Data transfer and management system

US 7,406,596 B2
Filed: 03/12/2001
Issued: 07/29/2008
Est. Priority Date: 03/10/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A system for file management and transfer on a computer network, said network being connected to a plurality of users, comprising:

a data management module (DMM), residing on a server, including separate storage space on the server for each user of the system for uploading, forwarding, downloading and storage of files and messages selectively in encrypted and non-encrypted state, each user'"'"'s space being divided into a plurality of main directories, including a system folder which keeps the user'"'"'s settings defined by the system, and user'"'"'s preferences, selected by the user, and folders for his private box, inbox and shared folders, which can be subdivided by user into many subfolders for storage and management of files to form an online filing system for each user, to define different accessibility rights to different files, a server administrator having control over many management functions including registration and management of users and disk space and services on the server, while each user has control via a range of commands over many functions related to his files and allocated disk space, including compression, decompression, transfer, upload/download, delete, distribution to named groups of members of non-members, creation of arbitrary number of shared folders and access tables for individual shared folders and subdivision of various directories;

a file transfer encryption and transfer module (FTE) residing on the user'"'"'s computer, providing selection and transfer of files and messages to destinations including destinations on the server, on other computers connected to the network and to outside computers via email based on a local mirroring of part of the data and structure of the DMM onto the user'"'"'s computer, said FTE also providing selective encryption/decryption of files and messages with passwords exclusively associated and shared with different users, destinations or origins of the file or message, as the user moves the file to a new location so that the file is encrypted/decrypted by a password associated with and shared between the user and the new destination or origin;

a file transfer module residing on the server which works in conjunction with the FTE for transferring data/files;

a password management module residing on the user'"'"'s computer which is a secure database of the user'"'"'s password which he and other users have agreed to share, and passwords for other folders on the system or locations on computers outside the system, the password management module being encrypted by a master password known only to the user, wherein the password management module searches users and other passwords according to a defined criteria, selects appropriate passwords for encryption/decryption, provides synchronization of passwords for putting communicating users and provides each user the facility to register, delete, make available for sharing, change and manage his own passwords; and

a security system including access controls for login, including store, search and validation of users'"'"' login passwords in hash form and controlled by internal access list for shared spaces and security through semi-transparent encryption of files in transit and in storage on the system, to protect file/data residing on the system from unauthorized access, with encryption/decryption occurring on the user'"'"'s computer to ensure that files are unreadable by any persons not having the encryption password, and/or managed by users exclusively on their computers without any intervention by server administrators or other personal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for the secure transfer of data and data management on the Internet has a data encryption and transfer module operable in a user computing system, a data management module operable in a sewer computing system, the transfer of data between the user and the server computing systems being effected on the user computing system through use of the data encryption and transfer module, by moving the data to or from a first desktop window, associated with the user computing system, from or to a second desktop window, associated with the server computing system, each window being associated with a password, such that the step of moving the data from one window to the other causes the data to encrypted/re-encrypted from one associated password to the other.

157 Citations

38 Claims

1. A system for file management and transfer on a computer network, said network being connected to a plurality of users, comprising:
- a data management module (DMM), residing on a server, including separate storage space on the server for each user of the system for uploading, forwarding, downloading and storage of files and messages selectively in encrypted and non-encrypted state, each user'"'"'s space being divided into a plurality of main directories, including a system folder which keeps the user'"'"'s settings defined by the system, and user'"'"'s preferences, selected by the user, and folders for his private box, inbox and shared folders, which can be subdivided by user into many subfolders for storage and management of files to form an online filing system for each user, to define different accessibility rights to different files, a server administrator having control over many management functions including registration and management of users and disk space and services on the server, while each user has control via a range of commands over many functions related to his files and allocated disk space, including compression, decompression, transfer, upload/download, delete, distribution to named groups of members of non-members, creation of arbitrary number of shared folders and access tables for individual shared folders and subdivision of various directories;
  
  a file transfer encryption and transfer module (FTE) residing on the user'"'"'s computer, providing selection and transfer of files and messages to destinations including destinations on the server, on other computers connected to the network and to outside computers via email based on a local mirroring of part of the data and structure of the DMM onto the user'"'"'s computer, said FTE also providing selective encryption/decryption of files and messages with passwords exclusively associated and shared with different users, destinations or origins of the file or message, as the user moves the file to a new location so that the file is encrypted/decrypted by a password associated with and shared between the user and the new destination or origin;
  
  a file transfer module residing on the server which works in conjunction with the FTE for transferring data/files;
  
  a password management module residing on the user'"'"'s computer which is a secure database of the user'"'"'s password which he and other users have agreed to share, and passwords for other folders on the system or locations on computers outside the system, the password management module being encrypted by a master password known only to the user, wherein the password management module searches users and other passwords according to a defined criteria, selects appropriate passwords for encryption/decryption, provides synchronization of passwords for putting communicating users and provides each user the facility to register, delete, make available for sharing, change and manage his own passwords; and
  
  a security system including access controls for login, including store, search and validation of users'"'"' login passwords in hash form and controlled by internal access list for shared spaces and security through semi-transparent encryption of files in transit and in storage on the system, to protect file/data residing on the system from unauthorized access, with encryption/decryption occurring on the user'"'"'s computer to ensure that files are unreadable by any persons not having the encryption password, and/or managed by users exclusively on their computers without any intervention by server administrators or other personal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. A system according to claim 1, wherein the FTE uses symmetric key encryption and a file-transferring engine.
  - 3. A system according to claim 2, wherein the file-transferring engine is a hypertext transfer protocol (HTTP) engine.
  - 4. A system according to claim 2, wherein the file-transferring engine is a file transfer protocol (FTP) engine.
  - 5. A system according to claim 4, wherein the transfer of data can be resumed from a point of breakdown following a line interruption.
  - 6. A system according to claim 1, wherein the FTE uses public key encryption and a file-transferring engine.
  - 7. A system according to claim 1, wherein the FTE includes a data compression/decompression function.
  - 8. A system according to claim 1, wherein the file transferred by a first user, using the FTE, can be stored on the server computing system such that it can only be accessed by that user.
  - 9. A system according to claim 1, wherein the file transferred by the first user, using the FTE, can be stored on the server computing system such that it can be accessed and downloaded by a second user, using the FTE in his own user computing system, but is not accessible by another person, except with the first user'"'"'s permission.
  - 10. A system according to claim 1, wherein a first user can create a folder on the server computing system into and out of which files can only be transferred by the first user and other users, designated by the first user, the folders being available to an access list defined by the user, and associated with an encryption password so that all files posted there will be automatically encrypted and later decrypted with that password and the password is only known to the access list.
  - 11. A system according to claim 1, wherein the FTE supports the desktop encryption of data on the user computing system for storage of encrypted files on the user'"'"'s computer or transfer of encrypted files to any other computer inside or outside the system.
  - 12. A system according to claim 1, wherein the FTE supports the preparation of self-decrypting, self-extracting, executable archives for transfer to non-users of the system.
  - 13. A system according to claim 1, wherein data in the form of a file can be transferred with the message attached thereto, optionally attached to a file, the message being encrypted in the same manner as the file.
  - 14. A system according to claim 1, wherein the DMM includes the functions of data storage, management and exchange, the storage of public keys/certificates, and an imbedded public key infrastructure (PKI).
  - 15. A system according to claim 14, wherein the DMM supports secure remote administration of the system including the functions of stopping/running the module, viewing and checking the working parameters, adding or removing users, and changing a user'"'"'s options.
  - 16. A system according to claim 15, wherein the data flow between a remote administrator and the server computing system is encrypted.
  - 17. A system according to claim 15, wherein the data management module provides a document tracking service for the users.
  - 18. A system according to claim 17, wherein the document tracking service includes the automatic sending of an e-mail notification of an uploaded file to the intended recipient, and the automatic sending of an e-mail notification to a sender, when a file has been downloaded by a recipient.
  - 19. A system according to claim 17, wherein the document tracking service includes the marking of files by the DMM, once they have been downloaded from the server computing system by a recipient.
  - 20. A system according to claim 1, wherein the DMM will detect when both a user and an intended recipient are connected to the system and will provide the user with the option of sending the data directly to the recipient'"'"'s computer, without intermediate storage on the server computing system, and the FTE on each user'"'"'s computer exchanges files directly between them.
  - 21. A system according to claim 1, herein the data, to be transferred by a user to a recipient'"'"'s folder on the server computing system, is encrypted using a secret password agreed between the user and the recipient.
  - 22. A system according to claim 21, wherein the secret passwords of a user and also the secret passwords shared by a user and his recipients are stored in the password management module operable in the user computing system in encrypted form.
  - 23. A system according to claim 22, wherein the passwords, stored in the password management module, are encrypted with the user'"'"'s main password and are decrypted when needed, providing a secret key infrastructure (SKI).
  - 24. A system according to claim 1, wherein, when a secret password cannot be agreed between a user and a recipient, the encryption and transfer module generates a one-session common secret password by which the data to be transferred is encrypted, the DMM provides the user computing system with the public password of the recipient and the encryption and transfer module encrypts the one-session common password with the public password of the recipient and adds it to the data to be transferred, such that the recipient can subsequently decrypt the data using the one-session secret password.
  - 25. A system according to claim 1, wherein the use of digital signatures and standard or imbedded certificates is supported.
  - 26. The system according to claim 1, wherein the computer network is part of a local or wide area network.
  - 27. The system according to claim 1, wherein the computer network is the Internet.
  - 28. The system according to claim 1, wherein files are transferred via communication modes and via other devices which have computing engines.
  - 29. The system according to claim 1, wherein the master password can be revealed or bypassed a super-user password.

30. A system for file management and transfer on a computer network, said network being connected being to a plurality of users, comprising:
- a data management module (DMM), residing on a server, including separate storage space on the server for each user of the system for uploading, forwarding, downloading and storage of files and messages selectively in encrypted and non-encrypted state, each user'"'"'s space being divided into a plurality of main directories, including a system folder which keeps the user'"'"'s settings defined by the system, and user'"'"'s preferences, selected by the user, and folders for his private box, inbox and shared folders, which can be subdivided by user into many subfolders for storage and management of files to form an online filing system for each user to define different accessibility rights to different files, a server administrator having control over many management functions including registration and management of users and disk space and services on the server, while each user has control via a range of commands over many functions related to his files and allocated disk space, including compression, decompression, transfer, upload/download, delete, distribution to named groups of members of non-members, creation of arbitrary number of shared folders and access tables for individual shared folders and subdivision of various directories;
  
  a file transfer encryption and transfer module (FTE) residing on the user'"'"'s computer, which provides for selection and transfer of files and messages using a standard web browser for file transfer using HTTP with selective encryption/decryption of files and messages with passwords exclusively associated and shared with different users, destinations or origins of the file or message, as the user moves the file to a new location so that the file is encrypted/decrypted by a password associated with and shared between the user and the new destination or origin;
  
  a file transfer module residing on the server which works in conjunction with the FTE for transferring data/files;
  
  a password management module residing on the user'"'"'s computer which is a secure database of the user'"'"'s password which he and other users have agreed to share, and passwords for other folders on the system or locations on computers outside the system, the password management module being encrypted by a master password known only to the user, wherein the password management module searches users and other passwords according to a defined criteria, selects appropriate passwords for encryption/decryption, provides synchronization of passwords for putting communicating users and provides each user the facility to register, delete, make available for sharing, change and manage his own passwords; and
  
  a security system including access controls for login, including store, search and validation of users'"'"' login passwords in hash form and controlled by internal access list for shared spaces and security through semi-transparent encryption of files in transit and in storage on the system, to protect file/data residing on the system from unauthorized access, with encryption/decryption occurring on the user'"'"'s computer to ensure that files are unreadable by any persons not having the encryption password, and/or managed by users exclusively on their computers without any intervention by server administrators or other personal.

31. A system for encrypting files and data for storage on and transfer through a network to which a plurality of users are connected, wherein encryption passwords remain under the exclusive control of the owners of the files which are encrypted, the system using a secret (symmetric) key infrastructure, comprising:
- a password manager for each user residing on his local computer, providing a store for his passwords including passwords associated with and agreed by each pair of users on the network and including any connected computer, or each user and other folder/destination, including his private box and subfolders enabling management of his passwords exclusively by the user, the password manager being encrypted by the user'"'"'s master password so that when the password manager is opened by the user'"'"'s entering of the master password, the password manager will automatically select the appropriate working password relevant to the destination or origin of encrypted file;
  
  the file transfer and encryption module receiving the appropriate password from the password manager, the file transfer and encryption module encrypting/decrypting or re-encrypting for a new destination, a file or other data and transfers or stores it from one location to a second location, when the user moves the file by a simple drag/drop or context menu command;
  
  wherein passwords are exchanged and agreed between users using public key pairs created for each user by the system or the user'"'"'s own public key pairs in the absence of other key agreement procedures.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. A system according to claim 31, wherein the first and second locations are on the user computing system.
  - 33. A system according to claim 31, wherein the first location is on the user computing system and the second location is on a remote computing system.
  - 34. A system according to claim 33, wherein the user computing system and the remote computing system are part of a local area network.
  - 35. A system according to claim 33, wherein the user computing system and the remote computing system are connected through the Internet.
  - 36. The system according to claim 31, wherein files are transferred via communication modes and via other devices which have computing engines.
  - 37. The system according to claim 31, wherein the master password can be revealed or bypassed a super-user password.

38. A system for file management and transfer on a computer network, said network being connected to a plurality of users, comprising:
- a data management module (DMM) residing on a server including separate storage space on the server for each user of the system, each user space being divided into a plurality of main directories, at least one of said main directories including shared folders;
  
  said shared folders being accessible to specific groups of users connected to the network, having access to a shared folder being determined by passwords which are agreed by the users associated with the shared folder.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Herbert Street Technologies
Original Assignee
Herbert Street Technologies
Inventors
Roumiantsev, Andrei Igorevich, Koltsov, Alexandre Vladimirovich, O'Doherty, Brian John
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Cervetti; David Garcia

Application Number

US10/221,221
Publication Number

US 20030177422A1
Time in Patent Office

2,696 Days
Field of Search

726/26 713/165
US Class Current

713/165
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 51/00   User-to-user messaging in p...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/083   using passwords cryptograph...

H04L 69/328   in the presentation layer [...

Data transfer and management system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

157 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Data transfer and management system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links