Encryption/decryption pay per use web service

US 20050138360A1
Filed: 12/23/2003
Published: 06/23/2005
Est. Priority Date: 12/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method in a web service provider for providing security for files transferred across a network, the method comprising:

receiving a request for content from a partner;

contacting a certificate authority to authenticate the partner;

retrieving the content;

encrypting the content with a secret key to produce encrypted content;

embedding the encrypted content and the secret key within a digital certificate issued by the certificate authority; and

transmitting the digital certificate to the partner.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for providing security for files transferred across a network, such as the Internet is provided. In one embodiment, a web service receives a request for content from a partner. The web service contacts a certificate authority to authenticate the partner and retrieves the requested content. The web service then generates a secret key and encrypts the content with the secret key to produce encrypted content. The secret key and the encrypted content are then embedded within a digital certificate issued by the certificate authority by using the public key of a public/private key pair issued by the certificate authority. The digital certificate is then transmitted to the partner where the partner decrypts the digital certificate to obtain the secret key and then uses the secret key to decrypt the encrypted content. A similar process may be used for the partner to send content to the web service.

42 Citations

View as Search Results

69 Claims

1. A method in a web service provider for providing security for files transferred across a network, the method comprising:
- receiving a request for content from a partner;
  
  contacting a certificate authority to authenticate the partner;
  
  retrieving the content;
  
  encrypting the content with a secret key to produce encrypted content;
  
  embedding the encrypted content and the secret key within a digital certificate issued by the certificate authority; and
  
  transmitting the digital certificate to the partner.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 3. The method as recited in claim 2, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the partner by the certificate authority.
  - 4. The method as recited in claim 1, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred to the partner over the secure socket layer.
  - 5. The method as recited in claim 1, wherein the digital certificate is an X.509 certificate.
  - 6. The method as recited in claim 1, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 7. The method as recited in claim 1, wherein conversations between the web service and the partner utilize a Web Service Enhancement Extension protocol.
  - 8. The method as recited in claim 1, wherein conversations between the web service and the partner utilize a Simple Object Access Protocol.
  - 9. The method as recited in claim 1, wherein the digital certificate comprises a first and a second digital certificate, the secret key is embedded within the first digital certificate, the encrypted content is embedded within the second digital certificate, and the first and second digital certificates are transmitted to the partner separately.
  - 10. The method as recited in claim 1, wherein the content comprises one of text, audio, video, pictures, and graphics.

11. A method in a web service provider for providing security for files transferred across a network, the method comprising:
- receiving a request from a partner to transfer content to a web service;
  
  contacting a certificate authority to authenticate the partner;
  
  receiving a digital certificate comprising an encrypted secret key and encrypted content, wherein the encrypted content has been encrypted with at least one secret key;
  
  extracting at least one unencrypted secret key from the digital certificate; and
  
  decrypting the encrypted content using the at least one unencrypted secret key to produce unencrypted content.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 12. The method as recited in claim 11, further comprising:
    - storing the unencrypted content in a database.
  - 13. The method as recited in claim 11, further comprising:
    - re-encrypting the unencrypted content to product re-encrypted content; and
      
      storing the re-encrypted content in a database.
  - 14. The method as recited in claim 13, wherein the content is stored as a Binary Large Object.
  - 15. The method as recited in claim 11, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 16. The method as recited in claim 15, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the web service provider by the certificate authority.
  - 17. The method as recited in claim 11, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred over the secure socket layer.
  - 18. The method as recited in claim 11, wherein the digital certificate is an X.509 certificate.
  - 19. The method as recited in claim 11, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 20. The method as recited in claim 11, wherein conversations between the web service provider and the partner utilize a Web Service Enhancement Extension protocol.
  - 21. The method as recited in claim 11, wherein conversations between the web service provider and the partner utilize a Simple Object Access Protocol.
  - 22. The method as recited in claim 11, wherein the digital certificate comprises a first and a second digital certificate, the secret key is embedded within the first digital certificate, the encrypted content is embedded within the second digital certificate, and the first and second digital certificates are transmitted to the web service provider separately.
  - 23. The method as recited in claim 11, wherein the content comprises one of text, audio, video, pictures, and graphics.

24. A computer program product in a computer readable media for use in a data processing system used as a web service provider for providing security for files transferred across a network, the computer program product comprising:
- first instructions for receiving a request for content from a partner;
  
  second instructions for contacting a certificate authority to authenticate the partner;
  
  third instructions for retrieving the content;
  
  fourth instructions for encrypting the content with a secret key to produce encrypted content;
  
  fifth instructions for embedding the encrypted content and the secret key within a digital certificate issued by the certificate authority; and
  
  sixth instructions for transmitting the digital certificate to the partner.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The computer program product as recited in claim 24, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 26. The computer program product as recited in claim 25, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the partner by the certificate authority.
  - 27. The computer program product as recited in claim 24, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred to the partner over the secure socket layer.
  - 28. The computer program product as recited in claim 24, wherein the digital certificate is an X.509 certificate.
  - 29. The computer program product as recited in claim 24, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 30. The computer program product as recited in claim 24, wherein conversations between the web service and the partner utilize a Web Service Enhancement Extension protocol.
  - 31. The computer program product as recited in claim 24, wherein conversations between the web service and the partner utilize a Simple Object Access Protocol.
  - 32. The computer program product as recited in claim 24, wherein the digital certificate comprises a first and a second digital certificate, the secret key is embedded within the first digital certificate, the encrypted content is embedded within the second digital certificate, and the first and second digital certificates are transmitted to the partner separately.
  - 33. The computer program product as recited in claim 24, wherein the content comprises one of text, audio, video, pictures, and graphics.

34. A computer program product in a computer readable media for use in a data processing system used as a web service provider for providing security for files transferred across a network, the computer program product comprising:
- first instructions for receiving a request from a partner to transfer content to a web service;
  
  second instructions for contacting a certificate authority to authenticate the partner;
  
  third instructions for receiving a digital certificate comprising an encrypted secret key and encrypted content, wherein the encrypted content has been encrypted with at least one secret key;
  
  fourth instructions for extracting at least one unencrypted secret key from the digital certificate; and
  
  fifth instructions for decrypting the encrypted content using the at least one unencrypted secret key to produce unencrypted content.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 35. The computer program product as recited in claim 34, further comprising:
    - sixth instructions for storing the unencrypted content in a database.
  - 36. The computer program product as recited in claim 34, further comprising:
    - sixth instructions for re-encrypting the unencrypted content to product re-encrypted content; and
      
      seventh instructions for storing the re-encrypted content in a database.
  - 37. The computer program product as recited in claim 36, wherein the content is stored as a Binary Large Object.
  - 38. The computer program product as recited in claim 34, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 39. The computer program product as recited in claim 38, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the web service provider by the certificate authority.
  - 40. The computer program product as recited in claim 34, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred over the secure socket layer.
  - 41. The computer program product as recited in claim 34, wherein the digital certificate is an X.509 certificate.
  - 42. The computer program product as recited in claim 34, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 43. The computer program product as recited in claim 34, wherein conversations between the web service provider and the partner utilize a Web Service Enhancement Extension protocol.
  - 44. The computer program product as recited in claim 34, wherein conversations between the web service provider and the partner utilize a Simple Object Access Protocol.
  - 45. The computer program product as recited in claim 34, wherein the digital certificate comprises a first and a second digital certificate, the secret key is embedded within the first digital certificate, the encrypted content is embedded within the second digital certificate, and the first and second digital certificates are transmitted to the web service provider separately.
  - 46. The computer program product as recited in claim 34, wherein the content comprises one of text, audio, video, pictures, and graphics.

47. A system for use in a web service provider for providing security for files transferred across a network, the system comprising:
- first means for receiving a request for content from a partner;
  
  second means for contacting a certificate authority to authenticate the partner;
  
  third means for retrieving the content;
  
  fourth means for encrypting the content with a secret key to produce encrypted content;
  
  fifth means for embedding the encrypted content and the secret key within a digital certificate issued by the certificate authority; and
  
  sixth means for transmitting the digital certificate to the partner.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 48. The system as recited in claim 47, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 49. The system as recited in claim 48, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the partner by the certificate authority.
  - 50. The system as recited in claim 47, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred to the partner over the secure socket layer.
  - 51. The system as recited in claim 47, wherein the digital certificate is an X.509 certificate.
  - 52. The system as recited in claim 47, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 53. The system as recited in claim 47, wherein conversations between the web service and the partner utilize a Web Service Enhancement Extension protocol.
  - 54. The system as recited in claim 47, wherein conversations between the web service and the partner utilize a Simple Object Access Protocol.
  - 55. The system as recited in claim 47, wherein the digital certificate comprises a first and a second digital certificate, the secret key is embedded within the first digital certificate, the encrypted content is embedded within the second digital certificate, and the first and second digital certificates are transmitted to the partner separately.
  - 56. The system as recited in claim 47, wherein the content comprises one of text, audio, video, pictures, and graphics.

57. A system for use in a web service provider for providing security for files transferred across a network, the system comprising:
- first means for receiving a request from a partner to transfer content to a web service;
  
  second means for contacting a certificate authority to authenticate the partner;
  
  third means for receiving a digital certificate comprising an encrypted secret key and encrypted content, wherein the encrypted content has been encrypted with at least one secret key;
  
  fourth means for extracting at least one unencrypted secret key from the digital certificate; and
  
  fifth means for decrypting the encrypted content using the at least one unencrypted secret key to produce unencrypted content.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
- - 58. The system as recited in claim 57, further comprising:
    - sixth means for storing the unencrypted content in a database.
  - 59. The system as recited in claim 57, further comprising:
    - sixth means for re-encrypting the unencrypted content to product re-encrypted content; and
      
      seventh means for storing the re-encrypted content in a database.
  - 60. The system as recited in claim 59, wherein the content is stored as a Binary Large Object.
  - 61. The system as recited in claim 57, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 62. The system as recited in claim 61, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the web service provider by the certificate authority.
  - 63. The system as recited in claim 57, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred over the secure socket layer.
  - 64. The system as recited in claim 57, wherein the digital certificate is an X.509 certificate.
  - 65. The system as recited in claim 57, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 66. The system as recited in claim 57, wherein conversations between the web service provider and the partner utilize a Web Service Enhancement Extension protocol.
  - 67. The system as recited in claim 57, wherein conversations between the web service provider and the partner utilize a Simple Object Access Protocol.
  - 68. The system as recited in claim 57, wherein the digital certificate comprises a first and a second digital certificate, the secret key is embedded within the first digital certificate, the encrypted content is embedded within the second digital certificate, and the first and second digital certificates are transmitted to the web service provider separately.
  - 69. The system as recited in claim 57, wherein the content comprises one of text, audio, video, pictures, and graphics.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ent Services Development Corporation LP (DXC Technology Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Kamalakantha, Chandra H.

Granted Patent

US 8,145,898 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 2221/2115   Third party

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

Encryption/decryption pay per use web service

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

69 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption/decryption pay per use web service

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

69 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links