System, method and apparatus for electronically protecting data and digital content
First Claim
Patent Images
1. A system for protecting sensitive data comprising:
- one or more clients, each client having a data storage and a content manager, wherein two or more items of sensitive data are stored within a file on the data storage and the content manager extracts the sensitive data items from the file on the data storage, sends the extracted data items to a server for storage, receives a pointer for each extracted data item indicating where the extracted data item has been stored and replaces the extracted items of sensitive data stored in the file on the data storage with the pointers;
the server communicably coupled to the one or more clients, wherein the server receives the extracted data items from the client, stores the extracted data items to a secure storage, generates the pointer for each extracted data item and sends the pointers to the client; and
wherein the content manager and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers based on one or more rules by;
receiving a first request from one or more applications for data stored in the file on the data storage,determining whether the requested data includes one or more of the sensitive data items,providing the requested data to the one or more applications whenever the requested data does not include any of the sensitive data items, andperforming the following steps whenever the requested data includes one or more of the sensitive data items;
sending a second request containing the pointer for each sensitive data item included in the requested data to the server that authenticates the second request,denying the first request whenever the authentication fails, andreceiving and providing the requested sensitive data items to the one or more applications whenever the authentication succeeds.
7 Assignments
0 Petitions
Accused Products
Abstract
A system, method and apparatus are described for protecting sensitive data by extracting the sensitive data from a data storage on a client, sending the extracted data to a server for storage, receiving a pointer indicating where the extracted data has been stored and replacing the sensitive data on the data storage on the client with the pointer. The pointer may include random data that is of a same data type as the sensitive data. Furthermore, the pointer is subsequently used to access the sensitive data after proper authentication.
61 Citations
39 Claims
-
1. A system for protecting sensitive data comprising:
-
one or more clients, each client having a data storage and a content manager, wherein two or more items of sensitive data are stored within a file on the data storage and the content manager extracts the sensitive data items from the file on the data storage, sends the extracted data items to a server for storage, receives a pointer for each extracted data item indicating where the extracted data item has been stored and replaces the extracted items of sensitive data stored in the file on the data storage with the pointers; the server communicably coupled to the one or more clients, wherein the server receives the extracted data items from the client, stores the extracted data items to a secure storage, generates the pointer for each extracted data item and sends the pointers to the client; and wherein the content manager and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers based on one or more rules by; receiving a first request from one or more applications for data stored in the file on the data storage, determining whether the requested data includes one or more of the sensitive data items, providing the requested data to the one or more applications whenever the requested data does not include any of the sensitive data items, and performing the following steps whenever the requested data includes one or more of the sensitive data items; sending a second request containing the pointer for each sensitive data item included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the requested sensitive data items to the one or more applications whenever the authentication succeeds. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 20, 21)
-
-
8. An apparatus for protecting sensitive data comprising:
-
a data storage comprising a file having two or more items of sensitive data stored therein; one or more applications; a communications interface to a remote server having a secure storage; a content manager communicably coupled to the data storage, the one or more applications and the communications interface, wherein the content manager controls access to the data storage, extracts the sensitive data items from the file on the data storage, sends the extracted data items to the remote server for storage via the communications interface, receives a pointer for each extracted data item indicating where the extracted data item has been stored and replaces the extracted items of sensitive data stored in the file on the data storage with the pointers; and wherein the content manager and the remote server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers based on one or more rules by; receiving a first request from the one or more applications for data stored in the file on the data storage, determining whether the requested data includes one or more of the sensitive data items, providing the requested data to the one or more applications whenever the requested data does not include any of the sensitive data items, and performing the following steps whenever the requested data includes one or more of the sensitive data items; sending a second request containing the pointer for each sensitive data item included in the requested data to the remote server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the requested sensitive data items to the one or more applications whenever the authentication succeeds. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
9. A method for protecting sensitive data comprising the steps of:
-
extracting each item of the sensitive data from a file on a data storage on a client; sending the extracted data items to a server for storage; receiving a pointer for each extracted data item indicating where the extracted data item has been stored; replacing each item of the sensitive data stored in the file on the data storage on the client with the pointer; and protecting the sensitive data items by restricting subsequent access to and use of the sensitive data items via the pointers based on one or more rules by; receiving a first request for data stored in the file on the data storage; determining whether the requested data includes any of the sensitive data items; providing the requested data whenever the requested data does not include any of the sensitive data items; and performing the following steps whenever the requested data includes any of the sensitive data items;
sending a second request containing the pointer for each sensitive data item included in the requested data to the server, authenticating the second request, denying the second request whenever the authentication fails, retrieving the requested sensitive data items using the pointers and sending the sensitive data items whenever the authentication succeeds. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 30, 31)
-
-
17. A non-transitory computer readable storage medium for protecting sensitive data comprising program instructions when executed by a client causes the client device to perform the steps of:
-
extracting each item of the sensitive data from a file on a data storage on the client; sending the extracted data items to a server for storage; receiving a pointer for each extracted data item indicating where the extracted data item has been stored; replacing each item of the sensitive data stored in the file on the data storage on the client with the pointer; and protecting the sensitive data items by restricting subsequent access to and use of the sensitive data items via the pointers based on one or more rules by; receives a first request from one or more applications for data stored in the file on the data storage, determines whether the requested data includes one or more of the sensitive data items, provides the requested data to the one or more applications whenever the requested data does not include any of the sensitive data items, and performs the following steps whenever the requested data includes one or more of the sensitive data items; sends a second request containing the pointer for each sensitive data item included in the requested data to the server that authenticates the second request, denies the first request whenever the authentication fails, and receives and provides the requested sensitive data items to the one or more applications whenever the authentication succeeds. - View Dependent Claims (18, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification