Modular secure data transfer

US 8,997,207 B2
Filed: 09/24/2009
Issued: 03/31/2015
Est. Priority Date: 09/24/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a message;

separating definition data and non-definition data within the message;

generating a message key unique to the definition data;

encrypting the definition data combined with the message key and non-definition data combined with the message key, each combination encrypted separately, both combinations encrypted using a same encryption key; and

transmitting the definition data and non-definition data to a target computing device separately.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system that modularizes a message by separating the message definition data from the message data. The message definition data and message data are transmitted over a secure channel to a target computing device. The message definition data and message data are recombined to form the original message at the target computer using a process corresponding to the modularization process. A key is used to track the associated definitions and message data and determine the corresponding combination process. Separate transmission of the data definitions and message data provides an added level of security. If message data is intercepted and decrypted by a third party, then the data is not easily utilized, because the definition data is absent. Similarly, interception of the message definition is not useful without the message data.

8 Citations

22 Claims

1. A method comprising:
- receiving a message;
  
  separating definition data and non-definition data within the message;
  
  generating a message key unique to the definition data;
  
  encrypting the definition data combined with the message key and non-definition data combined with the message key, each combination encrypted separately, both combinations encrypted using a same encryption key; and
  
  transmitting the definition data and non-definition data to a target computing device separately.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - establishing a secure communication channel between a transmitting computing device and a target computing device using any one of symmetric encryption, asymmetric encryption or hybrid encryption.
  - 3. The method of claim 1, wherein the message key is valid for a communication session.
  - 4. The method of claim 1, wherein the definition data is any one of a format for the non-definition data, metadata about the non-definition data, or object class data, andfurther wherein the non-definition data is any one of non-formatted data, non-type set data, or an instance of an object class.

5. A method comprising:
- receiving, at a target computing device, a message definition combined with a message key and message data separately combined with the message key, the combinations received over a secure communication channel;
  
  decrypting the combinations at the target computing device; and
  
  combining the message definition and message data to recreate a message.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The method of claim 5, further comprising:
    - identifying a match between the message definition and message data using the message key.
  - 7. The method of claim 5, wherein the key is unique to a message definition and a session.
  - 8. The method of claim 5, further comprising:
    - storing the message definition in a message definition store on the target computing device.
  - 9. The method of claim 8, further comprising:
    - receiving a second message data with the key; and
      
      combining the second message data with the message definition.
  - 10. The method of claim 5 further comprising:
    - determining whether the message definition is present in a message store on the target computing device; and
      
      discarding the message definition received responsive to a determination that the message definition is present in the message store on the target computing device.

11. An apparatus comprising:
- a first modular transfer module to process a message to generate a first message definition and first message data;
  
  a message key component coupled to the first module transfer module;
  
  a communication module to securely transmit the first message definition and first message data separately;
  
  an encryption module to encrypt the first message definition combined with a message key and the first message data separately combined with the message key, the encryption module using a same encryption key to encrypt both combinations.
- View Dependent Claims (12)
- - 12. The apparatus of claim 11, further comprising:
    - a second modular transfer module to process a second message to generate a second message definition and second message data, the first and second message definition corresponding to separate formats.

13. An apparatus comprising:
- a message creator to combine a first message definition received in combination with a first message key with a first message data separately received in combination with the first message key to generate a first message;
  
  a communication module to receive the combinations; and
  
  a decryption module to decrypt the first message definition and the first message data.
- View Dependent Claims (14, 15)
- - 14. The apparatus of claim 13, further comprising:
    - a message definition store to store the first message definition and to match the message key with the first message definition.
  - 15. The apparatus of claim 13, further comprising:
    - a message key matching component to match the first message definition and the first message data using the message key.

16. A non-transitory computer-readable medium having instructions stored herein, which when executed cause a computer to perform a set instructions comprising:
- receiving a first message;
  
  separating a first message definition and a first message data for the first message;
  
  encrypting the first message definition combined with a message key and the first message data separately combined with the message key by a transmitting computing device;
  
  encrypting the combinations separately; and
  
  transmitting the combinations separately to a target computing device.
- View Dependent Claims (17, 18)
- - 17. The non-transitory computer-readable medium of claim 16, having further instructions stored therein, which when executed cause a computer to perform a further set of instructions comprising:
    - generating the message key to uniquely identify the first message definition wherein the key is unique to a session.
  - 18. The non-transitory computer-readable medium of claim 16, having further instructions stored herein, which when executed cause a computer to perform a further set of instructions:
    - establishing a secure communication channel between the transmitting computer and the target computer using any one of symmetric encryption, asymmetric encryption or hybrid encryption.

19. A non-transitory computer-readable medium having instructions stored therein, which when executed cause a computer to perform a set of instructions comprising:
- receiving a first message definition and a first message data over a secure communication channel, wherein the first message definition and first message data are each received as separate units each combined with a message key, the combinations of the first key and each of the first message definition and the first message data separately encrypted;
  
  decrypting the first message definition and the first message data;
  
  identifying a match between the first message data and the first message definition;
  
  combining the first message data and the first message definition to form a message.
- View Dependent Claims (20, 21, 22)
- - 20. The non-transitory computer-readable medium of claim 19, having further instructions stored therein, which when executed cause a computer to perform a further set of instructions comprising:
    - searching a message definition store for a matching message definition for the first message data.
  - 21. The non-transitory computer-readable medium of claim 20, wherein the searching is a look up using a message key received with the first message data.
  - 22. The non-transitory computer-readable medium of claim 19, having further instructions stored therein, which when executed cause a computer to perform a further set of instructions comprising:
    - storing the first message definition in a message definition store to be combined with a second message data that is subsequently received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Heidasch, Robert
Primary Examiner(s)
Reza, Mohammad W

Application Number

US12/566,315
Publication Number

US 20110072258A1
Time in Patent Office

2,014 Days
Field of Search

726/15
US Class Current

726/15
CPC Class Codes

H04L 9/0838 Key agreement, i.e. key est...

Modular secure data transfer

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Modular secure data transfer

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links