Claims
- 1. In a server, a method comprising:
receiving from a sending client, a request to encrypt at least a first portion of a message; generating a split encryption key comprising at least a first key portion and a second key portion; encrypting at least the first portion of the message, using the split encryption key; providing the first key portion to the sending client; and discarding the first key portion from the server.
- 2. The method of claim 1, further comprising:
generating a first identifier uniquely identifying the message; generating one or more recipient-individualized tokens, each recipient-individualized token comprising a corresponding recipient-individualized identifier and the first key portion; associating each of the recipient-individualized tokens with the first identifier; and providing the one or more recipient-individualized tokens to the sending client, the one or more recipient-individualized tokens to be provided by the sending client to the corresponding one or more recipients to facilitate access by the one or more recipients to at least the first portion of the message.
- 3. The method of claim 2, wherein each of the one or more recipient-individualized tokens comprises an obfuscated combination of a corresponding recipient-individualized identifier and the first key portion.
- 4. The method of claim 2, wherein the first key portion and the first identifier are generated based at least in part upon a randomized seed value, and the randomized seed value is discarded from the server after generation of the first and second key portions.
- 5. The method of claim 4, wherein the randomized seed value is received from the sending client.
- 6. The method of claim 5, wherein the randomized seed value comprises a globally unique identifier (GUID).
- 7. The method of claim 4, wherein the randomized seed value is generated by the server.
- 8. The method of claim 4, wherein generating a split encryption key comprises:
applying a first hash function to the randomized seed value to form the first key portion; and applying a second hash function to the randomized seed value to form the second key portion.
- 9. The method of claim 4, wherein generating a split encryption key comprises:
applying a hash function to the randomized seed value to form an encryption key; and bifurcating the encryption key to form the first key portion and the second key portion.
- 10. In a server, a method comprising:
generating a split encryption key to encrypt a message, the split encryption key comprising at least a first key portion and a second key portion; generating a message identifier corresponding to the message; generating a recipient-individualized token comprising the first key portion; associating the recipient-individualized token with a recipient-individualized message identifier; providing the message identifier, the first key portion, and the recipient-individualized token to a sending client, the recipient-individualized token to be provided by the sending client to a corresponding recipient to facilitate access by the recipient message.
- 11. The method of claim 10, wherein encrypting comprises:
receiving from the sending client, the message to be encrypted, the message identifier, and the first key portion; identifying the second key portion based at least in part upon the message identifier; and encrypting the message using a combination of the first and second key portions.
- 12. The method of claim 11, wherein the split encryption key and the message identifier are each generated based at least in part upon a randomized seed value.
- 13. The method of claim 12, wherein the randomized seed value is received from the sending client.
- 14. The method of claim 13, wherein the randomized seed value comprises a globally unique identifier (GUID).
- 15. The method of claim 12, wherein the randomized seed value is generated by the server.
- 16. The method of claim 12, wherein generating a split encryption key comprises:
applying a first hash function to the randomized seed value to form the first key portion; and applying a second hash function to the randomized seed value to form the second key portion.
- 17. The method of claim 12, wherein generating a split encryption key comprises:
applying a hash function to the randomized seed value to form the encryption key; and bifurcating the encryption key to form the first key portion and the second key portion.
- 18. The method of claim 12, further comprising:
discarding the first key portion and the randomized seed value from the server once the message has been encrypted.
- 19. The method of claim 10, wherein the message is received from the sending client.
- 20. The method of claim 10, wherein the message is stored on the server.
- 21. The method of claim 10, wherein the recipient-individualized token comprises an obfuscated combination of a corresponding recipient-individualized identifier and the first key portion.
- 22. In a sending client, a method comprising:
sending to a server, a request to encrypt at least a first part of a message, receiving from the server, a message identifier corresponding to the message, and a first key portion of a split encryption key to be used by the server to encrypt the message; sending at least the first part of the message to the server in association with the message identifier and the first key portion; and sending the first key portion to one or more recipients to facilitate access by the one or more recipients to at least the first part of the message from the server.
- 23. The method of claim 22, further comprising:
enumerating the one or more recipients to the server; and receiving a corresponding one or more recipient-individualized tokens from the server, each recipient-individualized token comprising a corresponding recipient-individualized identifier and the first key portion, wherein the recipient-individualized identifier is associated with the message identifier.
- 24. The method of claim 23, wherein sending the first key portion to one or more recipients comprises sending the one or more recipient-individualized tokens to the one or more recipients.
- 25. The method of claim 22, wherein the first key portion and the message identifier are each generated by the server based at least in part upon a randomized seed value.
- 26. The method of claim 25, wherein the randomized seed value is generated by the sending client.
- 27. The method of claim 25, wherein the randomized seed value is generated by the server.
- 28. The method of claim 22, further comprising:
depositing the message identifier and the first key portion into a mail folder on the sending client.
- 29. In a sending client, a method comprising:
transmitting to a server, a request for at least a first part of a message to be encrypted, the request including a randomized seed value and one or more recipient identifiers enumerating one or more intended message recipients; receiving from the server, a message identifier corresponding to the message, a first key portion of a split encryption key to be used by the storage server to encrypt at least the first part of the message, and one or more recipient-individualized tokens comprising a corresponding recipient-individualized identifier and the first key portion, the message identifier and the first key portion based at least in part upon the randomized seed value; and providing a first recipient-individualized token to a corresponding message recipient to facilitate retrieval of at least the first part of the message by the corresponding recipient.
- 30. The method of claim 29, wherein the first recipient-individualized token is provided to the corresponding message recipient in association with a markup language based form element.
- 31. The method of claim 30, wherein the form element comprises a network address associated with the server and recipient specific form data to be posted to the network address.
- 32. The method of claim 29, wherein the first recipient-individualized token is provided to the corresponding message recipient in the form of a URL uniquely identifying the server and the corresponding message recipient.
- 33. The method of claim 29, wherein the one or more recipient-individualized identifiers facilitate provisioning of recipient-individualized folders on the server.
- 34. The method of claim 33, wherein the one or more recipient-individualized identifiers comprise a corresponding one or more email addresses.
- 35. A system comprising:
a server equipped to
generate a split encryption key for encrypting a message, the split encryption key comprising at least a first key portion and a second key portion, store the first key portion, provide the second key portion to a sending client, and discard the second key portion from the server; and the sending client equipped to
receive the second key portion from the server, and provide the second key portion to a recipient to facilitate access to the message by the recipient.
- 36. The system of claim 35, wherein the server is further equipped to
generate a unique message identifier to be associated with the message, associate the first key portion with the message identifier, and provide the message identifier to the sending client in association with the second key portion.
- 37. The system of claim 36, wherein the sending client is further equipped to provide the message to the server in association with at least one of the unique message identifier and the second key portion.
- 38. The system of claim 37, wherein the server is further equipped to retrieve the first key portion based upon the unique message identifier received from the sending client, combine the first key portion with the second key portion received from the sending client, and encrypt the message using the first and second key portions.
- 39. The system of claim 36, wherein the server is further equipped to generate a recipient-specific token based upon an obfuscated combination of the second key portion and the unique message identifier, and to provide the recipient-specific token to the sending client.
- 40. The system of claim 39, wherein the sending client provides the recipient-specific token to a corresponding recipient to facilitate access to the encrypted message by the recipient.
- 41. The system of claim 39, wherein the server is further equipped to receive the recipient-specific token from a corresponding recipient, extract the unique message identifier and the second key portion from the recipient-specific token, retrieve the stored first key portion based at least in part upon the unique message identifier, and decrypt the encrypted message based at least in part upon the first key portion and the second key portion.
- 42. An apparatus comprising:
a storage medium having stored therein programming instructions designed to enable the apparatus to:
receive from a sending client, a request to encrypt at least a first portion of a message; generate a split encryption key comprising at least a first key portion and a second key portion; encrypt at least the first portion of the message, using the split encryption key; provide the first key portion to the sending client; and discard the first key portion from the server.
- 43. The apparatus of claim 42, wherein the programming instructions are further designed to enable the apparatus to
generate a first identifier uniquely identifying the message; generate one or more recipient-individualized tokens, each recipient-individualized token comprising a corresponding recipient-individualized identifier and the first key portion; associate each of the recipient-individualized tokens with the first identifier; and provide the one or more recipient-individualized tokens to the sending client, the one or more recipient-individualized tokens to be provided by the sending client to the corresponding one or more recipients to facilitate access by the one or more recipients to at least the first portion of the message.
- 44. The apparatus of claim 43, wherein each of the one or more recipient-individualized tokens comprises an obfuscated combination of a corresponding recipient-individualized identifier and the first key portion.
- 45. The apparatus of claim 43, wherein the programming instructions are designed to enable the apparatus to generate the first identifier based at least in part upon a randomized seed value, and to discard the randomized seed value from the server after generation of the first and second key portions.
- 46. The apparatus of claim 45, wherein the programming instructions are further designed to enable the apparatus to receive the randomized seed value from the sending client.
- 47. The apparatus of claim 46, wherein the randomized seed value comprises a globally unique identifier (GUID).
- 48. The apparatus of claim 45, wherein the programming instructions are further designed to enable the apparatus to generate the randomized seed value.
- 49. The apparatus of claim 45, wherein the programming instructions designed to enable the apparatus to generate a split encryption key, are further designed to enable the apparatus to
apply a first hash function to the randomized seed value to form the first key portion; and apply a second hash function to the randomized seed value to form the second key portion.
- 50. The apparatus of claim 45, wherein the programming instructions designed to enable the apparatus to generate a split encryption key are further designed to enable the apparatus to
apply a hash function to the randomized seed value to form an encryption key; and bifurcate the encryption key to form the first key portion and the second key portion.
- 51. An apparatus comprising:
a storage medium having stored therein programming instructions designed to enable the apparatus to:
send to a server, a request to encrypt at least a first part of a message, receive from the server, a message identifier corresponding to the message, and a first key portion of a split encryption key to be used by the server to encrypt the message; send at least the first part of the message to the server in association with the message identifier and the first key portion; and send the first key portion to one or more recipients to facilitate access by the one or more recipients to at least the first part of the message from the server.
- 52. The apparatus of claim 51, wherein the programming instructions are further designed to enable the apparatus to
enumerate the one or more recipients to the server; and receive a corresponding one or more recipient-individualized tokens from the server, each recipient-individualized token comprising a corresponding recipient-individualized identifier and the first key portion, wherein the recipient-individualized identifier is associated with the message identifier.
- 53. The apparatus of claim 52, wherein the programming instructions are further designed to enable the apparatus to send the one or more recipient-individualized tokens to the one or more recipients.
RELATED APPLICATIONS
[0001] This non-provisional patent application claims priority to U.S. provisional patent application No. 60/401,945, entitled “SYSTEM FOR TRANSMITTING RULE BASED STRUCTURES, SEMI-STRUCTURED AND UNSTRUCTURED DOCUMENTS”, filed on Aug. 7, 2003 and having common inventorship with the present application, which is hereby fully incorporated by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60401945 |
Aug 2002 |
US |