CN109154969A - The system and method for secure storage for the user information in user profile - Google Patents

Abstract

A method of for storing the first data object, comprising: on client terminal device, first data object is decomposed into the first segment associated with the first original record finger URL and the second segment associated with the second original record finger URL；On the client terminal device, upset the first original record finger URL with generate first upset record location symbol and upset the second original record finger URL with generate second upset record location symbol；On the client terminal device, first segment encrypt and encrypt second segment using the second encryption key using the first encryption key；And second encrypted segments of first encrypted segments for the record location symbol upset with corresponding described first and the record location symbol upset with described second are stored at least first into multiple storage locations.

Description

The system and method for secure storage for the user information in user profile

1. technical field

Various embodiments described herein relates generally to the field of the e-management of information, and more particularly to The secure storage and protection of user information in user profile.In addition, various embodiments described herein generally relates to And the field of electronic data security, and more particularly to data, voucher and encryption key at client endpoint and Secure storage, management and transmission during transmission.

2. background technique

It is just quickly coming true to the longing of with no paper modern society, because more and more communications, service and transaction exist Occur in a digital manner on the network of such as internet.To the paper of letter, financial documentation, receipt, contract and other legal documents The needs of matter copy are gradually decreasing, because the electronic method for safely transmitting, updating and accessing these documents increases. Other than electron-transport and access to document and letter, electronically the process of submission information is also common, such as By online shopping or for providing a loan, credit card, health insurance, the application program of university or Request For Work etc..

However, many information needed in these lists are common to other lists, and user repeatedly uses phase Filling form input is manually repeated with information.Collect, tissue, update, using and re-apply these electronic documents, list and The ability of the input information needed in application program is still highly difficult.Although developed some application programs store about Certain essential informations of user, name, address and the financial information of such as user, but organize, access and believe using this storage Breath is still extremely limited with the ability for other online activity, especially when needs input information and/or calculating in detail is come When completing the list that such as university application and family's law are declared.

There are several program or application programs to allow usertracking financial information, budget, prediction, balance account of payment etc..Though These right tools can save the time and provide for the equal effective tool that makes a budget, but they and unresolved wherein require use Family provides many situations of personal information, financial information, prediction, classification expenditure etc. in the specific format or according to particular form etc..

For example, when someone divorces, they must provide detailed personal and financial information (past note to court Record and it is expected that needs).This information must use particular form to provide with extremely specific national regulation format, and must It must be updated in each point during divorce process and submit to court, this may be continued for an extended period of time.For example, Fig. 1 One page that the receipts and expenditures that plaintiff and defendant have to fill out in the divorce proceedings of California are declared is shown.Such as this The amount and complexity of information required for the list of kind list usually require that people (such as divorce side or lawyer) flower for filling in list Take a large amount of time to obtain information in need, and even execution information calculate to obtain required value.As another A example, when user intentionally gets the loan of such as loan for purchasing car or mortgage loan, the tissue offered a loan will be often required that User provides and updates the certain financial records organized in a certain format and information.

Even across good organization, can also be sent out using the user for being proficient in finance of currently available Personal Finance software tool Now complete and update these lists it is more troublesome, it is time-consuming, make us puzzled and easy error.Applicable list and other applicable items The information that mesh needs is more much more than basic financial information.In addition, hence it is evident that need to be accurately finished these lists, because of these lists It whether qualified to applicant will obviously obtain financial aid, loan etc. or be obtained in divorce or other lawsuits advantageous As a result there is great influence.

These identical challenges are also applied for other crucial life events, and such as application university and/or payment university are learned Take.At the time of university application process for student and is many times a highly anxious for their parent.It completes University and financial aid application need a large amount of details, including but not limited to paper, school report, recommendation, activity, photo Deng.Moreover, there are many different deadlines for university application and financial aid chance.It keeps without any confusion and to all letters Breath, deadline and the application having been filed on, which are all had at fingertips, to be very difficult to.

In addition, the safety of electronic data is for personal entity and the business and government entity for being almost each contemplated that It is all particularly important.The electronic data of enormous amount is constantly being generated, is being stored and transmitted.Moreover, inevitably prolonging now The width for reaching private and sensitive information electronic data will necessarily attract many a bad actors.

Conventional data security solution is relative quiescent.For example, one or more Information Security machines System (for example, cryptoguard, encipherment scheme) can be deployed in specific data storage location.Identical Information Security mechanism is logical It often will persistently come into force, until detecting great security breaches, at this moment entire data storage location may be damaged.

The data stored based on standard relationship data model are particularly easy to by unwarranted access.It is stored in individually The individual data record (for example, name, address, social security number, credit number and bank account number) of storage location is usually accompanied by Common record location accords with, the logical relation (for example, associated with same user) between this finger URL designation date record. For example, individual data record can be respectively associated with same customer identification number.Therefore, to any one data record Unwarranted access may all make enough information (that is, customer identification number) exposure to obtain its remaining part to data record The access divided.

Although many Information Security methods are available, a series of flexible nothings are realized in individual data storage location The integrated and complementary data security solution of seam is still huge challenge.For example, although combinatorial security solves Scheme will usually increase Information Security, but the incompatibility between different solutions may actually bring about other safety Property risk.

Moreover, in order to allow users to store and retrieve data, it is necessary to have a kind of method to identify the user and protection Their data by any other user from being accessed.Traditionally, this is executed by " front end " software, wherein by logged Journey carries out authentication vs. authorization to user.

Conventional login process is associated with the weakness that many is placed on record.For example, in many systems, step is logged in Suddenly the entity for being generally viewed as a part of user interface (UI) and being separated with safe-guard line.Background in terms of safety In the case that customized login authentication and authoring system are established in limited house developer trial, this problem is amplified.Cause This, once malicious user successfully completes login process, the user may potentially accessible other users data.

But many data created now are calculated in such as computer, laptop computer, smart phone, plate At the clients endpoint such as machine, Internet of things device create or access the fact that also exacerbate these problems.Even for taking The problem of data for storing and retrieving at business device can solve above description, there is also the additional of the data safety guaranteed at endpoint Problem.Therefore, client endpoint, which also must assure that the fact that safe, to be all contemplated that any solution of problem above.

Key exchange method

There are many key exchange methods of form to establish trusted communication linkage being currently used between two And it is used to such as solve by symmetrical shared secret key or public/private asymmetry key pair is transmitted data and encrypt/ It is close.Symmetric cryptography passes through any amount of algorithm pair of such as AES, Blowfish, DES and Skipjack using same key Data are encrypted and decrypted, and usually faster than asymmetric cryptosystem.Symmetric cryptography is frequently used for batch data encryption and needs When wanting the high-speed of data processing amount.In contrast, asymmetric cryptosystem utilizes a pair of secret keys (common and private), Middle Public key is commonly used to encryption data, and private key is used to ciphertext data.Asymmetric key algorithm can be closeer than symmetrical Slow 1000 times of key algorithm, and it is therefore more often available to key management or initial installation verifying, wherein there is no continuous key pairs to hand over It changes, continuous key pair exchange will need huge resource capability.

Encrypted data transmission

Multiple client destination is sent in wherein big object needs encryption and each client should have uniquely In the average case of the copy of encryption, conventional method is to encrypt primary object using different keys for each client. Each object is encrypted if there is N number of client and cost time quantum T, then total encryption times are N x T.

Data encryption speed

Currently, if having drying method to increase performance (can be to the speed that data are encrypted).A kind of method be by using Hardware based acceleration.It can be by 128 by AES-NI hardware encryption (on Intel and AMD processor in available situation) Position and 256 AES passwords accelerate 4 to 8 times.Cipher key size may also be reduced by cost of safety.With 256 keys AES ratio has the AES slowly about 40% of 128 keys.Another strategy is the substitution Encryption Algorithm using such as Blowfish, this It can produce 20% speed improvement.

Encryption key management

Encryption key is then used to other keys of encryption data, other described keys commonly used to encryption data or encryption Commonly referred to as key-encrypting key (KEK).It manages key and whose accessible key may be difficult task.Key management Software (KMS) is attempted to be easier this work by providing the access to all necessary keys for user and manager.KMS Backup services and redundancy services can also be provided to ensure the copy of key in the case where catastrophic server failure.Work as replacement When KMS quick start, user is maintained the uptime, because will be impossible to the access of encryption data, unless KMS is continued working.

Composite safe key

The concept of composite safe key is widely known and uses in many cases.For example, for Alice and The compound key of Bob unlock file provides the ability of unlock file for them, but could only solve in their two people's collaborations Lock.Bob or Alice can not individually unlock file.These compound keys are usually static, and when changes are needed must It must be rewritten by administrator.

Data access limitation

When needing to limit the access to data, common method is weighed and/or is established more in hierarchy of users configuration access A groups of users, each group have the different role and permission for being assigned to them.Which ensure that for example user A cannot access use The data of family B.Another method for being usually used in database is exploitation query sentence of database, and the sentence is allowing to data Any amount of limitation is checked before access.The problem of all these solutions, is that they are not provided in data items layer Grade has the straightforward procedure of precise controlling, and these limit general unencryption itself.

Hacker attack

Hacker is just found after averagely spending 200 days in systems.When internal, they observe flow and make various It attempts to position other voucher, user name, password etc..Access log and behavioural analysis are some sides for detecting work and being focused Formula.In addition, " honey jar " file, database or server are arranged in strategy when attempting makes hacker slow down.

Extort software

Extorting software is the software stealthily installed on computers, this software is executed applied to visible to the computer All Files (including be located at network connection driver and cloud file on those of file) Encryption Algorithm.It is intended that Impacted file is unavailable, unless victim's branch pays ransom, just provides decruption key at this time.In the presence of attempt based on such as with It is known movable characteristic to be renamed by the appearance or heap file for extorting the file of the extension name of Software Create and attacked to identify The product for the early stage sign hit.Another method includes preventing to click software, and the software prevents user from clicking in Email Attachment (maximum attack source).Finally there are the Malware solutions of many uncommon operation processes of monitoring, no Common operation process may be the sign in the presence of infection.

It is schedule backup All Files that the most effective solution of software is extorted in prevention, so that it is guaranteed that backup has a couple of days Value.In the presence of the multiple product by the operation backup of automatic time table.However, many standby systems are next standby using the driver loaded Part.If extorting software virus can see that your file, it can see that your All Drives, including for backing up Driver.There are certain methods to protect backup driver, access credentials and agreement appropriate are such as set.Because extorting software In continuous evolution and adaptation, so these many solutions have been difficult to keep out criminal.

Search for encryption data

In the presence of many methods for searching for encryption data, preindexing or homomorphic cryptography such as are carried out to search field, Allow to assess and therefore searches for encryption data.Maximum challenge is performance to be maintained in acceptable limitation, and every kind of method is all Search process can be slowed down or introduce security vulnerabilities.Under any circumstance, these methods are extensively varied when realizing, almost Do not follow standard.These customized implementations make it difficult to utilize third party's research tool.

Data encryption

Data are traditionally encrypted when being in any amount of state.For example, static data can be directed to (data-at-rest) entire hard disk driver is encrypted.In another example, safe https is advanced through in dynamic data It can be encrypted when connection.Certain methods encryption also can be used in data in database, wherein in individual fields Data are in place to be encrypted, while retaining original sheet format.Other specific situations include encryption individual desktop file Folder or the disc driver loaded.

It in all of these situations, is not will there is the original occupy-place of data organization Cheng Yuqi to be encrypted to be very different Format.Encryption data only replaces initial data on the spot, or if being copied to other media, uses and initial data phase As data and file stratum be transferred into storage device.In the presence of such as in the case where data fragmentation and erasure codes algorithm Reorganize the other technologies of data memory format.These technologies spread initial data, and the data can also be encrypted. The rigid agreement forced by underlying algorithm is followed with storage format however, spreading, so that being difficult to using more high-level ability And it is integrated with existing conventional form and/or third-party solution.

Summary of the invention

Disclosed herein is the information for safely storing user in user profile to prevent the access to information And the system and method for minimizing the amount of the disclosed information during security breaches.By electronically from one or more come Source obtains the information about user, and information is then classified as particular category using field mapping and other technologies, herein Information is organized into user profile later and is securely stored in database.It is collected to may include with information that is organizing The mark and contact information of any of classification listed by (but being not limited to), financial information, health and fitness information, education and occupation Information, family information, company information, lifestyle information and historical information.User profile can be encrypted and remotely It is stored in the system based on cloud at remote server, wherein each section for being stored in independent position of configuration file has single Only encrypts the risk minimization so that the unauthorized access to a part of information.Data word in user profile Section can also individually be encrypted with individual encryption key, and be separately stored in individual data storage device, database or In individual database table so that due to the unauthorized access to single encryption key or single database or database table and The amount of information disclosed in possible minimizes.

In one aspect of the invention, a kind of to be for safely store the user information from user profile System includes: configuration file creating unit, creates the user profile of user information, the user profile includes multiple Field and multiple values for the multiple field；Wherein the information in user profile, which is divided into, is divided into several sections；And Wherein the section is separately stored in individual data storage device, database or database table.

In another aspect of the present invention, a method of safely storing the user information from user profile The following steps are included: the user profile of creation user information, the user profile includes multiple fields and for institute State multiple values of multiple fields；Information in user profile is divided into individual section；And by the individual section It is stored in individual data storage device, database or database table.

There is disclosed herein disclose to describe the secure storage for data, voucher and encryption key, transmission and management System and method, including to and from the data of client endpoint, voucher and encryption key.It is a kind of according to one aspect System for storing the first data object, comprising: multiple storage locations；Security platform including one or more processors； Client terminal device including one or more processors, one or more of processors are configured to: by first data Object is decomposed into the first segment associated with the first original record finger URL and associated with the second original record finger URL Second segment；Upset the first original record finger URL to generate record location symbol that first upsets and to upset described second former Beginning record location symbol is to generate the second record location symbol upset；First segment is encrypted using the first encryption key And second segment is encrypted using the second encryption key；And the record upset with corresponding described first is determined The second encrypted segments storage of first encrypted segments of position symbol and the record location symbol upset with described second is arrived At least first in the multiple storage location.

Other feature and advantage will become apparent the description of preferred embodiment from what is carried out below in conjunction with attached drawing.

Detailed description of the invention

Various embodiments disclosed herein is described in detail with reference to the following drawings.Attached drawing mentions exclusively for the purposes of illustration For, and only describe typical or illustrative embodiment.These attached drawings are provided to promote the understanding of reader, and are not construed as limiting Width, range or the applicability of embodiment processed.It should be noted that for clarity and ease of explanation, these attached drawings are not necessarily to scale It draws.

Fig. 1 is the image that the receipts and expenditures used in divorce proceedings declare list.

Fig. 2 be show according to the various aspects of the disclosure according to various aspects for obtaining, personal information of classifying and The block diagram of the system of personal information is filled on electronic spreadsheet；

Fig. 3 be further show according to the various aspects of the disclosure for obtaining, personal information of classifying and in electronics The figure of the system of personal information is filled on list；

Fig. 4 is the diagram according to the operation of the various aspects of the disclosure being related to when filling the field of document

Fig. 5 is the Snipping Tool of graphic user interface, is shown according to the various aspects of the disclosure for realizing this hair The browser of bright system extends

Fig. 6 is the database table for listing field identification number, field name and field value according to the various aspects of the disclosure Image；

Fig. 7 is the storage according to the various aspects of the disclosure in systems with the database table of the list for being automatically performed Image；

Fig. 8 is the field name listed on each FormDoc of storage in systems according to the various aspects of the disclosure With the image of the database table of field value；

Fig. 9 A is the Snipping Tool of graphic user interface, shows and is used to according to the selection that is used for of the various aspects of the disclosure The network interface of the classification of the document of pre-filled user information；

Fig. 9 B is the Snipping Tool of graphic user interface, shows and is used to according to the selection that is used for of the various aspects of the disclosure The network interface of the particular document of pre-filled user information；

Figure 10 A shows the graphic user interface of the list of the various aspects according to the disclosure, and the list, which has, to be stored in In system database can automatic identification unique field name；

Figure 10 B shows the graphic user interface of the list of Figure 10 A according to the various aspects of the disclosure, wherein being stored in and being The value of unique field in system database is filled into field；

Figure 11 is according to the image of the database table of the various aspects of the disclosure, and the database table stores Figure 10 A and 10B Shown in unique field in list field identifier, field name and field value；

Figure 12 is the acquisition for showing the various aspects according to the disclosure, classification personal information and fills on electronic spreadsheet The flow chart of the method for personal information；

Figure 13 is the block diagram for showing the embodiment of computer/server system, in the computer/server system The embodiment that the various aspects according to the disclosure may be implemented；

Figure 14 is the reproduction of Fig. 1 of U.S. Application No. 14/863,294, and the disclosure of the U. S. application to draw in full Mode is incorporated herein；

Figure 15 is the reproduction of Fig. 1 of U.S. Application No. 14/970,466, and the disclosure of the U. S. application to draw in full Mode is incorporated herein；

Figure 16 is the reproduction of Fig. 1 of U.S. Provisional Application No. 62/281,097, the disclosure of the U.S. Provisional Application It is incorporated herein in entirety by reference；

Figure 17 is the reproduction of Fig. 4 of U.S. Provisional Application No. 62/281,097；

Figure 18 is the flow chart for showing the method for exchanging key of the various aspects according to the disclosure；

Figure 19 is the sequence chart for showing the encrypted data transmission sequence according to the various aspects of the disclosure；

Figure 20 A is the method for increasing enciphering rate for pre-cut divided data for showing the various aspects according to the disclosure Flow chart；

Figure 20 B is the flow chart for showing the method for the recombination data file according to the various aspects of the disclosure

Figure 21 is the flow chart for showing the method for managing encrypted key of the various aspects according to the disclosure；

Figure 22 is the flow chart for showing the method for assessing compound key of the various aspects according to the disclosure；

Figure 23 is the flow chart for showing the method for restricting data access of the various aspects according to the disclosure；

Figure 24 is shown according to the various aspects of the disclosure for detecting hacker attack and making sound to hacker attack The flow chart for the method answered；

Figure 25 is to show to extort software attacks for detecting according to the various aspects of the disclosure and attack to software is extorted Hit the flow chart of the method responded；

Figure 26 is the process for showing the method for realizing the search to encryption data of the various aspects according to the disclosure Figure；And

Figure 27 is shown according to the various aspects of the disclosure for storing encryption data using virtual pin container Method flow chart.

It is with reference to above-mentioned attached drawing and mentioned above to be more fully described to the detailed description of exemplary implementation scheme below Various embodiments.

Specific embodiment

The embodiments described herein is provided for being automatically performed, updating and submitting complicated electronic document and online list Information collection, tissue and use, the electronic document and online list such as: online shopping is checked out list；To loan, letter With card, health insurance, university or the application of work；Statutory regulation document needed for lawsuit (such as divorce or go bankrupt)；With And list needed for enterprise and corporate boss.Information is obtained from multiple and different sources and is classified by field mapping and other information Technology classifies to it, to establish the database of information related to user organized, referred to as information safe-deposit vault.Via adding Close and releasing correlation technology by information security is stored in one or more user data storing means or database, to ensure The safety of information.Form database is for field information needed for storing electronic spreadsheet and document, and completion list or document. By from form database select document or by filled using browser plug-in just showing in a web browser Line list, they accessible information of user to fill the field of online list or electronic document automatically.System can also be with Third party's service and website are integrated permitted simultaneously via the filling information on a third party site of the secure connection to customer data base Information is maintained in our highly safe database by family allowable.

Technique described herein offer, which is quickly and accurately completed, updates and submitted on any kind of computing device, appoints The ability of the list of what type, because customer data base establishes the configuration file of user, the configuration file includes for example identifying Information, financial information, health and fitness information, contact information and historical user information, the information are highly accurately classified with true It guarantees correct information filling form.User keeps the complete control of any downloading to their information, transmission, editor or deletion System, and only need to input and examine their information primary, rather than it is iteratively repeated the same process.

System and method described herein can be used for various types of information by individual, group, entity, government or enterprise It collects, manage and inputs.Personal user can be filled on their desktop computer, tablet computer, smart phone etc. Line list, and list can be completed immediately.In one embodiment, system may be provided as in smart phone, plate The mobile applications run on computer or other portable electronic devices will allow users to complete list or other texts Shelves.Due to using small display and touch panel device to be difficult to input information, with portable electronic device easily filling information Ability is particularly advantageous.Enterprise can organize and store information to complete list, such as human resources list, construction permit table Single, various local elevator licensing list etc..Although example provided herein relates generally to use the system and method In personal user, but benefit and application also extend into groups of users, entity, government or the enterprise of any size and type.

This solution is unique, once because user's information for inputting them is primary, information is stored in them Information safe-deposit vault in, they can be provided always information using the information or complete to need identical repetition after this Any list of information.Non-limiting example includes for new patient's list of health care, college entrance application, scholarship Shen Please, financial aid application, loan application, medical questionnaire, Request For Work, insurance list, law is declared or litigation document, government's benefit Benefit or service request, individual health record, e-commerce are checked out list, member subscription etc..

Fig. 2 shows an embodiments according to the present invention for obtaining, classification information and information is filled into electricity One embodiment of the system 100 on sublist list.Information is obtained from one or more information source 102a-c, such as existing List 102a, third party application interface 102b or manual user input 102c.Information is then transferred to communication interface 104, then classified by server 106 at the communication interface 104 and is stored in one or more data storage dresses It sets, in position or system data storage device 108, the user profile of the information as user.Communication interface 104 can position It is located in the local area network (LAN) with information source 102 or and via the connection of internet or other wide area networks (WAN) Position far from information source 102.Communication interface 104 will also include server 106 in one or more information process units with Collected information is handled, the information process unit includes: taxon 106a, classifies information to identify and be applicable in Field in information and the value for field；Configuration file creating unit 106b creates user profile with classification information； And information fills unit 106c, electronic spreadsheet or data are filled by matching at least one form fields and classification information At least one form fields in library.It can also include field comparing unit 106d and User Activity collector unit 106e 104, Function be further described below.Any of foregoing units 104 can be located in individual server or single service In device, this depends on the design of overall system.User can then request to use them by any kind of device 110a-c Configuration file in information complete one or more lists 112.Any kind of device can be used in user, including above-knee The portable electronic device 110c of type computer 110a, desktop computer 110b or such as tablet computer or smart phone.

User can be interacted by device 110 with communication interface 104 to complete one or more list 112a-c, such as image Reader 112a, the list shown in Internet-browser application program 112b, or via in portable electronic device The list that the application program 112c run on 110c is shown.List can also via HTML5-CSS3 or via with server 106 The application program 112c interfaced with directly shows in browser window, or by being shown on device 110c by server The 106 one or more graphic user interfaces (GUI) 114 generated are shown.It, can be directly in the device of user as demonstrated herein On, by browser extension, additional browser application program, or via the application interfaced with third party's service or application program Program Interfaces (API) carry out filling form.

Fig. 3 is the diagram of the system diagram of the security protocol of a configuration of the system that shows.User 116 can be via above-mentioned each Kind device 110 accesses system, and described device 110 is connect via internet 118 with communication interface 104.Multiple types, position, dress Set, server etc. can be used separately between various firewalls, to increase the protection to profile information to ensure Privacy and safety.Initially can to user present show essential information GUI, this GUI be considered as communication interface 104 towards The home site 104a of the public, it is also protected by initial firewall 120a.Initial firewall 120a can provide overall peace for system Quan Xing, and allow to access the user interface and experience level (UI/UX) 104b of the interface.UI/UX 104b include with list and Apply for the network and interface server 106f of output data storage device 108a connection.Second firewall 120b can protect communication The third section (referred to as data access layer 104c) of interface.Data access layer 104c may include and data storage server 106h Enterprise level Logic application the program servers 106g, the data storage server 106h of connection may be configured to management peace Full client data element and historical archive data storage device 108b and mapping input form data storage device 108c.It is single Only ID and authentication server 106i can also be enclosed in data access layer 104c, be connected with mark data storage server 106j It connects, the mark data storage server 106j can manage security client ID element data storage device 108d.

Fig. 4, which is shown, is stored in safe visitor by the data storage management softward interview via such as information fills unit 106c Information in family end ID element data storage device 108d and security client data element data storage device 108b is filled The embodiment of the step of field 402 of list 404, wherein using individual Client identification data storage device and visitor Family client information data storage device come obtain filling electronic spreadsheet needed for information.

The details of system and method is further provided for herein in regard to specific components and feature.

I. information and list are collected

Information can be obtained from multiple and different sources and with multiple and different formats, to obtain the complete set letter of user Breath.For example, user information can be obtained by allowing user to complete " main list ", and the main list is specifically designed to receive Collect the information that many lists require in plurality of classes (that is, loan application, online shopping, university application, divorce proceedings etc.).With Family information can also be collected from existing electronics or non-electrical subrecord, such as financial institution database, electric health record, third Square information aggregation service (such as Mint.), or followed in the network-based user interface of system by user Simple instruction is collected.User may need to authorize the access to one or more of these existing electronical records so as to Relevant information is obtained, and system can use specific application programming interface (API) with third party's site communication to obtain Field and content information.For existing electronical record, it is possible to which information is classified in such as database, has spy Fixed field name or mark, so that not needing the substance in addition classification to information；However, due to such as divorce application and wealth The complexity of many lists of business timetable, system can be superimposed other calculating and reorganize classification so as to their matching lists Single required output.For non-electrical subrecord, user can scan or shoot the photo of non-electronic document, and by all As the various technologies of image procossing and contents extraction software extract field and field value.

In one embodiment, when user manually completes electronic spreadsheet or document, information can be obtained.Citing comes It says, it is as shown in Figure 5, described if user completes the list 112b shown in Internet-browser application program Application program may include browser extension 502 with allow the content 506 of list 112b, field 504 and the field it is captured, It extracts, organize, classify and upload to the database of user for the future usage on identical or other lists.Browser expands Exhibition 502 can provide popup menu 508, and the popup menu 508, which has, to be used to field copying to answering for user profile Button 510 processed, and for data to be filled into the filling field button 512 of list 112b from user profile.It even can To extract simultaneously filling information for the complete form that span is many pages.Bank's list and document and other users information It can be directly uploaded to system, the list or document and its field can be captured, map and store in the system For template.For example, credit card application list can upload to system and be stored in document library data storage device, Middle form fields are identified for the correspondence user field that they may map in data storage device, and this mapping is manual It carries out or is carried out using automatic mapping technology.

The list and document of completion can also be directly uploaded to system, in the system the list or document, field It can be captured and extract with the content of field.For example, credit card statement or mortgage loan statement can upload to System, the content in field and field can be extracted and stored in user data storing means in the system, but text Shelves cannot be extracted and store itself, because it is not list.However, if in credit card application or mortgage loan application It carries, then document itself can also be extracted and store other than field and content, to help user and other users not To fill in list.

Fig. 6 shows an embodiment of table data store 602, has the word collected from the list being input in system Segment information.Since information is sent on server from the list filled in, information is stored in this table.When from When server " pulls " information and is applied to list, information comes out from this table.List can be all tables as shown in Figure 1 Single list, and may be done so that form fields have the value inputted via user.As shown in Figure 6, table Each field 604 on list is provided unique numeric identifier 606 (customerFieldDefaults_Id) so that its area Not in other fields.As shown in the column of the right two, each field is also given field name 608 (fieldName) and field value 610(fieldValue).Field name can be the title encoded with list sheet, and the title can be mentioned from the list It takes (if it is on website) or is extracted from an electronic spreadsheet, the electronic spreadsheet, which has, has been based on the original list of creation Programmable device identifies the field name metadata of field name.Field value (if available) will be apparent from the content corresponding to field. Being associated with for being classified and being established user profile to content between field name and field value (referred to as name-value to) It is critically important.

Fig. 7 shows document library table 702, stores the list for the document 704 being stored in system.Document is respectively provided Document identification 706 (document_id), Document Title 708 and towards the path of the document in associated database 710.Fig. 8 shows Database table 802 out store the field name 804 of each document in the document library table of Fig. 7.It should be noted that existing for each The option of field default settings.For example, the list of paying taxes in this year can have default 2013 years of application. CommonFieldName 806 is not known in fieldName or in the case where bad by original form designer name The human-readable version of fieldName 804.CommonFieldName 806 allow system Rapid matching field with typical The field name found in customer's safe-deposit vault.CommonFieldName 806 provides field and finds in user profile Field name more reliable and deterministic mapping.

Store and organize unique field name and value for future usage in systems.Figure 10 A and 10B are online lists 1002 diagram, wherein there is unique accounting legend code field 1004 in " Billing " section 1006, it is required that field value is Unique 33 codes.If user previously not into system input code (in view of it is unique generation for particular form Code, above situation are less likely), then user will need to be manually entered word in field 1004 when completing list 1002 for the first time Segment value 1008, as shown in Figure 10 B.System will be information (and the value inputted in the field by user in field 1004 1008) it pulls in system and they is listed in database table 1100, as shown by the table in Figure 11.Such as institute in Figure 11 Show, exists for two entries of this field creation, one corresponding to field name 1102 (numerical digit) and one corresponds to field Value 1104 (33 bit digital).In one embodiment, other row entry (not shown) is created so that single choice beside field Button is associated with field and field value.This will be useful in the following filling form, because system will be appreciated by filling word The radio button is activated/selected when segment value.

In another embodiment, third party's service and website can be provided about the trustship on the website of themselves List and document information for storage in system, such as field name and other documents or form recognition information.Cause This, if user using third party's service and is needing to complete the list or document of third party's service, user can be asked Ask third party's service from user data storing means obtain the information of user with for be filled at third party's website list or In document.Third party's service can then maintain its customized list or document on its website or application program, and use Family may insure content needed for the content being filled into list or document accurately corresponds to each field, because third party takes It is engaged in providing field information to system.In addition, the additional safety of information is provided for user, because information is stored in system number According on storage device rather than on the data storage device of third party's service, which reduce information may be from third party's service or station A possibility that point is stolen.

In another embodiment, third party's service can in its website or application program integrated embedded system, It is shared with system and to store the information in the application or at third-party server for completing list and other texts Shelves.Similarly, the integrated information that can provide user and third party's website or application program is shared, in third List or document are completed at Fang Zhandian.

Can be used or be susceptible to other information source, such as those skilled in the art it will be appreciated that.As discussed further below Description, information source be used to by from various sources collect user information and by information be compiled into the information list that tissue is crossed come Establish the configuration file of each user, the information list can be used to fill any kind of and field on any list or Person augments its information.

II. organize and store information

The information obtained from various information sources discussed above is used to establish the user profile of individual user, described Information is ideally comprised comprehensive information, contact information, health and fitness information and the historical information of the finance about user.User configuration File may include name, birthday, age, the address of current and past, telephone number, the e-mail address, social security of user Number or government's identification number, employment information (current and history), wage, height, weight, race, bank account number, account balance, User name, password, educational information, health risk, allergy, drug therapy etc..This list is definitely not comprehensive.User configuration File also may include not direct information related to user, name and telephone number, the household's name of such as emergency contact With relationship, ISP's contact details and annotation, business contact information, enterprise's prospect, CRM etc..User profile can also To store other metadata for the information that will be stored or date selection.

The meter in such as desktop computer or laptop computer can be passed through by application programming interfaces to the access of system Calculate the software that runs on device, or by running on the portable electronic device of such as tablet computer or smart phone Application program provides.Furthermore it is possible to system be accessed by network-based application programming interfaces, wherein all users believe Breath is securely stored in the security server facility in network for example based on cloud.

In one embodiment, information can store at least two or three individual data storage locations, intentionally The data storage location is released coupling will pass through one least risk for making to invade in the data storage location by ground Change to provide the safety of enhancing.Data storage device can divide are as follows: document library data storage device, such as storage list With document template, field information and other form attributes；Customer individual's safe-deposit vault data storage device, such as storage include needle The information of field and field value to each specific user；User ID data storage device, such as the body of storage and user The related information (being stored separately for safety reasons with other information) of part；And customer's order and the document data of completion are deposited Storage device stores the list being previously completed with the field and value once completed.

It is as follows and then will description, information will likely be classified as different classifications, so as to by information accurately It fills or is appended in the appropriate field of list.In addition, as also described below, passing through special proprietary encryption and memory technology Risk is usurped to mitigate such the potential of personal information abundant, is also prevented from information to prevent information to be stolen or even if being stolen It works.

Field mapping

Identify which field which information belongs in list is most difficult one of the challenge of filling form.Although many Information field, which contains, to be easy and identifies the title for belonging to the value of the specific fields easily, but the name of some titles is ambiguous not Clearly, some fields have slightly different title, some fields name having the same in same document between different lists Claim, and some fields have multiple values associated with same field.

Need to insert the main conditions of information in the presence of at least three kinds, this has pushed following field mapping techniques.At the first In the case of, document library stores standard document template, and the template can be copied in the working space of user and as needed Filling.Document library will be stored in " field " table in this case document fillable field and possible default value.? Under second situation, using to the unique field of each user and value and mapping that blank document.Unique user information This set will increase with the time as big information safe-deposit vault.In a third case, it is inserted and is saved by user and is assigned to The practical field and value of document, so that described value is locked into the document of completion.One for solving these problems is presented below A little technologies.

The first solution be related to scan document field and for " best-fit " field name make association and Infer.In one embodiment, this is by being completed using website field code " for " attribute, and " for " belongs to Property keeps form tags associated with the field frame on the page.For example, with the word of ambiguous title " box00455x " Section frame can be encoded as " label for=" firstname ", so that we can make unclear title and field and use It is associated in the label of " first name ".

For wherein there is the situation of multiple fields with same or similar field name, document in document or list The section for each field wherein occur can be used to identify whether the value for each field should be different.System data storage dress It sets therefore can store " field section " entry as the classification for being used for each field in data storage device, so as to identical Which section is the field of title can be located in based on them and be eliminated ambiguity.

In some cases, field name can be completely random, and do not provide how to be mapped to for it is another The instruction of a field or specific field value.Field name can be encoded to for another system, and the system utilizes calculating Machine and special number or literal key code read particular code.For example, " First Name " field can be ordered Entitled " fn0045586 ".For the PDF document being stored in document library, other " helper " attribute can be added to title For the field record of " commonFieldName ".When inputting document, the field of bad name can be manually converted into appearance The content easily mapped.For this " First Name " example, FieldName can be recorded as " fn0045586 " simultaneously by system And " commonFieldName " is recorded as to " First Name ".When user selects this document, our intellectual technology will CommonFieldName is recognized, and is readily mapped into best match in the field name of user " First Name " One field name.

In the situation that wherein user has multiple values associated with same field name, system can be configured to mention For drop-down menu or other selection methods, wherein user can choose is input in specific fields for which value.Implement in substitution In scheme, field is filled with most recently used value or most frequently used value.

In another embodiment, different lists can have different modes to refer to same user field title.One Document can name a field with a kind of mode, and another document names same field in another way.For example, First document can have the field for being named as " First Name ", and the second document can have the word for being named as " fname " Section, and third document has the field for being named as " firstname ", and this all refers to same field and should contain identical Value or content.In order to realize this association, user's FieldDefaults table in system data storage device has " userFieldCollections " record, lists synonymous various field names.

For example, as time goes by, multiple fields will are stored in data storage device, each field contains Identical value.For example, it is assumed that each of this 3 " first name " fields will all have value " Arthur ".By Fig. 2 Field comparing unit 106d execute context process can periodically scan for data storage device whether have have value Other fields of " Arthur ", and be identified as repeating by those fields in " userFieldCollections " table.This Table capture is synonymous various field names based on its common content.When encountering any of these fields in subsequent list When, use value " Arthur " appropriate.

In the second approach, system can be preset " userFieldCollections " with the field value being grouped jointly Table.For example, " firstname " and " First Name " is stored when initially encountering the referred to as field of " firstname " Into table.When encountering the referred to as subsequent field of " First Name ", its value will be stored and be easy to pass through " userFieldCollections " table positions.

In an example, occur when there is the field name marked jointly, such as labeled as The field name of " myFirstName " and another field for being labeled as " customerFirstName " (may be in different tables In list).Since these field names are clearly correspond to same information (name of user), in order to incite somebody to action " myFirstName " is mapped to " customerFirstName ", can be using machine learning classification library from from other users Existing map field learnt, and the recommendation between the field of user and the field of document is then assigned to map.

Identity disassociation

In order to protect the information of user from potentially usurping and misapplying, system is by the recognizable information of user and user Other information disassociation.For example, the name, social security number of user, birthday, employee identification etc. be stored in user other In the data storage device of unpack, credit number, bank account, education, the grade etc. of the other information user. Recognizable information is otherwise stored, without can recognize any logical connection of information to other of same user, so that each Identity information field is effectively stored on the subregion of own in data storage device.Each project of user information can be with It is further individually encrypted, and is then anonymously stored in table together with other information, without appointing to the table What index, tissue or grouping, prevent the table is from being provided independently any useful information about user.

The information of encryption can only be decrypted with key, and optionally in some cases, and key is for the every of information A independent project individually generates, so that key can not be misapplied in unlock sundry item.Key storage is deposited in individual data In storage device, and it can only be obtained in the correct password login of user.Therefore, by the way that the letter of the identity of user will be constituted Disassociation is ceased, the table only listed from access database and wherein is to realize identity theft to determine enough user informations It is impossible.

As example, user's social security number (SSN) for independently and with other information (name of such as user) being stored separately It is not useful to the identity theft being permanently present.In view of SSN is further encrypted into a series of not cognizable alphabetical sum numbers Word, system provide the method that two kinds of highly safe protections are stored in the information in data storage device.In an embodiment In, information is obtained using three individual data storage locations, and individual server connection can be used in each position To network, the individual server can be behind individual firewall.First data storage device may be configured to deposit Store up the username and password of user.If being successfully entered username and password, privacy key is generated, the privacy key will It is then fed to the second position, the second position is only used for storing the privacy key of each user.The third place can be tieed up Actual information being held, and must be unlocked with the privacy key from the second position, being read out with will pass through encryption mapping With related information subregion again.

Automatic user profile updates

Such disassociation, that is, data are decomposed into multi-disc, it can be as described above equally for per a piece of information Occur.In other words, it can be decomposed into sub-pieces per a piece of information, each sub-pieces is individually encrypted and/or deposited with unique key Logical connection of the storage in individual position, without arriving other sub-pieces.System can be configured in one embodiment Automatically classify any input information and be stored in the configuration file of user, without specific finger from the user Show.In addition, the information newly inputted will be used to update due to will continue to obtain user information during the normal activity of user Existing information, or it is added to the list of the value for same information field, user then can be in filling form from described List is selected.

The information of user can store the data storage location for being known as personal information safe-deposit vault in their own, and at it In be stored in the referred to as table of " customerFieldDefaults ".CustomerFieldDefaults table will usually contain useful The most current information at family.

Derive user information

In one embodiment, existing user profile data be can analyze to derive other relevant information. It can be by executing comparison or calculating to available data, such as by analyzing financial data to determine regularly receipts and expenditures Budget, to derive other relevant information.Furthermore it is possible to derive other relevant information, from external source to be user The more complete picture of some aspects to their configuration file is provided.For example, if user is by Asset List (including vehicle Time, manufacturer and model) it is input in their user profile, then system can be from external data storage device Or third party's service obtains the assessed value of vehicle.In another example, if user inputs a stowable art work Title, then system can obtain the additional information about the art work, such as artist, year built and estimation valence Value.This information can be used for filling in application for insurance or in the case where loss to the claim of article.

Analyze user information

In one embodiment, User Activity of the User Activity collector unit 106e monitoring of Fig. 2 when using system (information input, list are filled in), and descriptive code is made a reservation for simultaneously to generate, collect based on their activity and information It is stored in individual data storage location.The code can correspond to the current animation of user, demographics Overview, preference, financial balance and other parameters associated with the account of user, but not collect, disclose or damage theirs Specific information.These codes can then be used to determine for the user specific aim marketing strategy and other strategy, with In promoting third-party product and service provision, thus effectively preferably for their needs and phase to those products or service It hopes.The code can also have confidence value, this value and the code with form types, other related lists based on making With etc. related factor and a possibility that being applied to user it is related.

For example, it is related that a possibility that will entering university to the user can be generated in the user for completing university application Code, this sells the chance of university's Related product or service by then providing to the user.If user completes university Shen Please with financial aid application, then will enter the code dependent confidence value of university with the user is indicated and may rise to It is higher.This can be used to that the advertisement for being directed to its animation is presented to user in graphic user interface, such as university Advertisement.

The archive of institute's filling information

When information is filled into list by user, the reference of the final version to list can be stored in title by system For in the specific data storages position table of customerFieldContent.It specifically, is not to store position in individual data Set storage the entire form.But storage accords with the reference of list or record location.The information being stored in list can be locked, And it will not be updated in other users information update, and except non-user clearly accesses the list being previously completed, edit the table It is single itself and create new version.The list of the completion stored can be coupled with time and date stamp, to create in system Build the movable complete archive of user.

Shared family information and group's plan/corporation plan information

In one embodiment, can by the information of user with want to allow their part of configuration file to be shared Other related sides it is shared.For example, spouse, child, parent, brother and sister and other kinsfolks can share phase As information, address, telephone number, family's history etc. generally also will be by when above-mentioned every change in the project It updates.This by for avoid input kinsfolk between duplicate message convenience is provided, and allow to shared information the overall situation update And kinsfolk is allowed to cooperate in the application program of such as FAFSA (federal Student Finance free application).FAFSA application has Certain parts for allowing student to complete and need parent come the other parts completed.Another example is to apply for the child of university Another accessible siblings enter into the shared family information in the user profile of the siblings, Address, the name of parent, occupation etc..In addition, if family moves, then update of the one family member to home address It can be updated or provide for also having other kinsfolks for the same home address previously listed in same group Update.Similarly, the various employees of company can cooperate so as to the government for the company of completing or other applications or report；Another In a example, the database of the health records of a generation of family can be transmitted to second generation people with to second generation people provide about The information of latent gene health and fitness information.

In order to realize family or company's sharing option, the information from each family/corporator be can store in data In the independent safe-deposit vault in library, and database is by the link between the common information between being subsequently formed family/corporator, so as to Each member can maintain the privacy of its independent information.

III. electronic spreadsheet is filled

Select stored list

When user gets out complete list or document, if user can choose one of drying method.If list or Document is stored in the form database at system server, then user can be from document classification 902 or particular document 904 List selects list, as shown in the additional graphic user interface of the network-based application programming interfaces 900 in Fig. 9 A and 9B Out.In addition, user may be able to use research tool come searchable form or navigation category 902 with based on form types (finance, Science, health care etc.) find list.

Application extensions

In one embodiment, application extensions are provided for quickly accessing to be filled in application window The list seen, as shown in the additional illustration of the graphic user interface of the browser extension drop-down menu in Fig. 5.The extension Can be shown as icon, menu item, supplement or in the application menu or it is other place in addition display, and selection icon Afterwards, window is opened, the window have the information from user profile is filled into application window it is shown The option of field.The application program can be Internet-browser, word processor, image viewer, electrical form or drill Show software, but all without being limited thereto as these of example and embodiment example herein.

In another embodiment, as discussed in chapters and sections I above, application extensions be can also be used to from answering Information is extracted with the list, document or webpage shown in program window or it is augmented.This extract information can more than It is downloaded to the personal information database of user.

In another embodiment, application extensions can also be used to the connection for showing and allowing to modify user's storage People, CRM and/or contact associated information, it is above-mentioned it is every with such as in LinkedIn^TM、Facebook^TMOr Zillow^TMWebsite etc. It is related by the form fields of System Discrimination when being checked on third party website.In an example of this embodiment, work as user Check its LinkedIn^TMWhen one in contact person, show that pop-up or drop-down window, this window allow them to look into user It sees, modify the individual for directly add backing to them about unique and private information of the particular contact or by the information In customer data base, without with LinkedIn^TMOr LinkedIn^TMOther users share the information.Substantially, user It is annotated with the individual subscriber about the contact person to enhance LinkedIn information, and is safely stored in its information database The information is for personal use.In another example, as the user Zillow.com for being defined as operation program of real estate enterprise^TM On when checking particular list, show that pop-up or drop-down window, this window allow them to check, modify about the spy to user Determine unique and private information of house property or directly add backs to the information in their personal user's database.This allows Program of real estate enterprise user collects useful company information (for example, being demonstrated the list of the client of specific house property, listing details, exhibition Show timetable etc.), family can be used in this can be in operation more efficiently.

Third party application is integrated

Third party's service supplier can also will be merged into themselves application program the access of system, such as base In the application program of network or the mobile applications run on portable electronic device.For example, it is transported by academic institution It capable website can be by the Access Integration to system into their application program for being used for admission by application, so that entering a school in load After application program, user can log in and access their information then directly to fill application for enrollment in a school by website.In addition, mutually Networking shopping website can integrate the access to system database, so as to be ready to check out as user and from website buy commodity or When service, button, linking or verifying dialogue will select for user and then their information are filled into payment screen.

Integrated with third party application can provide additional safety for user because its can be configured so that The information of user can not be checked or store by obtaining third party's service supplier, but only when checking out from described in system database request Information, and then the information is deleted once trading and completing.

Application program can be provided as independent product or be provided as network-based products & services.In an embodiment party In case, application program can be provided as portable document format (PDF) and fill in device application program, wherein application program operation with Filling information in PDF document.PDF fills in device and can be network-based application program or be integrated into browser extension, such as first It is preceding to be discussed.Application program also can be provided as network-based form fillers, be designed to the table for completing to find online List and document.In addition, what system can be provided as running on smart phone, tablet computer or other portable electronic devices Mobile applications will allow users to complete list or other documents.Due to using small display and touch panel device difficult To input information, it is particularly advantageous with the ability of portable electronic device easily filling information.For example, using its shifting The user that dynamic device is bought is frequently found to be difficult to input their all contact informations and payment information on a small screen (other than it must remember the information).Immediately the ability for completing these ecommerce forms fields will be for mobile subscriber Particularly advantageous.In another example, go the user of first aid or emergency ward facility that may need to fill in several lists, and can It can be changed to be provided for the website of access list and using system of the invention come filling form field and online submission form. It can be independent based on mobile application program or be integrated into other mobile applications or native device application program. For example, in one embodiment, system can be integrated with the camera of portable electronic device, and user is shot The photo of blank form or document, and using system come filling form field, the document being then transmitted.

In another embodiment, third party application can be integrated to provide use with system and user profile Partially or completely transmission of the family profile data from system to third party's user profile, checks have without user The list of field in third party's user profile.For example, registration third party's service (such as social media can be required Service or E-business service) user their user profile that generates in system is transmitted simply by requesting User profile is completed to third party application and corresponding server and database.User can only need to select by Their all profile information instant deliveries to third party's user profile option, without checking correspondence In the network-based list of user profile.Instant delivery can be by allowing third party application by field name list Server is sent to complete, access database table is then stored in user profile to identify to correspond to by the server In matching field title one or more values.Matching field value will then be transferred back to third party application server With database to complete third party's user profile.

It can provide and other selected profile information is automatically sent to another list, database, dress It sets or the method for destination, and the method will eliminate user when filling in the information or sending it to another position The needs of form fields and content are looked back manually.

List completes indicator

In one embodiment, list can be provided for user and complete indicator, indicated according to user profile In information how much contents of list can be filled in.It can be displayed next in the possibility list list that user is just therefrom carrying out selection List completes indicator, determines which list is easiest to fill so that user can complete indicator based on list.The instruction Symbol can be symbol, color or even be only digital value, and indicating will be according to the letter being stored in user profile in list Cease the percentage for the field being filled out.List completes indicator for real-time update, and user is helped to select from form database List or the online web form of selection, the list are easiest to fill automatically and have less manual entry.Complete indicator Or how many has been mapped or has needed how many fields for working to complete not fill in the given classification of user's offer Instruction.

It is manually entered interface

Although system will fill its any field with information, certain fields void values or may can have multiple Value, in this case will not field described in Auto-writing.In this case, user must take certain action to fill out Fill field.For filling form field an embodiment can by voice, touch, gesture or input unit or more than Every combination is assisted.Voice and touch input, which are eliminated, carries out any hand to any information being input in list The dynamic needs keyed in.Voice input can by the microphone on computing device come using, and touch and gesture input can lead to Touch screen, touch tablet, image capture apparatus or motion capture devices are crossed to carry out.Input unit includes connecting with computing device Mouse, stylus or other peripheral units, allowance make a choice on a graphical user interface.

In one embodiment, being manually entered for the value of field can be completed by showing individual window, such as Pop-up or drop-down menu have and can use input unit for user come the option for the value said, touched or select.Interaction It may include one or more individual input types, the field on such as touch touch screen is then said with generating window Out from the title of the desirable value of field value list.List input field can also show have it is associated with system database Prompt or the window explained, to help user to complete list.In one embodiment, the touch input in field will be initiated to pass through By the input of voice, and " touch and keep " input will initiate to have the display of the individual window of multiple probable values.

To all occur when user profile does not have the value of field to the needs being manually entered, or even in system It is designed to appearance when criterion based on one or more selects best-fit value from multiple probable values.It can be provided for user There is no the options for being manually entered value in the case where value or in order to substitute the value of Auto-writing in specific fields.Citing comes It says, user can list multiple and different anaphylactogens (that is, egg, honeybee and cat) in their user profile, so that mark The form fields for being denoted as " food hypersenstivity source " may be too specific so that system can not be it is determined that automatically enter listed mistake Which value in quick source.The data of the previous user input carried out from other users can be used to determine that " egg " is most in system Possible candidate.However, will then be provided for user selection field with generate individual window and then from anaphylactogen list into Row selection so as to correct the selected option-for example pass through in the case where user is to the food irritability made of honey by " honeybee " or " honey " is added to list.If user is not directed to the field value of field name " anaphylactogen " storage, can To prompt the manual input field value of user, method is using physical keyboard or keyboard with touch screen interface, by one or more Select classification to provide option list in drop-down menu, or by simply speaking desirable value and speech recognition software being allowed to interpret Voice command and input value appropriate.User may also can say the Partial key word for form fields, this will then show Show the individual window with the probable value including the Partial key word.Can provide lookup algorithm with by keyword with it is possible Correlation is associated.

As previously discussed, it touches and an application of voice input will touch particular form field and then say should It is input to the ability of the value in field.Optionally, if system can not identify field name, user can say word first The title of section, this will cause system to be used for the value of said field name from user profile filling.If for field name Claim that field value is not present, then user can also then say the value of the field.If the value of input is newly to be worth, system Described value is stored in user profile for future usage.In an example, car insurance claim and needs are filled in The user of input identification numbers (VIN) can touch the field frame labeled as " VIN ", and then state " VIN number " Or similar command, system database will fill field with the VIN number of storage after this.In another embodiment, it selects Select the value to be filled in a field can also in relevant field Filling power.For example, in e-commerce checkout stage Period, online assistant prompt user to input credit card by showing the field with this title.Movement of the user at them Field is touched on touching device and is said word " Chase Visa ", and on the Chase Visa card number code of user, the card Name, card due date and card safety code (CSV) all inserted in the associated fields checked out on list.It is advantageous to user , they do not need to store any personal credit card number by any online assistant, however still can experience quickly and pacify Full shopping is checked out.In addition, not needing user when the credit card in user expires and is replaced or updated and remembering to access each Assistant's website, only for the variation of more neocaine, because these are stored entirely in a position and are securely stored in system data On library.

In another embodiment, if field has multiple probable values, user can touch or say Field name, and then touch, say or select by mouse input the value shown in drop-down menu or the like to arrange One in table.Similarly, if multiple fields have same name but are located in the different sections of list, user can be with It says the title of section and then says the title of field, to select the value for required specific fields.In addition functionality Including touching or saying form fields and then carry out the ability of search value using keyword.

Other than the input of gesture, touch and voice, field value be manually entered can also by configured with gyroscope or Certain types of movement in the device of accelerometer carries out, the gyroscope or accelerometer can detecte displacement and Speed.In one embodiment, user can shaking device (such as smart phone or tablet computer) to allow use Find or fill certain fields in family interface.For example, user can be with shaking device to fill bank's list, and particularly Gesture (such as vertical inclination) will find specific fields title and provide window and several options for user to fill out field value Being charged to field name, (such as list of credit card field title and different credits card, user can select from the list To be used for electronic transaction) in.

In another embodiment, if the entire form or if one or more fields in list are not yet being Complete Mappings and/or storage in system then user can touch or say each unmapped field name, and are then touched One in the list of classification, subclass and particular category Database field is touched or says, so that this form fields is associated with Database field.System machine intelligence algorithm also can be used collect and correlation form field to Database field multiple use Family mapping, and then will associated with list field mapping storage into form database, accurately mapped to provide New table uses for all users of system.This embodiment permission system user, which is independently added and mapped, to be not currently in New table in system is so that all system users are benefited.In addition, this allows system user independently to reflect web form field It is mapped to the database classification field of the web form for not yet making its field be mapped (association) in systems, so that all systems The user that unites is benefited.

Storage modification

In one embodiment, if user changes the field of specific fields manually after system has been filled with field value Value, then system will point out the value changed, and in system database, preferably in the information safe-deposit vault of user profile It is middle to store the value newly inputted.Therefore user can automatically update their configuration text when changing the information being input in list Part.

Methods and applications

Although several applications of system and method have been described above, the application of system and method be should not be considered as limited to This.System and method, which can be specifically for use in, to be completed with a variety of form fields, needs bulk information or have similar or enable The complicated list and document of people puzzled title and field identifier.University application, loan application, for family's legal affairs Receipts and expenditures are declared, many lists needed for health care list and small business owner are potentially to apply, these applications will There is provided and significantly improve in terms of saving time and information accuracy by using exemplary system described herein (needless to say it is slow Solve dejected or reduction redundancy).

The embodiment for obtaining, classifying and fill the method for electronic spreadsheet is illustrated by the process in Figure 12.? In one step 202, information is obtained from one or more information sources of such as existing list, third party API.Then in step Classify information at least one field belonging to the determination information in 204 and makes the information and described at least one A field is associated.Then multiple associated information fusions into user profile and are safely deposited in step 206 Storage is in one or more databases.When user requests through one in client end interface to complete list, in step 208 The middle information by user profile matches with the form fields on list and information is filled on list.In step 210 In, if the manual input value of user, into any form fields, and these values are different to that currently stored in their safe number According to the user information in library, then these new values will be saved in the safety database of user.User can optionally be updated Configuration file to reflect that new value is the default value or major value of the field.

IV. computer implemented embodiment

Figure 13 is the block diagram for showing the embodiment of computer/server system 1300, in the computer/server system The embodiment of the method for the present invention may be implemented on system 1300.System 1300 includes computer/server platform 1301 comprising The processor 1302 and memory 1303 to execute instruction are operated, as known to those skilled in the art.As used herein Term computer readable storage medium refers to that participation is provided to processor 1302 and instructs with any tangible medium for execution, all Such as disk or semiconductor memory.In addition, computer platform 1301 is from such as keyboard, mouse, touching device or verbal order Multiple input units 1304 receive input.Computer platform 1301 can be alternatively attached to mobile storage means 1305, such as Portable hard disc drives, optical medium (CD or DVD), magnetic disk media or computer can therefrom read appointing for executable code What his tangible medium.Computer platform can be connected further to Internet resources 1306, and the Internet resources 1306 are connected to Internet or local public or private network other component.Internet resources 1306 can from the remote location on network 1307 to Computer platform provides instruction and information.To Internet resources 1306 connection can via wireless protocols, such as 802.11 standards,Or cellular protocols, or via physical transmission medium, such as cable or optical fiber.Internet resources may include For the storage device in the position storage information and executable instruction that are separated with computer platform 1301.Computer and display 1308 interactions request other instruction and input to user with to user's output information.Display 1308 therefore can be with As the input unit 1304 for being interacted with user.

V. other feature

Certain embodiments as disclosed herein is provided for data, the secure storage of voucher and encryption key and management (tool For body include client end point protection) method and system.It will appreciate how to realize after reading this disclosure and be replaced various For embodiment described in implementation.In addition, although this document describes various embodiments, it will be appreciated that these are implemented Scheme is only used as example rather than limits to present.Therefore, this detailed description of various alternate embodiments should not be construed To will limit the scope of the appended claims or width.

Co-pending U.S. Patent Application No. 14/863,294 (' 294 application), the disclosure of which is as completely illustrated that Sample is incorporated herein in entirety by reference.' 294 applications describe the high-speed data processing for safety, access, recovery and biography Defeated system and method are related to as described herein to the segmentation of data, Individual encryption and dispersion.For example, such as It, can be first by the data disassociation in medical records, logically so as to for example various fields described in ' 294 applications It is uncorrelated.The field of disassociation can be then decomposed into subfield or part (segment).Then it can upset this little word Section, so that people allows to intercept and capture subfield or obtain also be readily determined in subfield the access of subfield Hold.Then for example these subfields individually can be added using different encryption keys for each subfield or segment It is close.Then it by the subfield individually encrypted " fragment " and can be stored on different storage devices or position.

Figure 14 is the reproduction of Fig. 1 of ' 294 applications, shows the exemplary system that can carry out described process.But such as With reference to described by Figure 14, the process commonly respond to the order initiated on client terminal device or endpoint 110 or request and Occur on security platform 120.Security platform 120 then stores the segment of encryption on various storage devices or position 140-170. Although position 140 in local or can be connected locally to device 140, the process described in ' 294 applications not necessarily cover from Endpoint 110 arrives the link of platform 120.

Co-pending U.S. Patent Application No. 14/970,466 (' 466 application), the disclosure of which is as completely illustrated that Sample is incorporated herein in entirety by reference, and describes the decentralized data of the data for being subjected to the process that ' 294 apply The system and method for retrieval.Figure 15 is the reproduction of Fig. 1 of ' 466 applications, is shown for carrying out decentralized data described herein The system of retrieval.As with reference to described by Figure 15, it can be related in local although decentralized data is retrieved or be connected locally to endpoint 110 Storage device or position 140, but process described herein is generally unsuitable between endpoint 110 and server 120 and 180 Link.

U.S. Provisional Patent Application No. 62/281,097 (' 097 application), has expired, the disclosure of which is as completely explained It states and is incorporated herein in entirety by reference like that.' 097 application describes secure storage and pipe for voucher and encryption key The system and method for reason.Figure 16 is the reproduction of Fig. 1 of ' 097 application, and process described in it can be carried out above by showing System.As referred to described by Figure 16, although the secure storage and management of voucher and encryption key can be related to connect locally or locally It is connected to storage device or the position 140 of endpoint 110, but process described in it is generally unsuitable for endpoint 110 and server 120 And the link between 180.

In system and method described herein, the process described in ' 294, ' 466 and ' 097 application can be at edge Locate (that is, on client endpoint 110 as shown in Figure 14-16) to realize.For example, it can load an application into Device 110, allow data be saved in local or locally-attached storage device 140 different piece and from it is described not It is retrieved with part, as described in attachment, or data is saved and store multiple storage device 140-170.Cause This, if the user of device 110 creates document, video, picture etc., user can call application program with store document or File.This can be related to carrying out above and all steps described in attachment to store segment to storage device with a scattered manner Different location or storage in 140 is to the different location on memory 140-170, as retouched above and, for example, in ' 294 applications It states.Similarly, application program, which can be executed, retrieves the distributings of data or file as described in ' 466 applications, and can be with Enforce the management to voucher and encryption key as described in ' 097 application.

Therefore, when data are saved in multiple storage devices, the process transmitted so as to before storing individually The fact that encrypt all segments also ensures the safety of the transmission of the data to those devices.In other words, data element It is all segmented at device before being transmitted and guarantees safety.It is doing so main benefit is that, be not necessary to guaranty that logical Believe the safety of channel, and common open to the outside world connection can be used.For example, instead of using slower and more expensive TLS Faster non-encrypted channel can be used in secure browser transmission.Data packet will contain safe segment.This is suitable for all classes The transmission of type, rather than just the transmission based on browser: can be radio, FTP, bluetooth etc..

Application program can be rendered as the button in toolbar or drop-down menu, so that when user is in their device 110 On document or file in when, as shown in Figure 14-16, they can simply press in associated application program or net Button, icon in network browser etc., and can correspondingly store document.It then can be on device 110 in some way Show document or file, this mode indicates to have used deposits with process described in ' 294, ' 466 and/or ' 097 application above Store up the document or file.When user accesses the document or file again, apply above with ' 294, ' 466 and/or ' 097 Described in retrieving can occur automatically.In certain embodiments, user can also about wherein store it is all or Some various dispersion preferences of Piece Selection.

In other embodiments, clicking by right key to select described stored on file can be used for example Journey.In other other embodiments, application program, which can automatically determine, to carry out storage file using this class process.Another In outer others embodiment, the default value of All Files, certain files, certain form of file etc. can be set to use this Class process.

The user of device 110 as shown in Figure 14-16 often will finally be desirable for some form of long-range storage, It is frequently referred to as cloud storage, to be stored at least some of the file created on device 110.Related to this cloud storage service The application program run on the server of connection can be configured to with the similar mode of describing mode for example in ' 294 applications Execute process described in ' 294, ' 466 and/or ' 097 application.But as described above, between device 110 and this server Link will be not necessarily safe；However, as described herein, described process can be run to content in local first, then Transfer data to cloud or intermediate endpoint.There may be many centres " endpoints " before finally for example reaching cloud.Single client Holding cloud is only a kind of topology.For example, there may be the network of several nodes, the node is all respectively used and is retouched The system and method stated communicate with one another to guarantee the safety of its data before being transmitted.It then can be in cloud service with dispersion side Formula stored fragments.Therefore, even if data are on the way trapped and otiose.

In certain embodiments, application program can be configured so that when user attempts storing data or from cloud storage Automatically described process is executed when service retrieval data.Moreover, application program, which can be configured so that, detects static text Shelves or file, that is, do not interact within certain a period of time with document or file, and then process described in automatic running with Protect document.When user then contacts the document or file again, process appropriate can be run to allow to the text The access of shelves or file.

In certain embodiments, described process can for example execute file in local, and then in file It is executed again when being sent to such as cloud and/or intermediate device.

In certain embodiments, the shared and cooperation of the document stored using described process can be used and for example exist Verifying described in ' 097 application is realized with credential management process.Therefore, access can be authorized to certain individuals, will then made It is authorized described in for example being managed based on the voucher security key generated for being assigned to those individuals.

When local storage is the dangerous storage device of such as usb driver, obtained separately from described process One important benefits.In this case, storing data into device using described process may insure even if data quilt The individual or entity of mistake access, and data are not available yet.It should be noted that in certain embodiments, being configured in local layer The local application that grade executes described process may reside on this local storage, such as USB memory device.

In certain embodiments, local application also may be configured to provide the protection to e-mail attachment. It is dangerous for sending attachment via e-mail, because additional document can be intercepted and captured simultaneously by any hacker with enough knowledge It reads.Process described herein can be realized to this kind of attachment, in such a way to protect attachment from by addition to both Determine anyone reading except recipient.In general, local application is not interfaced with email traffic or encrypted electronic Main body of mail itself.But the attachment sender with local application can be intended to additional document fortune to them The described process (thus sending public Cloud Server for the document) of row.Application program then can be generated to the text The access link of shelves.The access link then can replace actual document and be sent to recipient with Email.Recipient connects Can click the access that they receive and link to download and decrypt original document.This may require that recipient also has this certainly Kind local application retrieves attachment to allow recipient's device according to described process.

In other embodiments, all local applications as described above also can permit to Digital Media (text Shelves, books, audio, video etc.) the controlled of frame or section sequentially " check " or " playback ".It is authorized in this kind of embodiment And the user of the subscriber or the device 110 as shown in Figure 14-16 verified can only retrieve and check shown in media Their frame or section individually in order has been transferred to when (or broadcasting).In addition, proceeding to next frame in subscriber Or after section, the frame being previously played or section are stored again automatically using described process or by its permanent delet.Cause This, in either case, only the Digital Media of minimum is decrypted and is assembled for subscriber's consumption, to make pirate or not Authorized consumption minimizes.This, which can be optionally extended into, is also awarded by returning to the consumption feedback mechanism of transmission sources to limit It weighs to be further transferred to the amount of the frame in order of subscriber that is verified and authorizing or section from transmission sources.Value is All types of Digital Medias are more safely spread, from consumer data to top secret data.

Therefore, before being transmitted, can by this Digital Media decompose be independent section or frame, and then using pair The described process that each of those sections or frame, which be segmented ,/encryption/disperses, is then communicated to such as institute in Figure 14-16 The edge device 110 shown.After retrieval, each section or frame can be transmitted every time with technology in order to reformulate structure At the section or the base slice of frame.

As described therein, the Fig. 4 for being reproduced as ' 097 application of Figure 17 herein is shown according to various embodiments The block diagram of wired or wireless system 550, the system 550 can be used to realize the client terminal device as shown in Figure 14-16 110.Therefore, this system 550 will not be discussed in detail here.

VI. key exchange method

When new equipment (such as IoT device) is added to network, a kind of mode is needed to verify described device.This public affairs The various aspects opened are provided for integrating any amount of key exchange method (the built-in key exchange process including device) Method to promote this operation.Such as in the case where data stream type transmission between two, this ability is realized Authenticated communication between described device.Once establishing communication between two, key exchange method and exchange frequency It can move based on performance requirement and in response to any amount of condition (such as, but not limited to Information Security threat level) State variation.Crypto engine interactive operation and can be dynamically layered with other key switching solutions, other described keys are handed over Changing solution includes private/public exchange between the devices, the such as, but not limited to Diffie- used in TLS Hellman agreement.By using security key and maximizing key specific rotation for data-oriented collection, may be implemented higher Safety grades.

Figure 18 is the flow chart for showing the method 1800 for exchanging key of the various aspects according to the disclosure.With reference to figure 18, at frame 1810, it is based on current crypto algorithm parameter and seed, each device (such as first device and second device) can be with Establish shared key.Those skilled in the art will be appreciated that and can use without departing from the scope of the disclosure More than two device.

At frame 1815, shared key can be used, the data set on first device is encrypted, and at frame 1820, First device can be by encrypted data transmission to second device.At frame 1825, shared key logarithm is can be used in second device It is decrypted according to collection.At frame 1830, it can determine that key regenerates criterion, the criterion indicates whether to regenerate Key.At frame 1835, criterion can be regenerated for each data set assessment key.At frame 1840, it can be determined that The no key that meets regenerates criterion.In response to determining that being unsatisfactory for key regenerates criterion (1840- is no), at frame 1845, Can monitor indicate when should regenerating key condition, regenerating criterion until meeting key at frame 1840 is Only.It can be generated at frame 1850 for next key in response to determining to meet key and regenerate criterion (1840- is) New Encryption Algorithm parameter and method can continue at frame 1810.Key, which regenerates criterion, can identify possible encryption Algorithm and special parameter for Encryption Algorithm.

VII. encrypted data transmission

According to the various aspects of the disclosure, encryption data can by unique encryption by it is multiple and meanwhile client mesh Ground transmit, including but not limited to stream, file system and/or cloud.Encryption data may be directed to any amount of purpose The stream format that ground, such as decryption arrive video player, or as one group of segment being securely stored on file system or cloud. There is project to be encrypted can be in any amount of data format, including but not limited to file is (for example, Word document, photo are literary Part, virtual machine file etc.), key-value is to (for example, simple characters string, such as JSON or being suitable for storing form data, application The extended formatting of program setting and preference) and stream (for example, video or data feeding).

According to the various aspects of the disclosure, each object can be split as smaller segment, to realize for each right The reduction of the overall transmission time T of elephant, when realizing up to 8 to 15 times of transmission fastly than the conventional available time in some cases Between.The segment of object can be only encrypted once, while increase safety by utilizing the unique key for being used for each client Property.This method is even if can also provide feature performance benefit when sending multiple client destination for encryption data.Each mesh Ground can have unique decruption key to access data.Multiple Safety output streams of multiple destinations can be created to, together When minimize hardware resource requirements.Data are segmented, are encrypted and transmit between computing devices may be implemented it is low To time and complete data encryption.According to the various aspects of the disclosure, the method can be scaled to support multiple client, To maintain unique privacy key between each client and be carried out for each set client to inventory different Encryption.

Figure 19 is the sequence chart for showing the encrypted data transmission sequence 1900 according to the various aspects of the disclosure.With reference to figure 19, at frame 1910, the client software run in each client 1902,1903 communicates with server 1901 and starts close Key exchange process.At frame 1915, server 1901 is from source read block, such as the sample of a frame of video flowing, audio This etc., the source can be file or data pick-up, including but not limited to camera, video sensor and/or audio sensing Device.At frame 1920, server 1901 splits data, to create data slot.At frame 1925, server is directed to client 1902, each of 1903 inventory being generated, the inventory contains the unique-encryption key for each of data slot, And other data.At frame 1930, server 1901 is come using the key exchange message from each client 1902,1903 Creation is used for the unique secret key of each client 1902,1903.At frame 1935, server 1901 is used for each visitor The unique secret key at family end 1902,1903 encrypts inventory.

At frame 1940, the inventory of encryption is transferred to each of client 1902,1903 by server 1901.Ability The those of ordinary skill in domain, which will be appreciated that, can be transferred to different data each client 1902,1903, and therefore can be generated Different inventories and each of client 1902,1903 is transmitted to by server 1901.Server 1901 is to data slice Duan Jinhang encryption, and the data slot of encryption is transferred to set client 1902,1903 at frame 1945.In frame 1950 Place, the inventory to be received such as client software run in client 1902,1903, and using unique secret key to inventory It is decrypted.At frame 1955, each client 1902,1903 has received inventory to the confirmation of server 1901.In frame 1960 Place, each client 1902,1903 monitor the data slot of encryption, and using data contained in inventory to each data slice Section is decrypted.At frame 1965, each client 1902,1903 sends the secret for being used for next inventory to server 1901 Key seed.

The sequence of Figure 19 can be repeated for each data block read from client.Data slot can by client with Any order receipt, and will re-assembly and handle with proper order.Server can repeat institute for next data block Sequence is stated, is all started at frame 1920.For each data block, the corresponding inventories to be received such as client is incited somebody to action.If service Device does not receive inventory confirmation from client, then server will detain next data block, until receiving confirmation or Until timeout interval has expired.If client receives imperfect or inaccurate inventory, can notify to service Device retransmits the current inventory of new secret key encryption.If client receives imperfect or inaccurate data slice Section, then server can be notified to retransmit current data block.

VIII. data encryption speed

According to the various aspects of the disclosure, preprocessor by the preparatory cutting of big file or can be decomposed into smaller, so After carry out segmentation and ciphering process.Adjoint preprocessor can recombinate the file after decrypting and releasing segmentation.Pass through Data object is split as smaller segment and encrypts those individual segments across multiple processor threads, speed advantage can be obtained (for example, 5 times to 15 times), without reducing cipher key size or in addition damaging safety grades.It will be big before segmentation and encryption File " cutting " (that is, decomposition) is smaller and is then recombinated after releasing segmentation and decryption, can increase performance And permit handling great data object on the device with finite memory.

Figure 20 A is the method for increasing enciphering rate for pre-cut divided data for showing the various aspects according to the disclosure 2000 flow chart.With reference to Figure 20 A, at frame 2010, data cutting criterion can be determined.It, can be based on true at frame 2015 Fixed cutting criterion assesses the cutting of data object.At frame 2020, may determine whether can be with cutting data object.Response Can be with cutting data object (2020- be), at frame 2025 in determination, server can decompose data object or " cutting " is Smaller data slice, and at frame 2030, it can encrypt and send each data slicer.At frame 2035, server can be incited somebody to action Each data slicer is split as data slot, and can encrypt to data slot.It can be by data disassociation from simultaneously Dispersion is for storage in one or more storage locations.

Figure 20 B is the flow chart for showing the method 2050 for recombination data file of the various aspects according to the disclosure. With reference to Figure 20 B, at frame 2060, the data slot of encryption can be decrypted.It, can be by the data of decryption at frame 2065 Segment releases segmentation and reassembles into data slicer.It, can be by slice graph display at data object at frame 2070.

IX. encryption key management

According to the various aspects of the disclosure, key can be spread to the key resided in native operating sys-tern and deposited by system Storage.In some cases, for example, in the event of a network outage, device may not be able to access remote user and key or Similar license service.Remote service can be used when logging in examine the licensing voucher of user, such as user name and Password.In the not available this kind of situation of remote service, client software can pass through the encryption key on access local device It is stored in local confirmation user credential.System can fill and manage this local key storage as backup for fighting net The flexibility arrangement that network interrupts.

System can deliver key management (KM) software, including all expected most advanced abilities.However, when arriving key pipe It is not to be shut down because of Key Management server, but because remote-control device is due in network when managing the communication loss of server Disconnected or some other connectivity problem are without can connect to the server.If it is wherein system client software such as above-knee It runs on the device of type computer or other computing devices with network function and is lost to the connection of Key Management server The situation of mistake, client software continuation encrypt/decrypt to data on such devices.Connect in remote cipher key management server In the case where connecing loss, client software will generate local key storage as backup in operating device.Local key storage May be configured to maintain user needed for specific key or key-encrypting key, including required any other user with Card.Key storage itself can be encrypted and only use for verified user.

Figure 21 is the flow chart for showing the method 2100 for managing encrypted key of the various aspects according to the disclosure.Ginseng Figure 21 is examined, at frame 2110, can determine whether the connection of Key Management server can be used.Key management is arrived in response to determining (2110 are) can be used in the connection of server, and at frame 2115, client can be communicated with Key Management server to access encryption Key.

In response to determining that the connection for arriving Key Management server is unavailable (2110- is no), at frame 2120, visitor can be determined Whether family end, which has permission, utilizes local key storage.Local key storage (2120- is utilized in response to determining that client has permission It is), client can access encryption key from local key storage.In response to determining that client does not have permission using local key Storage (2120- is no) can stop data encryption at frame 2130.

X. composite safe key

According to the various aspects of the disclosure, user and cipher key technique can support to use and/or (AND/OR) Boolean type is patrolled The compound key collected.By introducing Expression formula come the visiting demand of control key, system extends the concept of compound key. Any amount of sub-key can be used to define compound key.In order to keep compound key effective, integrant son Key should all exist and correctly at least one of (Boolean type with) or sub-key should exist and correct (Boolean type Or).There may be any combination for the Boolean type construction for being used to define effective key.

According to the various aspects of the disclosure, the visiting demand that Expression formula carrys out control key can be used.Key can be with Any combination with Boolean type expression formula is to limit or the ability of control key.For example, the access expression formula of key can To be described as (Alice AND (Bob OR Carl)), and only allow Alice in the case where cooperating progress with Bob or Carl Unlock file.Compound key also may include unlimited various other conditions, and rather than just user name, the condition includes geography Position, clock time and hash checks and.For example, (Alice AND (Bob OR Carl) AND ACCESSTIME IS EQUAL BUSINESSHOURS) limitation only can be added to the business hours.In addition, may include can base for cipher key access expression formula In the dynamic condition that external condition changes, whether the external condition is such as, but not limited to security threat grade higher.It lifts For example, (Alice AND (Bob OR Carl) AND SECURITYLEVEL IS EQUAL (NORMAL OR LOW)) can be with Only allow to access when safety conditions are in normal or inferior grade.The access that these expression formulas allow to have high response ability Control, to automatically keep data safety when condition quickly changes during hacker attack.The ordinary skill of this field Personnel will be appreciated that can be used other combinations without departing from the scope of the disclosure.

Figure 22 is the flow chart for showing the method 2200 for assessing compound key of the various aspects according to the disclosure.Ginseng Figure 22 is examined, at frame 2210, for each attempted data access, can determine the access expression formula for security key. For example, access expression formula may include any combination of Boolean type expression formula and/or external condition.It, can at frame 2215 To assess the access expression formula for being used for security key comprising any desired external condition.At frame 2220, it can be determined that No satisfaction access expression formula and/or external condition.

In response to determining that being unsatisfactory for access expression formula and/or external condition (2220- is no) can refuse at frame 2225 Security key and data access can be vetoed.Meet access expression formula and/or external condition (2220- is) in response to determining, At frame 2230, can accept the interview key and allowing data access.

XI. data access limits

According to the various aspects of the disclosure, encryption data may include any amount of access limitation, including but not limited to User role, compound key, geographical location, access time, access time length, the access order relative to other keys.When When being unsatisfactory for certain conditions, effective user conversation originally can be limited, prevents it from accessing data.These conditions can be any Ground defines and is assigned to any data items.For example, if specific data project should be only from the use in some geographic region Family and one day some time access, then system would not allow for user to access this in the case where not meeting these conditions Data file.System can provide certain " canned " Limit Types for convenience, but can also add other limitation.

Access limitation is applied to data element level by system.This method can make maximum flexibility, wherein for example What each data items of social security number can have own may be different from the group access limitation of another social security number.In addition, Access limitation can be arbitrary, and be can be expressed as Boolean type expression formula and be stored as metadata.All access are limited It is segmented, encrypted, disassociation and dispersion are to prevent hacker from finding or changing the limitation.

Figure 23 is the flow chart for showing the method 2300 for restricting data access of the various aspects according to the disclosure.Ginseng Figure 23 is examined, at frame 2310, the request of access data can be initiated.At frame 2315, the visit for access data can be determined Ask limitation and/or condition.Access limitation/condition can include but is not limited to user role, compound key, geographical location, access Time, access time length, the access order relative to other keys.At frame 2320, it can be estimated that access limitation and/or item Part.At frame 2325, it may determine whether to have met access limitation/condition.

In response to determining that not yet meeting access limitation/condition (2325- is no) can veto at frame 2330 to data Access.In response to determining that the visit to data can be permitted at frame 2335 by having met access limitation/condition (2325- is) It asks.

XII. hacker attack

According to the various aspects of the disclosure, Fast Detection Technique supports " honey jar key ", and the honey jar key is when in use Required movement, such as, but not limited to alarm, key rotation etc. will be triggered.Honey jar key is to leave hacker and/or illegal software for It was found that exposure key.

Effective access key and voucher are necessary to the data that user correctly accesses by system protection.If used Incorrect key accesses any data, then fast algorithm of detecting can trigger anomalous event.The key may include can It finds and attempts " honey jar " key used and legitimate user to leave hacker for and be forced " the stress key " of input.By not Anomalous event caused by key correctly or incorrectly can be used to automatic rolling key, shield user, and remind Security Officer.

Figure 24 is shown according to the various aspects of the disclosure for detecting hacker attack and making sound to hacker attack The flow chart for the method 2400 answered.With reference to Figure 24, at frame 2410, data access request can be initiated and described in being received as system Data access request.At frame 2420, it can be verified that with data access request access key provided together.For example, Fast algorithm of detecting can be applied to access key.At frame 2430, it can determine that access key is for requested data It is no effective.In response to determining that access key effectively (2430 are) can authorize the access to requested data at frame 2440.

In response to determining that access key invalid (2430- is no) can veto the visit to requested data at frame 2450 It asks.At frame 2460, response protocol can be initiated.For example, response protocol may cause to initiate the use of data access request Family is nullified completely, can only veto the access to requested data project, or can permit the only visit to limited data set It asks.Optionally or additionally, agreement can notify that the access with ineffective access key is attempted and/or rotation adds to system manager Key and/or closing system.

XIII. software is extorted

According to the various aspects of the disclosure, prevent that extorting encipherment protection may include " canary file ", the file is by being System is used to determine whether system is unexpectedly changed before being operated to data for example to create backup archive.System System, which is made, extorts that software attacks will occur it is assumed that and correspondingly making schedule backup for restoring.However, should not be standby Part pays through the nose the damage file of software virus.For using system to back up on network to the hard disk drive of user Enterprise, use " canary file ", the file is the small documents being dispersed throughout on the hard disk drive of user.If these are golden Any of silk sparrow file is lost or is modified, then this is the instruction that driver has been damaged.Before executing backup, it is System will check canary file, to prevent the backup to infected driver (and may be to a upper good backup Overriding).In order to restore from attack, upper one good archive can be decrypted to replace infected hard disk drive Content.

Figure 25 is to show to extort software attacks for detecting according to the various aspects of the disclosure and attack to software is extorted Hit the flow chart of the method 2500 responded.With reference to Figure 25, at frame 2510, visited in first time of the system to disc driver When asking, system can install one or more canary files.For example, small known file can be dispersed throughout disk drive On device.It, can be by examining whether canary file effectively executes the status checkout of disc driver at frame 2520.Citing For, the canary file of installation can be compared with the anticipated number of canary file and content.It loses or is modified Canary file may be instruction that disc driver has been damaged.

At frame 2530, can determine disc driver whether paid through the nose software infection.For example, system can be with Determine whether any of canary file is lost or be modified.In response to determining that disc driver is not infected (2530- It is no), at frame 2540, disc driver content can be encrypted and backup to another disc driver to another magnetic Disk drive.

In response to determining that disc driver has been infected (2530- is), at frame 2550, disc driver can be postponed Backup.Postponing disc driver backup prevents good copy known to upper one of substitution disc driver content.In frame 2560 Place, can trigger alarm to notify infected disc driver to administrator.It, can be from the version of previous backup at frame 2570 This recovery disc driver content.

XIV. encryption data is searched for

According to the various aspects of the disclosure, the acceleration access for data to be carried out with preindexing records (AAR) and needs to be marked The data drawn are stored separately, and can be excavated by third party software to provide analysis and report.AAR is the search note of optimization Record, is desirably integrated into third party's research tool, to provide advanced analysis and report.For safety purposes, these are searched for Record can be stored separately on another server by system.This second server of same operating system security software can With with individual validation layer, so that third party be allowed to access and/or third party's research tool.

Figure 26 is the method 2600 for realizing the search to encryption data for showing the various aspects according to the disclosure Flow chart.It is stored data on disk in systems at frame 2610 with reference to Figure 26.At frame 2620, data can be checked To determine whether data should can search for.In response to determining that data are not intended to be (2630- is no) that can search for, in frame 2640 Place, system can encrypt and backup disk content.

In response to determining that data should be (2630- is) that can search for, at frame 2650, system can will accelerate access note Record (AAR) is added to the remote server driver in system.At frame 2660, when searching for data, accessible AAR is to search Rope encrypted content.

XV. data encryption

According to the various aspects of the disclosure, it can store by all data of system encryption and organize to can define to user In one group of position, the position is known as virtual pin container (Virtual Cryptological Container, VCC).Add Ciphertext data can disperse on multiple data storage devices in the VCC.The span of these VCC can be from such as, but not limited to USB The single device of stick can have the definable position of dynamic up to multiple data centers.These VCC are to other devices Unwarranted repositioning can be arrived by system detection, and any amount of movement can be triggered, including disabling access It is rotated with key.

VCC may be configured so that it exists entirely on single driver or exists across multiple data centers and format In on multiple drivers.The flexibility of this method, which is originated from system, can make Storage Virtualization so that application program is not relevant for How to store or wherein store encryption data.Application program is only with system interaction for sending data to be encrypted simultaneously And for retrieving the data to be decrypted.System can manage one or more storage locations.Some benefits of this method Place may include:

VCC can be existed entirely in single hard disk drive, make it easy to safely be transported to the drive of another hard disk Dynamic device.For example, VCC can be placed on USB stick, and keep completely encryption, until accessed using system the VCC this Until when sample.

VCC can have limits its label used in some cases.For example, VCC can be encoded into only It works when being located in specific driver or hardware mac address or some other sig ID.VCC can be restricted to only when It works when being accessed from specific geographic position or one day some time or some date.System will not be able to carry out data Encryption or decryption, unless meeting these VCC conditions.

VCC make application program require no knowledge about underlying storage medium be what and for the medium specific API What is.For example, it is understood that there may be many cloud data storages, such as Amazon S3 and MS Azure, all of which have only One API, the API must be integrated into application program before it can use those services.System can be to including direct The all that the Save option stored on device provides single API.

Duplication and Backup options are promoted by using VCC, and may exist a variety of options.For example, if VCC is completely stored on the single device of such as tablet computer, then VCC can be periodically duplicated and stored in device It is outer to be used as backup.If the span of VCC is multiple storage locations, system may be configured to request each storage real-time Copy to parallel VCC.Basic data storage (for example, Amazon S3 cloud) can also enable the backup procedure of themselves, institute The process of stating will seamlessly work together with system.

Figure 27 is shown according to the various aspects of the disclosure for storing encryption data using virtual pin container Method 2700 flow chart.With reference to Figure 27, at frame 2710, it is possible to specify installation configuration file comprising to available storage The pathname of each of position.Storage location can on the hard disk drive on device, can be on the lan or across WAN or can be combinations of the above to the loading driver of long-distance cloud service endpoints.Installation configuration file can also refer to Determine other systems option.

At frame 2720, system can star, and at frame 2740, can establish VCC.For example, system can be read It takes installation configuration file and establishes VCC for subsequent access.At frame 2750, accessible system is to encrypt data Or decryption.For example, need the application program for being encrypted or being decrypted to data that can make API Calls to system.In frame At 2760, data can be encrypted or be decrypted via VCC by the request of application program.For example, system can pass through Simultaneously storing data or retrieval are encrypted in the VCC and decrypt the request that the data of storage in the VCC carry out executing application.

XVI. other feature

According to the various aspects of the disclosure, system may include security engine, the ability with adjustment procedure restrictions.System System can be configured with the unlimited AES-128 for producing mouth or lower password.Optionally, system is configured to FIPS The library 140-2 or external encryption hardware device.System is simultaneously not tied to any Crypted password, and therefore with the needs of user and It is required that and adapting to and growing up.For example, for the user of its country for exporting strong cipher library in no normal direction, system can be matched It is equipped with the library permitted under U.S. export law.

In addition, system can be used as centralized server or encryption equipment to operate, and have the ability in end-point devices Operation is to protect data after capturing data.According to the disclosure, data slot can receive tampering detection after receipt, to disappear A possibility that on the way changing data except hacker.When receiving individual segments, system verifies the segment.Several sides can be used Method executes this verifying, the AES-256 encryption including but not limited to based on GCM.Fail to be known by the segment of this verifying It Wei not distort and will be rejected.Depending on configuration, FHOOSH will be responded in many ways, such as key rotation, connection Terminate or retransmit the segment.

Although various embodiments have been described above, it is to be understood that only as example rather than limiting these realities are presented Apply scheme.Width and range should not be limited by any of above-mentioned example embodiment.Ability is mentioned in this document The those of ordinary skill in domain will be appreciated that or known technology in the case where, this kind of technology covers now or when following any Between those skilled in the art will be appreciated that or those of known technology.In addition, described embodiment be not limited to it is shown Example architecture or configuration, but required feature can be used a variety of substituted systems structures and configuration to realize.Such as this The those of ordinary skill in field is after reading this document it will be appreciated that, shown embodiment may be implemented and theirs is various Alternative solution, and it is not limited to shown example.How those skilled in the art are it will also be appreciated that substitution can be utilized The required feature of described embodiment is realized in function, logic or physical segmentation and configuration.

Although plural form is also considered as in addition, can be described or claimed in element or component with singular Within its scope, it is confined to singular unless explicitly stated.Such as " one or more ", " at least ", " but being not limited to " Or the presence of the scalability word and phrase of other similar phrase in some cases is not construed as meaning may not have The narrower situation of range is desired or needed in the case where this kind of scalability phrase.

Claims (85)

1. a kind of method for storing the first data object comprising:

On client terminal device, first data object is decomposed into first associated with the first original record finger URL Section and the second segment associated with the second original record finger URL；

On the client terminal device, upset the first original record finger URL with generate first upset record location symbol and Upset the second original record finger URL to generate the second record location symbol upset；

On the client terminal device, first segment encrypt and encrypted using second close using the first encryption key Key encrypts second segment；And

By first encrypted segments for the record location symbol upset with corresponding described first and have described second to upset Second encrypted segments of record location symbol store at least first into multiple storage locations.

2. the method as described in claim 1, wherein decomposing first data object by application decomposition function.

3. method according to claim 2 further includes being based at least partially on one or more variable storage parameter selections The analytic function.

4. method as claimed in claim 3, wherein one or more of variable storage parameters include in the following terms extremely It is one few: user name, user's pass phrases, current safety model, the type of first data object, first data pair The size of elephant, one or more safety requirements, and one or more performance requirements.

5. method according to claim 2 further includes changing one or more of variable in response to detecting triggering Store parameter.

6. method as claimed in claim 5, wherein the trigger packet includes the safety about one or more of the following terms Loophole: first data object, the second data object, described first in the multiple storage location and described more Second in a storage location.

7. the method as described in claim 1 further includes being based at least partially on the first original record finger URL to determine It first encryption key and is based at least partially on the second original record finger URL and determines second encryption key.

8. it is further true the method for claim 7, to be wherein at least based in part on one or more variable storage parameters Fixed first encryption key and second encryption key.

9. method according to claim 8, wherein one or more of variable storage parameters include in the following terms extremely It is one few: user name, user's pass phrases, current safety model, the type of first data object, first data pair The size of elephant, one or more safety requirements, and one or more performance requirements.

10. method according to claim 8 further includes changing one or more of variable in response to detecting triggering Store parameter.

11. method as claimed in claim 10, wherein the trigger packet includes the peace about one or more of the following terms Full loophole: first data object, the second data object, described first in the multiple storage location and described Second in multiple storage locations.

12. the method as described in claim 1 further includes carrying out encrypting it to first segment and second segment Before upset each of first segment and second segment.

13. the method as described in claim 1, wherein using first encryption key by second encryption key to institute It states the first segment to be encrypted, second segment is added by third encryption key using second encryption key It is close, and encrypted using third segment of the third encryption key to first data object.

14. the method as described in claim 1, wherein upsetting the first original record finger URL and second original record Each of finger URL includes:

Change each of the first original record finger URL and the second original record finger URL；And

Function will be upset applied to each of the first original record finger URL and the second original record finger URL.

15. method as claimed in claim 14 is wherein at least based in part on one or more variable storage parameters and upsets institute State each of the first original record finger URL and the second original record finger URL.

16. method as claimed in claim 15, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

17. method as claimed in claim 15, further include in response to detect triggering and change it is one or more of can Become storage parameter.

18. method as claimed in claim 27, wherein the trigger packet includes the peace about one or more of the following terms Full loophole: first data object, the second data object, described first in the multiple storage location and described Second in multiple storage locations.

19. the method as described in claim 1 further includes being based at least partially on one or more variable storage parameters to know At least described first in not the multiple storage location is accorded with storing the record location for having corresponding described first to upset First encrypted segments and with described second upset record location symbol second encrypted segments.

20. method as claimed in claim 19, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

21. method as claimed in claim 19, further include in response to detect triggering and change it is one or more of can Become storage parameter.

22. the method as described in claim 1 further includes generating datagram, the datagram includes one in the following terms A or multiple: the index of the sequence of first segment and second segment of first data object, described first add The record location symbol that key and second encryption key, the described first record location symbol upset and described second are upset, And at least described first in the multiple storage location.

23. method as claimed in claim 22 further includes the number that the encryption is encrypted and stored to the datagram According to figure.

24. method as claimed in claim 22 further includes being based at least partially on one or variable storage parameter change institute State the content of datagram.

25. method as claimed in claim 24, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

26. a kind of system for storing the first data object comprising:

Multiple storage locations；

Security platform including one or more processors；

Client terminal device including one or more processors, one or more of processors are configured to:

By first data object be decomposed into the first segment associated with the first original record finger URL and with it is second original Record location accords with associated second segment；

Upset the first original record finger URL with generate first upset record location symbol and upset the described second original note Record finger URL is to generate the second record location symbol upset；

Using the first encryption key to first segment carry out encrypt and using the second encryption key to second segment into Row encryption；And

By first encrypted segments for the record location symbol upset with corresponding described first and have described second to upset Second encrypted segments of record location symbol store at least first into the multiple storage location.

27. system as claimed in claim 26, wherein in order to decompose first data object, one or more of processing Device is configured to apply analytic function.

28. system as claimed in claim 27, wherein one or more of processors are further configured at least partly Ground can be changed analytic function described in storage parameter selection based on one or more.

29. system as claimed in claim 28, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

30. system as claimed in claim 27, wherein one or more of processors are further configured in response to inspection It measures triggering and changes one or more of variable storage parameters.

31. system as claimed in claim 30, wherein the trigger packet includes the peace about one or more of the following terms Full loophole: first data object, the second data object, described first in the multiple storage location and described Second in multiple storage locations.

32. system as claimed in claim 26, wherein one or more of processors are further configured at least partly Ground determines first encryption key based on the first original record finger URL and to be based at least partially on described second original Record location symbol determines second encryption key.

33. system as claimed in claim 32, wherein one or more of processors are configured to further at least partly Ground can be changed storage parameter based on one or more and determine first encryption key and second encryption key.

34. system as claimed in claim 33, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

35. system as claimed in claim 33, wherein one or more of processors are further configured in response to inspection It measures triggering and changes one or more of variable storage parameters.

36. system as claimed in claim 35, wherein the trigger packet includes the peace about one or more of the following terms Full loophole: first data object, the second data object, described first in the multiple storage location and described Second in multiple storage locations.

37. system as claimed in claim 26, wherein one or more of processors are further configured to described First segment and second segment upset each of first segment and second segment before being encrypted.

38. system as claimed in claim 26, wherein passing through second encryption key pair using first encryption key First segment is encrypted, and is added by third encryption key to second segment using second encryption key It is close, and encrypted using third segment of the third encryption key to first data object.

39. system as claimed in claim 26, wherein in order to upset the first original record finger URL and second original Each of beginning record location symbol, one or more of processors are configured to:

Change each of the first original record finger URL and the second original record finger URL；And

Function will be upset applied to each of the first original record finger URL and the second original record finger URL.

40. system as claimed in claim 39, wherein one or more of processors are further configured at least partly Ground can be changed storage parameter based on one or more and upset the first original record finger URL and second original record positioning Each of symbol.

41. system as claimed in claim 40, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

42. system as claimed in claim 50, wherein one or more of processors are further configured in response to inspection It measures triggering and changes one or more of variable storage parameters.

43. system as claimed in claim 42, wherein the trigger packet includes the peace about one or more of the following terms Full loophole: first data object, the second data object, described first in the multiple storage location and described Second in multiple storage locations.

44. system as claimed in claim 26, wherein one or more of processors are further configured at least partly Ground can be changed storage parameter based on one or more to identify at least described first in the multiple storage location to store tool The record for having first encrypted segments of the corresponding described first record location symbol upset and upsetting with described second is fixed Second encrypted segments of position symbol.

45. system as claimed in claim 44, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

46. system as claimed in claim 44, wherein one or more of processors are further configured in response to inspection It measures triggering and changes one or more of variable storage parameters.

47. system as claimed in claim 26, wherein one or more of processors are further configured to generate data Figure, the datagram includes one or more of the following terms: first segment of first data object and described The record that the index of the sequence of second segment, first encryption key and second encryption key, described first are upset is fixed Position symbol and described second upset record location symbol and the multiple storage location at least described first.

48. system as claimed in claim 47, wherein one or more of processors are further configured to the number The datagram of the encryption is encrypted and stored according to figure.

49. system as claimed in claim 47, wherein one or more of processors are further configured at least partly Ground is based on one or the content of datagram described in variable storage parameter change.

50. system as claimed in claim 49, wherein one or more of variable storage parameters include in the following terms At least one: user name, user's pass phrases, current safety model, the type of first data object, first data The size of object, one or more safety requirements, and one or more performance requirements.

51. a kind of method for retrieving data object comprising:

Datagram is retrieved, the datagram includes at least first part of information needed for retrieving and rebuilding the data object；

Execute one or more calculate dynamically to derive retrieval and rebuild the information needed for the data object at least Second part；And

From at least first retrieval data object in multiple data storage locations, and based on one in the following terms Or multiple reconstruction data objects: it is moved including the information in the datagram, and by one or more calculate The information derived to state.

52. method as claimed in claim 51, wherein retrieving and rebuilding the information needed for the data object includes institute State the index, close for the encryption that is encrypted to each of the multiple segment of the sequence of multiple segments of data object Key, the record location symbol upset associated with each of the multiple segment, and be stored in the multiple segment The multiple storage location of each at least described first.

53. method as claimed in claim 51 is laid equal stress on wherein executing one or more of calculating with dynamically deriving retrieval Build the part of the information needed for the data object being not included in the datagram.

54. method as claimed in claim 51, wherein one or more of calculating comprise determining that and are applied to the data Object is decomposed into the analytic function of multiple segments, determines that the record upset associated with each of the multiple segment is fixed Position symbol calculates and is used to the encryption key that is encrypted to each of the multiple segment, and identification be stored with it is described more At least described first in the multiple storage location of each of a segment.

55. method as claimed in claim 51, wherein the content for changing the datagram can change dynamically to derive inspection Rope and the range for rebuilding the calculating executed required for the second part of the information needed for the data object, and its Described in the content of datagram be to be changed based on one or more of the following terms: user name, user's pass phrases, Current safety model, the type of the data object, the size of the data object, one or more safety requirements, Yi Jiyi A or multiple performance requirements.

56. a kind of system for storing and managing voucher and encryption key comprising:

First data storage device and the second data storage device；

Client terminal device, the client terminal device are configured to transmit the use that retrieval is stored in first data storage device The request of user data；

Security key platform, the security key platform are configured to:

With the user data that is stored in first data storage device dividually in second data storage device Middle storage user credential and data storage device voucher；

The request for the user data that retrieval is stored in first data storage device is received from the client terminal device；

In response to retrieving the request of user data, from second data storage device retrieval and the client terminal device The associated user credential of user and data storage device voucher associated with first data storage device；

It is deposited using the user credential of the user of the client terminal device and the data of first data storage device It stores up voucher and retrieves user data from first data storage device；And

The user data is provided to the client terminal device.

57. the system as claimed in claim 1, wherein the security key platform is further configured to register the client Device, including stepped on by confirming and recording one or more of browser type, plug-in unit, hardware setting and geographical location Note.

58. system as claimed in claim 2, wherein the security key platform be further configured to by propose one or Multiple challenges and response to one or more of challenges is stored to register the client terminal device.

59. the system as claimed in claim 1, wherein the client terminal device is further configured to safety described in logon attempt Key platform, and wherein the security key platform is further configured to: retrieving the user credential and the data Storage device voucher, and retrieved and used from first data storage device using the user credential and data storage device voucher Before user data, the client terminal device is verified.

60. system as claimed in claim 4, wherein the security key platform is configured in response to visitor described in good authentication User credential described in family end device and automatically retrieval.

61. system as claimed in claim 4, wherein the security key platform is configured to based on one in the following terms Or multiple verify the client terminal device: the user name that is provided by the user, the password provided by the user, by described User provide to the response of at least one challenge, the browser type of the client terminal device, the client terminal device Plug-in unit, the hardware setting of the client terminal device, the geographical location of the client terminal device and the client terminal device just Attempt the address Internet protocol (IP) logged in therefrom.

62. the system as claimed in claim 1, wherein the user credential includes the first pass phrases.

63. system as claimed in claim 7, wherein the user data being stored in first data storage device is It is encrypted using first pass phrases.

64. system as claimed in claim 7, wherein first pass phrases control the access to the second pass phrases, and And the user data being wherein stored in first data storage device is added using second pass phrases Close.

65. the system as claimed in claim 1 further includes Security Object platform, the Security Object platform is configured to:

The user data is decomposed into multiple sections；And

The institute of the user data of the decomposition is stored across including multiple data storage devices of first data storage device State multiple sections.

66. a kind of method for the authenticated communication between device, which comprises

The communication for being used for data stream type transmission is established between first device and second device；

Establish shared key；

The shared key is exchanged between the first device and the second device；

Data set is encrypted using the shared key by the first device；

The data set is decrypted using the shared key by the second device；

Assessment key regenerates criterion to determine whether that the shared key should be regenerated；

In response to it is determined that regenerate the shared key,

New shared key is generated, and

Next data set is encrypted using the new shared key by the first device.

67. the method as described in claim 1, wherein the shared key of establishing includes:

Encryption Algorithm parameter and the seed for Encryption Algorithm are provided.

68. the method as described in claim 1, wherein it includes integrating a variety of key exchange sides that shared key is stated in the clearing house Method.

69. method as claimed in claim 3, further include:

Dynamically change at least one of the key exchange method and key exchange frequency.

70. method as claimed in claim 4, wherein performance requirement and peace based on the first device or the second device Full property threat level and dynamically change at least one of the key exchange method and key exchange frequency.

71. the method as described in claim 1, wherein assessment key regenerates criterion to determine whether that institute should be regenerated State shared key.

72. method as claimed in claim 6, wherein the newly-generated criterion of the key reconsul identifies possible Encryption Algorithm and is used for The special parameter of the Encryption Algorithm.

73. further including method as claimed in claim 6, that monitoring indicates when that the item of the shared key should be regenerated Part, until regenerating criterion until meeting key.

74. the method as described in claim 1, wherein the generation new shared key includes:

The new Encryption Algorithm parameter for being used for the shared key is provided.

75. the method as described in claim 1, further include:

By using security key and maximizing key specific rotation to provide high security for data sets.

76. a kind of system for the authenticated communication between device, the system comprises:

Communication interface；And

Processor, the processor are configured to:

The communication for being used for data stream type transmission is established between first device and second device；

Establish shared key；

The shared key is exchanged between the first device and the second device；

Data set is encrypted using the shared key by the first device, wherein the second device is using described total Data set described in key pair is enjoyed to be decrypted；

Assessment key regenerates criterion to determine whether that the shared key should be regenerated；

In response to it is determined that regenerate the shared key,

New shared key is generated, and

Next data set is encrypted using the new shared key by the first device.

77. system as claimed in claim 11, wherein the processor is further configured to by providing Encryption Algorithm ginseng It counts and establishes shared key for the seed of Encryption Algorithm.

78. system as claimed in claim 11, wherein the processor be further configured to wherein the processor into one Step is configured to integrate a variety of key exchange methods to exchange for the shared key.

79. system as claimed in claim 13, wherein the processor is further configured to:

Dynamically change at least one of the key exchange method and key exchange frequency.

80. system as claimed in claim 14, wherein the performance requirement based on the first device or the second device and Security threat grade and dynamically change the key exchange method and key exchange at least one of frequency.

81. system as claimed in claim 11, wherein the processor is further configured to:

Assessment key regenerates criterion to determine whether that the shared key should be regenerated.

82. system as claimed in claim 16, wherein the newly-generated criterion of the key reconsul identifies possible Encryption Algorithm and use In the special parameter of the Encryption Algorithm.

83. system as claimed in claim 16, the processor is further configured to:

Monitoring indicates when that the condition of the shared key should be regenerated, until regenerating criterion until meeting key.

84. system as claimed in claim 11, wherein the processor is further configured to:

New Encryption Algorithm parameter is provided to generate the shared key.

85. system as claimed in claim 11, further include:

The processor is further configured to:

By using security key and maximizing key specific rotation to provide high security for data sets.