NL2011857C2 - Secure single sign-on exchange of electronic data. - Google Patents

Secure single sign-on exchange of electronic data. Download PDF

Info

Publication number
NL2011857C2
NL2011857C2 NL2011857A NL2011857A NL2011857C2 NL 2011857 C2 NL2011857 C2 NL 2011857C2 NL 2011857 A NL2011857 A NL 2011857A NL 2011857 A NL2011857 A NL 2011857A NL 2011857 C2 NL2011857 C2 NL 2011857C2
Authority
NL
Netherlands
Prior art keywords
pass code
password
recipient
message
sender
Prior art date
Application number
NL2011857A
Other languages
Dutch (nl)
Other versions
NL2011857A (en
Inventor
Jaap Kamp
Eduard Martinus Maria Haan
Jacobus Cornelis Rasser
Original Assignee
Urplug B V
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Urplug B V filed Critical Urplug B V
Priority to NL2011857A priority Critical patent/NL2011857C2/en
Priority to PCT/NL2014/000046 priority patent/WO2015080571A1/en
Publication of NL2011857A publication Critical patent/NL2011857A/en
Application granted granted Critical
Publication of NL2011857C2 publication Critical patent/NL2011857C2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/08Annexed information, e.g. attachments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Resources & Organizations (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method is disclosed for secure exchange of electronic data using single sign-on. According to the method an outgoing e-mail message is provided with a first pass code. The message is placed on a secure server, and the recipient receives a notification message comprising a link to the message on the server. The recipient enters a second pass code, which provides access to the e-mail on the secure server. According to the method at least one of the steps of providing a first pass code to the e-mail message and of providing a second pass code to the server is automated. In a preferred embodiment both steps are automated. Users having signed on to a secure environment can send and/or receive pass code protected e- mail messages without manually entering pass codes. In addition to e-mail as a means to send a notification, the notification also can be sent by means of social media, sms message or portable storage like an usb stick or a laptop. The address of the recipient can be an email address, a mobile phone number or another kind of destination. The content to be disclosed by the described single sign-on process can be stored encrypted in an email message, on a server in the cloud, on a device at the recipient, on a device at the sender or on portable storage. The encryption can be on file level or on the level of the container of the file such as an email message, a folder or a portable device..

Description

SECURE SINGLE SIGN-ON EXCHANGE OF ELECTRONIC DATA BACKGROUND OF THE INVENTION 1. Field of the Invention
The invention relates generally a method for secure exchange of electronic data and more specifically to such a method not requiring at least one of the sender and the recipient of the electronic data to take affirmative security steps. 2. Description of the Related Art
Prior art processes are known in which the sender of an electronic data package associates the data package with a pass code, requiring the recipient to enter the pass code before the data package can be received. These prior art processes have serious drawbacks.
One drawback of the prior art processes is that a pass code must be communicated to the recipient. This is often done by electronic mail, which poses a security risk if the message containing the pass code is intercepted by a hacker. This risk is amplified if the pass code is sent in the same e-mail as the electronic data package. The risk is mitigated somewhat if the pass code and the electronic data package are sent in separate e-mails, but this is inconvenient to both the sender and the recipient. Moreover, this practice is still far from risk free, because the two e-mail messages are typically sent within minutes or even seconds from each other, and therefore subject to interception by a single hacker, who then gains access to both the electronic data package and the pass code.
Another drawback of the prior art processes is that the sender may make a typographical error when associating the pass code to the electronic data package and/or when communicating the pass code to the recipient. Such error causes the recipient to make several failed attempts at accessing the electronic data package, necessitates further communication between the recipient and the sender, and delay on the electronic data transfer.
Sender and recipient may pre-agree on a fixed pass code, which they then use for all their data communications. This practice does not alleviate the problem of potential typographical error on the part of the sender. In addition, the use of fixed pass codes, which are often stored in unsecured places, is inherently vulnerable to security attacks.
Perhaps the most serious drawback of the prior art processes is that they are perceived as cumbersome by the users, prompting them to bypass the security measures altogether. This practice, which is unfortunately very common, completely undermines the security of the system.
Thus, there is a need for a method for electronic data exchange that relieves at least one of the sender and the recipient, and preferably both, from the inconveniences of sending or receiving pass code protected communications.
The above mentioned drawbacks pertain to secure e-mail but also to pass code protected file transfer, storage and retrieval of pass code protected data ‘in the cloud’ and sending pass code protected files in unprotected e-mail.
Another kind of prior art processes is secure e-mail with only the data transfer being secured, leaving the data in the mailboxes relatively unprotected. The risk of data leakage is obvious, taking into account a too broad authorization to the mailboxes, synchronization of e-mail to smart phone, auto-forwarding to a less secure mailbox over an unprotected connection and the mailbox being hacked. It may be clear that a process in which only the data transfer process is protected, is not secure. This corroborates the need for a data transfer process supported by a pass code to protect the mails, but without the said inconveniences.
Related prior art examples are the use of a SAML token or OpenID to get easy access to applications ‘in the cloud’. SAML and OpenID are based on a user using a web browser, which lacks the security of a secure network.
BRIEF SUMMARY OF THE INVENTION
The present invention addresses these problems by providing a method for secure exchange of electronic data using single sign-on, said method comprising the steps of: a. preparing a data package by a sender for electronic transfer to a recipient; b. associating the data package with a first pass code; c. placing the data package on a server which is accessible by the recipient; d. sending an electronic message to the recipient, said electronic message comprising a link to the data package; e. obtaining a second pass code; f. retrieving the data package from the server using the second pass code; wherein at least one of steps b. and e. is carried out automatically.
Another aspect is a secure network comprising means for implementing the method of the invention.
Yet another aspect is a means for making a secure network capable of implementing the method of the invention.
BRIEF DESCRIPTION OF THE FIGURE
Figure 1 schematically represents an embodiment of the method of the invention. DETAILED DESCRIPTION OF THE INVENTION The following is a detailed description of the invention.
Definitions
The term “computer” as used herein means any device capable of sending and/or receiving electronic data via a network or the Internet. As used herein the term encompasses devices such as mainframe computers; desktop computers; laptop computers; tablets, such as iPads; smart phones; and the like.
The term “data package” as used herein means any collection of digital information capable of being transferred via a network or the Internet. The term includes files in any electronic format, such as .doc; .docx; jpeg; xls; pdf; ppt; html; and the like. It also includes both e-mail messages and any attachments to such messages.
The term “pass code” as used herein refers to any form of electronic identification or protection by an access code. The term includes strings of numbers, letters or symbols in any combination. The term further includes alternate identifiers, such as mathematical formulas, biometric data based on a user’s retina, fingerprint or other uniquely personal feature; and the like.
The term “secure network” as used herein means a network having access limited to authorized users. Generally an authorized user may gain access to the secure network using a sign-on procedure or protocol. The sign-on procedure may include entering a user id and a password, and may involve additional security measures, such as correctly responding to a challenge, answering specific security questions only an authorized user is supposed to know, entering a code transmitted to the authorized user’s phone, etc. The sign-on procedure may be dependent on the location from which the user seeks access to the network. For example, an employee of a company may get wired access to the company’s secure network from a computer at a work location using a sign-on procedure requiring only entering a user id and a password, whereas the same employee seeking wireless access from a remote location may in addition need to respond to a randomly generated challenge. The term “secure network” can also mean an individual computer, as defined above, having access limited to an authorized user or users.
The term “single sign-on” or “SSO” as used herein refers to a feature of the invention allowing a user of the inventive method send, or to gain access to, pass code protected data packages after signing on to, for example, a secure network or a secure software package. Because the pass code or pass codes required by the user is or are retrieved or calculated by the secure network or the secure software, the user only needs to sign on to the secure network or the secure software in order to make use of the method of the invention. It will be understood that the user’s connection to the secure network may automatically terminate after a predetermined time after sign-on or after a predetermined time of inactivity, requiring the user to sign on again. This is considered to be within the definition of single sign-on.
In its broadest aspect the present invention relates to a method for secure exchange of electronic data using single sign-on, said method comprising the steps of: a. preparing a data package by a sender for electronic transfer to a recipient; b. associating the data package with a first pass code; c. placing the data package on a server which is accessible by the recipient; d. sending an electronic message to the recipient, said electronic message comprising a link to the data package; e. obtaining a second pass code; f. retrieving the data package from the server using the second pass code; wherein at least one of steps b. and e. is carried out automatically.
In a first main embodiment step b. is carried out automatically. This can be accomplished by using an e-mail software package that automatically attaches a pass code to an electronic data transfer. The software package may additionally include a notification in the e-mail message to alert the recipient that the data transfer is protected by a pass code. In this embodiment the recipient needs to obtain a second pass code in order to gain access to the electronic data package. The second pass code may be identical to the first pass code, or it may be different from the first pass code. In the latter case, the second pass code is associated with the first pass code such that it is recognized as the proper key for providing access to the data package.
In a preferred execution of this embodiment the sender is connected to a secure network, which contains a monitoring software package that imposes the use of a pass code on outgoing e-mail, and attaches pass codes to each outgoing e-mail message, or to selected e-mail messages identified as confidential. The said monitoring software uses a parameter as input, for instance the pass code itself. In a preferred execution of this embodiment the pass code is stored in the single sign on mechanism of the sender. Advantages are that the pass code parameter can be used both to send and to receive, and that the pass code can be used to protect both sent messages and attachments to such messages.
The recipient may obtain the second pass code in one of several ways. For example, the second pass code may have been previously communicated to the recipient, and memorized by the recipient or stored by the recipient in some form of memory, be it in analog form (as for example written down on paper) or in digital form. Or the second pass word may be communicated to the recipient within minutes from the sending of the message, for example by separate e-mail, by voice telephone call, in a telephone text message, or the like. Or the recipient may have access to software comprising an algorithm for calculating the second pass code. In a preferred embodiment the e-mail message received by the recipient may contain a seed code used by the algorithm to calculate the second pass code. The recipient needs to manually enter the second pass code in order to gain access to the data package.
This embodiment has the advantages that the sender can only send messages that are protected by a pass code. In addition, there is no risk transmitting an incorrect pass code due to a typographical error on the part of the sender. In addition, providing a pass code does not require any additional action by the sender, removing any incentive on the part of the sender to try and circumvent the security measures.
This embodiment has the disadvantage that it requires the recipient to take extra steps in order to gain access to the data package. In the best case this causes an inconvenience to the recipient. In case the recipient does not have access to the second pass code, for example because a memorized pass code has been forgotten, or an electronic or analog memory containing the pass code has been lost or compromised, or is at a remote location from the recipient, there can appreciable frustration and delay in the delivery of the data package.
In a second main embodiment step e. is automated, but step b. is not. In this embodiment a data transmission is pass code protected only if the sender takes the affirmative step of associating the data package with a first pass code. The second pass code is automatically obtained for the recipient. This may be done in one of several ways. For example, software present on the recipient’s computer may recognize the incoming e-mail as being pass word protected, and retrieve a previously stored pass code from the memory of the recipient’s computer or from the cloud. Or the e-mail message may contain a seed value that is used on the recipient’s computer to calculate the second pass code. In a preferred embodiment the recipient is connected to a secure network, which contains monitoring software that monitors incoming e-mail messages. When a pass code protected e-mail message comes in, the monitoring software recognizes the e-mail message as being pass code protected, and retrieves the required second pass code from a secure server, or calculates the second pass code using a predetermined algorithm.
The second pass code may be communicated to the recipient, for example displayed on the recipient’s computer screen. For additional security the second pass code may be communicated to the recipient by a separate channel of communication, for example as a text message to the recipient’s mobile phone. The recipient can then use the second pass code to gain access to the data package.
The method of this second main embodiment can be automated further by also automating step f., that is, the monitoring software establishes the link to the data package on the server, communicates the second pass code to the server, and causes the data package to be downloaded to the recipient’s computer.
The advantages of this second main embodiment are that the sender has control over whether a data transmission gets pass code protection, so that no pass code protection is used for messages containing only non-confidential information, and that the recipient does not need to take any affirmative steps to obtain the required second pass code.
The disadvantages of this second main embodiment are that the sender needs to take affirmative steps to secure a data transmission, potentially providing the sender with an incentive to bypass the security measures.
In a third main embodiment both steps b. and e. are automated. This embodiment combines the features of the first and second main embodiments. In addition step f. may also be automated, as described above in the context of the second main embodiment.
Preferably both the sender and the recipient are connected to different secure networks or to one common secure network. In this embodiment the secure network comprises a means for implementing the method of the invention. The secure network may belong to a company and connect employees, contractors and consultants to the company’s data and to each other. Other examples include networks of service providers having a need to communicate with their customers in a secure way and may wish to use the Internet for such communications. Examples include hospitals, insurance companies, banks, government agencies such as tax authorities, immigration authorities, court systems, and the like.
The network can be provided with software that automatically implements the method of the invention. The actual structure of this software depends on the type of pass code used for the method, as explained in more detail below.
As a first example the pass code is static and is known to all users who need to be able to send secured e-mail messages. When a new user is authorized, the new user is provided with a pass code conversion table, which may be placed on the user’s computer or in a dedicated portion of a server controlled by the network. When a sender sends a pass code protected e-mail message this message is placed on a server being part of a secure e-mail infrastructure, and the recipient initially only receives a notice with a link. When the recipient clicks on the link, the software retrieves the second pass code from the pass code conversion table. This second pass code enables the link. The recipient gains immediate access to the contents of the e-mail message. The pass code protocol is invisible to the recipient. For added security the second pass code may be encrypted with a key based on the recipient’s user id, for example.
This embodiment may be suitable for systems wherein a relatively small number of senders send pass code protected messages to a potentially large number of different recipients. The senders can be trained to apply sound judgment when deciding whether to pass code protect a message, or pass code protection may be used on all outgoing messages. As the number of senders in the system is limited, the risk of loss of secrecy of the first pass code is limited. Security may be enhanced by only allowing outgoing messages from computers that are hard wired to the network.
In a second embodiment the first pass code is static, but is only known to system administrators and/or the provider of the software. The first pass code is stored in a conversion table. The system automatically provides outgoing messages with the first pass code. As in the previous embodiment the recipient has been provided with a conversion table for retrieving the second pass code (which may or may not be identical to the first pass code).
As in this second embodiment the system is automated on both the sender’s side and the recipient’s side, their roles can be easily reversed. That is, if a recipient responds to a message, the response can be pass code protected with a first pass code retrieved from the user’s conversion table, and the receiver of the response can gain access to the content of the response using a second pass code retrieved from a corresponding conversion table on his or her end.
In a third pass code embodiment, the sender and the receiver are both provided with corresponding versions of an encryption algorithm. In this embodiment each pass code is used only once. For example, an outgoing message may be provided with a date-and-time signature, which is used as a seed value for calculating the pass code. The recipient’s software retrieves the date-and-time signature from the notification e-mail message, and uses it to calculate the pass code. As in other embodiments, for added security an additional unique identifier, such as the user id of the recipient, may be used for additional encryption.
In a fourth pass code embodiment use can be made of asymmetric encryption. For example by making use of a Public Key Infrastructure (“PKI”) the first and the second pass codes are different from each other, but “fit” onto each other. Depending on the type of implementation, certification may be needed on a general level, on a level of cooperating SSO providers, or on a community level.
In addition to associating an outgoing message with a pass code, a sender may be given additional tools for controlling the message. For example, the sender may limit delivery of the message to a specific computer, or to a specific time frame, to a specific geographic location, or a combination of such limitations. It is also possible for the sender to retain these capabilities even after the message has been sent. Software for implementing these additional security measures is available under the name FileSecure from Seel ore of Mumbai, India.
Another aspect of the invention is a secure network capable of implementing the method of the invention. Secure networks are well known to those skilled in the art. A secure network can be provided with a secure e-mail capability available from a number of providers. Such prior art secure e-mail systems require the sender and the recipient to enter the pass code associated with an e-mail message. The network can be upgraded to provide SSO to the sender, the recipient, or both.
To provide SSO to the sender, a pass code is stored in a sender lookup table, and the e-mail software is programmed to add the pass code to a notification e-mail that is sent to the recipient. Instead of a pass code from a lookup table, the software may contain an algorithm for calculating a pass code on an ad hoc basis. The e-mail message itself is not sent to the recipient, but is stored on a server that is part of the secure network. The notification e-mail contains a link to the e-mail message on the server.
The system further comprises a pass code generator on the recipient’s end. This may be a simple lookup table that is placed on the recipient’s computer at the time the recipient’s user account on the network is created. Instead of on the recipient’s computer, the lookup table may be placed in the cloud, so that the recipient has access to it when operating from different computers. The pass code generator may also be in the form of an encryption algorithm, which calculates the pass code on an ad hoc basis. It is desirable to have the sender’s end of the SSO system mirror the recipient’s end, so that each sender can also act as a recipient, and v.v.
Yet another aspect of the invention is a plug-in for upgrading a network to SSO capability. The plug-in may be a plug-in to an existing secure e-mail system, to provide SSO capability to a network already provided with secure e-mail. The plug-in may also be a full SSO secure e-mail package, in which case the plug-in may comprise a secure e-mail module and an SSO module.
It is desirable to protect messages and attachments at the sender’s end from unauthorized access. The pass code at the sender’s end can be used to realize this protection. The alternative is that sent e-mails remain unprotected in the out-box of the sender.
If a secure e-mail, according to this invention, is sent to a recipient not using this invention, there is a problem. Several solutions are possible. The first is that the sender communicates separately a pass code provided manually by the supplier of the invention or by an administrator or is originated using a token generator. A second solution is that the recipient becomes part of the community using the invention. A third solution is a fall back onto the secure e-mail mechanism without using the invention on the recipient’s end.
DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS/EXAMPLES
The following is a description of certain embodiments of the invention, given by way of example only.
Figure lisa schematic representation of an embodiment of the method of the invention.
Sender 2 on sender’s secure network 1 creates a pass code protected message 4, which is stored on server 6. At the same time sender’s secure network 1 sends a notification message 10 to recipient’s secure network 7. Recipient 3 clicks on a link in notification message 10, which triggers system 8 within recipient’s secure network 7 to translate the network credentials of recipient 3 to a second pass code. This second pass code is communicated to server 6, and results in e-mail message 5 being downloaded to the recipient’s secure network.
Thus, the invention has been described by reference to certain embodiments discussed above. It will be recognized that these embodiments are susceptible to various modifications and alternative forms well known to those of skill in the art.
Many modifications in addition to those described above may be made to the structures and techniques described herein without departing from the spirit and scope of the invention. Accordingly, although specific embodiments have been described, these are examples only and are not limiting upon the scope of the invention.

Claims (18)

1. Werkwijze voor veilige uitwisseling van elektronische gegevens met eenmalige aanmelding, welke werkwijze de stappen omvat van: a. het voorbereiden van een data pakket door een zender voor de elektronische overdracht naar een ontvanger; b. toevoegen van een eerste wachtwoord aan het data pakket; plaatsen van het data pakket op een server die toegankelijk is voor de ontvanger; c. sturen van een elektronische boodschap aan de ontvanger, welk elektronisch bericht met een link bevat naar het data pakket; d. verkrijgen van een tweede wachtwoord; e. ophalen van de gegevens pakket van de server met de tweede pas code; waarbij ten minste één van de stappen b. en e. automatisch wordt uitgevoerd.A method for secure exchange of electronic data with single sign-on, which method comprises the steps of: a. Preparing a data package by a sender for the electronic transfer to a receiver; b. adding a first password to the data package; placing the data package on a server that is accessible to the receiver; c. sending an electronic message to the receiver, which electronic message contains a link to the data package; d. obtaining a second password; e. retrieving the data package from the server with the second pass code; wherein at least one of the steps b. and e. is executed automatically. 2. Werkwijze volgens conclusie 1, waarbij de ontvanger is verbonden met een beveiligd netwerk, en stap e. automatisch wordt uitgevoerd door het beveiligde netwerk.The method of claim 1, wherein the receiver is connected to a secure network, and step e. is automatically performed by the secure network. 3. Werkwijze volgens conclusie 1 of 2, waarbij het eerste wachtwoord en het tweede wachtwoord identiek zijn.Method according to claim 1 or 2, wherein the first password and the second password are identical. 4. Werkwijze volgens conclusie 1 of 2, waarbij het eerste wachtwoord en het tweede wachtwoord verschillend zijn.The method of claim 1 or 2, wherein the first password and the second password are different. 5. Werkwijze volgens één der conclusies 1 tot 4, waarbij beide stappen b. en e. automatisch worden uitgevoerd.The method according to any of claims 1 to 4, wherein both steps b. and e. run automatically. 6. Werkwijze volgens één der voorgaande conclusies waarbij ten minste het eerste wachtwoord een statisch wachtwoord is.A method according to any one of the preceding claims wherein at least the first password is a static password. 7. Werkwijze volgens conclusie 6, waarbij het data pakket door de verzender handmatig wordt voorzien met het eerste wachtwoord.The method of claim 6, wherein the data package is manually supplied by the sender with the first password. 8. Werkwijze volgens één der conclusies 1 tot 5, waarbij ten minste het eerste wachtwoord een dynamisch wachtwoord is.The method of any one of claims 1 to 5, wherein at least the first password is a dynamic password. 9. Werkwijze volgens een der voorgaande conclusies, waarbij de zender is verbonden met een beveiligd netwerk en stap b. wordt uitgevoerd door het beveiligde netwerk.A method according to any one of the preceding claims, wherein the transmitter is connected to a secure network and step b. is performed by the secure network. 10. Werkwijze volgens conclusie 8 of 9, waarbij het tweede wachtwoord een dynamisch wachtwoord is dat gegenereerd wordt op het beveiligde netwerk.The method of claim 8 or 9, wherein the second password is a dynamic password that is generated on the secure network. 11. Werkwijze volgens één der voorgaande conclusies, waarbij de afzender beperkingen oplegt op ontvangst van het data pakket.A method according to any one of the preceding claims, wherein the sender imposes restrictions on receipt of the data package. 12. Werkwijze volgens conclusie 11, waarbij de afzender het vermogen behoudt om beperkingen op ontvangst van het data pakket nadat het gegevenspakket is geplaatst op de server toegankelijk door de ontvanger.The method of claim 11, wherein the sender retains the ability to restrict the receipt of the data package after the data package is placed on the server accessible by the receiver. 13. Werkwijze volgens conclusie 2 of 9, waarbij een wachtwoord wordt gebruikt om zowel te verzenden en te ontvangen.The method of claim 2 or 9, wherein a password is used to both send and receive. 14. De werkwijze van conclusie 9, waarbij het eerste wachtwoord wordt gebruikt om verzonden data pakketten aan de zijde van de afzender te beschermen tegen onbevoegde toegang.The method of claim 9, wherein the first password is used to protect sent data packets on the sender's side from unauthorized access. 15. Werkwijze volgens één der conclusies 1 tot 14 toegepast op wachtwoord beveiligde bestandsoverdracht.The method of any one of claims 1 to 14 applied to password protected file transfer. 16. De werkwijze volgens één van de conclusies 1 tot en met 14 toegepast op de opslag en het terugvinden van wachtwoord beschermde data 'in de cloud'The method of any one of claims 1 to 14 applied to the storage and retrieval of password protected data "in the cloud" 17. Een beveiligd netwerk omvattende middelen voor het uitvoeren van de werkwijze volgens één der voorgaande conclusies.A secure network comprising means for performing the method according to any one of the preceding claims. 18. Middelen voor het geschikt maken van een beveiligd netwerk voor uitvoering van de werkwijze volgens één der conclusies 1 tot 16.Means for making a secure network suitable for carrying out the method according to any of claims 1 to 16.
NL2011857A 2013-11-28 2013-11-28 Secure single sign-on exchange of electronic data. NL2011857C2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
NL2011857A NL2011857C2 (en) 2013-11-28 2013-11-28 Secure single sign-on exchange of electronic data.
PCT/NL2014/000046 WO2015080571A1 (en) 2013-11-28 2014-11-28 Secure single sign-on exchange of electronic data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL2011857A NL2011857C2 (en) 2013-11-28 2013-11-28 Secure single sign-on exchange of electronic data.
NL2011857 2013-11-28

Publications (2)

Publication Number Publication Date
NL2011857A NL2011857A (en) 2015-06-01
NL2011857C2 true NL2011857C2 (en) 2015-06-26

Family

ID=50555173

Family Applications (1)

Application Number Title Priority Date Filing Date
NL2011857A NL2011857C2 (en) 2013-11-28 2013-11-28 Secure single sign-on exchange of electronic data.

Country Status (2)

Country Link
NL (1) NL2011857C2 (en)
WO (1) WO2015080571A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10419448B2 (en) 2017-01-09 2019-09-17 Microsoft Technology Licensing, Llc Enhanced email service
US11516202B2 (en) * 2019-12-26 2022-11-29 Vmware, Inc. Single sign on (SSO) capability for services accessed through messages
TR202008081A2 (en) * 2020-05-25 2020-06-22 Deytek Bilisim Muehendislik Sanayi Ve Ticaret Ltd Sirketi SECURE DOCUMENT SHARING METHOD AND SYSTEM

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040158607A1 (en) * 2003-02-06 2004-08-12 Coppinger Clifford L. System and method for associating an email attachment file with a storage location
WO2012177253A1 (en) * 2011-06-22 2012-12-27 Dropbox Inc. File sharing via link generation
US9348802B2 (en) * 2012-03-19 2016-05-24 Litéra Corporation System and method for synchronizing bi-directional document management

Also Published As

Publication number Publication date
NL2011857A (en) 2015-06-01
WO2015080571A1 (en) 2015-06-04

Similar Documents

Publication Publication Date Title
US12413598B2 (en) Method for securely communicating email content between a sender and a recipient
US12572629B2 (en) Secure messaging service with digital rights management using blockchain technology
US11412385B2 (en) Methods for a secure mobile text message and object sharing application and system
US9659165B2 (en) Method and apparatus for accessing corporate data from a mobile device
CN113508563A (en) Blockchain-based secure email system
US11336598B2 (en) Integration of chat messaging in email
US20170006122A1 (en) Targeted notification of content availability to a mobile device
US20080280644A1 (en) Sim Messaging Client
CN103428077B (en) A kind of method and system being safely receiving and sending mails
US20200145389A1 (en) Controlling Access to Data
US11323458B1 (en) Method for securely communicating email content between a sender and a recipient
US20170054789A1 (en) System and method for sending electronic files in response to inbound file requests
US20250047757A1 (en) Targeted notification of content availability to a mobile device
NL2011857C2 (en) Secure single sign-on exchange of electronic data.
US8621648B2 (en) Method and system for secure exchange and use of electronic business cards
JPWO2014203296A1 (en) Information processing apparatus, e-mail browsing restriction method, computer program, and information processing system
CN103986724B (en) Email real name identification method and system
GB2377143A (en) Internet security
CN113392162B (en) Information sharing method, device, equipment and storage medium
WO2021146801A1 (en) Secure data transfer system
Rachad et al. Sending and receiving secure email based on blockchain
Kaviarasi et al. A SMS Based Security Providing for an Email ID by Creating an Email Server
Mistry et al. Preventive Actions to Emerging Threats in Smart Devices Security
WO2010025748A1 (en) Method and network node for handling an electronic message with change of original sender identity

Legal Events

Date Code Title Description
MM Lapsed because of non-payment of the annual fee

Effective date: 20161201