System and method for enhanced data protection
First Claim
1. A method comprising, by an authentication server:
- receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from a sender computer system, wherein the recipient header comprises metadata and recipient authentication information;
causing the metadata of the recipient header to be correlated to a particular authentication header of a plurality of stored authentication headers;
wherein the particular authentication header comprises;
an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and
an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication server;
decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server;
decrypting the encrypted data subportion via the decrypted encrypted third symmetric key;
authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion;
responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and
transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method of secure network transmission is performed by a computer system. The method includes encrypting a payload via a first symmetric key and encrypting the first symmetric key via a second symmetric key. The method further includes encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient. The method also includes encrypting the third symmetric key via a public asymmetric key associated with an authentication server. Furthermore, the method includes transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication. In addition, the method includes transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.
-
Citations
18 Claims
-
1. A method comprising, by an authentication server:
-
receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from a sender computer system, wherein the recipient header comprises metadata and recipient authentication information; causing the metadata of the recipient header to be correlated to a particular authentication header of a plurality of stored authentication headers; wherein the particular authentication header comprises; an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication server; decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server; decrypting the encrypted data subportion via the decrypted encrypted third symmetric key; authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion; responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system. - View Dependent Claims (2, 3, 4, 5, 6, 10)
-
-
7. An authentication system comprising a processor and memory, wherein the processor and memory in combination are operable to perform a method comprising:
-
receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from a sender computer system, wherein the recipient header comprises metadata and recipient authentication information; causing the metadata of the recipient header to be correlated to a particular authentication header of a plurality of stored authentication headers; wherein the particular authentication header comprises; an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication system; decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication system; decrypting the encrypted data subportion via the decrypted encrypted third symmetric key; authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion; responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system. - View Dependent Claims (8, 9, 11, 12)
-
-
13. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
-
receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from a sender computer system, wherein the recipient header comprises metadata and recipient authentication information; causing the metadata of the recipient header to be correlated to a particular authentication header of a plurality of stored authentication headers; wherein the particular authentication header comprises; an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with an authentication server; decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server; decrypting the encrypted data subportion via the decrypted encrypted third symmetric key; authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion; responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification