Encryption/decryption pay per use web service
First Claim
1. A method in a web service for providing security for files transferred across a network, the method comprising:
- receiving a request for content from a partner, the request for content including a partner master key, which is encrypted using a public key of the web service, the partner master key having a corresponding unpublished partner private key;
recovering the partner master key from the request and contacting a certificate authority (CA) to authenticate the partner master key as belonging to said partner;
retrieving the content upon authentication that the partner master key belongs to said partner;
encrypting the content with a web service secret key to produce encrypted content;
embedding the encrypted content and the web service secret key within a digital certificate issued by the certificate authority;
encrypting the certificate authority-issued digital certificate, including the embedded encrypted content and web service secret key, with the partner master key; and
transmitting the encrypted digital certificate to the partner;
whereby the web-service secret key and encrypted content can be recovered from the encrypted digital certificate using the partner private key and thereafter the encrypted content can be decrypted using the web service secret key.
7 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and computer program product for providing security for files transferred across a network, such as the Internet is provided. In one embodiment, a web service receives a request for content from a partner. The web service contacts a certificate authority to authenticate the partner and retrieves the requested content. The web service then generates a secret key and encrypts the content with the secret key to produce encrypted content. The secret key and the encrypted content are then embedded within a digital certificate issued by the certificate authority by using the public key of a public/private key pair issued by the certificate authority. The digital certificate is then transmitted to the partner where the partner decrypts the digital certificate to obtain the secret key and then uses the secret key to decrypt the encrypted content. A similar process may be used for the partner to send content to the web service.
75 Citations
42 Claims
-
1. A method in a web service for providing security for files transferred across a network, the method comprising:
-
receiving a request for content from a partner, the request for content including a partner master key, which is encrypted using a public key of the web service, the partner master key having a corresponding unpublished partner private key; recovering the partner master key from the request and contacting a certificate authority (CA) to authenticate the partner master key as belonging to said partner; retrieving the content upon authentication that the partner master key belongs to said partner; encrypting the content with a web service secret key to produce encrypted content; embedding the encrypted content and the web service secret key within a digital certificate issued by the certificate authority; encrypting the certificate authority-issued digital certificate, including the embedded encrypted content and web service secret key, with the partner master key; and transmitting the encrypted digital certificate to the partner; whereby the web-service secret key and encrypted content can be recovered from the encrypted digital certificate using the partner private key and thereafter the encrypted content can be decrypted using the web service secret key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in a web service for providing security for files transferred across a network, the method comprising:
-
receiving a request from a partner to transfer content to a web service, the request to transfer content including a partner master key, which is encrypted using a public key of the web service, there being an unpublished partner private key; recovering the partner master key from the request and contacting a certificate authority to authenticate the partner master key; receiving a digital certificate comprising an encrypted secret key and encrypted content, wherein the encrypted content has been encrypted with at least one secret key; extracting at least one unencrypted secret key from the digital certificate; decrypting the encrypted content using the at least one unencrypted secret key to produce decrypted content; re-encrypting the decrypted content using a second secret key to produce a re-encrypted content file; encrypting the second secret key and the re-encrypted content file with the partner master key to produce a digital certificate; and transmitting the digital certificate comprising the encrypted second secret key and the re-encrypted content file to the partner. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer readable storage media containing computer program instructions, which when executed cause a computer to securely transfer files across a network as a web service that provides content files transferred across a network, the computer readable storage media comprising:
-
first instructions for receiving a request for content from a partner, the request for content including a partner master key, which is encrypted using a public key of the web service, there being not received from the partner, a partner private key corresponding to the partner master key; second instructions for recovering the partner master key from the request and contacting a certificate authority to authenticate the partner master key; third instructions for retrieving the content upon authentication that the partner master key belongs to said partner; fourth instructions for encrypting the content with a secret key to produce encrypted content; fifth instructions for embedding the encrypted content and the secret key within a digital certificate issued by the certificate authority, fifth instructions including instructions to encrypt the digital certificate with the partner master key; and sixth instructions for transmitting the encrypted digital certificate to the partner. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer program product on a non-transitory computer readable medium to be executed in a data processing system used as a web service for providing security for files transferred across a network, the computer program product comprising:
-
first instructions for receiving a request from a partner to transfer content to a web service the request to transfer content including a partner master key, which is encrypted using a public key of the web service, there being un-received, a partner private key corresponding to the partner master key; second instructions for recovering the partner master key from the request and contacting a certificate authority to authenticate the partner master key; third instructions for receiving a first digital certificate comprising an encrypted secret key and encrypted content, wherein the encrypted content has been encrypted with at least one secret key; fourth instructions for extracting at least one unencrypted secret key from the first digital certificate; fifth instructions for decrypting the encrypted content using the at least one unencrypted secret key to produce unencrypted content and for re-encrypting the content using a second secret key; and said fifth instructions including additional instructions for encrypting the re-encrypted content and the second secret key into a second digital certificate using the partner master key, and for sending the second digital certificate to said partner whereby the second digital certificate can be decrypted using the partner secret key. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification