SECURITY PROCESS FOR PRIVATE DATA STORAGE AND SHARING
First Claim
1. Apparatus for transferring data from a source to a receptacle without exposing the data to unauthorized recipients or receptacles in the course of the transfer comprising:
- a. At least one component for input and/or output of cleartext and/or protected data;
b. At least one storage component for storing data including, some or all of cleartext data, firmware, software, keys, shared secrets, and/or protected data;
c. At least one CPU component for instruction execution for performing at least one of;
i. Data management;
ii. Encryption;
iii. Decryption;
iv. Device control;
v. Communication;
vi. Calculation;
vii. Hashing;
viii. Zeroization;
ix. Redundancy;
d. At least one component for supplying power comprising at least one of battery, RF converter, power regulator, external power interface;
e. At least one component for biometric authentication; and
At least one tamper-evident, tamper-resistant, and/or tamper-proof component protecting at least a different of said components.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for supplementing and/or replacing current security protocols and/or mechanisms used to store, manage and/or disseminate information for use on private data management devices and/or a private network and/or public network access provider'"'"'s network. The system includes processing hardware, proprietary software, and firmware. The system protects private data without the need to trust the security or veracity of third parties and/or intermediate computers and/or networks. When a “user” stores data it is immediately protected from active and passive compromise attempts. Once protected and stored, data is never released and/or transferred unprotected. Only the authorized “receiver” of the data is capable of accessing the protected data. Encryption is used to enhance authentication of the participants and/or protection of the data. This method can be used in conjunction with other secure data transfer applications such as, but not limited to, Secure Socket Layer (SSL) encryption and/or the Secure Electronic Transaction (SET) protocol, etc. This method can also be used in conjunction with any data transfer mechanism such as, but not limited to, Ethernet, WiFi, Bluetooth, RFID transponders, etc.
-
Citations
22 Claims
-
1. Apparatus for transferring data from a source to a receptacle without exposing the data to unauthorized recipients or receptacles in the course of the transfer comprising:
-
a. At least one component for input and/or output of cleartext and/or protected data; b. At least one storage component for storing data including, some or all of cleartext data, firmware, software, keys, shared secrets, and/or protected data; c. At least one CPU component for instruction execution for performing at least one of; i. Data management; ii. Encryption; iii. Decryption; iv. Device control; v. Communication; vi. Calculation; vii. Hashing; viii. Zeroization; ix. Redundancy; d. At least one component for supplying power comprising at least one of battery, RF converter, power regulator, external power interface; e. At least one component for biometric authentication; and At least one tamper-evident, tamper-resistant, and/or tamper-proof component protecting at least a different of said components. - View Dependent Claims (2, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
all of said bit-slice deconstruction, bit slice reconstruction, bit rotation, bit swaps and logical bit modifications may be constrained or influenced by one or more of raw randomly generated data, heuristically assembled data, fixed length sequences, dynamically created sequences, dynamically sized sequences, randomly sized sequences, pre-shared data, indexes, authentication tokens, biometric authenticators, authentication tokens, counters, chronological stamps, date and/or time stamps, offsets, size indicators, minimum limits, maximum limits, indexes, hashes, and tokens. -
9. The apparatus as recited in claim 1 including a secure personal information device (SPID) configured to store and retrieve protected data.
-
10. The apparatus as recited in claim 1 including a secure data storage manager (SDSM), configured to manage the protected data on the SPID.
-
11. The apparatus as recited in claim 10 wherein said SPID is configured to store data representing images, documents, databases, or audio or video content.
-
12. The apparatus as recited in claim 11 wherein said SPID is configured to release data when authenticated by a biometric parameter.
-
13. The apparatus as recited in claim 12 wherein said SPID is configured so the data to be released is defaulted to specific information.
-
14. The apparatus as recited in claim 13 wherein said SPID is configured to provide an automated, pre-specified set of choices.
-
15. The apparatus as recited in claim 14, incorporates authentication, key generation, key management, encryption, scrambling, and secure storage.
-
16. The apparatus as recited in claim 15 wherein said storage component stores separate access and protection rules for each piece of data subject to protection.
-
17. The apparatus as recited in claim 14 wherein said SPID is configured to never release as clear text data, data subject to protection.
-
18. The apparatus as recited in claim 14 wherein said SPID is configured to permanently erase specific data based on the alert/distress activation(s).
-
-
3. A method of transferring data from a source to a receptacle without exposing the data to unauthorized recipients or receptacles in the course of the transfer comprising:
-
providing a source including a. At least one interface component for selective input and output of cleartext and protected data; b. At least one storage component storing various data including identification data, partner data, cleartext data, software, secrets and protected data; c. At least one CPU component for data processing effecting a. Data management; b. Encryption; c. Device control; d. Communication; and d. At least one component facilitating biometric authentication; and e. At least one control component allowing control to be exercised by a user subject to testing by said biometric authentication component providing a receptacle including; f. at least one interface component for selective input and output of cleartext and protected data; g. at least one storage component storing various data including identification data, cleartext data, software, secrets and protected data; h. at least one CPU component for data processing effecting i. Data management; ii. Decryption; iii. Device control; iv. Communication; and i. At least one component facilitating biometric authentication; said method further comprising communicating protected data from said source to said receptacle in response to a request for said communication by a user authenticated by said biometric authentication component. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
19. A method of hiding original data so that the original data is not available without information describing the manner in which the original data was hidden, said method comprising
applying a first data hiding process to a first portion of the original data to produce a first hidden portion of the original data so that the first portion of the original data cannot be deduced from the first hidden portion without information on the first data hiding process, applying a second data hiding process to a second portion of the original data to produce a second hidden portion of the original data so that the second portion of the original data cannot be deduced from the second hidden portion without information on the second data hiding process, selecting a first subset of the first hidden portion and a second subset of the second hidden portion and modifying the first hidden portion by placing the second subset into the location previously occupied by the first subset and modifying second hidden portion by placing the first subset into the location previously occupied by the second subset, creating a final data set by replacing the first portion in the original data with the modified first hidden portion and replacing the second portion of the original data with the modified second hidden portion, and using the final data set and information concerning the first and second data hiding processes and selections of the first and second subset to represent the original data.
Specification