US 12,242,630 B2
Mutual transport layer security (TLS) verification using an authorized viewer
Gilbert Gatchalian, Union, NJ (US); Kamal D. Sharma, Mason, OH (US); Karthik Rajagopalan, Richmond, VA (US); Kevin A. Delson, Woodland Hills, CA (US); Robert R. Rosseland, Charlotte, NC (US); Yassine Touahri, Charlotte, NC (US); Amer Ali, Jersey City, NJ (US); Jyothishwar Reddy Sama, Charlotte, NC (US); Srinivasulu Bodapati, Hyderabad (IN); and Brian Christman, Richardson, TX (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Sep. 16, 2022, as Appl. No. 17/946,159.
Prior Publication US 2024/0095383 A1, Mar. 21, 2024
Int. Cl. G06F 21/62 (2013.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01)
CPC G06F 21/6218 (2013.01) [G06F 21/554 (2013.01); G06F 21/602 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A file security verification apparatus, the apparatus comprising:
a client computer;
a server computer; and
a mutual transport layer security (MTLS) authorized viewer, said authorized viewer configured to:
intercept a first encryption key message from the client computer to the server computer, said first encryption key message containing a first public encryption key;
store the first public encryption key at a memory location associated with the MTLS authorized viewer;
generate a second public encryption key;
store the second public encryption key at the memory location associated with the MTLS authorized viewer;
send a second encryption key message to the server computer, said second encryption key message containing the second public encryption key;
initiate a first MTLS connection with the client computer using the first public encryption key;
initiate a second MTLS connection with the server computer using the second public encryption key;
intercept a file from the client computer, said file being transmitted from the client computer to the server computer, said file encrypted with the first public encryption key;
decrypt the file using the first public encryption key to form a decrypted file, said first public encryption key being retrieved from the memory location;
transmit the decrypted file to a content inspection Artificial Intelligence (AI) module, for content inspection, said content inspection AI module configured to:
receive a decrypted file from the authorized viewer;
inspect the decrypted file;
analyze the decrypted file, said analyzing based on a predetermined standard of security verification;
flag data included in the file that fails to achieve the predetermined standard of security verification, as malicious, said flagging converting the data into flagged data;
mark data that achieves the predetermined standard of verification, as clean, said marking converting the data into marked data;
when the data is flagged data, transmit the flagged data to the authorized viewer; and
when the data is marked data, transmit the marked data to the authorized viewer;
receive the decrypted file from the content inspection AI module, said file containing the flagged data or the marked data;
re-encrypt the file with the second public encryption key, said second public encryption key being retrieved from the memory location; and
transmit the re-encrypted file to the server computer, said re-encrypted file being decryptable with the second public encryption key.