Dynamic encoding algorithms and inline message decryption
First Claim
1. A method for controlling access to a message that is communicated from a first node to a second node in a network, the method comprising the computer-implemented steps of:
- generating, at the first node, an encoded message by encoding the message with a key;
generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and
providing the encoded message and the set of one or more instructions to the second node;
wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by;
retrieving the key from the location specified by the address data and decoding the encoded message using the key.
7 Assignments
0 Petitions
Accused Products
Abstract
In general, data exchanged between users is protected using any of various encoding approaches. An example of encoding is encryption, but any kind of encoding may be used. The data used to encrypt the data exchanged between the users, referred to as a “key”, is maintained only in a key repository. Users must obtain a key from the key repository to either encode or decode, encrypt or decrypt data, after which the user'"'"'s copy of the key is destroyed or otherwise rendered inoperable. A key management policy is employed to control access to the keys maintained by the key repository. Encoding algorithms may be dynamically changed over time. Users may negotiate different algorithms to be used with specific users or messages. Thus, different algorithms may be used between different sets of users depending upon what the member users of those sets negotiate among themselves. The frequency at which algorithms are changed may also be separately negotiated between users. The frequency may vary depending, for example, upon the perceived risk of intrusion by unauthorized third parties, the content of the messages being transmitted, or both. According to an inline message decryption approach, an encoded message is provided to a user in a form that enables the user'"'"'s client to process the encoded message using conventional client tools and obtain the cleartext message. This eliminates the need for a user'"'"'s client to be aware of the particular encoding algorithm used to encode the message. Various embodiments of the inline message decryption approach include: a) in-situ decryption; b) remote decryption; and c) data uploading. An approach is also provided for exchanging data between nodes in a network using sets of associated URLs.
-
Citations
30 Claims
-
1. A method for controlling access to a message that is communicated from a first node to a second node in a network, the method comprising the computer-implemented steps of:
-
generating, at the first node, an encoded message by encoding the message with a key; generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and providing the encoded message and the set of one or more instructions to the second node; wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by; retrieving the key from the location specified by the address data and decoding the encoded message using the key. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-readable medium for controlling access to a message that is communicated from a first node to a second node in a network, the computer-readable medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
generating, at the first node, an encoded message by encoding the message with a key; generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and providing the encoded message and the set of one or more instructions to the second node; wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by; retrieving the key from the location specified by the address data and decoding the encoded message using the key to recover the original message. - View Dependent Claims (6, 7, 8)
-
-
9. A computer system comprising:
-
one or more processors; and a memory communicatively coupled to the one or more processors and carrying one or more sequences of one or more instructions which, when executed by the one or more processors, cause the one or more processors to perform the steps of; generating, at the first node, an encoded message by encoding the message with a key; generating, at the first node, a set of one or more instructions that contain address data that indicates a location from which the key may be retrieved and executable code that implements a decryption algorithm for decoding the encoded message using the key; and providing the encoded message and the set of one or more instructions to the second node; wherein, processing the set of one or more instructions at the second node causes the message to be recovered from the encoded message by; retrieving the key from the location specified by the address data and decoding the encoded message using the key to recover the original message. - View Dependent Claims (10, 11, 12)
-
-
13. A method for controlling access to a message that is communicated from a first node to a second node in a network, the method comprising the computer-implemented steps of:
-
generating, at the first node, an encoded message by encoding the message with a key; generating, at the first node, a set of one or more instructions that contain instructions for transferring to a third node the encoded message and instructions for retrieving the key; providing the encoded message and the set of one or more instructions to the second node; wherein, processing the set of one or more instructions at the second node causes the encoded message and the instructions for retrieving the key to be transferred to the third node; and wherein, the receiving, at the third node, of the encoded message and the instructions for retrieving the key causes; the message to be recovered from the encoded message by retrieving the key, and decoding the encoded message using the key, and the recovered message to be provided from the third node to the second node. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-readable medium for controlling access to a message that is communicated from a first node to a second node in a network, the computer-readable medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
generating, at the first node, an encoded message by encoding the message with a key; generating, at the first node, a set of one or more instructions that contain instructions for transferring to a third node the encoded message and instructions for retrieving the key; providing the encoded message and the set of one or more instructions to the second node; wherein, processing the set of one or more instructions at the second node causes the encoded message and the instructions for retrieving the key to be transferred to the third node; and wherein, the receiving, at the third node, of the encoded message and the instructions for retrieving the key causes; the message to be recovered from the encoded message by retrieving the key, and decoding the encoded message using the key, and the recovered message to be provided from the third node to the second node. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A computer system for controlling access to a message that is communicated from a first node to a second node in a network, the computer system comprising:
-
one or more processors; and a memory communicatively coupled to the one or more processors and carrying one or more sequences of one or more instructions which, when executed by the one or more processors, causes the one or more processors to perform the steps of; generating, at the first node, an encoded message by encoding the message with a key; generating, at the first node, a set of one or more instructions that contain instructions for transferring to a third node the encoded message and instructions for retrieving the key; providing the encoded message and the set of one or more instructions to the second node; wherein, processing the set of one or more instructions at the second node causes the encoded message and the instructions for retrieving the key to be transferred to the third node; and wherein, the receiving, at the third node, of the encoded message and the instructions for retrieving the key causes; the message to be recovered from the encoded message by retrieving the key, and decoding the encoded message using the key, and the recovered message to be provided from the third node to the second node. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification