SYSTEM AND METHOD FOR ENHANCED DATA PROTECTION

US 20180295108A1
Filed: 04/06/2018
Published: 10/11/2018
Est. Priority Date: 04/24/2015
Status: Active Grant

First Claim

Patent Images

1. A method of secure network transmission comprising, by a computer system:

encrypting a payload via a first symmetric key;

encrypting the first symmetric key via a second symmetric key;

encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient;

encrypting the third symmetric key via a public asymmetric key associated with an authentication server;

transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication; and

transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method of secure network transmission is performed by a computer system. The method includes encrypting a payload via a first symmetric key and encrypting the first symmetric key via a second symmetric key. The method further includes encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient. The method also includes encrypting the third symmetric key via a public asymmetric key associated with an authentication server. Furthermore, the method includes transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication. In addition, the method includes transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.

Citations

18 Claims

1. A method of secure network transmission comprising, by a computer system:
- encrypting a payload via a first symmetric key;
  
  encrypting the first symmetric key via a second symmetric key;
  
  encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient;
  
  encrypting the third symmetric key via a public asymmetric key associated with an authentication server;
  
  transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication; and
  
  transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, comprising generating the first symmetric key, the second symmetric key and the third symmetric key.
  - 3. The method of claim 2, wherein the first symmetric key, the second symmetric key and the third symmetric key are generated together.
  - 4. The method of claim 2, wherein the first symmetric key, the second symmetric key and the third symmetric key are individually generated when a respective symmetric key is used for encryption of particular data.
  - 5. The method of claim 1, comprising:
    - generating an authentication header comprising the encrypted author header and the encrypted third symmetric key; and
      
      wherein the transmitting the encrypted author header and the encrypted third symmetric key comprises transmitting the authentication header to the authentication server.
  - 6. The method of claim 5, wherein the authentication header comprises metadata sufficient to identify the authentication header.
  - 7. The method of claim 1, comprising:
    - generating a container comprising the encrypted payload and the second symmetric key; and
      
      wherein the transmitting the encrypted payload and the second symmetric key comprises transmitting the container to the at least one recipient.
  - 8. The method of claim 1, wherein the payload and the recipient list are user-specified.
  - 9. The method of claim 1, comprising automatically generating the payload and the recipient list.

10. A method comprising, by a computer system:
- receiving a transmission comprising;
  
  an encrypted payload, wherein the encrypted payload has been encrypted via a first symmetric key; and
  
  a second symmetric key;
  
  generating a recipient header comprising metadata related to the encrypted payload;
  
  transmitting the recipient header to an authentication server so as to initiate pre-access authentication;
  
  responsive to the transmitting, receiving an encrypted package from the authentication server, wherein the encrypted package has been encrypted via a public asymmetric key associated with the recipient, the encrypted package comprising an encrypted subportion that has been encrypted via the second symmetric key, the encrypted subportion comprising the first symmetric key;
  
  decrypting the encrypted package via a private asymmetric key associated with the computer system;
  
  decrypting the first symmetric key from the encrypted subportion of the decrypted encrypted package via the second symmetric key; and
  
  decrypting the encrypted payload via the decrypted first symmetric key.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein the received transmission comprises at least a portion of the metadata related to the encrypted payload.
  - 12. The method of claim 10, wherein the recipient header comprises user credentials associated with the computer system.
  - 13. The method of claim 10, wherein the recipient header comprises the public asymmetric key associated with the computer system.
  - 14. The method of claim 10, wherein the received transmission comprises a container that encapsulates the encrypted payload and the second symmetric key.
  - 15. The method of claim 10, wherein receipt of the encrypted package is indicative of successful authentication by the authentication server.

16. A method comprising, by an authentication server:
- receiving, from a recipient computer system, a recipient header in relation to an encrypted payload received by the recipient computer system from a sender computer system, wherein the recipient header comprises metadata and recipient authentication information;
  
  causing the metadata of the recipient header to be correlated to a particular authentication header of a plurality of stored authentication headers;
  
  wherein the particular authentication header comprises;
  
  an encrypted data subportion that includes an authorized recipient list and an encrypted first symmetric key, wherein the encrypted first symmetric key is encrypted via a second symmetric key; and
  
  an encrypted third symmetric key, wherein the encrypted data subportion is encrypted via the encrypted third symmetric key, wherein the encrypted third symmetric key is encrypted via a public key associated with the authentication server;
  
  decrypting the encrypted third symmetric key via a private asymmetric key associated with the authentication server;
  
  decrypting the encrypted data subportion via the decrypted encrypted third symmetric key;
  
  authenticating the recipient computer system as an authorized recipient of the encrypted payload based, at least in part, on a determined match between the recipient authentication information and the authorized recipient list of the decrypted encrypted data subportion;
  
  responsive to the authenticating, encrypting the encrypted first symmetric key via a public asymmetric key associated with the recipient computer system to yield a doubly-encrypted first symmetric key; and
  
  transmitting the doubly-encrypted first symmetric key to the recipient computer system so that the encrypted payload can be decrypted by the recipient computer system.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the plurality of stored authentication headers are maintained in a data store that is physically separate from the authentication server.
  - 18. The method of claim 16, wherein the plurality of stored authentication headers are maintained in a data store resident on the authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Keyavi Data Corp.
Original Assignee
Encryptics, LLC
Inventors
Pollet, Cody, Burgess, Charles, Roach, Courtney, Hart, Brandon

Granted Patent

US 10,298,554 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

SYSTEM AND METHOD FOR ENHANCED DATA PROTECTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR ENHANCED DATA PROTECTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links