Apparatus and method for secure file transfer

US 9,397,984 B1
Filed: 06/25/2015
Issued: 07/19/2016
Est. Priority Date: 06/25/2015
Status: Expired due to Fees

First Claim

Patent Images

1. A method of secure file transfer comprising:

determining a desired recipient;

retrieving a public key associated with a recipient;

isolating a metadata record for a file from a content record for the file;

encrypting the metadata record for the file using the public key associated with the desired recipient;

encrypting the content record for the file using the public key associated with the recipient;

uploading the encrypted metadata record for the file to a first server from a transfer device;

uploading the encrypted content record for the file to at least one of the first server or a second server from a transfer device;

downloading the encrypted metadata record for a file on a recipient device;

decrypting the encrypted metadata record for a file using a private key associated with the recipient;

retrieving the encrypted content record for the file from the first server using the decrypted metadata record; and

decrypting the encrypted content record for the file using the private key associated with the recipient,wherein the first server and the second server have no access to the recipient private key, the decrypted metadata record, and the decrypted content record.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for secure file transfer may be provided. In an exemplary embodiment, a file may include a content record and a metadata record. The content record and metadata record may each be encrypted. The encrypted content record and encrypted metadata record may each be uploaded to at least one server. The metadata record may be decrypted and the content record may subsequently be called from the at least one server and decrypted, resulting in a recreation of the original file. The server may have zero knowledge of the file records.

19 Citations

View as Search Results

17 Claims

1. A method of secure file transfer comprising:
- determining a desired recipient;
  
  retrieving a public key associated with a recipient;
  
  isolating a metadata record for a file from a content record for the file;
  
  encrypting the metadata record for the file using the public key associated with the desired recipient;
  
  encrypting the content record for the file using the public key associated with the recipient;
  
  uploading the encrypted metadata record for the file to a first server from a transfer device;
  
  uploading the encrypted content record for the file to at least one of the first server or a second server from a transfer device;
  
  downloading the encrypted metadata record for a file on a recipient device;
  
  decrypting the encrypted metadata record for a file using a private key associated with the recipient;
  
  retrieving the encrypted content record for the file from the first server using the decrypted metadata record; and
  
  decrypting the encrypted content record for the file using the private key associated with the recipient,wherein the first server and the second server have no access to the recipient private key, the decrypted metadata record, and the decrypted content record.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, the encrypting of the content record for the file further comprising encrypting the content record resulting in a ciphertext record using a file-key and encrypting the file-key using the public key.
  - 3. The method of claim 1, the encrypting of the metadata record for the file further comprising encrypting the metadata record resulting in a ciphertext metadata record using a DB-key to secure and identify the ciphertext metadata record and encrypting the DB-key associated with the encrypted metadata record using the public key.
  - 4. The method of claim 1, wherein the encrypted metadata record is uploaded to the first server using a distributed version control system.
  - 5. The method of claim 4, wherein the encrypted metadata record is downloaded from the first server using a distributed version control system.
  - 6. The method of claim 1, the decrypting of the metadata record further comprising using the private key to decrypt the DB-key and using the decrypted DB-key to decrypt the metadata ciphertext resulting in a recreated metadata record.
  - 7. The method of claim 1, the decrypting of the content record further comprising using an identifying record from the decrypted metadata record to identify and retrieve the encrypted content record and encrypted file-key, using the private key to decrypt the encrypted file-key, and decrypting the content record using the decrypted file-key.

8. A non-transitory computer readable medium for zero-knowledge file transfer, comprising instructions stored thereon, that when executed on a processor, perform the steps of:
- determining a desired recipient;
  
  retrieving a public key associated with a recipient;
  
  isolating a metadata record for a file from a content record for the file;
  
  encrypting the metadata record for the file using the public key associated with the recipient;
  
  encrypting the content record for the file using the public key associated with the recipient;
  
  uploading the encrypted metadata record for the file to a first server from a transfer device;
  
  uploading the encrypted content record for the file to at least one of the first server or a second server from a transfer device;
  
  downloading the encrypted metadata record for a file on a recipient device;
  
  decrypting the encrypted metadata record for a file using a private key associated with the recipient;
  
  retrieving the encrypted content record for the file from the first server using the decrypted metadata record; and
  
  decrypting the encrypted content record for the file using the private key associated with the recipient,wherein the first server and the second server have no access to the recipient private key, the decrypted metadata record, and the decrypted content record.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable medium of claim 8, the encrypting of the content record for the file further comprising encrypting the content record resulting in a ciphertext record using a file-key and encrypting the file-key associated with the encrypted content record using the public key.
  - 10. The non-transitory computer readable medium of claim 8, the encrypting of the metadata record for the file further comprising encrypting the metadata record resulting in a ciphertext metadata record using a DB-key to secure and identify the ciphertext metadata record and encrypting the DB-key associated with the encrypted metadata record using the public key.
  - 11. The non-transitory computer readable medium of claim 8, the uploading of the encrypted metadata record further comprising packing the record and pushing to a server using a distributed version control system.
  - 12. The non-transitory computer readable medium of claim 8, the downloading of the encrypted metadata record further comprising pulling the packed record from the server and unpacking the record using a distributed version control system.
  - 13. The non-transitory computer readable medium of claim 8, the decrypting of the metadata record further comprising using the private key to decrypt the DB-key and using the decrypted DB-key to decrypt the metadata ciphertext resulting in a recreated metadata record.
  - 14. The non-transitory computer readable medium of claim 8, the decrypting of the content record further comprising using an identifying record from the decrypted metadata record to identify and retrieve the encrypted content record and encrypted file-key, using the private key to decrypt the encrypted file-key, and decrypting the content record using the decrypted file-key.

15. A non-transitory computer readable medium for zero-knowledge mail transfer, comprising instructions stored thereon, that when executed on a processor, perform the steps of:
- encrypting a content record of a mail file using a file-key, resulting in a ciphertext record;
  
  encrypting the file-key using a recipient public key, resulting in an encrypted file-key;
  
  uploading the encrypted file-key and ciphertext record to a server;
  
  encrypting a metadata record of the mail file using a DB-key, resulting in a ciphertext metadata record;
  
  uploading the encrypted metadata record to a server;
  
  encrypting the DB-key with a recipient public key, resulting in an encrypted DB-key;
  
  uploading the encrypted DB-key to the server;
  
  encrypting a mail message record using a recipient public key and storing the mail message record on a mail server;
  
  receiving the mail message record from the mail server;
  
  decrypting the mail message record using a recipient private key;
  
  retrieving an encrypted metadata record and encrypted DB-key;
  
  decrypting the DB-key using the private key;
  
  recreating the metadata record using the DB-key;
  
  retrieving an encrypted mail content record and encrypted file-key;
  
  decrypting the encrypted file-key using the private key;
  
  recreating the mail content record using the file-key,wherein the server and the mail server have no access to the recipient private key, the decrypted metadata record, and the decrypted content record.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer readable medium of claim 15, further comprising digitally signing a mail message record using a sender'"'"'s private key.
  - 17. The non-transitory computer readable medium of claim 16, further comprising verifying a mail message record using a sender'"'"'s public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xuesong Hu
Original Assignee
Xuesong Hu
Inventors
Hu, Xuesong
Primary Examiner(s)
Brown, Christopher

Application Number

US14/750,567
Time in Patent Office

390 Days
Field of Search

726/26, 726/27
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/06   specially adapted for file ...

Apparatus and method for secure file transfer

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for secure file transfer

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links