Dynamic encoding algorithms and inline message decryption

US 7,096,355 B1
Filed: 08/06/2001
Issued: 08/22/2006
Est. Priority Date: 04/26/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for controlling access to a message that is communicated from a first node to a second node in a network, the method comprising the computer-implemented steps of:

generating, at the first node, an encoded message by encoding the message with a key;

generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and

providing the encoded message and the set of one or more instructions to the second node;

wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by;

retrieving the key from the location specified by the address data and decoding the encoded message using the key.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, data exchanged between users is protected using any of various encoding approaches. An example of encoding is encryption, but any kind of encoding may be used. The data used to encrypt the data exchanged between the users, referred to as a “key”, is maintained only in a key repository. Users must obtain a key from the key repository to either encode or decode, encrypt or decrypt data, after which the user'"'"'s copy of the key is destroyed or otherwise rendered inoperable. A key management policy is employed to control access to the keys maintained by the key repository. Encoding algorithms may be dynamically changed over time. Users may negotiate different algorithms to be used with specific users or messages. Thus, different algorithms may be used between different sets of users depending upon what the member users of those sets negotiate among themselves. The frequency at which algorithms are changed may also be separately negotiated between users. The frequency may vary depending, for example, upon the perceived risk of intrusion by unauthorized third parties, the content of the messages being transmitted, or both. According to an inline message decryption approach, an encoded message is provided to a user in a form that enables the user'"'"'s client to process the encoded message using conventional client tools and obtain the cleartext message. This eliminates the need for a user'"'"'s client to be aware of the particular encoding algorithm used to encode the message. Various embodiments of the inline message decryption approach include: a) in-situ decryption; b) remote decryption; and c) data uploading. An approach is also provided for exchanging data between nodes in a network using sets of associated URLs.

Citations

30 Claims

1. A method for controlling access to a message that is communicated from a first node to a second node in a network, the method comprising the computer-implemented steps of:
- generating, at the first node, an encoded message by encoding the message with a key;
  
  generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and
  
  providing the encoded message and the set of one or more instructions to the second node;
  
  wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by;
  
  retrieving the key from the location specified by the address data and decoding the encoded message using the key.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1, further comprising deleting the retrieved key.
  - 3. The method as recited in claim 1, wherein the set of one or more instructions comprises a set of Javascript instructions.
  - 4. The method as recited in claim 1, wherein the set of one or more instructions comprises a set of Java applet instructions.

5. A computer-readable medium for controlling access to a message that is communicated from a first node to a second node in a network, the computer-readable medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
- generating, at the first node, an encoded message by encoding the message with a key;
  
  generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and
  
  providing the encoded message and the set of one or more instructions to the second node;
  
  wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by;
  
  retrieving the key from the location specified by the address data anddecoding the encoded message using the key to recover the original message.
- View Dependent Claims (6, 7, 8)
- - 6. The computer-readable medium as recited in claim 5, further carrying one or more additional sequences of one or instructions which, when executed by the one or more processors, causes the one or more processors to perform the additional step of deleting the retrieved key.
  - 7. The computer-readable medium as recited in claim 5, wherein the set of one or more instructions comprises a set of Javascript instructions.
  - 8. The computer-readable medium as recited in claim 5, wherein the set of one or more instructions comprises a set of Java applet instructions.

9. A computer system comprising:
- one or more processors; and
  
  a memory communicatively coupled to the one or more processors and carrying one or more sequences of one or more instructions which, when executed by the one or more processors, cause the one or more processors to perform the steps of;
  
  generating, at the first node, an encoded message by encoding the message with a key;
  
  generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and
  
  providing the encoded message and the set of one or more instructions to the second node;
  
  wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by;
  
  retrieving the key from the location specified by the address data anddecoding the encoded message using the key to recover the original message.
- View Dependent Claims (10, 11, 12)
- - 10. The computer system as recited in claim 9, wherein the memory further carries one or more additional sequences of one or instructions which, when executed by the one or more processors, causes the one or more processors to perform the additional step of deleting the retrieved key.
  - 11. The computer system as recited in claim 9, wherein the set of one or more instructions comprises a set of Javascript instructions.
  - 12. The computer system as recited in claim 9, wherein the set of one or more instructions comprises a set of Java applet instructions.

13. A method for controlling access to a message that is communicated from a first node to a second node in a network, the method comprising the computer-implemented steps of:
- generating, at the first node, an encoded message by encoding the message with a key;
  
  generating, at the first node, a set of one or more instructions that contain instructions for transferring to a third node the encoded message and instructions for retrieving the key;
  
  providing the encoded message and the set of one or more instructions to the second node;
  
  wherein, processing the set of one or more instructions at the second node causes the encoded message and the instructions for retrieving the key to be transferred to the third node; and
  
  wherein, the receiving, at the third node, of the encoded message and the instructions for retrieving the key causes;
  
  the message to be recovered from the encoded message by retrieving the key, anddecoding the encoded message using the key, andthe recovered message to be provided from the third node to the second node.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method as recited in claim 13, wherein the receiving, at the third node, of the encoded message and the instructions for retrieving the key, further causes the key to be deleted from the third node after the encoded message is decoded.
  - 15. The method as recited in claim 13, wherein the encoded message and the set of one or more instructions that contain the instructions for transferring to a third node the encoded message and instructions for retrieving the key are contained in an HTML document.
  - 16. The method as recited in claim 15, wherein the HTML document comprises an HTML form with fields containing the encoded message and key address data, a submit button to submit the form to the third node, and JavaScript to automatically submit the form to the third node.
  - 17. The method as recited in claim 15, wherein the HTML document comprises a set of associated URLs embedded in multiple <
    - img>
      
      , <
      
      ilayer>
      
      , <
      
      applet>
      
      , or <
      
      iframe>
      
      elements, wherein each URL contains fragments of the encoded message and key address data as URL query parameters, and wherein each URL specifies the location of the third node.
  - 18. The method as recited in claim 17, wherein the URL query parameters also contain control information, which specifies the order and number of message fragments, and enables the third node to reconstruct the complete message.

19. A computer-readable medium for controlling access to a message that is communicated from a first node to a second node in a network, the computer-readable medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
- generating, at the first node, an encoded message by encoding the message with a key;
  
  generating, at the first node, a set of one or more instructions that contain instructions for transferring to a third node the encoded message and instructions for retrieving the key;
  
  providing the encoded message and the set of one or more instructions to the second node;
  
  wherein, processing the set of one or more instructions at the second node causes the encoded message and the instructions for retrieving the key to be transferred to the third node; and
  
  wherein, the receiving, at the third node, of the encoded message and the instructions for retrieving the key causes;
  
  the message to be recovered from the encoded message by retrieving the key, anddecoding the encoded message using the key, andthe recovered message to be provided from the third node to the second node.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The computer-readable medium as recited in claim 19, wherein the receiving, at the third node, of the encoded message and the instructions for retrieving the key, further causes the key to be deleted from the third node after the encoded message is decoded.
  - 21. The computer-readable medium as recited in claim 19, wherein the encoded message and the set of one or more instructions that contain the instructions for transferring to a third node the encoded message and instructions for retrieving the key are contained in an HTML document.
  - 22. The computer-readable medium as recited in claim 21, wherein the HTML document comprises an HTML form with fields containing the encoded message and key address data, a submit button to submit the form to the third node, and JavaScript to automatically submit the form to the third node.
  - 23. The computer-readable medium as recited in claim 21, wherein the HTML document comprises a set of associated URLs embedded in multiple <
    - img>
      
      , <
      
      ilayer>
      
      , <
      
      applet>
      
      , or <
      
      iframe>
      
      elements, wherein each URL contains fragments of the encoded message and key address data as URL query parameters, and wherein each URL specifies the location of the third node.
  - 24. The computer-readable medium as recited in claim 23, wherein the URL query parameters also contain control information, which specifies the order and number of message fragments, and enables the third node to reconstruct the complete message.

25. A computer system for controlling access to a message that is communicated from a first node to a second node in a network, the computer system comprising:
- one or more processors; and
  
  a memory communicatively coupled to the one or more processors and carrying one or more sequences of one or more instructions which, when executed by the one or more processors, causes the one or more processors to perform the steps of;
  
  generating, at the first node, an encoded message by encoding the message with a key;
  
  generating, at the first node, a set of one or more instructions that contain instructions for transferring to a third node the encoded message and instructions for retrieving the key;
  
  providing the encoded message and the set of one or more instructions to the second node;
  
  wherein, processing the set of one or more instructions at the second node causes the encoded message and the instructions for retrieving the key to be transferred to the third node; and
  
  wherein, the receiving, at the third node, of the encoded message and the instructions for retrieving the key causes;
  
  the message to be recovered from the encoded message by retrieving the key, anddecoding the encoded message using the key, andthe recovered message to be provided from the third node to the second node.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The computer system as recited in claim 25, wherein the receiving, at the third node, of the encoded message and the instructions for retrieving the key, further causes the key to be deleted from the third node after they encoded message is decoded.
  - 27. The computer system as recited in claim 25, wherein the encoded message and the set of one or more instructions that contain the instructions for transferring to a third node the encoded message and instructions for retrieving the key are contained in an HTML document.
  - 28. The computer system as recited in claim 27, wherein the HTML document comprises an HTML form with fields containing the encoded message and key address data, a submit button to submit the form to the third node, and JavaScript to automatically submit the form to the third node.
  - 29. The computer system as recited in claim 27, wherein the HTML document comprises a set of associated URLs embedded in multiple <
    - img>
      
      , <
      
      ilayer>
      
      , <
      
      applet>
      
      , or <
      
      iframe>
      
      elements, wherein each URL contains fragments of the encoded message and key address data as URL query parameters, and wherein each URL specifies the location of the third node.
  - 30. The computer system as recited in claim 29, wherein the URL query parameters also contain control information, which specifies the order and number of message fragments, and enables the third node to reconstruct the complete message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Incorporated (Check Point Software Technologies Limited)
Original Assignee
Omniva Corp. (Check Point Software Technologies Limited)
Inventors
Ubois, Jeffrey, Goodnick, Stuart, Brettle, Dean, Zadik, Yair, Marvit, David, Rosema, Keith David, Marvit, Maclen
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Baum, Ronald

Application Number

US09/923,847
Time in Patent Office

1,842 Days
Field of Search

713/168, 713/201, 380/258, 380277-279
US Class Current

713/162
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/102   Entity profiles

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

Dynamic encoding algorithms and inline message decryption

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic encoding algorithms and inline message decryption

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links