SYSTEM AND METHOD FOR TRANSMISSION OF ENCRYPTED FILES FROM A CENTRAL SERVER COMPUTER TO A REMOTE COMPUTER
Background of the Invention
Field of the Invention
The present invention relates generally to data encryption systems and techniques and, more particularly, to a system for providing secure transmission of encrypted files from a central server computer to a remote computer and method for practicing the same and which utilizes existing protocols, servers and clients. Description of the Prior Art
The use of Internet technologies for delivering various types of data content has increased dramatically in the past few years. Public networks have made the electronic transfer of data between organizations relatively simple.
However, with the simplicity comes great security risks. Numerous solutions have been proposed for securing data during its transmission over a network, such as various encryption schemes, and the result of which is the existence of a burgeoning amount of Internet commerce. Additionally, much of this data delivery has spawned the creation of customized client/server combinations or content-handling programs to view data files and it has been found that the continual creation of software to provide access to new types of data, and in particular encrypted data, becomes very inefficient.
According to existing systems, data is uploaded to a central file server in unencrypted form and prior to subsequent encryption and transmission over a network to a remote server. Typically, a protocol handler at the remote client location or server requests a file over the network from the central server. The file is requested from the server and the server responds with the file and a MIME type.
Upon receiving the encrypted file, the protocol handler forwards the data within the file to a content handler unit. The content handler typically employs one or more decryption programs for algorithmically decrypting the specific types of transferred file, such as the graphic, text and audio components for subsequent display by another program. The content handler may further be built into the network browser or function as a stand alone unit. A number of different MIME types are defined to execute the appropriate content handler.
The drawbacks of such conventional encryption systems include that the file must be recognized as encrypted and forwarded on to an encryption program. After decryption, the file must again be recognized to launch the proper viewing software. This type of identification is very inconsistent and often encryption programs do not maintain information about the type of data being encrypted. The user is typically then left with the burden of determining what type of data is actually encrypted and/or this then involves having to utilize a special server and a special piece of client software for decrypting a file.
A further drawback includes having to integrate data from several sources or different types of data onto one screen. As an example, if a World Wide Web browser needs to display a encrypted graphic, some text, and a video clip, current technology would not enable this to occur. The only solution would then be to define specific MIME types for the encrypted version of each media type and write decrypting content handlers for each type. This results in a doubling of the number of content handlers required and attendant amount of extra code that needs to be developed to facilitate such functionality.
A further evident shortcoming of the existing system is the danger of maintaining files in unencrypted form on the central file server and prior to subsequent encryption and transmission, such danger arising in the form of data theft from employees, contractors and other persons having access to the central server.
Summary of the Present Invention
The present invention provides a system for providing secure transmission of an encrypted file over a computer network and which is a marked improvement over the above-described prior art. According to the present invention, a data encryption and input unit is operatively connected to the central file server for inputting and encrypting the files prior to them being stored in the central server. This is accomplished utilizing any conventional encrypting algorithm and enabling the central server to call up selected files. A protocol handler is operatively connected to a remotely located client or server and functions to request the encrypted file or files to be transmitted from the central server. The protocol handler specifically sends its request utilizing an existing network protocol and in effect "spoofs" the central server into sending data to the client which is in effect stored in the central server as if it was not encrypted and with the same type labeling as an unencrypted file. The effect of "spoofing" the central server causes the protocol handler to generically modify the incoming data (the equivalent of decryption) and thus providing a key decryption function which is otherwise reserved to the prior art systems. The protocol handler further is capable of modifying the data in this instance in such a way that it provides previously existing content types to tlie content-handling algorithm of the client.
Using this system, any type of data can be encrypted and displayed if the original type of data can be displayed. All existing content handlers will function normally because they are dealing with unencrypted data when they are called. The result is that the protocol handler essentially substitutes for the functions of the content handler previously provided by the content handler in decrypting the files and provides for an attendant reduction in necessary software code and more efficient opening and viewing of the decrypted files. This is so because the need for specialized servers and conlenl-handlers is eliminated through the protocol spoofing function.
Brief Description of the Drawings
Reference will now be made to the attached drawings, when read in combination with the following '•pecification, wherein like reference numerals refer to like parts throughout the several views, and in which: Fig. 1 is a schematic view of the system for providing secure transmission of an encrypted file over a computer network according to the present invention.
Detailed Description of the Preferred Embodiment
Referring now to Fig. 1, a system for providing secure storage and transmission of an encrypted file over a computer network is illustrated at 10 according to the present invention. A central file server 12 according to known construction is operably connected tluough a communication line to a remotely located client or server 14. The remote client 14 can qualify as any PC computer or the like. A network connection, illustrated schematically at 16, is known in the art and is capable of operably connecting the central file server
12 with a plurality of individually located and remote client's or servers.
A data encryption and input unit 18 is operably connected to the central file server 12 and is capable of receiving and encrypting a plurality of files prior to uploading to the central server 12. As was previously discussed, it is advantageous to encrypt files prior to uploading to the central server in order to prevent unauthorized access or tampering by internal personnel at the central location.
The procedure for calling up and transmitting encrypted files from the central server as diagrammatically illustrated in Fig. 1 includes the step of the central server 12 first communicating along a line 20 across a network and to selected remote server 14. As is known in the art, a central server 12 could typically connect to large pluralities of remote client servers, however only a single server is illustrated for convenience sake.
The data is encrypted and stored on the central file server 12 in a format consistent as if it was not encrypted and with the same type labeling as
an unencrypted file, particularly such as in a hyper text transmission protocol (http) or a file transfer protocol (ftp). Forming an integral part of the client, or forming a separated and connected part, is a protocol handler 22 which functions to request, through the network 16, a selected file or files from the central server 12. This is accomplished by the protocol handler 22 making a request for information using a locally defined network protocol and sending the request along a communication line defined at 24 extending from the protocol handler 22, through the network 16 and to the central file server 12. The request thus invokes a new protocol-handler and in effect "spoofs" the central server 12 into sending the encrypted data, labeled in unencrypted form, to the client.
The protocol handler 22, once it receives the encrypted data through the remote server 14 and via line 20, algorithmically decrypts the data generically modifying the data in such a way that it provides previously existing content. The trigger used to open encrypted files is the relabeling of an existing protocol handler. As an example, a HTTP protocol could be relabeled as MDRP and would still connect to the server using standard HTTP protocol. Likewise, a FTP protocol may be employed. However, when the data is received, the type of encryption, if any, would be determined by the client's protocol handler. A single protocol handler decrypts all possible data types and then sends the unencrypted files, via a line 26, to a content handler 28 operably connected thereto which determines the type of data utilizing one or more MIME types and then forwards the data, via a further line 30, to another software program and viewer 32 for opening the file. By utilizing protocol spoofing the one protocol handler eliminates the need for many separate content handlers and
MIME types.
Manifestations of the above-described system include the design of prototype health information systems which model a method to provide access to medical records over tlie Internet. Also, the technique of protocol spoofing could also be used for data conversion or any other types of systems which
involve the application of a standard algorithm. For example, a compression algorithm that saves space on a file server could be implemented in a spoofing protocol handler. The data would be stored in a compressed fashion possibly using an uploading spoofing protocol handler. The data could then be retrieved using the same protocol handler with the complementary decompression algorithm.
A method of providing for secure transmission of an encrypted file utilizing the system according to the present invention is also disclosed and includes the steps of loading the selected file or files into a data encryption and input unit which is operatively connected to the central file server and encrypting the file according to any conventionally known procedure. Additional steps include the protocol handler requesting transmission of the file over the network utilizing an existing protocol and decrypting the file through generically modifying the incoming data and transferring the decrypted file lo a content handler for subsequent presentation by a software viewer.
Having described my invention, additional preferred embodiments will become apparent to those skilled in the art to which it pertains without deviating from the scope of the appended claims. I claim: