System and method for enhanced data protection

US 10,812,456 B2
Filed: 10/31/2019
Issued: 10/20/2020
Est. Priority Date: 04/24/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising, by an authentication server:

receiving, from a sender computer system, an authentication header in relation to a network transmission initiated by the sender computer system, wherein the authentication header comprises;

an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and

an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication server;

causing the received authentication header to be stored among a plurality of authentication headers in anticipation of recipient-initiated pre-access authentication;

receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from the sender computer system, wherein the recipient header comprises metadata and recipient authentication information;

causing the metadata of the recipient header to be correlated to the authentication header;

decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server;

decrypting the encrypted data subportion via the decrypted encrypted third symmetric key; and

authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method of secure network transmission is performed by a computer system. The method includes encrypting a payload via a first symmetric key and encrypting the first symmetric key via a second symmetric key. The method further includes encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient. The method also includes encrypting the third symmetric key via a public asymmetric key associated with an authentication server. Furthermore, the method includes transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication. In addition, the method includes transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.

126 Citations

17 Claims

1. A method comprising, by an authentication server:
- receiving, from a sender computer system, an authentication header in relation to a network transmission initiated by the sender computer system, wherein the authentication header comprises;
  
  an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and
  
  an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication server;
  
  causing the received authentication header to be stored among a plurality of authentication headers in anticipation of recipient-initiated pre-access authentication;
  
  receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from the sender computer system, wherein the recipient header comprises metadata and recipient authentication information;
  
  causing the metadata of the recipient header to be correlated to the authentication header;
  
  decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server;
  
  decrypting the encrypted data subportion via the decrypted encrypted third symmetric key; and
  
  authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, comprising:
    - responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and
      
      transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system.
  - 3. The method of claim 2, wherein the recipient header comprises the public asymmetric key associated with the recipient computer system.
  - 4. The method of claim 1, wherein the recipient header comprises credentials associated with a user of the recipient computer system.
  - 5. The method of claim 1, wherein the plurality of authentication headers are stored in a data store that is physically separate from the authentication server.
  - 6. The method of claim 1, wherein the plurality of authentication headers are maintained in a data store resident on the authentication server.
  - 7. The method of claim 1, wherein the authentication header comprises metadata sufficient to identify the authentication header.

8. An authentication system comprising a processor and memory, wherein the processor and the memory in combination are operable to perform a method comprising:
- receiving, from a sender computer system, an authentication header in relation to a network transmission initiated by the sender computer system, wherein the authentication header comprises;
  
  an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and
  
  an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication system;
  
  causing the received authentication header to be stored among a plurality of authentication headers in anticipation of recipient-initiated pre-access authentication;
  
  receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from the sender computer system, wherein the recipient header comprises metadata and recipient authentication information;
  
  causing the metadata of the recipient header to be correlated to the authentication header;
  
  decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication system;
  
  decrypting the encrypted data subportion via the decrypted encrypted third symmetric key; and
  
  authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The authentication system of claim 8, the method comprising:
    - responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and
      
      transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system.
  - 10. The authentication system of claim 9, wherein the recipient header comprises the public asymmetric key associated with the recipient computer system.
  - 11. The authentication system of claim 8, wherein the recipient header comprises credentials associated with a user of the recipient computer system.
  - 12. The authentication system of claim 8, wherein the plurality of authentication headers are stored in a data store that is physically separate from the authentication system.
  - 13. The authentication system of claim 8, wherein the plurality of authenticate headers are maintained in a data store resident on the authentication system.
  - 14. The authentication system of claim 8, wherein the authentication header comprises metadata sufficient to identify the authentication header.

15. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
- receiving, from a sender computer system, an authentication header in relation to a network transmission initiated by the sender computer system, wherein the authentication header comprises;
  
  an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and
  
  an encrypted third symmetric key that is distinct from the encrypted first symmetric key and the second symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with an authentication server;
  
  causing the received authentication header to be stored among a plurality of authentication headers in anticipation of recipient-initiated pre-access authentication;
  
  receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from the sender computer system, wherein the recipient header comprises metadata and recipient authentication information;
  
  causing the metadata of the recipient header to be correlated to the authentication header;
  
  decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server;
  
  decrypting the encrypted data subportion via the decrypted encrypted third symmetric key; and
  
  authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion.
- View Dependent Claims (16, 17)
- - 16. The computer-program product of claim 15, the method comprising:
    - responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and
      
      transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system.
  - 17. The computer-program product of claim 16, wherein the recipient header comprises the public asymmetric key associated with the recipient computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keyavi Data Corp.
Original Assignee
Keyavi Data Corp.
Inventors
Pollet, Cody, Burgess, Charles, Roach, Courtney, Hart, Brandon
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US16/670,245
Publication Number

US 20200067892A1
Time in Patent Office

355 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

System and method for enhanced data protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

126 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enhanced data protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links