U.S. patent application number 16/056525 was filed with the patent office on 2018-11-29 for method and system for remote data access.
The applicant listed for this patent is QuickVault, Inc.. Invention is credited to Steven V. Bacastow.
Application Number | 20180343565 16/056525 |
Document ID | / |
Family ID | 45349931 |
Filed Date | 2018-11-29 |
United States Patent
Application |
20180343565 |
Kind Code |
A1 |
Bacastow; Steven V. |
November 29, 2018 |
Method and System For Remote Data Access
Abstract
A system and method for securely storing, retrieving and sharing
data using PCs and mobile devices and for controlling and tracking
the movement of data to and from a variety of computing and storage
devices.
Inventors: |
Bacastow; Steven V.;
(Cumming, GA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
QuickVault, Inc. |
Cumming |
GA |
US |
|
|
Family ID: |
45349931 |
Appl. No.: |
16/056525 |
Filed: |
August 7, 2018 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
15476556 |
Mar 31, 2017 |
10045215 |
|
|
16056525 |
|
|
|
|
14990438 |
Jan 7, 2016 |
9614858 |
|
|
15476556 |
|
|
|
|
14542093 |
Nov 14, 2014 |
9264431 |
|
|
14990438 |
|
|
|
|
14323952 |
Jul 3, 2014 |
8918846 |
|
|
14542093 |
|
|
|
|
13306155 |
Nov 29, 2011 |
8812611 |
|
|
14323952 |
|
|
|
|
12466989 |
May 15, 2009 |
8086688 |
|
|
13306155 |
|
|
|
|
61130206 |
May 29, 2008 |
|
|
|
61130189 |
May 29, 2008 |
|
|
|
61130223 |
May 29, 2008 |
|
|
|
61127960 |
May 16, 2008 |
|
|
|
61130207 |
May 29, 2008 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04W 12/06 20130101;
H04L 63/0876 20130101; H04W 12/04031 20190101; H04L 63/20 20130101;
H04L 63/0435 20130101; H04L 63/102 20130101; H04W 12/08 20130101;
H04L 63/0492 20130101; G06F 11/1458 20130101; G06F 21/606 20130101;
G06F 21/62 20130101; G06F 21/78 20130101; H04L 67/04 20130101; G06F
21/305 20130101; H04L 63/083 20130101; H04L 63/107 20130101; H04L
63/10 20130101; H04L 63/12 20130101; H04W 4/80 20180201; G06F
21/6218 20130101; G06F 21/6245 20130101; G06F 21/121 20130101; H04L
67/22 20130101 |
International
Class: |
H04W 12/06 20090101
H04W012/06; H04W 12/08 20090101 H04W012/08; H04W 12/04 20090101
H04W012/04; G06F 11/14 20060101 G06F011/14; G06F 21/12 20130101
G06F021/12; G06F 21/30 20130101 G06F021/30; H04L 29/06 20060101
H04L029/06; G06F 21/78 20130101 G06F021/78; G06F 21/62 20130101
G06F021/62; G06F 21/60 20130101 G06F021/60 |
Claims
1. A computer-implemented method for remote data access, comprising
the steps of: a remote computer receiving from a first computing
device a first authentication request comprising a first computing
device unique identifier and a first unique user name and a first
password, wherein the first authentication request is initiated by
a first software stored on the first computing device; the remote
computer determining whether the first computing device is
authorized for use with the remote computer by determining a valid
combination of the first computing device unique identifier and the
first unique user name and the first password associated with the
first computing device, the remote computer comprising a plurality
of security settings, each of the security settings associated with
a single computing device and comprising a unique combination of a
computing device unique identifier and a software identifier; upon
determining that the first computing device is authorized, the
remote computer transmitting to the first computing device a
validation message associated with the first computing device; the
remote computer receiving from the first computing device a first
file copied from the first computing device, the first file
encrypted by an encryption key that is related to the first
software stored on the first computing device; the remote computer
storing a first detail message, the first detail message associated
with the first file copied from the first computing device to the
remote computer, the first detail message comprising at least a
name of the first file copied from the first computing device to
the remote computer, the first detail message stored as a meta-data
log on the remote computer; in response to receiving a share
request from the first computing device, the remote computer
transmitting to a second computing device a message including a
link to the first file copied from the first computing device; the
remote computer receiving from the second computing device a second
authentication request comprising a second computing device unique
identifier and a second unique user name and a second password
associated with the second computing device; the remote computer
determining whether the second computing device is authorized for
use with the remote computer by determining a valid combination of
the second computing device unique identifier and the second unique
user name and the second password; upon determining that the second
computing device is authorized, the remote computer transmitting to
the second computing device a copy of the first file copied from
the first computing device to the remote computer; and the remote
computer storing in the meta-data log a second detail message
associated with the copy of the first file transmitted from the
remote computer to the second computing device.
2. A computer-implemented method for remote data access, comprising
the steps of: a remote computer receiving from a first computing
device a first authentication request comprising a first computing
device unique identifier and a first unique user name and a first
password, wherein the first authentication request is initiated by
a first software stored on the first computing device; the remote
computer determining whether the first computing device is
authorized for use with the remote computer by determining a valid
combination of the first computing device unique identifier and the
first unique user name and the first password associated with the
first computing device, the remote computer comprising a plurality
of security settings, each of the security settings associated with
a single computing device and comprising a unique combination of a
computing device unique identifier and a software identifier; upon
determining that the first computing device is authorized, the
remote computer transmitting to the first computing device a
validation message associated with the first computing device; the
remote computer receiving from the first computing device a first
file copied from the first computing device, the first file
encrypted by an encryption key that is related to the first
software stored on the first computing device; and the remote
computer storing a first detail message, the first detail message
associated with the first file copied from the first computing
device to the remote computer, the first detail message comprising
at least a name of the first file copied from the first computing
device to the remote computer, the first detail message stored as a
meta-data log on the remote computer.
3. A computer-implemented method for remote data access, comprising
the steps of: a remote computer receiving from a second computing
device a second authentication request comprising a second
computing device unique identifier and a second unique user name
and a second password associated with the second computing device,
the second authentication request received from the second
computing device responsive to a message received by the second
computing device from the remote computer including a link to a
first file authorized by a first computing device to be downloaded
to the second computing device, the first file being encrypted; the
remote computer determining whether the second computing device is
authorized for use with the remote computer by determining a valid
combination of the second computing device unique identifier and
the second unique user name and the second password, the remote
computer comprising a plurality of security settings, each of the
security settings associated with a single computing device and
comprising a unique combination of a computing device unique
identifier, a unique user name, and a password; upon determining
that the second computing device is authorized, the remote computer
transmitting to the second computing device a copy of the first
file copied from the first computing device to the remote computer,
the first file decrypted by an encryption key that is related to a
first software stored on the first computing device; and the remote
computer storing in a meta-data log a detail message associated
with the copy of the first file transmitted from the remote
computer to the second computing device.
4. The computer implemented method of claim 1, wherein the first
computing device is one of a PC and a mobile device.
5. The computer implemented method of claim 1, wherein the second
computing device is one of a PC and a mobile device.
6. The computer implemented method of claim 2, wherein the first
computing device is one of a PC and a mobile device.
7. The computer implemented method of claim 3, wherein the second
computing device is one of a PC and a mobile device.
8. The computer implemented method of claim 1, wherein the remote
computer further comprises a sender's database and a recipient's
database; wherein files are transferred from the sender's database
to the recipient's database; and wherein a sender authorizes a
recipient to access selected files and folders that are stored in
the sender's database.
9. The computer implemented method of claim 2, wherein the remote
computer further comprises a sender's database and a recipient's
database; wherein files are transferred from the sender's database
to the recipient's database; and wherein a sender authorizes a
recipient to access selected files and folders that are stored in
the sender's database.
10. The computer implemented method of claim 3, wherein the remote
computer further comprises a sender's database and a recipient's
database; wherein files are transferred from the sender's database
to the recipient's database; and wherein a sender authorizes a
recipient to access selected files and folders that are stored in
the sender's database.
11. The computer implemented method of claim 1, wherein the first
file may be tagged with access rights granted by a sender which
will serve to govern the subsequent use and lifespan of the first
file.
12. The computer implemented method of claim 2, wherein the first
file may be tagged with access rights granted by the sender,
associated with the first computing device, which will serve to
govern the subsequent use and lifespan of the first file.
13. The computer implemented method of claim 3, wherein the first
file may be tagged with access rights granted by the sender,
associated with the first computing device, which will serve to
govern the subsequent use and lifespan of the first file.
14. The computer implemented method of claim 1, wherein the first
computing device further comprises a secure database resident
within a non-volatile memory of the first computing device that
provides a virtual container for storing and organizing selected
data files stored on the first computing device.
15. The computer implemented method of claim 2, wherein the first
computing device further comprises a secure database resident
within a non-volatile memory of the first computing device that
provides a virtual container for storing and organizing selected
data files stored on the first computing device.
16. The computer implemented method of claim 3, wherein the first
computing device further comprises a secure database resident
within a non-volatile memory of the second computing device that
provides a virtual container for storing and organizing selected
data files stored on the first computing device.
Description
RELATED APPLICATIONS
[0001] This application is a continuation of and claims priority to
U.S. patent application Ser. No. 15/476,556, filed Mar. 31, 2017,
and titled "Method and System for Remote Data Access Using a Mobile
Device,", which is a continuation application of and claims
priority to U.S. patent application Ser. No. 14/990,438, filed Jan.
7, 2016, and titled "Method and System for Remote Data Access Using
a Mobile Device," which is a continuation of and claims priority to
U.S. patent application Ser. No. 14/542,093, filed Nov. 14, 2014,
and titled "Method and System for Remote Data Access Using a Mobile
Device," which is a continuation of and claims priority to U.S.
patent application Ser. No. 14/323,952, filed Jul. 3, 2014, and
titled "Method and System for Secure Mobile Messaging," which is a
continuation of and claims priority to U.S. patent application Ser.
No. 13/306,155, filed Nov. 29, 2011, and titled "Method and System
for Secure Mobile File Sharing," which is a continuation of and
claims priority to U.S. patent application Ser. No. 12/466,989,
filed May 15, 2009, and titled "Method and System for Mobile Data
Security" which claims the benefit of priority of the following
U.S. provisional applications:
TABLE-US-00001 Application No. Filed On 61/127,960 May 16, 2008
61/130,223 May 29, 2008 61/130,207 May 29, 2008 61/130,189 May 29,
2008 61/130,206 May 29, 2008
[0002] All of the foregoing non-provisional and provisional
applications are hereby incorporated herein by reference.
COPYRIGHT NOTICE
[0003] A portion of the disclosure of this patent document may
contain material which is subject to copyright protection. The
copyright owner has no objection to the facsimile reproduction by
anyone of the patent document or patent disclosure as it appears in
the U.S. Patent and Trademark Office patent file or records, but
otherwise reserves all copyright rights whatsoever.
FIELD OF THE INVENTION
[0004] This invention relates to a system and method for securely
storing, retrieving and sharing data using PCs and mobile devices
and for controlling and tracking the movement of data to and from a
variety of computing and storage devices.
BACKGROUND OF THE INVENTION
[0005] The number of personal computers and mobile devices capable
of sending and storing data increases significantly each year.
These devices are routinely used to store files containing personal
as well as confidential business information. Security
administrators and business owners often have no record of what
data is stored on PCs and mobile devices at any given point in
time. For example, if a computing or storage device is lost or
stolen, it is problematic to determine after the fact exactly what
information was lost and/or disclosed with the device. There are
also significant regulatory exposures related to the disclosure of
certain classes of data such as medical information (HIPAA) and
Payment Card Industry (PCI) data.
[0006] Individuals and businesses often share data files by sending
these files as email attachments over the Internet. Although
encryption methods are available, many users do not encrypt
attachments prior to email transmission. Therefore, there is a risk
that data files sent as attachments in email messages may be
disclosed to an unauthorized recipient. Furthermore, using current
methods, security administrators and business owners have no
reliable mechanisms to control or track the movement of data sent
by email between users of PCs or mobile devices.
[0007] In recent years the numbers of mobile storage devices such
as USB flash drives and mobile communication devices with internal,
non-volatile flash memory have also increased significantly. A
significant amount of personal and confidential data can be stored
on USB flash drives and mobile communication devices with
non-volatile storage such as micro SD cards. Conventional methods
allow data to be encrypted prior to storage onto these devices;
however, conventional methods lack a mechanism for limiting access
to confidential data once stored on these devices. Furthermore,
there are no current methods which can serve to monitor and control
the movement of data from non-volatile flash memory to other
computing devices. Because laptop computers are highly mobile, it
is not uncommon for laptop computers to fall outside of the regular
backup processes which otherwise may be in place for fixed
(desktop) PCs and corporate servers. Recognizing this need, there
has been a trend in new services (such as Carbonite, Iron Mountain,
RackSpace/Jungle Disk, and EMC/Mozy) that offer remote backup
services to backup the data stored on laptop PCs. However, these
services lack capabilities for security administrators and business
owners to track, monitor and enforce compliance with policies.
Also, using these products, there is little utility value that can
be derived from the remotely stored data for purposes beyond simple
backup and restore. Specifically, these remote backup services do
not offer users the ability to ubiquitously access and/or share
backed-up data from thin-client (WEB) or mobile (WAP) based
interfaces.
[0008] Along with the trend in mobile computing, there has been an
increased demand for Internet access and data sharing from a
variety of users and businesses. Today, wireless broadband modems
enable the mobile user to gain internet access using the cellular
networks of wireless network operators such as (AT&T, Verizon,
T-Mobile, and Sprint). However, these carriers have limited
capacity to support peer-to-peer data transfers over wireless
networks. Many of these same wireless carriers also offer DSL-based
or Cable-based high speed Internet access. These high speed data
services have become highly commoditized in recent years with the
key competitive focus on download speeds. Within the major carriers
(AT&T, Verizon, Sprint), there is little functional or
technical synergy between wireless and wired services. Carriers
need new value-added services that can increase customer retention
and bridge the gaps between wired and wireless-based services.
Services such as secure remote file storage and secure file sharing
would be effective value added offerings for the adept mobile
network operator interested in proactively managing its limited
wireless network resources and looking for new sources of revenue
and increasing customer retention.
[0009] Given these collective limitations of the prior art and the
numerous needs and opportunities stated herein, a system and method
are needed that can provide an architecture for securely storing,
retrieving, and sharing data using PCs and mobile devices and for
controlling and tracking the movement of data to and from a variety
of devices.
SUMMARY OF THE INVENTION
[0010] The invention satisfies the above-described and other
related needs by providing a method and system for security
administrators, business owners and individuals to know what data
is stored on mobile devices; to limit how data is shared between
users; to track the movement of data between users, PCs, and mobile
devices; and to provide ubiquitous access to remote data based on a
multi-factor security framework.
[0011] In one exemplary embodiment, the invention provides a method
for mobile data security. A mobile device can include a stored
computer software program and database. The mobile device can be
connected to a first PC operable to validate the device based on
security settings that can be accessed from a remote computing
device. Upon validation, data can be transferred from the first PC
onto the mobile device. The first PC can communicate to the remote
computing device the details related to the files that were
transferred to the mobile device. These details related to the
files that were transferred from the first PC to the mobile device
can be stored on the remote computing device as meta-data logs. The
mobile device can later be connected to a second PC operable to
receive files transferred from the mobile device. The second PC can
communicate to the remote computing device the details related to
the files that were received from the mobile device. These details
related to the files that were transferred from the mobile device
to the second PC can be stored on the remote computing device as
meta-data logs.
[0012] In another exemplary embodiment, the invention provides a
system for mobile data security. A mobile device can include a
stored computer software program and database. The mobile device
can be connected to a first PC operable to validate the device
based on security settings that can be accessed from a remote
computing device. Upon validation, data can be transferred from the
first PC onto the mobile device. The first PC can communicate to
the remote computing device the details related to the files that
were transferred to the mobile device. These details related to the
files that were transferred from the first PC to the mobile device
can be stored on the remote computing device as meta-data logs. The
mobile device can later be connected to a second PC operable to
receive files transferred from the mobile device. The second PC can
communicate to the remote computing device the details related to
the files that were received from the mobile device. These details
related to the files that were transferred from the mobile device
to the second PC can be stored on the remote computing device as
meta-data logs.
[0013] In yet another exemplary embodiment, the invention comprises
a method for multi-factor remote data access. A multi-factor
authentication system uses three or more unique pieces of
information to verify the identity of a person or other entity
requesting access under security constraints. A mobile device can
be connected to a first PC. The mobile device can include a stored
computer software program and database. The first PC can be
operable to execute the software stored on the mobile device. The
software on the mobile device can transfer data from the first PC
to a remote storage device comprised within a remote computing
device. A record of the details related to the data that is
transferred from the first PC to the remote storage device can be
stored in the database on the mobile device. A corresponding record
of the details of the data that is transferred from the first PC to
the remote storage device can be stored on the remote computing
device as meta-data logs. The mobile storage device can be
connected to a second PC. The second PC can be operable to execute
the software stored on the mobile device. Using security settings
that can be stored on the remote computing device, the software on
the mobile device can validate if the second PC is authorized to
receive data that was previously transferred from the first PC. If
the second PC is authorized to receive data from the first PC, the
software on the mobile device can transfer data from the remote
storage device to the second PC. A record of the details of the
data that can be transferred from the remote storage device to the
second PC can be stored as meta-data on the remote computing
device. A corresponding record of the details of the data that can
be transferred from the remote storage device to the second PC can
be stored in the database on the mobile device.
[0014] In yet another embodiment, the invention comprises a system
for multi-factor remote data access. A mobile device can be
connected to a first PC. The mobile device can include a stored
computer software program and database. The first PC can be
operable to execute the software stored on the mobile device. The
software on the mobile device can transfer data from the first PC
to a remote storage device comprised within a remote computing
device. A record of the details related to the data that is
transferred from the first PC to the remote storage device can be
stored in the database on the mobile device. A corresponding record
of the details of the data that is transferred from the first PC to
the remote storage device can be stored on the remote computing
device as meta-data logs. The mobile storage device can be
connected to a second PC. The second PC can be operable to execute
the software stored on the mobile device. Using security settings
that can be stored on the remote computing device, the software on
the mobile device can validate if the second PC is authorized to
receive data that was previously transferred from the first PC. If
the second PC is authorized to receive data from the first PC, the
software on the mobile device can transfer data from the remote
storage device to the second PC. A record of the details of the
data that can be transferred from the remote storage device to the
second PC can be stored as meta-data on the remote computing
device. A corresponding record of the details of the data that can
be transferred from the remote storage device to the second PC can
be stored in the database on the mobile device.
[0015] In yet another embodiment, the invention comprises a method
for secure digital file sharing. A first PC can be operable to
encrypt and transfer data to a remote storage device comprised
within a remote computing device. The first PC can store details
about the data that can be stored on the remote storage device as
meta-data logs on the remote computing device. Meta-data logs can
contain the encryption key that was used by the first PC to encrypt
the data that can be transferred to the remote storage device.
Security settings can govern how remotely stored data can be shared
with other users and other PCs. If permitted by security settings,
an email can be sent at the request of the first PC from the remote
computing device to a second PC with instructions regarding data
files that can be shared with the user of the second PC.
Instructions can include an imbedded link to the data that can be
downloaded from the remote storage device. The remote computing
device can validate the download request received from the second
PC using security settings stored on the remote computing device.
If the user of the second PC is authorized to receive files from
the user of the first PC, files can be decrypted using the
encryption key stored in the meta-data logs by the first PC.
Decrypted files can be downloaded onto the second PC. A record of
the details of the data that can be downloaded from the remote
storage device to the second PC can be stored as meta-data on
remote computing device.
[0016] In yet another embodiment, the invention comprises a system
for secure digital file sharing. A first PC can be operable to
encrypt and transfer data to a remote storage device comprised
within a remote computing device. The first PC can store details
about the data that can be stored on the remote storage device as
meta-data logs on the remote computing device. Meta-data logs can
contain the encryption key that was used by the first PC to encrypt
the data that can be transferred to the remote storage device.
Security settings can govern how remotely stored data can be shared
with other users and other PCs. If permitted by security settings,
an email can be sent at the request of the first PC from the remote
computing device to a second PC with instructions regarding data
files that can be shared with the user of the second PC.
Instructions can include an imbedded link to the data that can be
downloaded from the remote storage device. The remote computing
device can validate the download request received from the second
PC using security settings stored on the remote computing device.
If the user of the second PC is authorized to receive files from
the user of the first PC, files can be decrypted using the
encryption key stored in the meta-data logs by the first PC.
Decrypted files can be downloaded onto the second PC. A record of
the details of the data that can be downloaded from the remote
storage device to the second PC can be stored as meta-data on
remote computing device.
[0017] In yet another embodiment, the invention comprises a method
for secure mobile data sharing. A first mobile device can be
operable to encrypt and transfer data to a remote storage device
comprised within a remote computing device. The first mobile device
can store details about the data that can be stored on the remote
storage device as meta-data logs on the remote computing device.
Meta-data logs can contain the encryption key that was used by the
first mobile device to encrypt the data that can be transferred to
the remote storage device. Security settings can govern how
remotely stored data can be shared with other users and other
mobile devices. If permitted by security settings, a text message
can be sent at the request of the first mobile device from the
remote computing device to a second mobile device with instructions
regarding data files that can be shared with the user of the second
mobile device. Instructions can include an imbedded link to the
data that can be downloaded from the remote storage device. The
remote computing can validate the download request received from
the second mobile device using security settings stored on the
remote computing device. If the user of the second mobile device is
authorized to receive files from the user of the first mobile
device, files can be decrypted using the encryption key stored in
the meta-data logs by the first mobile device. Decrypted files can
be downloaded onto the second mobile device. A record of the
details of the data that can be downloaded from the remote storage
device to the second mobile device can be stored as meta-data on
the remote computing device.
[0018] In yet another embodiment, the invention comprises a system
for secure mobile data sharing. A first mobile device can be
operable to encrypt and transfer data to a remote storage device
comprised within a remote computing device. The first mobile device
can store details about the data that can be stored on the remote
storage device as meta-data logs on the remote computing device.
Meta-data logs can contain the encryption key that was used by the
first mobile device to encrypt the data that can be transferred to
the remote storage device. Security settings can to govern how
remotely stored data can be shared with other users and other
mobile devices. If permitted by security settings, a text message
can be sent at the request of the first mobile device from the
remote computing device to a second mobile device with instructions
regarding data files that can be shared with the user of the second
mobile device. Instructions can include an imbedded link to the
data that can be downloaded from the remote storage device. The
remote computing device can validate the download request received
from the second mobile device using security settings stored on the
remote computing device. If the user of the second mobile device is
authorized to receive files from the user of the first mobile
device, files can be decrypted using the encryption key stored in
the meta-data logs by the first mobile device. Decrypted files can
be downloaded onto the second mobile device. A record of the
details of the data that can be downloaded from the remote storage
device to the second mobile device can be stored as meta-data on
the remote computing device.
[0019] In yet another embodiment, the invention comprises a method
for managing and enforcing remote security settings. A first input
device can be operable to add, change, or delete security settings
stored within a remote storage device comprised within a remote
computing device. A first mobile device can be connected to a first
PC. A software application resident within the first mobile device
can be executed by the CPU of the first PC. The software
application can request data to be transferred to the first PC from
the mobile device. The first PC can send the request to the remote
computing device. The remote computing device can approve or deny
the request based on the security settings that are stored within
the remote storage device. The approval or denial of the request
can be sent back to the software application on the mobile device.
If the request is approved, data may be transferred in accordance
with the request.
[0020] In yet another embodiment, the invention comprises a system
for managing and enforcing remote security settings. A first input
device can be operable to add, change, or delete security settings
stored within a remote storage device comprised within a remote
computing device. A first mobile device can be connected to a first
PC. A software application resident within the first mobile device
can be executed by the CPU of the first PC. The software
application can request data to be transferred to the first PC from
the mobile device. The first PC can send the request to the remote
computing device. The remote computing device can approve or deny
the request based on the security settings that are stored within
the remote storage device. The approval or denial of the request
can be sent back to the software application on the mobile device.
If the request is approved, data may be transferred in accordance
with the request.
[0021] In yet another embodiment, the invention comprises a method
for reporting the movement of data to and from mobile devices. A
first mobile device can be connected to a first PC. Data can be
transferred from the first mobile device to the first PC. A record
of the data that can be transferred from the first mobile device to
the first PC can be transferred to a remote computing device
comprising a meta data log file. The remote computing device can be
operable to store the received record into the meta data log file.
A first input device can be operable to request information about
the movement of data from the first mobile device to the first PC.
The remote computing device can receive and process the information
request using data contained within the meta data log file. A
report can be produced by the remote computing device based on the
information request. The report can be delivered to a first output
device.
[0022] In yet another embodiment, the system comprises a system for
reporting the movement of data to a mobile device. A first mobile
device can be connected to a first PC. Data can be transferred from
the first mobile device to the first PC. A record of the data that
can be transferred from the first mobile device to the first PC can
be transferred to a remote computing device comprising a meta data
log file. The remote computing device can be operable to store the
received record into the meta data log file. A first input device
can be operable to request information about the movement of data
from the first mobile device to the first PC. The remote computing
device can receive and process the information request using data
contained within the meta data log file. A report can be produced
by the remote computing device based on the information request.
The report can be delivered to a first output device.
[0023] The foregoing exemplary embodiments and other embodiments
will be discussed in greater detail in the Detailed Description in
connection with the attached drawings illustrating the best mode
for carrying out the invention as presently perceived.
BRIEF DESCRIPTION OF THE DRAWINGS
[0024] FIG. 1 illustrates an architecture for mobile data security
using a mobile storage device in accordance with an exemplary
embodiment of the invention.
[0025] FIG. 2 illustrates an architecture for mobile data security
using a mobile communication device in accordance with an exemplary
embodiment of the invention.
[0026] FIG. 3 illustrates an architecture for multi-factor remote
data access using a mobile storage device in accordance with an
exemplary embodiment of the invention.
[0027] FIG. 4 illustrates an architecture for multi-factor remote
data access using a mobile communication device in accordance with
an exemplary embodiment of the invention.
[0028] FIG. 5 illustrates an architecture for securely sharing data
files between PCs in accordance with an exemplary embodiment of the
invention.
[0029] FIG. 6 illustrates an architecture for securely sharing data
files between a PC and a mobile device in accordance with an
exemplary embodiment of the invention.
[0030] FIG. 7 illustrates an architecture for securely sharing data
files between mobile devices in accordance with an exemplary
embodiment of the invention.
[0031] FIG. 8 illustrates an architecture for a computing device in
accordance with an exemplary embodiment of the invention.
[0032] FIG. 9 illustrates an architecture for remote security
settings in accordance with an exemplary embodiment of the
invention.
[0033] FIG. 10 illustrates an architecture for reporting the
movement of data to and from PCs and mobile devices in accordance
with an exemplary embodiment of the invention.
[0034] FIG. 11 is an overview of the primary components that
support the invention embodiments. Components include: [0035] (i)
Computer 1 [0036] (ii) Mobile device or USB flash drive with
internal non-volatile flash memory [0037] (iii) Connection to
Computer 1 either through a physical connection or through a near
field communication method. [0038] (iv) Network connection or
communication session [0039] (v) Remote Storage Device
[0040] FIG. 12 is an alternate overview of the primary components
that support the invention embodiments. Components include: [0041]
(i) Portable Storage Device [0042] (ii) Mobile device with internal
non-volatile flash memory [0043] (iii) Network connection or
communication session [0044] (iv) Remote Storage Device
[0045] FIG. 13 is an overview of the primary components that
support the invention embodiments. Components include: [0046] (i)
Computer 1 (sender's PC) with software application and encryption
keys [0047] (ii) Computer 2 (recipient's PC) with software
application and encryption keys [0048] (iii) Network connection or
communication session [0049] (iv) Central file server with
relational databases for each sender and recipient.
[0050] FIG. 14 is an overview of the primary components that
support the invention embodiments. Components include: [0051] (i)
Computer 1 (sender's PC) with software application and encryption
keys [0052] (ii) Mobile device with software application and
encryption keys [0053] (iii) Network connection or communication
session [0054] (iv) Central file server with relational databases
for each sender and recipient.
[0055] FIG. 15 is an overview of the primary components that
support the invention embodiments. Components include: [0056] (i)
Mobile device 1 with internal non-volatile flash memory [0057] (ii)
Mobile device 2 with internal non-volatile flash memory [0058]
(iii) Computer 1 (recipient's PC) [0059] (iv) Network connection or
communication session
[0060] FIG. 16 is an overview of the primary components that
support the invention embodiments. Components include: [0061] (i)
Computer 1 [0062] (ii) Mobile device with internal non-volatile
flash memory [0063] (iii) Computer 2 [0064] (iv) Network connection
or communication session [0065] (v) File Server
[0066] FIG. 17 is an alternate overview of the primary components
that support the invention embodiments. Components include: [0067]
(i) Computer 1 [0068] (ii) Portable Storage Device [0069] (iii)
Computer 2 [0070] (iv) Network connection or communication session
[0071] (v) File Server
DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS
[0072] The present invention answers these needs by providing
several approaches for systems and methods for securely storing,
sharing, and tracking the movement of data on PCs and mobile
devices.
[0073] In embodiments of the present invention as illustrated in
FIG. 1, a mobile storage device (1.2) comprising a non-volatile
flash memory, software application and database is physically
connected to PC (1.1). Upon connection with the mobile device, the
CPU of PC (1.1) executes software application (1.2.2) and
identifies the mobile device (1.2) using data contained in message
(1.2.1). PC (1.1) sends authentication request (1.1.1) to remote
computing device (1.5). The authentication request (1.1.1) contains
a unique mobile device serial number and a unique software license
key that are passed from the mobile device (1.2) to the PC (1.1)
using message (1.2.1). The authentication request (1.1.1) also
contains a serial number to uniquely identify the PC (1.1). The
remote computing device (1.5) receives the authentication request
(1.1.1) from PC (1.1). The remote computing device (1.5) retrieves
from the security settings file (1.6) unique security settings
related to the mobile device using the unique software license key
and validates that the license key is authorized for use with the
mobile device.
[0074] If the license key and mobile device serial numbers are
determined to be a valid combination, the software application is
further validated to determine if it is authorized for use on the
connected PC (1.1). If the mobile device (1.2) and software license
key for software application (1.2.2) are valid for use with PC
(1.1), message (1.6.1) is returned to PC (1.1) indicating that data
may be transferred from PC (1.1) onto mobile device (1.2) using
message (1.1.2).
[0075] Upon receipt of message (1.1.2) the software application
(1.2.2) copies transferred data into the database (1.2.4). Data is
encrypted prior to storage into database (1.2.4) using an
encryption key that is uniquely related to the license key for
software application (1.2.2). Software application (1.2.2) executed
using the CPU and network resources of PC (1.1) stores details
(which can include one or more of: file names, date created, date
stored, originating PC, and originating volume) related to data
transferred to the mobile storage device into mobile device
database (1.2.4) and sends message (1.1.3) to remote computing
device (1.5) containing same details of data transferred from PC
(1.1) to mobile device (1.2). Message (1.1.3) is received by remote
computing device (1.5) and stored as meta-data logs (1.3).
[0076] Mobile device (1.2) is then disconnected from PC (1.1) and
connected to PC (1.4). Upon connection with the mobile device, PC
(1.4) executes software application (1.2.2) and identifies the
mobile device (1.2) with data contained in message (1.2.3). The
authentication request (1.4.1) contains a unique mobile device
serial number and a unique software license key that are first
passed from the mobile device (1.2) to the PC (1.4) using message
(1.2.3). PC (1.4) sends authentication request (1.4.1) to remote
computing device (1.5). The authentication request (1.4.1) also
contains a serial number to uniquely identify the PC.
[0077] The remote computing device (1.5) receives the
authentication request (1.4.1) from PC (1.4). The remote computing
device (1.5) retrieves from the security settings file (1.6) the
unique settings related to the mobile device using the unique
software license key and validates that the license key is
authorized for use with the mobile device. If the license key and
mobile device serial numbers are determined to be a valid
combination, the software application is further validated to
determine if it is authorized for use on the connected PC (1.4). If
the mobile device (1.2) and software license key for software
application (1.2.2) are valid for use with PC (1.4), message
(1.6.2) is returned to software application (1.2.2) executed by PC
(1.4) indicating that data may be transferred from mobile device
(1.2) to PC (1.4).
[0078] Data is then transferred from mobile device (1.2) onto PC
(1.4) using message (1.2.5). Data is decrypted prior to storage
using an encryption key that is uniquely related to the license key
for software application (1.2.2). Software application (1.2.2)
executed using the CPU and network resources of PC (1.4) stores
details (e.g. file names, date transferred, destination PC,
destination volume) related to each file transferred from the
mobile storage device to the PC (1.4) into mobile device database
(1.2.4) and sends message (1.4.2) containing the same details of
data transferred from mobile device (1.2) to PC (1.4). Message
(1.4.2) is received by remote computing device (1.5) and stored as
meta-data logs (1.3). It should be appreciated by those who are
skilled in the art that a variety of methods of communication
between the PCs, mobile devices, and the remote computing device
(e.g. http, https, xml, ftp, etc.) may be used and the invention
should not be construed as limited to any one set communication
protocol or data format.
[0079] In other embodiments of the present invention as illustrated
in FIG. 2, a mobile communication device (2.2) comprising at least
a CPU, operating system, wireless antenna, non-volatile flash
memory, software application and database is connected to PC (2.1)
using a wireless communication method such as Bluetooth or other
near field communication (NFC) method. Upon connection with the
mobile device, PC (2.1) executes software application (2.2.2) and
identifies the mobile device (2.2) using data contained in message
(2.2.1). PC (2.1) sends authentication request (2.1.1) to remote
computing device (2.5). The authentication request (2.1.1) contains
a unique mobile device serial number and a unique software license
key that are passed from the mobile device (2.2) to the PC (2.1)
using message (2.2.1). The authentication request (2.1.1) also
contains a serial number to uniquely identify the PC (2.1). The
remote computing device (2.5) receives the authentication request
(2.1.1) from PC (2.1). The remote computing device (2.5) retrieves
from the security settings file (2.6) unique security settings
related to the mobile device using the unique software license key
and validates that the license key is authorized for use with the
mobile device. If the license key and mobile device serial numbers
are determined to be a valid combination, the software application
is further validated to determine if it is authorized for use on
the connected PC (2.1).
[0080] If the mobile device (2.2) and software license key for
software application (2.2.2) are valid for use with PC (2.1),
message (2.6.1) is returned to PC (2.1) indicating that data may be
transferred from PC (2.1) onto mobile device (2.2) using message
(2.1.2). Upon receipt of message (2.1.2), the software application
(2.2.2) copies transferred data into the database (2.2.4). Data is
encrypted prior to storage into database (2.2.4) using an
encryption key that is uniquely related to the license key for
software application (2.2.2). Software application (2.2.2) executed
using the CPU and network resources of PC (2.1) stores details
(which can include one or more of: file name, date created, date
stored, originating PC, and originating volume) related to data
transferred to the mobile storage device into mobile device
database (2.2.4) and sends message (2.1.3) to remote computing
device (2.5) containing details of data transferred from PC (2.1)
to mobile device (2.2). Message (2.1.3) is received by remote
computing device (2.5) and stored as meta-data logs (2.3).
[0081] Mobile device (2.2) is then disconnected from PC (2.1) and
connected to PC (2.4) using a wireless communication method such as
Bluetooth or other near field communication (NFC) method. Upon
connection with the mobile device, PC (2.4) executes software
application (2.2.2) and identifies the mobile device (2.2) using
data contained in message (2.2.3). The authentication request
(2.4.1) contains a unique mobile device serial number and a unique
software license key that are first passed from the mobile device
(2.2) to the PC (2.4) using message (2.2.3). The authentication
request (2.4.1) also contains a serial number to uniquely identify
the PC (2.4). The remote computing device (2.5) receives the
authentication request (2.4.1) from PC (2.4). The remote computing
device (2.5) retrieves from the security settings file (2.6) the
unique settings related to the mobile device using the unique
software license key and validates that the license key is
authorized for use with the mobile device. If the license key and
mobile device serial numbers are determined to be a valid
combination, the software application is further validated to
determine if it is authorized for use on the connected PC (2.4). If
the mobile device (2.2) and software license key for software
application (2.2.2) are valid for use with PC (2.4), message
(2.6.2) is returned to software application (2.2.2) executed by PC
(2.4) indicating that data may be transferred from mobile device
(2.2) to PC (2.4).
[0082] Data is transferred from mobile device (2.2) onto PC (2.4)
using message (2.2.5). Data is decrypted prior to storage using an
encryption key that is uniquely related to the license key for
software application (2.2.2). Software application (2.2.2) executed
using the CPU and network resources of PC (2.4) stores details
(which can include one or more of the following: file name, date
transferred, destination PC, destination volume) related to each
file transferred from the mobile communication device to the PC
(2.4) into mobile device database (2.2.4) and sends message (2.4.2)
containing the same details of data transferred from mobile
communication device (2.2) to PC (2.4). Message (2.4.2) is received
by remote computing device (2.5) and stored as meta-data logs
(2.3).
[0083] It should be appreciated by those who are skilled in the art
that a variety of communication protocols and data formats between
the PCs, mobile devices, and the remote computing device (e.g.
http, https, xml, ftp, etc.) may be used and the invention should
not be construed as limited to any one set communication protocol
or data format. It should also be appreciated that the software
application (2.2.2) may be executed using the CPU and network
resources of the mobile communication device. Under this scenario,
the above described messages (e.g. 2.1.1, 2.1.2, 2.1.3, 2.4.1,
2.4.2, 2.4.3) could utilize alternate message flow (2.2.6).
[0084] In other embodiments of the present invention as illustrated
in FIG. 3, a mobile storage device (3.2) comprising a non-volatile
flash memory, software application and database is physically
connected to PC (3.1). Upon connection with the mobile device, PC
(3.1) executes software application (3.2.2) and identifies the
mobile device (3.2) using data contained in message (3.2.1). The
authentication request contains a unique mobile device serial
number and a unique software license key that are passed from the
mobile device (3.2) to the PC (3.1) using message (3.2.1). PC (3.1)
sends an authentication request (3.1.1) to remote computing device
(3.5). The authentication request (3.1.1) contains the software
license key and mobile device serial number obtained from message
(3.2.1). Message (3.1.1) also contains a serial number to uniquely
identify the PC (3.1).
[0085] The remote computing device (3.5) receives the
authentication request (3.1.1) from PC (3.1). The remote computing
device (3.5) retrieves from the security settings file (3.6) unique
security settings related to the mobile device using the unique
software (3.2.2) license key and validates that the software
(3.2.2) license key is authorized for use with the mobile device
(3.2). If the license key and mobile device serial numbers are
determined to be a valid combination, the software application is
further validated to determine if it is authorized for use on the
connected PC (3.1). If the mobile device (3.2) and software license
key for software application (3.2.2) are valid for use with PC
(3.1), message (3.6.1) is returned to software application (3.2.2)
and executed by PC (3.1) indicating that data may be transferred to
remote computing device (3.5) from PC (3.1).
[0086] Data is transferred (e.g. uploaded) from PC (3.1) onto
remote computing device (3.5) using message (3.1.2). Upon receipt
of message (3.1.2) the remote computing device (3.5) stores
transferred PC data into the remote storage device (3.4). Data is
encrypted by software application (3.2.2) prior to uploading and
storage into remote storage device (3.4) using an encryption key
that is uniquely related to the license key for software
application (3.2.2). Software application (3.2.2) executed using
the CPU of PC (3.1) sends message (3.1.3) containing details (which
can include one or more of: file name, date created, originating
PC, originating volume, and date transferred) of data transferred
from PC (3.1) to remote storage device (3.4). Message (3.1.3) is
stored as meta-data logs on mobile device database (3.2.4).
Software application (3.2.2) executed using the CPU and network
resources of PC (3.1) sends message (3.1.4) to remote computing
device (3.5) containing the same details of data transferred from
PC (3.1) to remote storage device (3.4). Message (3.1.4) is
received by remote computing device (3.5) and stored as meta-data
logs (3.3).
[0087] Mobile device (3.2) is then disconnected from PC (3.1) and
connected to PC (3.8). Upon connection with the mobile device, PC
(3.8) executes software application (3.2.2) and identifies the
mobile device (3.2) using data contained in message (3.2.3). The
authentication request contains a unique mobile device serial
number and a unique software license key that are passed from the
mobile device (3.2) to the PC (3.8) using message (3.2.3). PC (3.8)
sends an authentication request (3.8.1) to remote computing device
(3.5). The authentication request (3.8.1) contains the software
(3.2.2) license key and mobile device (3.2) serial number obtained
from message (3.2.3). Message (3.8.1) also contains a serial number
to uniquely identify the PC (3.8). The remote computing device
(3.5) receives the authentication request (3.8.1) from PC (3.8).
The remote computing device (3.5) retrieves from the security
settings file (3.6) the unique settings related to the mobile
device (3.2) using the unique software (3.2.2) license key and
validates that the license key is authorized for use with the
mobile device. If the license key and mobile device serial numbers
are determined to be a valid combination, the software application
is further validated to determine if it is authorized for use on
the connected PC (3.8).
[0088] If the mobile device (3.2) and software license key for
software application (3.2.2) are valid for use with PC (3.8),
message (3.6.2) is returned to software application (3.2.2)
executed by PC (3.8) indicating that data may be transferred from
remote computing device (3.5) to PC (3.8). Data is then transferred
(e.g. downloaded) from remote storage device (3.4) onto PC (3.8)
using message (3.4.1). Upon receipt of message (3.4.1) the software
application (3.2.2) stores data downloaded from the remote storage
device (3.4) onto PC (3.8). Data is decrypted prior to storage
using an encryption key that is uniquely related to the license key
for software application (3.2.2).
[0089] Software application (3.2.2) using the CPU and network
resources of PC (3.8) stores message (3.8.2) containing details
(which can include one or more of: file name, date transferred,
destination PC, and destination volume) of data downloaded from
remote storage device (3.4) to PC (3.8) into mobile database
(3.2.4) and sends message (3.8.3) with the same details to remote
computing device (3.5). Message (3.8.3) is received by remote
computing device (3.5) and stored as meta-data logs (3.3). It
should be appreciated by those who are skilled in the art that a
variety of methods of communication between the PCs, mobile
devices, and the remote computing device (e.g. http, https, xml,
ftp, etc.) may be used and the invention should not be construed as
limited to any one set communication protocol or data format.
[0090] In other embodiments of the present invention as illustrated
in FIG. 4, a mobile communication device (4.2) comprising at least
a CPU, operating system, wireless antenna, non-volatile flash
memory, software application and database is connected to PC (4.1)
using a wireless communication method such as Bluetooth or other
near field communication (NFC) method. Upon connection with the
mobile device, the CPU of PC (4.1) executes software application
(4.2.2) and identifies the mobile device (4.2) using data contained
in message (4.2.1). The authentication request (4.2.1) contains a
unique mobile device serial number and a unique software license
key that are passed from the mobile device (4.2) to the PC (4.1)
using message (4.2.1). PC (4.1) sends an authentication request
(4.1.1) to remote computing device (4.5). The authentication
request (4.1.1) contains the software (4.2.2) license key and
mobile device (4.2) serial number obtained from message (4.2.1).
Message (4.1.1) also contains a serial number to uniquely identify
the PC.
[0091] The remote computing device (4.5) receives the
authentication request (4.1.1) from PC (4.1). The remote computing
device (4.5) retrieves from the security settings file (4.6) unique
security settings related to the mobile communication device (4.2)
using the unique software (4.2.2) license key and validates that
the license key is authorized for use with the mobile device. If
the license key and mobile device serial numbers are determined to
be a valid combination, the software application is further
validated to determine if it is authorized for use on the connected
PC (4.1). If the mobile device (4.2) and software license key for
software application (4.2.2) are valid for use with PC (4.1)
message (4.6.1) is returned to software application (4.2.2)
executed by PC (4.1) indicating that data may be transferred to
remote computing device (4.5) from PC (4.1).
[0092] Data is then transferred (e.g. uploaded) from PC (4.1) onto
remote computing device (4.5) using message (4.1.2). Upon receipt
of message (4.1.2) the remote computing device (4.5) stores
transferred PC data into the remote storage device (4.4). Data is
encrypted by software application (4.2.2) prior to upload and
storage into remote storage device (4.4) using an encryption key
that is uniquely related to the license key for software
application (4.2.2). Software application (4.2.2) executed using
the CPU of PC (4.1) sends message (4.1.3) containing details (which
can include one or more of: file name, date created, originating
PC, originating volume, date transferred) of data transferred from
PC (4.1) to remote storage device (4.4). Message (4.1.3) is stored
as meta-data logs on mobile device database (4.2.4). Software
application (4.2.2) executed using the CPU and network resources of
PC (4.1) sends message (4.1.4) to remote computing device (4.5)
containing the same details of data transferred from PC (4.1) to
remote storage device (4.4). Message (4.1.4) is received by remote
computing device (4.5) and stored as meta-data logs (4.3).
[0093] Mobile device (4.2) is then disconnected from PC (4.1) and
connected to PC (4.8) using a wireless communication method such as
Bluetooth or other near field communication (NFC) method. Upon
connection with the mobile device, PC (4.8) executes software
application (4.2.2) and identifies the mobile device (4.2) using
data contained in message (4.2.2). The authentication request
(4.2.2) contains a unique mobile device (4.2) serial number and a
unique software (4.2.2) license key that are passed from the mobile
device (4.2) to the PC (4.8) using message (4.2.3). PC (4.8) sends
an authentication request (4.8.1) to remote computing device (4.5).
The authentication request (4.8.1) contains the software (4.2.2)
license key and mobile device (4.2) serial number obtained from
message (4.2.2). Message (4.8.1) also contains a serial number to
uniquely identify the PC (4.8).
[0094] The remote computing device (4.5) receives the
authentication request (4.8.1) from PC (4.8). The remote computing
device (4.5) retrieves from the security settings file (4.6) the
unique settings related to the mobile device (4.2) using the unique
software (4.2.2) license key and validates that the license key is
authorized for use with the mobile device. If the license key and
mobile device serial numbers are determined to be a valid
combination, the software application is further validated to
determine if it is authorized for use on the connected PC (4.8). If
the mobile device (4.2) and software license key for software
application (4.2.2) are valid for use with PC (4.8) message (4.6.2)
is returned to software application (4.2.2) executed by PC (4.8)
indicating that data may be transferred from remote computing
device (4.5) to PC (4.8).
[0095] Data is transferred (e.g. downloaded) from remote storage
device (4.4) onto PC (4.8) using message (4.4.1). Upon receipt of
message (4.4.1) the software application (4.2.2) stores data
downloaded from the remote storage device (4.4) onto PC (4.8). Data
is decrypted prior to storage using an encryption key that is
uniquely related to the license key for software application
(4.2.2). Software application (4.2.2) executed using the CPU and
network resources of PC (4.8) stores message (4.8.2) containing
details (which can include one or more of: file name, date
transferred, destination PC, and destination volume) of data
downloaded from remote storage device (4.4) to PC (4.8) into mobile
device database (4.2.4) and sends message (4.8.3) to remote
computing device (4.5) with the same details. Message (4.8.3) is
received by remote computing device (4.5) and stored as meta-data
logs (4.3). It should be appreciated by those who are skilled in
the art that a variety of methods of communication between the PCs,
mobile devices and the remote computing device (e.g. http, https,
xml, ftp, etc.) may be used and the invention should not be
construed as limited to any one set communication protocol or data
format. It should also be appreciated that the software application
(4.2.2) may be executed using the CPU and network resources of the
mobile communication device. Under this scenario, the above
described messages (e.g. 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.8.1, 4.8.2)
could utilize alternate message flow (4.2.6).
[0096] In other embodiments of the present invention as illustrated
in FIG. 5, a PC (5.1) comprising at least a CPU, keyboard, display,
storage, communication antenna, network card, non-volatile flash
memory, software application (5.1.4) and database (5.1.5) executes
software application (5.1.4) and requests the authentication of the
PC (5.1) using data contained in message (5.1.1). The
authentication request (5.1.1) contains a unique PC serial number
and a unique software license key that are passed from the PC (5.1)
to remote computing device (5.5) using message (5.1.1). The remote
computing device (5.5) receives the authentication request (5.1.1)
from PC (5.1). The remote computing device (5.5) retrieves from the
security settings file (5.6) unique security settings related to
the PC (5.1) using the unique software (5.1.4) license key and
validates that the license key is authorized for use with the PC.
If the software license key for software application (5.1.4) is
valid for use with PC (5.1), data is transferred (e.g. uploaded)
from PC (5.1) onto remote computing device (5.5) using message
(5.1.2).
[0097] Upon receipt of message (5.1.2) the remote computing device
(5.5) stores transferred PC data into the remote storage device
(5.4). Data is encrypted by software application (5.1.4) prior to
upload and storage into remote storage device (5.4) using an
encryption key that is uniquely related to the license key for
software application (5.1.4). Software application (5.1.4) executed
using the CPU of PC (5.1) stores details of data transferred from
PC (5.1) to remote storage device (5.4) as meta-data logs on PC
database (5.1.5). Software application (5.1.4) executed using the
CPU and network resources of PC (5.1) sends message (5.1.3) to
remote computing device (5.5) containing the same details of data
transferred. Message (5.1.3) is received by remote computing device
(5.5) and stored as meta-data logs (5.3).
[0098] PC (5.1) then sends a data sharing request message (5.1.6)
to remote computing device (5.5). Remote computing device (5.5)
checks security settings (5.6) to determine if the data sharing
request message is authorized for this user. If the data sharing
request message is authorized, the remote computing device (5.5)
updates security settings (5.6) to enable a security rule with the
specific details regarding the data to be shared (e.g. a record is
written in the security settings file (5.6) which can include one
or more of: from user, to user, destination PC, data files,
expiration date, maximum downloads, etc.) and sends email message
(5.5.1) to PC (5.8), comprising at least a CPU, keyboard, display,
storage, communication antenna, network card, non-volatile flash
memory, Internet browser (5.8.2) and email client (5.8.3). Email
(5.5.1) is received by PC (5.8) containing instructions regarding
how to obtain data from remote storage device (5.4) and includes a
link to specific data to be downloaded from remote storage device
(5.4) to PC (5.8).
[0099] Upon receipt of the email, the user of PC (5.8) selects the
link provided in email (5.5.1) establishing authentication request
message (5.8.1) with remote computing device (5.5). The
authentication request (5.8.1) contains a unique PC (5.8) serial
number and a unique User ID and Password that are passed from the
PC (5.8) to the remote computing device (5.5) using message
(5.8.1). The remote computing device (5.5) receives the
authentication request (5.8.1) from PC (5.8). The remote computing
device (5.5) retrieves from the security settings file (5.6) the
unique settings related to the User Id and password obtained in
message (5.8.1) and further validates that the User Id and Password
are presently valid and authorized for use with the PC serial
number obtained from PC (5.8).
[0100] If the User Id and Password are determined to be valid for
PC (5.8), data is transferred from remote storage device (5.4) onto
PC (5.8) using message (5.4.1). Upon receipt of message (5.4.1) the
downloaded data is stored on PC (5.8). Data is decrypted by remote
computing device (5.5) prior to transmission using an encryption
key that is uniquely related to the license key for software
application (5.1.4). Remote computing device (5.5) sends internal
message (5.5.2) containing details (which can include one or more
of: file name, user name, destination PC, destination volume, and
date transferred) of data transferred from remote storage device
(5.4) to PC (5.8). Message (5.5.2) is stored as meta-data logs
(5.3). It should be appreciated by those who are skilled in the art
that a variety of methods of communication between the PCs, mobile
devices, and the remote computing device (e.g. http, https, xml,
ftp, etc.) may be used and the invention should not be construed as
limited to any one set communication protocol or data format.
[0101] In other embodiments of the present invention as illustrated
in FIG. 6, a PC (6.1) comprising at least a CPU, keyboard, display,
storage, communication antenna, network card, non-volatile flash
memory, software application (6.1.4) and database (6.1.5) executes
software application (6.1.4) and requests the authentication of PC
(6.1) with data contained in message (6.1.1). The authentication
request (6.1.1) contains a unique PC serial number and a unique
software license key that are passed from the PC (6.1) to remote
computing device (6.5) using message (6.1.1). The remote computing
device (6.5) receives the authentication request (6.1.1) from PC
(6.1). The remote computing device (6.5) retrieves from the
security settings file (6.6) unique security settings related to
the PC (6.1) using the unique software (6.1.4) license key and
validates that the license key is authorized for use with the PC
(6.1).
[0102] If the software license key for software application (6.1.4)
is valid for use with PC (6.1) data is transferred (e.g. uploaded)
from PC (6.1) onto remote computing device (6.5) using message
(6.1.2). Upon receipt of message (6.1.2) the remote computing
device (6.5) stores transferred PC data into the remote storage
device (6.4). Data is encrypted by software application (6.1.4)
prior to upload and storage into remote storage device (6.4) using
an encryption key that is uniquely related to the license key for
software application (6.1.4). Software application (6.1.4) executed
using the CPU of PC (6.1) stores details of data transferred from
PC (6.1) to remote storage device (6.4) as meta-data logs on PC
database (6.1.5). Software application (6.1.4) executed using the
CPU and network resources of PC (6.1) sends message (6.1.3)
containing details of data transferred from PC (6.1) to remote
storage device (6.4). Message (6.1.3) is received by remote
computing device (6.5) and stored as meta-data logs (6.3).
[0103] PC (6.1) then sends a data sharing request message (6.1.6)
to remote computing device (6.5). Remote computing device (6.5)
checks security settings (6.6) to determine if the data sharing
request message is authorized for this user. If the data sharing
request message is authorized, the remote computing device (6.5)
updates security settings (6.6) to enable a security rule with the
specific details regarding the data to be shared (e.g. a record is
written in the security settings file (6.6) which can include one
or more of: from user, to user, destination PC, data files,
expiration date, maximum downloads, etc.) and sends email message
(6.5.1) to mobile communication device (6.8), comprising at least a
CPU, keyboard, display, communication antenna, non-volatile flash
memory, Internet browser (6.8.2) and email client (6.8.3). The
email (6.5.1) contains instructions regarding how to obtain data
from remote storage device (6.4) and includes a link to specific
data files to be downloaded from remote storage device (6.4) to
mobile communication device (6.8).
[0104] Upon receipt of the email, the user of mobile communication
device (6.8) selects the link provided in email (6.5.1)
establishing authentication request message (6.8.1) with remote
computing device (6.5). The authentication request (6.8.1) contains
a unique mobile communication device serial number and a unique
User ID and Password that are passed from the mobile communication
device (6.8) to the remote computing device (6.5) using message
(6.8.1). The remote computing device (6.5) receives the
authentication request (6.8.1) from mobile communication device
(6.8). The remote computing device (6.5) retrieves from the
security settings file (6.6) the unique settings related to the
User Id and Password obtained in message (6.8.1) and further
validates that the User Id and Password are presently valid and
authorized for use with the mobile communication device serial
number obtained from mobile communication device (6.8).
[0105] If the User Id and Password are determined to be valid for
mobile communication device (6.8), data is downloaded from remote
storage device (6.4) onto mobile communication device (6.8) using
message (6.4.1). Upon receipt of message (6.4.1) the downloaded
data is stored on mobile communication device (6.8). Data is
decrypted by the remote computing device (6.5) prior to
transmission using an encryption key that is uniquely related to
the license key for software application (6.1.4). Remote computing
device (6.5) sends internal message (6.5.1) containing details of
data transferred from remote storage device (6.4) to mobile
communication device (6.8). Message (6.5.1) is stored as meta-data
logs (6.3). It should be appreciated by those who are skilled in
the art that a variety of methods of communication between the PCs,
mobile devices and the remote computing device (e.g. http, https,
xml, ftp, etc.) may be used and the invention should not be
construed as limited to any one set communication protocol or data
format.
[0106] In other embodiments of the present invention as illustrated
in FIG. 7, a mobile communication device (7.1) comprising at least
a CPU, keyboard, display, communication antenna, non-volatile flash
memory, software application (7.1.4) and database (7.1.5) executes
software application (7.1.4) and requests authentication of mobile
communication device (7.1) using data contained in message (7.1.1).
The authentication request (7.1.1) contains a unique mobile
communication device (7.1) serial number and a unique software
(7.1.4) license key that are passed from the mobile communication
device (7.1) to remote computing device (7.5) using message
(7.1.1). The remote computing device (7.5) receives the
authentication request (7.1.1) from mobile communication device
(7.1). The remote computing device (7.5) retrieves from the
security settings file (7.6) unique security settings related to
the mobile communication device (7.1) using the unique software
(7.1.4) license key and validates that the license key is
authorized for use with the mobile communication device.
[0107] If the software license key for software application (7.1.4)
is valid for use with mobile communication device (7.1), data is
transferred (e.g. uploaded) from mobile communication device (7.1)
onto remote computing device (7.5) using message (7.1.2). Upon
receipt of message (7.1.2) the remote computing device (7.5) stores
transferred mobile communication device data into the remote
storage device (7.4). Data is encrypted by software application
(7.1.4) prior to upload and storage into remote storage device
(7.4) using an encryption key that is uniquely related to the
license key for software application (7.1.4). Software application
(7.1.4) executed using the CPU of Mobile Communication Device (7.1)
stores details of data transferred from Mobile Communication Device
(7.1) to remote storage device (7.4) as meta-data logs on mobile
device database (7.1.5). Software application (7.1.4) executed by
the CPU of mobile communication device (7.1) sends message (7.1.3)
containing details of data transferred from mobile communication
device (7.1) to remote storage device (7.4). Message (7.1.3) is
received by remote computing device (7.5) and stored as meta-data
logs (7.3).
[0108] Mobile communication device (7.1) sends a data sharing
request message (7.1.6) to remote computing device (7.5). Remote
computing device (7.5) checks security settings (7.6) to determine
if the data sharing request message is authorized for this user. If
the data sharing request message is authorized, the remote
computing device (7.5) updates security settings (7.6) to enable a
security rule with the specific details regarding the data to be
shared (e.g. from user, to user, destination device, data files,
expiration date, maximum downloads, etc.) and sends text message
(7.5.1) to mobile communication device (7.8). The text message
(7.5.1) contains instructions regarding how to obtain data from
remote storage device (7.4) and includes a link to specific data
files to be downloaded from remote storage device (7.4) to mobile
communication device (7.8), comprising at least a CPU, keyboard,
display, communication antenna, non-volatile flash memory, and
Internet browser (7.8.2).
[0109] Upon receipt of the text message, the user of mobile
communication device (7.8) selects the link provided in text
message (7.1.4) establishing authentication request message (7.8.1)
with remote computing device (7.5). The authentication request
(7.8.1) contains a unique User ID and Password that are passed from
the mobile communication device (7.8) to the remote computing
device (7.5) using message (7.8.1). The remote computing device
(7.5) receives the authentication request (7.8.1) from mobile
communication device (7.8). The remote computing device (7.5)
retrieves from the security settings file (7.5) the unique settings
related to the User Id and Password from mobile device (7.8) and
further validates that the User Id and Password obtained in message
(7.8.1) are presently valid and authorized for use with the mobile
communication device serial number obtained from mobile
communication device (7.8).
[0110] If the User Id and Password are determined to be valid for
mobile communication device (7.8) data is transferred from remote
storage device (7.4) onto mobile communication device (7.8) using
message (7.4.1). Upon receipt of message (7.4.1) the downloaded
data is stored on mobile communication device (7.8). Data is
decrypted by remote computing device (7.5) prior to transmission
using an encryption key that is uniquely related to the license key
for software application (7.1.4). Remote computing device (7.5)
sends internal message (7.5.2) containing details of data
transferred from remote storage device (7.4) to mobile
communication device (7.8). Message (7.5.2) is stored as meta-data
logs (7.3). It should be appreciated by those who are skilled in
the art that a variety of methods of communication between the PCs,
mobile devices and the remote computing device (e.g. http, https,
xml, ftp, etc.) may be used and the invention should not be
construed as limited to any one set communication protocol or data
format.
[0111] Although the exemplary embodiments herein are generally
described in the context of software modules running on a computing
device, those skilled in the art will recognize that the present
invention also can be implemented in conjunction with other program
modules in other types of computing environments. Furthermore,
those skilled in the art will recognize that the present invention
may be implemented in a stand-alone or in a distributed computing
environment. In a distributed computing environment, program
modules may be physically located in different local and remote
memory storage devices. Execution of the program modules may occur
locally in a stand-alone manner or remotely in a client/server
manner. Examples of such distributed computing environments include
local area networks of an office, enterprise-wide computer
networks, and the global Internet.
[0112] The detailed description of the exemplary embodiments
includes processes and symbolic representations of operations by
conventional computer components, including processing units,
memory storage devices, display devices and input devices. These
processes and symbolic representations are the means used by those
skilled in the art of computer programming and computer
construction to most effectively convey teachings and discoveries
to others skilled in the art. These processes and operations may
utilize conventional computer components in a distributed computing
environment, including remote file servers, remote computer
servers, and remote memory storage devices. Each of these
conventional distributed computing components is accessible by a
processing unit via a communications network.
[0113] The present invention includes computer hardware and
software which embody the functions described herein and
illustrated in the appended flow charts. However, it should be
apparent that there could be many different ways of implementing
the invention in computer programming, and the invention should not
be construed as limited to any one set of computer program
instructions. Further, a skilled programmer would be able to write
such a computer program to implement the disclosed invention
without difficulty based on the flow charts and associated
description in the application text, for example. Therefore,
disclosure of a particular set of program code instructions is not
considered necessary for an adequate understanding of how to make
and use the invention. The inventive functionality of the claimed
computer hardware and software will be explained in more detail in
the following description in conjunction with the other figures in
the application.
[0114] Referring now to FIG. 8, aspects of an exemplary computing
environment in which the present invention can operate are further
illustrated. Those skilled in the art will appreciate that FIG. 8
and the associated discussion are intended to provide a brief,
general description of the preferred computer hardware and program
modules, and that additional information is readily available in
the appropriate programming manuals, user's guides, and similar
publications.
[0115] FIG. 8 illustrates a conventional computing device 120
suitable for supporting the operation of the preferred embodiment
of the present invention as illustrated previously in FIGS. 1, 2,
3, 4, 5, 6, and 7 and referenced as the PCs (1.1, 2.1, 3.1, 4.1,
5.1, 6.1, 1.4, 2.4, 3.8, 4.8, 5.8) and remote computing devices
(1.5, 2.5, 3.5, 4.5, 5.5, 6.5, 7.5). In FIG. 8, the computing
device 120 operates in a networked environment with logical
connections to one or more remote computers 111. The logical
connections between computing device 120 and remote computer 111
are represented by a local area network 173 and a wide area network
152. Those of ordinary skill in the art will recognize that in this
client/server configuration, the remote computer 111 may function
as a remote computing device or remote storage device.
[0116] The computing device 120 includes a processing unit 121,
such as "PENTIUM" microprocessors manufactured by Intel Corporation
of Santa Clara, Calif. The computing device 120 also includes
system memory 122, including read only memory (ROM) 124 and random
access memory (RAM) 125, which is connected to the processor 121 by
a system bus 123. The preferred computing device 120 utilizes a
BIOS 126, which is stored in ROM 124. Those skilled in the art will
recognize that the BIOS 126 is a set of basic routines that helps
to transfer information between elements within the computing
device 120. Those skilled in the art will also appreciate that the
present invention may be implemented on computers having other
architectures, such as computers that do not use a BIOS, and those
that utilize other microprocessors.
[0117] Within the computing device 120, a local hard disk drive 127
is connected to the system bus 123 via a hard disk drive interface
132. A floppy disk drive 128, which is used to read or write a
floppy disk 129, is connected to the system bus 123 via a floppy
disk drive interface 133. A CD-ROM or DVD drive 130, which is used
to read a CD-ROM or DVD disk 131, is connected to the system bus
123 via a CD-ROM or DVD interface 134. A user enters commands and
information into the computing device 120 by using input devices,
such as a keyboard 140 and/or pointing device, such as a mouse 142,
which are connected to the system bus 123 via a serial port
interface 146. Other types of pointing devices (not shown in FIG.
8) include track pads, track balls, pens, head trackers, data
gloves and other devices suitable for positioning a cursor on a
computer monitor 147. The monitor 147 or other kind of display
device is connected to the system bus 123 via a video adapter
148.
[0118] The remote computer 111 in this networked environment is
connected to a remote memory storage device 150. This remote memory
storage device 150 is typically a large capacity device such as a
hard disk drive, CD-ROM or DVD drive, magneto-optical drive or the
like. Those skilled in the art will understand that software
modules are provided to the remote computer 111 via
computer-readable media. The computing device 120 is connected to
the remote computer by a network interface 153, which is used to
communicate over the local area network 173.
[0119] In an alternative embodiment, the computing device 120 is
also connected to the remote computer 111 by a modem 154, which is
used to communicate over the wide area network 152, such as the
Internet. The modem 154 is connected to the system bus 123 via the
serial port interface 146. The modem 154 also can be connected to
the public switched telephone network (PSTN) or community antenna
television (CATV) network. Although illustrated in FIG. 8 as
external to the computing device 120, those of ordinary skill in
the art can recognize that the modem 154 may also be internal to
the computing device 120, thus communicating directly via the
system bus 123. Connection to the remote computer 111 via both the
local area network 173 and the wide area network 152 is not
required, but merely illustrates alternative methods of providing a
communication path between the computing device 120 and the remote
computer 111.
[0120] Although other internal components of the computing device
120 are not shown, those of ordinary skill in the art will
appreciate that such components and the interconnection between
them are well known. Accordingly, additional details concerning the
internal construction of the computing device 120 need not be
disclosed in connection with the present invention.
[0121] Those skilled in the art will understand that program
modules, such as an operating system 135 and other software modules
160a, 163a and 166a, and data are provided to the computing device
120 via computer-readable media. In the preferred computing device,
the computer-readable media include the local or remote memory
storage devices, which may include the local hard disk drive 132,
floppy disk 129, CD-ROM or DVD 131, RAM 125, ROM 124, and the
remote memory storage device 150.
[0122] In other embodiments as illustrated in FIG. 9, an input
device (9.1) is operable to add, change, or delete security
settings stored within a remote storage device (9.6) comprised
within a remote computing device (9.5). Security settings can
include a list of authorized users, passwords, devices, and
software license keys. A mobile device (9.8) is connected to a PC
(9.2). A software application (9.8.2) (not shown) resident within
the mobile device (9.8) is executed by the CPU of the PC (9.2).
Using message (9.8.1) the software application requests data to be
transferred to the PC (9.2) from the mobile device (9.8). The PC
(9.2) sends the request message (9.2.1) to the remote computing
device (9.5). The remote computing device approves or denies the
request based on the security settings that are stored within the
remote storage device (9.6). The approval or denial of the request
is sent back to the software application executed by the first PC
using message (9.6.1). If the request is approved, data is
transferred from the mobile device (9.8) to the PC (9.2) using
message (9.2.2) in accordance with the request. It should be
appreciated by those who are skilled in the art that a variety of
methods of communication between the mobile device and the PC,
between the PC and the remote computing device, and between the
input device and the remote computing device (e.g. http, https,
xml, ftp, etc.) may be used and the invention should not be
construed as limited to any one set communication protocol or data
format. It should also be appreciated that the mobile device may
comprise a simple storage device with no CPU or it may comprise a
mobile communication device with at least a CPU operable for
executing the software application.
[0123] In other embodiments as illustrated in FIG. 10, a mobile
device (10.8) is connected to a PC (10.2). Using message (10.8.1)
data is transferred from the mobile device (10.8) to the PC (10.2).
Using message (10.2.2) data is transferred from PC (10.2) to the
mobile device (10.8). A record of the data that is transferred
between the mobile device (10.8) and the PC (10.2) is transferred
using message (10.2.1) to a remote computing device (10.5)
comprising a meta data log file (10.3). The remote computing device
can be operable to store the received record into the meta data log
file. Meta data stored can include file name, file type,
originating PC, originating volume, destination PC, destination
volume, user, and date. An input device (10.1) is operable to
request information about the movement of data between the mobile
device (10.8) and the PC (10.2). The remote computing device
receives message (10.1.1) and processes the information request
using data contained within the meta data log file. A report is
produced by the remote computing device (10.5) based on the
information request. The report is delivered to an output device
(10.7) using message (10.3.1). It should be appreciated by those
who are skilled in the art that a variety of methods of
communication between the mobile device and the PC, between the PC
and the remote computing device, between the input device and the
remote computing device, and between the remote computing device
and the output device (e.g. http, https, xml, ftp, etc.) may be
used and the invention should not be construed as limited to any
one set communication protocol or data format. It should also be
appreciated that the mobile device may comprise a simple storage
device with no CPU or it may comprise a mobile communication device
with at least a CPU operable for executing the software
application.
[0124] In other embodiments as previously disclosed in Provisional
Patent Application 61/130,207 (to which the present application
claims priority and incorporates by reference), the present
invention relates to a method for accessing data stored on remote
file servers using a software application stored on mobile devices
such as USB flash drives, mobile phones, PDAs, BlackBerrys, and
similar devices facilitating a multi-factor authentication
method.
[0125] In recent years the numbers of USB flash drives and mobile
devices with internal non-volatile flash memory have increased
significantly. Conventional methods for accessing data stored on
remote file servers are not effective for preventing unauthorized
access. Most secure methods require a user id and password. Some
methods also require a secure connection such as SSL or a VPN.
These methods will not fully ensure that data cannot be accessed by
an unauthorized person. Therefore, a need exists for a method that
addresses these shortcomings in the prior art through the use of
multi-factor authentication.
[0126] The present invention answers these needs by providing an
apparatus and method for limiting access to data stored on a
central file server or mass storage device, herein referred to as a
remote storage device.
[0127] According to the present invention design, a software
application resident on the non-volatile memory device (e.g. USB
flash drive, mobile phone, PDA) is used to access the data stored
on the remote storage device.
[0128] The user of the mobile device is required to enter a user
name and password onto the device which is authenticated by the
software application on the device.
[0129] The software application on the mobile device may be
executed in two manners: [0130] (i) If the mobile device is
connected to a local computer (either through a physical connection
such as a USB or firewire or using a near field communication
method such as blue tooth or RFID), the software application will
utilize the CPU resources and network connections of the connected
computer. [0131] (ii) If the mobile device is not connected to a
local computer, the software application will utilize the CPU
resources and network connections of the mobile device.
[0132] Files may be transferred (e.g. uploaded or downloaded) to or
from the remote storage device only using the application on the
mobile device.
[0133] Files may also be transferred directly to or from the remote
storage device and to or from a designated authorized computer.
[0134] Alternatively, files may be transferred to or from the
remote storage device and to or from the mobile device itself.
[0135] The movement of data may further be controlled by security
rules resident on the non-volatile flash memory, mobile device and,
or a remote storage device.
[0136] Embodiments of the present invention are described below by
way of illustration. Other approaches to implementing the present
invention and variations of the described embodiments may be
constructed by a skilled practitioner and are considered within the
scope of the present invention.
[0137] Referring now to FIG. 11, Mobile Device (11.2) with internal
application serves as multi-factor authentication for remote data
access. Mobile Device (11.2) may connect to Computer (11.1) using
NFC or physical connection. Computer (11.1) transfers data files to
and from a remote server using an internet or network connection
and using the CPU resources of the computer.
[0138] Referring now to FIG. 12, Mobile Device (12.1) with internal
application serves as multi-factor authentication for remote data
access. Mobile Device (12.1) transfers data files to and from a
remote server using an internet or network connection and using the
CPU resources of the Mobile Device (12.1).
[0139] In other embodiments as previously disclosed in Provisional
Patent Application 61/130,206 (to which the present application
claims priority and incorporates by reference), the number of
personal computers has increased significantly. Computers are used
to store files and folders containing personal and business
information such as music, pictures, spreadsheets, drawing, and
other documents. Individuals and businesses often share data files
by sending these files as attachments over the Internet. Current
methods can protect data through automatic encryption; however,
many individual users do not encrypt attachments prior to
transmission. In addition, large files are often difficult to send
as email attachments. There are no current methods which can serve
to easily and securely share data stored on a sender's PC with a
recipient's PC or Mobile device. Therefore, a need exists for a
method that addresses these shortcomings in the prior art by easily
and securely sharing data stored on PCs.
[0140] The present invention answers these needs by providing an
apparatus and method for sharing data stored on a PC using a
software application and a relational database stored on a central
file server.
[0141] According to the present invention design, a secure database
resident on the central file server is accessed by the sender's
software application using the sender's encryption keys.
[0142] The sender authorizes the recipient to access selected files
and folders that are stored in the sender's database.
[0143] The recipient initiates a transfer request to receive the
selected files and folders. Subsequently, the selected files and
folders are decrypted using the sender's encryption keys and
encrypted using the recipient's encryption keys. The re-encrypted
files are then stored in the recipient's database.
[0144] Files may be tagged with access rights granted by the
original sender which will serve to govern the subsequent use and
lifespan of the selected files and folders.
[0145] Embodiments of the present invention are described below by
way of illustration.
[0146] Referring now to FIG. 13, a software agent on a Sender's PC
uploads selected files and folders for digital sharing to a central
file server. Files are stored in separate encrypted relational
databases on the central file server which can comprise a Sender's
database and a Recipient's database. Files are transferred from
Sender's database to Recipient's database. Data is decrypted with
sender's key and encrypted with recipient's key. A software agent
on the Recipient's PC accesses selected files and folders from the
relational database on the central file server.
[0147] Referring now to FIG. 14, a software agent on a Sender's PC
uploads selected files and folders for digital sharing to a central
file server. Files are stored in separate encrypted relational
databases on the central file server which can comprise a Sender's
database and a Recipient's database. Files are transferred from
Sender's database to Recipient's database. Data is decrypted with
sender's key and encrypted with recipient's key. A software agent
on the Recipient's Mobile Device accesses selected files and
folders from the relational database on the central file
server.
[0148] As described in other embodiments as previously disclosed in
Provisional Patent Application 61/130,189 (to which the present
application claims priority and incorporates by reference), in
recent years the number of mobile devices with internal
non-volatile flash memory has increased significantly. These
devices are routinely used for sending and receiving email and text
messages. Devices are also increasingly used to store files and
folders containing personal and business information such as music,
pictures, spreadsheets, drawing, and other documents. There are no
current methods which can serve to easily and securely share data
stored on non-volatile flash memory contained within mobile devices
with recipients using computers or other mobile devices.
[0149] Therefore, a need exists for a method that addresses these
shortcomings in the prior art by easily and securely sharing data
stored on mobile devices without the need for a computer to send or
receive files.
[0150] The present invention answers these needs by providing an
apparatus and method for sharing data stored on a nonvolatile
memory device using a secure database resident on the flash memory
and a software application on the mobile device. Embodiments of the
present invention are described below by way of illustration.
[0151] FIG. 15 illustrates Secure Mobile Data Sharing comprising
mobile devices with data storage. Mobile devices are shown as
Mobile Device 1 (sender's device) and Mobile Device 2 (recipient's
device). FIG. 15 also highlights a Recipient's PC.
[0152] According to the present invention design, a secure database
resident on the non-volatile memory device provides a virtual
container for storing and organizing selected data files stored on
the device.
[0153] Emails, text messages or other file transfer methods (such
as FTP) may be originated from the mobile device wherein data
contained within the database (or data stored on the non-volatile
flash memory outside of the database) may be attached to an email
or text message. Or the data may be sent or received directly using
a transmission method such as FTP.
[0154] Data may be attached either in a non-secured format (e.g. in
the clear) or in a secured format (e.g. encrypted). [0155] (i)
Secured data files are subsequently received and stored directly
into a database on the recipient's computer or mobile device.
[0156] (ii) Non-secured data files may be saved directly onto the
recipient's computer or a mobile devices internal non-volatile
flash memory.
[0157] In other embodiments as previously disclosed in Provisional
Patent Application 61/130,223 (to which the present application
claims priority and incorporates by reference), the present
invention relates to a method for securing data stored on mobile
devices such as USB flash drives, mobile phones, PDAs, BlackBerrys,
and similar devices. In recent years the numbers of USB flash
drives and mobile devices with internal non-volatile flash memory
have increased significantly. Conventional methods for limiting
access to confidential data stored on these devices are not
effective. Furthermore, there are no current methods which can
serve to control and log the movement of data to and from
non-volatile flash memory contained within mobile devices and other
portable storage devices.
[0158] Therefore, a need exists for a method that addresses these
shortcomings in the prior art by securing data while stored on
mobile devices and portable storage devices, through the logging of
data as it moves on and off these devices, and by controlling the
movement of this data.
[0159] The present invention answers these needs by providing an
apparatus and method for limiting access to data stored on a
nonvolatile memory device using software applications and a central
security server.
[0160] According to the present invention design, a software
application resident on the non-volatile memory device provides a
secure "virtual vault-like container" for all data files stored on
the device.
[0161] As files are transferred to the container and from the
container, logs are created by the software application that
provide a history of this movement of data. These logs are
periodically uploaded and stored on a central security file
server.
[0162] A software application may also be resident on the mobile
device or PDA which will serve to provide immediate logging of the
movement of data to and from the device.
[0163] Logs can be viewed by authorized users to monitor the
movement of data to and from portable storage devices and mobile
devices with non-volatile flash memory.
[0164] The movement of data may further be controlled by security
rules resident on the non-volatile flash memory, mobile device
and/or on the file server.
[0165] Embodiments of the present invention are described below by
way of illustration.
[0166] Referring now to FIG. 16, a mobile device with data storage
is depicted. Files are transferred to and from the mobile device
from a first computer and a second computer. The mobile device logs
and controls the movement of the data using an internet or wireless
connection to a remote server.
[0167] Referring now to FIG. 17, a portable storage device with
data storage is depicted. Files are transferred to and from the
portable storage device from a first computer and a second
computer. The first computer and the second computer log and
control the movement of the data using an internet connection to a
remote server. Those skilled in the art will recognize that the
foregoing embodiments are merely illustrative and that the
invention can be implemented with a variety of computing devices in
a variety of different architectures. For example, the components
of the remote computing device can be distributed among multiple
computers in various locations. As another example, the sequence of
steps described in connection with each of the foregoing
embodiments are illustrative and certain steps can occur in other
sequences in alternate embodiments of the invention. Other changes
may be made to the foregoing embodiments without departing from the
spirit and scope of the invention as defined in the claims.
* * * * *