SYSTEMS AND METHODS FOR SECURE AND PERSISTENT RETENTION OF SENSITIVE INFORMATION

US 20140082749A1
Filed: 09/20/2013
Published: 03/20/2014
Est. Priority Date: 09/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method implemented in an information processing system including one or more data processors, the method comprising:

provisioning, by the information processing system, a client account for a user to enable a client computer associated with the user to store information in an elastic storage system and to prohibit the client computer, the information processing system, and the elastic storage system from altering and from deleting the stored information during an authorized retention period;

receiving at the information processing system data messages sent via one or more communications networks from one or more client computers, the received data messages including information that is required to be stored for the authorized retention period;

transmitting, from the information processing system, the received information via one or more data communications networks to the elastic storage system for storage so that the stored information is non-rewriteable and non-erasable during the authorized retention period;

in response to an authorized access request from an authorized computer device, the information processing system transmitting a retrieval request message to the elastic storage system via the one or more communication networks to retrieve a copy of the information stored in the elastic storage system;

wherein the provisioning step includes the information processing system configuring the elastic storage system to permit deletion, modification, or destruction of the stored information only when a trusted third party having a predetermined authentication information associated with the client account provides the predetermined authentication information to the elastic storage system,wherein the trusted third party is an entity independent from and not controlled by the user, the information processing system, or the elastic storage system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing system provisions a client account for a user to enable a client computer associated with the user to store information in an elastic storage system and to prohibit the client computer, the information processing system, and the elastic storage system from altering and from deleting the stored information during an authorized retention period. Data messages are received from one or more client computers and include information that is required to be stored for the authorized retention period. That information is transmitted via one or more data communications networks to the elastic storage system for storage so that the stored information is non-rewriteable and non-erasable during the authorized retention period. The secure data center receives the retrieved copy and provides it to the user device. The elastic storage system permits deletion, modification, or destruction of the stored information only when a trusted independent third party having predetermined authentication information associated with the client account provides the predetermined authentication information to the elastic storage system.

188 Citations

29 Claims

1. A method implemented in an information processing system including one or more data processors, the method comprising:
- provisioning, by the information processing system, a client account for a user to enable a client computer associated with the user to store information in an elastic storage system and to prohibit the client computer, the information processing system, and the elastic storage system from altering and from deleting the stored information during an authorized retention period;
  
  receiving at the information processing system data messages sent via one or more communications networks from one or more client computers, the received data messages including information that is required to be stored for the authorized retention period;
  
  transmitting, from the information processing system, the received information via one or more data communications networks to the elastic storage system for storage so that the stored information is non-rewriteable and non-erasable during the authorized retention period;
  
  in response to an authorized access request from an authorized computer device, the information processing system transmitting a retrieval request message to the elastic storage system via the one or more communication networks to retrieve a copy of the information stored in the elastic storage system;
  
  wherein the provisioning step includes the information processing system configuring the elastic storage system to permit deletion, modification, or destruction of the stored information only when a trusted third party having a predetermined authentication information associated with the client account provides the predetermined authentication information to the elastic storage system,wherein the trusted third party is an entity independent from and not controlled by the user, the information processing system, or the elastic storage system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method in claim 1, wherein the predetermined authentication information is a multi-factor authentication token.
  - 3. The method in claim 1, wherein the client device, the information processing system, and the elastic storage system do not include or have access to the predetermined authentication information.
  - 4. The method in claim 1, wherein the information is financial information and the information processing system ensures that the financial information is processed and stored in compliance with Securities and Exchange Commission (SEC) Rule 17a-4.
  - 5. The method in claim 1, wherein the information is financial information and the information processing system ensures that the financial information is processed and stored in compliance with Commodity Futures Trading Commission (CFTC) Rule 151.
  - 6. The method in claim 1, wherein the elastic storage system is a cloud-based storage system accessible over the one or more communications networks.
  - 7. The method in claim 6, wherein the information is financial information and the information processing system is operated by a financial services entity and the cloud-based storage system is operated by different entity that provides shared computing and storage services to achieve economies of scale.
  - 8. The method in claim 1, further comprising:
    - encrypting the information and then providing the encrypted information to the elastic storage medium to facilitate secure persistent storage of the information.
  - 9. The method in claim 1, wherein the information is received encrypted based on one or more first encryption keys associated with the user and the client computer, the method further comprising:
    - decrypting the received information based on the one or more first encryption keys;
      
      re-encrypting the decrypted information based on one or more second different encryption keys;
      
      transmitting the information encrypted with the one or more second different encryption keys to the elastic storage system for storage in encrypted format.
  - 10. The method in claim 1, wherein the information is financial information related to financial articles of trade that are tradable on one or more financial markets and including emails, user statements, trade confirmations, memos, electronic log files, PDF files, or instant messages.
  - 11. The method in claim 1, further comprising:
    - storing a date or time of storage of the information in the elastic storage system, andlinking the stored date or time to the information.
  - 12. The method in claim 1, wherein the retrieving step is performed as part of an audit of the client account.
  - 13. The method in claim 1, further comprising:
    - storing in a database metadata linked to the information;
      
      in response to the authorized request, accessing metadata from the database that is potentially relevant to the authorized request; and
      
      using the accessed metadata for retrieval of the copy of the information stored in the elastic storage system.
  - 14. The method in claim 13, wherein the metadata includes a unique identifier associated with the information and a date or time of storage of the information in the elastic storage system.
  - 15. The method in claim 1, further comprising:
    - tracking in a log file information and activities associated with the information in the information processing system and in the elastic storage system.

16. A secure information processing system comprising:
- one or more data processors configured to communicate with a client computer associated with a user, to communicate with a cloud computing and storage platform via a communications network, and configured to;
  
  provision a client account for the user to enable the client computer to store information in an elastic storage system and to prohibit the client computer, the information processing system, and the elastic storage system from altering and from deleting the stored information during an authorized retention period;
  
  receive data messages sent via one or more communications networks from one or more client computers, the received data messages including information that is required to be stored for the authorized retention period;
  
  transmit the received information via one or more data communications networks to the elastic storage system for storage so that the stored information is non-rewriteable and non-erasable during the authorized retention period;
  
  in response to an authorized access request from an authorized computer device, retrieve a copy of the information stored in the elastic storage system, andwherein the one or more data processors configure the elastic storage system to permit deletion, modification, or destruction of the stored information when a trusted third party having a predetermined authentication information associated with the client account presents the predetermined authentication information to the elastic storage system,wherein the trusted third party is an entity independent from and not controlled by the user, the information processing system, or the elastic storage system.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The secure information processing system in claim 16, wherein the client device, the information processing system, and the elastic storage system do not include or have access to the predetermined authentication information.
  - 18. The secure information processing system in claim 16 configured to ensure that the information is processed and stored in compliance with Securities and Exchange Commission (SEC) Rule 17a-4.
  - 19. The secure information processing system in claim 16, wherein the elastic storage system is a cloud-based storage system accessible over the one or more communications networks.
  - 20. The secure information processing system in claim 16, wherein the one or more data processors are further configured to:
    - encrypt the information and then providing the encrypted information to the elastic storage medium to facilitate secure persistent storage of the information.
  - 21. The secure information processing system in claim 16, wherein the information is received encrypted using one or more first encryption keys associated with the user and the client computer,wherein the one or more data processors are configured to decrypt the received information using the one or more first encryption keys,wherein one or more data processors are configured to re-encrypt the decrypted information using one or more second different encryption keys, andwherein the one or more data processors are configured to:
    - transmit the information encrypted with the one or more second different encryption keys to the elastic storage system for storage in encrypted format.
  - 22. The secure information processing system in claim 16, wherein the information is related to financial articles of trade that are tradable on one or more financial markets and including emails, user statements, trade confirmations, memos, electronic log files, PDF files, or instant messages.
  - 23. The secure information processing system in claim 16, wherein the one or more data processors are configured to:
    - store in a database metadata linked to the information;
      
      in response to the authorized request, access metadata from the database potentially relevant to the authorized request; and
      
      use the accessed metadata for requested retrieval the copy of the information stored in the elastic storage system.
  - 24. The secure information processing system in claim 23, wherein the metadata includes a unique identifier associated with the information and a date or time of storage of the information in the elastic storage system.
  - 25. The secure information processing system in claim 16, wherein the one or more data processors are configured to track in a log file information and activities associated with the information in the information processing system and in the elastic storage system.
  - 26. The secure information processing system in claim 16, wherein the one or more data processors includes multiple data processors divided into a user interface tier, a processing tier, a database tier, and an encryption management tier.

27. A financial information processing system comprising:
- a secure data center including one or more data processors configured for communication with user communication devices;
  
  a cloud computing and storage platform including a shared infrastructure of multiple computing and storage resources connected by one or more networks and providing shared services; and
  
  one or more data communications networks providing data communication between the secure data center and the cloud computing and storage platform, wherein;
  
  the secure data center is configured to;
  
  provision a client account for the user to enable the computer to store financial information in the cloud computing and storage platform and to prohibit user communication devices, the secure data center, and the cloud computing and storage platform from altering and from deleting the stored financial information during an authorized retention period;
  
  receive data messages sent via one or more communications networks from one or more client computers, the received data messages including financial information that is required to be stored for the authorized retention period;
  
  transmit the received information via the one or more data communications networks to the cloud computing and storage platform;
  
  transmit a retrieval request message for the stored financial information to the cloud computing and storage platform via the one or more data communications networks in response to an authorized access request from an authorized user communication device,the cloud computing and storage platform configured to;
  
  store the financial information transmitted by the secure data center in memory that is non-rewriteable and non-erasable during the authorized retention period;
  
  retrieve a copy of the stored financial information in response to receiving the retrieval request message;
  
  receive a request to delete, modify, or destroy the stored financial information, and if that request is accompanied by a predetermined authentication information associated with the client account and entrusted to a third party, then to perform the requested deletion, modification, or destruction of the stored financial information,wherein the third party is an entity independent from and not controlled by users, the secure data center, or the cloud computing and storage platform.
- View Dependent Claims (28, 29)
- - 28. The financial information processing system in claim 27 configured to ensure that the financial information is processed and stored in compliance with Securities and Exchange Commission (SEC) Rule 17a-4.
  - 29. The financial information processing system in claim 27, wherein the financial information is encrypted when received by the cloud computing and storage platform, and wherein the cloud computing and storage platform is configured to provide secure persistent storage of the encrypted financial information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.), Nasdaq, Inc.
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.), Nasdaq OMX Group Incorporated (Nasdaq, Inc.)
Inventors
HOLLAND, Ryan Christopher, STICKLE, Thomas C., LAFEVER, Malcolm Gary, MULLINS, Edward Scott

Granted Patent

US 9,424,432 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/29
CPC Class Codes

G06F 21/60 Protecting data

G06F 21/645 using a third party

SYSTEMS AND METHODS FOR SECURE AND PERSISTENT RETENTION OF SENSITIVE INFORMATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

188 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR SECURE AND PERSISTENT RETENTION OF SENSITIVE INFORMATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

188 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links