SECURITY PROCESS FOR PRIVATE DATA STORAGE AND SHARING

US 20090083544A1
Filed: 08/25/2008
Published: 03/26/2009
Est. Priority Date: 08/23/2007
Status: Abandoned Application

First Claim

Patent Images

1. Apparatus for transferring data from a source to a receptacle without exposing the data to unauthorized recipients or receptacles in the course of the transfer comprising:

a. At least one component for input and/or output of cleartext and/or protected data;

b. At least one storage component for storing data including, some or all of cleartext data, firmware, software, keys, shared secrets, and/or protected data;

c. At least one CPU component for instruction execution for performing at least one of;

i. Data management;

ii. Encryption;

iii. Decryption;

iv. Device control;

v. Communication;

vi. Calculation;

vii. Hashing;

viii. Zeroization;

ix. Redundancy;

d. At least one component for supplying power comprising at least one of battery, RF converter, power regulator, external power interface;

e. At least one component for biometric authentication; and

At least one tamper-evident, tamper-resistant, and/or tamper-proof component protecting at least a different of said components.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for supplementing and/or replacing current security protocols and/or mechanisms used to store, manage and/or disseminate information for use on private data management devices and/or a private network and/or public network access provider'"'"'s network. The system includes processing hardware, proprietary software, and firmware. The system protects private data without the need to trust the security or veracity of third parties and/or intermediate computers and/or networks. When a “user” stores data it is immediately protected from active and passive compromise attempts. Once protected and stored, data is never released and/or transferred unprotected. Only the authorized “receiver” of the data is capable of accessing the protected data. Encryption is used to enhance authentication of the participants and/or protection of the data. This method can be used in conjunction with other secure data transfer applications such as, but not limited to, Secure Socket Layer (SSL) encryption and/or the Secure Electronic Transaction (SET) protocol, etc. This method can also be used in conjunction with any data transfer mechanism such as, but not limited to, Ethernet, WiFi, Bluetooth, RFID transponders, etc.

Citations

22 Claims

1. Apparatus for transferring data from a source to a receptacle without exposing the data to unauthorized recipients or receptacles in the course of the transfer comprising:
- a. At least one component for input and/or output of cleartext and/or protected data;
  
  b. At least one storage component for storing data including, some or all of cleartext data, firmware, software, keys, shared secrets, and/or protected data;
  
  c. At least one CPU component for instruction execution for performing at least one of;
  
  i. Data management;
  
  ii. Encryption;
  
  iii. Decryption;
  
  iv. Device control;
  
  v. Communication;
  
  vi. Calculation;
  
  vii. Hashing;
  
  viii. Zeroization;
  
  ix. Redundancy;
  
  d. At least one component for supplying power comprising at least one of battery, RF converter, power regulator, external power interface;
  
  e. At least one component for biometric authentication; and
  
  At least one tamper-evident, tamper-resistant, and/or tamper-proof component protecting at least a different of said components.
- View Dependent Claims (2, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. Apparatus for transferring data as recited in claim 1 including at least one component performing bit-level data manipulation, said bit-level data manipulation comprising at least one of,a. bit-slice deconstruction, wherein a pattern is used for separating a single data stream and/or data element into many segments, regardless of machine dependant limitations by groups of one or more bits into groups of two or more distinct bit-streams, each bit-stream comprising a single bit-slice.b. bit-slice reconstruction, wherein a pattern is used for recombining two or more bit-slices into their original bit sequence.c. selective bounded bit rotation(s) and/or shift(s), wherein the domain for the bits to be shifted is unconstrained and may comprise any number of individual bits, where unconstrained refers to selecting any point of origin for a domain, a count of bits in the domain, and a number of bits applied as a rotation and/or shift, where domain refers to a set of bits against which the rotation and/or shift is applied and may be comprised of any number of bits available to either internally and/or externally,d. selective bounded and/or unbounded bit swap(s), wherein a domain for bits to be swapped is unconstrained and may comprise any number of individual source bits and any number of individual destination bits, where unconstrained refers selecting any point of origin for a domain, a count of bits in the domain, and a number of bits applied as source and/or destination for the swap(s), domain refers to a set of bits against which a swap(s) is applied and may be comprised of any number of bits available internally and/or externally,e. selective bounded and/or unbounded logical bit modification(s), wherein a domain for bits to be modified is unconstrained and may comprise any number of individual bits, unconstrained refers to selecting any point of origin for a domain, domain refers to a set of bits against which the logical operation is applied and may be comprised of any number of bits available internally and/or externally, where logical bit modification and logical operation refers to any computational logical operation, where
- 9. The apparatus as recited in claim 1 including a secure personal information device (SPID) configured to store and retrieve protected data.
- 10. The apparatus as recited in claim 1 including a secure data storage manager (SDSM), configured to manage the protected data on the SPID.
- 11. The apparatus as recited in claim 10 wherein said SPID is configured to store data representing images, documents, databases, or audio or video content.
- 12. The apparatus as recited in claim 11 wherein said SPID is configured to release data when authenticated by a biometric parameter.
- 13. The apparatus as recited in claim 12 wherein said SPID is configured so the data to be released is defaulted to specific information.
- 14. The apparatus as recited in claim 13 wherein said SPID is configured to provide an automated, pre-specified set of choices.
- 15. The apparatus as recited in claim 14, incorporates authentication, key generation, key management, encryption, scrambling, and secure storage.
- 16. The apparatus as recited in claim 15 wherein said storage component stores separate access and protection rules for each piece of data subject to protection.
- 17. The apparatus as recited in claim 14 wherein said SPID is configured to never release as clear text data, data subject to protection.
- 18. The apparatus as recited in claim 14 wherein said SPID is configured to permanently erase specific data based on the alert/distress activation(s).

3. A method of transferring data from a source to a receptacle without exposing the data to unauthorized recipients or receptacles in the course of the transfer comprising:
- providing a source includinga. At least one interface component for selective input and output of cleartext and protected data;
  
  b. At least one storage component storing various data including identification data, partner data, cleartext data, software, secrets and protected data;
  
  c. At least one CPU component for data processing effectinga. Data management;
  
  b. Encryption;
  
  c. Device control;
  
  d. Communication; and
  
  d. At least one component facilitating biometric authentication; and
  
  e. At least one control component allowing control to be exercised by a user subject to testing by said biometric authentication componentproviding a receptacle including;
  
  f. at least one interface component for selective input and output of cleartext and protected data;
  
  g. at least one storage component storing various data including identification data, cleartext data, software, secrets and protected data;
  
  h. at least one CPU component for data processing effectingi. Data management;
  
  ii. Decryption;
  
  iii. Device control;
  
  iv. Communication; and
  
  i. At least one component facilitating biometric authentication;
  
  said method further comprisingcommunicating protected data from said source to said receptacle in response to a request for said communication by a user authenticated by said biometric authentication component.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. A method for transferring data as recited in claim 3 which includes executing at least two different encryption algorithms in a source prior to implementing a single transfer from source.
  - 5. The method of claim 4, wherein each encryption algorithm is selectable from a set of encryption.
  - 6. The method of claim 5 further including bit-slicing data at designated boundaries, plural bit-slices fed independently as the input data for multiple encryption processes.
  - 7. Method for transferring data as recited in claim 3 which further includes data obfuscation, said obfuscation comprising at least one of bit deconstruction, bit reconstruction, bit swapping, bit rotation and logical bit modification.
  - 8. The method of claim 7, wherein said data obfuscation is selectable from a set of multiple potential obfuscations.

19. A method of hiding original data so that the original data is not available without information describing the manner in which the original data was hidden, said method comprisingapplying a first data hiding process to a first portion of the original data to produce a first hidden portion of the original data so that the first portion of the original data cannot be deduced from the first hidden portion without information on the first data hiding process,applying a second data hiding process to a second portion of the original data to produce a second hidden portion of the original data so that the second portion of the original data cannot be deduced from the second hidden portion without information on the second data hiding process,selecting a first subset of the first hidden portion and a second subset of the second hidden portion and modifying the first hidden portion by placing the second subset into the location previously occupied by the first subset and modifying second hidden portion by placing the first subset into the location previously occupied by the second subset,creating a final data set by replacing the first portion in the original data with the modified first hidden portion and replacing the second portion of the original data with the modified second hidden portion, andusing the final data set and information concerning the first and second data hiding processes and selections of the first and second subset to represent the original data.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19 whereina. said first data hiding process comprises encryption employing a first encryption process with a first encryption key,b. said second data hiding process comprises a second encryption process, different from said first encryption process with a second encryption key,c. said first and second portions of the original data comprising distinct portions of said original data.
  - 21. The method of claim 19 wherein said first and second portions of the original data comprise all of the original data.
  - 22. The method of claim 19 wherein further data hiding processes are applied to all said original data beyond said first and second portions of said original data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Andrew Scholnick, Michael Scholnick
Original Assignee
Andrew Scholnick, Michael Scholnick
Inventors
Scholnick, Michael, Scholnick, Andrew

Application Number

US12/198,070
Publication Number

US 20090083544A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/6245   Protecting personal data, e...

G06F 21/79   in semiconductor storage me...

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 2209/88   Medical equipments

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

SECURITY PROCESS FOR PRIVATE DATA STORAGE AND SHARING

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY PROCESS FOR PRIVATE DATA STORAGE AND SHARING

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links