WO2005084177A2 - Secure data management system with mobile data management capability - Google Patents

Secure data management system with mobile data management capability Download PDF

Info

Publication number
WO2005084177A2
WO2005084177A2 PCT/US2004/038907 US2004038907W WO2005084177A2 WO 2005084177 A2 WO2005084177 A2 WO 2005084177A2 US 2004038907 W US2004038907 W US 2004038907W WO 2005084177 A2 WO2005084177 A2 WO 2005084177A2
Authority
WO
WIPO (PCT)
Prior art keywords
memory device
mobile memory
data
removable mobile
user
Prior art date
Application number
PCT/US2004/038907
Other languages
French (fr)
Other versions
WO2005084177A3 (en
Inventor
Kenneth Danckaert
Donna Danckaert
Paul Danckaert
Original Assignee
The Titan Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Titan Corporation filed Critical The Titan Corporation
Publication of WO2005084177A2 publication Critical patent/WO2005084177A2/en
Publication of WO2005084177A3 publication Critical patent/WO2005084177A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner

Definitions

  • the present invention generally relates to data management, and in particular relates to secure management, backup and recovery of encrypted data from remote and local sites, and access to terminal services resident on remote servers such as corporate servers .
  • Additional security problems can occur when using a third party's computer, such as when traveling or when one needs to use a computer immediately but does not have ready access to their own computer.
  • the user has no knowledge of the potential security vulnerabilities of the third party computer, in that there does not exist any easy way to determine if the computer contains viruses or spyware programs that might corrupt or steal their data.
  • Computer security problems in the form of viruses, spyware, and applications that store copies of user data as temporary files without the knowledge of the user are a significant concern. Also, most computer owners rarely keep antivirus and antispyware programs up to date, which makes them vulnerable to infestation by new viruses and spyware.
  • the secure mobile transport of data over commercial communication links is a necessity for all government, commercial and individual overseas travelers.
  • the present invention allows users to securely access data and applications from any data processor system (e.g. , a PC, laptop computer, notebook computer, PDA, workstation, remote server, etc.) that is equipped with the appropriate hardware interface and environment with little or no installation process, no configuration of the computer system and no requirement for downloading drivers or other software.
  • the user can choose to store data in either secure (e.g. , encrypted) or non-secure (e.g. , unencrypted) data storage areas .
  • secure e.g. , encrypted
  • non-secure e.g. , unencrypted
  • the present invention utilizes a removable memory device, such as a static memory device with a built-in USB interface, or other removable memory media, in which custom software including applications, configuration information, cryptographic algorithms and user data are contained, and executed by a host computing apparatus when it is coupled to the memory device through the interface .
  • a removable memory device such as a static memory device with a built-in USB interface, or other removable memory media, in which custom software including applications, configuration information, cryptographic algorithms and user data are contained, and executed by a host computing apparatus when it is coupled to the memory device through the interface .
  • FIG. 1 is a diagram of a secure mobile data management system according to a preferred embodiment of the invention.
  • FIG. 2 is a diagram illustrating memory device synchronization according to a preferred embodiment of the invention.
  • FIG. 3 is a diagram illustrating memory device access to secure remote software applications according to a preferred embodiment of the invention.
  • FIG. 1 illustrates one preferred embodiment of a secure mobile data management system according to the present invention, using a management station; however the invention contemplates that the management function could be equally provided by a central server connected to a removable mobile memory device directly through an end-user data processing apparatus.
  • a management station 101 is responsible for issuing a mobile secure memory device 103 to an end user, initializing the device 103 and installing particular applications and data in accordance with the configuration and requirements of the enterprise using the system.
  • the management station 101 communicates with a central server 105 over a communications network 109.
  • the central server is coupled to a database 111.
  • step 2 user identification details are inputted to the management station 101 via a keyboard or other input device to identify the user who is being issued the mobile memory device 103; the management station transmits this information to the central server 105 via the network 109. In this way, all end users are centrally managed and each individual memory device 103 can be individually configured for a unique end user.
  • the central server retrieves from the database 111 a user profile corresponding to the user identification information sent from the management station. The user profile is used to generate appropriate keys/certificates for the user.
  • the central server 105 will identify an error event.
  • the key request is valid, then at step 4 the new key/certificate and memory device issuing details are written to the user profile in the database 111.
  • a response is returned via the network to the management station 101.
  • the central server will send to the management station appropriate key information for storage in the mobile memory device 103. If the request was invalid, then an error message is returned to the management station 101.
  • the mobile memory device 103 is initialized, its memory is cleared, and software is installed for secure data management and synchronization. Additionally, the user's personal details, configuration settings, and keys/certificates are initially encrypted and then written to the device 103. At step 7, the memory device 103 is physically issued to the user.
  • Fig. 2 illustrates an example of operation wherein the memory device is synchronized with the central server.
  • the memory device can be synchronized with the central server at periodic or manually-selected intervals to ensure that all data is appropriately backed-up and secure. This synchronization process occurs via a connection over a secure network, or via a secure connection (such as IP Sec, etc.) over an unsecured network, and will securely synchronize all sensitive and encrypted data.
  • the user reads current file information from the memory device using a workstation. The user either selects an application option to synchronize files on the memory device, or the device automatically causes the synchronization operation to be performed in accordance with a prestored security policy.
  • the synchronization process also may include polling by the device to retrieve definitional updates for various software applications including, for example, antivirus or antispyware applications.
  • the user sends read file information to the central server securely over a data network 209.
  • the memory device application will authenticate to the central server repository and send current file information to the central server as a synchronization request.
  • the server also may serve as a conduit for independent secure transfer of files and file collaboration among multiple users.
  • the server 105 reads the current file state from the database repository 111.
  • the current file state provides to the central server details on the last updated state of the user's files that are stored in the repository. This information is then compared with the user- sent information to determine which files have changed and need to be updated on the central server .
  • the server 105 sends a file state to the user workstation 107.
  • the file state includes a list of files that need to be sent to the central server in order to fully synchronize the memory device 103 as a response to the initial request.
  • the user sends the necessary updated files from the memory device 103 directly to the central server 105, which include all files detailed in the file state response.
  • the central server writes the updated file to the database repository 111. All new and/or changed files are written to the database. If a file was changed, the old file is retained according to the corporate data retention policies in place. After all files have been correctly synchronized, at step 7 the server 105 returns the details to the user workstation 107.
  • FIG. 3 is a diagram illustrating the ability to remotely access sensitive and/or proprietary applications using the mobile memory device 103.
  • the user runs an application access application from mobile memory device 103, by selecting the remote application access function from the memory device 103 and loading the application into the working memory of the user workstation 107; the application executes after reading any necessary keys/certificates from the memory device 103.
  • the application access application connects to a corporate terminal server 305 by establishing a secured connection with the corporate terminal server through a secure network 209, passing any required keys/certificates to the terminal server 305via the secured connection, and allowing the user to enter any other necessary authentication credentials .
  • the terminal server 305 upon completion of a valid authentication, establishes a fully connected session with user workstation 107 through the secured network 209 and allows the user to start executing applications as necessary.
  • the removable memory device application also can provide biometric authentication and access control of the memory device; the secured data management application can provide enterprise access control through an authentication mechanism, and further can provide Local Area Network (LAN) access control through an authentication mechanism.
  • the secured data management application provides multilevel authentication, in that each device and system has its own process that it follows to authenticate the user to the system or the device to the system.
  • the first level is the client level and includes the memory device and a host computer.
  • the second level is the management workstation computer.
  • the third level is the repository server. Additionally, there may be multiple authentication levels within the device or within each of the above levels, such as, for example, biometrics, pass phrases, multiple passwords, etc .
  • An integrity check of modular application components is performed to ensure that the memory device uses only approved components, and the removable memory device can provide an application that automatically repairs faulty application components.
  • the secured data management application provides encrypted memory device storage of all content to include user data, configuration files, data files, cryptographic algorithms and metadata, and also provides data integrity to ensure that data has not been altered or deleted.
  • the removable memory device further contains an application that verifies that all user sensitive data that has been stored as temporary files has been removed from a host computing device, an application that will operate by executing via the removable memory device and will scan and verify that a host computing device is free of user monitoring software. The application will eliminate any spyware or user monitoring software found on a host computing device.
  • the security application executes via the removable memory device and scans and verifies that a host computing device is free of virus activity. The application will eliminate any viruses found on a host computing device.
  • the secured data management application can be integrated into corporate security infrastructures and PKI systems to utilize corporate or commercially issued Keys and Certificates to encrypt and decrypt user data.
  • the management application issues and revokes user certificates, maintains a Certificate Revocation List (CRL) and cross certifies user certificates with other certificate issuers.
  • a management application on the server also can maintain a Centralized User Directory of certificates for the removable memory device user to access and search in the event that they wish to communicate with other users. They can download the certificate, maintain the certificate on their removable memory device and use it to encrypt communications with other users .
  • the removable memory device also may maintain a metadata repository pertaining to all files currently stored or registered with the memory device application.
  • the metadata repository can store all unique file identification information, the current file name, file status information, file encryption and algorithm details and other necessary details .
  • the removable memory device also may maintain a synchronization request queue of operations to be performed at the next available synchronization process. This process may include operations such as file updates, deletions and other metadata changes .
  • the removable memory device can maintain an operating system that is separate from its host computer operating system to ensure that the host computer operating system application cannot change or alter the memory device application.
  • the removable memory device operating system can allow the host computer to boot directly from the removable memory device rather than the internal operating system resident in the computer.
  • the removable memory device also may contain an application that hides the file data repository from being viewed to protect it against user manipulation. This protection is accomplished by tagging the repository directory tree as hidden in the file system. The users never have direct access to files within the repository directory itself, but should be required to access information solely through the removable memory device operating application itself.
  • the removable memory device also may provide an encrypted file format to identify and decrypt a file when necessary. The information is bundled with the file in an ASN.l encoding process.
  • the removable memory device also may include an application that provides an automatic file relock for all files that have previously been encrypted.
  • the relock process keeps track of each encryption and decryption event within the application to ensure that all decrypted files are re- encrypted when the user activates the automatic file relock process .
  • the removable memory device also may provide data archiving as an alternate to data deletion.
  • the user selects the file, directory or group of files to archive and the data archive process will move the data to a temporary archive location of the device pending the next synchronization process.
  • the synchronization will fully synchronize these archived files to ensure that the server retains the latest versions, and then will mark the server-based copies as archived. Local copies of the files will be deleted.
  • the removable memory device can generate a unique file encryption key each time that it is used, such that the loss or disclosure of the file encryption key will not disclose other file keys since each file encryption key is unique to that file.
  • the secured data management server may incorporate a web service known as the Simple Object Access Protocol (SOAP) to provide a standardized format for information exchange and to permit change and expansion of that format in the future.
  • SOAP Simple Object Access Protocol
  • the secured data management server detects shared and concurrent users. The process determines if multiple users are using the same device configuration concurrently with two different memory devices. The purpose of this detection process is to ensure that only the original registered device can be used and other unregistered users can be detected and removed.
  • the secured data management server also may provide a group collaboration and sharing channel, which is a channel in which multiple users can read and write files. When a user has permission to join a collaborative channel, they will be given access to a group collaboration and sharing channel. Any file written into this channel will be available to other members after a synchronization process has been completed.
  • the secured data management server may also include an application that provides a distribution channel which is a read-only channel. This channel would be intended to provide access to read-only information such as manuals or reference materials .
  • the secured data management server may also include an application that provides a process of queuing operations until they can be performed by a connection to the server. The user must be able to queue operations when they do not have a network connection available. If a user chooses to delete a file locally and from the repository, the delete request will be queued and considered for processing when the next synchronization occurs.
  • the secured data management server may also include an application that provides a collaboration and sharing directory search process that a user queries to find other users .
  • the search allows for full or partial name matching on users' first names, last names and possible group memberships.
  • the search will return the list of users who match the search parameters .
  • the secured data management server may also include an application that provides a secure user-to-user collaboration and sharing process. This process enables a user to send encrypted files to another user.
  • the system provides a directory search menu for the user to search through and to select names to which the user wishes to send files.
  • the system retrieves the public keys and IDs for each of the users and encrypts the file headers with a combination of the user's private key and the remote user's public key. This encryption is done within the memory device application to ensure security in transporting the information. These encrypted files are then sent directly to the synchronization server and placed in an incoming queue for the destination user. The file remains queued and will be processed on the next synchronization event .
  • the secured data management server may also include an application that provides a secure group collaboration and sharing process that is based on multiple channels and the capability to determine who may subscribe to a channel.
  • the server may be configured to offer multiple channels to a specific company and each channel may have its own access controls placed upon it.
  • a channel can be configured as read only, read-write, or disallowed to read-write. The configuration is determined by the specific user's needs and the security policy limitations for the channel. A channel may not be visible to all users if they are not given read-only access. A default channel can also be denied for specific users.
  • the user receives all updates placed in the channel, whether the user is read-only or read-write.
  • the administration server application uses a relational database to store information about each user of the system. Also stored within the user database is access control and access level information and certificate or key information.
  • the administration server application enables the central corporate server to use the Lightweight Directory Access Protocol (LDAP) as a common source of information about employees in many enterprises.
  • LDAP Lightweight Directory Access Protocol
  • the administration server application uses an interface to abstract the User Information Repository (UIR) provider and thus alternate information sources can be used, providing they contain a minimum of information necessary to identify and authenticate users.
  • UIR User Information Repository
  • the administration server application ensures that security policy files may be managed on a per-user or a group membership basis. If a user is a member of multiple groups, the server will provide the policy for the first group membership found for the user. If the user is an individual policy file configured user, this policy may take precedence over group policies .
  • the administration server application further ensures that a security policy may be configured on a channel- by-channel basis. This configuration would be used most frequently when a channel is to be primarily a read-only channel for most users, but will still allow certain users to upload content and information to it.
  • the removable memory device ensures enforcement of server-provided security policies; for example, a policy that would require the removal memory device application to automatically upload new or changed files that are added to the local repository. When the user initiates the synchronization process, the user does not have the option of disabling the uploading portion of the process; or a policy that requires the memory device application to enforce temporary file removal by the user by eliminating the option of disabling the temporary file cleaning process that can occur when quitting the removable memory device application.

Abstract

A secure data management software system includes a removable mobile memory device used on any end-user computer for storing, securing, encrypting, processing, virus scanning, spyware scanning, vulnerability scanning, authentication to a terminal server, collaboration and document sharing, transmitting and synchronizing data. A management and administration application issues memory devices to registered users, and loads the mobile removable memory device with keys, Public Key Infrastructure certificates, recovery of user keys and certificates, web based provisioning, and manages user identification information. A server application enables receiving, securing, encrypting, processing, replication, virus definition file updates, spyware definition file updates, synchronization, back-up and recovery of user data, logging and audit of user activity, security policy enforcement, collaboration and sharing, and storing and archiving data from the mobile removable memory device.

Description

SECURE DATA MANAGEMENT SYSTEM WITH MOBILE DATA MANAGEMENT CAPABILITY
PRIORITY CLAIM TO PROVISIONAL APPLICATION [0001] This application claims the benefit of the filing date of November 21, 2003 of Provisional Application Serial No. 60/523,685, entitled "Secure Data and Application Mobility Device," under 35 U.S.C. § 119(e).
BACKGROUND OF THE INVENTION
1. Field Of The Invention
[0002] The present invention generally relates to data management, and in particular relates to secure management, backup and recovery of encrypted data from remote and local sites, and access to terminal services resident on remote servers such as corporate servers .
2. Description Of The Background Art
[0003] In a highly mobile society, people want and need continuous access to their electronic data. Whether they are in their homes, their offices or in distant locations while traveling, people need the ability to access their electronic data and applications . Physical security restrictions at airports have made it increasingly burdensome to travel with personal laptop or notebook computers . People also want to protect their data to keep it private. Both individuals and companies have important financial, commercial, legal and personal reasons to maintain their information in a secure and protected state. [0004] Currently, electronic data is stored on disk drives within portable computers or in various portable memory devices such as flash memory. Typically this data is stored and transported in an unprotected manner. If the portable computers or memory devices are lost or stolen, the data must be considered compromised because even if they are password protected, these devices can be hacked, passwords uncovered and the data revealed through data recovery programs . Needless to say, data stored in plain text is easily recoverable .
[0005] Additional security problems can occur when using a third party's computer, such as when traveling or when one needs to use a computer immediately but does not have ready access to their own computer. The user has no knowledge of the potential security vulnerabilities of the third party computer, in that there does not exist any easy way to determine if the computer contains viruses or spyware programs that might corrupt or steal their data. Computer security problems in the form of viruses, spyware, and applications that store copies of user data as temporary files without the knowledge of the user are a significant concern. Also, most computer owners rarely keep antivirus and antispyware programs up to date, which makes them vulnerable to infestation by new viruses and spyware. [0006] The secure mobile transport of data over commercial communication links is a necessity for all government, commercial and individual overseas travelers. The communications of persons on foreign business with their home offices can be an attractive target for eavesdropping and interception by various entities when such persons are in a host country. Because electronic communications usually travel through government-controlled communications media, the threat of interception of such communications from foreign governments is very real . [0007] Additionally, there presently exists no solution whereby data can be reconstituted in the event of adverse events, such as theft, damage or loss of a portable computer, actions taken by a disgruntled employee to destroy corporate data, system failures or the departure or even death of an employee . [0008] There are no solutions available today that provide secure data mobility, authentication and access, anti-virus and spyware detection and removal, temporary file identification and removal, automatic unalterable imposition of a corporate security policy, and secure file sharing in a single mobile device that requires no user installation. In addition, it would be desirable for individuals to be able to easily secure and protect their personal data independently of the particular computer or other data processing device they are using. SUMMARY OF THE INVENTION [0009] The present invention solves the existing need by providing a secure data management solution that enables secure data mobility, remote and local authentication and access, anti-virus and spyware detection and removal, temporary file identification and removal, and secure file sharing in the form of a portable memory device, such as a single USB device, and that requires no user installation. [0010] The present invention allows users to securely access data and applications from any data processor system (e.g. , a PC, laptop computer, notebook computer, PDA, workstation, remote server, etc.) that is equipped with the appropriate hardware interface and environment with little or no installation process, no configuration of the computer system and no requirement for downloading drivers or other software. [0011] The user can choose to store data in either secure (e.g. , encrypted) or non-secure (e.g. , unencrypted) data storage areas . When the user has completed data-related functions, exited programs and removed the memory device there remains no trace of the sensitive data or applications on the computer or other data processing apparatus that was used to access, create or transmit it. [0012] According to one preferred embodiment, the present invention utilizes a removable memory device, such as a static memory device with a built-in USB interface, or other removable memory media, in which custom software including applications, configuration information, cryptographic algorithms and user data are contained, and executed by a host computing apparatus when it is coupled to the memory device through the interface .
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] The invention will become more clearly understood from the following detailed description in connection with the accompanying drawings, in which: [0014] FIG. 1 is a diagram of a secure mobile data management system according to a preferred embodiment of the invention; [0015] FIG. 2 is a diagram illustrating memory device synchronization according to a preferred embodiment of the invention; and [0016] FIG. 3 is a diagram illustrating memory device access to secure remote software applications according to a preferred embodiment of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0017] Fig. 1 illustrates one preferred embodiment of a secure mobile data management system according to the present invention, using a management station; however the invention contemplates that the management function could be equally provided by a central server connected to a removable mobile memory device directly through an end-user data processing apparatus. A management station 101 is responsible for issuing a mobile secure memory device 103 to an end user, initializing the device 103 and installing particular applications and data in accordance with the configuration and requirements of the enterprise using the system. The management station 101 communicates with a central server 105 over a communications network 109. The central server is coupled to a database 111.
[0018] The initialization procedure is as follows. At step 1, the memory device 103 is inserted into the management station 101, via an interface such as a USB port, etc. The management station reads the current state of the device 103; if it is a clean device, the management station prepares to configure the device 103 and install appropriate applications for a new user. If the device already contains data or applications, the management station may re-format the device and erase the existing information, may install appropriate applications, or may reject the device and issue an error message.
[0019] At step 2, user identification details are inputted to the management station 101 via a keyboard or other input device to identify the user who is being issued the mobile memory device 103; the management station transmits this information to the central server 105 via the network 109. In this way, all end users are centrally managed and each individual memory device 103 can be individually configured for a unique end user. [0020] At step 3, the central server retrieves from the database 111 a user profile corresponding to the user identification information sent from the management station. The user profile is used to generate appropriate keys/certificates for the user. If there is no corresponding user profile stored in the database 111 for the end user identification information transmitted from the management station, or if the user profile corresponding to the received identification information already contains an issued key, the central server 105 will identify an error event. [0021] If the key request is valid, then at step 4 the new key/certificate and memory device issuing details are written to the user profile in the database 111. At step 5, a response is returned via the network to the management station 101. Where the key issuance request was valid, the central server will send to the management station appropriate key information for storage in the mobile memory device 103. If the request was invalid, then an error message is returned to the management station 101.
[0022] At step 6, the mobile memory device 103 is initialized, its memory is cleared, and software is installed for secure data management and synchronization. Additionally, the user's personal details, configuration settings, and keys/certificates are initially encrypted and then written to the device 103. At step 7, the memory device 103 is physically issued to the user.
[0023] Fig. 2 illustrates an example of operation wherein the memory device is synchronized with the central server. As the user works with data on the mobile memory device 103, the memory device can be synchronized with the central server at periodic or manually-selected intervals to ensure that all data is appropriately backed-up and secure. This synchronization process occurs via a connection over a secure network, or via a secure connection (such as IP Sec, etc.) over an unsecured network, and will securely synchronize all sensitive and encrypted data. At step 1, the user reads current file information from the memory device using a workstation. The user either selects an application option to synchronize files on the memory device, or the device automatically causes the synchronization operation to be performed in accordance with a prestored security policy. This will cause the memory device application to read information on user-selected encrypted and sensitive files from the memory device. The synchronization process also may include polling by the device to retrieve definitional updates for various software applications including, for example, antivirus or antispyware applications. [0024] At step 2, the user sends read file information to the central server securely over a data network 209. The memory device application will authenticate to the central server repository and send current file information to the central server as a synchronization request. The server also may serve as a conduit for independent secure transfer of files and file collaboration among multiple users. [0025] At step 3, the server 105 reads the current file state from the database repository 111. The current file state provides to the central server details on the last updated state of the user's files that are stored in the repository. This information is then compared with the user- sent information to determine which files have changed and need to be updated on the central server .
[0026] At step 4, the server 105 sends a file state to the user workstation 107. The file state includes a list of files that need to be sent to the central server in order to fully synchronize the memory device 103 as a response to the initial request. Next, at step 5 the user sends the necessary updated files from the memory device 103 directly to the central server 105, which include all files detailed in the file state response. [0027] At step 6, the central server writes the updated file to the database repository 111. All new and/or changed files are written to the database. If a file was changed, the old file is retained according to the corporate data retention policies in place. After all files have been correctly synchronized, at step 7 the server 105 returns the details to the user workstation 107. At step 8, the application running on user workstation 107 updates the file information on the mobile memory device 103 to track the last synchronization details . [0028] FIG. 3 is a diagram illustrating the ability to remotely access sensitive and/or proprietary applications using the mobile memory device 103. At step 1, the user runs an application access application from mobile memory device 103, by selecting the remote application access function from the memory device 103 and loading the application into the working memory of the user workstation 107; the application executes after reading any necessary keys/certificates from the memory device 103.
[0029] At step 2, the application access application connects to a corporate terminal server 305 by establishing a secured connection with the corporate terminal server through a secure network 209, passing any required keys/certificates to the terminal server 305via the secured connection, and allowing the user to enter any other necessary authentication credentials . [0030] At step 3, upon completion of a valid authentication, the terminal server 305 establishes a fully connected session with user workstation 107 through the secured network 209 and allows the user to start executing applications as necessary.
Description of Advantageous Features [0031] The removable memory device application also can provide biometric authentication and access control of the memory device; the secured data management application can provide enterprise access control through an authentication mechanism, and further can provide Local Area Network (LAN) access control through an authentication mechanism. [0032] The secured data management application provides multilevel authentication, in that each device and system has its own process that it follows to authenticate the user to the system or the device to the system. The first level is the client level and includes the memory device and a host computer. The second level is the management workstation computer. The third level is the repository server. Additionally, there may be multiple authentication levels within the device or within each of the above levels, such as, for example, biometrics, pass phrases, multiple passwords, etc .
[0033] An integrity check of modular application components is performed to ensure that the memory device uses only approved components, and the removable memory device can provide an application that automatically repairs faulty application components.
[0034] The secured data management application provides encrypted memory device storage of all content to include user data, configuration files, data files, cryptographic algorithms and metadata, and also provides data integrity to ensure that data has not been altered or deleted. [0035] The removable memory device further contains an application that verifies that all user sensitive data that has been stored as temporary files has been removed from a host computing device, an application that will operate by executing via the removable memory device and will scan and verify that a host computing device is free of user monitoring software. The application will eliminate any spyware or user monitoring software found on a host computing device. [0036] The security application executes via the removable memory device and scans and verifies that a host computing device is free of virus activity. The application will eliminate any viruses found on a host computing device. [0037] Multiple pluggable cryptographic algorithms can be maintained on the removable memory device. The user can choose which algorithm she wants to use or the enterprise security policy can determine which algorithm the user must employ for encryption. [0038] The secured data management application can be integrated into corporate security infrastructures and PKI systems to utilize corporate or commercially issued Keys and Certificates to encrypt and decrypt user data. The management application issues and revokes user certificates, maintains a Certificate Revocation List (CRL) and cross certifies user certificates with other certificate issuers. [0039] A management application on the server also can maintain a Centralized User Directory of certificates for the removable memory device user to access and search in the event that they wish to communicate with other users. They can download the certificate, maintain the certificate on their removable memory device and use it to encrypt communications with other users .
[0040] The removable memory device also may maintain a metadata repository pertaining to all files currently stored or registered with the memory device application. The metadata repository can store all unique file identification information, the current file name, file status information, file encryption and algorithm details and other necessary details . [0041] The removable memory device also may maintain a synchronization request queue of operations to be performed at the next available synchronization process. This process may include operations such as file updates, deletions and other metadata changes . [0042] The removable memory device can maintain an operating system that is separate from its host computer operating system to ensure that the host computer operating system application cannot change or alter the memory device application. The removable memory device operating system can allow the host computer to boot directly from the removable memory device rather than the internal operating system resident in the computer. [0043] The removable memory device also may contain an application that hides the file data repository from being viewed to protect it against user manipulation. This protection is accomplished by tagging the repository directory tree as hidden in the file system. The users never have direct access to files within the repository directory itself, but should be required to access information solely through the removable memory device operating application itself. [0044] The removable memory device also may provide an encrypted file format to identify and decrypt a file when necessary. The information is bundled with the file in an ASN.l encoding process.
[0045] The removable memory device also may include an application that provides an automatic file relock for all files that have previously been encrypted. The relock process keeps track of each encryption and decryption event within the application to ensure that all decrypted files are re- encrypted when the user activates the automatic file relock process .
[0046] The removable memory device also may provide data archiving as an alternate to data deletion. The user selects the file, directory or group of files to archive and the data archive process will move the data to a temporary archive location of the device pending the next synchronization process. The synchronization will fully synchronize these archived files to ensure that the server retains the latest versions, and then will mark the server-based copies as archived. Local copies of the files will be deleted. [0047] The removable memory device can generate a unique file encryption key each time that it is used, such that the loss or disclosure of the file encryption key will not disclose other file keys since each file encryption key is unique to that file. [0048] The secured data management server may incorporate a web service known as the Simple Object Access Protocol (SOAP) to provide a standardized format for information exchange and to permit change and expansion of that format in the future. The secured data management server detects shared and concurrent users. The process determines if multiple users are using the same device configuration concurrently with two different memory devices. The purpose of this detection process is to ensure that only the original registered device can be used and other unregistered users can be detected and removed.
[0049] The secured data management server also may provide a group collaboration and sharing channel, which is a channel in which multiple users can read and write files. When a user has permission to join a collaborative channel, they will be given access to a group collaboration and sharing channel. Any file written into this channel will be available to other members after a synchronization process has been completed. [0050] The secured data management server may also include an application that provides a distribution channel which is a read-only channel. This channel would be intended to provide access to read-only information such as manuals or reference materials .
[0051] The secured data management server may also include an application that provides a process of queuing operations until they can be performed by a connection to the server. The user must be able to queue operations when they do not have a network connection available. If a user chooses to delete a file locally and from the repository, the delete request will be queued and considered for processing when the next synchronization occurs.
[0052] The secured data management server may also include an application that provides a collaboration and sharing directory search process that a user queries to find other users . The search allows for full or partial name matching on users' first names, last names and possible group memberships. The search will return the list of users who match the search parameters . [0053] The secured data management server may also include an application that provides a secure user-to-user collaboration and sharing process. This process enables a user to send encrypted files to another user. The system provides a directory search menu for the user to search through and to select names to which the user wishes to send files. Once the recipients are chosen, the system retrieves the public keys and IDs for each of the users and encrypts the file headers with a combination of the user's private key and the remote user's public key. This encryption is done within the memory device application to ensure security in transporting the information. These encrypted files are then sent directly to the synchronization server and placed in an incoming queue for the destination user. The file remains queued and will be processed on the next synchronization event .
[0054] The secured data management server may also include an application that provides a secure group collaboration and sharing process that is based on multiple channels and the capability to determine who may subscribe to a channel. The server may be configured to offer multiple channels to a specific company and each channel may have its own access controls placed upon it. A channel can be configured as read only, read-write, or disallowed to read-write. The configuration is determined by the specific user's needs and the security policy limitations for the channel. A channel may not be visible to all users if they are not given read-only access. A default channel can also be denied for specific users. When a channel is subscribed, the user receives all updates placed in the channel, whether the user is read-only or read-write. In the case of conflicting changes by two users, the user will receive an explanation of the problem and a resolution to prevent inadvertent data loss. [0055] The administration server application uses a relational database to store information about each user of the system. Also stored within the user database is access control and access level information and certificate or key information. The administration server application enables the central corporate server to use the Lightweight Directory Access Protocol (LDAP) as a common source of information about employees in many enterprises.
[0056] The administration server application uses an interface to abstract the User Information Repository (UIR) provider and thus alternate information sources can be used, providing they contain a minimum of information necessary to identify and authenticate users.
[0057] The administration server application ensures that security policy files may be managed on a per-user or a group membership basis. If a user is a member of multiple groups, the server will provide the policy for the first group membership found for the user. If the user is an individual policy file configured user, this policy may take precedence over group policies .
[0058] The administration server application further ensures that a security policy may be configured on a channel- by-channel basis. This configuration would be used most frequently when a channel is to be primarily a read-only channel for most users, but will still allow certain users to upload content and information to it. [0059] The removable memory device ensures enforcement of server-provided security policies; for example, a policy that would require the removal memory device application to automatically upload new or changed files that are added to the local repository. When the user initiates the synchronization process, the user does not have the option of disabling the uploading portion of the process; or a policy that requires the memory device application to enforce temporary file removal by the user by eliminating the option of disabling the temporary file cleaning process that can occur when quitting the removable memory device application. The action thus will always occur without user intervention; or a policy that requires pass phrase changes by the user. This setting would allow administrators to set a maximum lifetime for a users pass phrase that is used to protect the removable memory device. At the end of this lifetime the user will be forced to change their pass phrase. This does not impact keys or certificates, but only the pass phrase used to unlock the device.
[0060] The invention having been described, it will be apparent to those skilled in the art that the same may be varied in many ways without departing from the spirit and scope of the invention. Any and all such modifications are intended to be included within the scope of the following claims .

Claims

What is claimed is:
1. A secure data management software system, comprising: a removable mobile memory device containing a data management application that is used on an end-user computer for examining and ensuring that said computer is free of software that could compromise data security, for authenticating a user to a remote terminal server, for encrypting data stored in said device, and for transmitting and synchronizing stored data files with a remote data repository; a management and administration system used for issuing and loading a removable mobile memory device with required user keys and/or certificates, web based provisioning, and managing identification information; and a server system used for receiving, storing, back-up and recovery of removable mobile memory device user data, logging and audit of user activity, and storing and archiving data from the mobile removable memory device.
2. A secure data management software system according to claim 1, wherein the removable mobile memory device maintains a history of synchronization operations.
3. A secure data management software system according to claim 1, wherein the server system monitors user activity.
4. The secure data management software system of claim 1, wherein said removable mobile memory device is a static memory device.
5. The secure data management software system of claim 4, wherein said removable mobile memory device is a USB memory device .
6. The secure data management software system of claim 1, wherein said removable mobile memory device includes a software virus scanning application.
7. The secure data management software system of claim 1, wherein said removable mobile memory device includes a spyware scanning application.
8. The secure data management software system of claim 1, wherein said removable mobile memory device includes a data encryption application.
9. The secure data management software system of claim 1, wherein said removable mobile memory device includes a data synchronization application.
10. The secure data management software system of claim 1, wherein said removable mobile memory device includes a software virus scanning application.
11. A removable mobile memory device, comprising: an interface that couples said device to an external data processing apparatus; a data management software application that is used on said external data processing apparatus for examining and ensuring that said apparatus is free of software that could compromise data security, for encrypting data stored in said device, whereby a user of said removable mobile memory device is able to have access to secured data and secured software applications from any external data processing apparatus including third party apparatus, without compromising security and without leaving any traces of such secured data or secured applications on said third party apparatus .
12. The removable mobile memory device of claim 11, wherein said device further includes an application for authenticating a user to a remote terminal server.
13. The removable mobile memory device of claim 11, wherein said device further includes an application for transmitting and synchronizing stored data files with a remote data repository.
14. The removable mobile memory device of claim 11, wherein said removable mobile memory device is a static memory device.
15. The removable mobile memory device of claim 14, wherein said removable mobile memory device is a USB memory device.
16. The removable mobile memory device of claim 11, wherein said removable mobile memory device includes a software virus scanning application.
17. The removable mobile memory device of claim 11, wherein said removable mobile memory device includes a spyware scanning application.
18. The removable mobile memory device of claim 11, wherein said removable mobile memory device includes a data encryption application.
19. The removable mobile memory device of claim 11, wherein said removable mobile memory device includes a data synchronization application.
20. The removable mobile memory device of claim 11, wherein said removable mobile memory device includes a software virus scanning application.
PCT/US2004/038907 2003-11-21 2004-11-19 Secure data management system with mobile data management capability WO2005084177A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US52368503P 2003-11-21 2003-11-21
US60/523,685 2003-11-21

Publications (2)

Publication Number Publication Date
WO2005084177A2 true WO2005084177A2 (en) 2005-09-15
WO2005084177A3 WO2005084177A3 (en) 2006-03-09

Family

ID=34919312

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/038907 WO2005084177A2 (en) 2003-11-21 2004-11-19 Secure data management system with mobile data management capability

Country Status (1)

Country Link
WO (1) WO2005084177A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2418503A (en) * 2004-09-27 2006-03-29 Mcafee Inc Virus scanner with integrated spyware scanning/detecting capabilities
WO2012100351A1 (en) * 2011-01-28 2012-08-02 Royal Canadian Mint/Monnaie Royale Canadienne Electronic transaction risk management
US9003531B2 (en) 2009-10-01 2015-04-07 Kaspersky Lab Zao Comprehensive password management arrangment facilitating security

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892902A (en) * 1996-09-05 1999-04-06 Clark; Paul C. Intelligent token protected system with network authentication
US6308270B1 (en) * 1998-02-13 2001-10-23 Schlumberger Technologies, Inc. Validating and certifying execution of a software program with a smart card
US6567915B1 (en) * 1998-10-23 2003-05-20 Microsoft Corporation Integrated circuit card with identity authentication table and authorization tables defining access rights based on Boolean expressions of authenticated identities
US6609199B1 (en) * 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US20040073787A1 (en) * 2002-03-13 2004-04-15 Amir Ban Personal portable storage medium
US20040123127A1 (en) * 2002-12-18 2004-06-24 M-Systems Flash Disk Pioneers, Ltd. System and method for securing portable data
US20050086241A1 (en) * 2003-08-26 2005-04-21 Tamir Ram Method, system, and program for personal data management using content-based replication
US20050136979A1 (en) * 2003-12-18 2005-06-23 Josef Dietl Storing and synchronizing data on a removable storage medium
US6944769B1 (en) * 2000-08-10 2005-09-13 International Business Machines Corporation Apparatus and a method for security authorization using a security key installed on removable media

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892902A (en) * 1996-09-05 1999-04-06 Clark; Paul C. Intelligent token protected system with network authentication
US6308270B1 (en) * 1998-02-13 2001-10-23 Schlumberger Technologies, Inc. Validating and certifying execution of a software program with a smart card
US6567915B1 (en) * 1998-10-23 2003-05-20 Microsoft Corporation Integrated circuit card with identity authentication table and authorization tables defining access rights based on Boolean expressions of authenticated identities
US6609199B1 (en) * 1998-10-26 2003-08-19 Microsoft Corporation Method and apparatus for authenticating an open system application to a portable IC device
US6944769B1 (en) * 2000-08-10 2005-09-13 International Business Machines Corporation Apparatus and a method for security authorization using a security key installed on removable media
US20040073787A1 (en) * 2002-03-13 2004-04-15 Amir Ban Personal portable storage medium
US20040123127A1 (en) * 2002-12-18 2004-06-24 M-Systems Flash Disk Pioneers, Ltd. System and method for securing portable data
US20050086241A1 (en) * 2003-08-26 2005-04-21 Tamir Ram Method, system, and program for personal data management using content-based replication
US20050136979A1 (en) * 2003-12-18 2005-06-23 Josef Dietl Storing and synchronizing data on a removable storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2418503A (en) * 2004-09-27 2006-03-29 Mcafee Inc Virus scanner with integrated spyware scanning/detecting capabilities
US7441273B2 (en) 2004-09-27 2008-10-21 Mcafee, Inc. Virus scanner system and method with integrated spyware detection capabilities
GB2418503B (en) * 2004-09-27 2008-12-31 Mcafee Inc Virus scanner system and method with integrated spyware detection capabilities
US9003531B2 (en) 2009-10-01 2015-04-07 Kaspersky Lab Zao Comprehensive password management arrangment facilitating security
WO2012100351A1 (en) * 2011-01-28 2012-08-02 Royal Canadian Mint/Monnaie Royale Canadienne Electronic transaction risk management

Also Published As

Publication number Publication date
WO2005084177A3 (en) 2006-03-09

Similar Documents

Publication Publication Date Title
USRE47443E1 (en) Document security system that permits external users to gain access to secured files
US8856530B2 (en) Data storage incorporating cryptographically enhanced data protection
US8006280B1 (en) Security system for generating keys from access rules in a decentralized manner and methods therefor
US8731201B2 (en) Techniques for securing content in an untrusted environment
KR101076861B1 (en) Pre-licensing of rights management protected content
US7707416B2 (en) Authentication cache and authentication on demand in a distributed network environment
US7751570B2 (en) Method and apparatus for managing cryptographic keys
US20050154885A1 (en) Electronic data security system and method
US20030110131A1 (en) Method and architecture for providing pervasive security to digital assets
US20210119781A1 (en) Systems and methods for re-using cold storage keys
JP2003228520A (en) Method and system for offline access to secured electronic data
US8826457B2 (en) System for enterprise digital rights management
WO2000065766A2 (en) Controlling and tracking access to disseminated information
US8805741B2 (en) Classification-based digital rights management
KR20030036787A (en) System for establishing an audit trail to protect objects distributed over a network
CA2524849A1 (en) Method of providing secure access to computer resources
US20070118733A1 (en) Secure synchronization and sharing of secrets
US7487535B1 (en) Authentication on demand in a distributed network environment
CN113647051A (en) System and method for secure electronic data transfer
KR20110128371A (en) Mobile authentication system and central control system, and the method of operating them for mobile clients
WO2005084177A2 (en) Secure data management system with mobile data management capability
US9002012B2 (en) Apparatus and method for securing data in computer storage
Sharma et al. Transcrypt: A secure and transparent encrypting file system for enterprises
US8977849B1 (en) Systems and methods for creating a rights management system (RMS) with superior layers and subordinate layers
KR20040009394A (en) Information secure system with PKI technology

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase