Secure transfer of a data object between user devices
First Claim
1. A method for transferring a data object from a source device to a destination device, the method comprising:
- publishing, by the destination device, a request for the data object on a local network, the request including a randomly generated request identifier;
sending, by the destination device, via a first communication channel that requires participation of at least one system remote from the local network, a message requesting the data object and including the randomly generated request identifier to one or more other devices, the one or more other devices including the source device;
establishing, by the destination device, a second communication channel with the source device via the local network, the source device and the destination device both being registered devices; and
while the second communication channel persists;
exchanging with the source device, by the destination device, a first public key of the destination device and a second public key of the source device via the first communication channel, the exchanging comprising;
receiving, by the destination device via the first communication channel, a key request message from the source device, the key request message including the second public key of the source device; and
sending, by the destination device via the first communication channel, a key response message to the source device, the key response message including the first public key of the destination device;
establishing, by the destination device, via the second communication channel, a secure session for exchanging data with the source device, wherein the secure session is established using the first public key and the second public key and wherein establishing the secure session includes generating a session key;
receiving, by the destination device, via the secure session, an encrypted version of the data object from the source device; and
decrypting, by the destination device, the received data object using the session key.
1 Assignment
0 Petitions
Accused Products
Abstract
A data transfer process can include multiple verification features usable by a “source” device to ensure that a “destination” device is authorized to receive a requested data object. The source device and destination device can communicate via a first communication channel (which can be on a wide-area network) to exchange public keys, then use the public keys to verify their identities and establish a secure session on a second communication channel (which can be a local channel). The data object can be transferred via the secure session. Prior to sending the data object, the source device can perform secondary verification operations (in addition to the key exchange) to confirm the identity of the second device and/or the locality of the connection on the second communication channel.
-
Citations
19 Claims
-
1. A method for transferring a data object from a source device to a destination device, the method comprising:
-
publishing, by the destination device, a request for the data object on a local network, the request including a randomly generated request identifier; sending, by the destination device, via a first communication channel that requires participation of at least one system remote from the local network, a message requesting the data object and including the randomly generated request identifier to one or more other devices, the one or more other devices including the source device; establishing, by the destination device, a second communication channel with the source device via the local network, the source device and the destination device both being registered devices; and while the second communication channel persists; exchanging with the source device, by the destination device, a first public key of the destination device and a second public key of the source device via the first communication channel, the exchanging comprising; receiving, by the destination device via the first communication channel, a key request message from the source device, the key request message including the second public key of the source device; and sending, by the destination device via the first communication channel, a key response message to the source device, the key response message including the first public key of the destination device; establishing, by the destination device, via the second communication channel, a secure session for exchanging data with the source device, wherein the secure session is established using the first public key and the second public key and wherein establishing the secure session includes generating a session key; receiving, by the destination device, via the secure session, an encrypted version of the data object from the source device; and decrypting, by the destination device, the received data object using the session key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An electronic device, comprising:
-
a storage device; a network interface to communicate via one or more networks including at least a local network; and one or more processors coupled to the network interface and the storage device, the one or more processors being configured to; publish a request for the data object on the local network, the request including a randomly generated request identifier; send, via a first communication channel that requires participation of at least one system remote from the local network, a message requesting the data object and including the randomly generated request identifier to one or more other devices, the one or more other devices including a source device; establish a second communication channel with the source device via the local network, the source device and the destination device both being registered devices; and while the second communication channel persists; exchange with the source device a first public key of the destination device and a second public key of the source device via the first communication channel, the exchanging comprising; receiving, by the destination device via the first communication channel, a key request message from the source device, the key request message including the second public key of the source device; and sending, by the destination device via the first communication channel, a key response message to the source device, the key response message including the first public key of the destination device; establish, via the second communication channel, a secure session for exchanging data with the source device, wherein the secure session is established using the first public key and the second public key and wherein establishing the secure session comprises generating a session key; receive, via the secure session, an encrypted version of the data object from the source device; and decrypt the received data object using the session key. - View Dependent Claims (9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium having stored thereon program instructions that, when executed by one or more processors of a source device, cause the source device to perform operations comprising:
-
receiving via a first communication channel, a message from the destination device requesting the data object, wherein the message from the destination device includes a request identifier;
thereafterdetecting, on a local network, a published request from the destination device requesting the data object, wherein the published request includes the request identifier and wherein the local network is such that the first communication channel requires participation of at least one system remote from the local network establishing a second communication channel with the destination device via the local network, the source device and the destination device both being registered devices; and while the second communication channel persists; exchanging, with the destination device, a first public key of the destination device and a second public key of the source device via the first communication channel, the exchanging comprising; receiving, by the destination device via the first communication channel, a key request message from the source device, the key request message including the second public key of the source device; and sending, by the destination device via the first communication channel, a key response message to the source device, the key response message including the first public key of the destination device; establishing, via the second communication channel, a secure session for exchanging data with the destination device, wherein the secure session is established using the first public key and the second public key and wherein establishing the secure session includes generating a session key; and sending, via the secure session, an encrypted version of the data object to the destination device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification