US20160197921A1 - Secure Data Transmission System - Google Patents

Abstract

A secure messaging system that requires pairing of second and receiving devices via user identification credentials and the associated media access control addresses (MAC addresses) of the paired devices. Paired devices may communicate encrypted messages and deletion parameters may be established by a sending device, including immediate deletion requests. The message and the instructions are automatically decrypted by the receiving device and interpreted to provide the data and configure the deletion parameters. The system preferably manages device pairing via a remote server that is accessed by a device application.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
• The present application is a continuation of U.S. application Ser. No. 13/897,865, filed on May 20, 2013, which claims priority to U.S. Provisional Patent Application No. 61/795,804, filed on Oct. 26, 2012, and U.S. Provisional Patent Application No. 61/688,712, filed on May 21, 2012.
BACKGROUND OF THE INVENTION
• 1. Field of the Invention
• The present invention relates to data transmission systems and, more particularly, to a system that provides identity and data theft protection.
• 2. Description of the Related Art
• Messaging over the internet and mobile cellular networks has been growing at an astonishing rate over the last decade, and includes the transmission of additional date, such as sound, video, and picture files. A primary concern in the use of messaging systems is the security and integrity of such data transmission. While some solutions exist that perform encryption on transmitted data or require encryption keys, there is no way to know whether the receiving party is the intended target or whether a third party with unauthorized access has intercepted or broken the encryption. In addition, there is typically no way to ensure that the receiving party deletes sensitive messages or data as promised. Accordingly, there is a need in the art for a data transmission system that can verify the receiving party is authorized to receive the transmission and is actually the authorized party prior to data transmission, and that can ensure the appropriate deletion of received data after transmission.
BRIEF SUMMARY OF THE INVENTION
• The present invention comprises a secure messaging system that provides identity and data theft protection by requiring that devices participating in the transmission of data be paired via an exchange of media access control addresses (MAC addresses). By requiring the pairing of devices via exchanged MAC addresses before data can be transferred between devices, data transmission security is enhanced. In an embodiment of the present invention, sent data may also be deleted from a receiving device after it has been reviewed, such as by a remote sender, thereby further ensuring data security and protecting against identity theft. In the data transmission process according to the present invention, a request to transmit data, such as encrypted text, an image, sound, video, or music file, a check is first made to determine whether the sending and receiving devices have been paired. For example, a check may be made via a host server.
• Once a paired relationship has been verified, data is sent to the receiving device in encrypted fashion along with instructions on how long the message is to be made available for viewing before automatic deletion. The message and the instructions are automatically decrypted by the receiving device and interpreted to provide the data and configure the deletion parameters. Alternatively, a sending device may transmit a delete instruction that deletes a received data file regardless of whether the file was reviewed, viewed or used.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S)
• The present invention will be more fully understood and appreciated by reading the following Detailed Description in conjunction with the accompanying drawings, in which:
• FIG. 1 is a schematic of a secure messaging system according to the present invention implemented into two smart phones;
• FIG. 2 is a schematic of a user device management module according to the present invention;
• FIG. 3 is a schematic of data flow in a secure messaging system according to the present invention.
• FIG. 4 is a schematic of message sending and receiving according to the present invention; and
• FIG. 5 is a schematic of the hierarchy of servers according to the present invention.
DETAILED DESCRIPTION OF THE INVENTION
• Referring now to the drawings, wherein like reference numerals refer to like parts throughout, there is seen inFIG. 1 a schematic of thesecure messaging system10 according to the present invention that is based in part on pairing ofdevices12 and14 using MAC addresses, with are device identifiers that are each uniquely associated with a network adapter to identify a device on a network. A typical MAC address consists of 12 hexadecimal numbers, typically formatted as follows XX:XX:XX:YY:YY:YY.System10 is designed to allow for the secure pairing of a sending (or receiving) device12running system10 with a receiving (or sending)device14 also implementingsystem10. It should be recognized by those of skill in the art that adevice implementing system10 may act as either a sending device12 or a receivingdevice14, or both, and have been assigned reference numerals as one or the other strictly for the purposes of illustrating an embodiment of the invention.System10 ensures that messages are sent to the correct person/device and that the sender is the person authorized to make the transmission.
• As seen inFIG. 1, ahost server16 facilitatessystem10 in combination withdevices12 and14, preferably through the use of software installed on participatingdevices12 and14, such as an application that is downloaded and run on the sending and receivingdevices12 and14 that will be participating in data transmission or messaging. For example, the local device portions ofsystem10 may be implemented via a downloadable app for devices such as smartphones, tablets, laptops, desktop computers, as well as gaming systems, smart televisions, navigation systems, vehicular computers, and the like. Along these lines,system10 can be configured to require a conventional user identification and password for each user to provide added security and, as explained below, for a user to remotely accesshost16, such as if a participatingdevice12 or14 is lost.
• Referring toFIG. 2,system10 contains adevice management module18 that manages authentications, subscriptions, user contacts, and ciphering, and is in communication with adatabase20 for storing and retrieving data associated with the various processes. Preferably,database20 is maintained remotely fromdevices12 and14 for additional security, such as in the “cloud” as that term is used in the field to refer to remotely positioned storage accessible via the internet. Preferably, messages themselves are not retained indatabase20 to improve security. For example, a user may request remote pairing with a particular contact stored withindatabase20 by usingmanagement module18 to retrieve the contact fromdatabase20.System10 then communicates the pairing request, which may be rejected or accepted bydevice14. If accepted, the MAC addresses are shared between the host files associated withdevices12 and14, and thus stored in the corresponding database files associated with the other device along with appropriate user identification (ID) information.
• As seen inFIG. 3,system10 may be configured to operate over Extensible Messaging and Presence Protocol (XMPP)22 or Session Initiation Protocol (SIP)24 based networks, and includes module for performing authentication/paring26, messaging multiplexing28, encryption/decryption, and anLDAP database30.System10 further includes an application/web module32 for retrieving and using user information, pairing relationships, contacts, subscriptions, logs, and status information.
• After at least one pair is achieved and stored indatabase20, a data transmission may be made usingsystem10. For example, as seen inFIG. 4, a user can select a contact frommanagement module18 and send a message that is encrypted bysystem10. If the receiving device's MAC address and user ID information are confirmed based on pre-configured pairing information indatabase20, the message is sent from sending device12 to the receivingdevice14 viasystem10. Thus, messages pass throughsystem10, which acts as a postmaster, and not directly between the devices.
• Referring toFIG. 5,system10 employs a hierarchy of servers to accomplish securing message transmissions. More particularly, anauthentication server36 having access todatabase20 is in communication with anXMPP relay server38, apairing server40, a messagingrelay status server42, a plug-incontrol server44, and aweb server46.System10 may thus be used to provide user identification, such as in connection with a voice or video conferencing session, wherein one or more sessions are started by the participants. For example, the identity of the user/participants may be confirmed by checking the device MAC addresses of users after they have logged into the program.
• System10 may further be programmed to control the amount of time that secure messages are available to the receiving device. For example, each message may be accompanied by a deletion parameter that is set by sending device12 and specifies when the message is to be automatically deleted by the receivingdevice14. In an additional embodiment of the present invention, sending device12 may remotely set the deletion trigger to cause immediate deletion of the message regardless of the status of the message on receivingdevice14, i.e., a message may be deleted before it has been read or viewed.
• In a preferred embodiment of the present invention,system10 employs the hierarchy ofFIG. 5 to avoid the need for storage of data involved in the secure transmission. For example, picture, video, sound, and data files may be transmitted between and viewed usingdevices using system10. By not retaining the data associated with messaging files indevice12 or14, such as deleting or flushing immediately or as directed by users, such as after the messages have been read or accessed, there is total privacy and integrity during paired conversations.System10 may further be programmed to allow a user to remotely disable paired connection. For example, a user that loses device12 may accesssystem10 via the internet using the web server ofsystem10 to delete all paired connections fromsystem10.

Claims (20)

What is claimed is:

1. A method of securely transmitting messages between electronic devices, comprising:

receiving a request to send a message from a sending device having a first MAC address to a receiving device having a second MAC address;

confirming that said first MAC address of said sending device matches at least said one of a predetermined plurality of unique MAC addresses associated with a corresponding plurality of registered electronic devices and stored in memory;

confirming that said second MAC address of said receiving device matches another one of said predetermined plurality of unique MAC addresses in said memory; and

forwarding said message from said sending device to said receiving device if said first and second MAC addresses are confirmed as having matches in said memory.

2. The method ofclaim 1, wherein each of said predetermined plurality of unique MAC addresses associated with a corresponding plurality of registered electronic devices have been paired with at least another of predetermined plurality of unique MAC addresses.

3. The method ofclaim 2, further comprising the step of confirming that said first MAC address of said sending device has been paired with said second MAC address of said receiving device and wherein the step of forwarding said message is performed only if said first and second MAC addresses have been paired.

4. The method ofclaim 1, further comprising the step of pairing at least one of said predetermined plurality of unique MAC addresses with another of said predetermined plurality of unique MAC addresses in response to a pairing request received from a requesting device having one of said predetermined plurality of unique MAC addresses that is forwarded to and accepted by another of said plurality of registered devices.

5. The method ofclaim 4, further comprising the step of terminating said pairing at request of either device involved in said pairing.

6. The method ofclaim 1, wherein said message further comprises a deletion parameter that specifies how long said message is to be retained by said receiving device.

7. The method ofclaim 1, further comprising the step of causing the deletion of said message from said receiving device in response to a deletion request from said sending device.

8. The method ofclaim 1, further comprising the step of registering at least one of said predetermined plurality of unique MAC addresses associated with a corresponding plurality of registered electronic devices by requiring a user identification and a password from each device and associating said user name and password with said MAC address for said registered device.

9. The method ofclaim 8, wherein the step of registering at least one of said predetermined plurality of unique MAC addresses associated with a corresponding plurality of registered electronic devices further comprises the step of requiring the presence of downloadable software on each electronic device to be registered.

10. The method ofclaim 8, further comprising the step of confirming that said username and password of said sending device match said registered username and password associated with the one of said predetermined plurality of unique MAC addresses that corresponds with said sending device.

11. A system for securely transmitting messages between electronic devices, comprising:

a database containing a plurality of MAC addresses uniquely corresponding with a plurality of electronic devices;

a server programmed to forward a message from a sending device having a first MAC address to a receiving device having a second MAC address if said database contains said first MAC address and said second MAC address.

12. The system ofclaim 11, wherein said server is further programmed to establish at least one pairing between two or more of said electronic devices and save said pairing relationship with said database.

13. The system ofclaim 12, wherein the server is further programmed to verify that said sending device and said receiving device have a pairing relationship prior to forwarding said message.

14. The system ofclaim 12, wherein said served is programmed to establish at least one pairing by forwarding a request from a first device registered in said database to a second device registered in said database and receiving from said second electronic device an acceptance or denial of said request.

15. The system ofclaim 14, wherein said server is further programmed to terminate said pairing at request of any device within said pairing relationship.

16. The system ofclaim 11, wherein said server is further programmed to add a deletion parameter to said message to notify said second device to delete said message after a predetermined time.

17. The system ofclaim 11, wherein said server is further programmed to remotely delete said message from said second device after a predetermined time.

18. The system ofclaim 11, wherein said database stores, along with each MAC address, a username and password associated with each of said electronic devices in said database.

19. The system ofclaim 18, wherein said server is further programmed to request from said sending device a first username and password and from said receiver device a second username and password and to confirm that said first username and password matches said username and password associated with said first electronic device and said second username and password matches said username and password associated with said second device.

20. The system ofclaim 11, wherein said server is further programmed to require the presence of downloadable software on each device stored in said database.

Images