrant that the e-mail has been altered since originally received.
U.S. Patent Apr. 27, 2010 Sheet 21 of 22 US 7,707,624 B2
FIG, 12
THE MESSAGE IN MIME/HTML FORMAT
2 FORMATMESSAGE IN 1504 N MIME/HTML FORMAT
ADD LINK TO MESSAGLDXDESTINATIONIDGRPOST.NET
1505 SEND MESSAGE U.S. Patent Apr. 27, 2010 Sheet 22 of 22 US 7,707,624 B2
1506 RECIPIENT CLICKS REPLY"MAILTO" LINK
1507 AREPLY RECEIVED BY REGISTRATION SERVER 1508 S C EXTRACTMESSAGE ID AND DESTINATION FROM QUERY S ADDRESS DATABASE
1509
READDRESS MESSAGE TO ORIGINAL SENDER ORIGINAL SENDER ADDRESS 1510 SEND REQUEST
ORIGINAL 1511 MESSAGEF ID GENERATEDELIVERY RECEIPT
1512 SEND DELIVERY RECEIPTTO ORIGNAL RECIPIENT AND SENDER
FIG 13 US 7,707,624 B2 1. 2 SYSTEM FOR, AND METHOD OF, PROVING confirmation that the letter or package in question was actu THE TRANSMISSION, RECEIPT AND ally delivered to the addressee or his authorized representa CONTENT OF A REPLY TO AN ELECTRONIC tive. On the other hand, various hurdles exist to an e-mail MESSAGE receipt being admitted and relied upon as persuasive evidence in a court of law as a proof that the message was delivered. This is a non-provisional application corresponding to pro After all, the receipt may be just another e-mail message that visional application 60/429,080 filed by Terrance A. Tomkow could have been altered or created by anyone, at any time. PhD in the United States Patent Office on Nov. 26, 2002 for There exists a need for an e-mail system and/or method that a SYSTEM FOR, AND METHOD OF PROVING THE can provide reliable proof of the content and delivery of an TRANSMISSION, RECEIPT AND CONTENT OF A 10 e-mail message in order to take fuller advantage of the con REPLY TO ANELECTRONIC MESSAGE Venience and low cost of communicating via e-mail. This invention relates to a system for, and method of, To meet this need some systems have been established proving the transmission, and the content of a reply by a whereby senders may receive third party proof of delivery by recipient to a message transmitted by a sender to the recipient enrolling in services whereby: and proving the receipt of the reply by the sender. 15 a) The sender transmits an electronic message to a third party together with a list of the documents intended BACKGROUND OF A PREFERRED recipients. EMBODIMENT OF THE INVENTION b) The third party sends a notification to each of the mes Sage's intended recipients inviting them to visit the third 1. In recent years e-mail has become an indispensable party's web site where the message can be viewed. business tool. E-mail has replaced “snail mail for many c) If the intended recipient visits the third party's web site business practices because it is faster, cheaper and generally to view the message, the third party records this visit So more reliable. But there remain some mail applications where that the sender may know that his message has been read hard copy is still dominant. Such as registered and certified by the recipient. mail. For example, when a letter is sent by certified mail the 25 The drawbacks of such systems are manifold. In the first sender is provided with a receipt to prove that the letter was place, they rely essentially on the co-operation of the recipi mailed. A returned registered mail receipt adds the Postal ent of the e-mail to collect his or her messages from the third Service's confirmation that the letter was successfully deliv party's service. But the circumstances in which a sender may ered to the addressee or the addressee's authorized agent. want proof of delivery of a message are often ones in which it Additionally, private couriers such as Federal Express(R) and 30 cannot be assumed that the intended recipient will co-operate United Parcel Service(R) (UPS) provide some type of delivery in receiving the message. In Such cases, e.g. where acknowl confirmation. Since every piece of courier mail is, in effect, edging receipt of the message would place a financial or legal registered, it is natural for consumers to turn to these services burden on the recipient, the recipient can simply ignore the when they want proof of delivery. notification that mail is available for him to receive. Note that Many existing e-mail systems and e-mail programs already 35 there is nothing in Such a system to guarantee that the provide for some form of proof of delivery. For instance, intended recipient has received notification of waiting mail. Some e-mail systems today allow a sender to marka message In the second place, such systems are cumbersome and slow with “request for notifications’ tags. Such tags allow a sender to use as compared to regular e-mail insofar as it can require to request notification that the message was delivered and/or the sender and/or the recipient to connect to a World Wide when the message was opened. When a sender requests deliv 40 Web site to send, collect and verify the delivery of each ery notification, the internet e-mail system may provide the message. Moreover, transmission of documents by Such sender with an e-mail receipt that the message was delivered methods may require both sender and receiver to upload and to the mail server or electronic in-box of the recipient. The download files to a web site. Finally, because these methods receipt message may include the title of the message, the require the third party to retain a copy of the whole of each destination address, and the time of delivery. It may also 45 message until Such time as they are collected or expired, the include (depending on the types of “flags” that are provided methods can require its provider to devote Substantial com and activated in the mailing software) a list of all the internet putational resources to data storage and data tracking over an “stations' that the message passed through en route to its extended period of time. As an alternative method of provid destination. This form of reporting is built into some of the ing proof of delivery, Some systems provide proprietary rules and protocols which implement e-mail. Furthermore, 50 e-mail clients or web-browser plug-ins that will notify send when a message is sent with a “read notification” request, the ers when a message has been received provided that a recipi recipient’s e-mail program may send to the sender an e-mail ent uses the same e-mail client. The obvious disadvantage of notification that the recipient opened that message for read Such systems is that they require both sender and recipient to ing. Many electronic mail clients can and do Support this kind use the same e-mail client. of reporting; however, internet protocols do not make this 55 Therefore, there exists a need for an e-mail system/method mandatory. that (1) can provide reliable proof of the content and delivery However, this does not mean that an e-mail sent with a of electronic messages, (2) which does not require the com notification request is as effective in all respects as registered pliance or co-operation of the recipient, (3) requires no spe mail. People certify and register letters because they want cial e-mail software on the part of sender or recipient, (4) proof of delivery, e.g., proof that can be used in a civil or 60 operates with the same or nearly the same convenience and criminal proceeding, or proof that will satisfy a Supervisor or speed of use as conventional e-mail, and (5) can be operated a client or a government agency that a message has been sent, economically by a service provider. a job has been done, an order placed, or a contract require In co-pending application Ser. No. 09/626,577, filed by Dr. ment satisfied. Terrance A. Tomkow and assigned of record to the assignee of A registration receipt from the United States Postal Service 65 record of this application, a system and method are disclosed (USPS) constitutes proof of delivery because the USPS and claimed for reliably verifying via secure and tamper stands behind it. The receipt represents the Post Office's proof documentation the content and delivery of an electronic US 7,707,624 B2 3 4 message Such as an e-mail. Ideally, the invention disclosed In one aspect, the invention disclosed and claimed in co and claimed in co-pending application Ser. No. 09/626.577 pending application Ser. No. 09/626.577 is a method of pro will give e-mail and other electronic messages a legal status viding proof regarding the delivery and content of an elec on a par with, if not superior to, that of registered United tronic message, comprising: receiving from a sender across a States mail. However, it is not necessary to the invention that computer network an electronic message, the message having any particular legal status is accorded to messages sent a delivery address associated therewith; computing a message according to the methods taught in co-pending application digest according to the message; encrypting the message Ser. No. 09/626,577, as the invention provides useful infor digest; sending the message electronically to a destination mation and verification regardless. corresponding to the delivery address; recording the Simple The invention disclosed and claimed in co-pending appli 10 Mail Transport Protocol (SMTP) or Extended SMTP (ES cation Ser. No. 09/626,577 includes an electronic message MTP) dialog which effects the delivery of the message: system that creates and records a digital signature of each receiving Delivery Status Notification information associated electronic message sent through the system. An originator with the message and the delivery address; providing to the may send a copy of the electronic message to the system or sender an electronic receipt, the receipt comprising: a copy of generate the electronic message within the system itself. The 15 the message, the encrypted message digest, the (E)SMTP system then forwards and delivers the electronic message to transcripts, and at least a subset of the Delivery Status noti all recipients (or to the designated message handlers associ fication information, and, at a future date, receiving electroni ated with the recipients), including “to addressees and “cc’ cally the electronic receipt from the sender, verifying that the addressees. Thereafter, the system returns a receipt of deliv encrypted message digest corresponds to the message, and ery to the originator of the electronic message. The receipt Verifying that the message was received by an electronic includes, among other things: the original message, the digi message handler associated with the delivery address. tal signature of the message, and a handshaking and delivery In another aspect, the invention disclosed and claimed in history including times of delivery to the recipients and a co-pending application Ser. No. 09/626,577 includes a digital signature of the handshaking and delivery history. To method of Verifying delivery of an electronic message, com later verify and authenticate information contained in the 25 prising: in a wide area network computer system, receiving an receipt, the originator or user sends a copy of the message, the electronic message from a message sender for routing to a digital signature of the message and the receipt to the system. destination address; establishing communication with an The system then Verifies that the digital signature is the digital electronic message server associated with the destination signature of the original message. The system then sends a address, the server defining a destination server; querying the 30 destination server to determine whether the destination server letter or provides other confirmation of authenticity verifying supports Delivery Status Notification (DSN) functionality; that the electronic message has not been altered. receiving a response to the query, the query and response The receipt may also include a digital signature of the together defining an SMTP dialog: requesting Delivery Sta handshaking and delivery history. The system may verify that tus notification information from the destination server this digital signature is a digital signature of the handshaking 35 according to results of the SMTP dialog: transmitting the and delivery history. This provides a further verification that electronic message to the destination address; receiving DSN the message has not been altered. information from the destination server with respect to deliv The system disclosed and claimed in co-pending applica ery of the electronic message; and providing to the message tion Ser. No. 09/626,577 may include a form of e-mail server sender at least a portion of the SMTP dialog, and at least a connected to the internet, which can be utilized in many ways. 40 portion of the DSN information. For instance, individual users can register their electronic In yet another aspect, the invention disclosed and claimed messages, such as e-mails, by sending a "carbon copy ("cc: in co-pending application Ser. No. 09/626,577 includes a ') to the system or composing the message within the system method of verifying content of a received electronic message, itself. For corporate or e-commerce users, these users can comprising: receiving the electronic message; generating a change their server to a server incorporating the present 45 digital signature corresponding to the content of the received invention and have all of their external electronic messages message; providing the message and the digital signature to a registered, with the option of having the system retain and designated addressee; and, at a later time, Verifying that the archive the receipts. The system can accept and Verify digital signature is the digital signature of the message. encrypted electronic messages and manage the electronic In accordance with still another aspect of the invention messages within and/or outside a “fire wall.” For web-based 50 disclosed and claimed in co-pending application Ser. No. users, i.e., individuals or corporations using web-based 09/626,577, the method includes establishing whether a mes e-mails, such as MSN Hotmail.R or Yahoo Mail.R, such users sage was electronically received by a recipient, comprising: could check a box or otherwise set a flag within their e-mail providing a message to be dispatched electronically along programs to select on a case-by-case basis whether to make with a recipient's address from a sender, creating a signature the e-mails of record and/or to archive the messages using the 55 associated with the message; dispatching the message elec system disclosed and claimed in co-pending application Ser. tronically to the recipient's address; tracking the message to No. 09/626,577. determine a final Delivery Status of the message dispatched to The digital signature can be created using known digital the recipient’s address; upon receiving final Delivery Status signature techniques, such as by performing a hash function of the message, generating a receipt, the receipt including a on the message to produce a message digest and then encrypt 60 copy of the message, the signature, and the final Delivery ing the message digest. Separate digital signatures can be Status for the message; and providing the receipt to the sender created for the body of the message, any attachments, and for for later establishing that the message was electronically the overall message including the body, the attachments, and received by the recipient. the individual message digests. The encrypted message digest In accordance with yet another aspect of the invention provides one type of message authentication or validation 65 disclosed and claimed in co-pending application Ser. No. code, or secure documentation. Other message authentication 09/626,577, a method is provided for proving that an elec and/or validation codes may also be generated and used. tronic message sent to a recipient was read, comprising: pro US 7,707,624 B2 5 6 viding an electronic message along with a recipient's address; a part of the record received at the intermediate station. The calculating a digital signature corresponding to the electronic intermediate stations receiving this record in the transmission message; dispatching the electronic message electronically to of the record from the recipient, and the times for the trans the recipient’s address; requesting a Mail User Agent (email mission of the record to the intermediate stations, are also client “reading) notification from the recipient; upon receiv included in the record received at the server. The server then ing the reading notification, generating a reading receipt, the transmission to the sender this record, the message, the digital reading receipt including a copy of the message, the digital signature of the message and the digital signature of the signature for the corresponding electronic message, and a attachment(s) defined by the record(s) of the intermediate second digital signature for the reading receipt from the stations and the times of the transmissions to the intermediate recipient; and providing the reading receipt for later verifica 10 tion that said message was received by the recipient. stations. The verification discussed in the previous paragraph may When the sender wishes to authenticate the message and be provided by hashing the message to provide a first digital the file history of the transmission of the message between the fingerprint and decrypting the digital signature of the mes sender and the recipient, the sender transmits this information sage to provide a second digital fingerprint and by comparing 15 to the server and the server processes this information to the two digital fingerprints. The verification discussed in the provide the authentication. previous paragraph may be further provided by hashing the Generally the server is hired by the sender to act as the reading receipt from the recipient to provide a third digital senders agent in transmitting a message electronically to a fingerprint, by decrypting the digital signature of the reading recipient. Since the server acts as the senders agent, the recipient from the recipient to provide a fourth digital finger sender is interested in authenticating that the server has trans print and by comparing the third and fourth digital finger mitted the message properly to the recipient and in authenti prints. cating the time of transmission of the message to the recipi In accordance with another aspect of the invention dis ent. The system and method disclosed and claimed in closed and claimed in co-pending application Ser. No. co-pending application Ser. No. 09/626,577 provides these 09/626,577, a method is provided for validating the integrity 25 authentications. of a purported copy of an electronic message, comprising: Sometimes the recipient is interested in authenticating the receiving the purported electronic message copy, said pur message transmitted to the recipient and in authenticating the ported copy including an encrypted message digest associ time of the transmission of the message to the recipient. For ated therewith; decrypting the encrypted message digest; example, this is important when the sender is a United States generating a second message digest based on content of the 30 or state court, and the recipient is an attorney involved in purported copy; and validating the purported copy by com representing a client in a matter before the courts and the paring the decrypted message digest and the second message message relates to a document that the attorney has to file on digest to determine whether the two message digests match. a short time basis in the court. Under Such circumstances, the In accordance with a still further aspect of the invention attorney may wish to have the message authenticated disclosed and claimed in co-pending application Ser. No. 35 promptly and the time of the transmission of the message to 09/626,577, a method is provided for validating a received the attorney authenticated promptly. As will be appreciated, registered e-mail, comprising: receiving an electronic receipt, any system of method addressing this problem should be said receipt including a base message and an encrypted mes simple, prompt and reliable. Sage digest, decrypting the encrypted message digest, gener The mostly widely practiced methods for authenticating ating a second message digest from the base message; and 40 the authorship and content of electronic messages involve validating the e-mail if the decrypted message digest matches applications of Public Key Cryptography. In such methods the second message digest. the sender of the message computes a digital digest or “hash' In yet another aspect, the invention disclosed and claimed of the contents of the message and encrypts this information, in co-pending application Ser. No. 09/626.577 includes a together with other information identifying the sender, using website at which users can go to send and receive secure 45 the sender's private encryption key. The encrypted informa messages, with the website host acting as an independent tion is included as an attachment to the message. Upon receiv third party which will send and receive the messages and ing the message, the recipient authenticates its authorship and provide secure documentation regarding the content and content by applying the sender's public encryption key to delivery of the messages. decrypt the attachment and then compares the decrypted digi In co-pending application Ser. No. 09/626,577, an authen 50 tal digest with a digital digest of the received message. tication of a message provided by a sender to a server and sent There are several shortcomings with this system: by the server to a recipient is provided by the server to the The system requires that the recipient posses Software sender. In one embodiment, the server transmits the message capable of performing the necessary cryptography and to a recipient. The message may pass through intermediate posses the requisite decryption keys. Some of the most stations before it reaches the recipient. These intermediate 55 stations and the times of the transmission to these intermedi commonly used mail clients, e.g., web based mail client, ate stations are recorded. Other intermediate stations between lack this capacity. The method is not universal among the recipient and the server provide a record of their opera e-mail clients. tions and the time of their operations in passing all of the When a message is “digitally signed in this manner any information relating to the transmission of the message from 60 change to the message however innocent will result in a the server to the recipient and relating to the transmission of failure to authenticate. For example, the changes typi the recipient of the message. cally introduced into a message by forwarding it from In co-pending application Ser. No. 09/626,577, a server most e-mail clients will change the message's digest and transmits a message from a sender to a recipient. The message will result in a failure to authenticate. PKI digital signa may pass through intermediate stations before it reaches the 65 tures are, in this sense, fragile. recipient. These intermediate stations, and the time for the Finally, when a message fails to authenticate because it has transmission of the message to the intermediate stations form changed, it is for all practical purposes, impossible for US 7,707,624 B2 7 8 the recipient to know which portion of the message has e-mails made of record and store receipts from within a Web changed or to reconstruct the original message. The Based Mail User Agent (MUA); method is not resilient. FIG. 7 is a flow diagram for validating an e-mail receipt A system which provides senders with proof of delivery or made of record; sending and proof of content for electronic messages can 5 FIG. 8 is a system diagram of an embodiment of the inven provide users with a valuable record of their outbound com tion disclosed and claimed in co-pending application Ser. No. munications. But users may also sometimes wish to have 09/626,577 for making of record incoming messages: proof that a correspondent has replied to the message and of FIG.9 is a flow diagram in co-pending application Ser. No. the content of that reply. Thus, for example, a contractor 09/626,577 for making of record incoming messages: might e-mail a client an offer to perform a job of work for a 10 FIG. 10 is a flow diagram in co-pending application Ser. stated fee and might wish Some method of proving that the No. 09/626.577 for validating received messages made of client replied approving the work. Mere possession of an record; email apparently from the client might not constitute Such FIG. 11 is a system diagram showing in co-pending appli proof since e-mails can be easily forged or altered. cation Ser. No. 09/626.577 an exemplary use of the system by 15 an e-business to make of record and acknowledge incoming BRIEF DESCRIPTION OF A PREFERRED and outgoing communications; EMBODIMENT OF THE INVENTION FIG. 12 is a flow chart, primarily in block form, showing a system for, and method of transmitting a message from a A server receives a message from a sender and transmits sender to a recipient, through a server constituting an agent of the message to a recipient. The server receives from the the sender, in a format for the sender to receive a registered recipient attachment(s) relating to the message route between reply from the recipient; and the server and the recipient. The server transmits to the sender FIG. 13 is a flow chart, primarily in block form, showing a the message and the attachment(s) and their hashed encryp system for, and method of transmitting a reply from the tions and expunges the transmitted information. recipient to the sender through the server in a format to To authenticate the message and the attachment, the Sender 25 transmits to the server the previous transmission to the sender. provide proof to the sender and the recipient of the transmis The server then hashes the message and decrypts the sion and delivery of the reply to the sender and to provide encrypted hash of the message and compares these hashes. authentication of the content of the reply. The server performs the same routine with the attachment. DETAILED DESCRIPTION OF PREFERRED Thus, the server verifies that the message provided by the 30 EMBODIMENTS OF THE INVENTION server to the sender is authentic. The recipient replies to the sender through the server. The This description is not to be taken in a limiting sense, but is reply may be sent in a manner for the server to record proof of made merely for the purpose of illustrating the general prin delivery and content of the reply. ciples of the invention. The section titles and overall organi 35 zation of the present detailed description are for the purpose BRIEF DESCRIPTION OF THE DRAWINGS of convenience only and are not intended to limit the present A detailed description of the preferred embodiment of the invention. Accordingly, the invention will be described with invention will be made with reference to the accompanying respect to e-mail messaging systems that use the internet drawings: network architecture and infrastructure. It is to be understood 40 that the particular message type and network architecture FIG. 1 is a system diagram of a first embodiment of an described herein is for illustration only; the invention also invention disclosed and claimed in co-pending application applies to other electronic message protocols and message Ser. No. 09/626,577, in which embodiment outgoing mes types using other computer network architectures, including sages are made of record by being transmitted by a special wired and wireless networks. For convenience of discussion, Mail Transport Agent (MTA); 45 FIGS. 2-2F constitute a representative flow diagram for messages that are processed according to the invention dis making an outgoing e-mail of record according to the closed and claimed in co-pending application Ser. No. 09/626,577 may be referred to herein as being “made of embodiment of FIG. 1; record' messages. In the discussion which follows, the term FIG. 3 is a system diagram of a second embodiment of the “RPost' will refer in general terms to a third party entity invention disclosed and claimed in co-pending application 50 which creates and/or operates software and/or hardware Ser. No. 09/626,577, in which embodiment senders may implementing the present invention, and/or acts as a third direct a Mail Transport Agent to transmit selected messages party message verifier. The term is used for convenience of through a separate Mail Transport Agent constructed to make exemplary discussion only and is not to be understood as the selected messages of record; limiting the invention. FIG. 4 is a system diagram of a third embodiment of the 55 invention disclosed and claimed in co-pending application I. Rpost as Outgoing Mail Server Embodiment Ser. No. 09/626,577, in which embodiment carbon copies FIG. 1 is a system diagram of a first embodiment of the (cc’s) of outgoing messages are sent to a special server to be present invention, wherein outgoing e-mails are made of made of record; record according to the invention disclosed and claimed in FIG. 5 is a system diagram of a fourth embodiment of the 60 co-pending non-provisional application Ser. No. 09/626,577. invention disclosed and claimed in co-pending application In this embodiment, the RPost server 14 serves as the primary Ser. No. 09/626,577, in which embodiment users compose outgoing Mail Transport Agent (MTA) for a message senders outgoing messages to be made of record at a designated Mail User Agent (MUA) 13. Although message recipient 18 is website. technically the addressee and is therefore merely the intended FIG. 6 is a system diagram of a fifth embodiment of the 65 recipient or intended destination at this point in time, for invention disclosed and claimed in co-pending application simplicity of discussion this entity will be referred to hereinas Ser. No. 09/626.577 in which embodiment users may send the recipient, addressee, or destination. Note that a single US 7,707,624 B2 10 message may have many different destinations and that each U.S. Pat. No. 5,530,757 issued to Krawczyk, entitled “Dis of these may be reached through a different MTA. The tributed Fingerprints for Information Integrity Verification.” method of sending messages made of record may divided into which are hereby incorporated by reference for their teach three parts: ings of hash functions, encryption, and methods and systems 1) Preprocessing: Steps to be taken before a message is for implementing those functions. Other known or new meth transmitted; ods of detecting whether the contents of the message have 2) Transmission: The method of delivering messages to been altered may be used. addressees; A good hash function H is one-way; that is, it is hard to 3) Post Processing: Procedures for gathering information invert where “hard to invert’ means that given a hash valueh. about messages after their delivery, the creation of receipts, 10 it is computationally infeasible to find some input X such that and the validation of receipts. H(x)=h. Furthermore, the hash function should be at least I.1. Preprocessing weakly collision-free, which means that, given a message X, it On receiving a message for transmission, the RPost server is computationally infeasible to find some inputy Such that 14 will create records in a database for each message that will H(x)=H(y). The consequence of this is that a would-be forger be used to store such information as: 15 who knows the algorithm used and the resulting hash value or a) the time at which the message was received; message digest will nevertheless not be able to create a coun b) the names of the attachments of the message; and terfeit message that will hash to the same number. The hash c) the number of addressees of the message. value h returned by a hash function is generally referred to as For each destination of the message, the database will a message digest. The message digest is sometimes referred record: to as a “digital fingerprint’ of the message X. Currently, it is a) the name of the destination (if available); recommended that one-way hash functions produce outputs b) the internet address of the destination; that are at least 128 bits long in order to ensure that the results c) the time at which the message was delivered to the are secure and not forgeable. As the current state of the art destination’s Mail Server; and advances, the recommended length for secure hash functions d) the Delivery Status of this destination. 25 may increase. Recipient Delivery Statuses used by the system will RPost server 14 computes a message digest for the message include: body, and a separate message digest for each of the attach Unset ments of the message and stores these in a manner in which This status indicates that the message has not been sent. they may be later included in a receipt for the message. Delivered-and-Waiting-for-DSN 30 Before the message is altered in the ways that registration This status indicates that the message has been delivered to will require, a copy of the original message and its attach an ESMTP compliant MTA that supports Delivery Status ments are stored in a manner in which they can be later Notification (DSN) so that a success/failure notification can retrieved by the system. be expected. The RPost server 14 may alter a message in several ways Delivered 35 before transmission to the recipient’s MTA. This status signifies that the copy of the message sent to this Although Such is not necessary to the practice of the inven recipient has been successfully delivered to a server that does tion, the message may be tagged to denote the fact that the not support ESMTP DSN. message has been made of record. Such as by inserting the Delivered-to-Mailbox words “Made of Record' or at the beginning of the “subject’ This status signifies that a DSN message has been received 40 line of the message, by appending a tag. Such as, which indicates that the copy of the message sent to this “This message has been made of record with RPost. Visit recipient was delivered to the mailbox of the recipient. our web site at www.RPost.com for additional informa Relayed tion. at the end of the original message or other tagging. Addi This status signifies that an MTA DSN has been received 45 tionally, the tag may contain instructions, World Wide Web which indicates that the copy of the message sent to this addresses, or links that invite and allow the recipient to send recipient has been relayed onward to another server. a reply made of record to the message by linking to a Web Undeliverable Page from which messages made of record may be composed This status indicates that after repeated attempts RPost has and sent. been unable to connect to an MTA to deliver the messages to 50 this recipient. Although tagging is optional, the delivered message will Failed generally be referred to herein as the tagged message. This status signifies that an MTA DSN has been received Internet protocols provide two forms of receipt for e-mail that indicates a failure to deliver a copy of the message to this messages: recipient. 55 MTA Notifications At this time the system will also perform hashing functions These are e-mails that are sent by a recipient’s MTA noti on the message's contents. fying the nominal sender of the message that various events RPost server 14 employs a hash function and an encryption have occurred. MTAs that conform to the SMTP protocol will algorithm. The hash function may be one of any well-known typically only send a notification in the event that the mailer hash functions, including MD2, MD5, the Secure Hashing 60 cannot deliver a message to the mailbox of the addressee (as Algorithm (SHA), or other hash functions which may be might happen if the address is not valid or if the addressee's developed in the future. Hash algorithms and methods are mailbox has exceeded its allotted Storage quota). described in Bruce Schneider, Applied Cryptography: Proto With the introduction of the Extended SMTP standard it cols, Algorithms, and Source Code in C, John Wiley & Sons, became possible for sending MTAs to request notices of Inc. (New York) 1993: Federal Information Processing Stan 65 success and failure in the delivery of messages. These Deliv dard Publication 180-1 (FIPS PUB 180-1) Secure Hash Stan ery Status Notifications (DSNs) are e-mails which are sent by dard, National Institute of Standards and Technology; and a receiving MTA to the nominal sender of the message when US 7,707,624 B2 11 12 certain events occur: e.g., the message has been Successfully To accomplish the latter goal, the system can take advan deposited into the mailbox of the recipient; the message can tage of the fact that internet addresses have two components: not be delivered to the recipients mailbox for some reason: a name field and an address field, where the address field is set the recipient’s message has been relayed on to another server off by corner quotes “->''. Most MUAs will include both which does not give DSN receipts. fields in the destination address of their MUA notifications. In Note that only e-mail servers that support the Extended composing its requests for MUA receipts, the RPost system SMTP (ESMTP) protocol support this form of DSN and that will include the server 14 read receipt-handling address as the support for this function is optional for ESMTP servers and address for the notification but will use the address of the depends on the configuration selected by the server's admin original sender in the name field of the header. For example, istrators. 10 where the original sender of the message is user John Smith Although DSN is a term that only came into use with the with internet address.jsmith(a)adomain.com, the RPost server advent of ESMTP, we will, in what follows, use DSN to refer 14 will include headers of the form: to any MTA generated message relating to the status of a Disposition-notification-to: jSmith(a)adomain.com received message whether or not it is in conformity to the