Secure, auditable file exchange system and method
First Claim
1. A computer-implemented method for providing a secure file-exchange service, the method comprising:
- obtaining, by a file-exchange server from a remote member device, new member information including identity information and a professional credential associated with a new member;
verifying, by said file-exchange server according to said identity information, that said new member has a personal identity as indicated by said identity information, and that said new member has a professional designation as indicated by said professional credential;
when said new member'"'"'s personal identity and professional designation have been verified, designating said new member as a verified-professional member and obtaining, by said file-exchange server, a member public key of a public/private key pair for said verified-professional member;
generating, by said file-exchange server, a member widget indicating said verified-professional member'"'"'s status as a verified professional and being configured to accept files submitted for secure transfer to said verified-professional member;
providing, by said file-exchange server, said member widget for publication by said new member;
receiving an indication, by said file-exchange server via said published member widget, to provide a file from a remote sender device to said verified-professional member;
obtaining, by said file-exchange server from said remote sender device via said published member widget, metadata associated with said file;
obtaining, by said file-exchange server, a reference cryptographic integrity code derived from said file;
obtaining, by said file-exchange server from said remote sender device via said published member widget, an encrypted copy of said file, said encrypted copy being encrypted with said member public key;
storing said metadata, said reference cryptographic integrity code, and said encrypted copy in a non-transient data store;
receiving, from said remote member device, a request for said file; and
in response to said request;
retrieving said encrypted copy from said data store;
sending said encrypted copy to said remote member device for decryption, according to said private key, into an unconfirmed unencrypted file;
receiving, from said remote member device, an unconfirmed cryptographic integrity code derived from said unconfirmed unencrypted file;
determining whether said unconfirmed cryptographic integrity code matches said reference cryptographic integrity code; and
when said unconfirmed cryptographic integrity code is determined to match said reference cryptographic integrity code, confirming to said remote member device that said unconfirmed unencrypted file is a correct copy of said file.
1 Assignment
0 Petitions
Accused Products
Abstract
Secure and auditable file exchange between a professional and a client, patient, colleague, or other associate of the professional may be achieved via a file exchange service that automatically verifies the professional'"'"'s professional status and identity and provides applications and/or tools to accept files for transfer to the verified professional. The files are stored in encrypted form, along with cryptographic integrity codes. After the files have been transferred to the professional, the cryptographic integrity codes may be used to verify that the professional received a correct copy of the file that was originally provided.
33 Citations
28 Claims
-
1. A computer-implemented method for providing a secure file-exchange service, the method comprising:
-
obtaining, by a file-exchange server from a remote member device, new member information including identity information and a professional credential associated with a new member; verifying, by said file-exchange server according to said identity information, that said new member has a personal identity as indicated by said identity information, and that said new member has a professional designation as indicated by said professional credential; when said new member'"'"'s personal identity and professional designation have been verified, designating said new member as a verified-professional member and obtaining, by said file-exchange server, a member public key of a public/private key pair for said verified-professional member; generating, by said file-exchange server, a member widget indicating said verified-professional member'"'"'s status as a verified professional and being configured to accept files submitted for secure transfer to said verified-professional member; providing, by said file-exchange server, said member widget for publication by said new member; receiving an indication, by said file-exchange server via said published member widget, to provide a file from a remote sender device to said verified-professional member; obtaining, by said file-exchange server from said remote sender device via said published member widget, metadata associated with said file; obtaining, by said file-exchange server, a reference cryptographic integrity code derived from said file; obtaining, by said file-exchange server from said remote sender device via said published member widget, an encrypted copy of said file, said encrypted copy being encrypted with said member public key; storing said metadata, said reference cryptographic integrity code, and said encrypted copy in a non-transient data store; receiving, from said remote member device, a request for said file; and
in response to said request;retrieving said encrypted copy from said data store; sending said encrypted copy to said remote member device for decryption, according to said private key, into an unconfirmed unencrypted file; receiving, from said remote member device, an unconfirmed cryptographic integrity code derived from said unconfirmed unencrypted file; determining whether said unconfirmed cryptographic integrity code matches said reference cryptographic integrity code; and when said unconfirmed cryptographic integrity code is determined to match said reference cryptographic integrity code, confirming to said remote member device that said unconfirmed unencrypted file is a correct copy of said file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transient computer-readable medium having stored thereon instructions that, when executed by a processor, configure the processor to:
-
obtain, from a remote member device, new-member information including identity information and a professional credential associated with a new member; verify, according to said identity information, that said new member has a personal identity as indicated by said identity information, and that said new member has a professional designation as indicated by said professional credential; when said new member'"'"'s personal identity and professional designation have been verified, designate said new member as a verified-professional member and obtaining a member public key of a public/private key pair for said verified-professional member; generate a member widget indicating said verified-professional member'"'"'s status as a verified professional and being configured to accept files submitted for secure transfer to said verified-professional member; provide said member widget for publication by said new member; receive an indication, via said published member widget, to provide a file from a remote sender device to said verified-professional member; obtain, from said remote sender device via said published member widget, metadata associated with said file; obtain a reference cryptographic integrity code derived from said file; obtain, from said remote sender device via said published member widget, an encrypted copy of said file, said encrypted copy being encrypted with said member public key; store said metadata, said reference cryptographic integrity code, and said encrypted copy in a non-transient data store; receive, from said remote member device, a request for said file; and in response to said request; retrieve said encrypted copy from said data store; send said encrypted copy to said remote member device for decryption, according to said private key, into an unconfirmed unencrypted file; receive, from said remote member device, an unconfirmed cryptographic integrity code derived from said unconfirmed unencrypted file; determine whether said unconfirmed cryptographic integrity code matches said reference cryptographic integrity code; and when said unconfirmed cryptographic integrity code is determined to match said reference cryptographic integrity code, confirm to said remote member device that said unconfirmed unencrypted file is a correct copy of said file. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A computing apparatus for secure file exchange, the apparatus comprising:
-
a processor; and a memory storing instructions that, when executed by the processor, configure the apparatus to; obtain, from a remote member device, new-member information including identity information and a professional credential associated with a new member; verify, according to said identity information, that said new member has a personal identity as indicated by said identity information, and that said new member has a professional designation as indicated by said professional credential; when said new member'"'"'s personal identity and professional designation have been verified, designate said new member as a verified-professional member and obtaining a member public key of a public/private key pair for said verified-professional member; generate a member widget indicating said verified-professional member'"'"'s status as a verified professional and being configured to accept files submitted for secure transfer to said verified-professional member; provide said member widget for publication by said new member; receive an indication, via said published member widget, to provide a file from a remote sender device to said verified-professional member; obtain, from said remote sender device via said published member widget, metadata associated with said file; obtain a reference cryptographic integrity code derived from said file; obtain, from said remote sender device via said published member widget, an encrypted copy of said file, said encrypted copy being encrypted with said member public key; and store said metadata, said reference cryptographic integrity code, and said encrypted copy in a non-transient data store; receive, from said remote member device, a request for said file; and in response to said request; retrieve said encrypted copy from said data store; send said encrypted copy to said remote member device for decryption, according to said private key, into an unconfirmed unencrypted file; receive, from said remote member device, an unconfirmed cryptographic integrity code derived from said unconfirmed unencrypted file; determine whether said unconfirmed cryptographic integrity code matches said reference cryptographic integrity code; and when said unconfirmed cryptographic integrity code is determined to match said reference cryptographic integrity code, confirm to said remote member device that said unconfirmed unencrypted file is a correct copy of said file. - View Dependent Claims (24, 25, 26, 27, 28)
-
Specification