Method for secured transmission of a data object

US 10,039,001 B2
Filed: 01/08/2015
Issued: 07/31/2018
Est. Priority Date: 01/09/2014
Status: Active Grant

First Claim

Patent Images

1. Method comprisingreceiving identification information on an addressee to whom an encrypted data object is sent by a transmission device or for whom the encrypted data object is to be provided by the transmission device for retrieval, from the transmission device to a server,associating the identification information with a key for decrypting the encrypted data object by the server,generating a certificate for a key for encrypting the data object by the server, wherein the server assigns the certificate for the key for encrypting the data object to the key for decrypting the encrypted data object,sending the certificate for the key for encrypting the data object to the transmission device, andsending the key for decrypting the encrypted data object to the addressee by the server, or providing by the server the key for decrypting the encrypted data object for retrieval by the addressee;

wherein the server stores the assignment between the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object in an entry in a database located in a memory of the server; and

wherein the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object are stored in the entry in the database, and wherein the server deletes the key for decrypting the encrypted data object after the sending or providing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed comprising receiving identification information on an addressee, to whom an encrypted data object is sent by a transmission device or for whom the encrypted data object is to be provided by the transmission device for retrieval, from the transmission device to a server, associating the identification information with a key for decrypting the encrypted data object by the server, sending the key for decrypting the encrypted data object to the addressee by the server, or providing by the server the key for decrypting the encrypted data object for retrieval by the addressee.

10 Citations

View as Search Results

25 Claims

1. Method comprisingreceiving identification information on an addressee to whom an encrypted data object is sent by a transmission device or for whom the encrypted data object is to be provided by the transmission device for retrieval, from the transmission device to a server,associating the identification information with a key for decrypting the encrypted data object by the server,generating a certificate for a key for encrypting the data object by the server, wherein the server assigns the certificate for the key for encrypting the data object to the key for decrypting the encrypted data object,sending the certificate for the key for encrypting the data object to the transmission device, andsending the key for decrypting the encrypted data object to the addressee by the server, or providing by the server the key for decrypting the encrypted data object for retrieval by the addressee;
- wherein the server stores the assignment between the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object in an entry in a database located in a memory of the server; and
  
  wherein the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object are stored in the entry in the database, and wherein the server deletes the key for decrypting the encrypted data object after the sending or providing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. Method according to claim 1, wherein the key for decrypting the encrypted data object or a link for retrieving the key for decrypting the encrypted data object is sent to an electronic message address of the addressee.
  - 3. Method according to claim 1, further comprising:
    - receiving a request for the key for decrypting the encrypted data object at the server, wherein the request comprises authentication information of the addressee,authenticating the addressee by the server.
  - 4. Method according to claim 3, wherein the key for decrypting the encrypted data object has a predefined validity duration, and wherein the key is sent to the addressee or provided for retrieval by the addressee by the server only when the server receives the request for the key within the predefined validity duration.
  - 5. Method according to claim 3, wherein the request for the key for decrypting the encrypted data object contains the certificate for the key for encrypting the data object.
  - 6. Method according to claim 1, further comprising:
    - generating the key for decrypting the encrypted data object by the server.
  - 7. Method according to claim 1, further comprising:
    - generating the key for encrypting the data object by the server, andsending the key for encrypting the data object from the server to the transmission device, or providing by the server the key for encrypting the data object for retrieval by the transmission device.
  - 8. Method according to claim 7, wherein the key for encrypting the data object is a public key of an asymmetric encryption method, and wherein the key for decrypting the encrypted data object is a corresponding private key of the asymmetric encryption method.
  - 9. Method according to claim 1, wherein the key for decrypting the encrypted data object is a single-use key and/or wherein only the encrypted data object is decryptable with the key for decrypting the encrypted data object.
  - 10. Server comprising:
    - at least one processor and at least one memory with program instructions, wherein the at least one memory and the program instructions are configured in order, together with the at least one processor, to cause the server to perform the steps of the method according to claim 1.
  - 11. Non-transitory computer-readable storage medium with a computer program comprising:
    - program instructions which cause a data processing system to perform the steps of the method according to claim 1 when the computer program is executed on a processor of the data processing system.

12. Method comprising:
- encrypting a data object by a transmission device such that it can be decrypted with a key for decrypting the encrypted data object,sending identification information on an addressee of the encrypted data object by the transmission device to a server,receiving a certificate for the key for encrypting the data object from the server at the transmission device, andsending the encrypted data object by the transmission device to the addressee or providing by the transmission device the encrypted data object for retrieval by the addressee, wherein the certificate is sent to the addressee or provided for retrieval by the addressee together with the encrypted data object;
  
  wherein the server stores an assignment between the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object in an entry in a database located in a memory of the server; and
  
  wherein the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object are stored in the entry in the database, and wherein the server deletes the key for decrypting the encrypted data object after the sending or providing.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 23)
- - 13. Method according to claim 12, furthermore comprising:
    - receiving the key for encrypting the data object from the server at the transmission device, orgenerating the key for decrypting and/or encrypting the data object by the transmission device, wherein the key for encrypting and/or decrypting the data object is sent to the server together with the identification information.
  - 14. Method according to claim 12, further comprising:
    - generating a digital signature for the data object by the transmission device.
  - 15. Method according to claim 12, wherein sending the encrypted data object comprises sending the encrypted data object in an electronic message for the addressee of the data object, and wherein the receiver device is an arbitrary data processing system with which the addressee retrieves the electronic message and/or accesses the electronic message.
  - 16. Method according to claim 12, wherein the data object comprises one or more files and wherein the file format of the one or more files is a portable document format, a message format, a text processing document format, a table calculation document format, a data compression format and/or media file format.
  - 17. Method according to claim 12, wherein the encrypted data object is configured as a file and wherein the file format of the encrypted data object is a proprietary file format.
  - 18. Transmission device comprising:
    - at least one processor and at least one memory with program instructions, wherein theat least one memory and the program instructions are configured in order, together with the at least one processor, to cause the transmission device to perform the steps of the method according to claim 12.
  - 19. Non-transitory computer-readable storage medium with a computer program comprising:
    - program instructions which cause a data processing system to perform the steps of the method according to claim 12 when the computer program is executed on a processor of the data processing system.
  - 23. Computer-readable storage medium with a computer program comprising;
    - program instructions which cause a data processing system to perform the steps of the method according to claim 12 when the computer program is executed on a processor of the data processing system.

20. Method comprising:
- obtaining an encrypted data object together with an certificate for a key for encrypting the data object at a receiver device,sending a request for a key for decrypting the encrypted data object with authentication information on an addressee of the encrypted data object from the receiver device to a server, wherein the request for the key for decrypting the encrypted data object contains the certificate for the key for encrypting the data object,receiving the key for decrypting the encrypted data object from the server at the receiver device, anddecrypting the encrypted data object by the receiver device;
  
  wherein the server stores an assignment between the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object in an entry in a database located in a memory of the server; and
  
  wherein the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object are stored in the entry in the database, and wherein the server deletes the key for decrypting the encrypted data object after the sending.
- View Dependent Claims (21, 22)
- - 21. Method according to claim 20, further comprising:
    - removing by the receiver device the key for decrypting the encrypted data object from the receiver device.
  - 22. Receiver device comprising:
    - at least one processor and at least one memory with program instructions, wherein the at least one memory and the program instructions are configured in order, together with the at least one processor, to cause the receiver device to perform the steps of the method according to claim 20.

24. Method for protected transmission of a data object, the method comprising;
- receiving identification information on an addressee to whom an encrypted data object is sent by a transmission device or for whom the encrypted data object is to be provided by the transmission device for retrieval, from the transmission device at a server,associating the identification information with a key for decrypting the encrypted data object by the server,generating a certificate for a key for encrypting the data object by the server, wherein the server assigns the certificate for the key for encrypting the data object to the key for decrypting the encrypted data object,sending the certificate for the key for encrypting the data object to the transmission device,sending the key for decrypting the encrypted data object to the addressee by the server, or providing by the server the key for decrypting the encrypted data object for retrieval by the addressee;
  
  encrypting the data object by the transmission device such that it can be decrypted with the key for decrypting the encrypted data object,sending the identification information on the addressee of the encrypted data object by the transmission device to the server,receiving the certificate for the key for encrypting the data object from the server at the transmission device,sending the encrypted data object by the transmission device to the addressee or providing by the transmission device the encrypted data object for retrieval by the addressee, wherein the certificate is sent to the addressee or provided for retrieval by the addressee together with the encrypted data object;
  
  obtaining the encrypted data object together with the certificate for the key for encrypting the data object at a receiver device;
  
  sending a request for the key for decrypting the encrypted data object with authentication information on the addressee of the encrypted data object from the receiver device to the server, wherein the request for the key for decrypting the encrypted data object contains the certificate for the key for encrypting the data object,receiving the key for decrypting the encrypted data object from a server at the receiver device, anddecrypting the encrypted data object by the receiver device;
  
  wherein the server stores the assignment between the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object in an entry in a database located in a memory of the server; and
  
  wherein the certificate for the key for encrypting the data object and the key for decrypting the encrypted data object are stored in the entry in the database, and wherein the server deletes the key for decrypting the encrypted data object after the sending or providing.

25. System for protected transmission of a data object, the system comprising:
- a server comprising at least one hardware processor and at least one memory with program instructions stored therein, wherein the at least one memory and the program instructions are configured in order, executed by the at least one hardware processor, to cause the server to perform;
  
  —
  
  receiving identification information on an addressee to whom an encrypted data object is sent by a transmission device or for whom the encrypted data object is to be provided by the transmission device for retrieval, from the transmission device to a server,associating the identification information with a key for decrypting the encrypted data object,generating a certificate for a key for encrypting the data object by the server, wherein the server assigns the certificate for the key for encrypting the data object to the key for decrypting the encrypted data object,sending the certificate for the key for encrypting the data object to the transmission device, andsending the key for decrypting the encrypted data object to the addressee, or providing the key for decrypting the encrypted data object for retrieval by the addressee;
  
  the transmission device comprising;
  
  at least one processor and at least one memory with program instructions, wherein the at least one memory and the program instructions are configured in order, together with the at least one processor, to cause the transmission device to perform;
  
  encrypting the data object such that it can be decrypted with the key for decrypting the encrypted data object,sending identification information on the addressee of the encrypted data object to the server,receiving the certificate for the key for encrypting the data object from the server, andsending the encrypted data object to the addressee or providing the encrypted data object for retrieval by the addressee, wherein the certificate is sent to the addressee or provided for retrieval by the addressee together with the encrypted data object; and
  
  a receiver device comprising at least one processor and at least one memory with program instructions, wherein the at least one memory and the program instructions are configured in order, together with the at least one processor, to cause the receiver device to perform;
  
  obtaining the encrypted data object together with the certificate for a key for encrypting the data object,sending a request for the key for decrypting the encrypted data object with the authentication information on the addressee of the encrypted data object to the server, wherein the request for the key for decrypting the encrypted data object contains the certificate for the key for encrypting the data object,receiving the key for decrypting the encrypted data object from the server, anddecrypting the encrypted data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kobil Comp GmbH
Original Assignee
Kobil Systems GMBH
Inventors
Koyun, Ismet, Ruppert, Markus
Primary Examiner(s)
Getachew, Abiy

Application Number

US14/591,993
Publication Number

US 20180183608A1
Time in Patent Office

1,300 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/08   for authentication of entit...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/3263   involving certificates, e.g...

Method for secured transmission of a data object

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Method for secured transmission of a data object

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others