System, method and apparatus for electronically protecting data and digital content

US 8,826,448 B2
Filed: 10/23/2013
Issued: 09/02/2014
Est. Priority Date: 03/16/2005
Status: Active Grant

First Claim

Patent Images

1. A system for protecting sensitive data comprising:

one or more clients, each client having a respective processor and a respective data storage device communicably coupled to its respective processor; and

a server communicably coupled to the one or more clients;

wherein a first one of the clients and the server protect sensitive data items stored by the first one of the clients in a respective first data storage device by restricting subsequent access to and use of the sensitive data items by;

the first one of the clients replacing the sensitive data items with one or more pointers received from the server, the one or more pointers comprising non-sensitive data of a same data type as the sensitive data and indicating one or more locations where the sensitive data items have been stored in a secure storage by the server,a respective first processor of the first one of the clients receiving a first request for data,the first processor determining whether the first request requires one or more items of sensitive data,the first processor providing the requested data from a respective first storage device of the first one of the clients when the first request does not require sensitive data, otherwiseperforming the following steps when the first request requires the one or more sensitive data items;

the first one of the clients sending a second request containing one or more pointers to the server, the server authenticating the second request,the server denying the second request when the authentication fails, andthe server providing the one or more sensitive data items corresponding to the one or more pointers included in the second request when the authentication succeeds.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and apparatus for protecting sensitive data in a file that has been replaced with pointer(s) for each sensitive data. The sensitive data items are protected by restricting subsequent access to and use of the sensitive data items via the pointers by: receiving a first request for data stored in a file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers: sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.

86 Citations

View as Search Results

8 Claims

1. A system for protecting sensitive data comprising:
- one or more clients, each client having a respective processor and a respective data storage device communicably coupled to its respective processor; and
  
  a server communicably coupled to the one or more clients;
  
  wherein a first one of the clients and the server protect sensitive data items stored by the first one of the clients in a respective first data storage device by restricting subsequent access to and use of the sensitive data items by;
  
  the first one of the clients replacing the sensitive data items with one or more pointers received from the server, the one or more pointers comprising non-sensitive data of a same data type as the sensitive data and indicating one or more locations where the sensitive data items have been stored in a secure storage by the server,a respective first processor of the first one of the clients receiving a first request for data,the first processor determining whether the first request requires one or more items of sensitive data,the first processor providing the requested data from a respective first storage device of the first one of the clients when the first request does not require sensitive data, otherwiseperforming the following steps when the first request requires the one or more sensitive data items;
  
  the first one of the clients sending a second request containing one or more pointers to the server, the server authenticating the second request,the server denying the second request when the authentication fails, andthe server providing the one or more sensitive data items corresponding to the one or more pointers included in the second request when the authentication succeeds.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the sensitive data items comprise at least one of:
    - personal data, financial data, corporate data, legal data, government data, police data, immigration data, military data, intelligence data, security data, surveillance data, technical data, copyrighted content or a combination thereof.
  - 3. The system of claim 1, wherein:
    - each client comprises a respective one of;
      
      a computer, a laptop computer, a handheld computer, a desktop computer, a workstation, a data terminal, a phone, a mobile phone, a personal data assistant, a media player, a gaming console, a security device, a surveillance device or a combination thereof; and
      
      the server is communicably coupled to each respective one of the one or more clients via a respective computer network, a telecommunications network, a wireless communications link, a physical connection, a landline, a satellite communications link, an optical communications link, a cellular network or a combination thereof.
  - 4. The system of claim 1, wherein communications between the server and one or more of the one or more clients are encrypted.

5. A method for protecting sensitive data comprising:
- receiving, at a server communicably coupled to one or more clients, first extracted data from a first one of the clients, storing the first extracted data at locations in a secure storage indicated by pointers, and sending to the first one of the clients the pointers,at the first one of the clients, replacing the extracted data with the pointers, wherein the extracted data comprises one or more items of sensitive data and the pointers comprise non-sensitive data of a same data type as the sensitive data;
  
  receiving, at the server, a first request for data,determining, by the server, whether the first request requires the one or more items of sensitive data, andif the first request does not require the one or more items of sensitive data, providing the requested data, and otherwise,if the first request does require the one or more items of sensitive data, receiving a second request containing one or more of the pointers, authenticating the second request, denying the second request when the authentication fails, and otherwise providing the one or more sensitive data items corresponding to the one or more pointers included in the second request when the authentication succeeds.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein the sensitive data items comprise at least one of:
    - personal data, financial data, corporate data, legal data, government data, police data, immigration data, military data, intelligence data, security data, surveillance data, technical data, copyrighted content or a combination thereof.
  - 7. The system of claim 5, wherein:
    - each client comprises a respective one of;
      
      a computer, a laptop computer, a handheld computer, a desktop computer, a workstation, a data terminal, a phone, a mobile phone, a personal data assistant, a media player, a gaming console, a security device, a surveillance device or a combination thereof; and
      
      the server is communicably coupled to each respective one of the one or more clients via a respective computer network, a telecommunications network, a wireless communications link, a physical connection, a landline, a satellite communications link, an optical communications link, a cellular network or a combination thereof.
  - 8. File system of claim 5, wherein communications between the server and one or more of the one or more clients are encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kloke LLC
Original Assignee
DT Labs LLC
Inventors
Peckover, Douglas
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/061,649
Publication Number

US 20140053240A1
Time in Patent Office

314 Days
Field of Search

713164-167, 713/189, 713/193, 726 26- 30
US Class Current

726/26
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6245   Protecting personal data, e...

G06F 2221/2153   Using hardware token as a s...

G16H 20/13   delivered from dispensers

G16H 40/67   for remote operation

H04L 63/08   for authentication of entit...

System, method and apparatus for electronically protecting data and digital content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and apparatus for electronically protecting data and digital content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links