Methods and systems for using a vault server in conjunction with a client-side restricted-execution vault-mail environment

Assignee

• Check Point Software Technologies Ltd. · IL

Inventors

• Oded Gonda · Nes Ziona, IL
• Ofer Raz · Yavne, IL
• Alon Kantor · Nes Ziona, IL
• Uri Bialik · Or Yehuda, IL
• Yoav Kirsch · Modiin-Maccabim-Reut, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/08
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis. Preferably, the activation of the link requires user authentication which may be designated during activation of the vault-mail message on a per-message basis based on said content. Preferably, the restricted-execution session enforces a security policy.