SYSTEMS AND METHODS FOR PROVIDING INDIVIDUAL ELECTRONIC DOCUMENT SECURE STORAGE, RETRIEVAL AND USE
First Claim
1. A system for cryptographically securing a plurality of digital documents comprising:
- a first data processing system that is privately hosted, the first data processing system including at least one private key and a PKI decryption subsystem,a second data processing system that is in a public shared hosted environment, the second data processing system including a symmetric key decryption subsystem, and memory storage for storing each of the plurality of digital documents and a corresponding symmetric key for each of said digital documents, wherein each of the plurality of digital documents is encrypted by the corresponding symmetric key and each of the corresponding symmetric key is encrypted by a public key corresponding to the at least one private key,the second data processing system including a second virtual processor and memory for executing instructions including, sending the encrypted symmetric key to the first data processing system using a secure communications channel, andthe first data processing system including a first processor and memory for executing instructions including, decrypting the symmetric key using the at least one private key and returning the decrypted symmetric key to the second data processing system.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for providing secure digital mail document storage, retrieval and use in a cloud computing environment, such as by advantageously configuring a hybrid cloud computing environment are described. In one, a privately hosted data processing system includes a private key and a PKI decryption subsystem, and a publicly hosted data processing system includes a symmetric key decryption subsystem, wherein digital documents are encrypted by a corresponding individual symmetric key and each of the symmetric keys is encrypted by a public key associated with the private key. In another configuration, document decryption is handled differently depending upon the type of client making the request.
248 Citations
22 Claims
-
1. A system for cryptographically securing a plurality of digital documents comprising:
-
a first data processing system that is privately hosted, the first data processing system including at least one private key and a PKI decryption subsystem, a second data processing system that is in a public shared hosted environment, the second data processing system including a symmetric key decryption subsystem, and memory storage for storing each of the plurality of digital documents and a corresponding symmetric key for each of said digital documents, wherein each of the plurality of digital documents is encrypted by the corresponding symmetric key and each of the corresponding symmetric key is encrypted by a public key corresponding to the at least one private key, the second data processing system including a second virtual processor and memory for executing instructions including, sending the encrypted symmetric key to the first data processing system using a secure communications channel, and the first data processing system including a first processor and memory for executing instructions including, decrypting the symmetric key using the at least one private key and returning the decrypted symmetric key to the second data processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program system being executed on a data processing and secure storage system for processing a plurality of digitized items from a plurality of mailers associated with a digital mailbox and a user comprising:
-
the data processing system executing instructions including, creating a cryptographic key for each of the plurality of digitized items, encrypting each of the digitized items to create an encrypted digitized item, encrypting each of the respective cryptographic keys using one of at least one system public keys and associating each of the respective cryptographic keys with the respective digitized item, and storing each of the respective encrypted cryptographic keys and the encrypted digitized items in the secure storage system.
-
-
11. A computer implemented method for processing a request from a client for a secure digital document based upon client type, the secure digital document encrypted by a first key and the first key encrypted by a second key to form a first encrypted key, the first encrypted key decrypted by a third key, the method comprising:
-
determining a type of client making the request; if the determined type of client is a first type, decrypting the encrypted first key using the third key and sending the decrypted first key and the encrypted digital document to the client, and if the determined type of client is a second type, different from the first type, decrypting the first encrypted key using the third key, decrypting the digital document using the first key and sending the decrypted digital document to the client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification