The invention relates to the automatic identification of the security of the traffic between electronic mail servers.

Transmitting an electronic mail message securely such that only the intended recipient may gain access to the message is problematic. Electronic mail was originally designed for an environment, in which it was possible to adequately rely on the administration of the servers as well as the security of the network itself. Later, en- cryption and handshaking have been added to electronic mail protocols to ensure information security. Thus, the security of a communications connection between a sending electronic mail server and a receiving electronic mail server is achieved such that outsiders are not allowed to open the electronic mail traffic. However, this requires that all servers and the work stations or terminals of the sender and recipi- ent use reliable encryption, and that there is no unreliable electronic mail server along the route. If a message is sent to a previously unknown electronic mail server, it is in no way possible to ensure the secure transmission of the message all the way to the correct recipient. It is possible to use the encryption of the message itself, for example, using PGP or GPG encryption (= "Pretty Good Privacy" and "Gnu Privacy Guard"). When used properly, these are exceptionally secure. However, the sender and recipient are required to have software, and the sender must have the public key of the recipient for encryption of the message.

A method for transmitting an electronic mail message securely encrypted is previously known from Finnish patent publication FI 125832 B. In the method, the recipient of the message always retrieves the message separately from a secured mail server.

The object of the invention is to provide a method, by means of which an electronic mail can easily and securely be sent to a recipient without the recipient or sender needing to have any particular software or know-how. Further, a solution according to the invention provides for the secure transmission of a message, for example, an electronic mail message, all the way to the server of the recipient, for example, to an e-mail server, if a secured connection exists.

A portion of the traffic between the electronic mail servers of the Internet is en- 5 crypted, a portion is not. A method according to the invention responds to this deficiency by offering a solution, which, in connection with the sending of an electronic mail, automatically identifies, whether the connection between the electronic mail servers used by the sender and the recipient is encrypted and whether the receiving electronic mail server is trusted. When this is not the case, the message is automatic) ically sent as an encrypted electronic message, for example, in the manner described in Finnish patent publication FI 125832 B or in some other manner of encrypted message transmission.

In the following description of the invention, by encryption is meant that the data 15 travels encrypted, and only to the intended recipient or the intended recipients.

Further, a solution according to the invention automatically sends the message encrypted if the connection between the servers is not secure.

20 The above objects are achieved by a method according to claim 1 and a system according to claim 6. Preferred embodiments of the invention are presented in the dependent claims.

In a method for secure electronic message transmission according to the invention, 25 the sender sends an electronic mail message to the electronic mail server of his own or that of a known organization using an encrypted electronic mail transmission protocol, in which the electronic mail message is marked as secured mail by adding to the electronic mail address of the recipient an identifier, on the basis of which the server forwards it guided by the name service using an encrypted transmission pro- 30 tocol to the secured mail server. The method is characterized by that, in the method, the secured mail server forms a test connection to the server in order to verify encryption, and the data obtained in the test connection is analyzed, and, on the basis of the analysis, it is defined, whether there is a security problem with the connection and if, on the basis of the analysis, it is defined that there is a security prob- lem with the connection, the electronic mail message is sent to the recipient as an encrypted electronic mail.

The test connection formed by the secured mail server to the server is formed to the receiving server. Preferably, the electronic mail message can be sent to the recipient automatically or manually or as a combination of these as an encrypted electronic mail.

According to a preferred embodiment of a method according to the invention, if the connection is not defined as having a security problem, the secured mail server sends to the recipient the electronic mail message or a hyperlink to it.

According to another embodiment of a method according to the invention, the sender is notified of an observed security problem.

In a method according to the invention, said encrypted transmission protocol can be a TLS encryption protocol.

Further, in a method according to the invention, an electronic mail message can be marked as secured mail by adding a domain identifier of the secured mail server to the end of the electronic mail address of the recipient.

A system for secure electronic message transmission according to the invention has means for transmitting an electronic mail message sent by the sender to the elec- tronic mail server of his own or that of a known organization using an encrypted electronic mail transmission protocol, in which system the electronic mail message is marked as secured mail by adding to the electronic mail address of the recipient an identifier, on the basis of which the server forwards it guided by the name service using an encrypted transmission protocol to the secured mail server. A system ac- cording to the invention is characterized by that, in the system, the secured mail server comprises means for forming a test connection to the server in order to verify encryption and the system has means for analyzing the data obtained in the test connection and for defining the security of the connection and the secured mail server further comprises means for sending an electronic mail message or hyperlink to the recipient as an encrypted electronic mail, if the means for analyzing the data obtained in the test connection and for defining the security of the connection analyze that there is a security problem with the connection.

In the following, the invention is described by means of the accompanying schemat- ic illustration, in which:

Fig. 1 shows, in a schematic illustration, the parts of the system according to the invention and the steps in the transmission of a message. In this connection, the word "secured mail" is used for internet communication, which is more secure than ordinary electronic mail. This invention relates to the secure transmission of a message such that only the intended recipient gains access to the message. The term "secured mail" is also a part of the business name of the applicant, but, in this connection, the word is used as a general term comprising also the other services of the applicant. The arrows show the steps of the method. The tubular arrows show the steps, in which the contents are secured, for example, by encryption. A single line shows a message or connection, which can also be non- encrypted or unsecured. The tubular arrow drawn with a dashed line shows the test connection.

In Fig. 1, the message of the user of computer CI is delivered to the user of computer C2. The user of the electronic mail program of computer CI can guide the electronic mail to be sent via secured mail by adding a suitable identifier to the identifier information of the electronic mail. In step 1, the message is sent via the electronic mail server Ml used by computer CI to the secured mail server. The arrow of step 1 is drawn as tubular to show an encrypted connection. The server Ml should thus use some known encrypted electronic mail transmission protocol, in order that the message could securely be delivered to the secured mail server TP. It is generally easy for the organization of the user of CI to ensure the use of an en- crypted protocol and, as needed, to introduce in the server a forced encrypted connection also between client computers and the sending server Ml. The connection between the servers can be, for example, SMTPS, i.e. SMTP Secure, which uses SSH or TLS tunnelling in the transport layer. In this case, in connection with the SSH tunnel, public key certificates can be used to verify the servers. As the certificates can be used PKI signed keys, which are granted by the certificate authorities. Preferably, the message is guided from the Ml server to the secured mail server TP simply by adding a domain identifier to the end of the electronic mail address of the electronic mail recipient. In this case, the electronic mail is sent as guided by the name service to be forwarded to the secured mail server TP. There is no need to make any changes to the electronic mail programs or servers of the organization of the sender.

The domain identifier added to the end of the electronic mail, for example, "tur- vaposti.fi" guides mail messages automatically to the secured mail server. In place of the domain of turvaposti.fi can naturally be any suitable domain name whatsoever.

The secured mail server TP can identify the sender by the certificates used by the electronic mail server Ml. The server of the sender can identify the certificate of the secured mail server at least if the domain name of the secured mail server is verified by an extended identifier (Extended Validation certificate, EV), and both servers support this. Self-made identifiers can also be used. An encrypted connection can be ensured as cohesive as long as at least one of the parties is able to inspect the certificate of the opposite party and to identify the encryption keys of the opposite party as genuine. Thus, it is enough if the secured mail server can identify the certificate of the electronic mail server of the sender. If identification is not successfully performed, it is possible to refuse to accept the message and send an error message by electronic mail to the sender and, at the same time, to request the following of a secured https link to transfer the message directly to the secured mail server. It is also possible to allow self-formed identifiers or an encrypted connection without identification in the future. The secured mail server TP resolves the receiving electronic mail server M2 by an automatic name service query.

The secured mail server TP forms a test connection 3 to the server M2 in order to verify encryption. An OpenSSL library may be utilized in the verification. Further, it may be verified, whether the receiving electronic mail server M2 has a currently valid certificate in use. It may also be verified, whether the certificate has been issued by an officially trusted party. Further, it may be verified, whether the recipient account exists. The data obtained in the test connection 3 is automatically analyzed by comparing the data to the security standard defined by the sending organization. The defined security standard may, for example, require that for identifying the receiving server a certificate issued by a trusted certificate authority may be used. Alternatively, the defined level of security may be, for example, that the connection is encrypted. Alternatively, the defined level of security may, for example, mean that the data is encrypted and/or the receiving server is authenticated.

Further, on the basis of the analysis, it is defined, whether there is a security problem with the connection.

If the connection is not defined as having a security problem, the secured mail server TP sends an electronic mail message 1 to the recipient C2. This means that the secured mail server forms a secured connection to the receiving electronic mail server M2. This secured connection may be, for example, a TLS-secured connection. The message can be delivered to the recipient directly to the electronic mail address or a hyperlink can be sent to the recipient, with which the recipient can retrieve the message from the secured mail server TP via a secured connection 4.2.

Further, if, on the basis of the analysis, it is defined that there is a security problem with the connection, i.e. the connection is not secured and/or the electronic mail server of the recipient does not have a trustworthy certificate, the secured mail server can automatically deliver the electronic mail as an encrypted electronic mail, for example, in the manner described in Finnish patent publication FI 125832 B or in some other manner of encrypted message transmission.

In the figure, the example message is sent to a modified electronic mail address Erkki@esimerkki.fi.turvaposti.fi. In this case, the address of the recipient is Erk- ki@esimerkki.fi, and as the identifier is used the addition of turvaposti.fi. This is a handy manner in that there is no need to make any changes to the electronic mail server used by the sender to guide the messages to the secured mail server TP. The secured mail server can also send a reading acknowledgment to the electronic mail address of the sender, when the recipient retrieves or reads the message itself.