System for maintaining the security of client files
First Claim
1. A system for enhancing the security of a computerized device, comprising:
- a microprocessor-based Lockbox system in communication with the computerized device and through which all communications to the computerized device are routed through an internal firewall, a secure web server, with on-the-fly data encryption means for encryption of data between the computerized device and the Lockbox system allowing only encrypted data to be stored more than transitorily on the Lockbox system, and with on-the-fly decryption of the encrypted data; and
the data communication with the computerized device is possible only after passphrase enabling of the Lockbox from the computerized device and where the computerized device can disable this enabling until the next passphrase enabling.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide a high degree of security to a computer or several computers connected to the Internet or a LAN. Where there is a high degree of confidentiality required, a combination of hardware and software secures data and provides some isolation from the outside network. An exemplary hardware system consists of a processor module, a redundant non-volatile memory system, such as dual disk drives, and multiple communications interfaces. This security system must be unlocked by a passphrase to access data, and all data is transparently encrypted, stored, archived and available for encrypted backup. A system for maintaining secure communications, file transfer and document signing with PKI, and a system for intrusion monitoring and system integrity checks are provided, logged and selectively alarmed in a tamper-proof, time-certain manner. The encryption keys can be automatically sent encrypted to be escrowed with a secure party to allow recovery.
86 Citations
14 Claims
-
1. A system for enhancing the security of a computerized device, comprising:
-
a microprocessor-based Lockbox system in communication with the computerized device and through which all communications to the computerized device are routed through an internal firewall, a secure web server, with on-the-fly data encryption means for encryption of data between the computerized device and the Lockbox system allowing only encrypted data to be stored more than transitorily on the Lockbox system, and with on-the-fly decryption of the encrypted data; and
the data communication with the computerized device is possible only after passphrase enabling of the Lockbox from the computerized device and where the computerized device can disable this enabling until the next passphrase enabling. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for enhancing data integrity and security and facilitating secured network communications, the system comprising:
a dedicated processing system comprising a processor, memory, redundant non-volatile storage (fixed or removable), an Internet or local area network interface with a firewall and a local network interface;
wherein the memory contains at least;
an operating system which can restrict the Internet access to the local network interface and restrict the downloading and running of applications not loaded at setup;
applications programs which, when executed by the processor, allow a computer on the local network interface to securely log onto the dedicated processing system to download and upload files to and from the non-volatile storage in a manner wherein the files are encrypted while stored on the non-volatile storage; and
applications programs which, when executed by the processor, are configured to insure files are archived redundantly and are able to be retrieved in the event of normal media failure or recent deletion. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
Specification