System, method and apparatus for electronically protecting data and digital content

US 8,543,806 B2
Filed: 07/31/2012
Issued: 09/24/2013
Est. Priority Date: 03/16/2005
Status: Active Grant

First Claim

Patent Images

1. A system for protecting sensitive data comprising:

one or more clients, each client having a data storage and a processor, wherein two or more items of sensitive data within a file have been replaced with a pointer for each item of sensitive data, wherein the pointer indicates where the item of sensitive data item has been stored in a secure storage by a server;

the server communicably coupled to the one or more clients; and

wherein the processor and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers by;

receiving a first request for data stored in the file on the data storage,determining whether the requested data includes at least one of the pointers,providing the requested data whenever the requested data does not include any of the pointers, andperforming the following steps whenever the requested data includes at least one of the pointers;

sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request,denying the first request whenever the authentication fails, andreceiving and providing the extracted sensitive data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and apparatus for protecting sensitive data in a file that has been replaced with pointer(s) for each sensitive data. The sensitive data items are protected by restricting subsequent access to and use of the sensitive data items via the pointers by: receiving a first request for data stored in a file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers: sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.

Citations

33 Claims

1. A system for protecting sensitive data comprising:
- one or more clients, each client having a data storage and a processor, wherein two or more items of sensitive data within a file have been replaced with a pointer for each item of sensitive data, wherein the pointer indicates where the item of sensitive data item has been stored in a secure storage by a server;
  
  the server communicably coupled to the one or more clients; and
  
  wherein the processor and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers by;
  
  receiving a first request for data stored in the file on the data storage,determining whether the requested data includes at least one of the pointers,providing the requested data whenever the requested data does not include any of the pointers, andperforming the following steps whenever the requested data includes at least one of the pointers;
  
  sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request,denying the first request whenever the authentication fails, andreceiving and providing the extracted sensitive data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as recited in claim 1, wherein:
    - the client comprises a computer, a laptop computer, a handheld computer, a desktop computer, a workstation, a data terminal, a phone, a mobile phone, a personal data assistant, a media player, a gaming console, a security device, a surveillance device or a combination thereof; and
      
      the server is communicably coupled to the one or more clients via a computer network, a telecommunications network, a wireless communications link, a physical connection, a landline, a satellite communications link, an optical communications link, a cellular network or a combination thereof.
  - 3. The system as recited in claim 1, wherein the communications between the server and the client are encrypted.
  - 4. The system as recited in claim 1, wherein the server further comprises:
    - an application program interface layer;
      
      an authentication layer coupled to the application program interface layer;
      
      a plug-in layer coupled to the authentication layer;
      
      a data layer coupled to the plug-in layer; and
      
      an events layer coupled to the data layer, the plug-in layer and the authentication layer.
  - 5. The system as recited in claim 1, wherein the received sensitive data items can only be viewed or used in an application that submitted the first request.
  - 6. The system as recited in claim 1, wherein the received sensitive data items cannot be further transferred or stored.
  - 7. The system as recited in claim 1, wherein the pointer comprises random data that is of a same data type as the sensitive data.
  - 8. The system as recited in claim 1, wherein the pointer is subsequently used to access the sensitive data item after proper authentication.
  - 9. The system as recited in claim 1, wherein storage of the sensitive data items and subsequent access to the sensitive data are governed by one or more rules.
  - 10. The system as recited in claim 1, wherein the sensitive data items comprises personal data, financial data, corporate data, legal data, government data, police data, immigration data, military data, intelligence data, security data, surveillance data, technical data, copyrighted content or a combination thereof.

11. An apparatus for protecting sensitive data comprising:
- a data storage comprising a file stored therein having two or more items of sensitive data that have been replaced with a pointer for each item of sensitive data, wherein the pointer indicates where the item of sensitive data item has been stored in a secure storage by a server;
  
  a communications interface to the server having the secure storage;
  
  a processor communicably coupled to the data storage and the communications interface, wherein the processor controls access to the data storage; and
  
  wherein the processor and the server protect the sensitive data items within the file by restricting subsequent access to and use of the sensitive data items via the pointers by;
  
  receiving a first request for data stored in the file on the data storage,determining whether the requested data includes at least one of the pointers,providing the requested data whenever the requested data does not include any of the pointers, andperforming the following steps whenever the requested data includes at least one of the pointers;
  
  sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request,denying the first request whenever the authentication fails, andreceiving and providing the extracted sensitive data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The apparatus as recited in claim 11, wherein:
    - the apparatus comprises a computer, a laptop computer, a handheld computer, a desktop computer, a workstation, a data terminal, a phone, a mobile phone, a personal data assistant, a media player, a gaming console, a security device, a surveillance device or a combination thereof; and
      
      the server is communicably coupled to the one or more clients via a computer network, a telecommunications network, a wireless communications link, a physical connection, a landline, a satellite communications link, an optical communications link, a cellular network or a combination thereof.
  - 13. The apparatus as recited in claim 11, wherein the communications between the server and the client are encrypted.
  - 14. The apparatus as recited in claim 11, wherein the received sensitive data items can only be viewed or used in an application that submitted the first request.
  - 15. The apparatus as recited in claim 11, wherein the received sensitive data items cannot be further transferred or stored.
  - 16. The apparatus as recited in claim 11, wherein the pointer comprises random data that is of a same data type as the sensitive data.
  - 17. The apparatus as recited in claim 11, wherein the pointer is subsequently used to access the sensitive data item after proper authentication.
  - 18. The apparatus as recited in claim 11, wherein storage of the sensitive data items and subsequent access to the sensitive data are governed by one or more rules.
  - 19. The apparatus as recited in claim 11, wherein the sensitive data items comprises personal data, financial data, corporate data, legal data, government data, police data, immigration data, military data, intelligence data, security data, surveillance data, technical data, copyrighted content or a combination thereof.

20. A method for protecting sensitive data comprising the steps of:
- providing a file on a data storage having two or more items of sensitive data that have been replaced with a pointer for each item of sensitive data, wherein the pointer indicates where the item of sensitive data item has been stored in a secure storage by a server; and
  
  protecting the sensitive data items by restricting subsequent access to and use of the sensitive data items via the pointers by;
  
  receiving a first request for data stored in a file on the data storage,determining whether the requested data includes at least one of the pointers,providing the requested data whenever the requested data does not include any of the pointers, andperforming the following steps whenever the requested data includes at least one of the pointers;
  
  sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request,denying the first request whenever the authentication fails, andreceiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method as recited in claim 20, wherein the received sensitive data items can only be viewed or used in an application that submitted the first request.
  - 22. The method as recited in claim 20, wherein the received sensitive data items cannot be further transferred or stored.
  - 23. The method as recited in claim 20, wherein the pointer comprises random data that is of a same data type as the sensitive data item.
  - 24. The method as recited in claim 20, wherein the pointer is subsequently used to access the sensitive data item after proper authentication.
  - 25. The method as recited in claim 20, wherein storage of the sensitive data items and subsequent access to the sensitive data are governed by one or more rules.
  - 26. The method as recited in claim 20, wherein the sensitive data items comprises personal data, financial data, corporate data, legal data, government data, police data, immigration data, military data, intelligence data, security data, surveillance data, technical data, copyrighted content or a combination thereof.

27. A non-transitory computer readable storage medium for protecting sensitive data comprising program instructions when executed by a client causes the client to perform the steps of:
- providing a file on a data storage having two or more items of sensitive data that have been replaced with a pointer for each item of sensitive data, wherein the pointer indicates where the item of sensitive data item has been stored in a secure storage by a server; and
  
  protecting the sensitive data items by restricting subsequent access to and use of the sensitive data items via the pointers by;
  
  receiving a first request for data stored in the file on the data storage,determining whether the requested data includes at least one of the pointers,providing the requested data whenever the requested data does not include any of the pointers, andperforming the following steps whenever the requested data includes at least one of the pointers;
  
  sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request,denying the first request whenever the authentication fails, andreceiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The computer readable storage medium as recited in claim 27, wherein the received sensitive data items can only be viewed or used in an application that submitted the first request.
  - 29. The computer readable storage medium as recited in claim 27, wherein the received sensitive data items cannot be further transferred or stored.
  - 30. The computer readable storage medium as recited in claim 27, wherein the pointer comprises random data that is of a same data type as the sensitive data item.
  - 31. The computer readable storage medium as recited in claim 27, wherein the pointer is subsequently used to access the sensitive data item after proper authentication.
  - 32. The computer readable storage medium as recited in claim 27, wherein storage of the sensitive data items and subsequent access to the sensitive data are governed by one or more rules.
  - 33. The computer readable storage medium as recited in claim 27, wherein the sensitive data items comprises personal data, financial data, corporate data, legal data, government data, police data, immigration data, military data, intelligence data, security data, surveillance data, technical data, copyrighted content or a combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kloke LLC
Original Assignee
DT Labs Development LLC
Inventors
Peckover, Douglas
Primary Examiner(s)
ARMOUCHE, HADI S

Application Number

US13/563,379
Publication Number

US 20120297462A1
Time in Patent Office

420 Days
Field of Search

None
US Class Current

713/151
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6245   Protecting personal data, e...

G06F 2221/2153   Using hardware token as a s...

G16H 20/13   delivered from dispensers

G16H 40/67   for remote operation

H04L 63/08   for authentication of entit...

System, method and apparatus for electronically protecting data and digital content

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and apparatus for electronically protecting data and digital content

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links