EP3469512A1 - Systems and methods for secure storage of user information in a user profile - Google Patents
Systems and methods for secure storage of user information in a user profileInfo
- Publication number
- EP3469512A1 EP3469512A1 EP17813970.5A EP17813970A EP3469512A1 EP 3469512 A1 EP3469512 A1 EP 3469512A1 EP 17813970 A EP17813970 A EP 17813970A EP 3469512 A1 EP3469512 A1 EP 3469512A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- user
- key
- data object
- record locator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 160
- 239000012634 fragment Substances 0.000 claims abstract description 84
- 230000004044 response Effects 0.000 claims description 35
- 238000004891 communication Methods 0.000 claims description 18
- 230000008929 regeneration Effects 0.000 claims description 15
- 238000011069 regeneration method Methods 0.000 claims description 15
- 238000013500 data storage Methods 0.000 claims description 7
- 238000000354 decomposition reaction Methods 0.000 claims 5
- 238000012544 monitoring process Methods 0.000 claims 1
- 230000008569 process Effects 0.000 description 45
- 230000005540 biological transmission Effects 0.000 description 22
- 238000007726 management method Methods 0.000 description 21
- 150000001875 compounds Chemical class 0.000 description 14
- 230000014509 gene expression Effects 0.000 description 14
- 238000013459 approach Methods 0.000 description 13
- 230000036541 health Effects 0.000 description 13
- 230000008901 benefit Effects 0.000 description 11
- 241000287219 Serinus canaria Species 0.000 description 10
- 238000013507 mapping Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 230000000694 effects Effects 0.000 description 9
- 239000000047 product Substances 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 206010020751 Hypersensitivity Diseases 0.000 description 5
- 230000007815 allergy Effects 0.000 description 5
- 238000001514 detection method Methods 0.000 description 5
- 235000012907 honey Nutrition 0.000 description 5
- 230000010354 integration Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000001010 compromised effect Effects 0.000 description 3
- 239000000945 filler Substances 0.000 description 3
- 230000015654 memory Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 239000013589 supplement Substances 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 241000257303 Hymenoptera Species 0.000 description 2
- 241001441724 Tetraodontidae Species 0.000 description 2
- 241000700605 Viruses Species 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 235000013601 eggs Nutrition 0.000 description 2
- 238000013467 fragmentation Methods 0.000 description 2
- 238000006062 fragmentation reaction Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000033001 locomotion Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241000962514 Alosa chrysochloris Species 0.000 description 1
- 208000019901 Anxiety disease Diseases 0.000 description 1
- 241000282326 Felis catus Species 0.000 description 1
- 208000004262 Food Hypersensitivity Diseases 0.000 description 1
- 235000006679 Mentha X verticillata Nutrition 0.000 description 1
- 235000002899 Mentha suaveolens Nutrition 0.000 description 1
- 235000001636 Mentha x rotundifolia Nutrition 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 208000026935 allergic disease Diseases 0.000 description 1
- 230000000172 allergic effect Effects 0.000 description 1
- 230000036506 anxiety Effects 0.000 description 1
- 208000010668 atopic eczema Diseases 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000026058 directional locomotion Effects 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 229940079593 drug Drugs 0.000 description 1
- 239000003814 drug Substances 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000008713 feedback mechanism Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 235000013305 food Nutrition 0.000 description 1
- 235000020932 food allergy Nutrition 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002068 genetic effect Effects 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000002483 medication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000010187 selection method Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000001755 vocal effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Definitions
- Various embodiments described herein relate generally to the field of electronic management of information, and more particularly to secure storage and protection of user information in a user profile. Further, various embodiments described herein relate generally to the field of electronic data security and more particularly to the secure storage, management, and transmission of data, credentials and encryption keys at a client endpoint and during transmission.
- FIG. 1 illustrates one page of an Income and Expense Declaration that both petitioner and respondent must fill out in a California divorce proceeding.
- the amount and complexity of the information needed for a form such as this typically requires the person completing the form - such as the party to the divorce or an attorney - to spend a significant amount of time obtaining all of the needed information and even performing calculations of information to obtain the desired values.
- a user wishes to get a loan, such as a car loan or mortgage
- the organization providing the loan will often require the user to provide and update certain financial records and information organized in a certain format.
- data security mechanisms e.g., password protection, encryption scheme
- password protection e.g., password protection, encryption scheme
- encryption scheme e.g., password protection, encryption scheme
- Data that have been stored based on standard relational data models are particularly vulnerable to unauthorized access.
- Individual data records e.g., name, address, social security number, credit card number, and bank account number
- a common record locator indicating a logical nexus between the data records (e.g., associated with the same user).
- individual data records may each be associated with the same user identification number.
- unauthorized access to any one data record may expose sufficient information (i.e., the user identification number) to gain access to the remainder of the data records.
- the conventional login process is associated with a number of documented weaknesses.
- the login step is commonly considered a part of the user interface (UI) and a separate entity from the security bubble.
- UI user interface
- the problem is magnified in cases where in-house developers, having limited background in security, attempt to build custom login authentication and authorization systems. As such, a malicious user can potentially have access to other users' data once that user is successfully completes the login process.
- Symmetric encryption uses the same key for both encrypting and decrypting data through any number of algorithms such as AES, Blowfish, DES, and Skipjack and is typically faster than asymmetric encryption. It is often used for bulk data encryption and when high rates of data throughput are necessary.
- asymmetric encryption utilizes a pair of keys, public and private, where a public key is typically used to encrypt the data and the private key is used to decrypt the data.
- Asymmetric key algorithms can be 1000 times slower than symmetric key algorithms and therefore more commonly applied to key management or initial device authentication where there is not a continuous exchange of key pairs which would require enormous resource capability.
- Encryption keys are typically used to encrypt data or to encrypt other keys which are then used to encrypt data, the later commonly known as Key Encryption Keys (KEK).
- KEK Key Encryption Keys
- KMS Key management software
- a KMS may also provide backup and redundancy services to safeguard a copy of the keys in case of a catastrophic server failure.
- User uptime is maintained when a replacement KMS is spun up quickly since access to encrypted data will not be possible unless the KMS is constantly up.
- compound security keys are widely known and used in many scenarios. For example, a compound key for Alice and Bob to unlock a file affords them the ability to unlock the file but only if both of them unlock it in concert. Nether Bob or Alice can independently unlock the file. These compound keys are typically static and must be rewritten by an administrator when a change is required.
- Ransomware is software surreptitiously installed on a computer that executes an encryption algorithm applied to all files visible to that computer, including those on network connected drives and cloud folders. The intent is to make the affected files unusable unless the victim pays a ransom amount at which point a decryption key is provided.
- Another approach includes click-blocking software that prevents users from clicking on attachments in emails (the largest source of attacks).
- malware solutions that monitor unusual running processes that could be a sign that there is an infection.
- ransomware The most effective solution to protect against ransomware is to backup all files regularly ensuring that there are several days' worth of backups. There are a variety of products that run backups on an automatic schedule. However, many backup systems use a mounted drive for the backup. If the ransomware virus can see your files, it can see all of your drives including the one being used for backups. There are ways to protect the backup drive such as setting up proper access credentials and protocols. Being that ransomware is continually evolving and adapting, many of these solutions have been losing ground to the criminals.
- Data is traditionally encrypted while in any number of states. For example, an entire hard-drive may be encrypted for data-at-rest. In another example, data-in-motion may be encrypted as it travels through a secure https connection. Data in databases may also be encrypted using methods where data in individual fields are encrypted in place while preserving the original table format. Other ad-hoc scenarios include encrypting single desktop folders or mounted disk drives.
- the data to be encrypted is not organized into a format that is much different from their original footprint.
- the encrypted data merely replaces the original data in-place, or if replicated to other media, transferred to storage using a similar data and file hierarchy as the original data.
- the distribution and storage formats follow a rigid protocol imposed by the underlying algorithm thereby making it difficult to apply higher level capabilities and integration with existing legacy formats and/or third party solutions.
- Information pertaining to a user is obtained from one or more sources through electronic means, and the information is then classified into specific categories using field mapping and other techniques, after which it is organized into a user profile and securely stored in a database.
- the information that is collected and organized may include (but is not limited to) identification and contact information, financial information, health information, education and career information, family information, business information, lifestyle information, and historical information for any of the listed categories.
- the user profile may be encrypted and stored remotely in a cloud-based system at a remote server, with portions of the profile stored in separate locations with separate encryption to minimize the risk of unauthorized access to one portion of the information.
- the fields of data in the user profile may also be separately encrypted with separate encryption keys and separately stored in separate data stores, databases, or in separate database tables, to minimize the amount of information which could be disclosed by the unauthorized access to a single encryption key or a single database, or database table.
- a system for securely storing user information from a user profile comprises: a profile creation unit which creates a user profile of user information including a plurality of fields and a plurality of values for the plurality of fields; wherein the information in the user profile is separated into sections; and wherein the sections are separately stored in separate data stores, databases, or database tables.
- a method of securely storing user information from a user profile comprises the steps of: creating a user profile of user information including a plurality of fields and a plurality of values for the plurality of fields; separating the information in the user profile into separate sections; and storing the separate sections in separate data stores, databases or database tables.
- a system for storing a first data object comprising a plurality of storage locations; a secure platform comprising one or more processors; a client device comprising one or more processors, configured to: decompose the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscate the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypt the first fragment using a first encryption key and the second fragment using a second encryption key; and store, to at least a first of the plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated
- FIG. 1 is an image of an Income and Expense Declaration form used in a divorce proceeding.
- FIG. 2 is a block diagram illustrating a system for obtaining, classifying and populating personal information on electronic forms, in accordance with various aspect in accordance with various aspects of the present disclosure
- FIG. 3 is a diagram further illustrating the system for obtaining, classifying and populating personal information on electronic forms, in accordance with various aspects of the present disclosure
- FIG. 4 is an illustration of the operations involved in populating fields of a document, in accordance with various aspects of this disclosure
- FIG. 5 is a screen shot of a graphical user interface illustrating a browser extension for implementing the inventive system, in accordance with various aspects of the present disclosure
- FIG. 6 is an image of a database table listing field identifying numbers, field names and field values, in accordance with various aspects of the present disclosure
- FIG. 7 is an image of a database table of forms which are stored in the system for automatic completion, in accordance with various aspects of the present disclosure
- FIG. 8 is an image of a database table which lists field names and field values on each form document stored in the system, in accordance with various aspects of the present disclosure
- FIG. 9A is a screen shot of a graphical user interface illustrating a web interface for selecting a category of a document for prepopulating user information, in accordance with various aspects of the present disclosure
- FIG. 9B is a screen shot of a graphical user interface illustrating a web interface for selecting a specific document for prepopulating user information, in accordance with various aspects of the present disclosure
- FIG. 10A illustrates a graphical user interface of a form with a unique field name that can be automatically identified, stored in the system database, in accordance with various aspects of the present disclosure
- FIG. 10B illustrates a graphical user interface of the form of FIG. 10A with a value of the unique field stored in the system database populated into the field, in accordance with various aspects of the present disclosure
- FIG. 11 is an image of a database table which stores a field identifier, field name and field value for the unique field in the form illustrated in FIGS. 10A and 10B, in accordance with various aspects of the present disclosure
- FIG. 12 is a flow chart illustrating a method of obtaining, classifying and populating personal information onto an electronic form, in accordance with various aspects of the present disclosure
- FIG. 13 is a block diagram that illustrates an embodiment of a computer/server system upon which an embodiment in accordance with various aspects of the present disclosure may be implemented;
- FIG. 14 is a reproduction of FIG. 1 of U.S. Application No. 14/863,294, the disclosure of which application incorporated herein in its entirety by reference;
- FIG. 15 is a reproduction of FIG. 1 of U.S. Application No. 14/970,466, the disclosure of which application is incorporated herein in its entirety by reference;
- FIG. 16 is a reproduction of FIG. 1 of U.S. Provisional Application No.
- FIG. 17 is a reproduction of FIG. 4 of U.S. Provisional Application No.
- FIG. 18 is a flowchart illustrating a method for exchanging keys in accordance with various aspects of the present disclosure
- FIG. 19 is a sequence diagram illustrating an encrypted data transmission sequence in accordance with various aspects of the present disclosure.
- FIG. 20A is a flowchart illustrating a method for pre-slicing data to increase encryption speed in accordance with various aspects of the present disclosure
- FIG. 20B is a flowchart illustrating a method recombining a data file in accordance with various aspects of the present disclosure
- FIG. 21 is a flowchart illustrating a method for managing encryption keys in accordance with various aspects of the present disclosure
- FIG. 22 is a flowchart illustrating a method for evaluating a compound key in accordance with various aspects of the present disclosure
- FIG. 23 is a flowchart illustrating a method for restricting data access in accordance with various aspects of the present disclosure
- FIG. 24 is a flowchart illustrating a method for detecting and responding to hacking attacks in accordance with various aspects of the present disclosure
- FIG. 25 is a flowchart illustrating a method for detecting and responding to ransomware attacks in accordance with various aspects of the present disclosure
- FIG. 26 is a flowchart illustrating a method for enabling searching on encrypted data in accordance with various aspects of the present disclosure
- FIG. 27 is a flowchart illustrating a method for utilizing a virtual cryptological container for storing encrypted data in accordance with various aspects of the present disclosure.
- the embodiments described herein provide for the collection, organization and use of information for automatically completing, updating and submitting complex electronic documents and online forms, such as: online shopping checkout forms; applications for loans, credit cards, health insurance, college or jobs; government-mandated documents required for legal proceedings (such as divorce or bankruptcy); and forms required for or by businesses and business owners.
- Information is obtained from a plurality of different sources and classified through field mapping and other information classification techniques to build an organized database of information related to a user known as an information vault.
- the information is securely stored via encryption and disassociation techniques in one or more user data stores or databases to ensure the security of the information.
- a forms database is utilized for storing electronic forms and documents as well as the field information needed to complete the form or document.
- the user can access their information to automatically populate the fields of an online form or an electronic document by selecting a document from the forms database or by utilizing a browser plug-in to populate an online form being displayed in a web browser.
- the system may also be integrated with third party services and websites to populate information on the third party site via secure connections to the user databases, while allowing the user to retain the information in our highly secure database.
- the techniques described herein provide for the ability to quickly and accurately complete, update and submit any type of form on any type of computing device, as the user database builds a profile of the user that includes, for example, identification information, financial information, health information, contact information and historical user information that is classified with high accuracy to ensure that a form is populated with the correct information.
- the user retains full control of any downloading, transmission, editing or deleting of their information and only needs to enter and verify their information once rather than repeat the same process over and over again.
- the systems and methods described herein may be utilized by individuals, groups, entities, governments or businesses for various types of information collection, management and entry. Individual users may populate online forms on their desktop, tablet, smartphone, etc., and be able to instantly complete the form.
- the system may be offered as a mobile application running on a smartphone, tablet or other portable electronic device that would enable a user to complete forms or other documents. With the difficulty of inputting information using small display screens and touchscreen devices, the ability to easily populate information with a portable electronic device is particularly advantageous. Businesses may organize and store information to complete forms such as human resource forms, building permit forms, elevator license forms in various jurisdictions, etc.
- This solution is unique because once users enter their information once, the information is stored in their information vault, after which they can use it forever for supplying information or completing any forms that require the same repeat information.
- Non-limiting examples include new patient forms for health care, college admissions applications, scholarship applications, financial aid applications, loan applications, medical questionnaires, job applications, insurance forms, legal declaration or proceeding documents, government benefit or service requests, personal health records, ecommerce checkout forms, membership applications, etc.
- FIG. 2 illustrates one embodiment of a system 100 for obtaining, classifying and populating information onto electronic forms, in accordance with one embodiment of the invention.
- Information is obtained from one or more information sources 102a-c, such as existing forms 102a, third party application interfaces 102b or manual user entry 102c.
- the information is then transmitted to a communications interface 104, where it is then classified by a server 106 and stored in one or more data storage devices, location, or systems data stores 108 as a user profile of the user's information.
- the communications interface 104 can be in a local area network (LAN) with the information sources 102 or at a remote location from the information sources 102 through connection via the Internet or other wide area network (WAN).
- LAN local area network
- WAN wide area network
- the communications interface 104 will also include one or more information processing units within the server 106 to process the collected information, including a classification unit 106a, which classifies the information to identify fields applicable to the information and values for the fields; a profile creation unit 106b, which creates a user profile with the classified information; and an information populating unit 106c, which populates at least one form field of an electronic form or database by matching the at least one form field with the classified information.
- a field comparison unit 106d and a user activity collection unit 106e 104 can also be included, the functions of which will be described further below. Any of the aforementioned units 104 can be located within separate servers or within a single server, depending on the design of the overall system.
- the user can then request that one or more forms 112 be completed using the information in their profile.
- Any type of device can be used by the user, including a laptop computer 110a, desktop computer 110b, or a portable electronic device 110c such as a tablet or smartphone.
- the user can interact with the communications interface 104 through the device 110 to complete one or more forms 112a-c, such as an image viewer 112a, a form displayed in an internet-browser application 112b, or a form displayed via an application 112c running on the portable electronic device 110c.
- forms can also be displayed directly in a browser window via HTML5-CSS3 or via an application 112c interfacing with the server 106, or through one or more graphical user interfaces (GUIs) 114 produced by the server 106 that are displayed on the device 110c.
- GUIs graphical user interfaces
- the forms can be populated directly on the user's device, through a browser extension, add-on browser application, or via an application programming interface (API) interacting with a third party service or application.
- API application programming interface
- FIG. 3 is an illustration of a system diagram illustrating the security protocol of one configuration of the system.
- Users 116 can access the system via the various devices 110 described above, which are connected with the communications interface 104 via the Internet 118. Multiple types, locations, devices, servers, etc. can be used separated between various firewalls for increased protection of the user profile information to ensure privacy and security.
- Users can initially be presented with a GUI showing basic information that is considered the public-facing home site 104a of the communication interface 104, which is also protected by an initial firewall 120a.
- the initial firewall 120a can provide overall security for the system and allow access to the user interface and experience level (UI/UX) 104b of the interface.
- UI/UX experience level
- the UI/UX 104b includes a web and interface server 106f connected with a forms and applications output data store 108a.
- a second firewall 120b can protect a third section of the communications interface known as the data access layer 104c.
- the data access layer 104c can include business level logic application servers 106g connected with a data store server 106h, which can be configured to manage a secure client data element and historical archives data store 108b and a mapped input forms data store 108c.
- Separate ID and authentication servers 106i can also be enclosed within the data access layer 104c, which are connected with an identification data store server 106j, which can manage a secure client ID element data store 108d.
- FIG. 4 illustrates one embodiment of the steps of populating fields 402 of a form 404 by accessing information stored in the secure client ID element data store 108d and the secure client data element data store 108b through data store management software such as the information populating unit 106c where a separate client identification data store and client information data store are used to obtain the information needed to populate an electronic form.
- Information can be obtained from multiple different sources and in multiple different formats in order to obtain a complete set of information for a user.
- the user information can be obtained by having the user complete a "master form" specifically designed to collect information that many of the forms require in a variety of categories (i.e., loan applications, online shopping, college applications, divorce proceedings, etc.).
- the user information can also be collected from existing electronic or non-electronic records, such as financial institution databases, electronic health records, third party information aggregation services (such as Mint.com®), or by the user following simple instructions in the system's web-based user interface.
- the user may need to grant access to one or more of these existing electronic records so that the relevant information can be obtained, and the system can utilize specific Application Programming Interfaces (APIs) to communicate with the third party sites to obtain field and content information.
- APIs Application Programming Interfaces
- existing electronic records it is likely that the information is already classified within, e.g., a database, with specific field names or identifications such that substantial additional classification of the information is not needed; however, due to the complexity of many of the forms such as divorce filings and financial schedules, the system is able to overlay additional computations and reorganize the classifications so that they match the required output of the forms.
- the user may be able to scan or take a picture of the non-electronic document and have the fields and field values extracted through various technologies such as image processing and content extraction software.
- the information can be obtained when a user manually completes an electronic form or document.
- the application can include a browser extension 502 to allow for the form 112b, fields 504 and content 506 of the fields to be captured, extracted, organized, classified and uploaded to the user's database for future use on the same or other forms.
- the browser extension 502 can provide a popup menu 508 with a Copy Button 510 to copy fields to the user profile, as well as a Fill Fields Button 512 to populate data from the user profile to the form 112b.
- the information can be extracted and populated even for a complete form that spans numerous pages.
- Blank forms and documents and other user information can also be directly uploaded to the system, where the form or document and its fields can be captured, mapped and stored as templates.
- a credit card application form may be uploaded to the system and stored in the document library data store, with the form fields identified so they can be mapped to the corresponding user fields in the data store, either manually or using automatic mapping techniques.
- Completed forms and documents can also be directly uploaded to the system, where the form or document, the fields and content of the fields can be captured and extracted.
- a credit card statement or a mortgage statement can be uploaded to the system, where the fields and content in the fields can be extracted and stored in the user data store, although the document itself cannot be since it is not a form.
- a credit card application or a mortgage application is uploaded the document itself may be extracted and stored in addition to the fields and content to help the user and other users fill out the forms in the future.
- FIG. 6 illustrates one embodiment of a data store table 602 with the field information that is collected from a form that is input into the system. As information is sent from the form being worked on to the server, it gets stored in this table. When information is "pulled” from the server and applied to forms, it comes out of this table.
- the form can be a form such as that illustrated in FIG. 1 and can have been completed by the user such that the form fields have values already entered.
- each field 604 on the form is provided a unique numerical identifier 606 (customerFieldDefaults Id) to distinguish it from other fields. As shown in the right two columns, each field is also given a field name 608 (fieldName) and field value 610 (fieldValue).
- the field name may be the name encoded on the form itself which can be extracted from the form if it is on a website or an electronic form with field name metadata that has already identified the field name based on the programmer that created the original form.
- the field value (if available) will obviously correspond to the content of the field.
- the associations between field names and field values (known as name- value pairs) are important for classifying content and building the user profile.
- FIG. 7 illustrates a document library table 702, which stores a list of documents 704 that are stored in the system.
- the documents each are provided a document identification 706 (document ! d), document title 708, and path 710 to the document in an associated database.
- FIG. 8 illustrates a database table 802, which stores the field names 804 of each document in the document library table of FIG. 7. Note that there is an option to set a default value for each field. For example, this year's tax form may have a default filing year of 2013.
- the commonFieldName 806 is a human-readable version of fieldName 804 in the cases where fieldName is obscure or poorly named by the original form designer.
- commonFieldName 806 allows the system to quickly match the field with field names found in a typical customer's vault.
- the commonFieldName 806 provides for more reliable and deterministic mapping of fields with field names found in a user profile.
- FIGS. 10A and 10B are illustrations of an online form 1002 with a unique billing code field 1004 in the "Billing" section 1006, which requires the field value to be a unique 33 digit code. If the user has not previously entered the code into the system (which is unlikely given that it is a unique code for a particular form), the user will be required to manually enter the field value 1008 in the field 1004 when completing the form 1002 for the first time, as shown in FIG. 10B. The system will pull the information on the field 1004 (and the value 1008 entered by the user in that field) into the system and list those in a database table 1100, as illustrated by the table in FIG. 11. As shown in FIG.
- third party services and websites can provide information about forms and documents hosted on their own sites for storage on the system, such as the field names and other document or form-identifying information.
- the user can request that the third party service obtain the user's information from the user data store for populating into the form or document at the third party site.
- the third party service can then maintain their customized form or document on their website or application, and the user can ensure that the content populated into the form or document accurately corresponds to the content needed for each field since the third-party service provided the field information to the system.
- users are provided with additional security of the information, as the information is stored on the system data store rather than the third party service's data store, reducing the chance that the information could be stolen from the third party service or site.
- the third-party service can integrate the embodied system within their website or application so that information stored in the application or at a third-party server is shared with the system and used to complete forms and other documents. Similarly, the integration can provide for sharing of the user's information with the third- party site or application for completion of forms or documents at the third-party site.
- information sources may be used or envisioned, as would be apparent to one of skill in the art.
- the information sources are used to build a profile of each user by collecting information of the user from the various sources and compiling the information into an organized list of information that can be used to populate fields or supplement information of any type and on any form.
- the information obtained from the various information sources discussed above is used to build a user profile of an individual user, which ideally includes comprehensive information on the user's finances, contact information, health information and historical information.
- the user profile can include the user's name, birth date, age, current and past addresses, phone numbers, e-mail addresses, social security or government identification number, employment information (current and historical), salary, height, weight, race, bank account numbers, account balances, user names, passwords, education information, health risks, allergies, medications, etc. This list is by no means comprehensive.
- the user profile can also include information not directly related to the user, such as a name and phone number of an emergency contact person, family names and relationships, service provider contact information and notes, business contact information, business prospects, CRM, etc.
- the user profile can also store other metadata selected to the information or date to be stored.
- Access to the system can be provided by an application interface through software running on a computing device such as a desktop or laptop, or through an application running on a portable electronic device such as a tablet or smartphone. Additionally, the system can be accessible over a web-based application interface, where all of the user's information is securely stored, e.g., in a secure server facility in a cloud-based network.
- the information can be stored in at least two or three separate data store locations that are purposely decoupled in order to provide enhanced security by minimizing the risk of hacking into one of the data store locations.
- the data store can be divided into a document library data store, which, e.g., stores form and document templates, field information and other form properties; a customer personal vault data store, which, e.g., stores the information that includes the fields and field values for each specific user; a user identity data store which, e.g., Stores information relating to the user's identity (separately from other information for security reasons) and a customer orders and completed documents data store that stores previously-completed forms in terms of the fields and values that were completed.
- the information will likely be classified into distinct categories so that it can be accurately populated or supplemented into an appropriate field of a form. Furthermore, as will also be described below, the potential risk of theft of such a wealth of personal information is mitigated by specialized proprietary encryption and storage techniques to prevent the information from being stolen or from being useful even if it is stolen.
- Identifying which information belongs in which fields within a form is one of the most difficult challenges for populating forms. While many information fields contain names that easily and readily identify the value that belongs in that particular field, some names are ambiguously named, some fields have slightly differing names between different forms, some fields have identical names within the same document, and some fields have multiple values associated with the same field.
- a document library stores standard document templates that can be copied into a user's workspace and filled in on-demand.
- the document library would in this case store the document's fillable fields and possible default values in a "Fields" table.
- fields and values unique to each user are applied and mapped to blank documents. This set of unique user information will grow over time into a large vault of information.
- actual fields and values assigned to a document are filled in and saved by the user, such that the values are locked to a completed document.
- the section of the document in which each field appears can be used to identify whether the values for each field should be different.
- the system data store can therefore store a "field section" entry as a category in the data store for each field, so that fields with the same name can be disambiguated based on which section they are in.
- a field name may be completely random and provide no indication as to how it maps to another field or a particular field value.
- the field names may be coded for another system that reads the specific codes with a computer and a specialized numerical or letter key code.
- a "First Name" field may be named "fn0045586.”
- an additional "helper” attribute can be added to the field record called "commonFieldName.”
- the poorly named field can be manually translated to something that is easily mapped.
- the system can record the FieldName record as "fn0045586” and the “commonFieldName” as "First Name.”
- the commonFieldName When a user selects this document, our smart technology will recognize the commonFieldName and easily map that to one of the user's field names that best matches "First Name.”
- the system can be configured to provide a drop-down menu or other selection method where the user can select which value to input into the particular field.
- the field is populated with the most recently-used value or the most frequently- used value.
- different forms can have different ways to refer to the same user field name.
- a document can name a field one way while another document names the same field another way.
- a first document can have a field named "First Name,” while a second document may have a field named "fname,” and yet a third document has a field named "firstname" - all of which are referring to the same field and should contain the same value or content.
- a user FieldDefaults table in the system data store is provided with a "userFieldCollections" record that lists the various field names that are synonymous.
- the system can pre-set the "userFieldCollections" table with commonly-grouped field values. For example, “firstname” and “First Name” are stored into the table when the field called “firstname” is initially encountered. When a subsequent field called “First Name” in encountered, its value would have already been stored and easily located through the "userFieldCollections" table.
- a problem occurs when there are commonly labeled field names, for example a field name labeled "myFirstName” and another field (likely in a different form) labeled "customerFirstName.” Since these field names clearly correspond to the same information (a user's first name), in order to map "myFirstName” to "customerFirstName,” a machine learning classification library can be applied to learn from existing mapped fields from other users and then assign a recommended mapping between a user's field and a document's field.
- the system disassociates a user's identifiable information from their other information.
- the user's name, social security number, birthday, employer identification, etc. is stored in a separate data store from the user's other information, such as their credit card number, bank accounts, education, grades, etc.
- the identifiable information is additionally stored without any logical connection to other identifiable information of the same user, such that each identity information field is effectively stored on its own island within the data store.
- Each item of user information can furthermore be encrypted individually and then stored in a table anonymously with other information, without any indexing, organization or grouping of the table, so that the table is unable to provide any useful information about a user on its own.
- the encrypted information can only be decrypted with a key, and optionally in some cases, the key is individually generated for each separate item of information so that the key cannot be misused to unlock other items.
- the key is stored in a separate data store and can only be obtained when a user logs in with the correct password. Thus, by disassociating the information that makes up the user's identity, it is impossible to determine enough of a user's information to effectuate identity theft simply from accessing the database and the tables listed therein.
- a user's social security number (SSN) stored on its own and apart from other information is not useful for perpetuating identity theft.
- SSN social security number
- the system provides two highly-secure methods of protecting the information stored in the data store.
- three separate data store locations are used to obtain information, and each location can be connected to the network using a separate server, which can be behind a separate firewall.
- a first data store can be configured to store the user's username and password. If successful in entering the username and password, a secret key is generated, which will then be supplied to a second location, which is solely used to store secret keys for each user.
- a third location can maintain the actual information and must be unlocked with the secret key from the second location in order to be read through an encrypted mapping to re-associate the islands of information.
- This type of disassociation i.e., breaking up of the date into multiple pieces can, as described above, occur for each piece of information as well.
- each piece of information can be broken into sub pieces, each separately encrypted with a unique key and/or stored in separate locations, without logical connections to other sub pieces.
- the system can be configured, in one embodiment, to automatically classify and store any inputted information into the user's profile without requiring a specific indication from the user. Additionally, as user information will continue to be obtained during the user's normal activities, newly-input information will either act to update existing information or be added to a list of values for the same information field that the user can then select from when populating a form.
- the user's information can be stored in its own data store location known as the personal information vault, and therein within a table called "customerFieldDefaults.”
- the customerFieldDefaults table will usually contain the most current information for the user.
- existing user profile data can be analyzed to derive additional related information.
- the additional related information can be derived by performing comparisons or calculations of existing data, such as by analyzing financial data to determine a budget of regular income and expenses.
- the additional related information can be derived from external sources in order to provide the user with a more complete picture of certain aspects of their profile. For example, if a user enters a list of assets into their user profile that includes a vehicle year, make and model, the system can obtain an estimated value for the vehicle from an external data store or third party service. In another example, if the user enters the title of a collectable piece of artwork, the system can obtain additional information on the art, such as the artist, year produced and an estimated value. This information could be used to fill out an insurance application or a claim for the item in the event of a loss.
- the user activity collection unit 106e of FIG. 2 monitors user activity (such as information inputs, forms filled, etc.) when using the system and generates, collects and stores predetermined descriptive codes, based on their activity and information, into a separate data store locations.
- the codes may correspond to a user's current life status, demographic profile, preferences, financial balances, and other parameters that are associated with a user's account, but do not collect, disclose, or compromise their specific information. These codes can subsequently be used to determine targeted marketing and other strategies for that user for promoting third-party product and service offerings, which effectively better target their needs and desires for those products or services.
- the codes can also be provided with a confidence value relating to the likelihood that the code applies to the user based on factors relating to the type of form, the use of other related forms, etc.
- a user completing a college application can generate a code that relates to the likelihood that the user is about to enter college, which will then provide opportunities to market college-related products or services to the user. If the user completes a college application and a financial aid application, the confidence value relating to the code indicating that the user is about to enter college may jump higher. This can be used to present an advertisement to the user within the graphical user interface that is targeted to their life status, such as an ad for a college.
- the system can save a reference to the final version of the form within a specific data store location table known as the customerFieldContent.
- the form in its entirety is not stored at a single data store location. Rather, a reference to the form or a record locator is stored.
- the information stored in the form can be locked and will not be updated as other user information is updated, unless the user specifically accesses the previously-completed form, edits the form itself and creates a new version.
- the stored completed forms can be time and date stamped, to create a complete archive of the user's activities within the system.
- the user's information can be shared with other related parties that would like portions of their profiles to be shared. For example, spouses, children, parents, brothers and sisters and other family members can share similar information, such as addresses, telephone numbers, family history, etc. that will also be universally updated if one of the items is changed.
- This will provide convenience in avoiding entering repetitive information among family members and allow for global updates to shared information and allow family members to collaborate on an application, such as the FAFSA (Free Application for Federal Student Aid).
- the FAFSA application has certain sections for the Student to complete and other sections that Parents are required to complete.
- Another example is children applying for college can access shared family information that another sibling has already input into that sibling's user profile, such as addresses, parents' names, occupations, etc.
- an update to the home address by one family member can be updated or offered for updating across the other family members in the same group who also had an identical home address previously listed.
- various employees of a company could collaborate in order to complete the company's government or other filings or reports; in another example, a database of health records for one generation of a family could be transferred to a second generation to provide information to the second generation about potential genetic health information.
- information from each family/company member could be stored in a separate vault of the database, and the database would then form links between common information among the family/company members so that each member can maintain the privacy of their separate information.
- the user can select one of several methods. If the form or document is stored in the forms database at the system server, the user can select the form from a list of document categories 902 or specific documents 904, as illustrated in the attached graphical user interface of a web-based application interface 900 in FIG. 9A and 9B. In addition, the user can be able to search for the form using a search tool or browse through the categories 902 to find the form based on the type of form (financial, academic, health care, etc.).
- an application extension is provided for quick access to populate a form being viewed in an application window, as shown in the attached illustration of a graphical user interface of a browser extension drop-down menu in FIG. 5.
- the extension can be displayed as an icon, menu item, supplement or otherwise in the application menus or elsewhere, and upon selection of the icon, a window opens with options to populate information from the user's profile to the fields displayed in the application window.
- the application can be an Internet browser, a word processor, image viewer, spreadsheet or presentation software, although these examples, as all examples and embodiments herein, are not limited hereto.
- an application extension can also be used to extract information from or supplement a form, document or webpage being displayed in an application window. This extracted information can be uploaded to the user's personal information database.
- an application extension can also be used to display, and allow for modification of, user stored contact, CRM and/or contact related information related to form-fields recognized by the system while viewing a third party website such as on LinkedlnTM, FacebookTM or ZillowTM websites.
- a user is shown a pop-up or drop-down window while viewing one of their LinkedlnTM contacts which allows them to view, modify, or directly add unique and private information about that particular contact back into their personal user database, without necessarily sharing that information with LinkedlnTM or the other users of LinkedlnTM.
- the user is augmenting the Linkedln information with the user's personal notes on that contact, and securely storing that information for personal use in their information database.
- a user defined as operating a real-estate business is shown a pop-up or dropdown window while viewing a specific listing on Zillow.comTM which allows them to view, modify, or directly add unique and private information about that particular property back into their personal user database.
- This allows the real-estate business user to collect useful business information (e.g., the list of clients shown a particular property, listing details, showing schedules, etc.) which can enable them to be more effective in their business.
- a third-party service provider can also incorporate access to the system into their own application, such as a web-based application or a mobile application running on a portable electronic device.
- a website run by an academic institution can integrate access to the system into their application for applying for admission, such that upon loading the admissions application, the user can log in and then access their information to populate the admissions application directly through the website.
- an internet shopping website can integrate access to the system database so that when the user is ready to check out and purchase goods or services from the website, a button, link or authentication dialogue will be available for the user to select and then populate their information onto a payment screen.
- the integration with the third-party application can provide additional security to the user, as it can be configured so that the third-party service provider cannot view or store the user's information, and instead only requests it from the system database at checkout and then deletes it once the transaction is complete.
- the applications can be offered as standalone products or as web-based products and services.
- the application can be offered as a portable document format (PDF) filler application, where the application operates to populate information in a PDF document.
- PDF portable document format
- the PDF filler can be a web-based application or integrated as a browser extension, as has been previously discussed.
- the application can also be offered as a web-based form filler that is designed to complete forms and documents found online.
- the system can be offered as a mobile application running on a smartphone, tablet or other portable electronic device that would enable a user to complete forms or other documents. With the difficulty of inputting information using small display screens and touchscreen devices, the ability to easily populate information with a portable electronic device is particularly advantageous.
- a user visiting an urgent care or emergency room facility can be required to fill out several forms, and could instead be provided with a website to access the forms and utilize the inventive systems to populate the form fields and submit the form online.
- the mobile-based applications can be standalone or integrated into other mobile applications or native device applications.
- the system can be integrated with the camera of a portable electronic device, such that a user can take a picture of a blank form or document and utilize the system to populate the form fields before transmitting the completed document.
- a third party application can integrate with the system and the user profile to provide a partial or complete transfer of user profile data from the system to a third party user profile without requiring the user to view a form with the fields in the third party user profile.
- a third party service such as a social media service or an ecommerce service
- a user who signs up for a third party service can be asked to complete a user profile simply by requesting that their user profile generated on the system be transferred to the third party application and corresponding server and database.
- the user can only need to select an option to instantly transfer all of their user profile information to the third party user profile without needing to view the web-based form corresponding to the user profile.
- the instant transfer can be completed by having the third party application send a list of field names to the server, which will then access the database tables to identify the value or values corresponding to the matching field names stored in the user profile.
- the matching field values will then be transferred back to the third party application server and database to complete the third party user profile.
- the user can be provided with a form completion indicator which indicates how much of a form can be filled from the information in the user profile.
- the form completion indicator can be displayed alongside a list of possible forms that the user is selecting from, so that the user can determine which form is easiest to populate based on the form completion indicator.
- the indicator can be a symbol, color or even just a numerical value indicating the percentage of fields in the form which will be filled in from information stored in the user profile.
- the form completion indicator will be updated in real time and help the user select a form from the forms database or an online web form which is easiest to automatically populate and has few manual entries.
- the completion indicator can also provide the user with an indication of how much of a given category has been mapped or how much work is required to complete the unfilled fields.
- the system will populate any field for which it has information, certain fields can have no values or can have multiple values, in which case the field will not be automatically filled. In this situation, the user must take some action in order to populate the field.
- One embodiment for populating the form fields can be aided by voice, touch, gestures or an input device - or a combination of any of the three.
- the voice and touch input eliminates the need for any manual typing of any information being input into a form.
- Voice input can be utilized through a microphone on the computing device, while the touch and gesture inputs can be made through a touchscreen, touchpad, image capture device or motion capture device.
- the input device includes a mouse, stylus or other peripheral device connected with the computing device which permits a selection to be made on the graphical user interface.
- manual input of a value for a field can be completed by displaying a separate window, such as a pop-up or drop-down menu, with options for values that the user can speak, touch or select with the input device.
- the interaction can include one or more separate input types, such as touching the field on a touch screen to generate the window and then speaking the name of the desired value from a list of field values.
- Form input fields can also display windows with tips or annotations associated with the system database to assist users in completing a form.
- a touch input on the field will initiate an input via voice, while a "touch and hold" input will initiate the display of the separate window with multiple possible values.
- the need for manual input will arise whenever the user profile lacks a value for a field, or even when the system is designed to select a best-fit value from multiple possible values based on one or more criteria.
- the user can be provided with the option to manually input a value in a particular field if no value exists or in order to override the automatically filled value. For example, a user can list multiple different allergies in their user profile (i.e. eggs, bees and cats) such that a form field labeled "food allergies" can be too specific for the system to determine which value of the listed allergies should be automatically input.
- the system can use data from previous user entries by other users to determine that "eggs" is the most likely candidate.
- the user will then be provided with the option to select the field to generate the separate window and then select from the list of allergies in order to correct the selection - for example by adding "bees" or "honey” to the list if the user is allergic to food products made by honey.
- the user can be prompted to manually input a field value with a physical keyboard or touchscreen keyboard interface, through selecting a category to provide a list of options in one or more drill-down menus, or by simply speaking the desired value and letting voice recognition software interpret the voice command and input the appropriate value.
- the user can also be able to speak a partial keyword for the form field which will then display the separate window with possible values that include the partial keyword.
- a lookup algorithm can be provided to associate keywords with possible related values.
- one application for a touch and voice input would be the ability to touch a specific form field and then speak the value that should be input into the field.
- the user can first speak the name of the field if the system cannot identify the field name, which will cause the system to populate the value for the spoken field name from the user profile. If no field value exists for the field name, the user could also then speak the value for the field. If the value entered is a new value, the system will store the value in the user's profile for future use.
- a user filling out an automobile insurance claim and needing to enter a vehicle identification number can be able to touch the field box labeled "VIN” and then state "VIN number” or a similar command, after which the system database will populate the field with the stored VEST number.
- selecting a value to populate in one field can also populate values in related fields. For example, during an eCommerce checkout phase, an on-line merchant prompts the user to input a credit card by displaying a field with such name.
- CSV card security code
- a field has multiple possible values
- the user can be able to touch or speak the field name and then touch, speak or select with a mouse input one of the list of values that is displayed in a drop-down menu or the like.
- the user can speak the name of the section and then the name of the field in order to select a value for the specific field desired. Additional functionality includes the ability to touch or speak a form field and then search for values using keywords.
- the manual input of field values can also be made through specific types of movements in a device configured with a gyroscope or accelerometer which can detect directional movement and velocity.
- a user can be able to shake the device (such as a smartphone or tablet) in order to have the user interface find or populate certain fields. For example, the user can shake the device to populate a blank form, and a more specific gesture such as a vertical tilt will find a particular field name and provide the user with a window and several options for field values to populate into the field name (such as a credit card field name and a list of different credit cards which the user can select from for an electronic transaction).
- the user can be able to touch or speak each unmapped field name and then touch or speak one of the list of categories, sub-categories, and specific category database fields to associate with this form field to the database field.
- the system can also collect and associate multiple user mappings of form fields to database fields using machine intelligence algorithms and then store the associated field mappings with the form into the forms database, thereby providing for an accurately mapped new form for use by all users of the system.
- This embodiment allows for system users to independently add, and map, new forms that are not currently in the system for the benefit of all system users. Additionally, it allows for system users to independently map web-form-fields to the database category fields for web-forms that have not yet had their fields mapped (associated) in the system for the benefit of all system users.
- the system will denote the changed value and store the newly-input value in the system database, preferably in the information vault of the user's profile. The user can therefore update their profiles automatically while changing the information being input into a form.
- a method of obtaining, classifying and populating electronic forms is illustrated by the flow diagram in FIG. 12.
- the information is obtained from one or more sources of information, such as existing forms, third party APIs, etc.
- the information is then classified in step 204 to determine at least one field to which the information belongs to and to associate the information with the at least one field.
- the plurality of associated information is then aggregated into a user profile in step 206 and securely stored in one or more databases.
- the information in the user profile is matched with the form fields on the form and the information is populated onto the form in step 208.
- step 210 if the user manually enters values into any form fields, and these values are different from the user's information as currently stored in their secure database, then these new values will be saved into the user's secure database.
- the user's profile can be optionally updated to reflect the new value as being the default or primary value for the field.
- FIG. 13 is a block diagram that illustrates an embodiment of a computer/server system 1300 upon which an embodiment of the inventive methodology can be implemented.
- the system 1300 includes a computer/server platform 1301 including a processor 1302 and memory 1303 which operate to execute instructions, as known to one of skill in the art.
- the term computer-readable storage medium" as used herein refers to any tangible medium, such as a disk or semiconductor memory, that participates in providing instructions to processor 1302 for execution.
- the computer platform 1301 receives input from a plurality of input devices 1304, such as a keyboard, mouse, touch device or verbal command.
- the computer platform 1301 can additionally be connected to a removable storage device 1305, such as a portable hard drive, optical media (CD or DVD), disk media or any other tangible medium from which a computer can read executable code.
- the computer platform can further be connected to network resources 1306 which connect to the Internet or other components of a local public or private network.
- the network resources 1306 can provide instructions and information to the computer platform from a remote location on a network 1307.
- the connections to the network resources 1306 can be via wireless protocols, such as the 802.11 standards, Bluetooth® or cellular protocols, or via physical transmission media, such as cables or fiber optics.
- the network resources can include storage devices for storing information and executable instructions at a location separate from the computer platform 1301.
- the computer interacts with a display 1308 to output information to a user, as well as to request additional instructions and input from the user.
- the display 1308 can therefore further act as an input device 1304 for interacting with a user.
- the '294 Application describes systems and methods for secure high speed data storage, access, recovery and transmission that involves fragmenting, individually encrypting and dispersing of the data as described therein.
- data in a medical record can first be disassociated so that, e.g., the various fields are not logically related. Then the disassociated fields can be decomposed into sub- fields or parts (fragments). These sub-fields can then be obfuscated such that one cannot easily determine the contents of the sub-fields, even if they were to intercept or gain access to them. These sub-fields can then be individually encrypted, e.g., using a different encryption key for each sub field or fragment. The individually encrypted, sub fields can then be "sharded" and stored on different storage devices or locations.
- FIG. 14 is a reproduction of figure 1 of the '294 Application illustrates an example system on which the process described can be carried out. But as described, with referene to FIG. 14, the process generally occurs on secure platform 120 in response to a command or request initiated on client device, or endpoint 110. The secure platform 120 then stores the encrypted fragments on various storage devices or locations 140-170. While location 140 can be local or locally connected to device 140, the processes described in the '294 Application do not necessarily cover the link from endpoint 110 to platform 120.
- FIG. 15 is a reproduction of figure 1 of the '466 Application which illustrates a system for carrying out the diffracted data retrieval described therein.
- the diffracted data retrieval can involve storage device or location 140 which is local or locally connected to endpoint 110, the processes described therein generally do not apply to the link between endpoint 110 and servers 120 and 180.
- FIG. 16 is a reproduction of figure 1 the '097 Application which illustrates a system on which the processes described therein can be carried out.
- the secure storage and management of credentials and encryption keys can involve storage device or location 140 which is local or locally connected to endpoint 110, the processes described therein generally do not apply to the link between endpoint 110 and servers 120 and 180.
- the process described in the '294, '466, and '097 applications can be implemented at the edge, i.e., on client endpoint 110 as illustrated in FIGS. 14-16.
- an application can be loaded to device 110, such that data can be saved to and retrieved from different portions of local or locally connected storage device 140 as described in the Attachments or such that the data can be saved and stored to a plurality of storage devices 140-170.
- the user of device 110 creates a document, video, picture, etc., the user can invoke to the application to store the document or file.
- the communication channel does not need to be secured and an ordinary "open" connection can be used.
- a faster non-encrypted channel may be used.
- the data packets will contain secured fragments. This applies to all types of transmission, not just browser based: could be radio, FTP, Bluetooth, etc.
- the application can be presented as button in a toolbar or drop down menu such that when the user is in a document or file on their device 110 as illustrated in FIGS. 14- 16, they can simply press the button, icon, etc., in the associated application or in a web browser and the document can be stored accordingly.
- the document or file can then be shown on device 110 in a manner that indicates that it has been stored using the processes describe above and in the'294, '466, and/or '097 applications.
- the retrieval process described above and in the '294, '466, and/or '097 applications can automatically take place.
- the user can also select various dispersion preferences as to where all, or some of the fragments are stored.
- a right click on a file can be used to select the storage processes described.
- the application can automatically determine that a file should be stored using such processes.
- the default for all files, certain files, certain types of files, etc. can be set to use such processes.
- a user of device 110 as illustrated in FIGS. 14-16 will ultimately want to use some form of remote storage, often referred to as cloud storage to store at least some of the files created on device 110.
- An application(s) running on a server(s) associated with such a cloud storage service can be configured to perform the processes described in the '294, '466, and/or '097 applications in a manner similar to that described in, e.g., the '294 Application. But as noted above, the link between device 110 and such a server would not necessarily be secure; however, as described herein, the processes described can first be run on the content locally prior to transferring the data to the cloud, or an intermediate endpoint.
- the single-client to cloud is just one topology. For example, there could be a network of nodes all communicating with each other each using the systems and methods described to secure their data before transmission. Then the fragments can be stored in a dispersed manner on the cloud service. Thus, even if the data were to be intercepted in transit, it would be useless.
- the application can be configured such that it automatically performs the processes described when the user attempts to store or retrieve data from a cloud storage service. Moreover, the application can be configured such that a document or file at rest, i.e., no interaction with the document or file for a certain period of time, is detected and the processes described are then automatically run to protect the document. When the user then reengages with the document or file, the appropriate processes can be run to allow access to the document or file.
- the processes described can be performed locally on, e.g., a file, and then performed again as the file is being transferred to, e.g., the cloud and/or intermediate device.
- sharing and collaboration of documents stored using the processes described can enabled using the authentication and credential management processes described, e.g., in the '097 Application.
- certain individuals can be granted access, which would then be managed using the secure keys generated, e.g., based in the credentials assigned to those individuals.
- Another important benefit inures from the processes described when local storage is an unsecure storage device such as a USB drive.
- storing data to the device using the processes described can ensure that even if the data is accessed by the wrong individual or entity, it cannot be used.
- the local application configured to perform the processes described at the local level can reside on such a local storage device, e.g., a USB storage device.
- the local application can also be configured to provide protection of email attachments. Sending attachments via email is dangerous as attached documents can be intercepted and read by any hacker with enough knowledge.
- the processes described herein can be implemented with respect to such attachments in such a way as to protect them from being read by anyone other than the intended recipient.
- the local application does not interface with email traffic or encrypt the body of the email itself. Rather, a sender of an attachment with the local application can run the processes described on the document they intended to attach (thereby sending it to a public cloud server). The application can then generate an access link to that document. The access link can then be emailed to a recipient instead of the actual document. The recipient can then click on the access link they received to download and decrypt the original document. This of course can require that the recipient also have such a local application to allow the recipient device to retrieve the attachment according the processes described.
- a local application such as described above can also allow for a controlled sequenced "viewing" or “playback” of digital media (documents, books, audio, video, etc.) frames or sections.
- digital media documents, books, audio, video, etc.
- an authorized and authenticated subscriber, or user of a device 110 as illustrated in FIGS. 14-16 is only able to retrieve and view separate sequential frames or sections that have been transmitted to them as the media is being displayed (or played). Additionally, after the subscriber proceeds to the next frame or section, the previous played frames or sections are either auto re-stored using the processes described or permanently deleted. Therefore, at any one instance, only a minimal amount of digital media is decrypted and assembled for subscriber consumption thereby minimizing piracy or unauthorized consumption.
- the value is for more safely distributing digital media of all types, from consumer to top secret data.
- each section or frame can be transmitted at a time in a sequential technique to recompose the underlying fragments making up that section or frame.
- FIG. 17 is a block diagram illustrating wired or wireless system 550 according to various embodiments that can be used to implement the client device 110 as illustrated in FIGS. 14- 16. Accordingly, this system 550 will not be described here in detail.
- a new device such as an IoT device
- Various aspects of the present disclosure provide methods for integrating any number of key exchange methodologies, including the built-in key exchange process of the device, to facilitate this operation. This capability enables authenticated communications between two devices, for example, in the case of data streaming between those devices. Once communication is established between the two devices, the key exchange methodology and frequency of exchange may be dynamically varied based on performance requirements and in response to any number of conditions, for example, but not limited to, data security threat levels.
- An encryption engine may dynamically interoperate and layer with other key exchange solutions including private/public exchange, for example, but not limited to the Diffie-Hellman protocol used in TLS, between devices. Higher levels of security may be achieved by utilizing secure keys and maximizing the rate of key rotation for a given set of data.
- FIG. 18 is a flowchart illustrating a method 1800 for exchanging keys in accordance with various aspects of the present disclosure.
- each device for example, a first device and a second device, may establish a shared key.
- a first device and a second device may establish a shared key.
- more than two devices may be utilized without departing from the scope of the present disclosure.
- a dataset on the first device may be encrypted using the shared key and at block 1820 the first device may transmit the encrypted data to the second device.
- the second device may decrypt the dataset using the shared key.
- key regeneration criteria that indicate whether the keys should be regenerated may be determined.
- the key regeneration criteria may be evaluated for each data set.
- it may be determined whether the key regeneration criteria are met.
- conditions that indicate when keys should be regenerated may be monitored until the key regeneration criteria are met at block 1840.
- new encryption algorithm parameters for the next key may be generated and the method may continue at block 1810.
- the key regeneration criteria may identify possible encryption algorithms and specific parameters for the encryption algorithms.
- encrypted data may be transmitted with unique encryptions through multiple simultaneous client destinations including, but not limited to, streams, filesystems, and/or clouds.
- Encrypted data may be directed to any number of destinations such as a stream format decrypted to a video player, or as a set of fragments stored securely on a filesystem or cloud.
- the item to be encrypted can be in any number of data formats including, but not limited to, files (e.g., Word documents, photo files, virtual machine files, etc.), key-value pairs (e.g., simple strings such as JSON or other formats suitable to store form data, application settings and preferences), and streams (e.g., video or data feeds).
- each object may be disassembled into smaller fragments enabling a reduction in the total transmission time, T, for each object, in some cases enabling transmission times up to 8-15 times faster than conventionally available.
- Fragments of an object may be encrypted only once while increasing security by utilizing unique keys for each client. This approach may provide a performance advantage even while sending encrypted data to multiple client destinations. Each destination may have a unique decryption key to access the data. Multiple secure output streams to multiple destinations may be created while minimizing hardware resource demands. Fragmenting, encrypting, and transmitting data between computing devices can achieve low latency and full data encryption.
- the approach may be scaled to support multiple clients maintaining a unique secret key between each client and encrypting the manifest differently for each intended client.
- FIG. 19 is a sequence diagram illustrating an encrypted data transmission sequence 1900 in accordance with various aspects of the present disclosure.
- client software running on each client 1902, 1903 communicates with the server 1901 and starts a key exchange process.
- the server 1901 reads a block of data, for example, one frame of a video stream, a sample of audio, etc., from a source which could be a file or data sensors including, but not limited to cameras, video, and/or audio sensors.
- the server 1901 disassembles the data creating data fragments.
- the server generates a manifest for each of the clients 1902, 1903 which contains, among other data, unique encryption keys for each of the data fragments.
- the server 1901 uses the key exchange information from each client 1902, 1903, to create a unique secret key for each client 1902, 1903.
- the server 1901 encrypts the manifests using the unique secret key for each client 1902, 1903.
- the server 1901 transmits the encrypted manifests to each of the clients 1902, 1903.
- the server 1901 encrypts the data fragments and at block 1945 transmits the encrypted data fragments to the intended clients 1902, 1903.
- the client software running on the clients 1902, 1903 awaits receipt of the manifest and decrypts the manifest using the unique secret key.
- each client 1902, 1903 acknowledges receipt of the manifest to the server 1901.
- each client 1902, 1903 listens for encrypted data fragments and decrypts each data fragment using data contained within the manifest.
- each client 1902, 1903 sends a secret key seed for the next manifest to the server 1901.
- the sequence of FIG. 19 may be repeated for each block of data read from a client. The data fragments may be received by the clients in any order and will be
- the server may repeat the sequence for the next block of data all beginning at block 1920. For each block of data the client will await the receipt of the corresponding manifest. If the server does not receive a manifest acknowledgment from the client, the server will withhold the next block of data until an acknowledgment is received or until a timeout interval has expired. If a client receives an incomplete or inaccurate manifest the server may be notified to resend the current manifest encrypted with a new secret key. If a client receives incomplete or inaccurate data fragments, the server may be notified to resend the current block of data.
- a preprocessor may pre-slice or break up a large file into smaller pieces prior to the fragmentation and encryption processes.
- a companion post processor may recombine the file subsequent to decryption and defragmentation.
- a speed advantage e.g. 5X-15 X
- breaking up a large file into smaller pieces prior to fragmentation and encryption and then recombining them after defragmentation and decryption can increase performance and permit processing of very large data objects on devices that have limited memory.
- FIG. 20A is a flowchart illustrating a method 2000 for pre-slicing data to increase encryption speed in accordance with various aspects of the present disclosure.
- data slicing criteria may be determined.
- a data object may be evaluated for slicing based on the determined slicing criteria.
- it may be determined whether the data object can be sliced.
- the server may break up or "slice" the data object into smaller pieces of data, and at block 2030 each data slice may be sent encryption.
- the server may disassemble each data slice into data fragments and the data fragments may be encrypted.
- the data may be disassociated and dispersed for storage in one or more storage locations.
- FIG. 20B is a flowchart illustrating a method 2050 for recombining a data file in accordance with various aspects of the present disclosure.
- encrypted data fragments may be decrypted.
- the decrypted data fragments may be defragmented and recombined into data slices.
- the slices may be recombined into the data object.
- the system may distribute keys to key stores residing within a local operating system.
- a device may not be able to access the remote user and key or similar license service.
- the remote service may be used to verify the user's license credentials such as username and password at the time of login.
- the client software may validate the user credentials locally by accessing the encrypted key store on the local device.
- the system may populate and manage this local key store as a backup for resiliency against network outages.
- the system may deliver key management (KM) software including all of the expected state of the art capabilities.
- KM key management
- the client software is running on a device such as a laptop or other network enabled computing device and the connection to the key management server is lost, the client software continues to encrypt/decrypt data on that device.
- the client software will generate a local key store on the operating device as a backup in case the remote key management server connection is lost.
- the local key store can be configured to maintain the specific keys or key encryption keys needed by the user including any additional user credentials required.
- the key store itself may be encrypted and only available to the authenticated user.
- FIG. 21 is a flowchart illustrating a method 2100 for managing encryption keys in accordance with various aspects of the present disclosure.
- it may be determined whether a connection to a key management server is available.
- a client may communicate with the key management server to access encryption keys.
- user and key technology may support compound keys using AND/OR Boolean logic.
- the system extends the concept of compound keys by introducing a dynamic expression to control the key's access requirements.
- a compound key can be defined using any number of sub keys.
- the integral sub keys should be all present and correct (Boolean AND), or at least one of the sub keys should be present and correct (Boolean OR).
- Boolean AND the integral sub keys
- Boolean OR There may be any combination of Boolean constructs used to define a valid key.
- a dynamic expression may be used to control a key's access requirements.
- Keys may have any combination of Boolean expressions to limit or control a key's capabilities.
- a key's access expression may be described as (Alice AND (Bob OR Carl)) and only allow Alice to unlock a file if done in concert with either Bob or Carl.
- Compound keys may also incorporate an unlimited variety of other conditionals, not just user names, including geo location, clock time, and hash checksums. For example, (Alice AND (Bob OR Carl) AND ACCESSTEVIE IS EQUAL BUSINESSHOURS) may add a restriction to business hours only.
- key access expressions may incorporate dynamic conditionals that may change based on external conditions for example, but not limited to whether security threat levels are high. For example, (Alice AND (Bob OR Carl) AND SECURITYLEVEL IS EQUAL (NORMAL OR LOW)) may only allow access when security conditions are at normal or low levels. These expressions allow highly responsive access controls to automatically keep data secure even as conditions change fast as during a hacker attack.
- Bob OR Carl Bob OR Carl
- SECURITYLEVEL IS EQUAL NVMAL OR LOW
- FIG. 22 is a flowchart illustrating a method 2200 for evaluating a compound key in accordance with various aspects of the present disclosure.
- the access expression may include any combination of Boolean expressions and/or external conditions.
- the access expression for the security key including any required external conditions, may be evaluated.
- it may be determined whether the access expression and/or external conditions are satisfied.
- the security key In response to determining that the access expression and/or external conditions are not met (2220-N), at block 2225 the security key may be rejected and data access may be denied.
- the access key may be accepted and data access permitted.
- encrypted data may include any number of access restrictions including but not limited to user roles, compound keys, geo location, time of access, length of time of access, order of access in relation to other keys.
- An otherwise valid user session may be restricted from accessing data when certain conditions are not satisfied. These conditions can be arbitrarily defined and assigned to any data item. For example, if a particular data item should only be accessed from users within a certain geographical region and at a certain time of day, the system will not allow the user to access this data file if those conditions are not met.
- the system may provide certain "canned" restriction types for convenience, but additional restrictions may be added.
- the system applies the access restrictions to the data element level. This approach can maximize flexibility where each data item, for example a social security number, could have its own set of access restrictions that could be different from another social security number.
- the access restrictions can be arbitrary and may be expressed as Boolean expressions and stored as metadata. All access restrictions are fragmented, encrypted, disassociated, and dispersed to prevent hackers from discovering or altering the restrictions.
- FIG. 23 is a flowchart illustrating a method 2300 for restricting data access in accordance with various aspects of the present disclosure.
- a request to access data may be initiated.
- access restrictions and/or conditions for accessing the data may be determined. Access restrictions/conditions may include, but are not limited to user roles, compound keys, geo location, time of access, length of time of access, order of access in relation to other keys.
- the access restrictions and/or conditions may be evaluated.
- access to the data may be denied.
- access to the data may be permitted.
- rapid detection technology supports "honey pot keys" which when used will trigger specified action for example, but not limited to, alerts, key rotation, etc.
- Honey Pot keys are exposed keys left for hackers and/or illicit software to find.
- Valid access keys and credentials are necessary for a user to properly access data protected by the system.
- the Rapid Detection algorithm triggers an exception event if an incorrect key is used to access any data.
- the keys may include "honey pot” keys which could be left for hackers to find and attempt to use as well as “duress keys” which are entered by legitimate users under force. Exception events caused by incorrect or false keys can be used to automatically rotate keys, shut out users, and alert security personnel.
- FIG. 24 is a flowchart illustrating a method 2400 for detecting and responding to hacking attacks in accordance with various aspects of the present disclosure.
- a data access request may be initiated and received by the system.
- an access key provided with the data access request may be validated. For example, a rapid detection algorithm may be applied to the access key.
- it may be determined whether the access key is valid for the requested data. In response to determining that the access key is valid (2430-Y), at block 2440, access to the requested data may be granted.
- a response protocol may be initiated.
- the response protocol may cause the user that initiated the data access request to be logged out completely, may deny access only to the requested data item, or may allow access to only a limited set of data.
- the protocol may notify system administrators of the access attempt with an invalid access key and/or rotate encryption keys and/or shutdown the system.
- anti-ransom encryption protection may include "canary files" used by the system to determine if a system has been unexpectedly altered before data is operated on, for example to create a backup archive.
- the system makes the assumption that a ransomware attack will happen and accordingly makes regular backups for recovery.
- damaged files infected by a ransomware virus should not be backed up.
- canary files which are small files scattered throughout the user's hard drive, are used. If any of these canary files are missing or altered, it is an indication that the drive has been compromised.
- the system Before performing a backup, the system will check for the canary files, thereby preventing a backup of an infected drive (and potential overwrite of the last good backup). To recover from an attack, the last good archive can be decrypted to replace the contents of the infected hard drive.
- FIG. 25 is a flowchart illustrating a method 2500 for detecting and responding to ransomware attacks in accordance with various aspects of the present disclosure.
- the system may install one or more canary files. For example, small known files may be scattered throughout the disk drive.
- a status check of the disk drive may be performed by verifying whether the canary files are valid. For example, the installed canary files may be compared with the expected number and content of the canary files.. A missing or altered canary file may be an indication that the disk drive has been compromised.
- the system may determine if any of the canary files are missing or altered.
- the disk drive contents may be encrypted and backed up to another to another disk drive.
- backup of the disk drive may be postponed. Postponing disk drive backup prevents overriding a last known good copy of the disk drive contents.
- an alert may be triggered to notify administrators of the infected disk drive.
- the disk drive contents may be restored from a previously backed up version.
- FIG. 26 is a flowchart illustrating a method 2600 for enabling searching on encrypted data in accordance with various aspects of the present disclosure.
- data is stored on a disk in the system.
- the data may be checked to determine whether the data should be searchable.
- the system may encrypt and backup the disk contents.
- the system may add accelerated access records (AARs) to to a remote server drive on the system.
- AARs accelerated access records
- the AARs may be accessed to search for encrypted content.
- VCC Virtual Cryptological Container
- the VCC may be configured such that it exists entirely on a single drive or on multiple drives across multiple data centers and formats.
- the flexibility of this approach stems from the ability of the system to virtualize storage such that applications do not care how or where the encrypted data is being stored. Applications only to interact with the system for sending data to encrypt and for retrieving that data to decrypt.
- the system may manage one or more storage locations. Some benefits of this approach may include: • A VCC may exist wholly within a single hard drive making it easy to transport safely to another hard drive. For example, a VCC can be placed on a USB stick and remain fully encrypted until such time the system is used to access that VCC.
- a VCC may have markers that restrict its use under certain circumstances. For example, a VCC can be encoded to work only when located on a specific drive or hardware MAC Address or some other signature ID. the VCC can be restricted to work only when accessed from a specific geo location or a certainly time of day or date. The system will not be able to encrypt or decrypt data unless these VCC conditions are met.
- a VCC eliminates an application needing to know what the underlying storage media is and what the specific API is for that media.
- cloud data stores such as Amazon S3 and MS Azure that all have unique APIs that must be integrated into the application before those services can be utilized.
- the system may provide a single API to all those storage options including direct on- device storage.
- VCC virtualized co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative co-proliferative
- a VCC may be periodically duplicated and stored off-device as backup.
- the system may be configured to replicate each storage request in real time to a parallel VCC.
- the underlying data stores e.g., Amazon S3 Cloud
- FIG. 27 is a flowchart illustrating a method 2700 for utilizing a virtual cryptological container for storing encrypted data in accordance with various aspects of the present disclosure.
- a setup configuration file including a pathname to each of the available storage locations may be specified.
- the storage locations may be on a hard disk drive on the device, may mounted drives in a LAN or across a WAN to remote cloud service endpoints, or may be a combination thereof.
- the setup configuration file may also specify other system options.
- the system may be launched, and at block 2740 a VCC may be established.
- the system may read the setup configuration file and establish the VCC for subsequent access.
- the system may be accessed to encrypt or decrypt data.
- an application that needs to encrypt or decrypt data may make an API call to the system.
- the data may be encrypted or decrypted via a VCC as requested by the application.
- the system may execute the application's request by encrypting and storing the data in the VCC or retrieving and decrypting data stored in the VCC.
- the system may include a security engine having an ability to adapt to regulatory restrictions.
- the system may be configured with non-export restricted AES-128 or lower ciphers.
- the system may be configured to utilize FIPS 140-2 libraries or an external encryption hardware appliance.
- the system is not tied to any encryption cipher and therefore adapts and grows with user needs and requirements. For example, for users in countries where strong crypto libraries cannot be exported to the system may be configured with libraries permitted under US export law.
- the system may operate as a centralized server or encryption appliance as well as having an ability to run on an endpoint device to protect data upon capture.
- the data fragments may have tamper detection upon being received to eliminate possibility of hacker changing data in transit.
- the system authenticates individual fragments as they are being received. Several methods may be used to perform this authentication including but not limited to GCM based AES-256 encryption. Fragments that fail this authentication are identified as tampered and will be rejected. Depending on configuration, FHOOSH will respond in a variety of ways such as key rotation, connection termination or by resending the fragment.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201662349567P | 2016-06-13 | 2016-06-13 | |
US201662350646P | 2016-06-15 | 2016-06-15 | |
PCT/US2017/037328 WO2017218590A1 (en) | 2016-06-13 | 2017-06-13 | Systems and methods for secure storage of user information in a user profile |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3469512A1 true EP3469512A1 (en) | 2019-04-17 |
EP3469512A4 EP3469512A4 (en) | 2019-12-04 |
Family
ID=60664621
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP17813970.5A Withdrawn EP3469512A4 (en) | 2016-06-13 | 2017-06-13 | Systems and methods for secure storage of user information in a user profile |
Country Status (9)
Country | Link |
---|---|
EP (1) | EP3469512A4 (en) |
JP (1) | JP2019521537A (en) |
KR (1) | KR20190029509A (en) |
CN (1) | CN109154969A (en) |
AU (1) | AU2017283544A1 (en) |
CA (1) | CA3020743A1 (en) |
PH (1) | PH12018502160A1 (en) |
SG (1) | SG11201808929PA (en) |
WO (1) | WO2017218590A1 (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109726563B (en) | 2017-10-31 | 2020-11-03 | 创新先进技术有限公司 | Data statistics method, device and equipment |
CN110378132A (en) * | 2019-06-20 | 2019-10-25 | 深圳市掌握时代互联网应用科技有限公司 | A kind of user's real information encryption system of hunting for treasure based on logistic chaotic maps |
CN110958263B (en) * | 2019-12-13 | 2022-07-12 | 腾讯云计算(北京)有限责任公司 | Network attack detection method, device, equipment and storage medium |
CN111740954B (en) * | 2020-05-18 | 2021-05-11 | 北京索德电气工业有限公司 | Elevator main controller and elevator board card communication encryption method |
CN111865991B (en) * | 2020-07-23 | 2021-04-30 | 北京睿知图远科技有限公司 | Dynamic encryption and decryption method for data encryption center |
KR102274335B1 (en) * | 2020-11-16 | 2021-07-07 | 한화생명보험(주) | Method and apparatus for chat-based customer profile creation through multiple agents |
CN112905533B (en) * | 2021-02-05 | 2023-04-25 | 优车库网络科技发展(深圳)有限公司 | File submission management method, device, equipment and storage medium |
KR102679712B1 (en) * | 2021-10-12 | 2024-06-27 | 현은주 | System and method for providing customized sex education content information based on AI big data |
US12010218B2 (en) * | 2021-10-29 | 2024-06-11 | Google Llc | Managing data availability on encryption key status changes in replicated storage systems |
WO2023113772A1 (en) * | 2021-12-13 | 2023-06-22 | Hewlett-Packard Development Company, L.P. | Suspicious activity notifications via canary files |
US11899814B1 (en) | 2022-08-24 | 2024-02-13 | Arthur Hustad | Method and system for providing control over storage of and access to user data |
CN115168690B (en) * | 2022-09-06 | 2022-12-27 | 深圳市明源云科技有限公司 | Data query method and device based on browser plug-in, electronic equipment and medium |
CN115544994B (en) * | 2022-12-01 | 2023-05-05 | 爱集微咨询(厦门)有限公司 | Data pushing method, device, electronic equipment and readable storage medium |
CN117544622B (en) * | 2023-11-07 | 2024-06-21 | 翼健(上海)信息科技有限公司 | User-controllable privacy data authorization sharing method, system and medium |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6681017B1 (en) * | 1997-09-03 | 2004-01-20 | Lucent Technologies Inc. | Simplified secure shared key establishment and data delivery protocols for electronic commerce |
US7386878B2 (en) * | 2002-08-14 | 2008-06-10 | Microsoft Corporation | Authenticating peer-to-peer connections |
KR101088420B1 (en) * | 2004-02-13 | 2011-12-08 | 아이비아이 스마트 테크놀로지스 인코포레이티드 | Method and apparatus for cryptographically processing data |
JP2008103988A (en) | 2006-10-19 | 2008-05-01 | Fujitsu Ltd | Encryption communication system, device, method and program |
US8688986B2 (en) * | 2006-12-27 | 2014-04-01 | Intel Corporation | Method for exchanging strong encryption keys between devices using alternate input methods in wireless personal area networks (WPAN) |
US7769951B2 (en) * | 2007-04-10 | 2010-08-03 | Yahoo! Inc. | Intelligent caching of user data for real time communications |
JP4856743B2 (en) * | 2009-08-06 | 2012-01-18 | 株式会社バッファロー | Wireless communication apparatus, wireless communication system, and network apparatus |
US8996863B2 (en) * | 2010-12-03 | 2015-03-31 | Yacov Yacobi | Attribute-based access-controlled data-storage system |
US20120266217A1 (en) * | 2011-04-15 | 2012-10-18 | Skype Limited | Permitting Access To A Network |
US9639597B2 (en) * | 2012-10-30 | 2017-05-02 | FHOOSH, Inc. | Collecting and classifying user information into dynamically-updated user profiles |
ES2760627T3 (en) * | 2014-04-10 | 2020-05-14 | Atomizer Group Llc | Procedure and system to secure the data |
SG11201808317XA (en) * | 2014-09-23 | 2018-10-30 | Fhoosh Inc | Secure high speed data storage, access, recovery, and transmission |
-
2017
- 2017-06-13 CN CN201780030481.2A patent/CN109154969A/en active Pending
- 2017-06-13 WO PCT/US2017/037328 patent/WO2017218590A1/en unknown
- 2017-06-13 SG SG11201808929PA patent/SG11201808929PA/en unknown
- 2017-06-13 AU AU2017283544A patent/AU2017283544A1/en not_active Abandoned
- 2017-06-13 KR KR1020187032660A patent/KR20190029509A/en not_active Application Discontinuation
- 2017-06-13 JP JP2018553903A patent/JP2019521537A/en active Pending
- 2017-06-13 CA CA3020743A patent/CA3020743A1/en not_active Abandoned
- 2017-06-13 EP EP17813970.5A patent/EP3469512A4/en not_active Withdrawn
-
2018
- 2018-10-08 PH PH12018502160A patent/PH12018502160A1/en unknown
Also Published As
Publication number | Publication date |
---|---|
EP3469512A4 (en) | 2019-12-04 |
PH12018502160A1 (en) | 2019-07-15 |
CN109154969A (en) | 2019-01-04 |
AU2017283544A1 (en) | 2018-11-01 |
JP2019521537A (en) | 2019-07-25 |
WO2017218590A1 (en) | 2017-12-21 |
KR20190029509A (en) | 2019-03-20 |
SG11201808929PA (en) | 2018-11-29 |
CA3020743A1 (en) | 2017-12-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20170277773A1 (en) | Systems and methods for secure storage of user information in a user profile | |
US20170277774A1 (en) | Systems and methods for secure storage of user information in a user profile | |
US20170277775A1 (en) | Systems and methods for secure storage of user information in a user profile | |
US11120164B2 (en) | Cloud-based system for protecting sensitive information in shared content | |
EP3469512A1 (en) | Systems and methods for secure storage of user information in a user profile | |
US10769287B2 (en) | Forced data transformation policy | |
US20230010452A1 (en) | Zero-Knowledge Environment Based Networking Engine | |
US11637703B2 (en) | Zero-knowledge environment based social networking engine | |
US10666684B2 (en) | Security policies with probabilistic actions | |
US20190205317A1 (en) | Systems and methods for secure storage and retrieval of data objects | |
US9519696B1 (en) | Data transformation policies | |
US11941583B1 (en) | Intelligent employment-based blockchain | |
WO2019086553A1 (en) | Privacy management | |
US9898618B1 (en) | Securing a remote database | |
EP3298532A1 (en) | Encryption and decryption system and method | |
CN114026823A (en) | Computer system for processing anonymous data and method of operation thereof | |
US11157876B1 (en) | Intelligent employment-based blockchain | |
CN111756684A (en) | System and method for transmitting confidential data | |
WO2019173774A1 (en) | Systems and methods for secure storage and retrieval of data objects | |
WO2018232021A2 (en) | Systems and methods for secure storage of user information in a user profile | |
US11870805B2 (en) | Systems and methods that perform filtering, linking, and rendering | |
US20220222367A1 (en) | Data aggregation for analysis and secure storage | |
WO2023163960A1 (en) | Systems and methods of facilitating controlling access to data | |
WO2024157087A1 (en) | Systems and methods for managing and protecting data in computing networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20181011 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: UBIQ SECURITY, INC. |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: UBIQ SECURITY, INC. |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20191104 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/08 20060101ALI20191028BHEP Ipc: H04L 9/32 20060101ALI20191028BHEP Ipc: G06F 21/62 20130101AFI20191028BHEP Ipc: G06F 21/60 20130101ALI20191028BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20220104 |