Field of the Invention
The present invention generally relates to a system and method for secure file transfer over the Internet or other networks and, more particularly for providing secure transmission of files from the source or point of origin to the final (client or server) destination.
Description of the Prior Art
The Internet and other networks to which many users have access, even if operated as a private network, have proven to be a substantial convenience for the transfer of data and applications between users but are often not secure, allowing access to information to persons other than the person for whom the data or application was intended or that data or applications could be intercepted, altered or corrupted incident to an intrusion. As usage of such networks has grown in recent years, there has been an increasing need for businesses and individuals to securely transfer sensitive or confidential information, preferably without file encryption which is processing intensive and does not insure complete file integrity. At the same time, defenses such as so-called firewalls have been developed to avoid or lessen the effects of intrusions into communications between users of a given network while some protocols have been developed which are specifically intended for secure file transfer.
At the present time, there are two such standard Internet file transfer protocols (FTP) which provide robust and secure file transfer and management capabilities. These secure file transfer protocols are known as FTP over SSL or TLS (FTPS) as provided by Ford-Hutchinson in “IETF RFC 4217 Securing FTP with TLS, 2005, and FTP over SSH (SFTP or SCP) as provided by Galbraith, Van Dyke Software, Saarenmaa, F-Secure, “IETF draft RFC SSH File Transfer Protocol”, 2006, both of which are hereby fully incorporated by reference. While these protocols are effective for secure file transfer and are well-accepted, some issues involving these protocols have precluded widespread use.
Specifically, at the present time, secure client software that supports these recently developed protocols is not pervasively available on all computer platforms. Additionally, some enterprises may be unable or unwilling to implement Internet firewall changes required for use of these protocols over public networks and some private networks.
In contrast therewith, a known HTTP over SSL (HTTPS) protocol is widely accepted and used extensively for secure web transactions over the Internet. Web browsers and line mode HTTPS clients are available for virtually all computing platforms. Enterprises generally allow HTTPS protocol to flow through their Internet firewalls. Because of this, HTTPS is frequently a preferred protocol for use by businesses and consumers. However, the HTTPS protocol was designed for display of web pages and not specifically for transfer of files and management of transferred files.
Examples of some network architectures where HTTP or HTTPS protocols are used for providing secure file transfer across a network (e.g. Internet) link are outlined in U.S. Pat. No. 7,003,799 B2 To Jorgenson. However, in the exemplary architectures disclosed therein, secure protocols are only used for access to a transport gateway or transport proxy at the supplier node while communication with the file repositories (e.g. servers) within the supplier node are conducted using non-secure protocols (or HTTPS for repositories which are HTTP servers which supply information in a web page format as distinct from data files). Thus, the exemplary network architectures disclosed by Jorgenson do not provide for secure file transfer within the supplier node and, as is well-recognized in the art, an attack on a file may occur at any non-secure point where a file may temporarily reside, such as at proxies or gateways which are required for “protocol breaks” where a transmission protocol may be changed, as is often the case for transmission across firewalls and at non-secure servers (e.g. servers accessible through non-secure protocols). That is, use of a non-secure proxy is unacceptable where files must be transferred securely from point of origin (e.g. a server or repository) to the final destination, sometimes referred to as end-to-end security. While HTTP or HTTPS to FTP proxies are known, as used in some of the exemplary network architectures of Jorgenson, there are presently no proxies that support use of secure FTP over SSH/TLS (FTPS) or SSH (SFTP or SCP) to access a secure server and thus end-to-end security cannot be provided using pervasively available protocols such as HTTPS.