Encryption/decryption pay per use web service

US 8,145,898 B2
Filed: 12/23/2003
Issued: 03/27/2012
Est. Priority Date: 12/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method in a web service for providing security for files transferred across a network, the method comprising:

receiving a request for content from a partner, the request for content including a partner master key, which is encrypted using a public key of the web service, the partner master key having a corresponding unpublished partner private key;

recovering the partner master key from the request and contacting a certificate authority (CA) to authenticate the partner master key as belonging to said partner;

retrieving the content upon authentication that the partner master key belongs to said partner;

encrypting the content with a web service secret key to produce encrypted content;

embedding the encrypted content and the web service secret key within a digital certificate issued by the certificate authority;

encrypting the certificate authority-issued digital certificate, including the embedded encrypted content and web service secret key, with the partner master key; and

transmitting the encrypted digital certificate to the partner;

whereby the web-service secret key and encrypted content can be recovered from the encrypted digital certificate using the partner private key and thereafter the encrypted content can be decrypted using the web service secret key.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for providing security for files transferred across a network, such as the Internet is provided. In one embodiment, a web service receives a request for content from a partner. The web service contacts a certificate authority to authenticate the partner and retrieves the requested content. The web service then generates a secret key and encrypts the content with the secret key to produce encrypted content. The secret key and the encrypted content are then embedded within a digital certificate issued by the certificate authority by using the public key of a public/private key pair issued by the certificate authority. The digital certificate is then transmitted to the partner where the partner decrypts the digital certificate to obtain the secret key and then uses the secret key to decrypt the encrypted content. A similar process may be used for the partner to send content to the web service.

75 Citations

View as Search Results

42 Claims

1. A method in a web service for providing security for files transferred across a network, the method comprising:
- receiving a request for content from a partner, the request for content including a partner master key, which is encrypted using a public key of the web service, the partner master key having a corresponding unpublished partner private key;
  
  recovering the partner master key from the request and contacting a certificate authority (CA) to authenticate the partner master key as belonging to said partner;
  
  retrieving the content upon authentication that the partner master key belongs to said partner;
  
  encrypting the content with a web service secret key to produce encrypted content;
  
  embedding the encrypted content and the web service secret key within a digital certificate issued by the certificate authority;
  
  encrypting the certificate authority-issued digital certificate, including the embedded encrypted content and web service secret key, with the partner master key; and
  
  transmitting the encrypted digital certificate to the partner;
  
  whereby the web-service secret key and encrypted content can be recovered from the encrypted digital certificate using the partner private key and thereafter the encrypted content can be decrypted using the web service secret key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 3. The method as recited in claim 2, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the partner by the certificate authority.
  - 4. The method as recited in claim 1, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred to the partner over the secure socket layer.
  - 5. The method as recited in claim 1, wherein the digital certificate is an X.509 certificate.
  - 6. The method as recited in claim 1, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s Code algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 7. The method as recited in claim 1, wherein conversations between the web service and the partner utilize a Web Service Enhancement Extension protocol.
  - 8. The method as recited in claim 1, wherein conversations between the web service and the partner utilize a Simple Object Access Protocol.
  - 9. The method as recited in claim 1, wherein the content comprises one of text, audio, video, pictures, and graphics.

10. A method in a web service for providing security for files transferred across a network, the method comprising:
- receiving a request from a partner to transfer content to a web service, the request to transfer content including a partner master key, which is encrypted using a public key of the web service, there being an unpublished partner private key;
  
  recovering the partner master key from the request and contacting a certificate authority to authenticate the partner master key;
  
  receiving a digital certificate comprising an encrypted secret key and encrypted content, wherein the encrypted content has been encrypted with at least one secret key;
  
  extracting at least one unencrypted secret key from the digital certificate;
  
  decrypting the encrypted content using the at least one unencrypted secret key to produce decrypted content;
  
  re-encrypting the decrypted content using a second secret key to produce a re-encrypted content file;
  
  encrypting the second secret key and the re-encrypted content file with the partner master key to produce a digital certificate; and
  
  transmitting the digital certificate comprising the encrypted second secret key and the re-encrypted content file to the partner.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The method as recited in claim 10, further comprising:
    - storing the unencrypted content in a database.
  - 12. The method as recited in claim 10, further comprising:
    - re-encrypting the unencrypted content to product re-encrypted content; and
      
      storing the re-encrypted content in a database.
  - 13. The method as recited in claim 12, wherein the content is stored as a Binary Large Object.
  - 14. The method as recited in claim 10, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 15. The method as recited in claim 14, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the web service by the certificate authority.
  - 16. The method as recited in claim 10, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred over the secure socket layer.
  - 17. The method as recited in claim 10, wherein the digital certificate is an X.509 certificate.
  - 18. The method as recited in claim 10, wherein re-encrypting the content with a second secret key to produce encrypted content utilizes one of a Ron'"'"'s Code algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 19. The method as recited in claim 10, wherein conversations between the web service and the partner utilize a Web Service Enhancement Extension protocol.
  - 20. The method as recited in claim 10, wherein conversations between the web service and the partner utilize a Simple Object Access Protocol.
  - 21. The method as recited in claim 10, wherein the content comprises one of text, audio, video, pictures, and graphics.

22. A non-transitory computer readable storage media containing computer program instructions, which when executed cause a computer to securely transfer files across a network as a web service that provides content files transferred across a network, the computer readable storage media comprising:
- first instructions for receiving a request for content from a partner, the request for content including a partner master key, which is encrypted using a public key of the web service, there being not received from the partner, a partner private key corresponding to the partner master key;
  
  second instructions for recovering the partner master key from the request and contacting a certificate authority to authenticate the partner master key;
  
  third instructions for retrieving the content upon authentication that the partner master key belongs to said partner;
  
  fourth instructions for encrypting the content with a secret key to produce encrypted content;
  
  fifth instructions for embedding the encrypted content and the secret key within a digital certificate issued by the certificate authority, fifth instructions including instructions to encrypt the digital certificate with the partner master key; and
  
  sixth instructions for transmitting the encrypted digital certificate to the partner.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The computer program product as recited in claim 22, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 24. The computer program product as recited in claim 23, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the partner by the certificate authority.
  - 25. The computer program product as recited in claim 22, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred to the partner over the secure socket layer.
  - 26. The computer program product as recited in claim 22, wherein the digital certificate is an X.509 certificate.
  - 27. The computer program product as recited in claim 22, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s Code algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 28. The computer program product as recited in claim 22, wherein conversations between the web service and the partner utilize a Web Service Enhancement Extension protocol.
  - 29. The computer program product as recited in claim 22, wherein conversations between the web service and the partner utilize a Simple Object Access Protocol.
  - 30. The computer program product as recited in claim 22, wherein the content comprises one of text, audio, video, pictures, and graphics.

31. A computer program product on a non-transitory computer readable medium to be executed in a data processing system used as a web service for providing security for files transferred across a network, the computer program product comprising:
- first instructions for receiving a request from a partner to transfer content to a web service the request to transfer content including a partner master key, which is encrypted using a public key of the web service, there being un-received, a partner private key corresponding to the partner master key;
  
  second instructions for recovering the partner master key from the request and contacting a certificate authority to authenticate the partner master key;
  
  third instructions for receiving a first digital certificate comprising an encrypted secret key and encrypted content, wherein the encrypted content has been encrypted with at least one secret key;
  
  fourth instructions for extracting at least one unencrypted secret key from the first digital certificate;
  
  fifth instructions for decrypting the encrypted content using the at least one unencrypted secret key to produce unencrypted content and for re-encrypting the content using a second secret key; and
  
  said fifth instructions including additional instructions for encrypting the re-encrypted content and the second secret key into a second digital certificate using the partner master key, and for sending the second digital certificate to said partner whereby the second digital certificate can be decrypted using the partner secret key.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 32. The computer program product as recited in claim 31, further comprising:
    - sixth instructions for storing the unencrypted content in a database.
  - 33. The computer program product as recited in claim 31, further comprising:
    - sixth instructions for re-encrypting the unencrypted content to product re-encrypted content; and
      
      seventh instructions for storing the re-encrypted content in a database.
  - 34. The computer program product as recited in claim 33, wherein the content is stored as a Binary Large Object.
  - 35. The computer program product as recited in claim 31, wherein embedding the encrypted content and the at least one secret key within a digital certificate comprises encrypting the secret key with a public key.
  - 36. The computer program product as recited in claim 35, wherein the public key is issued by the certificate authority and the corresponding private key has been sent to the web service by the certificate authority.
  - 37. The computer program product as recited in claim 31, wherein a secure socket layer is established between the web service and the partner and the digital certificate is transferred over the secure socket layer.
  - 38. The computer program product as recited in claim 31, wherein the digital certificate is an X.509 certificate.
  - 39. The computer program product as recited in claim 31, wherein encrypting the content with at least one secret key to produce encrypted content utilizes one of a Ron'"'"'s Code algorithm, a digital encryption standard algorithm, and a triple digital encryption standard algorithm.
  - 40. The computer program product as recited in claim 31, wherein conversations between the web service and the partner utilize a Web Service Enhancement Extension protocol.
  - 41. The computer program product as recited in claim 31, wherein conversations between the web service and the partner utilize a Simple Object Access Protocol.
  - 42. The computer program product as recited in claim 31, wherein the content comprises one of text, audio, video, pictures, and graphics.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ent Services Development Corporation LP (DXC Technology Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Kamalakantha, Chandra H.
Primary Examiner(s)
Goodarzi, Nasser
Assistant Examiner(s)
Johnson, Carlton

Application Number

US10/744,122
Publication Number

US 20050138360A1
Time in Patent Office

3,017 Days
Field of Search

713/156, 713/171
US Class Current

713/156
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 2221/2115   Third party

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

Encryption/decryption pay per use web service

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption/decryption pay per use web service

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links