Method and apparatus for secure data storage and retrieval
First Claim
Patent Images
1. In a computer system, a method for securing access to data, comprising:
- generating a first message at a first computer system, said first message comprising information corresponding to data, and transmitting said first message to a second computer system;
receiving said first message at said second computer system, and generating a key pair comprising an encode key and a decode key for encoding and decoding of said data;
generating a second message comprising said encode key, and transmitting said second message to said first computer system;
receiving said second message at said first computer system, wherein said encode key in said second message is used to encode said data;
providing access to said encoded data by;
generating a third message at said first computer system, said third message comprising information identifying said encoded data, said user information, and a digital signature;
transmitting said third message to said second computer system;
receiving said third message at said second computer system;
using said information in said third message to retrieve a record corresponding to said encoded data, said record comprising said decode key for decoding said encoded data;
verifying a stored digital signature in said corresponding record with said digital signature in said third message;
upon successful verification, generating a data retrieval time stamp and storing said data retrieval time stamp;
generating a fourth message comprising said decode key, and transmitting said fourth message to said first computer system; and
receiving said fourth message at said first computer system, wherein said decode key in said fourth message is utilized to decode said encoded data.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for secure real time storage and retrieval of data by a first computer with the aid of a second computer via a secure communication link between the first and second computers. The method and system enable a user at the remote first computer to secure a data file for storage by connecting to the second computer and by exchanging certain parameters between the two computers. The method and system also enable the user at the first computer to retrieve the stored secure data file by connecting to the second computer and by exchanging certain parameters between the two computers.
161 Citations
21 Claims
-
1. In a computer system, a method for securing access to data, comprising:
-
generating a first message at a first computer system, said first message comprising information corresponding to data, and transmitting said first message to a second computer system;
receiving said first message at said second computer system, and generating a key pair comprising an encode key and a decode key for encoding and decoding of said data;
generating a second message comprising said encode key, and transmitting said second message to said first computer system;
receiving said second message at said first computer system, wherein said encode key in said second message is used to encode said data;
providing access to said encoded data by;
generating a third message at said first computer system, said third message comprising information identifying said encoded data, said user information, and a digital signature;
transmitting said third message to said second computer system;
receiving said third message at said second computer system;
using said information in said third message to retrieve a record corresponding to said encoded data, said record comprising said decode key for decoding said encoded data;
verifying a stored digital signature in said corresponding record with said digital signature in said third message;
upon successful verification, generating a data retrieval time stamp and storing said data retrieval time stamp;
generating a fourth message comprising said decode key, and transmitting said fourth message to said first computer system; and
receiving said fourth message at said first computer system, wherein said decode key in said fourth message is utilized to decode said encoded data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a computer system, a method for providing secure real time storage and retrieval of file data comprising:
-
obtaining a secure save command from a user operating a screen element of a first computer system;
executing said secure save command to securely save file data at said first computer system, said executing comprising;
generating a first message at said first computer system, said first message comprising information corresponding to said file data, and transmitting said first message to a second computer system;
receiving said first message at said second computer system and generating a key pair comprising an encode key and a decode key for encoding and decoding of said file data;
generating a second message comprising said encode key and transmitting said second message to said first computer system; and
receiving said second message at said first computer system, wherein said encode key in said second message is used to encode said file data;
wherein said secure save command is performed by a component of a graphical user interface presenting command buttons on a user tool bar on said first computer system. - View Dependent Claims (9, 10, 11)
-
-
12. A method of providing secure real time storage and retrieval of data comprising:
-
maintaining a secure link between a first computer system and a second computer system while performing registration functions on said second computer;
maintaining said secure link between said first computer system and said second computer system while performing authentication functions on said second computer system, wherein said authentication comprises obtaining an identity for said first computer system;
obtaining a secure save command from a user, wherein said secure save command is embedded into a graphical user interface of said first computer system and said user of said secure save command of said graphical user interface initiates a process comprising the steps of;
generating a first message at said first computer system, said first message comprising information corresponding to said file data and said identity, and transmitting said first message to said second computer system;
receiving said first message at said second computer system and generating an encode key for encoding said file data and generating a decode key for decoding said file data;
generating a second message comprising said encode key, and transmitting said second message to said first computer system;
receiving said second message at said first computer system, wherein said encode key in said second message is utilized to encode said file data;
accessing encoded file data by generating a third message at said first computer system, said third message comprising information corresponding to said encoded file data, and transmitting said third message to said second computer system;
receiving said third message at said second computer system, and using said information in said third message to retrieve a record corresponding to said encoded data, said record comprising said decode key for decoding said encoded data;
generating a fourth message comprising said decode key and said information corresponding to said encoded file data, and transmitting said fourth message to said first computer system;
receiving said fourth message at said first computer system, and using said decode key in said fourth message to decode said encoded file data. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method for providing secure storage of data, comprising:
-
transmitting a secure save request from a client to a server, said secure save request comprising a file name associated with a data file, an identification value associated with said client, and a one-way hash function of said data file;
generating a storage timestamp at said server;
generating a digital signature at said server based on said storage timestamp and said one-way hash function;
generating, at said server, a first encryption key for encoding and a second encryption key for decoding;
storing said file name, said identification value, said storage timestamp, said digital signature and said second encryption key in a database record;
transmitting a secure save response from said server to said client, said secure save response comprising said file name, said digital signature, and said first encryption key;
using said first encryption key and said data file to obtain encrypted data at said client; and
storing said encrypted data and said digital signature in association with said file name. - View Dependent Claims (18, 19, 20, 21)
-
Specification