Secure file transfer method and system
First Claim
Patent Images
1. A method of transferring a data file having a file name from a first computer operated by a first user to a second computer operated by a second user, under control of a third computer, comprising the steps of:
- i) in the first computer, the first user selecting a data file for transfer and establishing a communications link with the third computer;
ii) verifying an identity of the first user to the third computer by way of verification communications between the first and third computers;
iii) in the first computer, wrapping or encrypting the data file within an executable file adapted to unwrap or decrypt the data file only upon activation by a unique key code, and then transmitting the executable file containing the wrapped or encrypted data file directly to the second computer together with first user identification information and the file name of the data file;
iv) transmitting the file name of the data file from the first computer to the third computer, together with first user identification information and the unique key code;
v) in the second computer, upon receipt of the executable file containing the wrapped or encrypted data file and upon attempted access thereto by the second user, establishing a communications link with the third computer;
vi) verifying an identity of the second user to the third computer by way of verification communications between the second and third computers;
vii) upon successful verification of the identity of the second user, transmitting the file name of the data file from the second computer to the third computer with a request for the unique key code; and
viii) transmitting the unique key code from the third computer to the second computer so as to cause the executable file to unwrap or decrypt the data file and to allow access thereto in the second computer by the second user.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for the secure transfer of data files from one computer to another. The data file is wrapped or encrypted within an executable file and may only be accessed again by unwrapping or decrypting the data file with a unique key code. The unique key code is effectively held in escrow until an intended recipient of the data file has verified his or her identity to a sender of the data file by way of various verification techniques.
-
Citations
27 Claims
-
1. A method of transferring a data file having a file name from a first computer operated by a first user to a second computer operated by a second user, under control of a third computer, comprising the steps of:
-
i) in the first computer, the first user selecting a data file for transfer and establishing a communications link with the third computer;
ii) verifying an identity of the first user to the third computer by way of verification communications between the first and third computers;
iii) in the first computer, wrapping or encrypting the data file within an executable file adapted to unwrap or decrypt the data file only upon activation by a unique key code, and then transmitting the executable file containing the wrapped or encrypted data file directly to the second computer together with first user identification information and the file name of the data file;
iv) transmitting the file name of the data file from the first computer to the third computer, together with first user identification information and the unique key code;
v) in the second computer, upon receipt of the executable file containing the wrapped or encrypted data file and upon attempted access thereto by the second user, establishing a communications link with the third computer;
vi) verifying an identity of the second user to the third computer by way of verification communications between the second and third computers;
vii) upon successful verification of the identity of the second user, transmitting the file name of the data file from the second computer to the third computer with a request for the unique key code; and
viii) transmitting the unique key code from the third computer to the second computer so as to cause the executable file to unwrap or decrypt the data file and to allow access thereto in the second computer by the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
12. A method of transferring a data file to a first computer from a second computer, the method comprising the steps of:
-
i) establishing a communications link between the first and second computers;
ii) selecting, by way of the first computer, a data file for transfer from the second computer;
iii) in the second computer, wrapping or encrypting the data file within an executable file adapted to unwrap or decrypt the data file only upon activation by a unique key code, and then transmitting the executable file containing the wrapped or encrypted data file to the first computer;
iv) verifying an identity of a user of the first computer to the second computer by way of verification communications between the first and second computers;
v) upon successful verification of the user of the first computer, transmitting the unique key code to the first computer.
-
-
16. A method of transferring a data file to a first computer having a first telecommunications address from a second computer having a second telecommunications address, comprising the steps of:
-
i) transmitting a request for the data file from the first computer to the second computer, the request including data identifying the data file and the first telecommunications address;
ii) in the second computer, wrapping or encrypting the data file within an executable file adapted to unwrap or decrypt the data file only upon activation by a unique key code;
iii) assigning a unique identification string to the executable file in the second computer, the unique identification string being further associated in the second computer with the first telecommunications address;
iv) transmitting the executable file (containing the data file) and the unique identification string from the second computer to the first computer;
v) causing a message to be displayed by the first computer showing the unique identification string and requesting a user to call a predetermined telephone number from a telephone operated by the user;
vi) receiving a telephone call from the telephone operated by the user, determining its telephone number and receiving the unique identification string from the user;
vii) in the second computer, generating a pseudo-random string, associating the pseudo-random string with the unique identification string and the telephone number of the telephone operated by the user, and transmitting the pseudo-random string to the telephone operated by the user;
viii) applying a mask code, known to the user and to the second computer, to the pseudo-random identification string so as to generate a volatile identification code in accordance with predetermined rules;
ix) transmitting the volatile identification code to the second computer, either from the telephone operated by the user in which case the volatile identification code is transmitted together with the telephone number of the telephone operated by the user, or from the first computer in which case the volatile identification code is transmitted together with the first telecommunications address, the telephone number or the first telecommunications address respectively serving to identify the first computer, the user and the executable file;
x) in the second computer, checking that the volatile identification code matches a volatile identification code generated therein by applying the mask code to the pseudo-random string and, if so;
xi) transmitting the key code to the first computer so as to enable the executable file to unwrap or decrypt the data file and to install this on the first computer.
-
-
17. A secure data transfer system comprising a first computer operated by a first user, a second computer operated by a second user and a third computer, the system being adapted to transfer a data file having a file name from the first computer to the second computer under control of the third computer, in which:
-
i) the first computer is adapted to establish a communications link with the third computer upon selection by the first user of a data file for transfer;
ii) the first and third computers are adapted to verify an identity of the first user to the third computer by way of verification communications between the first computer and the third computer;
iii) the first computer is adapted to wrap or encrypt the data file within an executable file adapted to unwrap or decrypt the data file only upon activation by a unique key code, and to transmit the executable file containing the wrapped or encrypted data file directly to the second computer together with first user identification information and the file name of the data file;
iv) the first computer is adapted to transmit the file name of the data file from the first computer to the third computer, together with first user identification information and the unique key code;
v) the second computer is adapted, upon receipt of the executable file containing the wrapped or encrypted data file and upon attempted access thereto by the second user, to establish a communications link with the third computer;
vi) the second and third computers are adapted to verify an identity of the second user to the third computer by way of verification communications between the second computer and the third computer;
vii) the second computer is adapted, upon successful verification of the identity of the second user, to transmit the file name of the data file from the second computer to the third computer with a request for the unique key code; and
viii) the third computer is adapted to transmit the unique key code from the third computer to the second computer so as to cause the executable file to unwrap or decrypt the data file and to allow access thereto in the second computer by the second user.
-
Specification