5244 results about "Data security" patented technology

The method, program and system secures sensitive data/objects found in a data source document with an editor. The simple editor identifies and displays, in situ, the sensitive words/objects per each security level. Level tags are inserted and adjunctive words/objects are marked/displayed per the level's protocol. The precursor document is processed to extract sensitive and adjunctive words/objects. The stripped data is either separately stored or partial versions of the secured document are stored per protocol. A comprehensive editor secures content data and meta data contained in a data document object model (DOM). The editor maps the source document root, branch and leaf components as binary files populated with content data and meta data. Security introns, earlier identified based upon the level's informational attributes, are excluded. Security exons are copied from the source content and meta data binary files into a security safe document (template). Filtration, extraction, dispersal and storage follow.

An adaptive method, system and program for securing data against a plurality of electronic and environmental events directed at computers utilizes a hacking monitor which generates attack warnings (such as a hacking warning) dependent upon the severity of the attack. Based upon these warnings, data is filtered to extract security sensitive words etc. and the extract and remainder data (if necessary) is stored in assigned memory. Full or partial reconstruction is permitted, manually or automatically, with a security clearance. Encryption is typically used dependent upon the warning. The information processing system includes a filter which is adjusted based upon the degree of attack warning to extract security sensitive words. A storage system stores extracted data and remainder data (if necessary) based upon the level of the warning and a compiler is used to reconstruct the data in the presence of the appropriate security clearance level.

The present invention is directed to security systems and methods for mobile network-based data environments. The present invention provides an integration of security, mobile computing, wireless and IT infrastructure management technology, to create a new level of automation and enforcement to enable the transparent application of mobile security across an enterprise, while embracing end user “transparency” and “ease of use” and empowering IT administration.

The method, program and information processing system secures data, and particularly security sensitive words, characters or data objects in the data, in a computer system with multiple independent levels of security (MILS). Each level of MILS has a computer sub-network with networked workstations. The MILS sub-networks are connected together via security guard computer(s) and each guard computer has separate memories for each level (TS, S, C, UC(or remainder)). The method extracts the security sensitive words/data (a granular action), from the source document for each MILS level, stores the extracted data in a corresponding extract store for each level and permits reconstruction/reassembly of the dispersed data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each MILS level.

A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

The present invention relates to the field of security of electronic data and/or communications. In one form, the invention relates to data security and/or privacy in a distributed and/or decentralised network environment. In another form, the invention relates to enabling private collaboration and/or information sharing between users, agents and/or applications. Embodiment(s) of the present invention enable the sharing of key(s) and/or content between a first user and/or agent and a second user and/or agent. Furthermore, embodiment(s) of the present invention have application in sharing encrypted information via information sharing services.

A number of inventions, aspects and embodiments are disclosed herein.

The method, used with a portable computing device, secures security sensitive words, icons, etc. by determining device location within or without a predetermined region and then extracting the security data from the file, text, data object or whatever. The extracted data is separated from the remainder data and stored either on media in a local drive or remotely, typically via wireless network, to a remote store. Encryption is used to further enhance security levels. Extraction may be automatic, when the portable device is beyond a predetermined territory, or triggered by an event, such a “save document” or a time-out routine. Reconstruction of the data is permitted only in the presence of a predetermined security clearance and within certain geographic territories. A computer readable medium containing programming instructions carrying out the methodology for securing data is also described herein. An information processing system for securing data is also described.

The method, program and information processing system secures data, and particularly security sensitive words, characters or data objects in the data, in a computer system with territorial, geographic and triggering event protocols. The method and system determines device location within or without a predetermined region and then extracts security data from the file, text, data object or whatever. The extracted data is separated from the remainder data and stored either on media in a local drive or remotely, typically via wireless network, to a remote store. Encryption is used to further enhance security levels. Extraction may be automatic, when the portable device is beyond a predetermined territory, or triggered by an event, such a “save document” or a time-out routine. Reconstruction of the data is permitted only with security clearance and within certain geographic territories. An information processing system for securing data is also described.

A system and method for conducting financial transactions by means of a smartphone is disclosed. A barcode is printed on the invoice, which is scanned by the mobile device screen. The mobile device is used instead of a credit card or cash. Provisions for data security, transaction verification, and communications protocols are disclosed.

A secure magnetic stripe card stripe reader (MSR) module and software system capable of encrypting the magnetic stripe data to CPI, SDP and CISP standards for use in point of sale (POS) and other applications requiring data security using non secure networks and computing devices. Additionally, when incorporated within an attachment for conventional personal digital assistant (PDA) or cell phone or stationary terminal, provides encrypted data from the magnetic head assembly providing compliance with Federal Information Processing Standards Publication Series FIPS 140 covering security and tampering standards. Moreover, this module and software system includes the capability of providing secure POS transactions to legacy transaction processing systems and POS terminals transparently to the existing infrastructure. Furthermore, this module and software system includes the capability of transparently providing detection of fraudulently copied magnetic stripe cards.

There are provided methods and apparatuses for processing requests from requestors, methods and apparatuses for transmitting indicia representative of information from a first domain to a second domain, methods comprising, and apparatuses for, determining whether a requestor is authorized to perform a desired operation on a target comprising at least one element which comprises an information set of indicia and arrangements of stored data, as well as computer-readable media having computer-executable commands for performing the same. In some aspects of the present invention, there are provided high-assurance data security apparatuses and methods, in particular, user data protection via enforcement of policy-based access control.

A data management technique for managing accesses to data at a shared storage system includes a filter at the storage system. The filter is coupled to a configuration table, which identifies which of a number of coupled host processors have accesses to each of the resources at the device. During operation, requests received from the host devices are filtered by the filter, and only those requests to resources that the individual host devices have privilege to access are serviced. Advantageously, data security is further enhanced by authenticating each of the requests received by the storage system to verify that the host processor that is represented as forwarding the request is the indicated host processor. In addition, transfers of data between the storage system and the host processor may be validated to ensure that data was not corrupted during the data transfer.

Techniques for securing electronic data and keeping the electronic data secured at all times are disclosed. According to one embodiment, a client module in a client machine is configured to provide access control to secured documents that may be located in a local store, another computer machine or somewhere over a data network. The client module includes a document-securing module configured to operate in a path through which a document being accessed is caused to pass so that the document can be examined or detected for the security nature. If the document is secured, the document-securing module obtains a user or group key to decrypt security information in the secured document for access rules therein. If a user accessing the document is determined to have the access privilege to the secured document, a file key is retrieved from the security information and a cipher module is activated to decrypt the encrypted data portion with the file key. Likewise, if a document is to be secured, the cipher module encrypts clear data from the document to create the encrypted data portion. The document-securing module integrates proper or desired security information with the encrypted data portion to produce the secured document.

A secure magnetic stripe card stripe reader (MSR) module and software system capable of encrypting the magnetic stripe data to CISP standards for use in point of sale (POS) and other applications requiring data security using non secure networks and computing devices. Additionally, when incorporated within an attachment for conventional personal digital assistant (PDA) or cell phone or stationary terminal, provides encrypted data from the magnetic head assembly providing compliance with Federal Information Processing Standards Publication Series FIPS 140 covering security and tampering standards. Moreover, this module and software system includes the capability of providing secure POS transactions to legacy transaction processing systems transparently to the existing infrastructure. Furthermore, this module and software system includes the capability of transparently providing detection of fraudulently copied magnetic stripe cards.

The data security method, system and associated data mining enables multiple users, each having a respective security clearance level to access security sensitive words, data objects, characters or icons. The method extracts security sensitive words, data objects, characters or icons from plaintext or other source documents to obtain (a) subsets of extracted data and (b) remainder data. The extracted data is, in one embodiment, stored in a multilevel security system (MLS) which separates extract data of different security levels with MLS guards. Some or all of the original data is reconstructed via one or more of the subsets of extracted data and remainder data only in the presence of a predetermined security level. In this manner, an inquiring party, with the proper security clearance, can data mine the data in the MLS secured storage.

In some embodiments, techniques for data security may include encoding and decoding unreadably encoded data, such as data encrypted with a public key or tokenized. In some embodiments, techniques for data security may include distributing an encrypted private key. In some embodiments, unreadable data may be encrypted and/or decrypted using time-varying keys.

In some embodiments, techniques for data security may include combining information and a policy, and encoding the combined information and policy, wherein encrypting the combined information and policy is performed using a public key, or via tokenization.

In some embodiments, techniques for data security may include receiving data, wherein the data has been encoded, decoding the data, determining a first datum and a second datum, wherein the first datum and the second datum are associated with the decoded data, and determining a policy, wherein the policy is associated with the first datum.

The method, program and information processing system involves filtering and securing data (security sensitive words-characters-data objects) in a source document. The adaptive filter uses a compilation of additional data (typically networked) and identifies the sensitive words/objects in the compilation of additional data, retrieves contextual, semiotic and taxonomic words/objects from the additional data compilation that are related to the sensitive words/objects. A filter is compiled with the retrieved data and the filter is used to extract sensitive words/objects and the retrieved data (words/objects) from the source document to obtain extracted data and remainder data therefrom. Contextual words related to the security sensitive words/objects are obtained based upon statistical analysis of the additional data compilation. Semiotic words related to the security words are synonyms, antonyms, and pseudonyms, syntactics relative to the target words and retrieved words, and pragmatics relative to the sensitive words and retrieved words as reflected in the compilation of additional data.

A system transfers applications and datasets (files) from a server to a client device and assigns to each file a lease key that will expire at a specified time. A file cannot be accessed unless its lease key is validated. Upon expiration of a lease key, the client device will connect to the server to determine if the lease key may be renewed. If the lease key may be renewed, a new lease key is created and access to the associated application or dataset is restored. If the lease key may not be renewed, the file may be deleted or rendered inaccessible. If rendered inaccessible, the file may be restored in the future without having to re-transmit it from the server to the client device. The server may also revoke a lease key before it expires.

A cloud platform for managing Software as a Service (SaaS) resources is provided herein. The platform includes: a mediator server connected to computing resources, arranged to provide software developers a platform to develop SaaS applications, operable on the computing resources, wherein the SaaS applications and customer data are stored logically and physically independent of the computing resources, and data of SaaS application and the customer data are logically and physically separated. SaaS platform allows developers to provide software solutions via the mediator server directly to customers, and ensures data availability and data security. Access policy of users and developers to SaaS applications is centrally supervised and capable of integrating with other applications on the site of the customer. Upgrades to SaaS applications are performed in a predefined order of customers. Further, the SaaS platform facilitates selection and replacement of data storage provider.

Provided are a data security apparatus and method for a USB keyboard. The data security apparatus includes: a USB keyboard security driver for selecting a driver for a USB keyboard from USB devices connected to a personal computer, and replacing a data processing function address in a USB hub driver with a function address of the selected USB keyboard driver to acquire input data input by the USB keyboard; a USB keyboard data processing module for preferentially receiving the input data acquired from the USB keyboard security driver, and processing the input data through analysis, encoding and deletion processes; and a USB keyboard data transfer module for decoding the input data processed by the USB keyboard USB keyboard data processing module and outputting the decoded input data to a user's desired location. Thus, data input by a malicious program from a keyboard in communication with a main body of a personal computer (PC) through USB to transmit data can be protected from being transmitted to the external.

Data security for e-mail or browser-input data operates on identified security sensitive words, characters or icons which are extracted leaving remainder data. Extracted data, in one system, is stored in a remote, extract store in a distributed computer system. Other methods attach an encrypted version of the extract to the email. The browser system operates with an extract store. Remainder data is sent to the addressee or designated web server. The addressee is permitted to retrieve the extracted data from said extract store only in the presence of a security clearance and hence, reconstruct the source e-mail or browser-input data with the extract data. In other systems, the addressee reconstructs the email by decryption and integration. Parsing rather than identifying critical words is an option. The browser method extracts data, facilitates the storage in an extract store, forwards the remainder data to a targeted destination. The financial data or credit card scrubber may use a pop-up window to alert the user to enable the system.

The embodiment of the invention discloses an electronic-medical-record sharing system based on a block chain. The electronic-medical-record sharing system comprises an identity verification module, a processing module and a querying module, wherein the identity verification module is used for receiving a logging-in account input by a user, identifying the logging-in account and configuring corresponding operating authorization for the logging-in account; the processing module is used for being connected with a pre-established block-chain database, wherein the block-chain database comprises a plurality of nodes, and each node corresponds to a hospital database; the querying module is used for receiving a querying order input by the user, obtaining a corresponding electronic medical record from the block-chain database according to the querying order and showing the obtained electronic medical record to the user. The electronic-medical-record sharing system is established based on the block chain technology in the embodiment, all data can be only preserved in a hospital server generated through original data, only data hash values are stored on the block-chain database so that the aims that data cannot be tampered, is looked up in a classified mode and is retrospective in consulting can be achieved, and the electronic-medical-record sharing system has the advantage that the data security is improved.

A system for encrypting and authenticating a payment transaction includes a card reader, a computing device, a card swipe application and a checkout application. The card reader includes a reader head, a secure microcontroller, and an interface. The reader head reads payment card data from a payment card. The secure microcontroller stores a unique reader identification (reader ID), and at least a first encryption key, and includes a payment card decoder application and an encryption application. The encryption application encrypts the payment card data and produces encrypted payment card data. The encryption application further encrypts the transaction data with the first encryption key and produces encrypted transaction data. The checkout application receives the encrypted payment card data and the encrypted transaction data and forwards them to a payment server for processing of the payment transaction.

A method of controlling vehicle functions is provided that includes receiving at a service provider, security data from a vehicle function system. The security data is related to a security code required to activate one or more functions controlled by the vehicle function system. The method also includes receiving a vehicle function request at the service provider from a remote device. The vehicle function request indicates a request to activate a particular function of a vehicle. In addition, the method includes sending a vehicle function command from the service provider to a mobile wireless device. The vehicle function command is adapted to cause the mobile wireless device to transmit a wireless signal to activate the particular function of the vehicle and the vehicle function command includes the security code or authentication information related to the security code.

A medical record is partitioned into personal and medical data portions, and an identification code is concatenated into each portion. The personal data portion is encrypted so a patient's identity cannot be linked to the patient's medical data except by authorized viewers. Each portion of the secure medical record can be transferred over a network as separate files, and stored in a data storage system separately. Access to the entire medical record is thereby provided only to those who know the key for the personal data portion of the medical record. The system and method can be used to help ensure patient confidentiality while allowing patient medical records to be accessed over a network such as the Internet, providing physicians and patients quick access to their medical records. The system and method can be used to create a database of anonymous medical records useful for medical research.

An IP-based corporate network architecture and method for providing seamless secure mobile networking across office WLAN, home WLAN, public WLAN, and 2.5G/3G cellular networks for corporate wireless data users. The system includes Internet roaming clients (IRCs), a secure mobility gateway (SMG), optional secure IP access (SIA) gateways, and a virtual single account (VSA) server. The IRC is a special client tool installed on a mobile computer (laptop or PDA) equipped with a WLAN adaptor and a cellular modem. It is responsible for establishing and maintaining a mobile IPsec tunnel between the mobile computer and a corporate intranet. The SMG is a mobile IPsec gateway installed between the corporate intranet and the Internet. It works in conjunction with the IRC to maintain the mobile IPsec tunnel when the mobile computer is connected on the Internet via a home WLAN, a public WLAN, or a cellular network. The SIA gateway is a special IPsec gateway installed in the middle of the wired corporate intranet and an office WLAN. It works with the IRC to ensure data security and efficient use of corporate IP addresses when the mobile computer is connected to the office WLAN. The VSA server manages authentication credentials for every corporate user based on a virtual single account concept. The Internet Roaming system can provide secure, always-on office network connectivity for corporate users no matter where they are located using best available wireless networks.

A method, system, and computer-readable medium for maintaining up-to-date, consistent backup copies of primary data that are immune to corruption even when security of the primary data is breached. Independent security domains are established for primary and secondary data, such that access to each security domain must be obtained independently of access to the other security domains. For example, a host computer system having access to data storage in the primary security domain does not have access to data storage in the secondary security domain, and vice versa. Changes to primary data are synchronously replicated over a tightly controlled replication link from primary data storage in the primary security domain to secondary data storage in the secondary security domain. A change to the data is completed in the primary security domain when an acknowledgement is received that the change to the data has been stored in secondary data storage.

A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer.

A data security device for providing a network transport connection via a transparent network proxy that employs different encryption security mediums along a communications session between two endpoints by emulating one of the endpoints at an intermediate node such that the communication session appears as an atomic, secure connection to the endpoints yet provides appropriate security over the end-to-end connection. A sender node sends a connection request to establish a secure communication session with an intended receiver node. A transparent proxy on an intermediate node receives the request and establishes the link employing an encryption mechanism. The transparent proxy establishes a second link with the intended receiver, and applies a second, less expensive encryption mechanism. The transparent proxy combines the two links to form the trusted, secure connection but incurring only the mitigated expense over the second link.

A system and method for dynamically determining a CRL location and protocol. CRL location names and protocols are retrieved from a digital certificate data structure which includes a network servers that contain the CRL file. A determination is made as to whether any of the servers reside in the current domain, in which case the server is used because the data is more secure. If no locations are within the current domain, Internet servers outside the current domain are analyzed. Security parameters may be established that restrict which Internet servers can be used to retrieve the data. The security parameters may also include which access methods may be used to retrieve data since some access methods provide greater security than other access methods. A security parameter may also be based upon both the access method and the name, or address, of the Internet server.