Selective encryption of electronic messages and data

US 20040030893A1
Filed: 03/20/2003
Published: 02/12/2004
Est. Priority Date: 08/07/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing a first portion of a message on a server, and storing a complementary second portion of the message on a client;

encrypting the first portion of the message on the server, and generating a message specific token associated with the encrypted first portion of the message, the message-specific token comprising one or more encryption keys used to encrypt the first portion of the message;

combining the second portion of the message stored on the client with the message-specific token to form a partially secured message at the client; and

delivering the partially secured message including the message-specific token, from the client to a recipient to facilitate access to both the first and second portions of the message by the recipient.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a server to store a first portion of a message, and a client to store a complementary second portion of the message. The first portion of the message is encrypted and a message specific token comprising one or more encryption keys used to encrypt the first portion of the message is generated. The second portion of the message stored on the client is subsequently combined with the message-specific token to form a partially secured message at the client. Furthermore, the partially secured message including the message-specific token is delivered from the client to a recipient to facilitate access to both the first and second portions of the message by the recipient.

86 Citations

View as Search Results

62 Claims

1. A method comprising:
- storing a first portion of a message on a server, and storing a complementary second portion of the message on a client;
  
  encrypting the first portion of the message on the server, and generating a message specific token associated with the encrypted first portion of the message, the message-specific token comprising one or more encryption keys used to encrypt the first portion of the message;
  
  combining the second portion of the message stored on the client with the message-specific token to form a partially secured message at the client; and
  
  delivering the partially secured message including the message-specific token, from the client to a recipient to facilitate access to both the first and second portions of the message by the recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first portion of the message is identified via a graphical user interface.
  - 3. The method of claim 1, wherein the first portion of the message is dynamically identified based at least in part upon one or more characteristics of the message.
  - 4. The method of claim 1, wherein at least one of the first portion of the message and the second portion of the message comprises an email attachment.
  - 5. The method of claim 1, wherein encrypting comprises:
    - generating a split encryption key based at least in part upon a randomized seed value, the split encryption key having at least a first key portion and a second key portion; and
      
      utilizing the split encryption key to encrypt the first portion of the email message on the server, wherein the message-specific token comprises the first key portion.
  - 6. The method of claim 5, further comprising:
    - generating a unique message identifier associated with the message and based at least in part upon the randomized seed value;
      
      generating a recipient-individualized identifier based at least in part upon the randomized seed value;
      
      associating the message identifier with the recipient-individualized identifier;
      
      generating an obfuscated combination of the first key portion and the recipient individualized identifier; and
      
      discarding the randomized seed value and the first key portion from the server.
  - 7. The method of claim 6, further comprising:
    - providing the one or more message-specific tokens to the client.
  - 8. The method of claim 6, wherein the split encryption key comprises a bifurcated encryption key.
  - 9. The method of claim 1, wherein combining the second portion of the message stored on the client with the message-specific token comprises inserting one or more markup language based form elements within a body portion of the message.

10. A method comprising:
- a server encrypting a message;
  
  the server generating a token including one or more encryption keys used to encrypt the message;
  
  the server combining the token with a message notification to form an integrated message notification;
  
  the server providing the integrated message notification to a sending client; and
  
  the sending client sending the integrated message notification to one or more recipients to facilitate recipient access to the message.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, wherein the message is received from the sending client and stored by the server.
  - 12. The method of claim 10, wherein the message notification is generated by the server.
  - 13. The method of claim 12, wherein the message notification is dynamically generated by the server based upon one or more characteristics of the message.
  - 14. The method of claim 10, wherein the message notification is identified by the sending client from amongst a plurality of predefined message notifications.
  - 15. The method of claim 10, wherein the message notification comprises a markup language based form and the token comprises recipient specific form data to be posted to a network address associated with the server.
  - 16. The method of claim 10, wherein encrypting comprises:
    - generating a split encryption key based at least in part upon a randomized seed value, the split encryption key having at least a first key portion and a second key portion; and
      
      utilizing the split encryption key to encrypt the message on the server, wherein the token includes at least the first key portion of the split encryption key.
  - 17. The method of claim 16, further comprising:
    - generating a unique message associated with the message and based at least in part upon the randomized seed value;
      
      generating a recipient-individualized identifier based at least in part upon the randomized seed value;
      
      associating the message identifier with the recipient-individualized identifier;
      
      generating an obfuscated combination of the first key portion and the recipient individualized identifier; and
      
      discarding the randomized seed value and the first key portion from the server after the integrated message notification is provided to the sending client.
  - 18. The method of claim 10, wherein the integrated message notification comprises recipient input facilities to solicit pre-delivery information from a first of the one or more recipients.
  - 19. The method of claim 18, further comprising:
    - the server receiving pre-delivery information from the first recipient as solicited by the message notification;
      
      the server dynamically determining at least a portion of the message to be delivered to the first recipient based at least in part upon the pre-delivery information received from the first recipient; and
      
      the server delivering the message to the first recipient.

20. A method comprising:
- a server encrypting a message;
  
  the server generating a token including one or more encryption keys used to encrypt the message;
  
  the server transmitting the token to a sending client;
  
  the sending client combining the token with a message notification to form an integrated message notification; and
  
  the sending client delivering the integrated message notification to one or more recipients to facilitate recipient access to the message.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The method of claim 20, wherein the message is received from the sending client and stored by the server.
  - 22. The method of claim 20, wherein at least part of the message notification is generated by the server.
  - 23. The method of claim 22, wherein the message notification is identified by the sending client from amongst a plurality of predefined message notifications.
  - 24. The method of claim 20, wherein the message notification comprises a markup language based form, and the token comprises recipient specific form data to be posted to a network address associated with the server.
  - 25. The method of claim 20, wherein encrypting comprises:
    - generating a split encryption key based at least in part upon a randomized seed value, the split encryption key having at least a first key portion and a second key portion; and
      
      utilizing the split encryption key to encrypt the message on the server, wherein the token includes at least the first key portion of the split encryption key.
  - 26. The method of claim 25, further comprising:
    - generating a unique message identifier associated with the message and based at least in part upon the randomized seed value;
      
      generating a recipient-individualized identifier based at least in part upon the randomized seed value;
      
      associating the message identifier with the recipient-individualized identifier;
      
      generating an obfuscated combination of the first key portion and the recipient individualized identifier; and
      
      discarding the randomized seed value and the first key portion from the server after the token is transmitted to the sending client.
  - 27. The method of claim 20, wherein the integrated message notification comprises recipient input facilities to solicit pre-delivery information from a first of the one or more recipients.
  - 28. The method of claim 27, further comprising:
    - the server receiving pre-delivery information from the first recipient as solicited by the message notification;
      
      the server dynamically determining at least a portion of the message to be delivered to the first recipient based at least in part upon the pre-delivery information received from the first recipient; and
      
      the server delivering the message to the first recipient.

29. In a server, a method comprising:
- receiving a request from a sending client identifying a message;
  
  encrypting the message in response to the request;
  
  generating a token corresponding to the encrypted message, the token including one or more encryption keys associated with the encrypted message;
  
  combining the token with a message notification to form an integrated message notification; and
  
  returning the integrated message notification to the sending client to be forwarded by the sending client to one or more recipients to facilitate recipient access to the message.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 30. The method of claim 29, wherein the message is received from the sending client and stored by the server.
  - 31. The method of claim 29, wherein the message notification is generated by the server.
  - 32. The method of claim 31, wherein the message notification is dynamically generated by the server based upon one or more characteristics of the message.
  - 33. The method of claim 29, wherein the message notification is identified by the sending client from amongst a plurality of predefined message notifications.
  - 34. The method of claim 29, wherein the message notification comprises a markup language based form and the token comprises recipient specific form data to be posted to a network address associated with the server.
  - 35. The method of claim 29, wherein encrypting comprises:
    - generating a split encryption key based at least in part upon a randomized seed value, the split encryption key having at least a first key portion and a second key portion; and
      
      utilizing the split encryption key to encrypt the message on the server, wherein the token includes at least the first key portion of the split encryption key.
  - 36. The method of claim 35, further comprising:
    - generating a unique message identifier associated with the message and based at least in part upon the randomized seed value;
      
      generating a recipient-individualized identifier based at least in part upon the randomized seed value;
      
      associating the message identifier with the recipient-individualized identifier;
      
      generating an obfuscated combination of the first key portion and the recipient individualized identifier; and
      
      discarding the randomized seed value and the first key portion from the server after the integrated message notification is transmitted to the sending client.
  - 37. The method of claim 29, wherein the integrated message notification comprises recipient input facilities to solicit pre-delivery information from a first of the one or more recipients.
  - 38. The method of claim 37, further comprising:
    - receiving pre-delivery information from the first recipient as solicited by the message notification;
      
      dynamically determining at least a portion of the message to be delivered to the first recipient based at least in part upon the pre-delivery information received from the first recipient; and
      
      delivering the message to the first recipient.

39. In a sending client, a method comprising:
- transmitting to a server, a first portion of a message to be encrypted receiving from the server, a token corresponding to an encrypted version of the message the token comprising one or more encryption keys used to encrypt the message;
  
  combining the token with a message notification to form an integrated message notification; and
  
  delivering the integrated message notification to one or more recipients to facilitate recipient access to the message.
- View Dependent Claims (40, 41, 42, 43, 44)
- - 40. The method of claim 39, wherein at least part of the message notification is generated by the server.
  - 41. The method of claim 40, wherein the message notification is identified by the sending client from amongst a plurality of predefined message notifications.
  - 42. The method of claim 39, wherein the message notification comprises a markup language based form element including user input facilities for the one or more recipients to request delivery of the electronic document from the server.
  - 43. The method of claim 42, wherein the message notification further comprises a network address associated with the server and recipient specific form data to be posted to the network address.
  - 44. The method of claim 39, wherein the integrated message notification comprises recipient input facilities to solicit pre-delivery information from a first of the one or more recipients.

45. In a sending client, a method comprising:
- identifying to a server, a first portion of a message to be encrypted and an intended recipient for the message;
  
  receiving from the server, a token individualized for the intended recipient, the token corresponding to the message and comprising a first key portion of a split encryption key used by the server to encrypt the first portion of the message;
  
  replacing the first portion of the message with the token to form a partially secured message; and
  
  sending the partially secured message to the intended recipient.
- View Dependent Claims (46, 47)
- - 46. The method of claim 45, wherein the first portion of the message is identified via a graphical user interface.
  - 47. The method of claim 45, wherein the first portion of the message is dynamically identified based at least in part upon one or more characteristics of the message.

48. A system comprising:
- a server to encrypt a message received from a sending client, generate a token representation of the encrypted message including one or more encryption keys corresponding to the encrypted message, integrate the token with a message notification, and return the integrated message notification to the sending client; and
  
  the sending client to deliver the message notification to one or more recipients to facilitate recipient access to the message.

49. A system comprising:
- a server to encrypt a message received from a sending client, generate a token representation of the encrypted message including one or more encryption keys used to encrypt the message, and return the token to the sending client; and
  
  the sending client to integrate the token with a message notification, and send the integrated message notification to one or more recipients to facilitate recipient access to the message.

50. An apparatus comprising:
- a storage medium having stored therein programming instructions designed to enable the apparatus to receive a request from a sending client identifying a message;
  
  encrypt the message in response to the request;
  
  generate a token corresponding to the encrypted message, the token including one or more encryption keys associated with the encrypted message;
  
  combine the token with a message notification to form an integrated message notification; and
  
  return the integrated message notification to the sending client to be forwarded by the sending client to one or more recipients to facilitate recipient access to the message.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57)
- - 51. The apparatus of claim 50, wherein the programming instructions are further designed to enable the apparatus to generate the message notification.
  - 52. The apparatus of claim 51, wherein the programming instructions are further designed to enable the apparatus to dynamically generate the message notification based upon one or more characteristics of the message.
  - 53. The apparatus of claim 50, wherein the message notification comprises a markup language based form and the token comprises recipient specific form data to be posted to a network address associated with the server.
  - 54. The apparatus of claim 50, wherein the programming instructions are further designed to enable the apparatus to generate a split encryption key based at least in part upon a randomized seed value, the split encryption key having at least a first key portion and a second key portion;
    - and utilize the split encryption key to encrypt the message on the server, wherein the token includes at least the first key portion of the split encryption key.
  - 55. The apparatus of claim 54, wherein the programming instructions are further designed to enable the apparatus to generate a unique message identifier associated with the message and based at least in part upon the randomized seed value;
    - generate a recipient-individualized identifier based at least in part upon the randomized seed value;
      
      associate the message identifier with the recipient-individualized identifier;
      
      generate an obfuscated combination of the first key portion and the recipient individualized identifier; and
      
      discarding the randomized seed value and the first key portion from the server after the integrated message notification is transmitted to the sending client.
  - 56. The apparatus of claim 50, wherein the integrated message notification comprises recipient input facilities to solicit pre-delivery information from a first of the one or more recipients.
  - 57. The apparatus of claim 56, wherein the programming instructions are further designed to enable the apparatus to receive pre-delivery information from the first recipient as solicited by the message notification;
    - dynamically determine at least a portion of the message to be delivered to the first recipient based at least in part upon the pre-delivery information received from the first recipient; and
      
      deliver the message to the first recipient.

58. An apparatus comprising:
- a storage medium having stored therein programming instructions designed to enable the apparatus to transmit to a server, a first portion of a message to be encrypted receive from the server, a token corresponding to an encrypted version of the message the token comprising one or more encryption keys used to encrypt the message;
  
  combine the token with a message notification to form an integrated message notification; and
  
  deliver the integrated message notification to one or more recipients to facilitate recipient access to the message.
- View Dependent Claims (59, 60, 61, 62)
- - 59. The apparatus of claim 58, wherein the programming instructions are further designed to enable the apparatus to identify the message notification from amongst a plurality of predefined message notifications.
  - 60. The apparatus of claim 58, wherein the message notification comprises a markup language based form element including user input facilities for the one or more recipients to request delivery of the electronic document from the server.
  - 61. The apparatus of claim 60, wherein the message notification further comprises a network address associated with the server and recipient specific form data to be posted to the network address.
  - 62. The apparatus of claim 58, wherein the intergrated message notification comprises recipient input facilities to solicit pre-delivery information from a first of the one or more recipients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Surescripts, LLC (SureScripts-RxHub LLC)
Original Assignee
Enli Health Intelligence Corp. (Cedar Gate Partners Holdings LLC)
Inventors
Karamchedu, Murali M., Sponaugle, Jeffrey B., Machuca, Luis Fernando

Granted Patent

US 7,469,340 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 2221/2107   File encryption

G06Q 10/107   Computer-aided management o...

H04L 51/224   providing notification on i...

H04L 9/083   involving central third par...

H04L 9/0869   involving random numbers or...

Selective encryption of electronic messages and data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Selective encryption of electronic messages and data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links