U.S. patent application number 15/482330 was filed with the patent office on 2018-03-01 for method and apparatus for securing the privacy of a computer network.
The applicant listed for this patent is Frederick J. Murphy, William H. Shawn. Invention is credited to Frederick J. Murphy, William H. Shawn.
Application Number | 20180063124 15/482330 |
Document ID | / |
Family ID | 43498295 |
Filed Date | 2018-03-01 |
United States Patent
Application |
20180063124 |
Kind Code |
A1 |
Shawn; William H. ; et
al. |
March 1, 2018 |
METHOD AND APPARATUS FOR SECURING THE PRIVACY OF A COMPUTER
NETWORK
Abstract
A method and apparatus for secure access to a computer network
and for safeguarding the confidentiality and privacy of data stored
and distributed by the network is disclosed. The method and
apparatus addresses both limiting access to the computer network to
those who are authorized to have access as well as the privacy of
the information stored in the network.
Inventors: |
Shawn; William H.;
(Washington, DC) ; Murphy; Frederick J.;
(Falmouth, MA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Shawn; William H.
Murphy; Frederick J. |
Washington
Falmouth |
DC
MA |
US
US |
|
|
Family ID: |
43498295 |
Appl. No.: |
15/482330 |
Filed: |
April 7, 2017 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
10767815 |
Jan 30, 2004 |
9621539 |
|
|
15482330 |
|
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L 9/3263 20130101;
G06F 21/62 20130101; H04L 9/3252 20130101; H04L 63/0823 20130101;
G06F 21/6245 20130101; H04L 63/10 20130101; H04L 9/3271
20130101 |
International
Class: |
H04L 29/06 20060101
H04L029/06; H04L 9/32 20060101 H04L009/32 |
Claims
1. A method of secure privacy notification, said method comprising
the steps: determining the regulatory compliance requirements for
privacy notification of data subjects; transforming said
requirements into electronic and non-electronic database query
screens and forms; querying a remote and/or resident database for
information fields contained within said query screens and forms;
human or automated completion of said data screens;
encryption/decryption of said data screens; human and/or automated
conversion of data screens into privacy notification human readable
formats; electronic and/or non-electronic data subject feedback
response methods and means; and conversion of said data subjects
feedback responses into database deletion, modification or
correction of the data subject's information in accordance with
said regulatory requirements.
2. The method of claim 1 wherein said electronic privacy
notification and feedback response is accomplished via a secure web
portal.
3. The method of claim 1 wherein said electronic privacy
notification and feedback response is accomplished via a secure
e-mail system.
4. The method of claim 1 wherein said electronic privacy
notification and feedback response is accomplished using digital
certificates comprising: a public or private, commercial or
government registration authority; a public or private, commercial
or government certificate authority; a digital signature encryption
algorithm' a unique non-reputable uer electronic identity; issuance
of x.509 compliant certificates specifically encoded via extension
to alert data processor of the data subjects privacy preferences;
and issuance of x.509 standard certificates specifically encoded
via extension to alert data processors of legal and regulatory
compliance requirements relevant to the data subjects privacy
preferences.
5. The method of claim 4 wherein said digital signature algorithm
is SHA-1 with DSA.
6. The method of claim 4 wherein said digital signature algorithm
is an elliptic curve.
7. The method of claim 6 wherein said elliptic curve is a Koblitz
binary curve.
8. The method of claim 4 wherein said digital signature algorithm
is a block cipher such as Rijndael.
9. The method of claim 4 wherein the data subjects privacy
preference is to "opt out" and where encoding the digital
certificate to be easily read by visual inspection by distinct
color coding.
10. The method of claim 4 wherein the data subjects privacy
preference is to "opt in" and where encoding the digital
certificate to be easily read by visual inspection by distinct
color coding.
11. The method of claim 4 including third party archiving of
certificate for non-repudiation, compliance audit and send and
receive functions.
12. The method in claim 4 including the binding of a users identity
and access authorizations to a physical device, such as a USB key,
and challenging the key at a remote email server in order to gain
access to the users authorized email box and messages.
Description
CROSS-REFERENCE TO RELATED APPLICATION
[0001] The present application claims the benefit of
non-provisional application Ser. No. 10/767,815 filed Jan. 30,
2004, which is incorporated herein by reference for all
purposes.
BACKGROUND OF THE INVENTION
[0002] The present invention is generally related to the field of
computer networks and more particularly, is directed to a method
and apparatus for secure access to a computer network and for
safeguarding the confidentiality and privacy of data stored and
distributed by the network.
[0003] The wide spread use of computers and the emergence of the
Internet has lead to a revolution in data collection, storage and
distribution. (Herein, the terms "data" and "information" are used
interchangeably). Today, most organizations could not conduct their
affairs without the aid of computerized information systems which
help to collect, process, and distribute information. Such systems
are taken for granted as a necessity for conducting business on
even a modest scale.
[0004] Prior to the advent of personal computers and computer
networks, most information was collected manually and stored in
hard copy form in physical file drawers. Because there were usually
no more than one or two copies of each document, their location and
safeguarding were easy to control. Even when mainframe computers
became available, the information had to be collected manually and
in many cases manually entered into the computer as well. The labor
intensive nature of the process necessarily limited the amount of
information that was collected and entered into the computer.
[0005] Access to the stored information also was limited. The
information could only be retrieved by outputting to an associated
terminal unit, printer and/or magnetic tape drive. Security of the
information usually was not an issue as the entire computer
infrastructure was under the control of the business owner.
Security resulted from a limited number of trusted employees having
the skill set needed to gain access to information stored on the
mainframe computer and by in-house mainframes typically not being
networked with outside computers. Thus, a company's physical
infrastructure, the limited number of employees with the requisite
skill set and the lack of networking with other computers provided
the ultimate firewall. Accordingly, the likelihood that the
computer could be "hacked" from the outside was greatly reduced and
the company and its customers felt secure from unauthorized access
to company records.
[0006] Today, the situation is much different. The relationship
that most customers have, for example, with their bank allows the
customer online access to his or her banking records. In most cases
the customer can transfer funds from one account to another,
including the accounts of a third party. Both the customer and the
bank benefit from this relationship. The customer can bank at a
time that is convenient for him or her and the bank has the
opportunity to collect a service fee with almost no human
intervention. The third beneficiaries to this relationship are
those who wish to engage in mischief, fraud and theft by gaining
unauthorized access to the records of bank customers and initiating
transactions for their own benefit.
[0007] Because computer technology has been developed to the point
that it can be readily understood, the skill set required to engage
in mischievous conduct is low and can be easily acquired. It is the
unintended beneficiaries of online relationships who engage in such
conduct that require that attention be paid to computers and
network security.
[0008] While the advantages of conducting business transactions
that involve confidential and private information online are many,
these advantages give rise to many security challenges. The
challenges are two-fold. The first challenge is to deny entry to
those who are not authorized to gain access to the system. The
second challenge is in maintaining the privacy of user information
once it has been collected and stored in the system. While neither
of these challenges are new, they have been greatly aggravated and
made more difficult by the number of people and commercial
establishments who now use online systems and the amount of data
that these systems collect and store. The opportunity to engage in
mischief by unscrupulous computer users has risen at a
corresponding rate.
[0009] Unlike in the past when collecting and entering information
into a computer system was very labor intensive and thus the volume
of information was low, today there are many fast and efficient
ways in which the information can be collected and entered. Modern
computer systems are replete with user friendly forms that
information providers can fill out themselves and not have to rely
on company computer operators to complete. Thus, the bottle neck of
information collection and entry that existed in the past has been
eliminated in large measure. This has lead to more information
being collected and stored from many more people.
[0010] In addition, modern computers and computer networks can be
programmed to automatically collect information about users,
sometimes without their knowledge. For example, the log files in a
web server maintains a record of what websites were visited by a
web surfer, the time and date, the Internet Protocol address of the
computer being used, and in some cases, user identities and
passwords. Many people consider this information confidential and
private.
[0011] The concern with protecting the confidentiality and privacy
of online information in today's world is evident from the actions
being taken or planned by most governments of developed countries.
For example, in the United States, there are national laws that
regulate the use and collection of personal data by financial
institutions and government agencies. In addition, the United
States enacted legislation entitled the Health Insurance
Portability and Accountability Act of 1996 which took effect on
Aug. 21, 1996. The act is intended to improve the efficiency and
effectiveness of the U.S. health care system by facilitating the
electronic exchange of information in the health care industry. The
Act recognized the challenges to confidentiality of health related
information and included specific provisions for its
confidentiality and privacy.
[0012] In Europe, the European Union Privacy Directive went into
effect on Oct. 25, 1998. This Directive, also known as the EU Data
Protection Directive, requires that each EU member state enact
legislation to protect personal data. According to the Directive,
personal data policies must require, among other things, that:
[0013] Data be processed fairly; [0014] Data be collected and
possessed for specified, legitimate purposes and be kept no longer
than necessary to fulfill the stated purpose for which the data was
collected; [0015] Data be accurate and up to date; and [0016]
Authorizes users of personal data must not transfer that data to
third parties without the permission of the individual providing
the data. Personal data can only be transferred across national
borders when the receiving country has an adequate level of
protection for the data.
[0017] The Directive also requires that the person about whom the
data concerns be given adequate notice of activity regarding the
data. The notice must include the identity of the party collecting
or using the data; the purpose for which the data may be used; and
such other information as is necessary to ensuring that the
processing of the date is "fair" to the individual.
[0018] The implications and practical difficulty of implementing
the EU Directive are great and go beyond the boundaries of the 15
European Union countries. As the Directive requires that no person
data can be transferred across borders unless the receiving country
has an adequate level of protection for the data, the effect of the
Directive has international dimensions. Moreover, compliance with
the notice requirement mentioned above will be difficult to achieve
using conventional methods given an increasingly global market
place, which by its nature, knows no international boundaries.
[0019] While attempts have been made to address the security needs
of computers and computer networks with respect to preventing
unauthorized access and misuse of confidential information, these
attempts increasingly fall short of what is needed to fully address
the problem. Unlike in the past, most mainframe computer systems
are now networked to other computers that are outside of the
control of the mainframe owner. The natural fire wall that existed
in the past is no longer present today. Also, the skill level
required to operate and access information stored in these
computers, while still high compared to prior standards, is easily
within reach of most who wish to acquire the skill. Moreover, the
number of people who are computer savvy beyond just a casual
knowledge of how to use a computer continues to grow. In
additional, criminal enterprises naturally move to targets of
opportunity whenever they arise. Online confidential and
proprietary information represent such targets.
[0020] E-mail, for example, has become one of the most prevalent
means for communicating information within and across
organizations. Thus, the need for securing and validating that only
authorized users can access their own e-mail accounts becomes
mission critical in many situations. The security of e-mail
messages are particularly problematic due to the propensity that
many e-mail users have to send copies to multiple recipients. Thus,
not only must the originator of the e-mail be validated for access,
the universe of recipients must be as well.
[0021] Thus, approaches to computer and network security that were
sufficient in the past are no longer equal to the challenge that
today's security risks present. Accordingly, there is a need in the
art for a more effective solution.
SUMMARY OF THE INVENTION
[0022] Accordingly, it is the overall objective of the present
invention to provide a method and apparatus for overcoming the
above noted deficiencies in the security of computers and computer
networks.
[0023] It is a specific objective of the present invention to
provide a method and apparatus for overcoming the above noted
deficiencies in the security of computers and computer networks
that is more effective than those presently known in the art.
[0024] It is another objective of the present invention to provide
a method and apparatus for overcoming the above noted deficiencies
in the security of computers and computer networks which can be
implemented in a cost effective manner.
[0025] It is still further objective of the present invention to
provide a method and apparatus for overcoming the above noted
deficiencies in the security of computers and computer networks
which can be used with prior art networks.
[0026] It is another objective of the present invention to provide
a method and apparatus for overcoming the above noted deficiencies
in the security of computers and computer networks which can be
easily implemented.
BRIEF DESCRIPTION OF THE DRAWINGS
[0027] The present invention may be more completely understood in
consideration of the following detailed description of various
embodiments of the invention in connection with the accompanying
drawings, in which:
[0028] FIG. 1 is a diagram illustrating the general architecture of
the present invention;
[0029] FIG. 2 is flow chart illustrating the notification of a data
subject in accordance with the present invention; and
[0030] FIG. 3 is a block diagram of one embodiment of a security
module in accordance with the present invention;
[0031] FIG. 4 is a block diagram of a further embodiment of a
security module in accordance with the present invention; and
[0032] FIG. 5 is a block diagram of one embodiment of encryption
circuitry as referenced in FIG. 4.
DESCRIPTION OF THE PREFERRED EMBODIMENT
[0033] FIG. 1 is a diagram of one embodiment of a network
infrastructure which can be used to achieve the notification
requirements of the EU Directive in accordance with the present
invention. NOC 1 (Network Operations Center) is an ultra secure
FIPS complaints data communications gateway located, for example,
in Northern Virginia. NOC 1 provides point-to-point secure socket
layer encryption, intrusion detection, non-repudiation protocols
and securely maintains complete electronic communications
transaction logs. NOC 1 also generates a challenge/answer password
and unique user identification for inclusion in the notification
letter that is physically sent to the EU data subject, i.e., the
person whose personal data is at issue. The password and user ID
can be used by the data subject with network access to log onto a
secure privacy response web portal for "OPT IN", "OPT OUT" and data
correction purposes.
[0034] Privacy Notification and Call Center 2 located, for example,
in Fargo, N. Dak., is at the heart of the EU privacy Directive
compliance system in accordance with the present invention. All
privacy notification forms are securely electronically forwarded
via NOC 1 to the Privacy Notification Center for human and
electronic processing. Each form is logged utilizing well known
A.C.I.D. transaction procedures. The information is then
transformed into privacy notification letters in both English and
the language of the EU data subject's country mailing address.
Notifications letters are securely electronically forwarded to a
Central Office 3 for posting via standard mail to the EU data
subject's mailing address. All EU Data subject's electronic
responses are securely returned electronically to the notification
center. All postal responses are returned to and electronically
transformed by the Central Office and forwarded to the notification
center which in turn notifies the member client that the proper
notification letter has been sent and that they are now to take the
legally required compliance action based on the data subject's
specific response to the letter or that were obtained form the data
subject via the privacy non repudiation web portal.
[0035] A Processing Center 4, for example in Brussels, securely
receives the electronic notification letter, logs its receipt,
prints the letter and posts to the EU data subject's EU mailing
address. Included in each notification letter is a self return EU
stamped privacy action response card which provides the EU data
subject the opportunity to "OPT IN" or "OPT OUT" or request that
category information be corrected by the member client. Also
included in the privacy notification letter is the EU data
subject's unique ID and password to access the secure privacy non
repudiation web portal of the present invention in order to
electronically respond if they so desire. All physical response
cards are returned to the EU office and transformed into electronic
form and forwarded to the privacy processing center in North
Dakota.
[0036] The EU date subject receives the privacy notification letter
at his or her EU mailing address. Non deliverable notification
letters are returned the Processing Center 4 and so logged in the
A.C.O.D "transactions data base. He or she completes the self
mailer privacy action card and returns to Processing Center 4 or in
the alternative logs onto the secure privacy notification response
web portal utilizing their unique user ID and password supplied in
the notification letter. Non responses that were neither physically
nor electronically received are reported and logged at the privacy
processing center for A.C.I.D. data base inclusion.
[0037] Accordingly, the present invention provides an efficient
method for those companies that are subject to the EU Direction to
comply with its notification requirement and the safeguarding of
personal information. FIG. 2 is a flow chart illustrating the
operation of the notification method in accordance with the present
invention.
[0038] The safeguarding of personal information in the way
maintained by the EU Directive does not address the issue of
unauthorized access to a computers and computer networks.
[0039] In accordance with the present invention, a novel security
module is provided to each user of the computer network. The module
includes unique digital keys that are assigned to specific network
users. In order to use the network, a user must insert his or her
security module into a reader port attached to the network.
Insertion of the module into the reader causes a secure message to
be sent to a key validation server on the network. The server
validates the digital key contained within the security module
against a certificate authority. If validation is successful, the
user is permitted to access the network to the level of authority
granted to that particular user. The validation server might also
require that the identity associated with the key be bound to a
master key.
[0040] The security module of the present invention may also be
used to configure network architecture in a predetermined manner.
For example, a user might be able to access certain network
resources without use of the security module. When the module is
used, additional resources would be made available to the user. In
another example, certain security features of the network, such as
encryption, could be enabled when the key is used. Encryption would
be especially desirable in a wireless network.
[0041] FIG. 3 is a block diagram of one embodiment of a security
module in accordance with the present invention. The module
includes a microprocessor 30 for executing a stored computer
program that controls the operation of the module, memory 31 for
storing computer program instructions and data,
encryption/decryption module 32 for encrypting and decrypting data
generated and used by the module, digital keys 33, Input/Output
Interface 34 to which Status LEDS 35 for the module are coupled
alone with Key Buttons 36 which can be activated by the user and
Network Interface 37 which interfaces, for example, to a module
reader device connected to the network. These elements individually
are known in the art. They are arranged in a novel manner in FIG. 3
in accordance with the present invention.
[0042] In yet another embodiment of the invention, non repudiation
of authorized users and access controls to internal and external
e-mail servers and user's electronic mailboxes could be enabled by
binding the identity of the users to their specific physical key
and utilizing said key as a trusted token for electronic entry,
egress and logging audit trails from the email system(s).
[0043] A number of encryption techniques may be used with the
present invention. Such techniques include x.509 and RFC 2459
signature encryption. Also included as an encryption algorithm is
an elliptic curve digital signature algorithm (ECDSA) and most
specifically a Koblitz or anomalous binary curve.
[0044] The present invention should not be considered limited to
the particular examples described above, but rather should be
understood to cover all aspects of the invention as fairly set out
in the attached claims. Various modifications, equivalents
processes, as well as numerous structures to which the present
invention may be applicable will be readily apparent to those of
skill in the art to which the present invention is directed upon
review of the instant specification.
* * * * *