Method and apparatus for secure data transfer

US 20070174916A1
Filed: 10/26/2006
Published: 07/26/2007
Est. Priority Date: 10/28/2005
Status: Abandoned Application

First Claim

Patent Images

1. Apparatus adapted to securely provide filtering of data on a source device to produce filtered data, said filtering excluding substantially all portions of said data except for data authorized for transfer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for secure transfer of electronic or optical data. In one exemplary aspect, a method is provided whereby data on a source computer is filtered to exclude all but data that is authorized for transfer, stored in a transport format, marked so that the source of the stored data can be authenticated, and transferred to a transfer device configured to only accept data marked with an acceptable authentication mark. In one embodiment, a control apparatus is provided whereby data can be analyzed to exclude harmful code, a storage apparatus is provided whereby the analyzed data can be stored, an authentication apparatus is provided whereby data so analyzed and stored can be marked to identify the trusted nature of the analyzing apparatus and a receiving apparatus is provided whereby the recipient of the data only accepts data identified as originating from a trusted source.

Citations

22 Claims

1. Apparatus adapted to securely provide filtering of data on a source device to produce filtered data, said filtering excluding substantially all portions of said data except for data authorized for transfer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein said apparatus is adapted to:
    - store said filtered data;
      
      mark said filtered data so that the source of the stored filtered data can be authenticated; and
      
      transfer said filtered and marked data to a transfer device configured to only accept data marked with an acceptable authentication mark.
  - 3. The apparatus of claim 1, wherein said apparatus is disposed on said source device, and said filtering is performed by software adapted to run on said device and configured to identify at least one of:
    - (i) virus code, or (ii) an executable, within said data.
  - 4. The apparatus of claim 1, wherein said apparatus comprises a computerized device with software adapted to encrypt at least a portion of said data authorized for transfer.
  - 5. The apparatus of claim 4, wherein said encryption is performed using a public portion of a public-private key pair, a private portion of said pair being retained by a second device with which said apparatus is or will be in data communication with.
  - 6. The apparatus of claim 5, wherein said second device comprises a substantially portable flash drive, and said computerized device comprises a personal or laptop computer having a USB port, said USB port providing communication between said computerized device and flash drive when the drive and device are placed in communication.
  - 7. The apparatus of claim 4, wherein said software is adapted to perform a one-way cryptographic hash on at least a portion of said data authorized for transfer.
  - 8. The apparatus of claim 1, wherein said apparatus is disposed on a device other than said source device, and said filtering is performed by software adapted to run on said other device and configured to identify at least one of:
    - (i) virus code, or (ii) an executable, within said data.

9. A method of processing source data being transferred from one device to a second device, comprising:
- encrypting source data via a first apparatus to produce encrypted data;
  
  transferring the encrypted data to a second apparatus;
  
  evaluating the encrypted data to determine if at least one criterion is met;
  
  decrypting and locally storing said encrypted data if said criterion is met; and
  
  not decrypting and deleting said encrypted data if said criterion is not met.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein said second device comprises a portable flash drive, and said at least one criterion comprises being able to decrypt at least a portion of said encrypted data using a key or key portion resident on said flash drive.
  - 11. The method of claim 9, wherein said second device comprises a portable flash drive, said method further comprises hashing at least a portion of said encrypted data to create first hashed data, and said at least one criterion comprises identically matching a hash generated by said flash device to said first hashed data.

12. Computerized apparatus, comprising:
- control apparatus adapted to analyze source data to exclude harmful code;
  
  storage apparatus adapted to store the analyzed data;
  
  authentication apparatus adapted to designate the trusted nature of the data analyzed by the control apparatus; and
  
  receiving apparatus adapted to only receive data marked as trusted.

13. A method of processing source data, comprising:
- encrypting said source data to create encrypted source data;
  
  hashing said encrypted source data to create hashed data;
  
  encrypting the hashed data to create an encrypted hash;
  
  decrypting the encrypted hash to recover the hashed data;
  
  generating a second hash based on the encrypted source data;
  
  comparing the recovered hash data and the second hash; and
  
  if said comparing meets at least one criterion, then performing further processing on at least said encrypted source data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The method of claim 13, wherein:
    - said encrypting said source data to create encrypted source data, hashing said encrypted source data to create hashed data, and encrypting the hashed data to create an encrypted hash are all performed on a first computerized device; and
      
      said decrypting the encrypted hash to recover the hashed data, generating a second hash based on the encrypted source data, and comparing the recovered hash data and the second hash are all performed on a second computerized device.
  - 15. The method of claim 14, wherein said second computerized device comprises a portable storage medium device having a software process capable of running thereon, said software process adapted to perform said decrypting the encrypted hash to recover the hashed data, generating a second hash based on the encrypted source data, and comparing the recovered hash data and the second hash before permitting storage of said source data on said second device.
  - 16. The method of claim 13, wherein said encrypting said source data to create encrypted source data, and said encrypting the hashed data to create an encrypted hash, are each performed using the same encryption key.
  - 17. The method of claim 16, wherein said encryption key comprises the public portion of a public-private key pair.
  - 18. The method of claim 16, wherein said encryption key comprises a symmetric encryption key.
  - 19. The method of claim 13, further comprising disposing said encrypted source data and said encrypted hash in a common data structure before said act of decrypting is performed.
  - 20. The method of claim 19, further comprising transferring the common data structure from a first computerized device to a second computerized device.
  - 21. The method of claim 13, further comprising processing said source data before said encryption thereof is performed, said processing being adapted to identify at least one target element within said source data.
  - 22. The method of claim 21, wherein said at least one target element within said source data is selected from the group consisting of:
    - (i) virus code; and
      
      (ii) an executable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Peter Ching
Original Assignee
Peter Ching
Inventors
Ching, Peter

Application Number

US11/588,614
Publication Number

US 20070174916A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

G06F 21/606 by securing the transmissio...

Method and apparatus for secure data transfer

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure data transfer

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links