US20010042124A1 - Web-based method, apparatus, and system for secure data storage - Google Patents
Web-based method, apparatus, and system for secure data storage Download PDFInfo
- Publication number
- US20010042124A1 US20010042124A1 US09/771,215 US77121501A US2001042124A1 US 20010042124 A1 US20010042124 A1 US 20010042124A1 US 77121501 A US77121501 A US 77121501A US 2001042124 A1 US2001042124 A1 US 2001042124A1
- Authority
- US
- United States
- Prior art keywords
- data packet
- encrypted data
- encryption
- server
- archive server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99933—Query processing, i.e. searching
- Y10S707/99935—Query augmenting and refining, e.g. inexact access
Definitions
- This invention relates generally to the field of secure electronic data storage, and more specifically to a web-based, password controlled software system for encryption and decryption of data for secure data transmission and storage.
- a computer network is basically a collection of computers that are physically and logically connected together to exchange data or “information.”
- the network may be local area network (LAN), in which computers are geographically close together and connected by short segments of ethernet or to the same network hub, or wide area network (WAN), in which computers are separated by a considerable distance and are connected by telephone lines or radio waves.
- networks are configured as “client/server” networks, such that each computer on the network is either a “client” or a “server.”
- Servers are computers or processes dedicated to managing shared resources, such as storage of electronic data. Any computer that performs a task at the command of another computer is a server.
- An internetwork is a network of computer networks, of which the Internet is commonly acknowledged as the largest.
- the Internet is based on standard protocols that allow computers to communicate with each other even if using different software vendors, thus allowing anyone with a computer easy accessability to everything else connected to the Internet world wide. As a result of this global access, it is becoming increasingly useful for businesses and individuals to transmit information via networks and internetworks from one site to another.
- the interconnected computers exchange information using various services, for example, the World Wide Web (WWW)and electronic mail.
- WWW World Wide Web
- the HTML documents and other files related to a web generally reside on a web computer known as a web server.
- web servers vary greatly in processing speed and memory, they are essentially generic computers with a CPU, co-processors and memory. The different types of computers which can act as a server are well-known to those in the computer field.
- the WWW is an application which allows users seeking information on the Internet to switch from server to server.
- the WWW service allows a server computer system (Web server or Web site) to send graphical Web pages of information to a remote client computer system.
- a program known as a web browser running on a client computer allows the client computer to communicate with the WWW.
- the remote client computer system can then display the Web pages.
- a common method for preventing intrusion is allow only a secure single attachment point to the Internet.
- This method of defense is commonly referred to as a “fire wall.”
- the single point of attachment allows the passage of only certain types traffic. This procedure can provide a relatively high level of security for a single user, however, maintain this security level becomes difficult as the number of users requiring Internet access increases.
- Encryption algorithms transform written words and other kinds of messages so that they are unintelligible to unauthorized recipients. An authorized recipient can then transform the words or messages back into a message that is perfectly understandable.
- encryption algorithms there are two basic kinds of encryption algorithms (1) symmetric key algorithms and (2) public key algorithms.
- Symmetric (or private) key algorithms use the same key to encrypt and decrypt the message. Generally, they are faster and easier to implement than public keys. However, for two parties to securely exchange information, those parties must first securely exchange an encryption key. Examples of symmetric key algorithms include DES, DESX, Triple-DES, Blowfish, IDEA, RC2, RC4, and RC5.
- Public key algorithms use one key (public key) to encrypt the message and another key (private key) to encrypt it.
- the public key is made public and is used by the sender to encrypt a message sent to the owner of the public key then the message can only be decrypted by the person with the private key.
- public keys are very slow, require authentication, and do not work well with large files.
- a third type of system is a hybrid of the public and private systems.
- the slower public key cryptography is used to exchange a random session key, which is then used as the basis of a symmetric (private) key algorithm.
- the session key is used only for a single encryption session and is then discarded. Nearly all practical public key cryptography implementations in use today are actually hybrid systems.
- message digest functions are used in conjunction with public key cryptography.
- a message digest function generates a unique pattern of bits for a given input.
- the digest distills the information contained in a file into a single large number, typically 128 and 256 bits in length.
- the digest value is computed in such a way that finding an input that will exactly generate a given digest is computationally infeasible.
- Message digest algorithms are not used for encryption or decryption but for creation of digital signatures, messages authentication codes (MAC), and the creation of encryption keys from passphrases.
- MAC messages authentication codes
- PGP Pretty Good Privacy
- HMAC HMAC
- MD2, MD4, MD5, SHA, and SHA-1 A few digest in use are HMAC, MD2, MD4, MD5, SHA, and SHA-1.
- Working cryptographic systems can be divided into two categories; (1) programs and protocols that are used for encryption of e-mail messages such as PGP and S/MIME and (2) cryptographic systems used for providing confidentiality, authentication, integrity, and nonrepudiation in a network environment. The latter requires real-time interplay between a client and a server to work properly. Examples include Secure Socket Layer (SSL) a general-purpose cryptographic protocol that can be used with any TCP/IP service and PCT a transport layer security protocol for use with TCP/IP service, PCT, S-HTTP, SET, Cybercash, DNSSEC, Ipsec, IPv6, Kerberos, and SSH.
- SSL Secure Socket Layer
- an algorithm attack consists of finding a fundamental flaw or weakness in the mathematical problem on which the encryption system is based. Although not often done, it has been accomplished.
- Message digest functions can be attacked by (1) finding two messages-any two messages-that have the same message digest and (2) given a particular message, find a second message that has the same message digest code.
- the present invention provides a Web-based software system which is designed to administrate access and facilitate virtually impregnable security for the delivery, storage, and sharing of documents and files.
- the invention includes a method of storing secure electronic data on an archive server, which comprises the steps of providing a plurality of client workstations running web browsers programs, accessing the WWW from a client workstation and logging onto a qualified web server, providing account qualifier data to a software application residing on the web server, downloading an encryption applet from the software application, selecting an electronic data file to be encrypted, encrypting the electronic data file and forming an encrypted data packet, storing the encrypted data packet on an archive server; and destroying said encryption applet.
- the invention includes a method of retrieving encrypted electronic data stored on an archive server, comprising the steps of providing at least one encrypted data packet on an archive server, providing at least one client workstation having running a web browser program; accessing the web browser and logging onto a qualified web server; providing account qualifier data to a software application residing on the web server; selecting an encrypted data packet to be retrieved; downloading a decryption applet from the application based on the original encryption algorithm; transferring the decryption applet and the encrypted data packet to the client workstation; and decrypting the encrypted data packet at the client workstation, whereby readable electronic data is available to a user at the client workstation. If the encrypted data packet is compressed, the decryption applet can include a decompression program to decompress the encrypted data packet.
- At least two of the plurality of client workstations can be coupled via a network, such as a LAN or WAN.
- the archive server can be coupled to client workstations, or alternatively, can be accessed from the client workstation via the Internet using SSL protocol.
- the method can also include the step of compressing the encrypted data packet prior to transmission, and the encryption applet can include a compression program to compress the electronic data.
- the software application compiles the encryption applet using an encryption algorithm, and the encryption algorithm is preferably changeable with respect to the software application.
- the method of the invention further includes the steps of providing a plurality of encryption algorithms which can be selected according to the needs of the user, selecting an encryption algorithm; and compiling the encryption applet to use the selected encryption algorithm.
- the method can further includes the step of assigning access permission to said encrypted data packet, wherein the access permission permits selective access to the electronic data files.
- Access permission can be assigned to a user having designated account qualifier data.
- the access permission can also permits hierarchal access to an electronic data file by a group of users.
- the invention includes a system for secure storage of electronic data on an archive server, which comprises a plurality of client workstations having web browsers running thereon. a platform-independent software application residing on an web server, means for qualifying a authorization user of the software application; and a means for encrypting an electronic file at said client workstations.
- the means comprises an encryption applet compiled by the software application which is operable to encrypt the electronic file to create an encrypted data packet.
- the encryption applet is downloaded by a user at one of the client workstations.
- the system further includes a means for transmitting the encrypted data packet to the archive server for secure storage, a means for retrieving said encrypted data packet from said archive server; and means for decrypting the encrypted data packet, which comprises obtaining a decryption applet from said software application.
- the decryption applet compiled by said software application is based on the original encryption algorithm.
- Still another objective of the instant invention to provide a method and apparatus that allows for secure data transportation and storage that encrypts at the 128 bit level, transports and stores data encrypted, and decrypted only to an authorized user.
- a further objective of the instant invention to provide a basic level of security wherein data is transported via an SSL protocol and automatically encrypted. In this mode only authorized user on a network can access data for review or modification.
- Another objective of the instant invention to provide a heightened level of security wherein a private and secondary key or digital file lock can be employed providing a unique secondary data lock.
- a still further object of the instant invention is to provide a web-based security system which permits universal, remote access by client workstations to data residing on an archive server.
- Still another objective of the instant invention to provide a client-side locking device or biometric interface.
- a retinal scanner, finger print scanner, smart card reader or the like can be utilized to send or retrieve information.
- Yet another objective of the instant invention is to provide virtually impregnable security for the delivery, storage, and sharing of documents and files utilizing any compatible network as a secure communications forum.
- FIG. 1 is a block diagram of the steps executed by a software application for encryption and decryption of electronic data for secure data storage according to the instant invention
- FIG. 2 is a block diagram of the account authorization process according to a preferred embodiment of the instant invention.
- FIG. 3 is a block diagram of the encryption and storage of electronic data as represented by step A in FIG. 1;
- FIG. 4 is a block diagram of the retrieval and decryption of electronic data as represented by step B in FIG. 1;
- FIG. 5 is a diagram illustrating a hierarchal access structure for different user groups
- FIG. 6 is a schematic illustration of a first system according to a preferred embodiment of the invention using client workstations coupled via a network;
- FIG. 7 is a schematic illustration of a second system according to a preferred embodiment of the invention using standalone client workstations which are not networked to one another;
- FIG. 8 is a schematic illustration of a third system according to the preferred embodiment of the invention using a standalone personal computer.
- step 101 a user at a client workstation opens a web browser and accesses a qualified web server.
- the data transfer request is initiated in step 103 .
- step 105 account qualifier data is entered by the user, and the account qualifier data is authenticated by the server (shown in detail as steps 200 in FIG. 2). If the data cannot be authenticated, the transfer request is refused in step 109 . If the account qualifier is authenticated, the user at the client workstation can encrypt a file and store it on an archive server 111 , or retrieve the file from the archive server and decrypt the file 113 .
- a preferred method 200 of authenticating account qualifier data is shown in FIG. 2.
- the server 12 provides login account qualifier data requiring either user name and a password 14 or a biometric interface 16 such as a retinal scanner, finger print scanner, smart card reader and the like for the purpose of seeking data-base authentication 18 . If login fails, the user has three attempts 20 before the account is locked 22 and the administrator and the account holder 24 is alerted.
- a transfer request 28 is sent to the control program on the server to open a transfer information page inquiry page.
- an applet is compiled on the server and sent to the client workstation 32 .
- the applet is a temporary file allowing the client to select 34 the data files that are to be transferred.
- the user adds the file(s) to be transferred to an application window 46 . If the user account allows, the client has the option of entering via the keyboard, a secondary security key 36 . It should be noted that even if two separate people encrypted the exact same file with the same key, they will have encrypted two uniquely different sequences. If one attempts to “crack” the application sequence, they would not be able to decrypt it because each applet is embedded with a unique encryption sequence.
- the encryption sequence generated is added to the applet template, and the data is encrypted and an encrypted data packet is compiled 38 .
- the encrypted data packet is then transferred to the archive server 40 .
- a notification 42 can be sent to an intended recipient of the file.
- the applet breaks the code of the files down into its binary form during execution. It reads the binary data and then rewrites the data to the temporary file that was previously created.
- the running program changes the entire code sequence of the client file to a randomly generated sequence specified by the particular and customized applet.
- the sequence is also designed to replace every other matching bit of binary code with a unique string.
- an “a”, for example will never be represented twice in the same file structure. This is designed to deter the common method of cracking encrypted code by repeated or pattern data.
- On a binary level the code is rewritten and saved for transfer in a file format only decodable by the recipient.
- the applet then sends the encrypted data to the server via SSL protocol. Once the transfer is complete, the applet deletes any trace of the file encrypted. With the destruction of the applet, no two applications are ever the same because each application contains it's own encryption sequence that cannot be replicated.
- the encrypted data packet resides on the server 12 waiting for an intended recipient to download and unlock it. This creates the ability to maintain completely encrypted and secure data archives.
- the server accesses the original record information of the sequence or algorithm that it originally gave to the applet that the server created to encrypt the file.
- the encrypted data can be compressed 44 .
- Data compression is well-known in the art, any suitable compression technique can be used.
- a preferred data compression technique is commonly referred to as “traditional compression.”
- traditional compression a compression program scans the data for patterns that occur more than once and assigns a “token” to replace each of these patterns.
- delta compression Another preferred compression technique is known as “delta compression,” which can be used when encrypted data is transmitted to the archive server and an earlier verison of the encrypted data file is already on the archive server.
- a delta compressor sends only those portions of the file which is different than the earlier version of the file.
- FIG. 4 shown is the flow chart depicting the steps for decrypting data for a secure receipt of electronic data.
- the server 12 depicts those files available to the recipient 66 .
- the recipient chooses which file to retrieve and the server generates a new applet designed to decrypt the encrypted data packet corresponding to the file requested 69 , based on the original encryption sequence.
- the encrypted data packet is retrieved 70 and stored in a temporary file.
- the program now prompts the user for any secondary key 71 that was originally entered by the sender. Once the key sets the sequence, the applet calculates the sequence that was originally written on the fly.
- the applet resumes decryption with the new sequence of the temporary file wherein decryption is executed 72 and the decrypted file saved to a selection location.
- the program saves the file 73 with original extensions, to a folder specified by the recipient.
- the applet deletes itself 74 and any data related to the secure transfer.
- the original encrypted file located on the server can be triggered to be automatically deleted or retained for manual deletion.
- FIG. 5 is a diagram of a first system according to a preferred embodiment of the present invention.
- a plurality of client workstations 111 are coupled via a LAN 114 , or via any other computer network.
- the system includes a designated archive server 140 on which encrypted documents are stored in accordance with the method of the invention.
- Client workstations 111 can be any computer that is capable of providing access to the web server using a web browser, such as standard desktop computer systems, laptop computers, non-programmable terminals connected to a main frame, personal digital assistant, etc.
- the web browser running on the client workstations 111 is a software program that allows a user at the client workstations 111 to transmit and receive data over the Internet.
- a suitable web browser would be Internet Explorer 5.0.
- a qualified web server 120 is linked to the WWW, and is accessed by client workstation 111 using a web browser.
- the software application 100 (FIG. 1) resides on qualified web server 120 .
- software application 100 is a platform-independent application.
- Software application 100 is accessed by client workstation through an application gateway.
- Remote client workstations 112 can also have identical access to encrypted documents on archive server 140 by using a web browser 116 to access software application 100 .
- Encrypted files can be transferred between the client workstations 111 and 112 and archive server 140 using SSL protocol on the WWW.
- An encrypted file can also be transmitted directly from client workstation 111 to archive server 140 via a secure local connection 142 .
- varying levels of access to the encrypted files on archive server 160 is provided for the individual user so that access is “permission controlled.”
- FIG. 7 illustrates another implementation of the system according to the invention.
- a plurality of client workstations 151 are linked to the WWW using the web browsers 156 , and can access the software application 100 residing on qualified Internet server 120 . Encrypted files are stored on and retrieved from archive server 160 in accordance with the method of the invention.
- the plurality of client workstations 151 are not coupled via a network, but rather have shared proprietary access to an archive server 160 . This shared proprietary access is provided by the account qualifying function provided by software application 100 .
- the plurality of client workstations 151 can therefore essentially comprise a “virtual” network.
- FIG. 8 An alternative arrangement using the system of the invention is illustrated in FIG. 8.
- a personal computer 161 running a web browser 166 is linked to the WWW.
- the user can access software application 100 residing on qualified server 120 .
- Files residing on the hard drive or other local media of personal computer 161 can be encrypted in accordance with the method of the invention using software application 130 in the manner herein described, and then archived on hard drive or other local media of personal computer 161 .
- the system of the invention can thus provide document encryption security protection for an stand-alone workstation.
- the invention can utilize any suitable encryption algorithm, such as Rijndael or Blowfish.
- the encryption algorithm is preferably “modular” with respect to the software application 100 in that the algorithm can be changed at any time, while still retaining the ability to decrypt older files which may be stored on the archive server.
- the user can select the encryption algorithm to be used depending on the user's security needs and the type of file to be encrypted.
- the selection of encryption algorithm can be session specific.
Abstract
A Web-based software system for storing and administrating access to secure electronic data on an archive server. A user at a client workstation running a web browser program logs onto a qualified web server, provides account qualifier data to a software application residing on the web server, and downloads an encryption applet from the software application. The user selects an electronic data file to be encrypted, and the file is encrypted to form an encrypted data packet which is stored on the archive server, and the encryption applet is then destroyed. The information is then securely stored on the archive server. A user retrieves the encrypted electronic data from the archive server by similarly downloading a decryption applet from the web server which is based on the original encryption sequence. The encrypted data packet is downloaded and decrypted to provide readable electronic data to a user at the client workstation. At plurality of client workstations can be coupled via a network, such as a LAN or WAN. The archive server can be coupled to the client workstations or the network, or alternatively, can be accessed from the client workstation via the Internet using SSL protocol. The user can select from a plurality of encryption algorithms according to the security needs of the user.
Description
- This application is a continuation-in-part of applicant's co-pending U.S. Application Ser. No. 09/536,203 filed Mar. 27, 2000, the contents of which is hereby incorporated by reference.
- This invention relates generally to the field of secure electronic data storage, and more specifically to a web-based, password controlled software system for encryption and decryption of data for secure data transmission and storage.
- Today, most computers are linked to other computer systems via a computer network. A computer network is basically a collection of computers that are physically and logically connected together to exchange data or “information.” The network may be local area network (LAN), in which computers are geographically close together and connected by short segments of ethernet or to the same network hub, or wide area network (WAN), in which computers are separated by a considerable distance and are connected by telephone lines or radio waves. Often, networks are configured as “client/server” networks, such that each computer on the network is either a “client” or a “server.” Servers are computers or processes dedicated to managing shared resources, such as storage of electronic data. Any computer that performs a task at the command of another computer is a server.
- An internetwork is a network of computer networks, of which the Internet is commonly acknowledged as the largest. The Internet is based on standard protocols that allow computers to communicate with each other even if using different software vendors, thus allowing anyone with a computer easy accessability to everything else connected to the Internet world wide. As a result of this global access, it is becoming increasingly useful for businesses and individuals to transmit information via networks and internetworks from one site to another.
- The interconnected computers exchange information using various services, for example, the World Wide Web (WWW)and electronic mail. The HTML documents and other files related to a web generally reside on a web computer known as a web server. Although web servers vary greatly in processing speed and memory, they are essentially generic computers with a CPU, co-processors and memory. The different types of computers which can act as a server are well-known to those in the computer field.
- The WWW is an application which allows users seeking information on the Internet to switch from server to server. The WWW service allows a server computer system (Web server or Web site) to send graphical Web pages of information to a remote client computer system. A program known as a web browser running on a client computer allows the client computer to communicate with the WWW. The remote client computer system can then display the Web pages.
- Organizations are increasingly utilizing these networks to improve customer service and streamline business communication through applications such as e-mail, messaging, remote access, intranet based applications, on-line support and supply chain applications. The very openness and accessibility that has stimulated the use of public and private networks has also driven the need for network security.
- As the number of users to the Internet grows, so have concerns regarding the security of businesses and organizations which utilize the Internet for the transfer of confidential information. Security issues have become of increasing concern, particularly when connecting a network, such as a LAN, to the Internet. Such a connection can provide intruders with an opportunity to gain access to the a network.
- A common method for preventing intrusion is allow only a secure single attachment point to the Internet. This method of defense is commonly referred to as a “fire wall.” The single point of attachment allows the passage of only certain types traffic. This procedure can provide a relatively high level of security for a single user, however, maintain this security level becomes difficult as the number of users requiring Internet access increases.
- One method of securing electronic data is to utilize encryption algorithms. Encryption algorithms transform written words and other kinds of messages so that they are unintelligible to unauthorized recipients. An authorized recipient can then transform the words or messages back into a message that is perfectly understandable. Currently, there are two basic kinds of encryption algorithms (1) symmetric key algorithms and (2) public key algorithms.
- Symmetric (or private) key algorithms use the same key to encrypt and decrypt the message. Generally, they are faster and easier to implement than public keys. However, for two parties to securely exchange information, those parties must first securely exchange an encryption key. Examples of symmetric key algorithms include DES, DESX, Triple-DES, Blowfish, IDEA, RC2, RC4, and RC5.
- Public key algorithms use one key (public key) to encrypt the message and another key (private key) to encrypt it. The public key is made public and is used by the sender to encrypt a message sent to the owner of the public key then the message can only be decrypted by the person with the private key. Unfortunately, public keys are very slow, require authentication, and do not work well with large files.
- A third type of system is a hybrid of the public and private systems. The slower public key cryptography is used to exchange a random session key, which is then used as the basis of a symmetric (private) key algorithm. The session key is used only for a single encryption session and is then discarded. Nearly all practical public key cryptography implementations in use today are actually hybrid systems.
- Finally, message digest functions are used in conjunction with public key cryptography. A message digest function generates a unique pattern of bits for a given input. The digest distills the information contained in a file into a single large number, typically 128 and 256 bits in length. The digest value is computed in such a way that finding an input that will exactly generate a given digest is computationally infeasible.
- Message digest algorithms are not used for encryption or decryption but for creation of digital signatures, messages authentication codes (MAC), and the creation of encryption keys from passphrases. For example, Pretty Good Privacy (PGP) uses message digests to transform a passphrase provided by a user in to an encryption key that is used for symmetric encryption. (PGP uses symmetric encryption for its “conventional encryption” function as well as to encrypt the user's private key). A few digest in use are HMAC, MD2, MD4, MD5, SHA, and SHA-1.
- Working cryptographic systems can be divided into two categories; (1) programs and protocols that are used for encryption of e-mail messages such as PGP and S/MIME and (2) cryptographic systems used for providing confidentiality, authentication, integrity, and nonrepudiation in a network environment. The latter requires real-time interplay between a client and a server to work properly. Examples include Secure Socket Layer (SSL) a general-purpose cryptographic protocol that can be used with any TCP/IP service and PCT a transport layer security protocol for use with TCP/IP service, PCT, S-HTTP, SET, Cybercash, DNSSEC, Ipsec, IPv6, Kerberos, and SSH.
- Although the present means of securing electronic information provides a level of security, the security provided can be easily breached. Symmetric encryption algorithms are vulnerable to attack by (1) key search or brute force attacks, (2) cryptanalysis, and (3) systems-based attacks. First, in a key search, the cracker simply tries every possible key, one after another, until the he/she is allowed into the system or the ciphertext is decrypted. There is no way to defend against this but a 128 bit key is highly resistant because of the large number of possible keys to be tried.
- Second, in cryptanalysis, the algorithm can be defeated by using a combination of sophisticated mathematics and computer power. Many encrypted messages can be deciphered without knowing the key. Finally, the cryptographic system itself is attacked without actually attacking the algorithm. Public key algorithms are theoretically easier to attack then symmetric key algorithms because the attacker has a copy of the public key that was used to encrypt the message. Also, the message presumable identifies which public key encryption algorithm was used to encrypt the message. These attacks are (1) factoring attacks and (2) algorithmic attacks. First, factoring attacks attempt to derive a private key from its corresponding public key. This attack can be performed by factoring a number that is associated with the public key.
- Second, an algorithm attack consists of finding a fundamental flaw or weakness in the mathematical problem on which the encryption system is based. Although not often done, it has been accomplished.
- Message digest functions can be attacked by (1) finding two messages-any two messages-that have the same message digest and (2) given a particular message, find a second message that has the same message digest code.
- It would be advantageous to provide a system for securing a server from outside intrusion, not by standard “firewall” barrier systems, but by encrypting the data residing on the server itself so as to render the data useless to a would-be intruder. It would also be desirable to implement such a system using a Web-based software application which can be used for both secure file storage and secure transmission of data.
- The present invention provides a Web-based software system which is designed to administrate access and facilitate virtually impregnable security for the delivery, storage, and sharing of documents and files.
- The invention includes a method of storing secure electronic data on an archive server, which comprises the steps of providing a plurality of client workstations running web browsers programs, accessing the WWW from a client workstation and logging onto a qualified web server, providing account qualifier data to a software application residing on the web server, downloading an encryption applet from the software application, selecting an electronic data file to be encrypted, encrypting the electronic data file and forming an encrypted data packet, storing the encrypted data packet on an archive server; and destroying said encryption applet.
- The invention includes a method of retrieving encrypted electronic data stored on an archive server, comprising the steps of providing at least one encrypted data packet on an archive server, providing at least one client workstation having running a web browser program; accessing the web browser and logging onto a qualified web server; providing account qualifier data to a software application residing on the web server; selecting an encrypted data packet to be retrieved; downloading a decryption applet from the application based on the original encryption algorithm; transferring the decryption applet and the encrypted data packet to the client workstation; and decrypting the encrypted data packet at the client workstation, whereby readable electronic data is available to a user at the client workstation. If the encrypted data packet is compressed, the decryption applet can include a decompression program to decompress the encrypted data packet.
- At least two of the plurality of client workstations can be coupled via a network, such as a LAN or WAN. The archive server can be coupled to client workstations, or alternatively, can be accessed from the client workstation via the Internet using SSL protocol. The method can also include the step of compressing the encrypted data packet prior to transmission, and the encryption applet can include a compression program to compress the electronic data. The software application compiles the encryption applet using an encryption algorithm, and the encryption algorithm is preferably changeable with respect to the software application.
- The method of the invention further includes the steps of providing a plurality of encryption algorithms which can be selected according to the needs of the user, selecting an encryption algorithm; and compiling the encryption applet to use the selected encryption algorithm.
- The method can further includes the step of assigning access permission to said encrypted data packet, wherein the access permission permits selective access to the electronic data files. Access permission can be assigned to a user having designated account qualifier data. The access permission can also permits hierarchal access to an electronic data file by a group of users.
- The invention includes a system for secure storage of electronic data on an archive server, which comprises a plurality of client workstations having web browsers running thereon. a platform-independent software application residing on an web server, means for qualifying a authorization user of the software application; and a means for encrypting an electronic file at said client workstations. The means comprises an encryption applet compiled by the software application which is operable to encrypt the electronic file to create an encrypted data packet. In the system of the invention, the encryption applet is downloaded by a user at one of the client workstations. The system further includes a means for transmitting the encrypted data packet to the archive server for secure storage, a means for retrieving said encrypted data packet from said archive server; and means for decrypting the encrypted data packet, which comprises obtaining a decryption applet from said software application. The decryption applet compiled by said software application is based on the original encryption algorithm.
- Accordingly, it is an objective of the instant invention provide a system, method and apparatus which secures electronic data residing on a network server by storing encrypted data on the server.
- It is another objective of the invention to provide a system, method and apparatus for secure data storage which utilizes a Web-based software application accessed via a web browser running on a client workstation, thus obviating the need for client-side software.
- It is still another objective of the instant invention to provide a system for secure storage of electronic data which uses a web-based software application residing on a web server, and stores encrypted electronic data on a local server.
- It is a further objective of the instant invention to provide a method and apparatus that provides secure electronic transfer and storage of information by using a random and automatic mode of encryption wherein no two keys are ever repeated.
- Still another objective of the instant invention to provide a method and apparatus that allows for secure data transportation and storage that encrypts at the 128 bit level, transports and stores data encrypted, and decrypted only to an authorized user.
- A further objective of the instant invention to provide a basic level of security wherein data is transported via an SSL protocol and automatically encrypted. In this mode only authorized user on a network can access data for review or modification.
- Another objective of the instant invention to provide a heightened level of security wherein a private and secondary key or digital file lock can be employed providing a unique secondary data lock.
- A still further object of the instant invention is to provide a web-based security system which permits universal, remote access by client workstations to data residing on an archive server.
- Still another objective of the instant invention to provide a client-side locking device or biometric interface. In such a locking device, a retinal scanner, finger print scanner, smart card reader or the like can be utilized to send or retrieve information.
- Yet another objective of the instant invention is to provide virtually impregnable security for the delivery, storage, and sharing of documents and files utilizing any compatible network as a secure communications forum.
- Other objects and advantages of this invention will become apparent from the following description taken in conjunction with the accompanying drawings wherein are set forth, by way of illustration and example, certain embodiments of this invention. The drawings constitute a part of this specification and include exemplary embodiments of the present invention and illustrate various objects and features thereof.
- FIG. 1 is a block diagram of the steps executed by a software application for encryption and decryption of electronic data for secure data storage according to the instant invention;
- FIG. 2 is a block diagram of the account authorization process according to a preferred embodiment of the instant invention;
- FIG. 3 is a block diagram of the encryption and storage of electronic data as represented by step A in FIG. 1;
- FIG. 4 is a block diagram of the retrieval and decryption of electronic data as represented by step B in FIG. 1;
- FIG. 5 is a diagram illustrating a hierarchal access structure for different user groups;
- FIG. 6 is a schematic illustration of a first system according to a preferred embodiment of the invention using client workstations coupled via a network;
- FIG. 7 is a schematic illustration of a second system according to a preferred embodiment of the invention using standalone client workstations which are not networked to one another; and
- FIG. 8 is a schematic illustration of a third system according to the preferred embodiment of the invention using a standalone personal computer.
- Although the invention will be described in terms of a specific embodiment, it will be readily apparent to those skilled in this art that various modifications, rearrangements, and substitutions can be made without departing from the spirit of the invention. The scope of the invention is defined by the claims appended hereto.
- Now, referring to FIG. 1, shown is flow chart depicting the
steps 100 executed by a Web-basedsoftware application 100 for encrypting data to be stored and decrypting data to be retrieved. Instep 101, a user at a client workstation opens a web browser and accesses a qualified web server. The data transfer request is initiated instep 103. Instep 105, account qualifier data is entered by the user, and the account qualifier data is authenticated by the server (shown in detail assteps 200 in FIG. 2). If the data cannot be authenticated, the transfer request is refused instep 109. If the account qualifier is authenticated, the user at the client workstation can encrypt a file and store it on anarchive server 111, or retrieve the file from the archive server and decrypt thefile 113. - A
preferred method 200 of authenticating account qualifier data is shown in FIG. 2. In addition to themethod 200, the invention contemplates a variety of methods to authenticate account qualifier data, and the invention is not limited in this regard. Theserver 12 provides login account qualifier data requiring either user name and apassword 14 or abiometric interface 16 such as a retinal scanner, finger print scanner, smart card reader and the like for the purpose of seeking data-base authentication 18. If login fails, the user has threeattempts 20 before the account is locked 22 and the administrator and theaccount holder 24 is alerted. Upon asuccessful login 26, atransfer request 28 is sent to the control program on the server to open a transfer information page inquiry page. - Referring now to FIG. 3, when data is to be transferred30, an applet is compiled on the server and sent to the
client workstation 32. The applet is a temporary file allowing the client to select 34 the data files that are to be transferred. The user adds the file(s) to be transferred to an application window 46. If the user account allows, the client has the option of entering via the keyboard, asecondary security key 36. It should be noted that even if two separate people encrypted the exact same file with the same key, they will have encrypted two uniquely different sequences. If one attempts to “crack” the application sequence, they would not be able to decrypt it because each applet is embedded with a unique encryption sequence. The encryption sequence generated is added to the applet template, and the data is encrypted and an encrypted data packet is compiled 38. The encrypted data packet is then transferred to thearchive server 40. Anotification 42 can be sent to an intended recipient of the file. - The applet breaks the code of the files down into its binary form during execution. It reads the binary data and then rewrites the data to the temporary file that was previously created. The running program changes the entire code sequence of the client file to a randomly generated sequence specified by the particular and customized applet. The sequence is also designed to replace every other matching bit of binary code with a unique string. Thus, with this method, an “a”, for example, will never be represented twice in the same file structure. This is designed to deter the common method of cracking encrypted code by repeated or pattern data. On a binary level, the code is rewritten and saved for transfer in a file format only decodable by the recipient. The applet then sends the encrypted data to the server via SSL protocol. Once the transfer is complete, the applet deletes any trace of the file encrypted. With the destruction of the applet, no two applications are ever the same because each application contains it's own encryption sequence that cannot be replicated.
- The encrypted data packet resides on the
server 12 waiting for an intended recipient to download and unlock it. This creates the ability to maintain completely encrypted and secure data archives. When file retrieval is requested by a recipient, the server then accesses the original record information of the sequence or algorithm that it originally gave to the applet that the server created to encrypt the file. - In order to maximize the effective rate at which the encrypted data can be transferred between the client workstations and the web server, the encrypted data can be compressed44. Data compression is well-known in the art, any suitable compression technique can be used. A preferred data compression technique is commonly referred to as “traditional compression.” In traditional compression, a compression program scans the data for patterns that occur more than once and assigns a “token” to replace each of these patterns. Another preferred compression technique is known as “delta compression,” which can be used when encrypted data is transmitted to the archive server and an earlier verison of the encrypted data file is already on the archive server. A delta compressor sends only those portions of the file which is different than the earlier version of the file.
- Now referring to FIG. 4, shown is the flow chart depicting the steps for decrypting data for a secure receipt of electronic data. If the login is successful, the
server 12 depicts those files available to the recipient 66. The recipient chooses which file to retrieve and the server generates a new applet designed to decrypt the encrypted data packet corresponding to the file requested 69, based on the original encryption sequence. The encrypted data packet is retrieved 70 and stored in a temporary file. The program now prompts the user for any secondary key 71 that was originally entered by the sender. Once the key sets the sequence, the applet calculates the sequence that was originally written on the fly. The applet resumes decryption with the new sequence of the temporary file wherein decryption is executed 72 and the decrypted file saved to a selection location. When the data decryption is complete, the program saves thefile 73 with original extensions, to a folder specified by the recipient. Then the applet deletes itself 74 and any data related to the secure transfer. Upon completion of the transfer and decryption process, the original encrypted file located on the server can be triggered to be automatically deleted or retained for manual deletion. - FIG. 5 is a diagram of a first system according to a preferred embodiment of the present invention. A plurality of
client workstations 111 are coupled via a LAN 114, or via any other computer network. The system includes a designated archive server 140 on which encrypted documents are stored in accordance with the method of the invention.Client workstations 111 can be any computer that is capable of providing access to the web server using a web browser, such as standard desktop computer systems, laptop computers, non-programmable terminals connected to a main frame, personal digital assistant, etc. The web browser running on theclient workstations 111 is a software program that allows a user at theclient workstations 111 to transmit and receive data over the Internet. A suitable web browser would be Internet Explorer 5.0. - A qualified web server120 is linked to the WWW, and is accessed by
client workstation 111 using a web browser. The software application 100 (FIG. 1) resides on qualified web server 120. In the preferred embodiment,software application 100 is a platform-independent application.Software application 100 is accessed by client workstation through an application gateway. Remote client workstations 112 can also have identical access to encrypted documents on archive server 140 by using a web browser 116 to accesssoftware application 100. Encrypted files can be transferred between theclient workstations 111 and 112 and archive server 140 using SSL protocol on the WWW. An encrypted file can also be transmitted directly fromclient workstation 111 to archive server 140 via a secure local connection 142. In the preferred embodiment, varying levels of access to the encrypted files on archive server 160 is provided for the individual user so that access is “permission controlled.” - The diagram in FIG. 7 illustrates another implementation of the system according to the invention. A plurality of client workstations151 are linked to the WWW using the web browsers 156, and can access the
software application 100 residing on qualified Internet server 120. Encrypted files are stored on and retrieved from archive server 160 in accordance with the method of the invention. The plurality of client workstations 151 are not coupled via a network, but rather have shared proprietary access to an archive server 160. This shared proprietary access is provided by the account qualifying function provided bysoftware application 100. The plurality of client workstations 151 can therefore essentially comprise a “virtual” network. - An alternative arrangement using the system of the invention is illustrated in FIG. 8. A
personal computer 161 running aweb browser 166 is linked to the WWW. The user can accesssoftware application 100 residing on qualified server 120. Files residing on the hard drive or other local media ofpersonal computer 161 can be encrypted in accordance with the method of the invention using software application 130 in the manner herein described, and then archived on hard drive or other local media ofpersonal computer 161. The system of the invention can thus provide document encryption security protection for an stand-alone workstation. - The invention can utilize any suitable encryption algorithm, such as Rijndael or Blowfish. The encryption algorithm is preferably “modular” with respect to the
software application 100 in that the algorithm can be changed at any time, while still retaining the ability to decrypt older files which may be stored on the archive server. In another aspect of the invention, the user can select the encryption algorithm to be used depending on the user's security needs and the type of file to be encrypted. The selection of encryption algorithm can be session specific. - It is to be understood that while a certain form of the invention is illustrated, it is not to be limited to the specific form or arrangement of parts herein described and shown. It will be apparent to those skilled in the art that various changes may be made without departing from the scope of the invention and the invention is not to be considered limited to what is shown and described in the specification and drawings.
Claims (38)
1. A method of transporting electronic data for secure storage on an archive server, comprising the steps of:
providing at least one client workstation having a Web browser running thereon;
accessing the Web browser from the client workstation and logging onto a qualified Web server;
providing account qualifier data to a software application residing on the Web server;
obtaining an encryption applet from the software application;
selecting an electronic data file to be encrypted;
encrypting said electronic data file and forming an encrypted data packet;
transferring said encrypted data packet to the archive server; and
destroying the encryption applet.
2. The method of , wherein the software application residing on the Web server is platform-independent.
claim 1
3. The method of , further including the step of compressing the encrypted data packet prior to transferring the encrypted data packet to the archive server.
claim 1
4. The method of , wherein the encryption applet includes a compression program to compress the electronic data to form a compressed encrypted data packet.
claim 3
5. The method of , wherein the encryption applet compiled by the software application is based on an encryption algorithm, and the encryption algorithm is changeable with respect to the software application.
claim 1
6. The method of , further comprising the steps of:
claim 1
providing a plurality of encryption algorithms;
selecting an encryption algorithm; and
compiling the encryption applet using the selected encryption algorithm.
7. The method of , wherein a user at the client workstation can select the encryption algorithm.
claim 6
8. The method of , further including providing a plurality of client workstations, wherein at least two of the plurality of client workstations are coupled via a network.
claim 1
9. The method of , wherein the archive server is coupled to at least one of the plurality of client workstations.
claim 8
10. The method of , wherein the archive server is coupled to the network.
claim 8
11. The method of , further comprising the step of assigning access permission to said encrypted data packet, wherein the access permission permits selective access to the electronic data files.
claim 1
12. The method of , wherein access permission is assigned to a user having designated account qualifier data.
claim 11
13. The method of , wherein said access permission permits hierarchal access to an electronic data file by a group of users.
claim 11
14. The method of wherein the encrypted data packet is transferred from the client workstation to the archive server by SSL protocol.
claim 1
15. A method of retrieving encrypted electronic data stored on an archive server, comprising the steps of:
providing at least one encrypted data packet on the archive server;
providing at least one client workstation having a Web browser;
accessing the Web browser and logging onto a qualified Web server;
providing account qualifier data to as software application residing on the Web server;
selecting an encrypted data packet to be retrieved from the archive server;
obtaining a decryption applet from the application based on the original encryption algorithm of the encrypted data packet
transferring the decryption applet and the encrypted data packet to the client workstation; and
decrypting said encrypted data packet at the client workstation, whereby the electronic data is available to a user at the client workstation.
16. The method of , wherein the account qualifier data corresponds to at least one user.
claim 15
17. The method of , wherein said encrypted data packet is compressed, and said decryption applet includes a decompression program to decompress the encrypted data packet.
claim 15
18. The method of , wherein the software application residing on said Web server is platform-independent.
claim 15
19. The method of , wherein the at least one client workstation comprises a plurality of client workstations.
claim 15
20. The method of , wherein the at least two of the plurality of client workstations are coupled via a network.
claim 15
21. The method of , wherein the archive server is coupled to the at least one client workstation.
claim 15
22. The method of , wherein the archive server is coupled to the network.
claim 20
23. The method of , wherein access permission is assigned to at least one encrypted data packet, wherein the access permission permits selective access to the electronic data files.
claim 15
24. The method of , wherein the encrypted data packet is transferred from the to the archive server to the client workstation by SSL protocol.
claim 15
25. A system for secure storage of electronic data on an archive server, comprising:
a plurality of client workstations, said plurality of client workstations having Web browsers running thereon;
a platform-independent software application residing on a Web server,
means for qualifying a authorization user of said software application;
means for encrypting an electronic file at said client workstations, said means comprising an encryption applet compiled by said software application which is transmitted to a user at one of said client workstations; said encryption applet operable to encrypt the electronic file to create an encrypted data packet;
means for transmitting said encrypted data packet to said archive server for secure storage;
means for retrieving said encrypted data packet from said archive server; and
means for decrypting said encrypted data packet, said means comprising obtaining a decryption applet from said software application, said decryption applet compiled by said software application based on the original encryption algorithm.
26. The system of , wherein said encryption applet includes a means to compress said encrypted data packet.
claim 25
27. The system of , wherein said encryption applet includes a means to decompress a compressed encrypted data packet.
claim 25
28. The system of , wherein the software application compiles the encryption applet using an encryption algorithm, and the encryption algorithm is changeable with respect to the application.
claim 25
29. The system of , further comprising a means to select the encryption algorithm.
claim 25
30. The system of , wherein two of the plurality of client workstations are coupled via a network.
claim 25
31. The system of , wherein the archive server is coupled to at least one of the plurality of client workstations.
claim 25
32. The system of , wherein the archive server is coupled to the network.
claim 25
33. The system of , wherein access permission is assigned to said encrypted data packet, wherein said access permission permits selective access to the electronic data files.
claim 25
34. The system of , wherein said access permission is assigned to a user having designated account qualifier data.
claim 33
35. The system of , wherein said access permission permits hierarchal access to an electronic data file by a group of users.
claim 33
36. The system of , wherein the means for transmitted the encrypted data packet from the client workstation to the archive server is by SSL protocol.
claim 34
37. The system of , wherein the means for transmitted the encrypted data packet from the archive server is by SSL protocol.
claim 25
40. The system according to , wherein said software application is accessed by account qualifier data.
claim 25
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/771,215 US20010042124A1 (en) | 2000-03-27 | 2001-01-26 | Web-based method, apparatus, and system for secure data storage |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/536,203 US6665709B1 (en) | 2000-03-27 | 2000-03-27 | Method, apparatus, and system for secure data transport |
US09/771,215 US20010042124A1 (en) | 2000-03-27 | 2001-01-26 | Web-based method, apparatus, and system for secure data storage |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/536,203 Continuation-In-Part US6665709B1 (en) | 2000-03-27 | 2000-03-27 | Method, apparatus, and system for secure data transport |
Publications (1)
Publication Number | Publication Date |
---|---|
US20010042124A1 true US20010042124A1 (en) | 2001-11-15 |
Family
ID=24137572
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/536,203 Expired - Lifetime US6665709B1 (en) | 2000-03-27 | 2000-03-27 | Method, apparatus, and system for secure data transport |
US09/771,215 Abandoned US20010042124A1 (en) | 2000-03-27 | 2001-01-26 | Web-based method, apparatus, and system for secure data storage |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/536,203 Expired - Lifetime US6665709B1 (en) | 2000-03-27 | 2000-03-27 | Method, apparatus, and system for secure data transport |
Country Status (3)
Country | Link |
---|---|
US (2) | US6665709B1 (en) |
AU (1) | AU2001250991A1 (en) |
WO (1) | WO2001073530A2 (en) |
Cited By (62)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020112164A1 (en) * | 2001-02-14 | 2002-08-15 | Schmeling Garth F. | System and method for providing customized secure access to shared documents |
US20030167336A1 (en) * | 2001-12-05 | 2003-09-04 | Canon Kabushiki Kaisha | Two-pass device access management |
GB2387458A (en) * | 2002-04-09 | 2003-10-15 | Solarsoft Ltd | Secure Internet-accessible data storage system |
US20030200436A1 (en) * | 2002-04-17 | 2003-10-23 | Eun Sung Kyong | Access control method using token having security attributes in computer system |
US20030212886A1 (en) * | 2002-05-09 | 2003-11-13 | Nec Corporation | Encryption/decryption system and encryption/decryption method |
US20040010599A1 (en) * | 2000-09-20 | 2004-01-15 | Takashi Otobe | Distribution system and distribution method |
US20040083373A1 (en) * | 2002-10-28 | 2004-04-29 | Perkins Gregory M. | Automatically generated cryptographic functions for renewable tamper resistant security systems |
US20040177056A1 (en) * | 2003-03-06 | 2004-09-09 | Davis William Nelson | Font rental system and method |
US20060045309A1 (en) * | 2004-06-14 | 2006-03-02 | Shan Suthaharan | Systems and methods for digital content security |
US7170999B1 (en) * | 2002-08-28 | 2007-01-30 | Napster, Inc. | Method of and apparatus for encrypting and transferring files |
US20070101412A1 (en) * | 2005-10-28 | 2007-05-03 | Yahoo! Inc. | Low code-footprint security solution |
US7228317B1 (en) * | 2002-06-18 | 2007-06-05 | Yahoo! Inc. | Method and apparatus for accelerating and improving access to network files |
US20070174246A1 (en) * | 2006-01-25 | 2007-07-26 | Sigurdsson Johann T | Multiple client search method and system |
US20080263675A1 (en) * | 2007-04-18 | 2008-10-23 | Mcintyre Kevin | System and method of network printing |
US20080304664A1 (en) * | 2007-06-07 | 2008-12-11 | Shanmugathasan Suthaharan | System and a method for securing information |
US20090207999A1 (en) * | 2008-02-18 | 2009-08-20 | Kabushiki Kaisha Toshiba | Decryption processing apparatus, system, method, and computer program product |
US20100115290A1 (en) * | 2008-11-05 | 2010-05-06 | Reiner Walch | Keyboard and method for secure transmission of data |
US7849199B2 (en) | 2005-07-14 | 2010-12-07 | Yahoo ! Inc. | Content router |
US20110013955A1 (en) * | 2009-07-14 | 2011-01-20 | Samsung Electronics Co. Ltd. | Heating member having resistive heating layer and fusing device using the same |
US7925767B2 (en) | 2001-12-05 | 2011-04-12 | Canon Kabushiki Kaisha | Device access based on centralized authentication |
US8024290B2 (en) | 2005-11-14 | 2011-09-20 | Yahoo! Inc. | Data synchronization and device handling |
US20110238498A1 (en) * | 2010-03-29 | 2011-09-29 | Microsoft Corporation | Service stage for subscription management |
US8065680B2 (en) | 2005-11-15 | 2011-11-22 | Yahoo! Inc. | Data gateway for jobs management based on a persistent job table and a server table |
US20110293096A1 (en) * | 2010-05-27 | 2011-12-01 | Bladelogic, Inc. | Multi-Level Key Management |
US8244014B2 (en) | 2004-11-04 | 2012-08-14 | Dr Systems, Inc. | Systems and methods for viewing medical images |
US8302162B1 (en) * | 2008-06-11 | 2012-10-30 | Symantec Operating Corporation | Backup and archival of hosted online content |
US20120278900A1 (en) * | 2011-01-24 | 2012-11-01 | Vince Sebald | Systems and methods for regulatory compliance with qualified systems |
US8380533B2 (en) | 2008-11-19 | 2013-02-19 | DR Systems Inc. | System and method of providing dynamic and customizable medical examination forms |
US20130081145A1 (en) * | 2008-04-10 | 2013-03-28 | Alan M. Pitt | Anonymous association system utilizing biometrics |
US20130117555A1 (en) * | 2010-12-22 | 2013-05-09 | Qian Yang | Method and system for data encryption and decryption in data transmission through the web |
US8457990B1 (en) | 2006-11-22 | 2013-06-04 | Dr Systems, Inc. | Smart placement rules |
US8589991B2 (en) | 2010-12-14 | 2013-11-19 | Microsoft Corporation | Direct connection with side channel control |
US8610746B2 (en) | 2004-11-04 | 2013-12-17 | Dr Systems, Inc. | Systems and methods for viewing medical 3D imaging volumes |
US8626527B1 (en) * | 2004-11-04 | 2014-01-07 | Dr Systems, Inc. | Systems and methods for retrieval of medical data |
WO2014009813A2 (en) * | 2012-07-12 | 2014-01-16 | Md Databank Corp | Secure storage system and uses thereof |
CN103685557A (en) * | 2013-12-26 | 2014-03-26 | 金蝶软件(中国)有限公司 | Method and device for uploading and downloading file |
US8712120B1 (en) | 2009-09-28 | 2014-04-29 | Dr Systems, Inc. | Rules-based approach to transferring and/or viewing medical images |
US8731259B2 (en) | 2004-11-04 | 2014-05-20 | Dr Systems, Inc. | Systems and methods for matching, naming, and displaying medical images |
US20140143553A1 (en) * | 2012-11-20 | 2014-05-22 | Cloudioh Inc. | Method and Apparatus for Encapsulating and Encrypting Files in Computer Device |
US20140195804A1 (en) * | 2012-10-12 | 2014-07-10 | Safelylocked, Llc | Techniques for secure data exchange |
US8792429B2 (en) | 2010-12-14 | 2014-07-29 | Microsoft Corporation | Direct connection with side channel control |
US20140229533A1 (en) * | 2010-09-24 | 2014-08-14 | Imdb.Com, Inc. | Client-side network page generation |
US20140280347A1 (en) * | 2013-03-14 | 2014-09-18 | Konica Minolta Laboratory U.S.A., Inc. | Managing Digital Files with Shared Locks |
US20140298013A1 (en) * | 2011-10-28 | 2014-10-02 | Danmarks Tekniske Universitet | Dynamic encryption method |
US8879807B2 (en) | 2004-11-04 | 2014-11-04 | Dr Systems, Inc. | Systems and methods for interleaving series of medical images |
US8923770B2 (en) | 2010-12-09 | 2014-12-30 | Microsoft Corporation | Cognitive use of multiple regulatory domains |
US8948382B2 (en) | 2010-12-16 | 2015-02-03 | Microsoft Corporation | Secure protocol for peer-to-peer network |
US8971841B2 (en) | 2010-12-17 | 2015-03-03 | Microsoft Corporation | Operating system supporting cost aware applications |
US9053331B2 (en) | 2009-07-06 | 2015-06-09 | Gemalto Sa | Securisation of a remote executable code using a footprint of the computer recipient |
US9092727B1 (en) | 2011-08-11 | 2015-07-28 | D.R. Systems, Inc. | Exam type mapping |
US9294545B2 (en) | 2010-12-16 | 2016-03-22 | Microsoft Technology Licensing, Llc | Fast join of peer to peer group with power saving mode |
US9367832B2 (en) | 2006-01-04 | 2016-06-14 | Yahoo! Inc. | Synchronizing image data among applications and devices |
US9542203B2 (en) | 2010-12-06 | 2017-01-10 | Microsoft Technology Licensing, Llc | Universal dock for context sensitive computing device |
KR20180011074A (en) * | 2015-04-10 | 2018-01-31 | 피씨엠에스 홀딩스, 인크. | Systems and methods for delegation of cloud computing processes |
US20180060547A1 (en) * | 2014-12-12 | 2018-03-01 | Excalibur Ip, Llc | User authentication and data encryption |
US10068099B1 (en) * | 2018-01-19 | 2018-09-04 | Griffin Group Global, LLC | System and method for providing a data structure having different-scheme-derived portions |
US10078759B1 (en) * | 2018-01-19 | 2018-09-18 | Griffin Group Global, LLC | System and method for data sharing via a data structure having different-scheme-derived portions |
US10665342B2 (en) | 2013-01-09 | 2020-05-26 | Merge Healthcare Solutions Inc. | Intelligent management of computerized advanced processing |
US10909168B2 (en) | 2015-04-30 | 2021-02-02 | Merge Healthcare Solutions Inc. | Database systems and interactive user interfaces for dynamic interaction with, and review of, digital medical image data |
US20220019699A1 (en) * | 2013-03-29 | 2022-01-20 | Secturion Systems, Inc. | Multi-tenancy architecture |
US11792169B2 (en) | 2015-09-17 | 2023-10-17 | Secturion Systems, Inc. | Cloud storage using encryption gateway with certificate authority identification |
US11921906B2 (en) | 2013-03-29 | 2024-03-05 | Secturion Systems, Inc. | Security device with programmable systolic-matrix cryptographic module and programmable input/output interface |
Families Citing this family (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6854034B1 (en) | 1999-08-27 | 2005-02-08 | Hitachi, Ltd. | Computer system and a method of assigning a storage device to a computer |
US20010047394A1 (en) | 1999-09-10 | 2001-11-29 | Kloba David D. | System, method, and computer program product for executing scripts on mobile devices |
US7987420B1 (en) * | 1999-09-10 | 2011-07-26 | Ianywhere Solutions, Inc. | System, method, and computer program product for a scalable, configurable, client/server, cross-platform browser for mobile devices |
US8595308B1 (en) | 1999-09-10 | 2013-11-26 | Ianywhere Solutions, Inc. | System, method, and computer program product for server side processing in a mobile device environment |
US7392388B2 (en) | 2000-09-07 | 2008-06-24 | Swivel Secure Limited | Systems and methods for identity verification for secure transactions |
EP1338132A2 (en) * | 2000-11-28 | 2003-08-27 | Swivel Technologies Limited | Secure file transfer method and system |
US20020078242A1 (en) * | 2000-12-15 | 2002-06-20 | Nanjundiah Viswanath | Method of selectively compressing data packets |
US7941669B2 (en) * | 2001-01-03 | 2011-05-10 | American Express Travel Related Services Company, Inc. | Method and apparatus for enabling a user to select an authentication method |
US7308477B1 (en) * | 2001-01-10 | 2007-12-11 | Cisco Technology, Inc. | Unified messaging system configured for transport of encrypted messages |
US6977745B2 (en) * | 2001-10-30 | 2005-12-20 | Pitney Bowes Inc. | Method and apparatus for the secure printing of a document |
JP2003173246A (en) * | 2001-12-05 | 2003-06-20 | Ricoh Co Ltd | Device information gathering method, program, server device and storage medium |
US7548952B2 (en) | 2002-05-31 | 2009-06-16 | International Business Machines Corporation | Method of sending an email to a plurality of recipients with selective treatment of attached files |
US8010405B1 (en) | 2002-07-26 | 2011-08-30 | Visa Usa Inc. | Multi-application smart card device software solution for smart cardholder reward selection and redemption |
US8015060B2 (en) | 2002-09-13 | 2011-09-06 | Visa Usa, Inc. | Method and system for managing limited use coupon and coupon prioritization |
US9852437B2 (en) | 2002-09-13 | 2017-12-26 | Visa U.S.A. Inc. | Opt-in/opt-out in loyalty system |
US8626577B2 (en) | 2002-09-13 | 2014-01-07 | Visa U.S.A | Network centric loyalty system |
US6945454B2 (en) * | 2003-04-22 | 2005-09-20 | Stmicroelectronics, Inc. | Smart card device used as mass storage device |
US7827077B2 (en) | 2003-05-02 | 2010-11-02 | Visa U.S.A. Inc. | Method and apparatus for management of electronic receipts on portable devices |
US7373602B2 (en) * | 2003-05-28 | 2008-05-13 | Microsoft Corporation | Method for reading electronic mail in plain text |
US8554610B1 (en) | 2003-08-29 | 2013-10-08 | Visa U.S.A. Inc. | Method and system for providing reward status |
US7051923B2 (en) | 2003-09-12 | 2006-05-30 | Visa U.S.A., Inc. | Method and system for providing interactive cardholder rewards image replacement |
US8005763B2 (en) | 2003-09-30 | 2011-08-23 | Visa U.S.A. Inc. | Method and system for providing a distributed adaptive rules based dynamic pricing system |
US8407083B2 (en) | 2003-09-30 | 2013-03-26 | Visa U.S.A., Inc. | Method and system for managing reward reversal after posting |
US7653602B2 (en) | 2003-11-06 | 2010-01-26 | Visa U.S.A. Inc. | Centralized electronic commerce card transactions |
CA2542900A1 (en) * | 2003-11-06 | 2005-05-26 | Live Cargo, Inc. | Systems and methods for electronic information distribution |
US7477908B2 (en) | 2004-12-13 | 2009-01-13 | Research In Motion Limited | Messaging protocol/service switching methods and devices |
US20070067403A1 (en) * | 2005-07-20 | 2007-03-22 | Grant Holmes | Data Delivery System |
US7587045B2 (en) * | 2005-10-03 | 2009-09-08 | Kabushiki Kaisha Toshiba | System and method for securing document transmittal |
US8874477B2 (en) | 2005-10-04 | 2014-10-28 | Steven Mark Hoffberg | Multifactorial optimization system and method |
US20080189558A1 (en) * | 2007-02-01 | 2008-08-07 | Sun Microsystems, Inc. | System and Method for Secure Data Storage |
WO2008151147A1 (en) * | 2007-06-01 | 2008-12-11 | Memeo, Inc. | Automatic file sharing over a network |
WO2009137927A1 (en) * | 2008-05-12 | 2009-11-19 | Research In Motion Limited | Security measures for countering unauthorized decryption |
WO2011070571A1 (en) * | 2009-12-08 | 2011-06-16 | Safend Ltd. | System and method for secured backup of data |
US20110145082A1 (en) | 2009-12-16 | 2011-06-16 | Ayman Hammad | Merchant alerts incorporating receipt data |
US8429048B2 (en) | 2009-12-28 | 2013-04-23 | Visa International Service Association | System and method for processing payment transaction receipts |
US8346920B2 (en) * | 2010-07-15 | 2013-01-01 | Srr Patent Holdings, Llc | Managing network resource requests |
US8601603B1 (en) | 2010-12-01 | 2013-12-03 | The United States Of America, As Represented By The Secretary Of The Navy | Secure information transmission over a network |
US10043015B2 (en) * | 2014-11-20 | 2018-08-07 | At&T Intellectual Property I, L.P. | Method and apparatus for applying a customer owned encryption |
US10642687B2 (en) * | 2014-12-31 | 2020-05-05 | Pure Storage, Inc. | Pessimistic reads and other smart-read enhancements with synchronized vaults |
US10410210B1 (en) * | 2015-04-01 | 2019-09-10 | National Technology & Engineering Solutions Of Sandia, Llc | Secure generation and inversion of tokens |
AT519755B1 (en) * | 2017-02-14 | 2018-10-15 | Avl List Gmbh | CYLINDER HOUSING OF AN INTERNAL COMBUSTION ENGINE |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5841870A (en) * | 1996-11-12 | 1998-11-24 | Cheyenne Property Trust | Dynamic classes of service for an international cryptography framework |
US6035406A (en) * | 1997-04-02 | 2000-03-07 | Quintet, Inc. | Plurality-factor security system |
US6105042A (en) * | 1998-02-13 | 2000-08-15 | Cylex Systems, Inc. | Multi-user information management system adapted for efficient, remote, on-demand document management, storage and retrieval |
US6198824B1 (en) * | 1997-02-12 | 2001-03-06 | Verizon Laboratories Inc. | System for providing secure remote command execution network |
US6226744B1 (en) * | 1997-10-09 | 2001-05-01 | At&T Corp | Method and apparatus for authenticating users on a network using a smart card |
US6298446B1 (en) * | 1998-06-14 | 2001-10-02 | Alchemedia Ltd. | Method and system for copyright protection of digital images transmitted over networks |
US6314521B1 (en) * | 1997-11-26 | 2001-11-06 | International Business Machines Corporation | Secure configuration of a digital certificate for a printer or other network device |
US6421673B1 (en) * | 1999-12-13 | 2002-07-16 | Novient, Inc. | Method for mapping applications and or attributes in a distributed network environment |
US6424718B1 (en) * | 1996-10-16 | 2002-07-23 | International Business Machines Corporation | Data communications system using public key cryptography in a web environment |
US6584466B1 (en) * | 1999-04-07 | 2003-06-24 | Critical Path, Inc. | Internet document management system and methods |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0907120A3 (en) | 1997-10-02 | 2004-03-24 | Tumbleweed Software Corporation | Method amd apparatus for delivering documents over an electronic network |
-
2000
- 2000-03-27 US US09/536,203 patent/US6665709B1/en not_active Expired - Lifetime
-
2001
- 2001-01-26 US US09/771,215 patent/US20010042124A1/en not_active Abandoned
- 2001-03-26 WO PCT/US2001/009631 patent/WO2001073530A2/en active Application Filing
- 2001-03-26 AU AU2001250991A patent/AU2001250991A1/en not_active Abandoned
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6424718B1 (en) * | 1996-10-16 | 2002-07-23 | International Business Machines Corporation | Data communications system using public key cryptography in a web environment |
US5841870A (en) * | 1996-11-12 | 1998-11-24 | Cheyenne Property Trust | Dynamic classes of service for an international cryptography framework |
US6198824B1 (en) * | 1997-02-12 | 2001-03-06 | Verizon Laboratories Inc. | System for providing secure remote command execution network |
US6035406A (en) * | 1997-04-02 | 2000-03-07 | Quintet, Inc. | Plurality-factor security system |
US6226744B1 (en) * | 1997-10-09 | 2001-05-01 | At&T Corp | Method and apparatus for authenticating users on a network using a smart card |
US6314521B1 (en) * | 1997-11-26 | 2001-11-06 | International Business Machines Corporation | Secure configuration of a digital certificate for a printer or other network device |
US6105042A (en) * | 1998-02-13 | 2000-08-15 | Cylex Systems, Inc. | Multi-user information management system adapted for efficient, remote, on-demand document management, storage and retrieval |
US6298446B1 (en) * | 1998-06-14 | 2001-10-02 | Alchemedia Ltd. | Method and system for copyright protection of digital images transmitted over networks |
US6584466B1 (en) * | 1999-04-07 | 2003-06-24 | Critical Path, Inc. | Internet document management system and methods |
US6421673B1 (en) * | 1999-12-13 | 2002-07-16 | Novient, Inc. | Method for mapping applications and or attributes in a distributed network environment |
Cited By (130)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040010599A1 (en) * | 2000-09-20 | 2004-01-15 | Takashi Otobe | Distribution system and distribution method |
US8285783B2 (en) * | 2000-09-20 | 2012-10-09 | Sony Corporation | Distribution system and distribution method |
US7299502B2 (en) * | 2001-02-14 | 2007-11-20 | Hewlett-Packard Development Company, L.P. | System and method for providing customized secure access to shared documents |
US20020112164A1 (en) * | 2001-02-14 | 2002-08-15 | Schmeling Garth F. | System and method for providing customized secure access to shared documents |
US7167919B2 (en) * | 2001-12-05 | 2007-01-23 | Canon Kabushiki Kaisha | Two-pass device access management |
US20030167336A1 (en) * | 2001-12-05 | 2003-09-04 | Canon Kabushiki Kaisha | Two-pass device access management |
US7925767B2 (en) | 2001-12-05 | 2011-04-12 | Canon Kabushiki Kaisha | Device access based on centralized authentication |
GB2387458A (en) * | 2002-04-09 | 2003-10-15 | Solarsoft Ltd | Secure Internet-accessible data storage system |
US20030200436A1 (en) * | 2002-04-17 | 2003-10-23 | Eun Sung Kyong | Access control method using token having security attributes in computer system |
US7290279B2 (en) * | 2002-04-17 | 2007-10-30 | Electronics And Telecommunications Research Institute | Access control method using token having security attributes in computer system |
US20030212886A1 (en) * | 2002-05-09 | 2003-11-13 | Nec Corporation | Encryption/decryption system and encryption/decryption method |
EP1361692A3 (en) * | 2002-05-09 | 2004-01-02 | Nec Corporation | Encryption/decryption system and encryption/decryption method |
US7228317B1 (en) * | 2002-06-18 | 2007-06-05 | Yahoo! Inc. | Method and apparatus for accelerating and improving access to network files |
US20070203886A1 (en) * | 2002-06-18 | 2007-08-30 | Epstein Kevin A | Method and apparatus for accelerating and improving access to network files |
US7170999B1 (en) * | 2002-08-28 | 2007-01-30 | Napster, Inc. | Method of and apparatus for encrypting and transferring files |
US20040083373A1 (en) * | 2002-10-28 | 2004-04-29 | Perkins Gregory M. | Automatically generated cryptographic functions for renewable tamper resistant security systems |
US20040177056A1 (en) * | 2003-03-06 | 2004-09-09 | Davis William Nelson | Font rental system and method |
US20060045309A1 (en) * | 2004-06-14 | 2006-03-02 | Shan Suthaharan | Systems and methods for digital content security |
US10540763B2 (en) | 2004-11-04 | 2020-01-21 | Merge Healthcare Solutions Inc. | Systems and methods for matching, naming, and displaying medical images |
US8879807B2 (en) | 2004-11-04 | 2014-11-04 | Dr Systems, Inc. | Systems and methods for interleaving series of medical images |
US9471210B1 (en) | 2004-11-04 | 2016-10-18 | D.R. Systems, Inc. | Systems and methods for interleaving series of medical images |
US9501863B1 (en) | 2004-11-04 | 2016-11-22 | D.R. Systems, Inc. | Systems and methods for viewing medical 3D imaging volumes |
US9542082B1 (en) | 2004-11-04 | 2017-01-10 | D.R. Systems, Inc. | Systems and methods for matching, naming, and displaying medical images |
US9727938B1 (en) | 2004-11-04 | 2017-08-08 | D.R. Systems, Inc. | Systems and methods for retrieval of medical data |
US9734576B2 (en) * | 2004-11-04 | 2017-08-15 | D.R. Systems, Inc. | Systems and methods for interleaving series of medical images |
US8913808B2 (en) | 2004-11-04 | 2014-12-16 | Dr Systems, Inc. | Systems and methods for viewing medical images |
US10096111B2 (en) | 2004-11-04 | 2018-10-09 | D.R. Systems, Inc. | Systems and methods for interleaving series of medical images |
US10438352B2 (en) | 2004-11-04 | 2019-10-08 | Merge Healthcare Solutions Inc. | Systems and methods for interleaving series of medical images |
US10437444B2 (en) | 2004-11-04 | 2019-10-08 | Merge Healthcare Soltuions Inc. | Systems and methods for viewing medical images |
US11177035B2 (en) | 2004-11-04 | 2021-11-16 | International Business Machines Corporation | Systems and methods for matching, naming, and displaying medical images |
US8244014B2 (en) | 2004-11-04 | 2012-08-14 | Dr Systems, Inc. | Systems and methods for viewing medical images |
US8731259B2 (en) | 2004-11-04 | 2014-05-20 | Dr Systems, Inc. | Systems and methods for matching, naming, and displaying medical images |
US10614615B2 (en) | 2004-11-04 | 2020-04-07 | Merge Healthcare Solutions Inc. | Systems and methods for viewing medical 3D imaging volumes |
US10782862B2 (en) | 2004-11-04 | 2020-09-22 | Merge Healthcare Solutions Inc. | Systems and methods for viewing medical images |
US8626527B1 (en) * | 2004-11-04 | 2014-01-07 | Dr Systems, Inc. | Systems and methods for retrieval of medical data |
US8610746B2 (en) | 2004-11-04 | 2013-12-17 | Dr Systems, Inc. | Systems and methods for viewing medical 3D imaging volumes |
US10790057B2 (en) | 2004-11-04 | 2020-09-29 | Merge Healthcare Solutions Inc. | Systems and methods for retrieval of medical data |
US7849199B2 (en) | 2005-07-14 | 2010-12-07 | Yahoo ! Inc. | Content router |
US20070101412A1 (en) * | 2005-10-28 | 2007-05-03 | Yahoo! Inc. | Low code-footprint security solution |
US7725927B2 (en) | 2005-10-28 | 2010-05-25 | Yahoo! Inc. | Low code-footprint security solution |
US8024290B2 (en) | 2005-11-14 | 2011-09-20 | Yahoo! Inc. | Data synchronization and device handling |
US8065680B2 (en) | 2005-11-15 | 2011-11-22 | Yahoo! Inc. | Data gateway for jobs management based on a persistent job table and a server table |
US9367832B2 (en) | 2006-01-04 | 2016-06-14 | Yahoo! Inc. | Synchronizing image data among applications and devices |
US20070174246A1 (en) * | 2006-01-25 | 2007-07-26 | Sigurdsson Johann T | Multiple client search method and system |
US10896745B2 (en) | 2006-11-22 | 2021-01-19 | Merge Healthcare Solutions Inc. | Smart placement rules |
US9672477B1 (en) | 2006-11-22 | 2017-06-06 | D.R. Systems, Inc. | Exam scheduling with customer configured notifications |
US8457990B1 (en) | 2006-11-22 | 2013-06-04 | Dr Systems, Inc. | Smart placement rules |
US8751268B1 (en) | 2006-11-22 | 2014-06-10 | Dr Systems, Inc. | Smart placement rules |
US8554576B1 (en) | 2006-11-22 | 2013-10-08 | Dr Systems, Inc. | Automated document filing |
US10157686B1 (en) | 2006-11-22 | 2018-12-18 | D.R. Systems, Inc. | Automated document filing |
US9754074B1 (en) | 2006-11-22 | 2017-09-05 | D.R. Systems, Inc. | Smart placement rules |
US8305604B2 (en) * | 2007-04-18 | 2012-11-06 | Hewlett-Packard Development Company, L.P. | System and method of network printing |
US20080263675A1 (en) * | 2007-04-18 | 2008-10-23 | Mcintyre Kevin | System and method of network printing |
US20080304664A1 (en) * | 2007-06-07 | 2008-12-11 | Shanmugathasan Suthaharan | System and a method for securing information |
US20090207999A1 (en) * | 2008-02-18 | 2009-08-20 | Kabushiki Kaisha Toshiba | Decryption processing apparatus, system, method, and computer program product |
US11765161B2 (en) | 2008-04-10 | 2023-09-19 | Dignity Health | Anonymous association system utilizing biometrics |
US10270766B2 (en) | 2008-04-10 | 2019-04-23 | Dignity Health | Anonymous association system utilizing biometrics |
US10623404B2 (en) | 2008-04-10 | 2020-04-14 | Dignity Health | Anonymous association system utilizing biometrics |
US11115412B2 (en) | 2008-04-10 | 2021-09-07 | Dignity Health | Anonymous association system utilizing biometrics |
US20130081145A1 (en) * | 2008-04-10 | 2013-03-28 | Alan M. Pitt | Anonymous association system utilizing biometrics |
US8302162B1 (en) * | 2008-06-11 | 2012-10-30 | Symantec Operating Corporation | Backup and archival of hosted online content |
US20100115290A1 (en) * | 2008-11-05 | 2010-05-06 | Reiner Walch | Keyboard and method for secure transmission of data |
US10592688B2 (en) | 2008-11-19 | 2020-03-17 | Merge Healthcare Solutions Inc. | System and method of providing dynamic and customizable medical examination forms |
US9501627B2 (en) | 2008-11-19 | 2016-11-22 | D.R. Systems, Inc. | System and method of providing dynamic and customizable medical examination forms |
US8380533B2 (en) | 2008-11-19 | 2013-02-19 | DR Systems Inc. | System and method of providing dynamic and customizable medical examination forms |
US9053331B2 (en) | 2009-07-06 | 2015-06-09 | Gemalto Sa | Securisation of a remote executable code using a footprint of the computer recipient |
US20110013955A1 (en) * | 2009-07-14 | 2011-01-20 | Samsung Electronics Co. Ltd. | Heating member having resistive heating layer and fusing device using the same |
US9042617B1 (en) | 2009-09-28 | 2015-05-26 | Dr Systems, Inc. | Rules-based approach to rendering medical imaging data |
US9501617B1 (en) | 2009-09-28 | 2016-11-22 | D.R. Systems, Inc. | Selective display of medical images |
US10607341B2 (en) | 2009-09-28 | 2020-03-31 | Merge Healthcare Solutions Inc. | Rules-based processing and presentation of medical images based on image plane |
US8712120B1 (en) | 2009-09-28 | 2014-04-29 | Dr Systems, Inc. | Rules-based approach to transferring and/or viewing medical images |
US9684762B2 (en) | 2009-09-28 | 2017-06-20 | D.R. Systems, Inc. | Rules-based approach to rendering medical imaging data |
US9386084B1 (en) | 2009-09-28 | 2016-07-05 | D.R. Systems, Inc. | Selective processing of medical images |
US9892341B2 (en) | 2009-09-28 | 2018-02-13 | D.R. Systems, Inc. | Rendering of medical images using user-defined rules |
US9934568B2 (en) | 2009-09-28 | 2018-04-03 | D.R. Systems, Inc. | Computer-aided analysis and rendering of medical images using user-defined rules |
US20110238498A1 (en) * | 2010-03-29 | 2011-09-29 | Microsoft Corporation | Service stage for subscription management |
US20110293096A1 (en) * | 2010-05-27 | 2011-12-01 | Bladelogic, Inc. | Multi-Level Key Management |
US8971535B2 (en) * | 2010-05-27 | 2015-03-03 | Bladelogic, Inc. | Multi-level key management |
US9866375B2 (en) | 2010-05-27 | 2018-01-09 | Bladelogic, Inc. | Multi-level key management |
US9906626B2 (en) * | 2010-09-24 | 2018-02-27 | Imdb.Com, Inc. | Resource demand-based network page generation |
US20140229533A1 (en) * | 2010-09-24 | 2014-08-14 | Imdb.Com, Inc. | Client-side network page generation |
US9542203B2 (en) | 2010-12-06 | 2017-01-10 | Microsoft Technology Licensing, Llc | Universal dock for context sensitive computing device |
US9870028B2 (en) | 2010-12-06 | 2018-01-16 | Microsoft Technology Licensing, Llc | Universal dock for context sensitive computing device |
US9801074B2 (en) | 2010-12-09 | 2017-10-24 | Microsoft Technology Licensing, Llc | Cognitive use of multiple regulatory domains |
US9462479B2 (en) | 2010-12-09 | 2016-10-04 | Microsoft Technology Licensing, Llc | Cognitive use of multiple regulatory domains |
US9178652B2 (en) | 2010-12-09 | 2015-11-03 | Microsoft Technology Licensing, Llc | Cognitive use of multiple regulatory domains |
US8923770B2 (en) | 2010-12-09 | 2014-12-30 | Microsoft Corporation | Cognitive use of multiple regulatory domains |
US8589991B2 (en) | 2010-12-14 | 2013-11-19 | Microsoft Corporation | Direct connection with side channel control |
US9813466B2 (en) | 2010-12-14 | 2017-11-07 | Microsoft Technology Licensing, Llc | Direct connection with side channel control |
US8792429B2 (en) | 2010-12-14 | 2014-07-29 | Microsoft Corporation | Direct connection with side channel control |
US9450995B2 (en) | 2010-12-14 | 2016-09-20 | Microsoft Technology Licensing, Llc | Direct connection with side channel control |
US9998522B2 (en) | 2010-12-16 | 2018-06-12 | Microsoft Technology Licensing, Llc | Fast join of peer to peer group with power saving mode |
US8948382B2 (en) | 2010-12-16 | 2015-02-03 | Microsoft Corporation | Secure protocol for peer-to-peer network |
US9294545B2 (en) | 2010-12-16 | 2016-03-22 | Microsoft Technology Licensing, Llc | Fast join of peer to peer group with power saving mode |
US10575174B2 (en) | 2010-12-16 | 2020-02-25 | Microsoft Technology Licensing, Llc | Secure protocol for peer-to-peer network |
US9596220B2 (en) | 2010-12-16 | 2017-03-14 | Microsoft Technology Licensing, Llc | Secure protocol for peer-to-peer network |
US9008610B2 (en) | 2010-12-17 | 2015-04-14 | Microsoft Corporation | Operating system supporting cost aware applications |
US9338309B2 (en) | 2010-12-17 | 2016-05-10 | Microsoft Technology Licensing, Llc | Operating system supporting cost aware applications |
US10044515B2 (en) | 2010-12-17 | 2018-08-07 | Microsoft Technology Licensing, Llc | Operating system supporting cost aware applications |
US8971841B2 (en) | 2010-12-17 | 2015-03-03 | Microsoft Corporation | Operating system supporting cost aware applications |
US20130117555A1 (en) * | 2010-12-22 | 2013-05-09 | Qian Yang | Method and system for data encryption and decryption in data transmission through the web |
US8966243B2 (en) * | 2010-12-22 | 2015-02-24 | Tencent Technology (Shenzhen) Company Limited | Method and system for data encryption and decryption in data transmission through the web |
US20120278900A1 (en) * | 2011-01-24 | 2012-11-01 | Vince Sebald | Systems and methods for regulatory compliance with qualified systems |
US9053441B2 (en) * | 2011-01-24 | 2015-06-09 | GxPReady, Inc. | Systems and methods for regulatory compliance with qualified systems |
US9092551B1 (en) | 2011-08-11 | 2015-07-28 | D.R. Systems, Inc. | Dynamic montage reconstruction |
US9092727B1 (en) | 2011-08-11 | 2015-07-28 | D.R. Systems, Inc. | Exam type mapping |
US10579903B1 (en) | 2011-08-11 | 2020-03-03 | Merge Healthcare Solutions Inc. | Dynamic montage reconstruction |
US20140298013A1 (en) * | 2011-10-28 | 2014-10-02 | Danmarks Tekniske Universitet | Dynamic encryption method |
US10469455B2 (en) * | 2011-10-28 | 2019-11-05 | Danmarks Tekniske Universitet | Dynamic encryption method |
WO2014009813A2 (en) * | 2012-07-12 | 2014-01-16 | Md Databank Corp | Secure storage system and uses thereof |
WO2014009813A3 (en) * | 2012-07-12 | 2014-03-27 | Md Databank Corp | Secure storage system and uses thereof |
US20140195804A1 (en) * | 2012-10-12 | 2014-07-10 | Safelylocked, Llc | Techniques for secure data exchange |
US20140143553A1 (en) * | 2012-11-20 | 2014-05-22 | Cloudioh Inc. | Method and Apparatus for Encapsulating and Encrypting Files in Computer Device |
US10665342B2 (en) | 2013-01-09 | 2020-05-26 | Merge Healthcare Solutions Inc. | Intelligent management of computerized advanced processing |
US11094416B2 (en) | 2013-01-09 | 2021-08-17 | International Business Machines Corporation | Intelligent management of computerized advanced processing |
US10672512B2 (en) | 2013-01-09 | 2020-06-02 | Merge Healthcare Solutions Inc. | Intelligent management of computerized advanced processing |
US20140280347A1 (en) * | 2013-03-14 | 2014-09-18 | Konica Minolta Laboratory U.S.A., Inc. | Managing Digital Files with Shared Locks |
US11783089B2 (en) * | 2013-03-29 | 2023-10-10 | Secturion Systems, Inc. | Multi-tenancy architecture |
US20220019699A1 (en) * | 2013-03-29 | 2022-01-20 | Secturion Systems, Inc. | Multi-tenancy architecture |
US11921906B2 (en) | 2013-03-29 | 2024-03-05 | Secturion Systems, Inc. | Security device with programmable systolic-matrix cryptographic module and programmable input/output interface |
CN103685557A (en) * | 2013-12-26 | 2014-03-26 | 金蝶软件(中国)有限公司 | Method and device for uploading and downloading file |
US20180060547A1 (en) * | 2014-12-12 | 2018-03-01 | Excalibur Ip, Llc | User authentication and data encryption |
US10437970B2 (en) * | 2014-12-12 | 2019-10-08 | Excalibur Ip, Llc | User authentication and data encryption |
KR102442269B1 (en) | 2015-04-10 | 2022-09-08 | 피씨엠에스 홀딩스, 인크. | Systems and methods for delegation of cloud computing processes |
KR20180011074A (en) * | 2015-04-10 | 2018-01-31 | 피씨엠에스 홀딩스, 인크. | Systems and methods for delegation of cloud computing processes |
US10929508B2 (en) | 2015-04-30 | 2021-02-23 | Merge Healthcare Solutions Inc. | Database systems and interactive user interfaces for dynamic interaction with, and indications of, digital medical image data |
US10909168B2 (en) | 2015-04-30 | 2021-02-02 | Merge Healthcare Solutions Inc. | Database systems and interactive user interfaces for dynamic interaction with, and review of, digital medical image data |
US11792169B2 (en) | 2015-09-17 | 2023-10-17 | Secturion Systems, Inc. | Cloud storage using encryption gateway with certificate authority identification |
US10078759B1 (en) * | 2018-01-19 | 2018-09-18 | Griffin Group Global, LLC | System and method for data sharing via a data structure having different-scheme-derived portions |
US10068099B1 (en) * | 2018-01-19 | 2018-09-04 | Griffin Group Global, LLC | System and method for providing a data structure having different-scheme-derived portions |
Also Published As
Publication number | Publication date |
---|---|
AU2001250991A1 (en) | 2001-10-08 |
WO2001073530A2 (en) | 2001-10-04 |
US6665709B1 (en) | 2003-12-16 |
WO2001073530A3 (en) | 2002-08-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20010042124A1 (en) | Web-based method, apparatus, and system for secure data storage | |
USRE47443E1 (en) | Document security system that permits external users to gain access to secured files | |
US6064736A (en) | Systems, methods and computer program products that use an encrypted session for additional password verification | |
US6931532B1 (en) | Selective data encryption using style sheet processing | |
US7512810B1 (en) | Method and system for protecting encrypted files transmitted over a network | |
US6941459B1 (en) | Selective data encryption using style sheet processing for decryption by a key recovery agent | |
US5812764A (en) | Password management system over a communications network | |
US7730543B1 (en) | Method and system for enabling users of a group shared across multiple file security systems to access secured files | |
US5732137A (en) | Method and apparatus for secure remote authentication in a public network | |
US6961849B1 (en) | Selective data encryption using style sheet processing for decryption by a group clerk | |
US6978367B1 (en) | Selective data encryption using style sheet processing for decryption by a client proxy | |
US9286484B2 (en) | Method and system for providing document retention using cryptography | |
US7096355B1 (en) | Dynamic encoding algorithms and inline message decryption | |
US8737624B2 (en) | Secure email communication system | |
US7725716B2 (en) | Methods and systems for encrypting, transmitting, and storing electronic information and files | |
US20050223414A1 (en) | Method and system for providing cryptographic document retention with off-line access | |
US20050071657A1 (en) | Method and system for securing digital assets using time-based security criteria | |
US20020178366A1 (en) | Method for performing on behalf of a registered user an operation on data stored on a publicly accessible data access server | |
US20050076082A1 (en) | Method and system for managing the exchange of files attached to electronic mails | |
US7707416B2 (en) | Authentication cache and authentication on demand in a distributed network environment | |
US20050138371A1 (en) | Method and system for distribution of notifications in file security systems | |
US8370630B2 (en) | Client device, mail system, program, and recording medium | |
US20060212716A1 (en) | Apparatus and method for providing secure communication on a network | |
US20030188201A1 (en) | Method and system for securing access to passwords in a computing network environment | |
JP2006514478A (en) | Online / offline decoding system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SECURIT-E-DOC, INC., FLORIDA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BARRON, ROBERT H.;REEL/FRAME:015466/0791 Effective date: 20010125 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |