WO2021028831A1 - Real time decryption system and method for its use - Google Patents

Real time decryption system and method for its use Download PDF

Info

Publication number
WO2021028831A1
WO2021028831A1 PCT/IB2020/057544 IB2020057544W WO2021028831A1 WO 2021028831 A1 WO2021028831 A1 WO 2021028831A1 IB 2020057544 W IB2020057544 W IB 2020057544W WO 2021028831 A1 WO2021028831 A1 WO 2021028831A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encryption
computer
server
decryption
Prior art date
Application number
PCT/IB2020/057544
Other languages
French (fr)
Inventor
Zeev Zohar
Original Assignee
Pi-Taa Technology Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pi-Taa Technology Ltd. filed Critical Pi-Taa Technology Ltd.
Publication of WO2021028831A1 publication Critical patent/WO2021028831A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present disclosed subject matter is directed to access to data, and encryption and decryption of data.
  • CRM customer relationship management
  • Embodiments of the disclosure are directed to methods and systems for decrypting encrypted data, for example, in real time, by limiting access to the decrypted data which displays on a computer (computer monitor), as well as encryption methods for data items using data strings, each string encrypted by an encryption algorithm.
  • Embodiments of the disclosure are directed to a data encryption method comprising a series of data strings, each string including START and END indicators where at least one data item is provided in each of the data strings; and, one additional data item is provided in one of the data strings of the series of data strings.
  • Embodiments of the disclosure are directed to a method for decrypting data in real time comprising: sending data, requested by a user computer to a decryption computer, for example, a decryption server; and, the decryption computer decrypting a portion of the data which is displayed on the user computer.
  • a decryption computer for example, a decryption server
  • Embodiments of the disclosure are directed to a data encryption method.
  • the data encryption method comprises: providing a plurality of data strings, each string including START and END indicators where at least one data item is provided in each of the data strings; and, providing at least one additional data item in one of the data strings of the plurality of data strings.
  • the data encryption method is such that the at least one data item includes one data item.
  • Embodiments of the disclosed subject matter are directed to a method for decrypting data.
  • the method comprises: providing a computer with at least one instruction to decrypt a portion of encrypted data received by the computer; receiving encrypted data from a system in an decryption device, the data encrypted data including at least one instruction associated with the encrypted data to decrypt a portion of the encrypted data; acquiring at least one key to decrypt the portion of the encrypted data in accordance with the instruction; and, decrypting the portion of the encrypted data in accordance with the instruction.
  • the method is such that the portion of the encrypted data which is decrypted includes the data displayed on a display associated with the computer.
  • the method is such that the at least one instruction is mapped to the decryption device.
  • the method is such that the least one instruction to decrypt a portion of encrypted data received by the computer resides in a browser extension of the computer.
  • the method is such that the decryption device includes an encryption and decryption server.
  • the method is such that the encryption and decryption server encrypts data which is provided as the encrypted data to the system.
  • the method is such that the at least one key to decrypt the encrypted data resides in the encryption and decryption server.
  • the method is such that the at least one key to decrypt the encrypted data resides in one or more key servers external to the encryption and decryption server.
  • the method is such that computer receives the encrypted data in response to a request to the system.
  • the method is such that the system computer includes a Customer Relations Management (CRM) server.
  • CRM Customer Relations Management
  • the method is such that the encryption and decryption server is generic to one or more CRM platforms running on the CRM server.
  • the method is such that the encryption and decryption server includes one or more servers.
  • the method is such that the decrypting the portion of the encrypted data in accordance with the at least one instruction is performed in real time.
  • the method is such that the encryption and decryption server encrypts data which is provided as the encrypted data to the system in real time.
  • Embodiments of the disclosed subject matter are directed to a data encryption method.
  • the method comprises: designating a plurality of X data items, where X is an integer; based on the X data items, creating X-l data strings, each of the X-l data strings including at least one of the X data items, and, at least one of the X-l data strings including at least one additional data items of the X data items; and, encrypting each of the X-l data strings by using an encryption algorithm.
  • the method is such that the encrypting each of the X-l data strings by using an encryption algorithm includes using at least one different encryption algorithm for at least one string which is different from the encryption algorithms used for each of the other data strings.
  • the method is such that the encrypting each of the X-l data strings by using an encryption algorithm includes using the same encryption algorithm for each of the data strings.
  • the method is such that the at least one of the X data items includes one data item.
  • the method is such that the at least one of the X-l data strings includes one data string.
  • the method is such that the at least one additional data items of the X data items includes one additional data item.
  • the method is such that the providing a plurality of data strings additionally comprises: providing each data string with START and END indicators where the at least one data item is provided in each of the data strings.
  • Embodiments of the disclosed subject matter are directed to a system for decrypting data.
  • the system comprises: at least one computer for encrypting and decrypting data, for example, in real time, and the at least one computer is configured for: 1) receiving at least one instruction associated with received encrypted data to decrypt a portion of the encrypted data, and, 2) decrypting a portion of the encrypted data, at the machine associated with the received encrypted data.
  • the system is such that the at least one instruction resides on a browser extension of the machine associated with the received encrypted data.
  • the system is such that the at least one instruction maps to the at least one computer for encrypting and decrypting data.
  • the system is such that the at least one instruction causes decryption of the portion of encrypted data displayed on a display associated with the machine.
  • the system is such that the machine includes a user computer (a computer associated with a user).
  • a user computer a computer associated with a user.
  • the system is such that the at least one computer for encrypting and decrypting data includes an encryption and decryption server.
  • the system is such that the at least one computer for encrypting and decrypting data includes at least one encryption server and at least one decryption server.
  • the system is such that the at least one computer for encrypting and decrypting data is additionally configured for encrypting data corresponding to the received encrypted data.
  • a “computer” includes machines, computers and computing or computer systems (for example, physically separate locations or devices), servers, computer and computerized devices, processors, processing systems, computing cores (for example, shared devices), and similar systems, workstations, modules and combinations of the aforementioned.
  • the aforementioned “computer” may be in various types, such as a personal computer (e.g., laptop, desktop, tablet computer), or any type of computing device, including mobile devices that can be readily transported from one location to another location (e.g., smartphone, personal digital assistant (PDA), mobile telephone or cellular telephone).
  • PDA personal digital assistant
  • a “server” is typically a remote computer or remote computer system, or computer program therein, in accordance with the “computer” defined above, that is accessible over a communications medium, such as a communications network or other computer network, including the Internet.
  • a “server” provides services to, or performs functions for, other computer programs (and their users), in the same or other computers.
  • a server may also include a virtual machine, a software based emulation of a computer.
  • FIG. 1 is an illustration of a system performing the disclosed subject matter in an environment
  • Fig. 2 is a block diagram of the look up table (LUT) of FIG. 1 ;
  • FIG. 3A is a diagram of a CRM customer entry, as stored in or otherwise associated with the CRM Server of FIG. 1 ;
  • FIG. 3B is a flow diagram of a process performed by the disclosed subject matter for encrypting data received by the system of FIG. 1 ;
  • FIG. 4 is a flow diagram of a process in accordance with the disclosed subject matter for the system of FIG. 1 ;
  • FIG. 5 is a flow diagram of another process in accordance with the disclosed subject matter for the system of FIG. 1 ;
  • FIG. 6 is a flow diagram of a process of accessing and receiving data by an affiliate the disclosed subject matter for the system of FIG. 1 ;
  • FIG. 7 is a flow diagram of a process of accessing and receiving data by an authorized brand server the disclosed subject matter for the system of FIG. 1;
  • FIGs. 8A and 8B are illustrations of systems performing the disclosed subject matter in an environment
  • FIG. 9 is a flow diagram of a process in accordance with the disclosed subject matter for the systems of FIGs. 8 A and 8B;
  • FIG. 10 is a flow diagram of another process in accordance with the disclosed subject matter for the systems of FIGs. 8A and 8B;
  • FIG. 11 is a flow diagram of a process of accessing and receiving data by an affiliate the disclosed subject matter for the systems of FIGs. 8A and 8B; and,
  • FIG. 12 is a flow diagram of a process of accessing and receiving data by an authorized brand server the disclosed subject matter for the system of FIGs. 8A and 8B.
  • aspects of the present disclosure may be embodied as a system, method or computer program product. Accordingly, aspects of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit,” “module” or “system.” Furthermore, aspects of the present disclosure may take the form of a computer program product embodied in one or more non-transitory computer readable (storage) medium(s) having computer readable program code embodied thereon.
  • FIG. 1 shows a system 100 of the disclosed subject matter as it operates in an example environment.
  • the system 100 includes a Customer Relationship Management (CRM) server 102, an enterprise network 104, and an Encryption/Decryption Server 106. Both the CRM Server 102, via the WAN 126, and the Enterprise Network 104 link to the Encryption/Decryption server 106.
  • the CRM Server 102 links to the Enterprise Network 104.
  • the Enterprise Network 104 is, for example, a local area network (LAN). "Finked” as used herein, includes both wired and/or wireless links, such that networks, computers, servers, components, devices and the like, are in electronic and/or data communications with each other, directly or indirectly.
  • LAN local area network
  • the Enterprise Network 104 is linked to a computer 122 of an enterprise user 123, who is an authorized user. This user 123 (and his computer 122) has with permission and/or privileges to obtain data from the CRM server 102.
  • the computer 122 and user 123 are representative of multiple computers/users associated with the enterprise and which are linked to the Enterprise Network 104.
  • the decrypted transmissions from the encryption/decryption server 106 are such that only the display on the computer, as displayed in real time, and, for example “on the fly”, is decrypted on the computer 122. By decrypting the portion of the received data which is being displayed, the encryption/decryption server 106 is performing partial decryption.
  • the enterprise network 104 is such that as shown, it includes a browser add-on or browser extension for the browser (e.g., browsing application) of each user computer 122, such that the browser is programmed to signal the Encryption/Decryption server 106 to decrypt a portion of the received encrypted date, for example, only what the browser displays on the screen (monitor or display) of the computer 122.
  • this decrypted screen display cannot be captured for screenshot images, storage, including placement into a file, copied, exported, and/or printed.
  • the decrypted screen display may be in colors and/or shades such that the characters and images of the screen display are only viewable in a clear and comprehensible manner, to the user 123.
  • the aforementioned privileges are such that the user 123 (and computer 122) map to the encryption/decryption server 106, such that data sent from the CRM server 102 to the computer 122 is typically partially decrypted, for example, only the data displayed on the monitor of the computer 122 is decrypted, and, for example, cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported.
  • This decryption of a portion of the received encrypted data is achieved as the browser add-on sends one or more instructions (which reside in the browser extension (for example, of the computer 122)) and these instructions are mapped to the encryption/decryption server 106, and associated with and/or sent with the encrypted data being sent to the encryption/decryption server 106 for decryption), as to the portion of the encrypted data to decrypt, as well as that the portion of the decrypted data is not to be: captured for screen shot images, stored, placed into files, copied, printed or exported; and, any other instructions including, for example, that a decrypted screen display may be in colors and/or shades such that the characters and images of the screen display are only viewable in a clear and comprehensible manner.
  • a four page document is rendered to the browser.
  • page 1 When page 1 is displayed on the computer monitor, only that page (page 1) is decrypted, and cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported. Pages 2, 3 and 4, which the user does not see, as they are not displayed, are not decrypted, and therefore remain encrypted, until a page is rendered by the browser to the display, e.g., computer 122 monitor.
  • Page 4 which is rendered by the browser to the computer monitor for display
  • this page is decrypted, and cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported, while Pages 1, 2, and 3, which the user does not see, as they are not displayed, are not decrypted, and therefore remain encrypted, until a page is rendered by the browser to the display, e.g., computer 122 monitor.
  • the CRM server 102 links to a wide area network (WAN) 126, such as a public network, including, for example, the Internet.
  • WAN wide area network
  • a computer 128 of an unauthorized user 129 which is attempting to access the CRM server 102, links to the WAN 126.
  • the computer 128 and user 129 are representative of multiple computers/unauthorized users attempting to access the CRM server 102 via the WAN 126.
  • the CRM server 102 may be, for example, part of a computer system or a system, the computer system or system, also linking to WAN 126.
  • the encryption/decryption server 106 has the ability to encrypt all communications from the enterprise network 104 and the affiliate (URL) server 130. This server 106 also holds all keys necessary to decrypt data, and includes a look up table (LUT) 107, where various information in the CRM server 102 is further encrypted or disguised. This information includes, for example, a customer name. For example, a company in the CRM server 102, for example, whose actual name is NEWCO Corporation may be listed in the LUT 107, under the characters “caangelsl987”, for example, as shown in FIG. 2.
  • the encryption/decryption server 106 also known as an encryption and decryption server, for example, functions as an encrypter or encryption device, and a decrypter or decryption device. While the encryption and decryption functions are shown provided by a single encryption/decryption server 106, the encryption/decryption server 106 may be multiple servers, including separate encryption and decryption servers.
  • An affiliate server 130 links to the Encryption/Decryption Server 106.
  • An affiliate computer 132 of an affiliate 133 representative of affiliates for the system 100, links to the affiliate server 130.
  • the affiliate server 130 when sending data from an affiliate 133 to the CRM server 102, sends it through the Encryption/Decryption server 106 to the CRM Server 102, so that the data is encrypted for storage in the CRM server.
  • the affiliate 133 when receiving data from the CRM server 102, receives a User Identification (ID) relating to the specific customer.
  • the affiliate server 130 for example, functions to open a dedicated application programming interface (API) for the affiliate 133 to provide access to the affiliate 133 to inject data into the CRM server 102, for example, under the name of the requisite brand.
  • API application programming interface
  • the privileges of the affiliate 133 are, for example, such that the affiliate 133 can only inject data (e.g., new data) into the system 100, e.g., the CRM server 102, e.g., via the encryption/decryption server 106, or add other data, but cannot delete any data from the system 100, including the data which it entered.
  • data e.g., new data
  • the affiliate 133 can only inject data (e.g., new data) into the system 100, e.g., the CRM server 102, e.g., via the encryption/decryption server 106, or add other data, but cannot delete any data from the system 100, including the data which it entered.
  • Each of the authorized brand servers 136a-136n has privileges, which function to allow injection of data into the CRM server 102, typically over a dedicated Internet Protocol (IP) link, for example, the information corresponding to the authorized brand.
  • IP Internet Protocol
  • Other privileges for the authorized brand servers 136a-136n may include, for example, querying data from the CRM Server 102, adding/updating/editing data (for the CRM server 102, as sent via the encryption/decryption server 106 for encryption, and then sent to the CRM Server 102 for storage, as per FIG. 3B).
  • FIG. 3A is a diagram showing how data is stored in the CRM Server 102.
  • Data for each customer, whose actual name is stored in the LUT 107, is stored as an entry 300 in a data base, storage media and the like, in four data strings 301, 302, 303, 304, as a group of strings.
  • Each of the strings 301-304 is 64 characters, with the characters being letters (which are typically case sensitive, but need not be as such), numbers, and special characters, for example, the character in any combination.
  • Each of the strings 301-304 is encrypted data, and encrypts at least one data item.
  • one of the strings 301-304 in the group of strings may encrypt plural data items, while the remaining strings encrypt one data item.
  • Each string 301-304 is, for example, encrypted and/or decrypted by one or more encryption/decryption algorithms.
  • the first string 301 may be encrypted by Algorithm 1, the second string 302 by Algorithm 3, the third string 303 by Algorithm 10, and the fourth string 304 by Algorithm 3.
  • Algorithms 1, 10 and 3 are different from each other. Accordingly, any encryption/decryption algorithm for each string 301-304 may be in any order, another aspect of cyber security. Also, the same algorithm may be used to encrypt all of the strings (of the group of strings).
  • the first string 301 holds name data (a data item), e.g., the customer’s name.
  • the second string 302 for example, holds postal/physical address data (a data item).
  • the third string 303 for example, holds email data (a data item).
  • the fourth string 304 for example, holds telephone number data (a data item).
  • the brand is stored.
  • the brand is stored in the first string 301 as encrypted, the brand being “Cool Candy” and stored by the encrypted characters “lussbemrj”.
  • each string 301-304 is a START and END, between which the relevant data (i.e., data item(s)) is stored.
  • FIG. 3B show a flow diagram detailing a computer- implemented process in accordance with embodiments of the disclosed subject matter. Reference is also made to elements shown in FIGs. 1-3 A.
  • the process and sub-processes of FIG. 3B are computerized processes performed by the system 100.
  • the aforementioned processes and sub processes can be, for example, performed manually, automatically, or a combination thereof, and, for example, in real time.
  • data including new data or additional/updated data is sent from affiliate servers 130, Authorized Brand Servers 136a- 136n, and other servers associated with the CRM server 102, and received by the Encryption/Decryption Server 106.
  • the process moves to block 314, where the received data is encrypted by the Encryption/Decryption server 106 using keys (e.g., encryption keys).
  • keys e.g., encryption keys
  • the encryption keys were collected from the Encryption/Decryption server 106.
  • the data is encrypted, for example, in accordance with FIG. 3A and its description above.
  • the process then moves to block 316, where the Encryption/Decryption Server 106 sends encrypted data to CRM Server 120, with instructions for storage based on the data being new data or additional/updated data.
  • FIGs. 4-7 data is encrypted, processed and stored, for example, in accordance with that disclosed in FIGs. 3 A and 3B.
  • FIGs. 4 and 5 show flow diagrams detailing computer-implemented processes in accordance with embodiments of the disclosed subject matter. Reference is also made to elements shown in FIGs. 1-3B.
  • the process and sub-processes of FIGs. 4 and 5 are computerized processes performed by the system 100.
  • the aforementioned processes and sub-processes can be, for example, performed manually, automatically, or a combination thereof, and, for example, in real time.
  • FIG. 4 is a flow diagram of a process where a user 123 of the Enterprise Network 104, an authorized user for the CRM server 102, seeks information from the CRM Server 102.
  • a request for information is received from the user 123 at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the requested data to the user computer 122, as encrypted data, at block 404.
  • the portion of the data being displayed in real time is sent from the user computer 122 to the Encryption/Decryption server 106, where it is decrypted, as the server 106 holds the decryption keys, at block 406.
  • the decryption keys were collected from the Encryption/Decryption server 106.
  • the LUT 107 is used to identify the name of the company.
  • the Encryption/Decryption server 106 returns the decrypted data to the user computer 122, as partially decrypted data for display, at block 408.
  • the decrypted data, which is displayed, is partially decrypted data, as only the data presented in the display (monitor) of the user computer 122, is decrypted, and this decrypted data, along with all other data sent by the CRM Server 102, to the user computer 122, cannot be captured for screen shot images, stored, placed into files, copied, printed or exported.
  • the process of FIG. 4 occurs typically in real time.
  • FIG. 5 is a flow diagram of a process where an unauthorized user 129, via his computer 128 seeks information from the CRM server 102.
  • a request for information is received from the user 129 at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the requested data to the unauthorized user 129 over the WAN 128, at block 504.
  • the data sent from the CRM Server 102 is encrypted, and the computer 128 cannot access the Encryption/Decryption server 106, the data remains encrypted, and the process ends at block 506.
  • the process of FIG. 5 occurs typically in real time.
  • FIG. 6 is a flow diagram of a process where an affiliate 133, represented by the affiliate computer 132 seeks information from the CRM Server 102.
  • a request for information is received from the affiliate computer 132, via the affiliate server 130, at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the Identifier (ID) corresponding to the requested data, to the affiliate computer 132, as encrypted data, at block 604.
  • the portion of the data being displayed in real time is sent from the affiliate computer 132 to the Encryption/Decryption server 106, where it is decrypted, as the server 106 holds the decryption keys, at block 606.
  • the decryption keys were collected from the Encryption/Decryption server 106.
  • the LUT 107 is used to identify the name of the company.
  • the Encryption/Decryption server 106 returns the decrypted ID data to the affiliate computer 132 for display, at block 608.
  • the decrypted data which is displayed cannot be copied, printed or exported.
  • the process ends at block 610, and may be repeated as desired by the affiliate 133.
  • the process of FIG. 6 occurs typically in real time.
  • FIG. 7 is a flow diagram of a process where a user at an authorized brand server, for example, server AB1 136a, an authorized user for the CRM server 102, seeks information from the CRM Server 102.
  • a request for information is received from the server 136a at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the requested data to the server 136a, as encrypted data, at block 704.
  • the portion of the data being displayed in real time is sent from the server 136a to the Encryption/Decryption server 106, where it is decrypted, as the server 106 holds the decryption keys, at block 706.
  • the decryption keys were collected from the Encryption/Decryption server 106.
  • the LUT 107 is used to identify the name of the company.
  • the Encryption/Decryption server 106 returns the decrypted data to the user computer 122 for display, at block 708.
  • the decrypted data which is displayed, cannot be copied, printed or exported.
  • the process ends at block 710, and may be repeated as desired.
  • the process of FIG. 7 occurs typically in real time.
  • FIGs. 8A and 8B show systems 800, 800’ whose operation, for example, is in accordance with the disclosed subject matter.
  • the system 800 of FIG. 8 A is an open system and includes a WAN 126 and LAN 104.
  • the system 800’ of FIG. 8B is a system based on a LAN 104, and as such is for a single authorized brand (AB), represented by the single authorized brand server 136.
  • AB authorized brand
  • These systems 800, 800’ include components similar to those of the system 100, and take the same element numbers and descriptions, as those for the system 100, described above, except where indicated.
  • These systems 800, 800’ are, for example, systems with decentralized encryption/decryption, as encryption/decryption keys, also known as “encryption/decryption key data” or “key data”, these terms used interchangeably herein, are stored, for example, in Key Servers (KS) 110a- 11 On (KSl-KSn).
  • KS Key Servers
  • KS Key Servers 110a- 11 On (KSl-KSn).
  • each key is, for example, located in a different key server llOa-llOn.
  • the actual number of keys for example, depends on the number of authorized brands (AB), each authorized brand, for example, represented by an authorized brand (AB) server 136a-136n.
  • Example keys include one or more of, master keys, brand or customer keys, and client keys, for example, as paired keys for encryption and decryption. For example, a brand or customer key is saved as encrypted using the master key. Also, for example, use of a brand or customer key requires that the brand or customer key first be decrypted using the master key.
  • the encryption/decryption server 106’ of the systems 800, 800’ is similar to the encryption/decryption server 106, and is in accordance therewith, as described above, except where indicated.
  • the encryption/decryption server 106’ has the ability to encrypt all communications from the enterprise network (LAN) 104, the affiliate server 130, the authorized brand servers 136a-136n, the WAN 126, and other servers in communication or otherwise linked to the encryption/decryption server 106’, and also decrypts data (e.g., encrypted data), for example, encrypted data received from the CRM server 102, and other entities (e.g., where permitted).
  • data e.g., encrypted data
  • the server 106’ includes a look up table (LUT) 107, where various information in the CRM server 102 is further encrypted or disguised. This information includes, for example, a customer name. For example, a company in the CRM server 102, for example, whose actual name is NEWCO Corporation may be listed in the LUT 107, under the characters “caangelsl987”, for example, as shown in FIG. 2.
  • the server 106’ communicates with the key servers 110a- 11 On to obtain the various keys necessary for encryption and decryption, but unlike the encryption/decryption server 106, does not store any keys (encryption or decryption keys).
  • the encryption/decryption server 106’ like the encryption/decryption server 106 (detailed above and shown in FIG. 1), is also known as an encryption and decryption server, and, for example, functions as an encrypter or encryption device, and a decrypter or decryption device. While the encryption and decryption functions are shown provided by a single encryption/decryption server 106’, the encryption/decryption server 106’ may be multiple servers, including separate encryption and decryption servers.
  • the enterprise network 104 is such that as shown, it includes a browser add-on for the browser (e.g., browsing application) of each user computer 122, such that the browser is programmed to signal the Encryption/Decryption server 106’ to decrypt only what the browser displays on the screen (monitor or display) of the computer 122.
  • this decrypted screen display cannot be captured for screenshot images, storage, including placement into a file, copied, exported, and/or printed.
  • the decrypted screen display may be in colors and/or shades such that the characters and images of the screen display are only viewable in a clear and comprehensible manner, to the user 123.
  • the aforementioned privileges are such that the user 123 (and computer 122) map to the encryption/decryption server 106’, such that data sent from the CRM server 102 to the computer 122 is typically partially decrypted, for example, only the data displayed on the monitor of the computer 122 is decrypted, and, for example, cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported.
  • Both systems 800, 800’ encrypt data in the Encryption/Decryption server 106’, process the encrypted data, and store the encrypted data in the CRM Server 102, as shown in FIGs. 3A and 3B, and as described for FIGs. 3 A and 3B above.
  • keys e.g., encryption keys
  • FIG. 3B keys (e.g., encryption keys) are obtained from key servers 1 lOa-110h, at block 314, and at block 315, the encryption keys were collected from the key servers 110a- 110h.
  • data is encrypted, processed and stored, for example, in accordance with that disclosed in FIGs. 3A and 3B.
  • FIGs. 9 and 10 show flow diagrams detailing computer-implemented processes in accordance with embodiments of the disclosed subject matter. Reference is also made to elements shown in FIGs. 8A and 8B.
  • the process and sub processes of FIGs. 9 and 10 are computerized processes performed by the systems 800, 800’.
  • the aforementioned processes and sub-processes can be, for example, performed manually, automatically, or a combination thereof, and, for example, in real time.
  • FIG. 9 is a flow diagram of a process where a user 123 of the Enterprise Network 104, an authorized user for the CRM server 102, seeks information from the CRM Server 102.
  • a request for information is received from the user 123 at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the requested data to the user computer 122, as encrypted data, at block 904.
  • the portion of the data being displayed in real time is sent from the user computer 122 to the Encryption/Decryption server 106’, where it is decrypted, from keys received from one or more of the key servers 110a- 11 On.
  • the decryption keys were collected from the key server(s) 1 lOa-110h.
  • the LUT 107 is used to identify the name of the company.
  • the Encryption/Decryption server 106’ returns the decrypted data to the user computer 122, as partially decrypted data for display, at block 908.
  • the decrypted data, which is displayed, is partially decrypted data, as only the data presented in the display (monitor) of the user computer 122, is decrypted, and this decrypted data, along with all other data sent by the CRM Server 102, to the user computer 122, cannot be captured for screen shot images, stored, placed into files, copied, printed or exported.
  • the process of FIG. 9 occurs typically in real time.
  • FIG. 10 is a flow diagram of a process where an unauthorized user 129 of the systems 800, 800’, via his computer 128 seeks information from the CRM server 102 (in the system 800 the unauthorized user 129 attempts to enter the system from the WAN 126, while in the system 800’, the unauthorized use 800’, attempts to enter from the FAN 104).
  • a request for information is received from the unauthorized user 129 at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the requested data to the unauthorized user 129 over the WAN 128 (system 800), or the FAN 104 (system 800’), at block 1004.
  • the data sent from the CRM Server 102 is encrypted, and the computer 128 cannot access the Encryption/Decryption server 106’, the data remains encrypted, and the process ends at block 1006.
  • the process of FIG. 10 occurs typically in real time.
  • FIG. 11 is a flow diagram of a process where an affiliate 133, represented by the affiliate computer 132 seeks information from the CRM Server 102.
  • a request for information is received from the affiliate computer 132, via the affiliate server 130, at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the Identifier (ID) corresponding to the requested data, to the affiliate computer 132, as encrypted data, at block 1104.
  • the portion of the data being displayed in real time is sent from the affiliate computer 132 to the Encryption/Decryption server 106’, where it is decrypted, as the key servers l lOa-HOn, hold the decryption keys, at block 1106.
  • the decryption keys were collected from the key servers 1 lOa-110h.
  • the LUT 107 is used to identify the name of the company.
  • the Encryption/Decryption server 106’ returns the decrypted ID data to the affiliate computer 132 for display, at block 1108.
  • the decrypted data which is displayed cannot be copied, printed or exported.
  • the process ends at block 1110, and may be repeated as desired by the affiliate 133.
  • the process of FIG. 11 occurs typically in real time.
  • FIG. 12 is a flow diagram of a process where a user at an authorized brand server, for example, server AB1 136a, an authorized user for the CRM server 102, seeks information from the CRM Server 102.
  • a request for information is received from the server 136a at the CRM Server 102.
  • the CRM Server 102 responds to the request by sending the requested data to the server 136a, as encrypted data, at block 1204.
  • the portion of the data being displayed in real time is sent from the server 136a to the Encryption/Decryption server 106’, where it is decrypted, as the key servers llOa-llOn hold the decryption keys, at block 1206. From block 1202,
  • the decryption keys were collected from the key servers llOa-llOn. Additionally, at block 1205, the decryption keys were collected from the key servers llOa-llOn. Additionally, at block 1205, the decryption keys were collected from the key servers llOa-llOn. Additionally, at block 1205, the decryption keys were collected from the key servers llOa-llOn. Additionally, at block 1205, the decryption keys were collected from the key servers llOa-llOn. Additionally, at block
  • the FUT 107 is used to identify the name of the company.
  • the Encryption/Decryption server 106’ returns the decrypted data to the user computer 122 for display, at block 1208.
  • the decrypted data which is displayed, cannot be copied, printed or exported.
  • the process ends at block 1210, and may be repeated as desired.
  • the process of FIG. 12 occurs typically in real time.
  • the CRM server 102 sits outside of each respective system 100, 800, 800’, which are, for example, part of an enterprise network or FAN 104.
  • the encryption/decryption server 106, 106’ as well as each system 100, 800, 800’ can support any kind of generic CRM server, represented by the CRM server 102, independent of the CRM’s branding or platform.
  • CRM branding or platforms include, for example, SalesforceTM from Microsoft of Redmond, Washington, MicrosoftTM DynamicTM, ZendeskTM, and any other commercially available CRM.
  • the systems 100, 800, 800’ provide a generic encryption (and decryption) solution that supports multiple CRM brands, and is agnostic to CRM brands (or platforms).
  • the encryption/decryption server 106, 106’ is generic to one or more CRM platforms running on the CRM server 120.
  • the encryption/decryption servers 106, 106’ serve as proxies between the CRM server 102 (and its databases) and the clients (e.g., affiliate and brand servers).
  • CRM Server 120 for CRM data has been shown for the disclosed systems 100, 800, 800’, this is exemplary, as the CRM Server 120 may also be any application server for any application data, or other suitable system.
  • Implementation of the method and/or system of embodiments of the disclosed subject matter can involve performing or completing selected tasks manually, automatically, or a combination thereof. Moreover, according to actual instrumentation and equipment of embodiments of the method and/or system of the disclosed subject matter, several selected tasks could be implemented by hardware, by software or by firmware or by a combination thereof using an operating system.
  • a data processor such as a computing platform for executing a plurality of instructions.
  • the data processor includes a volatile memory for storing instructions and/or data and/or a non-volatile storage, for example, non-transitory storage media such as a magnetic hard-disk and/or removable media, for storing instructions and/or data.
  • a network connection is provided as well.
  • a display and/or a user input device such as a keyboard or mouse are optionally provided as well.
  • non-transitory computer readable (storage) medium(s) may be utilized in accordance with the above-listed embodiments of the present disclosed subject matter.
  • a non-transitory computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
  • a computer readable non-transitory storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
  • a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
  • a computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s).
  • the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • processes and portions thereof can be performed by computers, computer-type devices, workstations, processors, micro-processors, other electronic searching tools and memory and other non-transitory storage-type devices associated therewith.
  • the processes and portions thereof can also be embodied in programmable non-transitory storage media, for example, compact discs (CDs) or other discs including magnetic, optical, etc., readable by a machine or the like, or other computer usable storage media, including magnetic, optical, or semiconductor storage, or other source of electronic signals.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

Methods and systems are directed to decrypting encrypted data in real time by limiting access to the decrypted data which displays on a computer (computer monitor). Encryption methods for data items using data strings, each string encrypted by an encryption algorithm, are also disclosed.

Description

REAL TIME DECRYPTION SYSTEM AND METHOD FOR ITS USE
CROSS-REFERENCES TO RELATED APPLICATIONS
This application is related to and claims priority from commonly owned U.S. Provisional Patent Application Serial No. 62/885,326, entitled: Real Time Decryption System And Method For Its Use, filed on August 12, 2019, the disclosure of which is incorporated by reference herein in its entirety.
TECHNICAL FIELD
The present disclosed subject matter is directed to access to data, and encryption and decryption of data.
BACKGROUND OF THE DISCLOSURE
Organizations spend substantial amounts of funds, in both hard and soft costs, protecting their data. This is especially true for customer relationship management (CRM) data, which includes customer lists of both past and present customers, and customers presently being targeted. This information is typically the organization’s strongest asset and greatest trade secret, as it provides the organization with an advantage over its competitors. Should this information fall into the hands of competitors, via hackers, a data breach, or the like, the organization can rapidly lose its advantage over its competition.
SUMMARY OF THE DISCLOSURE
The present disclosure or disclosed subject matter, these terms used interchangeably herein, provides systems and methods for retaining data securely both within and outside of an organization, by using real time encryption and decryption.
Embodiments of the disclosure are directed to methods and systems for decrypting encrypted data, for example, in real time, by limiting access to the decrypted data which displays on a computer (computer monitor), as well as encryption methods for data items using data strings, each string encrypted by an encryption algorithm.
Embodiments of the disclosure are directed to a data encryption method comprising a series of data strings, each string including START and END indicators where at least one data item is provided in each of the data strings; and, one additional data item is provided in one of the data strings of the series of data strings.
Embodiments of the disclosure are directed to a method for decrypting data in real time comprising: sending data, requested by a user computer to a decryption computer, for example, a decryption server; and, the decryption computer decrypting a portion of the data which is displayed on the user computer.
Embodiments of the disclosure are directed to a data encryption method. The data encryption method comprises: providing a plurality of data strings, each string including START and END indicators where at least one data item is provided in each of the data strings; and, providing at least one additional data item in one of the data strings of the plurality of data strings.
Optionally, the data encryption method is such that the at least one data item includes one data item.
Embodiments of the disclosed subject matter are directed to a method for decrypting data. The method comprises: providing a computer with at least one instruction to decrypt a portion of encrypted data received by the computer; receiving encrypted data from a system in an decryption device, the data encrypted data including at least one instruction associated with the encrypted data to decrypt a portion of the encrypted data; acquiring at least one key to decrypt the portion of the encrypted data in accordance with the instruction; and, decrypting the portion of the encrypted data in accordance with the instruction.
Optionally, the method is such that the portion of the encrypted data which is decrypted includes the data displayed on a display associated with the computer.
Optionally, the method is such that the at least one instruction is mapped to the decryption device.
Optionally, the method is such that the least one instruction to decrypt a portion of encrypted data received by the computer resides in a browser extension of the computer.
Optionally, the method is such that the decryption device includes an encryption and decryption server.
Optionally, the method is such that the encryption and decryption server encrypts data which is provided as the encrypted data to the system. Optionally, the method is such that the at least one key to decrypt the encrypted data resides in the encryption and decryption server.
Optionally, the method is such that the at least one key to decrypt the encrypted data resides in one or more key servers external to the encryption and decryption server.
Optionally, the method is such that computer receives the encrypted data in response to a request to the system.
Optionally, the method is such that the system computer includes a Customer Relations Management (CRM) server.
Optionally, the method is such that the encryption and decryption server is generic to one or more CRM platforms running on the CRM server.
Optionally, the method is such that the encryption and decryption server includes one or more servers.
Optionally, the method is such that the decrypting the portion of the encrypted data in accordance with the at least one instruction is performed in real time.
Optionally, the method is such that the encryption and decryption server encrypts data which is provided as the encrypted data to the system in real time.
Embodiments of the disclosed subject matter are directed to a data encryption method. The method comprises: designating a plurality of X data items, where X is an integer; based on the X data items, creating X-l data strings, each of the X-l data strings including at least one of the X data items, and, at least one of the X-l data strings including at least one additional data items of the X data items; and, encrypting each of the X-l data strings by using an encryption algorithm.
Optionally, the method is such that the encrypting each of the X-l data strings by using an encryption algorithm includes using at least one different encryption algorithm for at least one string which is different from the encryption algorithms used for each of the other data strings.
Optionally, the method is such that the encrypting each of the X-l data strings by using an encryption algorithm includes using the same encryption algorithm for each of the data strings.
Optionally, the method is such that the at least one of the X data items includes one data item. Optionally, the method is such that the at least one of the X-l data strings includes one data string.
Optionally, the method is such that the at least one additional data items of the X data items includes one additional data item.
Optionally, the method is such that the providing a plurality of data strings additionally comprises: providing each data string with START and END indicators where the at least one data item is provided in each of the data strings.
Embodiments of the disclosed subject matter are directed to a system for decrypting data. The system comprises: at least one computer for encrypting and decrypting data, for example, in real time, and the at least one computer is configured for: 1) receiving at least one instruction associated with received encrypted data to decrypt a portion of the encrypted data, and, 2) decrypting a portion of the encrypted data, at the machine associated with the received encrypted data.
Optionally, the system is such that the at least one instruction resides on a browser extension of the machine associated with the received encrypted data.
Optionally, the system is such that the at least one instruction maps to the at least one computer for encrypting and decrypting data.
Optionally, the system is such that the at least one instruction causes decryption of the portion of encrypted data displayed on a display associated with the machine.
Optionally, the system is such that the machine includes a user computer (a computer associated with a user).
Optionally, the system is such that the at least one computer for encrypting and decrypting data includes an encryption and decryption server.
Optionally, the system is such that the at least one computer for encrypting and decrypting data includes at least one encryption server and at least one decryption server.
Optionally, the system is such that the at least one computer for encrypting and decrypting data is additionally configured for encrypting data corresponding to the received encrypted data.
This document references terms that are used consistently or interchangeably herein. These terms, including variations thereof, are as follows. A “computer” includes machines, computers and computing or computer systems (for example, physically separate locations or devices), servers, computer and computerized devices, processors, processing systems, computing cores (for example, shared devices), and similar systems, workstations, modules and combinations of the aforementioned. The aforementioned “computer” may be in various types, such as a personal computer (e.g., laptop, desktop, tablet computer), or any type of computing device, including mobile devices that can be readily transported from one location to another location (e.g., smartphone, personal digital assistant (PDA), mobile telephone or cellular telephone).
A "server" is typically a remote computer or remote computer system, or computer program therein, in accordance with the “computer” defined above, that is accessible over a communications medium, such as a communications network or other computer network, including the Internet. A “server” provides services to, or performs functions for, other computer programs (and their users), in the same or other computers. A server may also include a virtual machine, a software based emulation of a computer.
“n” after an element number or character for an element, designates the last member (element) of a series.
Unless otherwise defined herein, all technical and/or scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the disclosed subject matter pertains. Although methods and materials similar or equivalent to those described herein may be used in the practice or testing of embodiments of the disclosure, exemplary methods and/or materials are described below. In case of conflict, the patent specification, including definitions, will control. In addition, the materials, methods, and examples are illustrative only and are not intended to be necessarily limiting.
BRIEF DESCRIPTION OF THE DRAWINGS
Some embodiments of the present disclosure are herein described, by way of example only, with reference to the accompanying drawings. With specific reference to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of embodiments of the disclosure. In this regard, the description taken with the drawings makes apparent to those skilled in the art how embodiments of the disclosed subject matter may be practiced. Attention is now directed to the drawings, where like reference numerals or characters indicate corresponding or like components. In the drawings:
FIG. 1 is an illustration of a system performing the disclosed subject matter in an environment;
Fig. 2 is a block diagram of the look up table (LUT) of FIG. 1 ;
FIG. 3A is a diagram of a CRM customer entry, as stored in or otherwise associated with the CRM Server of FIG. 1 ;
FIG. 3B is a flow diagram of a process performed by the disclosed subject matter for encrypting data received by the system of FIG. 1 ;
FIG. 4 is a flow diagram of a process in accordance with the disclosed subject matter for the system of FIG. 1 ;
FIG. 5 is a flow diagram of another process in accordance with the disclosed subject matter for the system of FIG. 1 ;
FIG. 6 is a flow diagram of a process of accessing and receiving data by an affiliate the disclosed subject matter for the system of FIG. 1 ;
FIG. 7 is a flow diagram of a process of accessing and receiving data by an authorized brand server the disclosed subject matter for the system of FIG. 1;
FIGs. 8A and 8B are illustrations of systems performing the disclosed subject matter in an environment;
FIG. 9 is a flow diagram of a process in accordance with the disclosed subject matter for the systems of FIGs. 8 A and 8B;
FIG. 10 is a flow diagram of another process in accordance with the disclosed subject matter for the systems of FIGs. 8A and 8B;
FIG. 11 is a flow diagram of a process of accessing and receiving data by an affiliate the disclosed subject matter for the systems of FIGs. 8A and 8B; and,
FIG. 12 is a flow diagram of a process of accessing and receiving data by an authorized brand server the disclosed subject matter for the system of FIGs. 8A and 8B.
DETAILED DESCRIPTION OF THE DRAWINGS
Before explaining at least one embodiment of the disclosed subject matter in detail, it is to be understood that the disclosed subject matter is not necessarily limited in its application to the details of construction and the arrangement of the components and/or methods set forth in the following description and/or illustrated in the drawings. The disclosed subject matter is capable of other embodiments or of being practiced or carried out in various ways.
As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as a system, method or computer program product. Accordingly, aspects of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," "module" or "system." Furthermore, aspects of the present disclosure may take the form of a computer program product embodied in one or more non-transitory computer readable (storage) medium(s) having computer readable program code embodied thereon.
FIG. 1 shows a system 100 of the disclosed subject matter as it operates in an example environment. The system 100 includes a Customer Relationship Management (CRM) server 102, an enterprise network 104, and an Encryption/Decryption Server 106. Both the CRM Server 102, via the WAN 126, and the Enterprise Network 104 link to the Encryption/Decryption server 106. The CRM Server 102 links to the Enterprise Network 104. The Enterprise Network 104 is, for example, a local area network (LAN). "Finked" as used herein, includes both wired and/or wireless links, such that networks, computers, servers, components, devices and the like, are in electronic and/or data communications with each other, directly or indirectly.
The Enterprise Network 104 is linked to a computer 122 of an enterprise user 123, who is an authorized user. This user 123 (and his computer 122) has with permission and/or privileges to obtain data from the CRM server 102. The computer 122 and user 123 are representative of multiple computers/users associated with the enterprise and which are linked to the Enterprise Network 104. The decrypted transmissions from the encryption/decryption server 106 are such that only the display on the computer, as displayed in real time, and, for example “on the fly”, is decrypted on the computer 122. By decrypting the portion of the received data which is being displayed, the encryption/decryption server 106 is performing partial decryption.
The enterprise network 104 is such that as shown, it includes a browser add-on or browser extension for the browser (e.g., browsing application) of each user computer 122, such that the browser is programmed to signal the Encryption/Decryption server 106 to decrypt a portion of the received encrypted date, for example, only what the browser displays on the screen (monitor or display) of the computer 122. Typically, this decrypted screen display cannot be captured for screenshot images, storage, including placement into a file, copied, exported, and/or printed. Additionally, the decrypted screen display may be in colors and/or shades such that the characters and images of the screen display are only viewable in a clear and comprehensible manner, to the user 123. For example, the aforementioned privileges are such that the user 123 (and computer 122) map to the encryption/decryption server 106, such that data sent from the CRM server 102 to the computer 122 is typically partially decrypted, for example, only the data displayed on the monitor of the computer 122 is decrypted, and, for example, cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported. This decryption of a portion of the received encrypted data is achieved as the browser add-on sends one or more instructions (which reside in the browser extension (for example, of the computer 122)) and these instructions are mapped to the encryption/decryption server 106, and associated with and/or sent with the encrypted data being sent to the encryption/decryption server 106 for decryption), as to the portion of the encrypted data to decrypt, as well as that the portion of the decrypted data is not to be: captured for screen shot images, stored, placed into files, copied, printed or exported; and, any other instructions including, for example, that a decrypted screen display may be in colors and/or shades such that the characters and images of the screen display are only viewable in a clear and comprehensible manner.
As a further example, a four page document, with pages 1, 2, 3 and 4, is rendered to the browser. When page 1 is displayed on the computer monitor, only that page (page 1) is decrypted, and cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported. Pages 2, 3 and 4, which the user does not see, as they are not displayed, are not decrypted, and therefore remain encrypted, until a page is rendered by the browser to the display, e.g., computer 122 monitor. Should the user move directly to Page 4 (which is rendered by the browser to the computer monitor for display, this page is decrypted, and cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported, while Pages 1, 2, and 3, which the user does not see, as they are not displayed, are not decrypted, and therefore remain encrypted, until a page is rendered by the browser to the display, e.g., computer 122 monitor.
The CRM server 102 links to a wide area network (WAN) 126, such as a public network, including, for example, the Internet. A computer 128 of an unauthorized user 129, which is attempting to access the CRM server 102, links to the WAN 126. The computer 128 and user 129 are representative of multiple computers/unauthorized users attempting to access the CRM server 102 via the WAN 126. The CRM server 102 may be, for example, part of a computer system or a system, the computer system or system, also linking to WAN 126.
The encryption/decryption server 106 has the ability to encrypt all communications from the enterprise network 104 and the affiliate (URL) server 130. This server 106 also holds all keys necessary to decrypt data, and includes a look up table (LUT) 107, where various information in the CRM server 102 is further encrypted or disguised. This information includes, for example, a customer name. For example, a company in the CRM server 102, for example, whose actual name is NEWCO Corporation may be listed in the LUT 107, under the characters “caangelsl987”, for example, as shown in FIG. 2. The encryption/decryption server 106, also known as an encryption and decryption server, for example, functions as an encrypter or encryption device, and a decrypter or decryption device. While the encryption and decryption functions are shown provided by a single encryption/decryption server 106, the encryption/decryption server 106 may be multiple servers, including separate encryption and decryption servers.
An affiliate server 130 links to the Encryption/Decryption Server 106. An affiliate computer 132 of an affiliate 133, representative of affiliates for the system 100, links to the affiliate server 130. The affiliate server 130 when sending data from an affiliate 133 to the CRM server 102, sends it through the Encryption/Decryption server 106 to the CRM Server 102, so that the data is encrypted for storage in the CRM server. The affiliate 133, when receiving data from the CRM server 102, receives a User Identification (ID) relating to the specific customer. The affiliate server 130, for example, functions to open a dedicated application programming interface (API) for the affiliate 133 to provide access to the affiliate 133 to inject data into the CRM server 102, for example, under the name of the requisite brand. The privileges of the affiliate 133 are, for example, such that the affiliate 133 can only inject data (e.g., new data) into the system 100, e.g., the CRM server 102, e.g., via the encryption/decryption server 106, or add other data, but cannot delete any data from the system 100, including the data which it entered.
Servers 136a-136n representing authorized brands (AB1 to ABn) whose data is stored in the CRM Server 102, link to the WAN 126, so as to link to the CRM Server 102, and also link to the encryption/decryption server 106. Each of the authorized brand servers 136a-136n, has privileges, which function to allow injection of data into the CRM server 102, typically over a dedicated Internet Protocol (IP) link, for example, the information corresponding to the authorized brand. Other privileges for the authorized brand servers 136a-136n may include, for example, querying data from the CRM Server 102, adding/updating/editing data (for the CRM server 102, as sent via the encryption/decryption server 106 for encryption, and then sent to the CRM Server 102 for storage, as per FIG. 3B).
FIG. 3A is a diagram showing how data is stored in the CRM Server 102. Data for each customer, whose actual name is stored in the LUT 107, is stored as an entry 300 in a data base, storage media and the like, in four data strings 301, 302, 303, 304, as a group of strings. Each of the strings 301-304 is 64 characters, with the characters being letters (which are typically case sensitive, but need not be as such), numbers, and special characters, for example, the character in any combination. Each of the strings 301-304 is encrypted data, and encrypts at least one data item. For example, one of the strings 301-304 in the group of strings may encrypt plural data items, while the remaining strings encrypt one data item. Each string 301-304 is, for example, encrypted and/or decrypted by one or more encryption/decryption algorithms.
For example, the first string 301 may be encrypted by Algorithm 1, the second string 302 by Algorithm 3, the third string 303 by Algorithm 10, and the fourth string 304 by Algorithm 3. Algorithms 1, 10 and 3 are different from each other. Accordingly, any encryption/decryption algorithm for each string 301-304 may be in any order, another aspect of cyber security. Also, the same algorithm may be used to encrypt all of the strings (of the group of strings).
When looking at the strings 301-304, one string, for example, the first string 301 holds name data (a data item), e.g., the customer’s name. The second string 302, for example, holds postal/physical address data (a data item). The third string 303, for example, holds email data (a data item). The fourth string 304, for example, holds telephone number data (a data item). Within any one of the strings 301-304 for the customer, the brand (a data item) is stored. For example, the brand is stored in the first string 301 as encrypted, the brand being “Cool Candy” and stored by the encrypted characters “lussbemrj”.
Within each string 301-304 is a START and END, between which the relevant data (i.e., data item(s)) is stored.
In the first string 301, between the START, represented by the characters “vvb”, and the END, represented by the characters “cdd”. The Customer Name “Caangelsl987”, is encrypted by the characters “neejtql4761” and the brand “Cool Candy”, is the encrypted characters “lussbemrj”.
In the second string 302, between the START, represented by the characters “ucc”, and the END, represented by the characters “dec”, is the Customer Address, “21 Oak Street, Denver, CO 80011”, is encrypted by the characters “541ejmenuvidnigca09765”.
In the third string 303, between the START, represented by the characters “ttd”, and the END, represented by the characters “ebb”, is the Customer e-mail, “info@ccandy.com” is encrypted by the characters “umkamnbdguuklmnxpulebb”.
In the fourth string 304, between the START, represented by the characters “sse”, and the END, represented by the characters “faa”, is the Customer telephone number “303 456 8307”, encrypted by the characters “9897652345”.
Attention is now directed to FIG. 3B, which show a flow diagram detailing a computer- implemented process in accordance with embodiments of the disclosed subject matter. Reference is also made to elements shown in FIGs. 1-3 A. The process and sub-processes of FIG. 3B are computerized processes performed by the system 100. The aforementioned processes and sub processes can be, for example, performed manually, automatically, or a combination thereof, and, for example, in real time.
At block 312, data including new data or additional/updated data is sent from affiliate servers 130, Authorized Brand Servers 136a- 136n, and other servers associated with the CRM server 102, and received by the Encryption/Decryption Server 106.
The process moves to block 314, where the received data is encrypted by the Encryption/Decryption server 106 using keys (e.g., encryption keys). From block 315, the encryption keys were collected from the Encryption/Decryption server 106. The data is encrypted, for example, in accordance with FIG. 3A and its description above.
The process then moves to block 316, where the Encryption/Decryption Server 106 sends encrypted data to CRM Server 120, with instructions for storage based on the data being new data or additional/updated data.
In FIGs. 4-7 data is encrypted, processed and stored, for example, in accordance with that disclosed in FIGs. 3 A and 3B.
Attention is now directed to FIGs. 4 and 5, which show flow diagrams detailing computer-implemented processes in accordance with embodiments of the disclosed subject matter. Reference is also made to elements shown in FIGs. 1-3B. The process and sub-processes of FIGs. 4 and 5 are computerized processes performed by the system 100. The aforementioned processes and sub-processes can be, for example, performed manually, automatically, or a combination thereof, and, for example, in real time.
FIG. 4 is a flow diagram of a process where a user 123 of the Enterprise Network 104, an authorized user for the CRM server 102, seeks information from the CRM Server 102. At block 402, a request for information is received from the user 123 at the CRM Server 102. The CRM Server 102 responds to the request by sending the requested data to the user computer 122, as encrypted data, at block 404. The portion of the data being displayed in real time is sent from the user computer 122 to the Encryption/Decryption server 106, where it is decrypted, as the server 106 holds the decryption keys, at block 406. From block 405, the decryption keys were collected from the Encryption/Decryption server 106. Additionally, at block 406, the LUT 107 is used to identify the name of the company.
The Encryption/Decryption server 106 returns the decrypted data to the user computer 122, as partially decrypted data for display, at block 408. The decrypted data, which is displayed, is partially decrypted data, as only the data presented in the display (monitor) of the user computer 122, is decrypted, and this decrypted data, along with all other data sent by the CRM Server 102, to the user computer 122, cannot be captured for screen shot images, stored, placed into files, copied, printed or exported. The process ends at block 410, and may be repeated when new data is displayed on the computer monitor of the user 123. The process of FIG. 4 occurs typically in real time.
FIG. 5 is a flow diagram of a process where an unauthorized user 129, via his computer 128 seeks information from the CRM server 102. At block 502, a request for information is received from the user 129 at the CRM Server 102. The CRM Server 102 responds to the request by sending the requested data to the unauthorized user 129 over the WAN 128, at block 504. As the data sent from the CRM Server 102 is encrypted, and the computer 128 cannot access the Encryption/Decryption server 106, the data remains encrypted, and the process ends at block 506. The process of FIG. 5 occurs typically in real time.
FIG. 6 is a flow diagram of a process where an affiliate 133, represented by the affiliate computer 132 seeks information from the CRM Server 102. At block 602, a request for information is received from the affiliate computer 132, via the affiliate server 130, at the CRM Server 102. The CRM Server 102 responds to the request by sending the Identifier (ID) corresponding to the requested data, to the affiliate computer 132, as encrypted data, at block 604. The portion of the data being displayed in real time is sent from the affiliate computer 132 to the Encryption/Decryption server 106, where it is decrypted, as the server 106 holds the decryption keys, at block 606. From block 605, the decryption keys were collected from the Encryption/Decryption server 106. Additionally, at block 606, the LUT 107 is used to identify the name of the company.
The Encryption/Decryption server 106 returns the decrypted ID data to the affiliate computer 132 for display, at block 608. The decrypted data which is displayed cannot be copied, printed or exported. The process ends at block 610, and may be repeated as desired by the affiliate 133. The process of FIG. 6 occurs typically in real time.
FIG. 7 is a flow diagram of a process where a user at an authorized brand server, for example, server AB1 136a, an authorized user for the CRM server 102, seeks information from the CRM Server 102. At block 702, a request for information is received from the server 136a at the CRM Server 102. The CRM Server 102 responds to the request by sending the requested data to the server 136a, as encrypted data, at block 704. The portion of the data being displayed in real time is sent from the server 136a to the Encryption/Decryption server 106, where it is decrypted, as the server 106 holds the decryption keys, at block 706. From block 705, the decryption keys were collected from the Encryption/Decryption server 106. Additionally, at block 706, the LUT 107 is used to identify the name of the company.
The Encryption/Decryption server 106 returns the decrypted data to the user computer 122 for display, at block 708. The decrypted data, which is displayed, cannot be copied, printed or exported. The process ends at block 710, and may be repeated as desired. The process of FIG. 7 occurs typically in real time.
FIGs. 8A and 8B show systems 800, 800’ whose operation, for example, is in accordance with the disclosed subject matter. The system 800 of FIG. 8 A is an open system and includes a WAN 126 and LAN 104. The system 800’ of FIG. 8B is a system based on a LAN 104, and as such is for a single authorized brand (AB), represented by the single authorized brand server 136.
These systems 800, 800’ include components similar to those of the system 100, and take the same element numbers and descriptions, as those for the system 100, described above, except where indicated. These systems 800, 800’, are, for example, systems with decentralized encryption/decryption, as encryption/decryption keys, also known as “encryption/decryption key data” or “key data”, these terms used interchangeably herein, are stored, for example, in Key Servers (KS) 110a- 11 On (KSl-KSn).
The systems 800, 800’ are such that each key is, for example, located in a different key server llOa-llOn. The actual number of keys, for example, depends on the number of authorized brands (AB), each authorized brand, for example, represented by an authorized brand (AB) server 136a-136n. Example keys include one or more of, master keys, brand or customer keys, and client keys, for example, as paired keys for encryption and decryption. For example, a brand or customer key is saved as encrypted using the master key. Also, for example, use of a brand or customer key requires that the brand or customer key first be decrypted using the master key.
The encryption/decryption server 106’ of the systems 800, 800’ is similar to the encryption/decryption server 106, and is in accordance therewith, as described above, except where indicated. The encryption/decryption server 106’ has the ability to encrypt all communications from the enterprise network (LAN) 104, the affiliate server 130, the authorized brand servers 136a-136n, the WAN 126, and other servers in communication or otherwise linked to the encryption/decryption server 106’, and also decrypts data (e.g., encrypted data), for example, encrypted data received from the CRM server 102, and other entities (e.g., where permitted). The server 106’ includes a look up table (LUT) 107, where various information in the CRM server 102 is further encrypted or disguised. This information includes, for example, a customer name. For example, a company in the CRM server 102, for example, whose actual name is NEWCO Corporation may be listed in the LUT 107, under the characters “caangelsl987”, for example, as shown in FIG. 2. The server 106’ communicates with the key servers 110a- 11 On to obtain the various keys necessary for encryption and decryption, but unlike the encryption/decryption server 106, does not store any keys (encryption or decryption keys).
The encryption/decryption server 106’, like the encryption/decryption server 106 (detailed above and shown in FIG. 1), is also known as an encryption and decryption server, and, for example, functions as an encrypter or encryption device, and a decrypter or decryption device. While the encryption and decryption functions are shown provided by a single encryption/decryption server 106’, the encryption/decryption server 106’ may be multiple servers, including separate encryption and decryption servers. The enterprise network 104 is such that as shown, it includes a browser add-on for the browser (e.g., browsing application) of each user computer 122, such that the browser is programmed to signal the Encryption/Decryption server 106’ to decrypt only what the browser displays on the screen (monitor or display) of the computer 122. Typically, this decrypted screen display cannot be captured for screenshot images, storage, including placement into a file, copied, exported, and/or printed. Additionally, the decrypted screen display may be in colors and/or shades such that the characters and images of the screen display are only viewable in a clear and comprehensible manner, to the user 123. For example, the aforementioned privileges are such that the user 123 (and computer 122) map to the encryption/decryption server 106’, such that data sent from the CRM server 102 to the computer 122 is typically partially decrypted, for example, only the data displayed on the monitor of the computer 122 is decrypted, and, for example, cannot be, captured for screen shot images, stored, placed into files, copied, printed or exported.
Both systems 800, 800’ encrypt data in the Encryption/Decryption server 106’, process the encrypted data, and store the encrypted data in the CRM Server 102, as shown in FIGs. 3A and 3B, and as described for FIGs. 3 A and 3B above. For the systems 800, 800’, in the process of FIG. 3B, keys (e.g., encryption keys) are obtained from key servers 1 lOa-110h, at block 314, and at block 315, the encryption keys were collected from the key servers 110a- 110h. In FIGs. 9- 12 data is encrypted, processed and stored, for example, in accordance with that disclosed in FIGs. 3A and 3B.
Attention is now directed to FIGs. 9 and 10, which show flow diagrams detailing computer-implemented processes in accordance with embodiments of the disclosed subject matter. Reference is also made to elements shown in FIGs. 8A and 8B. The process and sub processes of FIGs. 9 and 10 are computerized processes performed by the systems 800, 800’. The aforementioned processes and sub-processes can be, for example, performed manually, automatically, or a combination thereof, and, for example, in real time.
FIG. 9 is a flow diagram of a process where a user 123 of the Enterprise Network 104, an authorized user for the CRM server 102, seeks information from the CRM Server 102. At block 902, a request for information is received from the user 123 at the CRM Server 102. The CRM Server 102 responds to the request by sending the requested data to the user computer 122, as encrypted data, at block 904. The portion of the data being displayed in real time is sent from the user computer 122 to the Encryption/Decryption server 106’, where it is decrypted, from keys received from one or more of the key servers 110a- 11 On. From block 905, the decryption keys were collected from the key server(s) 1 lOa-110h. Additionally, at block 406, the LUT 107 is used to identify the name of the company.
The Encryption/Decryption server 106’ returns the decrypted data to the user computer 122, as partially decrypted data for display, at block 908. The decrypted data, which is displayed, is partially decrypted data, as only the data presented in the display (monitor) of the user computer 122, is decrypted, and this decrypted data, along with all other data sent by the CRM Server 102, to the user computer 122, cannot be captured for screen shot images, stored, placed into files, copied, printed or exported. The process ends at block 910, and may be repeated when new data is displayed on the computer monitor of the user 123. The process of FIG. 9 occurs typically in real time.
FIG. 10 is a flow diagram of a process where an unauthorized user 129 of the systems 800, 800’, via his computer 128 seeks information from the CRM server 102 (in the system 800 the unauthorized user 129 attempts to enter the system from the WAN 126, while in the system 800’, the unauthorized use 800’, attempts to enter from the FAN 104). At block 102, a request for information is received from the unauthorized user 129 at the CRM Server 102. The CRM Server 102 responds to the request by sending the requested data to the unauthorized user 129 over the WAN 128 (system 800), or the FAN 104 (system 800’), at block 1004. As the data sent from the CRM Server 102 is encrypted, and the computer 128 cannot access the Encryption/Decryption server 106’, the data remains encrypted, and the process ends at block 1006. The process of FIG. 10 occurs typically in real time.
FIG. 11 is a flow diagram of a process where an affiliate 133, represented by the affiliate computer 132 seeks information from the CRM Server 102. At block 1102, a request for information is received from the affiliate computer 132, via the affiliate server 130, at the CRM Server 102. The CRM Server 102 responds to the request by sending the Identifier (ID) corresponding to the requested data, to the affiliate computer 132, as encrypted data, at block 1104. The portion of the data being displayed in real time is sent from the affiliate computer 132 to the Encryption/Decryption server 106’, where it is decrypted, as the key servers l lOa-HOn, hold the decryption keys, at block 1106. From block 1105, the decryption keys were collected from the key servers 1 lOa-110h. Additionally, at block 1106, the LUT 107 is used to identify the name of the company.
The Encryption/Decryption server 106’ returns the decrypted ID data to the affiliate computer 132 for display, at block 1108. The decrypted data which is displayed cannot be copied, printed or exported. The process ends at block 1110, and may be repeated as desired by the affiliate 133. The process of FIG. 11 occurs typically in real time.
FIG. 12 is a flow diagram of a process where a user at an authorized brand server, for example, server AB1 136a, an authorized user for the CRM server 102, seeks information from the CRM Server 102. At block 1202, a request for information is received from the server 136a at the CRM Server 102. The CRM Server 102 responds to the request by sending the requested data to the server 136a, as encrypted data, at block 1204. The portion of the data being displayed in real time is sent from the server 136a to the Encryption/Decryption server 106’, where it is decrypted, as the key servers llOa-llOn hold the decryption keys, at block 1206. From block
1205, the decryption keys were collected from the key servers llOa-llOn. Additionally, at block
1206, the FUT 107 is used to identify the name of the company.
The Encryption/Decryption server 106’ returns the decrypted data to the user computer 122 for display, at block 1208. The decrypted data, which is displayed, cannot be copied, printed or exported. The process ends at block 1210, and may be repeated as desired. The process of FIG. 12 occurs typically in real time.
Turning back to the systems 100, 800, 800’ of FIGs. 1, 8A and 8B, respectively, the CRM server 102 sits outside of each respective system 100, 800, 800’, which are, for example, part of an enterprise network or FAN 104. As a result of this positioning, the encryption/decryption server 106, 106’ as well as each system 100, 800, 800’ can support any kind of generic CRM server, represented by the CRM server 102, independent of the CRM’s branding or platform. Such CRM branding or platforms include, for example, Salesforce™ from Microsoft of Redmond, Washington, Microsoft™ Dynamic™, Zendesk™, and any other commercially available CRM. Accordingly, the systems 100, 800, 800’ provide a generic encryption (and decryption) solution that supports multiple CRM brands, and is agnostic to CRM brands (or platforms). Accordingly, the encryption/decryption server 106, 106’ is generic to one or more CRM platforms running on the CRM server 120. For example, the encryption/decryption servers 106, 106’ serve as proxies between the CRM server 102 (and its databases) and the clients (e.g., affiliate and brand servers).
While a CRM server 120 for CRM data has been shown for the disclosed systems 100, 800, 800’, this is exemplary, as the CRM Server 120 may also be any application server for any application data, or other suitable system.
Implementation of the method and/or system of embodiments of the disclosed subject matter can involve performing or completing selected tasks manually, automatically, or a combination thereof. Moreover, according to actual instrumentation and equipment of embodiments of the method and/or system of the disclosed subject matter, several selected tasks could be implemented by hardware, by software or by firmware or by a combination thereof using an operating system.
For example, hardware for performing selected tasks according to embodiments of the disclosed subject matter could be implemented as a chip or a circuit. As software, selected tasks according to embodiments of the invention could be implemented as a plurality of software instructions being executed by a computer using any suitable operating system. In an exemplary embodiment of the disclosed subject matter, one or more tasks according to exemplary embodiments of method and/or system as described herein are performed by a data processor, such as a computing platform for executing a plurality of instructions. Optionally, the data processor includes a volatile memory for storing instructions and/or data and/or a non-volatile storage, for example, non-transitory storage media such as a magnetic hard-disk and/or removable media, for storing instructions and/or data. Optionally, a network connection is provided as well. A display and/or a user input device such as a keyboard or mouse are optionally provided as well.
For example, any combination of one or more non-transitory computer readable (storage) medium(s) may be utilized in accordance with the above-listed embodiments of the present disclosed subject matter. A non-transitory computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable non-transitory storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
As will be understood with reference to the paragraphs and the referenced drawings, provided above, various embodiments of computer-implemented methods are provided herein, some of which can be performed by various embodiments of apparatuses and systems described herein and some of which can be performed according to instructions stored in non-transitory computer-readable storage media described herein. Still, some embodiments of computer- implemented methods provided herein can be performed by other apparatuses or systems and can be performed according to instructions stored in computer-readable storage media other than that described herein, as will become apparent to those having skill in the art with reference to the embodiments described herein. Any reference to systems and computer-readable storage media with respect to the following computer-implemented methods is provided for explanatory purposes, and is not intended to limit any of such systems and any of such non-transitory computer-readable storage media with regard to embodiments of computer-implemented methods described above. Likewise, any reference to the following computer-implemented methods with respect to systems and computer-readable storage media is provided for explanatory purposes, and is not intended to limit any of such computer-implemented methods disclosed herein.
The flowcharts and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The descriptions of the various embodiments of the present disclosure have been presented for purposes of illustration, but are not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein was chosen to best explain the principles of the embodiments, the practical application or technical improvement over technologies found in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
As used herein, the singular form "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
The word “exemplary” is used herein to mean “serving as an example, instance or illustration”. Any embodiment described as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments and/or to exclude the incorporation of features from other embodiments.
It is appreciated that certain features of the disclosed subject matter, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the disclosed subject matter, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable subcombination or as suitable in any other described embodiment of the disclosed subject matter. Certain features described in the context of various embodiments are not to be considered essential features of those embodiments, unless the embodiment is inoperative without those elements. The above-described processes including portions thereof can be performed by software, hardware and combinations thereof. These processes and portions thereof can be performed by computers, computer-type devices, workstations, processors, micro-processors, other electronic searching tools and memory and other non-transitory storage-type devices associated therewith. The processes and portions thereof can also be embodied in programmable non-transitory storage media, for example, compact discs (CDs) or other discs including magnetic, optical, etc., readable by a machine or the like, or other computer usable storage media, including magnetic, optical, or semiconductor storage, or other source of electronic signals.
The processes (methods) and systems, including components thereof, herein have been described with exemplary reference to specific hardware and software. The processes (methods) have been described as exemplary, whereby specific steps and their order can be omitted and/or changed by persons of ordinary skill in the art to reduce these embodiments to practice without undue experimentation. The processes (methods) and systems have been described in a manner sufficient to enable persons of ordinary skill in the art to readily adapt other hardware and software as may be needed to reduce any of the embodiments to practice without undue experimentation and using conventional techniques.
Although the disclosed subject matter has been described in conjunction with specific embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, it is intended to embrace all such alternatives, modifications and variations that fall within the spirit and broad scope of the appended claims.

Claims

CLAIMS:
1. A method for decrypting data comprising: providing a computer with at least one instruction to decrypt a portion of encrypted data received by the computer; receiving encrypted data from a system in an decryption device, the data encrypted data including at least one instruction associated with the encrypted data to decrypt a portion of the encrypted data; acquiring at least one key to decrypt the portion of the encrypted data in accordance with the instruction; and, decrypting the portion of the encrypted data in accordance with the instruction.
2. The method of claim 1, wherein the portion of the encrypted data which is decrypted includes the data displayed on a display associated with the computer.
3. The method of claim 1, wherein the at least one instruction is mapped to the decryption device.
4. The method of claim 1 , wherein the least one instruction to decrypt a portion of encrypted data received by the computer resides in a browser extension of the computer.
5. The method of claims 1 and 3, wherein the decryption device includes an encryption and decryption server.
6. The method of claim 5, wherein the encryption and decryption server encrypts data which is provided as the encrypted data to the system.
7. The method of claim 5, wherein the at least one key to decrypt the encrypted data resides in the encryption and decryption server.
8. The method of claim 5, wherein the at least one key to decrypt the encrypted data resides in one or more key servers external to the encryption and decryption server.
9. The method of claim 1, wherein the computer receives the encrypted data in response to a request to the system.
10. The method of claims 6 and 9, wherein the system computer includes a Customer Relations Management (CRM) server.
11. The method of claim 10, wherein the encryption and decryption server is generic to one or more CRM platforms running on the CRM server.
12. The method of claims 5 and 11, wherein the encryption and decryption server includes one or more servers.
13. The method of claim 1, wherein the decrypting the portion of the encrypted data in accordance with the at least one instruction is performed in real time.
14. The method of claim 6, wherein the encryption and decryption server encrypts data which is provided as the encrypted data to the system in real time.
15. A data encryption method comprising: designating a plurality of X data items; based on the X data items, creating X-l data strings, each of the X-l data strings including at least one of the X data items, and, at least one of the X-l data strings including at least one additional data items of the X data items; and, encrypting each of the X- 1 data strings by using an encryption algorithm.
16. The data encryption method of claim 15, wherein the encrypting each of the X-l data strings by using an encryption algorithm includes using at least one different encryption algorithm for at least one string which is different from the encryption algorithms used for each of the other data strings.
17. The data encryption method of claim 15, wherein the encrypting each of the X-l data strings by using an encryption algorithm includes using the same encryption algorithm for each of the data strings.
18. The data encryption method of claim 16 and 17, wherein the at least one of the X data items includes one data item.
19. The data encryption method of claims 16 and 17, wherein the at least one of the X-l data strings includes one data string.
20. The data encryption method of claims 16 and 17, wherein the at least one additional data items of the X data items includes one additional data item.
21. The data encryption method of claims 15-20, where X is an integer.
22. The data encryption method of claim 15, wherein the providing a plurality of data strings additionally comprises: providing each data string with START and END indicators where the at least one data item is provided in each of the data strings.
23. A system for decrypting data comprising: at least one computer for encrypting and decrypting data, and configured for: 1) receiving at least one instruction associated with received encrypted data to decrypt a portion of the encrypted data, and, 2) decrypting a portion of the encrypted data, at the machine associated with the received encrypted data.
24. The system of claim 23, wherein the at least one instruction resides on a browser extension of the machine associated with the received encrypted data.
25. The system of claim 24, wherein the at least one instruction maps to the at least one computer for encrypting and decrypting data.
26. The system of claim 24, wherein the at least one instruction causes decryption of the portion of encrypted data displayed on a display associated with the machine.
27. The system of claim 26, wherein the machine includes a user computer.
28. The system of claim 23, wherein the at least one computer for encrypting and decrypting data includes an encryption and decryption server.
29. The system of claim 23, wherein the at least one computer for encrypting and decrypting data includes at least one encryption server and at least one decryption server.
30. The system of claim 23, wherein the at least one computer for encrypting and decrypting data is additionally configured for encrypting data corresponding to the received encrypted data.
31. The system of claim 23, wherein the at least one computer for encrypting and decrypting data is configured for the encrypting and decrypting data in real time.
PCT/IB2020/057544 2019-08-12 2020-08-11 Real time decryption system and method for its use WO2021028831A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201962885326P 2019-08-12 2019-08-12
US62/885,326 2019-08-12

Publications (1)

Publication Number Publication Date
WO2021028831A1 true WO2021028831A1 (en) 2021-02-18

Family

ID=74569522

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2020/057544 WO2021028831A1 (en) 2019-08-12 2020-08-11 Real time decryption system and method for its use

Country Status (1)

Country Link
WO (1) WO2021028831A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080270807A1 (en) * 2004-04-15 2008-10-30 Randolph Michael Forlenza Method for Selective Encryption Within Documents
US20100095118A1 (en) * 2006-10-12 2010-04-15 Rsa Security Inc. Cryptographic key management system facilitating secure access of data portions to corresponding groups of users
WO2013020178A1 (en) * 2011-08-11 2013-02-14 Cocoon Data Holdings Limited A system and method for distributing secured data
US20180331824A1 (en) * 2015-11-20 2018-11-15 Genetec Inc. Secure layered encryption of data streams
WO2019110574A1 (en) * 2017-12-04 2019-06-13 Wellness Technology and Media Group Ltd Methods of secure communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080270807A1 (en) * 2004-04-15 2008-10-30 Randolph Michael Forlenza Method for Selective Encryption Within Documents
US20100095118A1 (en) * 2006-10-12 2010-04-15 Rsa Security Inc. Cryptographic key management system facilitating secure access of data portions to corresponding groups of users
WO2013020178A1 (en) * 2011-08-11 2013-02-14 Cocoon Data Holdings Limited A system and method for distributing secured data
US20180331824A1 (en) * 2015-11-20 2018-11-15 Genetec Inc. Secure layered encryption of data streams
WO2019110574A1 (en) * 2017-12-04 2019-06-13 Wellness Technology and Media Group Ltd Methods of secure communication

Similar Documents

Publication Publication Date Title
EP3298532B1 (en) Encryption and decryption system and method
US10204227B2 (en) Privacy firewall
US20220343017A1 (en) Provision of risk information associated with compromised accounts
US9930026B2 (en) Encryption/decryption in a cloud storage solution
CA3052182C (en) Virtual service provider zones
US9473467B2 (en) Customer controlled data privacy protection in public cloud
CN106022155A (en) Method and server for security management in database
CN106295367A (en) Data ciphering method and device
US20150006890A1 (en) Virtual service provider zones
CN113326517A (en) System and method for detecting sensitive information leakage while preserving privacy
CN107948152A (en) Information storage means, acquisition methods, device and equipment
US8972747B2 (en) Managing information in a document serialization
US8867743B1 (en) Encryption of large amounts of data using secure encryption methods
CN106992851A (en) TrustZone-based database file password encryption and decryption method and device and terminal equipment
CN105721393A (en) Data security encryption method and data security encryption device
CN103379133A (en) Safe and reliable cloud storage system
US11997191B2 (en) System and method for protecting secret data items using multiple tiers of encryption and secure element
Pandey et al. Data security in cloud-based applications
WO2021028831A1 (en) Real time decryption system and method for its use
US10043015B2 (en) Method and apparatus for applying a customer owned encryption
JP4396585B2 (en) Vulnerability diagnosis program and recording medium recording vulnerability diagnosis program
JP4338185B2 (en) How to encrypt / decrypt files
Coles et al. Expert SQL server 2008 encryption
EP3557469B1 (en) System, method and computer program for secure data exchange
Rathore et al. Data Storage Security Issues and Solutions in Cloud Computing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20852362

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 09/06/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20852362

Country of ref document: EP

Kind code of ref document: A1