System, method and program for protecting communication

US 20050273592A1
Filed: 05/20/2004
Published: 12/08/2005
Est. Priority Date: 05/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for transferring data between a first computer and a second computer, said method comprising the steps of:

said first computer sending a first request to said second computer in a first connection, said first request including a request to start a session, an encrypted ID of said session, and an encrypted hash value for information in said first request, said information in said first request comprising said request to start said session and said encrypted session ID;

said second computer receiving said first request, and as a result, decrypting said encrypted hash value in said first request, independently determining a hash value for said information in said first request and comparing the independently determined hash value to the decrypted hash value, and if there is match, starting a session with said first computer;

subsequently, said first computer sending a second request to said second computer in a second connection in said session, said second request including a request to download or upload data of a file, an encrypted ID of said session, an identity of said file to at least partially upload or download, and an encrypted hash value for information in said second request, said information in said second request comprising said request to download or upload data, said encrypted session ID and said file identity; and

said second computer receiving said second request in said session, and as a result, decrypting said encrypted hash value in said second request, independently determining a hash value for said information in said second request and comparing the independently determined hash value to the decrypted hash value, and if there is match, processing said request to at least partially download or upload said file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for transferring data between a first computer and a second computer. The first computer sends a first request to the second computer in a first connection. The first request includes a request to start a session, an encrypted ID of the session, and an encrypted hash value for information in the first request. The information in the first request comprises the request to start the session and the encrypted session ID. The second computer receives the first request, and as a result, decrypts the encrypted hash value in the first request, independently determines a hash value for the information in the first request and compares the independently determined hash value to the decrypted hash value. If there is match, the second computer starts a session with the first computer. Subsequently, the first computer sends a second request to the second computer in a second connection in the session. The second request includes a request to download or upload data of a file, an encrypted ID of the session, an identity of the file to at least partially upload or download, and an encrypted hash value for information in the second request. The information in the second request comprises the request to download or upload data, the encrypted session ID and the file identity. The second computer receives the second request in the session, and as a result, decrypts the encrypted hash value in the second request, independently determines a hash value for the information in the second request and compares the independently determined hash value to the decrypted hash value. If there is match, the second computer processes the request to at least partially download or upload the file.

Citations

20 Claims

1. A method for transferring data between a first computer and a second computer, said method comprising the steps of:
- said first computer sending a first request to said second computer in a first connection, said first request including a request to start a session, an encrypted ID of said session, and an encrypted hash value for information in said first request, said information in said first request comprising said request to start said session and said encrypted session ID;
  
  said second computer receiving said first request, and as a result, decrypting said encrypted hash value in said first request, independently determining a hash value for said information in said first request and comparing the independently determined hash value to the decrypted hash value, and if there is match, starting a session with said first computer;
  
  subsequently, said first computer sending a second request to said second computer in a second connection in said session, said second request including a request to download or upload data of a file, an encrypted ID of said session, an identity of said file to at least partially upload or download, and an encrypted hash value for information in said second request, said information in said second request comprising said request to download or upload data, said encrypted session ID and said file identity; and
  
  said second computer receiving said second request in said session, and as a result, decrypting said encrypted hash value in said second request, independently determining a hash value for said information in said second request and comparing the independently determined hash value to the decrypted hash value, and if there is match, processing said request to at least partially download or upload said file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as set forth in claim 1 wherein said information in said first request also comprises said identity of said file to at least partially download or upload in said second connection in said session.
  - 3. A method as set forth in claim 2 wherein said file identified in said first request is a file to at least partially upload, and said information in said first request also comprises a hash value for said file.
  - 4. A method as set forth in claim 1 wherein said first request also includes a hash value for a file to upload, and said second request is to upload a first segment of said file;
    - and further comprising the steps of;
      
      subsequently, said first computer sending a third request to said second computer in a third connection, said third request including a request to upload another segment of said file in said session, an encrypted ID of said session, an identity of said other segment of said file, and an encrypted hash value for information in said third request, said information in said third request comprising said request to upload said other segment of said file, said encrypted session ID, and said identity of said file;
      
      said second computer receiving said third request in said session, and as a result, decrypting said encrypted hash value in said third request, independently determining a hash value for said information in said third request and comparing the independently determined hash value to the decrypted hash value, and if there is match, processing said third request to upload said other file segment; and
      
      if said other segment completes the upload of said file, said second computer independently determining a hash value for said file and comparing said independently determined hash value to the hash value sent by said first computer for said file, and if they match, processing said file.
  - 5. A method as set forth in claim 1 wherein said first request also includes a hash value for a file to upload, and said second request is to upload said file and contains said file;
    - and further comprising the steps of;
      
      said second computer independently determining a hash value for said file and comparing said independently determined hash value to the hash value sent by said first computer for said file, and if they match, processing said file.
  - 6. A method as set forth in claim 1 wherein said second request is to download a portion or all of said file, and wherein said second computer processes said second request by responding to said first computer with a response comprising the requested portion or all of said file, information about the requested portion or all of said file and an encrypted hash value for said information, said information comprising a name of said file and/or file portion;
    - and further comprising the steps of;
      
      said first computer receiving said response from said second computer, and as a result, decrypting said encrypted hash value in said response from said second computer, independently determining a hash value for said information in said response from said second computer and comparing the independently determined hash value to the decrypted hash value in said response from said second computer, and if there is match, processing the requested portion or all of said file.
  - 7. A method as set forth in claim 1 wherein said second request is to upload said file or a first segment of said file and contains said file or first segment in encrypted form.
  - 8. A method as set forth in claim 7 wherein said first request also includes a hash value for said file or first segment.
  - 9. A method as set forth in claim 1 wherein the step of said second computer starting a session with said first computer comprises the step of said second computer sending a response to said first computer in said first connection, said response including an encrypted hash value for information in said response.
  - 10. A method as set forth in claim 9 wherein said first computer, upon receiving said response from said second computer, decrypts said hash value for information in said response, independently determines a hash value for said information in said response, compares the decrypted hash value of said information in said response to the independently determined hash value of said information in said response, and if there is a match, confirms that said session has been established.

11. A system for transferring data between a first computer and a second computer, said system comprising:
- said first computer including means for sending a first request to said second computer in a first connection, said first request including a request to start a session, an encrypted ID of said session, and an encrypted hash value for information in said first request, said information in said first request comprising said request to start said session and said encrypted session ID;
  
  said second computer including means for receiving said first request, and as a result, decrypting said encrypted hash value in said first request, independently determining a hash value for said information in said first request and comparing the independently determined hash value to the decrypted hash value, and if there is match, starting a session with said first computer;
  
  said first computer including means for subsequently sending a second request to said second computer in a second connection in said session, said second request including a request to download or upload data of a file, an encrypted ID of said session, an identity of said file to at least partially upload or download, and an encrypted hash value for information in said second request, said information in said second request comprising said request to download or upload data, said encrypted session ID and said file identity; and
  
  said second computer including means for receiving said second request in said session, and as a result, decrypting said encrypted hash value in said second request, independently determining a hash value for said information in said second request and comparing the independently determined hash value to the decrypted hash value, and if there is match, processing said request to at least partially download or upload said file.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A system as set forth in claim 11 wherein said information in said first request also comprises said identity of said file to at least partially download or upload in said second connection in said session.
  - 13. A system as set forth in claim 12 wherein said file identified in said first request is a file to at least partially upload, and said information in said first request also comprises a hash value for said file.
  - 14. A system as set forth in claim 11 wherein said first request also includes a hash value for a file to upload;
    - said second request is to upload said file and contains said file; and
      
      said second computer includes means for independently determining a hash value for said file and comparing said independently determined hash value to the hash value sent by said first computer for said file, and if they match, processing said file.
  - 15. A system as set forth in claim 11 wherein:
    - said second request is to download a portion or all of said file, and wherein said second computer processes said second request by responding to said first computer with a response comprising the requested portion or all of said file, information about the requested portion or all of said file and an encrypted hash value for said information, said information comprising a name of said file and/or file portion; and
      
      said first computer includes means for receiving said response from said second computer, and as a result, decrypting said encrypted hash value in said response from said second computer, independently determining a hash value for said information in said response from said second computer and comparing the independently determined hash value to the decrypted hash value in said response from said second computer, and if there is match, processing the requested portion or all of said file.

16. A computer program product for transferring data between a first computer and a second computer, said computer program product comprising:
- a computer readable medium;
  
  first program instructions within said first computer to send a first request to said second computer in a first connection, said first request including a request to start a session, an encrypted ID of said session, and an encrypted hash value for information in said first request, said information in said first request comprising said request to start said session and said encrypted session ID;
  
  second program instructions within said second computer to receive said first request, and as a result, decrypt said encrypted hash value in said first request, independently determine a hash value for said information in said first request and compare the independently determined hash value to the decrypted hash value, and if there is match, start a session with said first computer;
  
  third program instructions within said first computer to subsequently send a second request to said second computer in a second connection in said session, said second request including a request to download or upload data of a file, an encrypted ID of said session, an identity of said file to at least partially upload or download, and an encrypted hash value for information in said second request, said information in said second request comprising said request to download or upload data, said encrypted session ID and said file identity; and
  
  fourth program instructions within said second computer to receive said second request in said session, and as a result, decrypt said encrypted hash value in said second request, independently determine a hash value for said information in said second request and compare the independently determined hash value to the decrypted hash value, and if there is match, process said request to at least partially download or upload said file; and
  
  wherein said first, second, third and fourth program instructions are recorded on said medium.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A computer program product as set forth in claim 16 wherein said information in said first request also comprises said identity of said file to at least partially download or upload in said second connection in said session.
  - 18. A computer program product as set forth in claim 17 wherein said file identified in said first request is a file to at least partially upload, and said information in said first request also comprises a hash value for said file.
  - 19. A computer program product as set forth in claim 16 wherein said first request also includes a hash value for a file to upload;
    - said second request is to upload said file and contains said file; and
      
      further comprising fifth program instructions within said second computer to independently determine a hash value for said file and compare said independently determined hash value to the hash value sent by said first computer for said file, and if they match, process said file; and
      
      wherein said fifth program instructions are recorded on said medium.
  - 20. A computer program product as set forth in claim 19 wherein:
    - said second request is to download a portion or all of said file, and wherein said fourth program instructions process said second request by responding to said first computer with a response comprising the requested portion or all of said file, information about the requested portion or all of said file and an encrypted hash value for said information, said information comprising a name of said file and/or file portion; and
      
      further comprising sixth program instructions within said first computer to receive said response from said second computer, and as a result, decrypt said encrypted hash value in said response from said second computer, independently determine a hash value for said information in said response from said second computer and compare the independently determined hash value to the decrypted hash value in said response from said second computer, and if there is match, process the requested portion or all of said file; and
      
      wherein said sixth program instructions are recorded on said medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Steinbrecher, Marc Lawrence, Pryor, Robert Franklin

Granted Patent

US 7,487,353 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 16/2471   Distributed queries

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04L 67/06   specially adapted for file ...

H04L 67/14   Session management for real...

H04L 69/14   Multichannel or multilink p...

H04L 9/32   including means for verifyi...

H04L 9/3239   involving non-keyed hash fu...

System, method and program for protecting communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and program for protecting communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links