System, Method and Apparatus for Electronically Protecting Data and Digital Content
First Claim
Patent Images
1. A system for protecting sensitive data comprising:
- one or more clients, each client having a data storage and a processor, wherein two or more items of sensitive data are stored within a file on the data storage and the processor extracts the sensitive data items from the file on the data storage, sends the extracted data items to a server for storage, receives a pointer for each extracted data item indicating where the extracted data item has been stored and replaces the extracted items of sensitive data stored in the file on the data storage with the pointers;
the server communicably coupled to the one or more clients, wherein the server receives the extracted data items from the client, stores the extracted data items to a secure storage, generates the pointer for each extracted data item and sends the pointers to the client; and
wherein the processor and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers by;
receiving a first request for data stored in the file on the data storage,determining whether the requested data includes at least one of the pointers,providing the requested data whenever the requested data does not include any of the pointers, andperforming the following steps whenever the requested data includes at least one of the pointers;
sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request,denying the first request whenever the authentication fails, andreceiving and providing the extracted sensitive data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system, method and apparatus for protecting sensitive data by extracting the sensitive data from a data storage on a client, sending the extracted data to a server for storage, receiving a pointer indicating where the extracted data has been stored and replacing the sensitive data on the data storage on the client with the pointer. The pointer may include random data that is of a same data type as the sensitive data. Furthermore, the pointer is subsequently used to access the sensitive data after proper authentication.
-
Citations
35 Claims
-
1. A system for protecting sensitive data comprising:
-
one or more clients, each client having a data storage and a processor, wherein two or more items of sensitive data are stored within a file on the data storage and the processor extracts the sensitive data items from the file on the data storage, sends the extracted data items to a server for storage, receives a pointer for each extracted data item indicating where the extracted data item has been stored and replaces the extracted items of sensitive data stored in the file on the data storage with the pointers; the server communicably coupled to the one or more clients, wherein the server receives the extracted data items from the client, stores the extracted data items to a secure storage, generates the pointer for each extracted data item and sends the pointers to the client; and wherein the processor and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers by; receiving a first request for data stored in the file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers; sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted sensitive data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for protecting sensitive data comprising:
-
a data storage comprising a file having two or more items of sensitive data stored therein; a communications interface to a server having a secure storage; a processor communicably coupled to the data storage and the communications interface, wherein the processor controls access to the data storage, extracts the sensitive data items from file on the data storage, sends the extracted data items to the server for storage via the communications interface, receives a pointer for each extracted data item indicating where the extracted data item has been stored and replaces the extracted items of sensitive data stored in the file on the data storage with the pointers; and wherein the processor and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers by; receiving a first request for data stored in the file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers; sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted sensitive data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for protecting sensitive data comprising the steps of:
-
extracting each item of the sensitive data from a file on a data storage on a client; sending the extracted data items to a server for storage; receiving a pointer for each extracted data item indicating where the extracted data item has been stored; replacing each item of the sensitive data stored in the file on the data storage on the client with the pointer; and protecting the sensitive data items by restricting subsequent access to and use of the sensitive data items via the pointers by; receiving a first request for data stored in a file on the data storage; determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers; sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A non-transitory computer readable storage medium for protecting sensitive data comprising program instructions when executed by a client causes the client to perform the steps of:
-
extracting each item of the sensitive data from a file on a data storage on the client; sending the extracted data items to a server for storage; receiving a pointer for each extracted data item indicating where the extracted data item has been stored; replacing each item of the sensitive data stored in the file on the data storage on the client with the pointer; and protecting the sensitive data items by restricting subsequent access to and use of the sensitive data items via the pointers by; receiving a first request for data stored in the file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers; sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
Specification