WO2007118256A2 - Logiciel, systèmes et procédés pour un échange de données authentifié et sécurisé - Google Patents

Logiciel, systèmes et procédés pour un échange de données authentifié et sécurisé Download PDF

Info

Publication number
WO2007118256A2
WO2007118256A2 PCT/US2007/066582 US2007066582W WO2007118256A2 WO 2007118256 A2 WO2007118256 A2 WO 2007118256A2 US 2007066582 W US2007066582 W US 2007066582W WO 2007118256 A2 WO2007118256 A2 WO 2007118256A2
Authority
WO
WIPO (PCT)
Prior art keywords
secure
electronic information
electronic
computer
information
Prior art date
Application number
PCT/US2007/066582
Other languages
English (en)
Inventor
James Justice
Dale Fong
Original Assignee
Udx, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Udx, Inc. filed Critical Udx, Inc.
Publication of WO2007118256A2 publication Critical patent/WO2007118256A2/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Definitions

  • the present invention provides software, systems, and methods for securely transmitting and authenticating electronic information, including electronic documents and electronic mail.
  • the invention has applications in the fields of computer science, computer networking, computer security, and business methods.
  • e-mail is an open-ended communication network.
  • the recipient and the sender are typically using different mail servers, provided by different service providers.
  • anyone can typically join the
  • Page l of 18 worldwide e-mail network simply by signing up with a service provider, and a sender can use any name or identification they so choose to be associated with their e-mail address.
  • a malicious actor can spoof a sender into forwarding sensitive data (e.g., trade secrets or personal financial information) by posing as a trusted receiver, such as a bank official or legal representative.
  • a trusted receiver such as a bank official or legal representative.
  • the openness of e-mail network design has resulted in a significant amount of spam and scams such as the well known "phishing" scams in which malicious senders send out numerous of e-mails spoofing a financial institution that requests a recipient to follow a masked link and "log-in to" the recipient's online account.
  • the recipient clicks the masked link he is directed to a Web page which looks like the recipient's financial institution; but the Web site is actually the phisher's own Web site.
  • the recipient inputs the name and password for the account the phisher acquires that information and now has full access to the recipient's financial account.
  • the present invention provide systems, methods, and software for the secure exchange of electronic information.
  • the present invention provides a system for secure electronic information exchange, comprising a secure electronic communications server computer in secure electronic communication with at least one sender of electronic information and at least one receiver of electronic information, the secure electronic communications server computer being configured to receive securely electronic information sent from the at least one sender of electronic information addressed to the at least one receiver of electronic information and forward securely the electronic information to the at least one receiver of the electronic information; a database including descriptive information of the least one sender of electronic information and the at least one receiver of electronic information, the descriptive information being effective to enable the authentication of the at least one sender of electronic information and the at least one receiver of electronic information.
  • the secure electronic communications server computer being further configured to provide at least one estimation of confidence in the authentication.
  • the system just described is configured to provide an Authenticity Quotient, which, in some embodiments, comprises a Registration AQ factor and a Signing AQ factor.
  • the above described system also includes at least one secure client computer that is configured to receive instructions from the secure server computer to establish a secure connection with at least one additional secure server computer and receive secure electronic communications from the at least one additional secure server computer.
  • the present invention provides a computer-readable medium containing computer program code devices thereon that are configured to enable a computer to perform secure electronic information exchange, wherein the computer program code devices are configured to provide a secure electronic communications server computer in secure electronic communication with at least one sender of electronic information and at least one receiver of electronic information, the computer program code devices being further configured to provide secure electronic communications server computer that can receive securely electronic information sent from the at least one sender of electronic information addressed to the at least one receiver of electronic information and forward securely the electronic information to the at least one receiver of the electronic information; computer program code devices configured to provide a database including descriptive information of the least one sender of electronic information and the at least one receiver of electronic information, the descriptive information being effective to enable the authentication of the at least one sender of electronic information and the at least one receiver of electronic information; and computer program code devices configured to provide at least one estimation of confidence in the authentication.
  • the present invention provides a method for secure electronic information exchange.
  • the method of the invention includes providing a secure electronic communications server computer in secure electronic communication with at least one sender of electronic information and at least one receiver of electronic information, the secure electronic communications server computer being configured to receive securely electronic information sent from the at least one sender of electronic information addressed to the at least one receiver of electronic information and forward securely the electronic information to the at least one receiver of the electronic information; providing a database including descriptive information of the least one sender of electronic information and the at least one receiver of electronic information, the descriptive information being effective to enable the authentication of the at least one sender of electronic information and the at least one receiver of electronic information; and providing at least one estimation of confidence in the authentication.
  • Figure 1 is a schematic depiction of a computer network configured to enable the exchange of electronic information in accordance with the present invention.
  • Figure 2 illustrates an example of autosorting in accordance with the present invention.
  • Figure 3 illustrates an example of autosorting in accordance with the present invention.
  • Figure 4 is a schematic depiction of a method of secure authenticated data exchange in accordance with the present invention.
  • Figure 5 is a schematic depiction of a method of secure authenticated data exchange in accordance with the present invention.
  • Figure 6 is a schematic depiction of a method of secure authenticated data exchange in accordance with the present invention.
  • Figure 7 is a schematic depiction of a method of secure authenticated data exchange in accordance with the present invention.
  • Figure 8 is a schematic depiction of a method of secure authenticated data exchange in accordance with the present invention.
  • Figure 9 is a schematic depiction of a method of secure authenticated data exchange in accordance with the pre sent invention .
  • Figure 10 is a schematic depiction of a method of secure authenticated data exchange in accordance with the present invention.
  • Figure 11 is a schematic depiction of a method of secure authenticated data exchange in accordance with the present invention.
  • the present invention provides software, systems, and methods for establishing secure and authenticated exchange of electronic information over a computer network.
  • users can exchange information electronically with greater security that the information will not be compromised, i.e., viewed by those who are note authorized to receive the information or tampered with to mislead the intended recipient, and that the information will be received by the intended receiver.
  • the present invention provides a computer system for secure electronic information exchange (1000).
  • the system (1000) includes at least one sender of electronic information (1002) that communicates with at least one receiver of electronic information (1004) using at least one secure electronic communications server computer (1006) that configured to receive securely electronic information sent from said at least one sender of electronic information addressed to said at least one receiver of electronic information, and forward securely the electronic information to the receiver of the electronic information.
  • the secure electronic communications server computer includes one or more additional secure electronic communications server computers (1006). In some embodiments, that the secure server computer can be the same device as the sending computer.
  • Sender (1002), receiver(s) (1004), and server(s) (1006, 1006) are connected to each other through the Internet (1008), one or more other types of computer networks (e.g., local area networks, LANs), directly, or in some combination of these connections (not shown).
  • one or more of the electronic connection is secure, e.g., electronic information exchanged between two or more devices is encrypted or otherwise enhanced to reduce or eliminate unauthorized access or tampering.
  • the computers and servers and their connections just described are of standard design and construction, and their operation will be understood by those having ordinary skill in the art.
  • the system (1000) can include other devices for secure electronic information exchange, including wireless devices communicating with the system, such as, for example, a personal digital assistant (1010) communicating through a base station (1012), or a remote cell phone (1014) by an antenna (1016). Still other devices that can participate in such communication will be apparent to those having ordinary skill in the art.
  • wireless devices such as, for example, a personal digital assistant (1010) communicating through a base station (1012), or a remote cell phone (1014) by an antenna (1016).
  • Still other devices that can participate in such communication will be apparent to those having ordinary skill in the art.
  • the just described are of standard design and construction, and their operation in accordance with the invention described herein will be understood by those having ordinary skill in the art.
  • the secure electronic communications server computers (1006, 1006) are of standard construction and operation as will be familiar to those having ordinary skill in the art.
  • at least one of the secure electronic communications server computers (1006, 1006) includes one or more databases (1018) in secure electronic communication with the server(s) that provide descriptive information of the sender of the electronic information (1002) and the receiver(s) of the electronic information (1004).
  • the descriptive information is effective to enable the authentication of the sender of the electronic information (1002) and the receiver(s) of electronic information (1004). Examples of information suitable to enable such authentication include, without limitation, address, phone number, personal identifier (such as a photo or symbol) or other information which helps other parties on the system authenticate a user.
  • the registered e-mail address can be the same e-mail address used on publicly accessible email systems, commonly referred to today in common practice as "e-mail” or "Internet e-mail", a proprietary electronic mail address used on a private email network, or a virtually private email network. Still other types of suitable e-mail address will be apparent to those having ordinary skill in the art.
  • the information can also be arranged in a hierarchal structure such that a user can be identified at various tiers. For example, an identifier could include a company name, a division name, and user name. Thus, if one party in an email exchange wishes to validate the identity of the other party, then the invention provides the means by which the user may do so.
  • the database may separate from, or integral with (i.e., as a real or virtual data device) the server(s), and such arrangement may be different on different servers in a multiple sever configuration embodiment. Those having ordinary skill in the art will understand how to provid the database(s) just described.
  • At least certain aspects of the authenticated ID of the user such as name and address, at the server must be unchangeable by the user after the user has been authenticated at registration to prevent spoofing.
  • all aspects of the authenticated ID are not changeable by the user after authenticated registration.
  • the only way for the user to effect any such change is to re-register or re-authenticate.
  • the server(s) are configured to maintain the identities of individuals or devices such that that their identities can be verified by other individuals sharing the system; thus, the same server(s) facilitate the transmission of a file or document between two or more parties such that a client on the receiving computer can autosort electronic information at the receiver with a degree of certainty of the integrity of the electronic information and the sender's authenticity.
  • autosort refers to automatically storing received electronic files or messages, and, in some embodiment of the invention automatically storing received electronic files or messages within a hierarchy of electronic folders according to information relevant to the sender, or (sub)class of sender, wherein each folder identified as being associated with the sender or (sub)class of sender (or both).
  • inbound electronic information can be routed to an appropriate directory or location in an hierarchal database or other similar data structure. So, when incoming electronic information arrives, the header, or other suitable component of the electronic information is read, and then either: the information is stored with the hierarchical information is embedded in the electronic file; the information is directed to a file or folder (e.g., routed to "Utility X" (A) or a subfolder or "Institution Y"
  • FIG. 3 A more detailed example of autosorting is shown in Figure 3.
  • a user interface shows an example in which both Utility X and Institution Y have sub folders into which electronic information can be stored upon autosorting.
  • the above-described autosorting of incoming electronic information in implemented at the client (i.e., the receiver of the electronic information).
  • the client is configured to accept and process the incoming electronic information in accordance with the hierarchical information contained electronic information, e.g., in a file header or an e-mail header.
  • the above-described secure electronic communications server computer is further configured to provide at least one estimation of confidence in said authentication.
  • this feature is provided in addition to the foregoing autosort feature. In other more specific embodiments, this feature is provided without the above-described autosort feature. Methods for generating such estimations are known among those having skill in the art.
  • the estimation of confidence is an Authenticity Quotient, which is defined herein as measure, numerical or non-numerical, of the confidence in the authenticity of the identity of a user on the system.
  • the Authenticity Quotient comprises a Registration AQ factor, i.e., a factor representing how the user in question was registered on the system, and a Signing AQ factor, i.e., a measure of the reliability of the sender's identity.
  • the Registration AQ system is be used to identify a recipient as well; and the recipient must enter his (or her) Signature Code to access the desired information.
  • the Registration AQ measures the certainty that a registrant on the system is who they claim to.
  • the Registration AQ is determined by the method of registration. For example, the system:
  • A. Can correlate the user's billing method to the user (for example, using the registrant's credit card or bank account name as the account name);
  • the Signing AQ measures the degree of certainty that an individual using a digital signature at the time of a transaction (i.e., the time the user sends electronic information) is indeed the individual registered to use that digital signature, or, more inclusively, that the individual is whom the digital signature is officially meant to represent.
  • the basis of determining the signing AQ is the method used to identify the user at the time of the transaction.
  • Passcode electronic signature
  • the user has to choose a secret passcode or signature code at registration that is used to identity the sender at the time of a transaction
  • C.) Biometric identifier A biological identifier determined at registration (e.g., voice print or fingerprint) is used to identify the sender at the time of a transaction; or
  • At least one secure client computer is configured to receive instructions from the secure server computer to establish a secure connection with at least one additional secure server computer and receive secure electronic communications from the additional secure server computer(s).
  • a connection can be direct or through intermediate servers and routers.
  • the recipient's client e-mail application can be dynamically directed to retrieve the e-mail or file from a specific email server and request the delivery of said email or file directly from the that server, in effect generating a dynamic "peer-to-peer (P2P)" transaction.
  • P2P peer-to-peer
  • each e-mail account in an email application is assigned a static sending and a static receiving email server/server address.
  • a User A addresses an email to User B in email Application A.
  • Email application A sends the message (4002) to the Sending mail server which then, directly or indirectly, does a lookup (4004) at a central directory (or DNS in the case of common internet email) to find out what Receiving Mail Server is assigned to User B.
  • the email is then sent, via the network, to the Receiving mail server (4006).
  • the User B email application regularly asks (pings) the Receiving mail server if there is any inbound mail for User B (4008).
  • the Receiving mail server responds with the email which is sent to the User B email application (4010).
  • the Receiving mail server (or any interim servers) is (are) typically unknown and not controlled by the Sending party. This can be troublesome when the sending party considers the contents of an email sensitive material and doesn't wish to trust a third party with the information. It also requires that a third party server "relay" the email which creates unnecessary traffic for the Receiving mail server, as well as the network, where a direct send between the Sending mail server and User B email application would be more efficient. In some embodiments in which a "relay" transaction as just described is used, the receiving mail server can be part of the secure server.
  • the methods and systems of the present invention provide two exemplary solutions:
  • user A inputs an email address in User A email application and clicks "send" (5002).
  • the User A email application then sends the email to the Sending mail server X (5004).
  • the Sending mail server X then notifies a central server (containing a registry of all email users), that an email is being sent from the Sending mail server X to User B (or User B's email application) and passes a unique transaction identifier or email identifier (token or other) to the Server (5006).
  • the Server then notifies Receiving mail server Y that Sending mail server X has an email for User B passing along the email identifier (5008).
  • User B email application regularly asks (pings) Receiving mail server Y if there is any mail for User B (5010).
  • the Receiving mail server responds "yes" and includes in the response the address of the Sending mail server X along with the email identifier (5012).
  • the User B email application then sends a request directly to the Sending mail server X, passing along the email identifier and requesting the email (5014).
  • the email is then sent from Sending mail server directly to the User B email application.
  • the Sending mail server could have cached (from a previous transaction or could actually have the address permanently stored) the address of User B's Receiving mail server (in this case Receiving mail server Y).
  • a User A inputs an email address in User A email application and clicks "send" (6002).
  • the User A email application then sends the email to the Sending mail server X (6004).
  • the Sending mail server X then performs a local lookup in its own tables to find the address of
  • Receiving mail server Y then notifies Receiving mail server Y that an email is being sent from the Sending mail server X to User B (or User B's email application) and passes a unique transaction identifier or email identifier (token or other) to the Receiving mail server Y (6006).
  • User B email application regularly asks (pings) Receiving mail server Y if there is any mail for User B (6008).
  • the Receiving mail server responds "yes" and includes in the response the address of the Sending mail server X along with the email identifier (6010).
  • the User B email application then sends a request directly to the Sending mail server X, passing along the email identifier and requesting the email (6012).
  • the email is then sent from Sending mail server directly to the User B email application.
  • a combination of the two illustrative methods also allows the Sending mail server X to perform a local lookup (at Server X) to see if it has stored the address of User B's Receiving mail server; and, if so, to utilize Method 2 to send the email, and, if not, utilize Method 1 to send the email.
  • server refers to a logical reference to either a single device or computer or a group of devices that together act logically as a server.
  • User registration can be accomplished using one of several modes: Active, Passive, Enterprise, Dynamic, or by Dynamic Credential Acquisition.
  • the user accesses the server (or subparts or nodes of the server) directly and provides information to the server about the identity of that user (9002).
  • the server can then simply register the user based on information provided and download an identifier which is stored in the client and used to identity the client in future communications with the server (9004), or take the information the user provides and authenticate that information against a third party, such as a credit card processor or credit agency, which can authenticate the identity of the user using the provided information (9006).
  • An identifier is then downloaded to the client and used to identity the client to the server for future communications.
  • the server can also optionally create an additional cross-referenced identifier specifically for the combination of that client and that third party, and can pass the cross-referenced identifier to the client, which then passes that identifier back to the third party, such a that all communications using the system between that user and that third party will exclusively use that cross- referenced identifier (10008).
  • the client then passes the unique identifier or the cross-referenced identifier (a method which protects the third party from viewing the client unique identifier) to the third party when communicating with the third party (10010).
  • Enterprises can be registered using either active or passive registration (just described), or through a manual process (e.g., by a sales person).
  • the assumption is that there will typically be multiple individual users under the enterprise account.
  • the enterprise itself has a top tier ID while each of these users can also represent different divisions of the enterprise, thus establishing a need for hierarchal identifiers.
  • Enterprises can register secure mail servers which are meant to route mass mail, such as account statements, from the enterprise, or can allow individuals to register.
  • that entity can be assigned a sub-tier ID within the hierarchy of the enterprises account. The combination of top tier IDs plus the lower tier IDs for any user account forms the identifier.
  • registration is also accomplished using Dynamic Registration (DR).
  • Dynamic registration leverages a preexisting internet account relationship to identify and authenticate a new user X on the system and to establish a trusted electronic relationship (TER) between two parties.
  • TER trusted electronic relationship
  • user X already has a prior business relationship with business Y such that user X has a means by which to electronically authenticate user X's identity to business Y such as by logging into business Y's website. For example, a user X logs into an account management of a website (web or other computer interface). Once a user X is logged in, user X identified and user X can download software to enable exchange sensitive documents/files with the business Y which operates said site (as well exchange documents with other entities) and is pre-configured with user X's identity embedded in the code from within the user account management area of that site.
  • user X's software When installed, user X's software will perform a handshake with the software installed at business Y (could be same or different server as used in previous steps). Then software at both business Y and user X will notify the secure sever that the other is now a credentialed exchange partner.
  • the Secure server adds a record of the credentials to each said entities' accounts, noting the credentialed partner status.
  • the system may optionally prompt user X to choose an electronic signature (in the form or a secret pass code, signature code or other method). This can be through an exchange with Business Y or through an exchange with the server. In either case, the electronic signature is stored in the customer record at the CS and/or at Business Y and can be used to identity the user (as opposed to just the PC) in future file/document exchanges between the two parties.
  • the software can exchange credentials, effectively communicating the identity of user X to said business Y; and business Y is provided a high level of confidence that the identity of user X when exchanging files or documents with user X using the system.
  • user X will also be provided a high level of confidence of the identity of business Y when receiving or exchanging documents with business Y.
  • DCA Dynamic Credential Acquisition
  • a user X who has previously installed the UDXSC software, but has not yet authenticated at business Z, to authenticate with business Z such that a TER is established between the two parties, i.e. business Z can now trust the identity of user X when communicating with user X using the system and so that user X can trust the identity of business Z when communicating with business Z.
  • a user X who already has installed the above-described software, already has a prior business relationship with business Z such that user X has a means by which to electronically authenticate user X's identity to business Z such as by logging into business Z's website.
  • User X logs into an account management area of a website (web or other computer interface).
  • UDXSC software on both sides (internet account server and user X side) can exchange IDs (or a cross- referenced version such as an email address or a combination thereof).
  • Both applications send a secure electronic message to the UDX CS (central server) requesting that the other entity be added as a credentialed entity for that user's account.
  • the CS records this in the appropriate customer records.
  • Business Z then associates this ID with user X's existing user account at Business Z and stores this association as a record at the CS (this association can also be communicated and kept at the business Z, however, if user X's ID changes, then the association will no longer be valid - thus a separate identifier, such as the email address can be used for the local association).
  • LATER Leveraged Associative Trusted Electronic Relationship
  • TER trusted electronic relationship
  • the established TER in the system can also be leveraged in reverse to establish TER between two entities that does not exists at the time communication is established. For example, once a users identity is established on the system, that identity can be used to identify that user electronically to another entity where a prior TER did not exist. [0055] Thus, using LATER, one entity can effectively act as a trusted authority for another entity on the system to establish the identity of new customers or simply to establish TER between the two parties. .
  • LATER When LATER is used between a business and a customer, the system can typically be used in two ways:
  • LATER With LATER, two parties, User A and User B, would typically be enabled on the system, but have not established a TER. If one user entity using the system, for example, User A, has an established TER with a third party user, say User C, then User B could utilize the LATER system as follows.
  • User A Any one of the parties can be an individual or a business, however, typically user A would be an individual setting up an account with user B (a business) and leveraging a business relationship between user C (another business).
  • User A and user C do not have established a TER (trusted electronic relationship) with each other, but do have a TER directly with the server (or the secure server) or another entity via the server.
  • User A requests to establish a TER with user B and forwards a unique identifier, which can be used to identify user A at the server, to user B along with other inputted (by the user) identifying information, such as name address, etc (7002).
  • User B forwards the unique identifier and other identifying information to the server requesting authentication (7004).
  • the server performs a lookup to determine if the information provided matches the identification information at the server, and then sends a verification (positive or negative) to user B (7006).
  • the server can record user A as a trusted exchange partner (7008) and user X's email address, and other identifying information returned to user B by the server, is stored at user B associating user A with any account setup or other business relationship at user B. Note that technically, only one of either steps at the client or server is needed to establish the relationship
  • the quality of the AQ established is the same between user B and user A as it was for whatever method user A initially established an identity with the server. This could be through a direct registration process with the server, or could be through a registration with another user, such as user C and user C has provided the server with personally identifiable information about user A which user C needs authenticated, such as physical address or possibly a social security number.
  • the authentication partner would typically be a trusted institution, such as a bank, which has the capability of authenticating a user at a high confidence level, i.e., providing a high registration AQ and has done so to establish a registration AQ (or simply the identity of) user A. While typically a trusted institution, the authentication partner could be any other user on the system. The authentication partner, in effect, acts as a reference or witness to user A's identity when user A is establishing a new TER with another entity - in this case, user B. User A could choose other users, where a TER has been established, on the system to serve as secondary, or tertiary authentication partners and so on.
  • user A requests to establish a TER with user B and forwards a UDXSC unique identifier, which can be used to identify user A at the server, to user B along with other inputted (by the user) identifying information, such as name address, etc (8002).
  • User B forwards the unique identifier and other identifying information to the server requesting authentication (8004).
  • an electronic signature can be requested (8006).
  • User A pings the server regularly. Because a transaction is active and user B has requested authentication (8008), the server responds to the regular ping of User A with a request to input an electronic signature (pass code or other) (8010). User A does so.
  • the server performs a lookup in user A's account and responds to user B with the address of user A's authentication partner (8012), user C and a unique registration transaction number.
  • User B then directs a request, the message include the unique registration transaction number (8014), to User C requesting identification credentials such as address, telephone number etc (8016).
  • User C. (using this method, user personal information is not stored at the server) runs a check against the server to make sure the transaction is legitimate - using the unique registration transaction number.
  • user C responds to user B with the requested information (8018) and can setup an account for user X, and notfies the server that at TER has been established between user A and user B (8020).
  • the server records the relationship in the records for both user A and user B.
  • a representative computer includes a central processing unit (CPU) which is coupled bidirectionally with random access memory (RAM) and unidirectionally with read only memory (ROM).
  • RAM random access memory
  • ROM read only memory
  • RAM is used as a "scratch pad" memory and includes programming instructions and data, including distributed objects and their associated code and state, for processes currently operating on CPU.
  • ROM typically includes basic operating instructions, data and objects used by the computer to perform its functions.
  • a mass storage device such as a hard disk, CD ROM, magneto-optical (floptical) drive, tape drive or the like, is coupled bidirectionally with CPU.
  • Mass storage device generally includes additional programming instructions, data and objects that typically are not in active use by the CPU, although the address space may be accessed by the CPU, e.g., for virtual memory or the like.
  • Each of the above described computers optionally includes an input/output source that typically includes input media such as a keyboard, pointer devices (e.g., a mouse or stylus) and/or network connections. Additional mass storage devices (not shown) may also be connected to CPU 32 through a network connection. It will be appreciated by those skilled in the art that the above described hardware and software elements, as well as networking devices, are of standard design and construction, and will be well familiar to those skilled in the art.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne des systèmes, des procédés et un logiciel qui permettent un échange sécurisé d'informations électroniques. Selon un premier aspect, l'invention porte sur un système d'échange d'informations électroniques sécurisé qui comprend un ordinateur serveur de communications électroniques sécurisées, en communication électronique sécurisée avec au moins un expéditeur d'informations électroniques et au moins un destinataire d'informations électroniques. L'ordinateur serveur de communications électroniques sécurisées est configuré pour recevoir de manière sécurisée des informations électroniques envoyées par l'expéditeur d'informations électroniques, qui sont adressées au moins au destinataire d'informations électroniques, et pour transférer les informations électroniques au destinataire des informations électroniques. L'invention se rapporte également à une base de données comprenant des informations descriptives qui permettent l'authentification de l'expéditeur des informations électroniques et du destinataire des informations électroniques.
PCT/US2007/066582 2006-04-12 2007-04-13 Logiciel, systèmes et procédés pour un échange de données authentifié et sécurisé WO2007118256A2 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US79179206P 2006-04-12 2006-04-12
US60/791,792 2006-04-12
US79547906P 2006-04-26 2006-04-26
US60/795,479 2006-04-26

Publications (1)

Publication Number Publication Date
WO2007118256A2 true WO2007118256A2 (fr) 2007-10-18

Family

ID=38581876

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/066582 WO2007118256A2 (fr) 2006-04-12 2007-04-13 Logiciel, systèmes et procédés pour un échange de données authentifié et sécurisé

Country Status (1)

Country Link
WO (1) WO2007118256A2 (fr)

Similar Documents

Publication Publication Date Title
US20070255815A1 (en) Software, Systems, and Methods for Secure, Authenticated Data Exchange
US9002018B2 (en) Encryption key exchange system and method
US7822988B2 (en) Method and system for identity recognition
KR101281217B1 (ko) 토큰 공유 시스템 및 방법
US8650103B2 (en) Verification of a person identifier received online
US20050114447A1 (en) Method and system for identity exchange and recognition for groups and group members
US8484456B2 (en) Trusted electronic messaging system
KR20210137073A (ko) 블록체인 기반 보안 이메일 시스템
US20030217148A1 (en) Method and apparatus for LAN authentication on switch
US20090240936A1 (en) System and method for storing client-side certificate credentials
JP2006520112A (ja) セキュリティ用キーサーバ、否認防止と監査を備えたプロセスの実現
US9906501B2 (en) Publicly available protected electronic mail system
JP2006180478A (ja) エンドポイントの識別およびセキュリティ
JP5065682B2 (ja) 名前解決のためのシステムおよび方法
Muftic et al. Business information exchange system with security, privacy, and anonymity
US9560029B2 (en) Publicly available protected electronic mail system
WO2007118256A2 (fr) Logiciel, systèmes et procédés pour un échange de données authentifié et sécurisé
WO2022248404A1 (fr) Procédé de gestion d'une identité numérique
Hansen et al. DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations
Hansen et al. RFC 5863: DomainKeys Identified Mail (DKIM) Development, Deployment, and Operations
ZA200402931B (en) Verification of a person identifier received online.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07797232

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112 (1) EPC, EPO FORM 1205A DATED 05-02-2009

122 Ep: pct application non-entry in european phase

Ref document number: 07797232

Country of ref document: EP

Kind code of ref document: A2