Payload layer security for file transfer

US 20060190723A1
Filed: 08/18/2005
Published: 08/24/2006
Est. Priority Date: 02/18/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing file transfer security, the method comprising the steps of:

receiving an authentication file that includes decrypting information; and

receiving an encrypted payload file, the decrypting information being configured to facilitate decryption of the payload file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing file transfer security includes receiving an authentication file including a first key and authentication information, extracting the first key from the authentication file, decrypting the authentication information with the first key, and validating the authentication information. The authentication information is encrypted, and may include a nonce, a timestamp, and/or a second key. A system for providing file transfer security includes a DMZ proxy programmed and configured to receive an authentication file from a client including authentication information. The DMZ proxy extracts a first key from the authentication file, decrypts the authentication information with the first key, and validates the authentication information.

124 Citations

View as Search Results

80 Claims

1. A method for providing file transfer security, the method comprising the steps of:
- receiving an authentication file that includes decrypting information; and
  
  receiving an encrypted payload file, the decrypting information being configured to facilitate decryption of the payload file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, comprising the step of decrypting the payload file by use of the decrypting information.
  - 3. The method of claim 1, comprising the step of detecting an error in the payload file by way of cryptographically secure error detection method.
  - 4. The method of claim 3, wherein a key is used to secure the error detection algorithm, the key having a selectable entropy.
  - 5. The method of claim 3, wherein a key is used to secure the error detection algorithm, the key having entropy of at least 100 bits.
  - 6. The method of claim 3, wherein a probability of an intruder, without the required keys, of defeating the method of securing the error detection is less than one in a million.
  - 7. The method of claim 3, wherein the provided file transfer security is File Transfer Connection Secure.
  - 8. The method of claim 1, wherein the encrypted payload file comprises two or more encrypted payload files.

9. A method for providing file transfer security, the method comprising the steps of:
- receiving a payload file on a block-by-block basis;
  
  if an error is present in a received block, detecting the error; and
  
  upon detection of an error in a received block, terminating the receiving of the payload file wherein the provided file transfer security is File Transfer Connection Secure.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, wherein a key used to provide integrity, confidentiality, or non-repudiation/consequential evidence of File Transfer Connection Security has at least 100 bits in entropy.
  - 11. The method of claim 9, wherein the probability of defeating the method of ensure integrity is less than one in a million for anyone who does not know the required keys.
  - 12. The method of claim 9, wherein the mechanism for providing File Transfer Connection Secure file transfer security is received by way of an application layer protocol.
  - 13. The method of claim 9, wherein the payload file is received by way of a presentation layer.
  - 14. The method of claim 9, wherein the step of detecting an error is accomplished by way of an error detection algorithm that has a selectable entropy security.
  - 15. The method of claim 14, wherein the step of detecting an error is accomplished by the way of an error detection algorithm that relies upon a key that has at least 100 bits of entropy.
  - 16. The method of claim 9, wherein the payload file is sent by a client, the payload file being sent by a protocol that is selectable by the client.
  - 17. The method of claim 16, wherein the client selects an RFC 959 protocol.

18. A method for providing file transfer security, the method comprising the steps of:
- receiving an authentication file including a first key and authentication information, wherein the authentication file is associated with a payload file;
  
  extracting the first key from the authentication file; and
  
  decrypting the authentication information with the first key.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 19. The method of claim 18, comprising the step of validating the authentication information and thereby authenticating the sender.
  - 20. The method of claim 18, wherein the authentication information is encrypted.
  - 21. The method of claim 18, wherein the authentication information includes a nonce, and a timestamp.
  - 22. The method of claim 21, wherein the step of validating comprises validating a signature associated with the authentication information.
  - 23. The method of claim 21, wherein the step of validating comprises checking a pair formed of the nonce and the timestamp for uniqueness.
  - 24. The method of claim 21, wherein the step of validating comprises:
    - validating a signature associated with the authentication information; and
      
      checking a pair formed of the nonce and the timestamp for uniqueness.
  - 25. The method of claim 22, wherein the signature is a digital signature created using asymmetric public and private keying material.
  - 26. The method of claim 21, further comprising the step of receiving the payload file associated with the authentication file.
  - 27. The method of claim 26, wherein the payload file is encrypted.
  - 28. The method of claim 26, wherein the payload file is encoded by a keyless bidirectional transformation whereby an encoding result is encrypted using a symmetric key.
  - 29. The method of claim 27, further comprising decrypting and validating the payload file on a block-by-block basis by checking validity of the keyless bi-directional transformation after decrypting with the symmetric key.
  - 30. The method of claim 26, the authentication file comprising a second key, wherein the payload is encrypted with the second key, and wherein the method further comprises the step of decrypting the payload file with the second key.
  - 31. The method of claim 29, further comprising the step of validating the decrypted payload on a block-by-block basis.
  - 32. The method of claim 31, further comprising the step of transmitting the payload file block-by-block after each block is validated.
  - 33. The method of claim 31, further comprising the step of transmitting the payload file as a single block after all blocks of the payload file have been validated.

34. A connection-secure system for providing File Transfer Security in which a sender performs all cryptographic operations before transmitting any or all of a payload file to the recipient.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The method of claim 34, the method comprising the steps of:
    - a first phase whereby a client performs cryptographic processing operations; and
      
      a second phase whereby the client transmits information to a recipient;
      
      wherein the second phase does not initiate until the first phase is completed in its entirety.
  - 36. The method of claim 35, wherein no cryptographic operations are performed during the second phase.
  - 37. The method of claim 35, wherein no cryptographic operations upon the payload file are performed during the second phase.
  - 38. The method of claim 35, wherein no cryptographic operations which apply symmetric key encryption upon the payload file are performed in the second phase.
  - 39. The method of claim 35, wherein, when no symmetric key operations are performed during the second phase, the payload file is accurately transferred.

40. A system for providing file transfer security, the system comprising one or more processors configured to perform the steps of:
- receiving an authentication file that includes decrypting information; and
  
  receiving an encrypted payload file, the decrypting information being configured to facilitate decryption of the payload file.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
- - 41. The system of claim 40, the processors configured to perform the step of decrypting the payload file by use of the decrypting information.
  - 42. The system of claim 40, the processors configured to perform the step of detecting an error in the payload file by way of cryptographically secure error detection method.
  - 43. The system of claim 42, wherein a key is used to secure the error detection algorithm, the key having a selectable entropy.
  - 44. The system of claim 42, wherein a key is used to secure the error detection algorithm, the key having entropy of at least 100 bits.
  - 45. The system of claim 42, wherein a probability of an intruder, without the required keys, of defeating the system of securing the error detection is less than one in a million.
  - 46. The system of claim 42, wherein the provided file transfer security is File Transfer Connection Secure.
  - 47. The system claim 40, wherein the encrypted payload file comprises two or more encrypted payload files.

48. A system for providing file transfer security, the system comprising one or more processors configured to perform the steps of steps of:
- receiving a payload file on a block-by-block basis;
  
  if an error is present in a received block, detecting the error; and
  
  upon detection of an error in a received block, terminating the receiving of the payload file wherein the provided file transfer security is File Transfer Connection Secure.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56)
- - 49. The system of claim 48, wherein a key used to provide integrity, confidentiality, or non-repudiation/consequential evidence of File Transfer Connection Security has at least 100 bits in entropy.
  - 50. The system of claim 49, wherein the probability of defeating the system of ensure integrity is less than one in a million for anyone who does not know the required keys.
  - 51. The system of claim 49, wherein the mechanism for providing File Transfer Connection Secure file transfer security is received by way of an application layer protocol.
  - 52. The system of claim 49, wherein the payload file is received by way of a presentation layer.
  - 53. The system of claim 49, wherein the step of detecting an error is accomplished by way of an error detection algorithm that has a selectable entropy security.
  - 54. The system of claim 53, wherein the step of detecting an error is accomplished by the way of an error detection algorithm that relies upon a key that has at least 100 bits of entropy.
  - 55. The system of claim 49, wherein the payload file is sent by a client, the payload file being sent by a protocol that is selectable by the client.
  - 56. The system of claim 55, wherein the client selects an RFC 959 protocol.

57. A system for providing file transfer security, the system comprising one or more processors configured to perform the steps of:
- receiving an authentication file including a first key and authentication information, wherein the authentication file is associated with a payload file;
  
  extracting the first key from the authentication file; and
  
  decrypting the authentication information with the first key.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
- - 58. The system of claim 57, the processors configured to perform the step of validating the authentication information and thereby authenticating the sender.
  - 59. The system of claim 57, wherein the authentication information is encrypted.
  - 60. The system of claim 57, wherein the authentication information includes a nonce, and a timestamp.
  - 61. The system of claim 60, wherein the step of validating comprises validating a signature associated with the authentication information.
  - 62. The system of claim 60, wherein the step of validating comprises checking a pair formed of the nonce and the timestamp for uniqueness.
  - 63. The system of claim 60, wherein the step of validating comprises:
    - validating a signature associated with the authentication information; and
      
      checking a pair formed of the nonce and the timestamp for uniqueness.
  - 64. The system of claim 63, wherein the signature is a digital signature created using asymmetric public and private keying material.
  - 65. The system of claim 60, the processors further configured to perform the step of receiving the payload file associated with the authentication file.
  - 66. The system of claim 64, wherein the payload file is encrypted.
  - 67. The system of claim 64, wherein the payload file is encoded by a keyless bidirectional transformation whereby an encoding result is encrypted using a symmetric key.
  - 68. The system of claim 66, the processors configured to perform the step of decrypting and validating the payload file on a block-by-block basis by checking validity of the keyless bi-directional transformation after decrypting with the symmetric key.
  - 69. The system of claim 65, the authentication file comprising a second key, wherein the payload is encrypted with the second key, and wherein the processors configured to perform the step of decrypting the payload file with the second key.
  - 70. The system of claim 68, the processors configured to perform the step of validating the decrypted payload on a block-by-block basis.
  - 71. The system of claim 70, the processors configured to perform the step of transmitting the payload file block-by-block after each block is validated.
  - 72. The system of claim 70, the processors configured to perform the step of transmitting the payload file as a single block after all blocks of the payload file have been validated.

73. A connection-secure system, comprising one or more processors, for providing File Transfer Security in which a sender performs all cryptographic operations before transmitting any or all of a payload file to the recipient.
- View Dependent Claims (74, 75, 76, 77, 78)
- - 74. The system of claim 73, the processors configured to perform the steps of:
    - a first phase whereby a client performs cryptographic processing operations; and
      
      a second phase whereby the client transmits information to a recipient;
      
      wherein the second phase does not initiate until the first phase is completed in its entirety.
  - 75. The system of claim 74, wherein no cryptographic operations are performed during the second phase.
  - 76. The system of claim 74, wherein no cryptographic operations upon the payload file are performed during the second phase.
  - 77. The system of claim 74, wherein no cryptographic operations which apply symmetric key encryption upon the payload file are performed in the second phase.
  - 78. The system of claim 74, wherein, when no symmetric key operations are performed during the second phase, the payload file is accurately transferred.

79. A method for providing file transfer security, the method comprising the steps of:
- receiving an authentication file that includes decrypting information;
  
  receiving an encrypted payload file, the decrypting information being configured to facilitate decryption of the payload file;
  
  decrypting the payload file by use of the decrypting information; and
  
  detecting an error in the payload file by way of cryptographically secure error detection method;
  
  wherein a key is used to secure the error detection algorithm, the key having a selectable entropy.

80. A method for providing file transfer security, the method comprising the steps of:
- receiving an authentication file including a first key and authentication information, wherein the authentication file is associated with a payload file;
  
  extracting the first key from the authentication file;
  
  decrypting the authentication information with the first key;
  
  receiving a payload file associated with the authentication file;
  
  the authentication file comprising a second key, wherein the payload is encrypted with the second key, decrypting the payload file with the second key;
  
  validating the decrypted payload on a block-by-block basis;
  
  if an error is present in a received block, detecting the error; and
  
  upon detection of an error in a received block, terminating the receiving of the payload file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Benson, Glenn S.

Application Number

US11/206,352
Publication Number

US 20060190723A1
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0209   Architectural arrangements,...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3297   involving time stamps, e.g....

Payload layer security for file transfer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

124 Citations

80 Claims

Specification

Solutions

Use Cases

Quick Links

Payload layer security for file transfer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

80 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links