Secure message forwarding with sender controlled decryption

US 9,602,473 B2
Filed: 09/06/2012
Issued: 03/21/2017
Est. Priority Date: 09/06/2012
Status: Active Grant

First Claim

Patent Images

1. A method of storing and facilitating secure transmission of data comprising:

receiving, by a processor of a service provider system, data encrypted by a sender system, wherein the service provider lacks the capability of decrypting the data as encrypted by the sender system;

storing, by the service provider system, the data as encrypted by the sender system;

receiving, by the service provider system, a request for the data, the request for the data received from a recipient system and independently of the sender system;

receiving, by the service provider system, authentication data, the authentication data received from the recipient system;

transmitting, by the service provider system, the authentication data, the authentication data transmitted to the sender system;

receiving, by the service provider system, an indication that the authentication data is valid, the indication received from the sender system;

as a result of receiving the indication that the authentication data is valid, determining the recipient system is authorized to receive the data; and

as a result of determining the recipient system is authorized to receive the data, transmitting the data as encrypted by the sender system, the data transmitted from the service provider system to the sender system configured to decrypt and transmit the data to the recipient system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses, and computer program products are provided for facilitating the secure transmission and storage of data. In this regard, a method is provided that comprises causing data encrypted by a sender system to be received at a service provider system; causing the data as encrypted by the sender system to be stored at the service provider system; receiving a request for the data from a recipient system; determining the recipient system is authorized to receive the data; and causing the data as encrypted to be transmitted to the sender system.

15 Citations

View as Search Results

55 Claims

1. A method of storing and facilitating secure transmission of data comprising:
- receiving, by a processor of a service provider system, data encrypted by a sender system, wherein the service provider lacks the capability of decrypting the data as encrypted by the sender system;
  
  storing, by the service provider system, the data as encrypted by the sender system;
  
  receiving, by the service provider system, a request for the data, the request for the data received from a recipient system and independently of the sender system;
  
  receiving, by the service provider system, authentication data, the authentication data received from the recipient system;
  
  transmitting, by the service provider system, the authentication data, the authentication data transmitted to the sender system;
  
  receiving, by the service provider system, an indication that the authentication data is valid, the indication received from the sender system;
  
  as a result of receiving the indication that the authentication data is valid, determining the recipient system is authorized to receive the data; and
  
  as a result of determining the recipient system is authorized to receive the data, transmitting the data as encrypted by the sender system, the data transmitted from the service provider system to the sender system configured to decrypt and transmit the data to the recipient system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, further comprising providing a public key to the sender system prior to receiving the data as encrypted.
  - 3. The method according to claim 1, further comprising encrypting the data a second time, by the service provider system, after receiving the data as encrypted from the sender system and prior to storing the data.
  - 4. The method according to claim 3, wherein the data is encrypted with at least two layers of encryption and, prior to transmitting the data as encrypted, decrypting one of the at least two layers of encryption.
  - 5. The method according to claim 4, wherein a first of the at least two layers of encryption includes using a first public key associated with the sender system and a second of the at least two layers of encryption includes using an encryption key associated with the service provider system.
  - 6. The method according to claim 1, wherein determining the recipient system is authorized to receive the data further comprises using single sign-on authentication.
  - 7. The method according to claim 1, wherein the data represents a body of an email message.
  - 8. The method according to claim 1, wherein the data encrypted by the sender system comprises data from the recipient system received by the sender system.

9. A computer program product comprising a non-transitory computer readable storage medium and computer program instructions stored therein, the computer program instructions comprising program instructions that, when executed by a processor of a service provider system, are configured to cause the service provider system to at least:
- receive, by the processor of the service provider system, data encrypted by a sender system, wherein the service provider lacks the capability of decrypting the data as encrypted by the sender system;
  
  store, by the service provider system, the data as encrypted by the sender system;
  
  receive, by the service provider system, a request for the data, the request for the data received from a recipient system and independently of the sender system;
  
  receive, by the service provider system, authentication data, the authentication data received from the recipient system;
  
  transmit, by the service provider system, the authentication data, the authentication data transmitted to the sender system;
  
  receive, by the service provider system, an indication that the authentication data is valid, the indication received from the sender system;
  
  as a result of receiving the indication that the authentication data is valid, determine the recipient system is authorized to receive the data; and
  
  as a result of determining the recipient system is authorized to receive the data, transmit the data as encrypted by the sender system, the data transmitted from the service provider system to the sender system configured to decrypt and transmit the data to the recipient system.

10. A method of secure transmission of data between a sender system and a recipient system comprising:
- encrypting data by a processor of a sender system;
  
  transmitting, by the sender system, the data as encrypted, the data as encrypted transmitted to a service provider system that lacks the capability of decrypting the data as encrypted by the sender system, wherein the service provider system is distinct from the sender system;
  
  receiving, by the sender system, authentication data generated by a recipient system and received from the service provider system;
  
  determining, by the sender system, that the authentication data is valid;
  
  transmitting, by the sender system, an indication that the authentication is valid, the indication transmitted to the service provider system;
  
  in response to transmitting the indication that the authentication data is valid, receiving, by the sender system, the data as encrypted by the sender system and received from the service provider system;
  
  decrypting, by the sender system, the data; and
  
  transmitting, by the sender system, the data as decrypted to the recipient system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method according to claim 10, further comprising receiving the data as encrypted from the service provider system as a result of the sender system receiving a request for the decrypted data from a recipient and requesting the data as encrypted from the service provider system.
  - 12. The method according to claim 10, wherein the authentication data comprises single-sign authentication.
  - 13. The method according to claim 10, wherein encrypting the data by the sender system, includes encrypting the data once using a first public key and encrypting the data again using a second public key that is different than the first public key.
  - 14. The method according to claim 13, wherein receiving the data as encrypted from the service provider system, comprises receiving the data as encrypted by the first public key and decrypted by a private key associated with the second public key.
  - 15. The method according to claim 13, wherein decrypting the data comprises using a private key associated with the first public key.
  - 16. The method according to claim 10, wherein transmitting the data as decrypted comprises transmitting the data over a network using a secure protocol established between the sender system and recipient system.
  - 17. The method according to claim 16, further comprising generating a body of an email message based on the data.
  - 18. The method according to claim 10, wherein the data encrypted by the sender system comprises data from a recipient system received by the sender system.
  - 19. The method according to claim 10, wherein transmitting the data as decrypted occurs within an iFrame.

20. A computer program product comprising a non-transitory computer readable storage medium and computer program instructions stored therein, the computer program instructions comprising program instructions that, when executed by a processor of a sender system, are configured to cause the sender system to at least:
- encrypt data by the processor of the sender system;
  
  transmit, by the sender system, the data as encrypted, the data as encrypted transmitted to a service provider system that lacks the capability of decrypting the data as encrypted by the sender system, wherein the service provider system is distinct from the sender system;
  
  receive, by the sender system, authentication data generated by a recipient system and received from the service provider system;
  
  determine, by the sender system, that the authentication data is valid;
  
  transmit, by the sender system, an indication that the authentication is valid, the indication transmitted to the service provider system;
  
  in response to transmitting the indication that the authentication data is valid, receive, by the sender system, the data as encrypted by the sender system and received from the service provider system;
  
  decrypt, by the sender system, the data; and
  
  transmit, by the sender system, the data as decrypted to the recipient system.

21. A method of receiving data from a sender system at a recipient system comprising:
- receiving, by a recipient system, a user input associated with retrieving data from a service provider system, wherein the service provider system stores the data that has been encrypted by a sender system, the service provider system lacks the capability of decrypting the data as encrypted by the sender system, and the service provider system is distinct from the sender system;
  
  providing, by a processor of the recipient system, authentication data, the authentication data provided to the service provider system, wherein the service provider system is operable to transmit the authentication data to the sender system, receive an indication that the authentication data is valid from the sender system, and as a result of receiving the indication that the authentication data is valid, transmit the data as encrypted to the sender system; and
  
  receiving, by the recipient system, the data, wherein the data is received from the sender system and the data has been decrypted by the sender system in response to the sender system having received the data as encrypted from the service provider system.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The method according to claim 21, further comprising rendering a display based on the data as decrypted using a web browser.
  - 23. The method according to claim 21, wherein receiving the data as decrypted from the sender system is performed using a secure protocol over a network.
  - 24. The method according to claim 21, the data as decrypted is received within an iFrame.
  - 25. The method according to claim 21, wherein the data represents a body of an email message.
  - 26. The method according to claim 21, wherein recipient system comprises a mobile device communicating through a cellular network.
  - 27. The method according to claim 21, further comprising:
    - receiving, by a recipient system, a user input associated with creating response data in response to the data received from a sender system; and
      
      transmitting the response data to the sender system.
  - 28. The method according to claim 21, wherein the authentication data comprises single sign-on authentication.

29. A computer program product comprising a non-transitory computer readable storage medium and computer program instructions stored therein, the computer program instructions comprising program instructions that, when executed by a processor of a recipient system, are configured to cause the recipient system to at least:
- receive, by the recipient system, a user input associated with retrieving data from a service provider system, wherein the service provider system stores the data that has been encrypted by a sender system, the service provider system lacks the capability of decrypting the data as encrypted by the sender system, and the service provider system is distinct from the sender system;
  
  provide, by the processor of the recipient system, authentication data, the authentication data provided to the service provider system, wherein the service provider system is operable to transmit the authentication data to the sender system, receive an indication that the authentication data is valid from the sender system, and as a result of receiving the indication that the authentication data is valid, transmit the data as encrypted to the sender system; and
  
  receive, by the recipient system, the data, wherein the data is received from the sender system and the data has been decrypted by the sender system in response to the sender system having received the data as encrypted from the service provider system.

30. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  receive, by a processor of a service provider system, data encrypted by a sender system, wherein the service provider system lacks the capability of decrypting the data as encrypted by the sender system;
  
  store, by the service provider system, the data as encrypted by the sender system;
  
  receive, by the service provider system, a request for the data, the request for the data received from a recipient system and independently of the sender system;
  
  receive, by the service provider system, authentication data, the authentication data received from the recipient system;
  
  transmit, by the service provider system, the authentication data, the authentication data transmitted to the sender system;
  
  receive, by the service provider system, an indication that the authentication data is valid, the indication received from the sender system;
  
  as a result of receiving the indication that the authentication data is valid, determine the recipient system is authorized to receive the data; and
  
  as a result of determining the recipient system is authorized to receive the data, transmit the data as encrypted by the sender system, the data transmitted from the service provider system to the sender system configured to decrypt and transmit the data to the recipient system.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
- - 31. The apparatus according to claim 30, further comprising the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least provide a public key to the sender system prior to receiving the data as encrypted.
  - 32. The apparatus according to claim 30, further comprising the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least encrypt the data a second time after receiving the data as encrypted from the sender system and prior to storing the data.
  - 33. The apparatus according to claim 32, wherein the data is encrypted with at least two layers of encryption and, prior to transmitting the data as encrypted, decrypting one of the at least two layers of encryption.
  - 34. The apparatus according to claim 33, wherein a first of the at least two layers of encryption includes using a first public key associated with the sender system and a second of the at least two layers of encryption includes using an encryption key associated with the service provider system.
  - 35. The apparatus according to claim 33, wherein determining the recipient system is authorized to receive the data further comprises using single sign-on authentication.
  - 36. The apparatus according to claim 30, wherein the data represents a body of an email message.
  - 37. The apparatus according to claim 30, wherein the data encrypted by the sender system comprises data from the recipient system received by the sender system.

38. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  encrypt data by a sender system;
  
  transmit, by the sender system, the data as encrypted, the data as encrypted transmitted to a service provider system that lacks the capability of decrypting the data as encrypted by the sender system, wherein the service provider system is distinct from the sender system;
  
  receive, by the sender system, authentication data generated by a recipient system and received from the service provider system;
  
  determine, by the sender system, that the authentication data is valid;
  
  transmit, by the sender system, an indication that the authentication is valid, the indication transmitted to the service provider system;
  
  in response to transmitting the indication that the authentication data is valid, receive, by the sender system, the data as encrypted by the sender system and received from the service provider system;
  
  decrypt, by the sender system, the data; and
  
  transmit, by the sender system, the data as decrypted to a recipient system.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 39. The apparatus according to claim 38, further comprising the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least receive the data as encrypted from the service provider system as a result of the sender system receiving a request for the decrypted data from a recipient and requesting the data as encrypted from the service provider system.
  - 40. The apparatus according to claim 38, wherein the authentication data comprises single-sign authentication.
  - 41. The apparatus according to claim 38, wherein encrypting the data by the sender system, includes encrypting the data once using a first public key and encrypting the data again using a second public key that is different than the first public key.
  - 42. The apparatus according to claim 41, wherein receiving the data as encrypted from the service provider system, comprises receiving the data as encrypted by the first public key and decrypted by a private key associated with the second public key.
  - 43. The apparatus according to claim 41, wherein decrypting the data comprises using a private key associated with the first public key.
  - 44. The apparatus according to claim 38, wherein transmitting the data as decrypted comprises transmitting the data over a network using a secure protocol established between the sender system and recipient system.
  - 45. The apparatus according to claim 44, further comprising the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least generate a body of an email message based on the data.
  - 46. The apparatus according to claim 38, wherein the data encrypted by the sender system comprises data from a recipient system received by the sender system.
  - 47. The apparatus according to claim 38, wherein transmitting the data as decrypted occurs within an iFrame.

48. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  receive, by a recipient system, a user input associated with retrieving data from a service provider system, wherein the service provider system stores the data that has been encrypted by a sender system, the service provider system lacks the capability of decrypting the data as encrypted by the sender system, and the service provider system is distinct from the sender system;
  
  provide authentication data, the authentication data provided to the service provider system, wherein the service provider system is operable to transmit the authentication data to the sender system, receive an indication that the authentication data is valid from the sender system, and as a result of receiving the indication that the authentication data is valid, transmit the data as encrypted to the sender system; and
  
  receive, by the recipient system, the data, wherein the data is received from the sender system and the data has been decrypted by the sender system in response to the sender system having received the data as encrypted from the service provider system.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55)
- - 49. The apparatus according to claim 48, further comprising rendering a display based on the data as decrypted using a web browser.
  - 50. The apparatus according to claim 48, wherein receiving the data as decrypted from the sender system is performed using a secure protocol over a network.
  - 51. The apparatus according to claim 48, the data as decrypted is received within an iFrame.
  - 52. The apparatus according to claim 48, wherein the data represents a body of an email message.
  - 53. The apparatus according to claim 48, wherein recipient system comprises a mobile device communicating through a cellular network.
  - 54. The apparatus according to claim 48, further comprising:
    - receiving, by a recipient system, a user input associated with creating response data in response to the data received from a sender system; and
      
      transmitting the response data to the sender system.
  - 55. The apparatus according to claim 48, wherein the authentication data comprises single sign-on authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Original Assignee
ZixCorp Systems, Inc. (Open Text Corporation)
Inventors
Robertson, David Joseph, Kalan, John French, DeMichele, Mark Stephen, Joyner, Bryan Adam, Rego, Charles Anthony, Shields, Dorwin Thomas Jr., Spring, Caleb Rhoads
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
PHAM, QUY C

Application Number

US13/605,061
Publication Number

US 20140068262A1
Time in Patent Office

1,657 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0815   providing single-sign-on or...

H04L 63/101   Access control lists [ACL]

Secure message forwarding with sender controlled decryption

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

55 Claims

Specification

Solutions

Use Cases

Quick Links

Secure message forwarding with sender controlled decryption

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

55 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links