GB2471079A - Peer to peer managed file transfer - Google Patents

Peer to peer managed file transfer Download PDF

Info

Publication number
GB2471079A
GB2471079A GB0910236A GB0910236A GB2471079A GB 2471079 A GB2471079 A GB 2471079A GB 0910236 A GB0910236 A GB 0910236A GB 0910236 A GB0910236 A GB 0910236A GB 2471079 A GB2471079 A GB 2471079A
Authority
GB
United Kingdom
Prior art keywords
peer
file
recipient
file transfer
direct
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0910236A
Other versions
GB0910236D0 (en
Inventor
Peter Kingston Thomas
Thomas Irvine Stringer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0910236A priority Critical patent/GB2471079A/en
Publication of GB0910236D0 publication Critical patent/GB0910236D0/en
Publication of GB2471079A publication Critical patent/GB2471079A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • H04L29/08117
    • H04L29/08306
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • H04L29/06625
    • H04L29/06714
    • H04L29/06863
    • H04L29/0687
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A method for establishing a secure communications data stream between two remote computers for the immediate and direct transfer of an encrypted data file without the need for either of the remote computers to establish a server style inbound listening connection. The data stream is managed by a central server which can dynamically determine if the recipient computer is currently on-line and available to receive the connection. If so, the data is streamed between the sender and the recipient through the central server to allow control and status tracking information to be maintained but without any of the data being stored on the central server. If the recipient computer is not on-line, the central server stores the (encrypted) data for immediate delivery once the recipient computer comes on-line. X.509 certificates may be used to create a session key used for the encrypted file transfer. Digital signatures for the file may also be used to verify correct receipt of the file by the recipient and to generate a return signature to provide proof of delivery to the sender. Notifications may also be used such that the sender client notifies the server of the desire to send a file to the recipient peer and sends the file when the recipient peer has indicated that it is ready to receive the file.

Description

Description.
A method for creating a secure communications data stream between two remote computers for the immediate and direct transfer of encrypted and authenticated data without the need for either of the remote computers to establish a server style inbound listening connection.
* The sender client issues a notification to the central server of the intention to send a file to the designated recipient.
* The central server checks to determine if the designated recipient has an established connection to the central server, if so; the file will be transmitted via the direct peer to peer file transfer process.
* The central server sends a notification to the designated recipient that a request has been received to send a file using the direct peer to peer file transfer mechanism.
* On receipt of this notification, the designated recipient send a command to the central service indicating that it is now ready to receive the file.
* The central server notifies the sender client that it can now proceed with the secure direct peer to peer file transfer.
* The sender client establishes a connection to the central directory to obtain the current copy of the recipient's X.509 certificate which is used to create a uniquely encrypted session key.
* The sender client sends the session key header to the central server which immediately forwards the session key header on to the designated recipient.
* The designated recipient will establish a connection to the central directory to obtain a copy of the sender's X.509 certificate which is used to decrypt the session key and then send a response back to the central server which is immediately send on to the sender client.
* The sender client will now stream encrypted data blocks through the central server to the designated recipient where they will be decrypted. No data is stored at the central server.
* When the file has been fully sent, the sender client will create a digital signature of the file and send it through the central server to the designated recipient.
* On receipt, the designated recipient will verify the digital signature, extract the message integrity check (MIC), create a digital signature based on this MIC and return the signature through the central server to the sender client.
* The sender client verifies that the received signature is correct to establish a Proof of Delivery' which completes the process.

Claims (1)

  1. Claims relating to the Direct Peer to Peer Managed File Transfer (MFT) process are as follows: - -For the direct peer to peer file transfer process to work neither sending nor recipient client needs to make an inbound firewall connection, both communicating machines only need to open up outbound firewall sessions.
    2 -For the direct peer to peer file transfer to take place the two outbound firewall connections are connected together by the MFT server and the data is streamed directly from client to client through the server in an encrypted form, using public/private key (PKI) certificates over a secure SSL communications session where digital signatures are used to verify the data and provide proof of delivery..
    3 -For the direct peer to peer file transfer to take place both clients need to be active at the same time, if not the sent file is stored on the central server in an encrypted form until the recipient client becomes active when the data is immediately and automatically received by the recipient client via and outbound firewall session.
    4 -The direct peer to peer file transfer facility provides a complete stage by stage, end to end, application to application audit and security trail to both sender and recipient.-Part of the direct peer to peer file transfer facility includes attaching the latest public key of the recipient client (obtained automatically from the MFT directory) prior to the direct transmission of the file to the recipient client.Amendments to the claims have been filed as follows.Claims relating to the Direct Peer to Peer Managed File Transfer (MFT) process are as follows: - -For the direct peer to peer file transfer process to work neither sending nor recipient client needs to make an inbound firewall connection, both sending and receiving clients/machines only need to open up outbound firewall sessions to the central server and listen for notifications. When a request to receive a file is notified, the recipient client will open up a new outbound connection to the central server to receive the file directly from the sender.2 -For the direct peer to peer file transfer process to work the recipient must previously have agreed to accept files from the sender. If this has not happened the transfer will not be permitted to proceed.3-For the direct peer to peer file transfer to take place the two outbound firewall connections are connected together by the MFT server and the data is streamed directly from client to client in an encrypted form, using public/private key (PKI) certificates (automatically obtained by the MFT directory), over a secure SSL communications session where the digital signatures are used to verify the data (error checking) and provide proof of delivery.4 -For the direct peer to peer file transfer to take place both clients need to be active at the same time, if not the sent file is stored on the central server in an encrypted form until the recipient client becomes active when the data is immediately and automatically received by the recipient client via an outbound firewall session.-The direct peer to peer file transfer facility provides a complete stage by stage, end to end, application to application audit and security trail to both sender and recipient.6 -Part of the direct peer to peer file transfer facility includes attaching the latest public key of the recipient client (obtained automatically from the MFT directory) prior to the direct transmission of the file to the recipient client.
GB0910236A 2009-06-15 2009-06-15 Peer to peer managed file transfer Withdrawn GB2471079A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0910236A GB2471079A (en) 2009-06-15 2009-06-15 Peer to peer managed file transfer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0910236A GB2471079A (en) 2009-06-15 2009-06-15 Peer to peer managed file transfer

Publications (2)

Publication Number Publication Date
GB0910236D0 GB0910236D0 (en) 2009-07-29
GB2471079A true GB2471079A (en) 2010-12-22

Family

ID=40940796

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0910236A Withdrawn GB2471079A (en) 2009-06-15 2009-06-15 Peer to peer managed file transfer

Country Status (1)

Country Link
GB (1) GB2471079A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013041460A3 (en) * 2011-09-20 2013-05-16 Hoccer GmbH System and method for the safe spontaneous transmission of confidential data over unsecure connections and switching computers
CN103365865A (en) * 2012-03-29 2013-10-23 腾讯科技(深圳)有限公司 Methods and devices for storing and downloading data

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020138744A1 (en) * 2001-03-21 2002-09-26 Schleicher Jorg Gregor Method and system for providing a secure peer-to peer file delivery network
WO2003021464A2 (en) * 2001-09-05 2003-03-13 Rubenstein, Allen, I. Secure remote access between peers
US20030105812A1 (en) * 2001-08-09 2003-06-05 Gigamedia Access Corporation Hybrid system architecture for secure peer-to-peer-communications
US20030163697A1 (en) * 2002-02-25 2003-08-28 Pabla Kuldip Singh Secured peer-to-peer network data exchange
WO2006084036A2 (en) * 2005-02-02 2006-08-10 Seamless Peer 2 Peer, Inc. System and method for providing peer-to-peer communication
EP1735941A2 (en) * 2004-03-31 2006-12-27 Qurio Holdings, Inc. Method and system for providing web browsing through a firewall in a peer to peer network
US7170999B1 (en) * 2002-08-28 2007-01-30 Napster, Inc. Method of and apparatus for encrypting and transferring files

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020138744A1 (en) * 2001-03-21 2002-09-26 Schleicher Jorg Gregor Method and system for providing a secure peer-to peer file delivery network
US20030105812A1 (en) * 2001-08-09 2003-06-05 Gigamedia Access Corporation Hybrid system architecture for secure peer-to-peer-communications
WO2003021464A2 (en) * 2001-09-05 2003-03-13 Rubenstein, Allen, I. Secure remote access between peers
US20030163697A1 (en) * 2002-02-25 2003-08-28 Pabla Kuldip Singh Secured peer-to-peer network data exchange
US7170999B1 (en) * 2002-08-28 2007-01-30 Napster, Inc. Method of and apparatus for encrypting and transferring files
EP1735941A2 (en) * 2004-03-31 2006-12-27 Qurio Holdings, Inc. Method and system for providing web browsing through a firewall in a peer to peer network
WO2006084036A2 (en) * 2005-02-02 2006-08-10 Seamless Peer 2 Peer, Inc. System and method for providing peer-to-peer communication

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013041460A3 (en) * 2011-09-20 2013-05-16 Hoccer GmbH System and method for the safe spontaneous transmission of confidential data over unsecure connections and switching computers
US9369442B2 (en) 2011-09-20 2016-06-14 Hoccer GmbH System and method for the safe spontaneous transmission of confidential data over unsecure connections and switching computers
AU2012311701B2 (en) * 2011-09-20 2016-09-29 Hoccer GmbH System and method for the safe spontaneous transmission of confidential data over unsecure connections and switching computers
CN103365865A (en) * 2012-03-29 2013-10-23 腾讯科技(深圳)有限公司 Methods and devices for storing and downloading data
CN103365865B (en) * 2012-03-29 2017-07-11 腾讯科技(深圳)有限公司 Date storage method, data download method and its device

Also Published As

Publication number Publication date
GB0910236D0 (en) 2009-07-29

Similar Documents

Publication Publication Date Title
US10313135B2 (en) Secure instant messaging system
JP4959750B2 (en) Dynamic connection to multiple origin servers with transcoding proxy
Altman et al. Channel bindings for TLS
US20100138660A1 (en) Secure communication session setup
CN105871797A (en) Handshake method, device and system of client and server
US20050182937A1 (en) Method and system for sending secure messages over an unsecured network
WO2008030523A2 (en) Real privacy management authentication system
JPH09162860A (en) Method and system for providing safe edi across open network
JP4235824B2 (en) Encryption device
WO2010025638A1 (en) Method, equipment and system of peer to peer live broadcast stream transfer
CN111064738B (en) TLS (transport layer Security) secure communication method and system
WO2008040213A1 (en) Message encryption and signature method, system and device in communication system
WO2010088812A1 (en) Transmission method, system and wapi terminal for instant message
EP2372947A1 (en) Secure and traceable digital transmission method and envelope
JP2013507034A (en) Sending protected data over a communication network
CN106713338A (en) Long connection tunnel establishment method based on server hardware information
GB2471079A (en) Peer to peer managed file transfer
WO2007134082A2 (en) Security-preserving proxy tunnel
CN117353932A (en) P2P-based cross-platform clip data sharing method
JP2013513268A5 (en)
CN115396153A (en) Data communication method, computer equipment and storage medium
CN111130796B (en) Secure online cloud storage method in instant messaging
Shaikh et al. A survey on SSL packet structure
Meadors Secure electronic data interchange over the Internet
LU100700B1 (en) Method and devices for keyless secure data communication

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)