Mobile application secure data exchange

US 9,225,694 B1
Filed: 02/17/2012
Issued: 12/29/2015
Est. Priority Date: 02/24/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

generating a message for delivery to a mobile communications device;

encrypting the message and storing the message on a remote server by passing the message through a plurality of security zones that facilitate the performance of separate duties;

providing a notification to the mobile communications device via an unsecure notification modality, the notification indicating the availability of the encrypted message on the remote server and comprising a file location identifier;

receiving user-generated input on the mobile communications device from a recipient selecting the file location identifier;

retrieving, by the mobile communications device, the encrypted message using a file location identifier from the remote server;

and decrypting and rendering the message on the mobile communications device;

wherein the message is generated on a second mobile communications device by a sender, the second mobile communications device automatically deleting the message after it has been passed through the plurality of security zones and stored on the remote server;

wherein the security zones comprise;

an outermost security zone providing unsecured data exchange, a first security zone in which application workers validate sender credentials and message format, a second security zone that receives data validated in the first zone, the validated data being archived or sent to the mobile communications device, a third security zone that receives data from the second security zone to be sent to the mobile communications device, such data being encrypted in the third security zone, and a fourth security zone that receives data from the second security zone that is to be archived and data from the third security zone to decrypt, the fourth security zone providing a highest level of security as compared to the other security zones.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for secure data exchange using a mobile application on a mobile communications device. Such data exchange can be used in a variety of industries including healthcare and finance. Related apparatus, systems, techniques and articles are also described.

21 Citations

View as Search Results

17 Claims

1. A computer-implemented method comprising:
- generating a message for delivery to a mobile communications device;
  
  encrypting the message and storing the message on a remote server by passing the message through a plurality of security zones that facilitate the performance of separate duties;
  
  providing a notification to the mobile communications device via an unsecure notification modality, the notification indicating the availability of the encrypted message on the remote server and comprising a file location identifier;
  
  receiving user-generated input on the mobile communications device from a recipient selecting the file location identifier;
  
  retrieving, by the mobile communications device, the encrypted message using a file location identifier from the remote server;
  
  and decrypting and rendering the message on the mobile communications device;
  
  wherein the message is generated on a second mobile communications device by a sender, the second mobile communications device automatically deleting the message after it has been passed through the plurality of security zones and stored on the remote server;
  
  wherein the security zones comprise;
  
  an outermost security zone providing unsecured data exchange, a first security zone in which application workers validate sender credentials and message format, a second security zone that receives data validated in the first zone, the validated data being archived or sent to the mobile communications device, a third security zone that receives data from the second security zone to be sent to the mobile communications device, such data being encrypted in the third security zone, and a fourth security zone that receives data from the second security zone that is to be archived and data from the third security zone to decrypt, the fourth security zone providing a highest level of security as compared to the other security zones.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as in claim 1, further comprising:
    - automatically deleting the message on the mobile communications device immediately upon the recipient finishing viewing the message.
  - 3. A method as in claim 2, wherein automatically deleting comprises:
    - repeatedly overwriting the message and deleting the corresponding overwrites.
  - 4. A method as in claim 1, wherein the second mobile communications device encrypts the message using a key for the recipient.
  - 5. A method as in claim 4, wherein the key is stored on the second mobile communications device.
  - 6. A method as in claim 1, wherein the remote server encrypts the message using a key for the recipient.
  - 7. A method as in claim 1, wherein the message is retrieved using a secure transmission protocol.
  - 8. A method as in claim 7, wherein the secure transmission protocol comprises Secure Sockets Layer protocol.
  - 9. A method as in claim 1, wherein the plurality of security zones are configured to comply with one or more of HIPAA and PCI-DSS Level 1 protocols.
  - 10. A method as in claim 1, wherein data within the fourth security zone that is to be archived is encrypted with a second encryption key so that the data is doubly encrypted.
  - 11. A method as in claim 1, wherein the generation, encryption, and decryption of the message is generated using a software module based on a software development kit, the software development kit interfacing with an application to enable secure message exchange.

12. An article of manufacture comprising:
- computer executable instructions stored on non-transitory computer readable media, which, when executed by at least one data processor, causes the at least one data processor to perform operations comprising;
  
  generating a message for delivery to a mobile communications device;
  
  encrypting the message and storing the message on a remote server by passing the message through a plurality of security zones that facilitate the performance of separate duties;
  
  providing a notification to the mobile communications device via an unsecure notification modality, the notification indicating the availability of the encrypted message on the remote server and comprising a file location identifier;
  
  receiving user-generated input on the mobile communications device from a recipient selecting the file location identifier;
  
  retrieving, by the mobile communications device, the encrypted message using the file location identifier from the remote server; and
  
  decrypting and rendering the message on the mobile communications device;
  
  wherein the message is generated on a second mobile communications device by a sender, the second mobile communications device automatically deleting the message after it has been passed through the plurality of security zones stored on the remote server;
  
  wherein the security zones comprise;
  
  an outermost security zone providing unsecured data exchange, a first security zone in which application workers validate sender credentials and message format, a second security zone that receives data validated in the first zone, the validated data being archived or sent to the mobile communications device, a third security zone that receives data from the second security zone to be sent to the mobile communications device, such data being encrypted in the third security zone, and a fourth security zone that receives data from the second security zone that is to be archived and data from the third security zone to decrypt, the fourth security zone providing a highest level of security as compared to the other security zones.
- View Dependent Claims (13, 14, 15, 16)
- - 13. An article as in claim 12, wherein the operations further comprise:
    - automatically deleting the message on the mobile communications device immediately upon the recipient finishing viewing the message, the automatically deleting comprising repeatedly overwriting the message and deleting the corresponding overwrites.
  - 14. An article as in claim 12, wherein the second mobile communications device encrypts the message using a key for the recipient, the key being stored on the second mobile communications device.
  - 15. An article as in claim 14, wherein the remote server encrypts the message using a key for the recipient, the message being retrieved using a Secure Sockets Layer protocol.
  - 16. An article as in claim 12, wherein the plurality of security zones are configured to comply with one or more of HIPAA and PCI-DSS Level 1 protocols.

17. A system comprising:
- at least one data processor;
  
  memory storing instructions which, when executed by the at least one data processor, causes the at least one data processor to perform operations comprising;
  
  generating a message for delivery to a mobile communications device;
  
  encrypting the message and storing the message on a remote server;
  
  providing a notification to the mobile communications device via an unsecure notification modality, the notification indicating the availability of the encrypted message on the remote server and comprising a file location identifier;
  
  receiving user-generated input on the mobile communications device from a recipient selecting the file location identifier;
  
  retrieving, by the mobile communications device, the encrypted message using the file location identifier from the remote server; and
  
  decrypting and rendering the message on the mobile communications device;
  
  wherein the message is generated on a second mobile communications device by a sender, the second mobile communications device automatically deleting the message after it has been passed through the plurality of security zones stored on the remote server;
  
  wherein data used to generate and retrieve the message passes through each of a plurality of security zones that facilitate the performance of separate duties comprising;
  
  an outermost security zone providing unsecured data exchange, a first security zone in which application workers validate sender credentials and message format, a second security zone that receives data validated in the first zone, the validated data being archived or sent to the mobile communications device, a third security zone that receives data from the second security zone to be sent to the mobile communications device, such data being encrypted in the third security zone, and a fourth security zone that receives data from the second security zone that is to be archived and data from the third security zone to decrypt, the fourth security zone providing a highest level of security as compared to the other security zones.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
mPulse Mobile, Inc.
Original Assignee
mPulse Mobile, Inc.
Inventors
Reitzen, Jared, Amin, Ojas, Ramon, Edgardo, Rossler, Earl
Primary Examiner(s)
Wang, Harris C

Application Number

US13/399,792
Time in Patent Office

1,411 Days
Field of Search

713/170
US Class Current

1/1
CPC Class Codes

H04L 63/0464   using hop-by-hop encryption...

H04L 63/105   Multiple levels of security

H04W 12/08   Access security

Mobile application secure data exchange

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Mobile application secure data exchange

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others