| 摘要 |
<p>One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message at a firewall from a source outside of the firewall, the encrypted message having been formed by encrypting the message with a message key. In order to restore the message, the system procures the message key and decrypts the encrypted message with the message key. Next, the system screens the message within the firewall to determine whether the message satisfies a screening criterion. If so, the system allows a destination within the firewall to process the message. In one embodiment of the present invention, procuring the message key includes allowing the source and the destination to negotiate the message key, which is then sent to the firewall. In one embodiment of the present invention, the firewall procures the message key by receiving an encrypted message key along with the encrypted message, the encrypted message key having been formed by encrypting the message key. Next, the firewall sends the encrypted message key to the destination, and allows the destination to decrypt the encrypted message key to restore the message key. Finally, the destination returns the message key to the firewall so that the firewall can decrypt the message.</p> |
