Ed Banti

Deleted property information relating to deleting an item, such as an electronic message, is used for restoring the deleted item. The deleted property information is stored in response to deleting the item. The stored deleted property information identifies a location of where the item was deleted from and may include other information. The location information may be a specific location such as a folder (e.g. inbox, sent, folder 1, . . . ), a calendar, a network location, and the like. In… Show more

Deleted property information relating to deleting an item, such as an electronic message, is used for restoring the deleted item. The deleted property information is stored in response to deleting the item. The stored deleted property information identifies a location of where the item was deleted from and may include other information. The location information may be a specific location such as a folder (e.g. inbox, sent, folder 1, . . . ), a calendar, a network location, and the like. In response to a request to restore a deleted item, the deleted property information is used to restore the deleted item to the location where the item was when deleted. A graphical user interface may be used to assist a user in restoring deleted items. The user interface may display a user friendly name (e.g. "Inbox", "Folder 1", . . . ) of where the deleted item(s) will be/have been restored. Show less

The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization… Show more

The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate. Show less

Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.

Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze… Show more

Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules. Show less

Stacks that associate different electronic content are created using tags that are associated with electronic content. Stacks may be personal, organizational and/or shared. A tag may be associated with different types of electronic content (e.g. documents, people, contacts, meetings, emails, . . . ) that may be stored in different locations. The tag acts as an identifier that travels with the content as the electronic content is used. Content may be automatically/manually tagged. As the tagged… Show more

Stacks that associate different electronic content are created using tags that are associated with electronic content. Stacks may be personal, organizational and/or shared. A tag may be associated with different types of electronic content (e.g. documents, people, contacts, meetings, emails, . . . ) that may be stored in different locations. The tag acts as an identifier that travels with the content as the electronic content is used. Content may be automatically/manually tagged. As the tagged content is used, the different applications that interact with the content (e.g. a messaging application, a content application) can use the tag to perform different actions. Changes to content with a tag may be aggregated such that users looking at the "consolidated" view can see all changes made to content or activity related to that content. Show less

Techniques to provide proxies for web services are described. A technique may include providing proxies for web services that translate one format to a format native used, or understood, by the web service without having to rewrite existing APIs. In one embodiment, for example, an apparatus may comprise a processing unit and a network interface coupled to the processing unit. The apparatus may further include a web service executing web service requests on the processing unit using a native… Show more

Techniques to provide proxies for web services are described. A technique may include providing proxies for web services that translate one format to a format native used, or understood, by the web service without having to rewrite existing APIs. In one embodiment, for example, an apparatus may comprise a processing unit and a network interface coupled to the processing unit. The apparatus may further include a web service executing web service requests on the processing unit using a native format. The apparatus may further include a proxy to receive a web service request in a first format via the network interface and to translate the web service request from the first format to the native format. Other embodiments are described and claimed. Show less

Messaging content that is associated with a user is selected for sharing and transferring with one or more other recipients. A user may select all/portion of the messaging content to transfer. For example, a user may select a single folder from their mailbox, their entire mailbox, one or more conversation threads, one or more subjects, and the like. The selection may be made manually/automatically. For example, a user may use a graphical user interface to select messaging content to share… Show more

Messaging content that is associated with a user is selected for sharing and transferring with one or more other recipients. A user may select all/portion of the messaging content to transfer. For example, a user may select a single folder from their mailbox, their entire mailbox, one or more conversation threads, one or more subjects, and the like. The selection may be made manually/automatically. For example, a user may use a graphical user interface to select messaging content to share and/or messaging content may be automatically selected based on a rule and/or some other condition. After selection, the selected messaging content is transferred to the other recipient(s) with which the user has selected for sharing/transferring. The recipient(s) of the selected messaging content may accept/decline the transfer of messaging content. Upon accepting the invitation, the messaging content is transferred and stored in the recipient's mailbox. Show less

A stealth mode may be used to interact with electronic messages. A user may enter the stealth mode to interact with electronic messages without making state changes to the messages. While operating in stealth mode, operations (e.g. implicit operations such as reading a message) do not change the state of the electronic messages. Upon exiting the stealth mode, the state of the electronic messages is the same as before entering the stealth mode. According to an embodiment, explicit operations… Show more

A stealth mode may be used to interact with electronic messages. A user may enter the stealth mode to interact with electronic messages without making state changes to the messages. While operating in stealth mode, operations (e.g. implicit operations such as reading a message) do not change the state of the electronic messages. Upon exiting the stealth mode, the state of the electronic messages is the same as before entering the stealth mode. According to an embodiment, explicit operations performed during stealth mode (e.g. marking a message as "read", deleting/forwarding/replying a message, . . . ) may change the state of the message relating to the action. Show less

A web-based client for creating and accessing protected content may be provided. Consistent with embodiments of the invention, a webmail client may be provided allowing a user to apply a restriction template to a document. The webmail client may be further operative to decrypt and display the document and enforce the restriction against a recipient.