Method and system for protecting information on a computer system
First Claim
1. A communications method, comprising:
- storing data for a user on a first storage device accessible from a first computing device using a first communication path in an internal network between the first computing device and the first storage device;
authenticating the user for scheduling a data transfer, wherein authentication is performed using a second communication path through a public network;
scheduling a data transfer for a user-specified period of time on the first computing device using a second computing device through a third communication path in the internal network, wherein scheduling of data transfers can only be performed via first computing devices in the internal network;
authenticating the user for access to the data, wherein the authentication is performed using a fourth communication path through the public network between a third computing device and a fourth computing device;
moving, for the purpose of being available for the user-specified period of time only, at least a subset of the data through a fifth communication path from the first storage device to a second storage device in response to the authentication of the user of the data and the scheduling of the data transfer on the first computer; and
permitting, on the fourth computing device, access to the user through the third computing device through via the fourth communication path in the public network to the at least a subset of the data on the second storage device for only the user-specified period of time in response to a request from the user and removing the subset of the data from the second storage device thereafter, wherein the fourth computing device is not allowed to schedule data transfers for data stored on the first storage device through the fourth communication path between the third computing device and the fourth computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for protecting sensitive information, for example, a user'"'"'s personal information, stored on a database where the information is accessible via a communications network such as the Internet. An exemplary embodiment stores the sensitive information on an off-line server. The off-line server is connected to an on-line server. The on-line server is connected to the user via the Internet. The user interfaces with the on-line server, and at a scheduled time window, the sensitive information is made available to the on-line server by the off-line server. Outside of the time window, none of the sensitive information is kept on the on-line server. Thus by placing the sensitive information on-line for only limited periods of time the risk of compromise to the sensitive information is greatly reduced.
40 Citations
24 Claims
-
1. A communications method, comprising:
-
storing data for a user on a first storage device accessible from a first computing device using a first communication path in an internal network between the first computing device and the first storage device; authenticating the user for scheduling a data transfer, wherein authentication is performed using a second communication path through a public network; scheduling a data transfer for a user-specified period of time on the first computing device using a second computing device through a third communication path in the internal network, wherein scheduling of data transfers can only be performed via first computing devices in the internal network; authenticating the user for access to the data, wherein the authentication is performed using a fourth communication path through the public network between a third computing device and a fourth computing device; moving, for the purpose of being available for the user-specified period of time only, at least a subset of the data through a fifth communication path from the first storage device to a second storage device in response to the authentication of the user of the data and the scheduling of the data transfer on the first computer; and permitting, on the fourth computing device, access to the user through the third computing device through via the fourth communication path in the public network to the at least a subset of the data on the second storage device for only the user-specified period of time in response to a request from the user and removing the subset of the data from the second storage device thereafter, wherein the fourth computing device is not allowed to schedule data transfers for data stored on the first storage device through the fourth communication path between the third computing device and the fourth computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of protecting data from unauthorized access comprising:
-
storing data for a user on a first storage device connected to a secure network, the first storage device being accessible from a first computing device using a first communication path in the secure network between the first computing device and the first storage device; determining a selection of an access time and an access period for the user; scheduling a data transfer for a user-specified period of time on the first computing device using a second computing device through a second communication path in the secure network, wherein scheduling of data transfers can only be performed via second computing devices in the secure network; at the access time, loading for the purpose of being available for the access period only, by the first computing device, at least a subset of the data from the first storage device through a third communication path in the secure network to a second storage device, the second storage device being accessible through a fourth communication path in a public network from a third computing device upon authentication of the user, wherein the third computing device is not allowed to schedule data transfers for data stored on the first storage device through the fourth communication path in the public network; and removing the at least a subset of data from the second storage device after the access period has passed. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a first computer for generating a password, wherein the first computer is accessible by a user only via a telephone through a first communication path between the user and the telephone; a second computer associated with a first storage device for storing data, the second computer configured to; receive a scheduling of a data transfer for a user-specified period of time from the first computer through a second communication path in an intranet, wherein scheduling of data transfers can only be performed via first computing devices in the intranet; receive the password and a request for the data through a third communication path via an external network from a third computer; and authenticate the user using the password; the third computer configured to; receive the request from the user via a fourth communication path in the Internet from a fourth computer; receive, for the purpose of being available for the user-specified period of time only, at least a portion of the data from the first storage device associated with the second computer in response to the authentication of the user and the scheduling of the data transfer on the second computer; and provide the at least the portion of the data to the user through the fourth communication path in the Internet for only the user-specified period of time and removing the at least a portion of the data thereafter, wherein the fourth computer is not allowed to schedule data transfers for data stored on the first storage device through the fourth communication path. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification