Secure communications are critical to allow the exchange of confidential or otherwise sensitive information over an otherwise unsecured network, such as the Internet. Historically, messages have been exchanged using cryptography including symmetric encryption, asymmetric encryption, hybrid encryption, message authentication code, digital signatures, etc. However, particularly in a server-to-server environment where connection times may be measured in hours instead of seconds or minutes, sophisticated attacks can result in exposure of sensitive data.
In an application entitled “Modular Secure Data Transfer”, Ser. No. 12/566,315, filed Sep. 24, 2009, invented by the inventor of the present application and assigned to the assignee of the present application, a method and system for modularizing data transfer such that the data of the message was separated from the metadata for the message and sent as separate transmissions over the network was proposed. Even in the context of this modularized messaging system where the message definition and message key are compromised, subsequent data transmissions will also be compromised. Moreover, modular secure transfer requires installation of the message modularizer and demodularizer on both the sender and the receiver. This means that all participants have to install software and then start to communicate. Changes to the modularizer/demodularizer require reinstallation or installation of an update on both participants. This results in significant administrative overhead and remains subject to sophisticated attack.