System, method and apparatus for electronically protecting data and digital content
First Claim
1. A system for protecting sensitive data comprising:
- one or more clients, each client having a respective processor and a respective data storage device communicably coupled to its respective processor; and
a server communicably coupled to the one or more clients;
wherein a first one of the clients and the server protect sensitive data items stored by the first one of the clients in a respective first data storage device by restricting subsequent access to and use of the sensitive data items by;
the first one of the clients replacing the sensitive data items with one or more pointers received from the server, the one or more pointers comprising non-sensitive data of a same data type as the sensitive data and indicating one or more locations where the sensitive data items have been stored in a secure storage by the server,a respective first processor of the first one of the clients receiving a first request for data,the first processor determining whether the first request requires one or more items of sensitive data,the first processor providing the requested data from a respective first storage device of the first one of the clients when the first request does not require sensitive data, otherwiseperforming the following steps when the first request requires the one or more sensitive data items;
the first one of the clients sending a second request containing one or more pointers to the server, the server authenticating the second request,the server denying the second request when the authentication fails, andthe server providing the one or more sensitive data items corresponding to the one or more pointers included in the second request when the authentication succeeds.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, method and apparatus for protecting sensitive data in a file that has been replaced with pointer(s) for each sensitive data. The sensitive data items are protected by restricting subsequent access to and use of the sensitive data items via the pointers by: receiving a first request for data stored in a file on the data storage, determining whether the requested data includes at least one of the pointers, providing the requested data whenever the requested data does not include any of the pointers, and performing the following steps whenever the requested data includes at least one of the pointers: sending a second request containing the pointer(s) included in the requested data to the server that authenticates the second request, denying the first request whenever the authentication fails, and receiving and providing the extracted data item(s) corresponding to the pointer(s) included in the requested data whenever the authentication succeeds.
86 Citations
8 Claims
-
1. A system for protecting sensitive data comprising:
-
one or more clients, each client having a respective processor and a respective data storage device communicably coupled to its respective processor; and a server communicably coupled to the one or more clients; wherein a first one of the clients and the server protect sensitive data items stored by the first one of the clients in a respective first data storage device by restricting subsequent access to and use of the sensitive data items by; the first one of the clients replacing the sensitive data items with one or more pointers received from the server, the one or more pointers comprising non-sensitive data of a same data type as the sensitive data and indicating one or more locations where the sensitive data items have been stored in a secure storage by the server, a respective first processor of the first one of the clients receiving a first request for data, the first processor determining whether the first request requires one or more items of sensitive data, the first processor providing the requested data from a respective first storage device of the first one of the clients when the first request does not require sensitive data, otherwise performing the following steps when the first request requires the one or more sensitive data items; the first one of the clients sending a second request containing one or more pointers to the server, the server authenticating the second request, the server denying the second request when the authentication fails, and the server providing the one or more sensitive data items corresponding to the one or more pointers included in the second request when the authentication succeeds. - View Dependent Claims (2, 3, 4)
-
-
5. A method for protecting sensitive data comprising:
-
receiving, at a server communicably coupled to one or more clients, first extracted data from a first one of the clients, storing the first extracted data at locations in a secure storage indicated by pointers, and sending to the first one of the clients the pointers, at the first one of the clients, replacing the extracted data with the pointers, wherein the extracted data comprises one or more items of sensitive data and the pointers comprise non-sensitive data of a same data type as the sensitive data; receiving, at the server, a first request for data, determining, by the server, whether the first request requires the one or more items of sensitive data, and if the first request does not require the one or more items of sensitive data, providing the requested data, and otherwise, if the first request does require the one or more items of sensitive data, receiving a second request containing one or more of the pointers, authenticating the second request, denying the second request when the authentication fails, and otherwise providing the one or more sensitive data items corresponding to the one or more pointers included in the second request when the authentication succeeds. - View Dependent Claims (6, 7, 8)
-
Specification