US8,266,438 B2
`(10) Patent No.:
`az) United States Patent
`Orsiniet al.
`(45) Date of Patent:
`*Sep. 11, 2012
`
`
`US008266438B2
`
`4,924,513 A
`4,932,057 A
`5,010,572 A
`2er A
`.
`’
`5.150.407 A
`5,163,096 A
`5,268,963 A
`
`5/1990 Herbisonetal.
`6/1990 Kolbert
`4/1991 Bathrick et al.
`3,hoot Micall et al.
`atz
`9/1992 Chan
`11/1992 Clark et al.
`12/1993 Monroeetal.
`(Continued)
`
`AU
`
`FOREIGN PATENT DOCUMENTS
`2004248016 B2
`. 12/2004
`(Continued)
`OTHER PUBLICATIONS
`Myerset al “A secure, publisher-centric Web caching infrastructure”
`In: INFOCOM 2001 Proceedings. IEEE Twentieth Annual Joint
`Conference of the IEEE Computer and Communications Societies
`[online], vol. 3 p. 1235-1243. Published Apr. 22, 2001. [retrieved on
`Jul. 8, 2008]. Retrieved from the interenet <URL: http://people.
`ischool.berkeley.edu/-chuang/pubs/gemini_pdf.
`(Continued)
`
`(54) SECURE DATA PARSER METHOD AND
`SYSTEM
`Inventors: Rick L. Orsini, Flower Mound, TX
`3
`(US); Mark S. O’Hare, Coto De Caza,
`CA (US); Roger Davenport, Campbell,
`TX (US); Steven Winick, Roslyn
`Heights, NY (US)
`(73) Assignee: Security First Corp., Rancho Santa
`Margarita, CA (US)
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`US.C. 154(b) by 1813 days.
`as patent is subject to a terminal dis-
`Cranmer.
`(21) Appl. No.: 11/258,839
`(22)
`Filed:
`Oct. 25, 2005
`. o
`(65)
`Prior Publication Data
`US 2006/0177061 Al
`Aug. 10, 2006
`Related U.S. Application Data
`(60) Provisional 60/622.146. filedonOctlication No. Primary Examiner — Samson Lemma
`
`
`
`
`
`
`
`
`
`
`rovisional application No. Agent.orFirm —R.,146, filed on Oct. 74) Att & Grav LLP
`
`25, 2004, provisional application No. 60/718,185,
`(74)
`Attorney, Agent, or
`Firm
`opes
`may
`filed on Sep. 16, 2005.
`(57)
`ABSTRACT
`Int. CL.
`A secure data parser is provided that maybe integrated into
`(2006.01)
`HOAL 9/00
`any suitable system for securely storing and communicating
`(52) US. Ch cece 713/176; 380/33; 380/286
`data. The secure data parser parses data and then splits the
`(58) Field of Classification Search .................. 713/176,
`data into multiple portions that are stored or communicated
`713/ 186, 156; 380/33, 268, 270, 247, 286
`distinctly. Encryption of the original data, the portions of
`See application file for complete search history.
`data, or both may be employed for additional security. The
`.
`secure data parser may be used to protect data in motion by
`References Cited
`splitting original data into portionsof data, that may be com-
`municated using multiple communicationspaths.
`U.S. PATENT DOCUMENTS
`
`(75)
`
`(*) Notice:
`
`(51)
`
`(56)
`
`4,453,074 A
`
`6/1984 Weinstein
`
`66 Claims, 36 Drawing Sheets
`
`800~
`
`S = RECEIVED
`OATA
`
`POS
`
`GENERATE
`GENERATE
`G20
`RANDOM
`RANGOM
`
`
`
`NUMBER
`NUMBER
`
`A
`c
`
`
`
`GENERATE
`
`
`
`GENERATE S50
`
`
`
`
`
`APPLE 1006
`
`APPLE 1006
`
`1
`
`
`(10) Patent No.:
`az) United States Patent
`Orsiniet al.
`(45) Date of Patent:
`*Sep. 11, 2012
`
`
`US008266438B2
`
`4,924,513 A
`4,932,057 A
`5,010,572 A
`2er A
`.
`’
`5.150.407 A
`5,163,096 A
`5,268,963 A
`
`5/1990 Herbisonetal.
`6/1990 Kolbert
`4/1991 Bathrick et al.
`3,hoot Micall et al.
`atz
`9/1992 Chan
`11/1992 Clark et al.
`12/1993 Monroeetal.
`(Continued)
`
`AU
`
`FOREIGN PATENT DOCUMENTS
`2004248016 B2
`. 12/2004
`(Continued)
`OTHER PUBLICATIONS
`Myerset al “A secure, publisher-centric Web caching infrastructure”
`In: INFOCOM 2001 Proceedings. IEEE Twentieth Annual Joint
`Conference of the IEEE Computer and Communications Societies
`[online], vol. 3 p. 1235-1243. Published Apr. 22, 2001. [retrieved on
`Jul. 8, 2008]. Retrieved from the interenet <URL: http://people.
`ischool.berkeley.edu/-chuang/pubs/gemini_pdf.
`(Continued)
`
`(54) SECURE DATA PARSER METHOD AND
`SYSTEM
`Inventors: Rick L. Orsini, Flower Mound, TX
`3
`(US); Mark S. O’Hare, Coto De Caza,
`CA (US); Roger Davenport, Campbell,
`TX (US); Steven Winick, Roslyn
`Heights, NY (US)
`(73) Assignee: Security First Corp., Rancho Santa
`Margarita, CA (US)
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`US.C. 154(b) by 1813 days.
`as patent is subject to a terminal dis-
`Cranmer.
`(21) Appl. No.: 11/258,839
`(22)
`Filed:
`Oct. 25, 2005
`. o
`(65)
`Prior Publication Data
`US 2006/0177061 Al
`Aug. 10, 2006
`Related U.S. Application Data
`(60) Provisional 60/622.146. filedonOctlication No. Primary Examiner — Samson Lemma
`
`
`
`
`
`
`
`
`
`
`rovisional application No. Agent.orFirm —R.,146, filed on Oct. 74) Att & Grav LLP
`
`25, 2004, provisional application No. 60/718,185,
`(74)
`Attorney, Agent, or
`Firm
`opes
`may
`filed on Sep. 16, 2005.
`(57)
`ABSTRACT
`Int. CL.
`A secure data parser is provided that maybe integrated into
`(2006.01)
`HOAL 9/00
`any suitable system for securely storing and communicating
`(52) US. Ch cece 713/176; 380/33; 380/286
`data. The secure data parser parses data and then splits the
`(58) Field of Classification Search .................. 713/176,
`data into multiple portions that are stored or communicated
`713/ 186, 156; 380/33, 268, 270, 247, 286
`distinctly. Encryption of the original data, the portions of
`See application file for complete search history.
`data, or both may be employed for additional security. The
`.
`secure data parser may be used to protect data in motion by
`References Cited
`splitting original data into portionsof data, that may be com-
`municated using multiple communicationspaths.
`U.S. PATENT DOCUMENTS
`
`(75)
`
`(*) Notice:
`
`(51)
`
`(56)
`
`4,453,074 A
`
`6/1984 Weinstein
`
`66 Claims, 36 Drawing Sheets
`
`800~
`
`S = RECEIVED
`OATA
`
`POS
`
`GENERATE
`GENERATE
`G20
`RANDOM
`RANGOM
`
`
`
`NUMBER
`NUMBER
`
`A
`c
`
`
`
`GENERATE
`
`
`
`GENERATE S50
`
`
`
`
`
`APPLE 1006
`
`APPLE 1006
`
`1
`
`
`
`US 8,266,438 B2
`
`Page 2
`
`9/2004 Cham veccccscssssssesseeeen 713/193
`6,789,198 BL*®
`U.S. PATENT DOCUMENTS
`11/2004 Weidong
`6,819,766 BIL
`5375244 A
`10/1994 MeNair
`7
`i
`,
`5
`2/9008 Vachris etal
`C886383 Bl
`5,386,104 A
`1/1995 Sime
`10/2005 Toshika
`t 1
`6.952684 B2
`5,450,099 A
`9/1995 Stephensonetal.
`2
`ge etal.
`952,
`:
`10/2005 Terada et al.
`6,959,383 Bl
`5,485,474 A
`1/1996 Rabin
`12/2005 Hindetal.
`6,978,367 B1
`ois60 ‘
`Srloo Sampler
`2/2006 Holensteinet al.
`7,003,531 B2
`564508 A
`6/1997 ee
`§/2006 Ferre Herrero
`7,050,580 Bl
`ai
`tyaz
`6/2006 Ginter et al.
`7,069,451 B1
`5,666,414 A
`9/1997 Micali
`8/2006 Chen
`7,096,494 Bl
`5,666,416 A
`9/1997 Micali
`10/2006 Rumpet al.
`7,117,365 Bl
`5,682,425 A
`10/1997 Enari
`11/2006 Ginter etal.
`7,133,845 Bl
`5,703,907 A
`12/1997 James
`11/2006 Denningetal.
`7,143,289 B2
`aig ‘
`aioo8 Mica
`2/2007 Li
`7,174,385 B2
`748,
`3/2007 Dickinsonetal.
`7,187,771 Bl
`5,761,306 A
`6/1998 Lewis
`4/2007 Turner et al.
`7.203.871 B2
`oe ‘
`Oloos gchncler etal.
`5/2007 Nishimuraet al.
`7,218,736 Bl
`5790677 A
`8/1998 pwneta
`5/2007 Toshikage etal.
`7,225,158 B2
`oe
`‘
`10/2007 Chunget al.
`7,277,958 B2
`oboe ‘
`hoon Rosset al.
`11/2007 Forrest
`7,302,583 B2
`5,903,882 A
`5/1999 Asay et al
`
`5,910,987 A*6/1999 Ginter etal. occ 705/52 ayes BS eeoog Rajwan al
`
`oOOL ‘
`aes winter etal.
`7,412,462 B2
`8/2008 Margoluset al.
`ats
`ang
`7,428,751 B2
`9/2008 Oom Temudode Castroetal.
`5,937,066 A
`8/1999 Gennaroetal.
`7,444,421 B2
`10/2008 Katayama
`5,940,507 A
`8/1999 Caneet al.
`7,472,105 B2
`12/2008 Staddonet al.
`aoeIa ‘
`10/1909 Vial al
`7,546,427 B2
`6/2009 Gladwinetal.
`
`5,966,448 A*10/1999 Nambaetal. cccsssscsee 380/33 ree BS oeee Masinter cal
`5,974,144 A
`10/1999 Brandman
`oe
`010 Raju. fal "
`5,982,322 A
`11/1999 Bickley etal.
`so93 BS
`holo Watson
`:
`;
`;
`2
`atson
`5,987,232 A
`11/1999 Tabuki
`7,869,597 B2
`1/2011. Nakai etal.
`5991,414 A
`11/1999 Garayet al.
`8,151,333 B2
`4/2012 Zhuetal.
`5,995,630 A
`11/1999 Borza
`2001/0001876 Al
`5/2001 Morgan et al.
`6,009,177 A
`12/1999 Sudia
`2001/0051902 Al
`12/2001 Messner
`6,023,508 A
`2/2000 Bombard et al.
`2002/0010679 Al
`1/2002. Felsher
`eo ‘
`ase Micali
`2002/0032663 Al
`3/2002 Messner
`CORI37 A
`6/2000 Ellison
`2002/0046359 Al
`4/2002 Boden
`6,092,201 A
`7/2000 Turnbull etal.
`oeOeoleae “ ooo Gupta
`6,094,485 A
`7/2000 Weinstein et al.
`2002/0108037 Al
`8/2002 Baker
`6,118,874 A
`9/2000 Okamotoet al.
`2002/0129235 Al
`9/2002 Okamotoet al.
`eokod a oepot van porschot eta
`2002/0129245 Al
`9/2002 Cassagnolet al.
`540183 BL
`8001 Minchont’ ot et
`al.
`2002/0141590 AL
`10/2002 Montgomery
`240,
`2002/0162047 Al* 10/2002 Peters et al.
`cecssccccsuseeee 714/5
`6,240,187 Bl
`5/2001 Lewis
`2002/0172358 Al
`11/2002 Hurich
`6,256,737 Bl
`7/2001 Biancoet al.
`2003/0051054 Al
`3/2003. Redlich etal.
`6,260,125 Bl ee Mepowell
`2003/0051159 Al
`3/2003 McGownetal.
`eee BI
`aot R eh
`2003/0058274 Al
`3/2003 Hill etal.
`CeO4S BL
`OOOL Rauhoretal
`2003/0068041 Al
`4/2003 Wee et al.
`2540BI
`901 Kon
`sumo AL
`488 ehh a
`.
`.
`.
`Z
`U.
`
`........... 713/201
`Cosa BI
`Suet ane: Ill etal.
`2003/0167408 Al*
`9/2003. Fitzpatrick et al.
`6301659 BL
`10/2001 Mici
`2004/0049687 ALl*
`3/2004 Orsinietal. oo... 713/189
`6307.940 BI
`10/2001. Y.
`oto et al
`2004/0111608 Al
`6/2004 Oom Temudo de Castro et al.
`6,314,409 B2
`11/2001 Schnecket al.
`peaotsecos ‘I
`Coad Sidman 1
`6,324,650 Bl
`11/2001 Ogilvie
`5004/0267832 Al
`12/2004 Wonget al
`6,336,186 Bl
`1/2002 Dyksterhouseetal.
`5005/0273686 Al
`12/2005 Turmcretal
`
`6,345,101 Bl neretal.2/2002 Shukla 5
`
`
`Cees BL
`00002 Cale ctal
`2006/0177061 Al
`8/2006. Orsini et al.
`345,
`2006/0184764 Al
`8/2006. Osaki
`6,356,941 BL
`3/2002 Cohen
`2006/0282681 Al
`12/2006 Scheidt et al.
`eeeie BI ae cook et al.
`2006/0294378 Al
`12/2006 Lumsdenet al.
`6386451 BL
`3/2002 Schr
`2007/0160198 Al
`7/2007 Orsinietal.
`386,
`2007/0192586 Al
`8/2007 McNeely
`CaaS BI
`O00. ae
`2008/0137857 Al
`6/2008. Bellare etal.
`6438690 BL
`8/2002 Pateletal
`2008/0147821 Al
`6/2008 Dietrich et al.
`Oe0d BL
`4000)
`Pane
`stot
`2008/0170693 Al
`7/2008.
`Spiesetal.
`6449730 B2
`9/2002 Manyetal
`2008/0183975 Al
`7/2008 Fosteretal.
`6453416 Bl
`9/2002 Epstein
`2008/0183992 Al
`7/2008 Martinet al.
`6.483.921 Bl
`11/2002. Harkins
`2008/0199003 Al
`8/2008 Hennesseyetal.
`6,553,493 Bl
`4/2003 Okumuraet al.
`2008/0244277 Al
`10/2008 Orsini et al.
`6,615,347 BL
`9/2003 de Silvaetal.
`2008/0281879 Al
`11/2008 Kawamura
`6,625,734 Bl
`9/2003 Marvit et al.
`2009/0077379 Al
`3/2009 Geyzeletal.
`6,631,201 B1
`10/2003 Dickinsonetal.
`2009/0097661 Al
`4/2009 Orsinietal.
`6,684,330 BL
`1/2004 Wacket al.
`2009/0177894 Al
`7/2009 Orsini et al.
`6,687,375 BL
`2/2004 Matyas,Jr. etal.
`2009/0254572 Al
`10/2009 Redlichetal.
`6,789,189 B2
`9/2004 Wheeler et al.
`2009/0254750 Al
`10/2009 Bonoet al.
`
`2
`
`
`
`US 8,266,438 B2
`Page 3
`
`2010/0150341 Al
`2010/0153670 Al
`2010/0153703 Al
`2010/0154053 Al
`2010/0299313 Al
`2011/0179271 Al
`2011/0179287 Al
`2011/0246766 Al
`2011/0246817 Al
`
`6/2010 Dodgsonetal.
`6/2010 Dodgsonetal.
`6/2010 Dodgsonet al.
`6/2010 Dodgsonetal.
`11/2010 Orsiniet al.
`7/2011 Orsini et al.
`7/2011 Orsini et al.
`10/2011 Orsiniet al.
`10/2011 Orsiniet al.
`
`B. Hunter, “Simplfying PKI Usage Through a Client-Server Archi-
`tecture and Dynamic Propagation of Certificate Paths and Repository
`Addresses”, Proceedings 13th International Workshop on Database
`and Expert Systems Applications (IEEE Computer Soc., Los
`Alamitos, CA), Sep. 2-6, 2002, p. 505-510.
`Kin-Ching Chan and Chan,S.-H. G., “Distributed Servers Approach
`for Large-Scale Multicase”, IEEE Journal on Selected Areas in com-
`munications (IEEE, Piscataway, NJ) Oct. 2002, 20(8): 1500-1510.
`Kin-Ching Chan and Chan,S.-H. G., “Distributed Server Networks
`FOREIGN PATENT DOCUMENTS
`for Secure Multicast”, GLOBCOM’01: IEEE Global Telecommuni-
`EP 346180 BI=12/1989
`
`cations Conference (IEEE, Piscataway, NJ) 3:1974-1978 (2001).
`EP
`354774 Bl
`2/1990
`S.Y. Shin, Jung-Yeop Kim, R.E. Gantenbein and C.M. Lundquist,
`EP
`0485090
`5/1992
`“Design a Working Model of Secure Data Transfer Using a Data
`EP
`636259 Bl
`2/1995
`EP
`793367 A2
`9/1997
`Mart”, Proceedings ofthe ISCA 14th International Conference Com-
`EP
`0821504 A2
`1/1998
`puter Applications in Industry and Engineering (SCA, Cary, NC)
`EP
`0862301 A2
`9/1998
`Nov. 27-29, 2001, p. 66-69.
`EP
`1011222 Al
`6/2000
`“Lancope Announces Stealthwatch 3.0 for Enhanced Enterprise-
`EP
`1239384
`9/2002
`Wide Security and Improved Manageability”, Business Wire
`GB
`2237670
`5/1991
`(Newswire Association, Inc.), Apr. 14, 2003.
`JP
`04297157
`10/1992
`“Decru Unveils Security Appliances for Storage Networks; Decru
`RU
`2124814 Cl
`1/1999
`WO
`WO 98/47091
`10/1998
`DataFort (TM) Security Alliances Protect SAN and NAS Environ-
`WO
`WO 99/19845
`4/1999
`ments with Wire-Speed Encryption and Transparent Deployment”,
`WO
`WO 99/46720
`9/1999
`PR Newswire (PR Newswire Association. Inc.), Oct. 14, 2002.
`WO
`WO 99/65207
`12/1999
`Lawrence Grant and Fleming B., “Secret Sharing and Splitting’,
`WO
`WO 00/36786
`6/2000
`(White Paper) Notre Dame,Indiana, Dec. 16, 2002.
`WO
`WO 00/76118
`12/2000
`Joel McNamara, “Strong Crypto Freeware” (Secret Sharer Version
`WO
`WO 00/79367
`12/2000
`1.0) Jul. 11, 1995.
`WO
`WO 01/22201
`3/2001
`DennisFisher, “RSA Looks to Lock Down Personal Data”, eWeek—
`WO
`WO 01/22319
`3/2001
`Enterprise News & Reviews, Apr. 14, 2003.
`WO
`WO 01/22322
`3/2001
`Demir Barlas, “RSA’s Security Showcase”, Line56.com—The
`WO
`WO 01/22650
`3/2001
`WO
`WO 01/22651
`3/2001
`E-Business Executive Daily, Apr. 15, 2003.
`WO
`WO 02/21283
`3/2002
`Marcia Savage, “RSA Unveils Nightingale Technology”, CRN.com,
`WO
`WO 02/21761
`3/2002
`Apr. 14, 2003.
`WO
`WO-02/21761 A2
`3/2002
`John K. Waters, “RSA Integrates ID Management; discloses ‘Night-
`
`WO WO-2004/111791 A2—12/2004
`ingale’”, ADTmag.com, Apr. 21, 2003.
`WO
`WO-2006/047694 Al
`5/2006
`Jaikurmar Vijayan, “RSA unveils Management, Encryption Prod-
`WO
`2008054406 A2
`5/2008
`ucts”, Computerworld, Apr. 15, 2003.
`WO
`WO-2008/070167 Al
`6/2008
`Eric Doyle, “RSA Splits Data to Stop Hackers”, vnunet.com, Apr. 16,
`
`WO WO-2008/127309 A2—10/2008
`2003.
`
`WO WO-2008/142440 Al—11/2008
`Stan Gibson, “Opinion”, eWeek—Enterprise News & Reviews, Apr.
`WO
`WO 2009/035674 Al
`3/2009
`14, 2003.
`WO
`WO-2009/089015 Al
`7/2009
`“Trustengine™ White Paper—Enthentication Services, Secure Stor-
`WO
`WO-2009/105280 A2
`8/2009
`WO
`WO-2010/135412 A2
`11/2010
`age and Authentication Solutions”, Ethentica, Inc. by Security First
`WO
`WO-2011/068738 A2
`6/2011
`Corporation, Jun. 2002.
`
`WO WO-2011/123692 A2=10/2011
`“Tactilesense™ White Paper—A Breakthrough in Fingerprint
`WO
`WO-2011/123699 A2
`10/2011
`Authentication”, Ethentica, Inc. by Security First Corporation, Jan.
`2003.
`International Search Report—International Application No. PCT/
`US/06/45066, dated Jul. 17, 2008.
`M. Loutrel, ct al.““An EAP-BT Smartcard for Authentication in the
`Next Generation ofWireless Communications”, Conference on Net-
`work Control and Engineering for QoS Security and Mobility
`(Kluwer Academic Publishers, Norwell, MA) Oct. 23-25, 2002, pp.
`1-4-114.
`Menezes “Handbook of Applied Cryptography” 1997, CRC Press
`LLC, XP001525007.
`Brainard “A New Approach for Authentication with Short Secrets”
`RSALaboratories, Bedford, MA (13 pages).
`Crescenzo, G.et al., “Non-Interactive and Non-Malleable Commit-
`ment,” Proceedings of the 30th Annual ACM Symposium on Theory
`of Computing. Dallas, TX, May 23-26, 1998, [Proceedings of the
`30th Annual ACM Symposium on Theory of Computing], NewYork,
`NY: ACM,US,p. 141-150; XP000970902; ISBN: 978-0-89791 -962-
`3.
`Christian Cachin, “On-Line secret Sharing,” Cryptography and Cod-
`ing. IMA Conference, Proceedings, XX, XX, Dec. 18, 1995, pp.
`190-198, XP002 137681.
`Mayer,A.et al., “Generalized Secret Sharing and Group-KeyDistri-
`bution Using Short Keys,’ Compression and Complexity of
`Sequences 1997, Proceedings Salerno, Italy, Jun. 11-13, 1997, Los
`Alamitos, CA, USA, IEEE Comput,. Soc, US, Jun. 11, 1997, pp.
`30-44, XP010274905, ISBN: 978-0-8186-8132-5.
`
`www.rsasecurity.com/products/bsafe/
`SP2
`Professional
`datasheets/BSSF_DS_ 103.pdf.
`Nightingale: The New Secret-Splitting Technology from RSA .. .
`NGBK DS 0403 http://developer.rsasecurity.com/labs/nightingale/
`developer.rsasecurity.com/labs/nightingale/files/nightingale-bro-
`chure.pdf.
`Waldman,et al., “Publius: A robust, tamper-evident, censorship-
`resistant web publishing sytem,” Proceedings of the 9” USENIX
`Security Symposum, Aug. 2000.
`Hugo Krawezyk, “Distributed Fingerprints and Secure Information
`Dispersal,” 12” ACM, Symposium on Principles on Distributed
`Computing, Ithaca, NY, ACM. 0-8919-613-1/93/0008/0207, 1993,
`pp. 207-218.
`Michael O. Rabin, “Efficient Dispersal of Information for Security,
`Load Balancing and Fault Tolerance,” Journal of the Association for
`Computing Machinery, vol. 36, No. 2, pp. 335-348, Apr. 1989.
`Adi Shamir, “How to Share a Secret”, Communications of the ACM,
`vol. 22, No. 11, pp. 612613, Nov. 1979.
`Garay,et al., “Secure distributed storage and retrieval,” Theoretical
`Comput. Sci., 243(1-2):363-389, Jul. 2000.
`
`OTHER PUBLICATIONS
`
`RSA SureFile: Software Powered by PKZIP ... BSSF DS 0103
`Authorized Reseller: Technical Specifications Platforms Microsoft®
`Windows® 98 Second Edition ME NT 4.0 Workstation SP6A 2000
`
`3
`
`
`
`US 8,266,438 B2
`
`Page 4
`
`Hugo Krawezyk “Secret sharing made Short” IBM T.J. Watson
`Research Center,
`[Online] 1998,
`retrieved from the Internet:
`URL:http://www.cs.cornell.edu/courses/cs75 4/2001 fa/secretshort.
`pdf> [retrieved on Nov. 24, 2008].
`Mitchell C.J. “Making Serial Number Based Authentication Robust
`Against Lossof State” Operating Systems Review, ACM, NewYork,
`NY, vol. 34, No. 3 Jul. 1, 2000, pp. 56-59, XP001096714, ISSN:
`0163-5980.
`Damgard, Ivan; Groth, Jens; Non-interactive and Reusable Non-
`malleable Commitment Schemes; Jun. 9-11, 2003; ACM; STOC ’03;
`pp. 427-428.
`Easter et al/. “S/390 parallel enterprise server CMOS cryptographic
`coprocessor,” IBM Journal of Research and Development, Interna-
`tional Business Machines Corporation, New York, NY, US, vol. 43,
`No. 5, Jan. 1, 1999, pp. 761-776, XP002335589, ISSN: 0018-8646.
`Ganger et al., “PASIS: A Distributed Framework for Perpetually
`Available and Secure Information Systems, Final Technical rept. Jun.
`1999-Dec. 2003,” (Jul. 1, 2005),pp. 1-302, XP55011444, Retrieved.
`from
`the
`Internet:
`URL:http://www.dtic/mil/cgi-bin/
`GetTRDoc?AD=ADA436245 &Location-U2&doc=GetTRDoc.pdf
`(retrieved on Nov. 7, 2011].
`Gangeret al., “Survivable storage systems,’ DARPA Information
`Survivability Conference & Exposition II 2001. DISC EX ’01. Proc.
`Jun. 12-14, 2001, Piscataway, NJ, USA, IEEE,vo. 2, pp. 184-195,
`XP010548746.
`International Search Report and Written Opinion dated Dec. 14,2010
`in International Application No. PCT/US2010/035377.
`International Search Report and Written Opinion dated Sep. 8, 2009
`in International Application No. PCT/US2009/001158.
`
`International Search Report dated Dec. 16, 2008,International Appli-
`cation No. PCT/US07/023626.
`International Search Report dated Mar. 10, 2009, International Appli-
`cation No. PCT/US09/000083.
`International Search Report dated Nov. 21, 2008, International Appli-
`cation No. PCT/US08/0 10677.
`Klensin, J., “Simple Mail Transfer Protocol; rfs5321.txt,’ Simple
`Mail Transfer Protocol; RFC5321.TXT, Internet Engineering Task
`Force, IETF; Standard, Internet Society ISOC) 4, Rue DesFalaises
`CH—1205 Geneva, Switzerland, XP015060297 (Oct. 2008).
`U.S. Appl. No. 13/399,923, filed Feb. 17, 2012, Pending.
`Hand et al., Spread Spectrum Storage with Mnemosyne, 2003,
`Retrieved from the
`Internet <URL:springerlink.com/content/
`9vdp5b40ep2pjvba/>, pp. 1-5 as printed.
`Haniotakis et al., “Security Enhancement Through Multiple Path
`Transmission in Ad Hoc Networks,” IEEE Intl. Conference on Com-
`munications, Jun. 20-24, 2004, 5 pgs.
`Homeet al., Escrow services and incentives in Peer-to-Peer Net-
`works, 2001, Retrieved from the Internet URL:dl.acm.org.citation.
`cfm?id=501168, pp. 1-10 as printed.
`Kubiatowicz et al., OceanStore: an architecture for global-scale per-
`sistent storage, Retrieved from the Internet <URL:dl.acm.org/cita-
`tion.cfm?id—3 56989 .357007>, pp. 1-12 as printed.
`Rivest, “All-Or-Nothing Encryption and The Package Transform,”
`Proc. Of the 4th Intl. Workshop on Fast Software Encryption (1997),
`9 pgs.
`
`* cited by examiner
`
`4
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 1 of 36
`
`US 8,266,438 B2
`
`Figure 1
`
`100
`
`TRUST ENGINE
`
`V0
`
`
`
`Keys||AUTHENTICATION
`
`
`
`BIOMETRIC
`USER
`SYSTEM
`DEVICE
`
`
`
`
`
`
`
`
`CERTIFICATE
`VENDOR
`SYSTEM WS
`AUTHORITY
`
`
`
`
`COMMUNICATION
`LINK
`
`125
`
`5
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 2 of 36
`
`US 8,266,438 B2
`
`Figure 2
`
`140
`
`MASS STORAGE
`
`TRUST ENGINE
`
`205
`
`To
`.
`OMMUNEATION
`
`TRANSACTION
`ENGINE
`
`DEPOSITORY
`
`Keys
`
`AUTHENTICATION
`
`AUTHENTICATION
`ENGINE
`
`CRYPTOGRAPHIC
`ENGINE
`
`6
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 3 of 36
`
`US 8,266,438 B2
`
`Figure 3
`
`TRANSACTION ENGINE
`
`
`
` OPERATING
`FROM AUTHENTICATION ENGINE:
`SYSTEM
`
`FROM COMMUNICATION LINK:
`
` FROM CRYPTOGRAPHIC ENGINE
`
`TO COMMUNICATION LINK
`
`TO DEPOSITORY
`
`TO AUTHENTICATION ENGINE
`TO CRYPTOGRAPHIC ENGINE
`
`TO MASS STORAGE
`
`7
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 4 of 36
`
`US 8,266,438 B2
`
`Figure 4
`
`210
`
`FROM AUTHENTICATION ENGINE
`
`FROM CRYPTOGRAPHIC ENGINE
`FROM TRANSACTION ENGINE
`
`
`
`
`
`AUTHENTICATION
`OATA
`
`DEPOSITORY
`
`OPERATING
`SYSTEM
`
`TO MASS STORAGE
`
`TO AUTHENTICATION ENGINE
`
`TO CRYPTOGRAPHIC ENGINE
`
`8
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 5 of 36
`
`US 8,266,438 B2
`
`Figure 5
`
`AUTHENTICATION ENGINE
`
`PRIVATE
`KEY
`
`OPERATING
`SYSTEM
`
`FROM TRANSACTION ENGINE
`
`FROM DEPOSITORY
`
`275
`
`TO CRYPTOGRAPHIC ENGINE
`
`TO DEPOSITORY
`
`TO TRANSACTION ENGINE
`
`ATTEMPT LIMITER
`
`COMPARATOR
`
`940—F)_
`
`HEURISTICS
`
`DATA
`SPLITTING MODULE
`
`DATA
`ASSEMBLING MODULE
`
`IPF
`
`9
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 6 of 36
`
`US 8,266,438 B2
`
`Figure 6
`
`220
`CRYPTOGRAPHIC ENGINE
`
`
`
`
`DATA
`DATA
`ASSEMBLING MODULE
`SPLITTING MODULE
`
`
`
`
`
`TO TRANSACTION
`ENGINE
`
`OPERATING
`SYSTEM
`
`
`TO DEPOSITORY
`
`
`FROM TRANSACTION
`ENGINE
`FROM DEPOSITORY
`
`FROM AUTHENTICATION ——!
`
`ENGINE
`
`CRYPTOGRAPHIC HANDLING MODULE
`
`10
`
`10
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 7 of 36
`
`US 8,266,438 B2
`
`Figure 7
`
`ENGINE
` FROM AUTHENTICATION
`
`FROM TRANSACTION
`ENGINE
`
`ENGINE
`
`FROM CRYPTOGRAPHIC
`ENGINE
`
`FROM AUTHENTICATION
`
`FROM CRYPTOGRAPHIC
`ENGINE
`
`11
`
`11
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 8 of 36
`
`US 8,266,438 B2
`
`Figure 8
`
`800~
`
`S = RECEIVED
`DATA
`
`COS
`
`
`
`
`
`GENERATE
`GENERATE
`RANDOM
`RANDOM
`
`
`
`NUMBER
`NUMBER
`
`
`A
`
`
`
`820
`
`
`
`
`C
`
`
`GENERATE
`8 = A XOR S
`
`
`GENERATE
`D=C XOR 5
`
`
`
`G50
`
`DISTRIBUTE
`
`END
`
`12
`
`12
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 9 of 36
`
`US 8,266,438 B2
`
`Figure 9, Panel A
`
`900
`
`
`
`SEND|RECEIVE ACTION
`
`ENROLLMENT DATA FLOW
`
`
`
`GOS
`
`ONS
`
`USER
`
`TRANSACTION
`ENGINE(TE)
`
`1/2
`
`°m
`
`AE
`
`FULL
`
`
`
`TRANSMIT ENROLLMENT
`
`AUTHENTICATION DATA (B)
`AND THE USER 10 (UIE
`ENCRYPTED WITH TRE
`PUBLIC
`KEY OF THE AUTHENTICATION
`ENGINE (AE) AS (PUB_AE(UID,B))
`FORWARD TRANSMISSION
`
`AE DECRYPTS AND SPLITS
`FORWARDED DATA
`G25*m™
`THE Xth
`FULL
`STORE RESPECTIVE PORTION
`DEPOSITORY (DX
`OF DATA
`
`toBCS*m
`CRYPTOGRAPHIC
`
`ENGINE (CE)|FULL REQUEST KEY GENERATION
`CE GENERATES AND SPLITS KEY
`ce TE Fu DIGITAL CERTIFICATE
`
`ae|auruority (ca)|1/2 TRANSMIT REQUEST
`on ch TE
`TRANSMIT DIGITAL CERTIFICATE
`
`TRANSMIT REQUEST FOR
`
`TRANSMIT DIGITAL CERTIFICATE
`STORE DIGITAL CERTIFICATE
`STORE RESPECTIVE
`PORTION OF KEY
`
`
`
`
`
`
`
`
`920
`
`945
`
`G20
`
`WHEN DIGITAL CERTIFICATE REQUESTED
`
`a)Cc f= -
`
`CERTIFICATION
`
`USER
`MS
`
`FULL
`
`
`
`13
`
`
`
`
`
`
`
`13
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 10 of 36
`
`US8,266,438 B2
`
`Figure 9, Panel B
`
`970
`
`DETERMINE CERTIFICATE
`TYPE
`
`YES
`
`DOES USER OWN
`THIS TYPE OF
`CERTIFICATE?
`
`G2?
`
`G74
`NO
`
`DOES USER ownVace
`
`ow
`
`#0|cRoss-ceRTIFIED ->
`CERTIFICATE?
`
`
`SELECT CERTIFICATE AUTHORITY
`THAT ISSUES CERTIFICATE OR
`
`CROSS-CERTIFIED CERTIFICATE
`
`i
`
`
`
`
`
`DOES USER MEET
`CURRENT CERTIFICATION
`
`AUTHORITY'S AUTHENTICATION
`
`REQUIREMENTS?
`
`
`NO
`
`
`
`ARE THERE OTHER
`CERTIFICATE AUTHORITIES
`
`
`HAVING DIFFERENT
`
`
`AUTHENTICATION
`REQUIREMENTS?
`
`
`
`986
`
`No
`
`976
`
`
`
`
`
`PERFORM ACTION
`
`
`
`14
`
`14
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 11 of 36
`
`US8,266,438 B2
`
`Figure 10
`
`AUTHENTICATION DATA FLOW
`
`
`
`SEND} RECEIVE|SSL ACTION
`
`TRANSACTION OCCURS, SUCH
`AS SELECTING PURCHASE
`
`
`
`USER
`
`VENDOR
`
`1/2
`
`
`
`
`
`IS
`
`
`
`COMPARES TO B’
`
`
`
`
`
`
`TRANSMIT TRANSACTION ID
`(TID) AND AUTHENTICATION
`REQUEST (AR)
`AUTHENTICATION DATA (B’)
`GATHERED FROM USER
`TRANSMIT TID AND 6’ WRAPPED
`IN THE PUBLIC KEY OF TH
`E
`
`AUTHENTICATION ENGINE (AE),
`AS (PUB_AE(TID, 8'))
`FORWARD TRANSMISSION
`ENROLLMENT AUTHENTICATION
`DATA
`(B)
`IS REQUESTED AND
`4025
`GATHERED
`\ VENDOR
`CNRInE.(TE)
`FULL
`TRANSMITS TID, AR
`TE
`MASS STORAGE(MS)}
`FULL
`CREATE RECORD IN DATABASE
`
`THE Xth
`1055
`
`peposirory(ox)|FULL UID, TID |
`= m
`
`TRANSMIT THE TID AND THE
`PORTION OF THE
`AUTHENTICATION DATA STORED
`AT ENROLLMENT (BX) AS
`(PUB_AE(TID, BX))
`
`
`
`4020 1m
`
`
`
`
`| VENDOR
`
`USER
`
`40/37) USER
`
`=|
`
`™nN
`
`1/2
`
`FULL
`
`
`
`4050
`
`4040
`N
`
`1045
`
`1050
`
`
`
`
`
`
`
`
`FULL
`
`
`
`15
`
`=f
`venoor|FuttTID,YES/NO
`
`m
`
`TID, CONFIRMATION MESSAGE
`4055
`USER
`TE
`
`
`
`15
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 12 of 36
`
`US8,266,438 B2
`
`Figure 11
`
`SEND|RECEIVE ACTION
`
`
`
`AGREEING ON A DEAL
`
`ON
`
`
`
`
`SIGNING DATA FLOW
`
`
`
`
`
`
`
`
`VENDOR faefREQUEST (AR), AND AGREEMENT OR
`
`NUMBER (TID), AUTHENTICATION
`
`
`
`CURRENT AUTHENTICATION DATA
`AND A HASH OF THE MESSAGE
`
`
`RECEIVED BY THE USER (h(m')) 1S
`
`GATHERED FROM USER
`
`
`TRANSMIT TID, 8. AR, ANO h(M')
`
`
`1
`1/2
`WRAPPED IN THE PUBLIC KEY OF THE
`
`
`AUTHENTICATION ENGINE (AE) AS
`Pus AE(TID,
`B.
`h(M
`ab~—~—=dLCSFULL {FORWARD TRANSMISSION
` GATHER ENROLLMENT AUTHENTICATION
`DATA
`TRANSACTION
`RANSMITS UID, TID, AR, AND A HASH
`VENDOR
`ENGINE
`FULL
`OF THE MESSAGE
`(h(M)).
`Tk] MASS STORAGE (MS)|FULL [CREATE RECORD IN DATABASE
`TE
`THE Xih
`
`
`
`TRANSMIT THE TIO AND THE PORTION
`OF THE AUTHENTICATION DATA STORED
`AT ENROLLMENT (BX),AS (PUB_AE(TID,
`
`THE ORIGINAL VENDOR MESSAGE IS
`TRANSMITTED FO THE AE
`
`“Zo
`
`CRYPTOGRAPHIC KEY CORRESPONDING
`TO THE SIGNING PARTY
`E ASSEMBLES KEY
`AND SIGNS
`
`
`
`
`
`
`
`
`1123are TRANSMIT THE DIGITAL SIGNATURE (S)
`stot
`FULL
`OF SIGNING PARTY
`\ Te|FULL —_—sd('TID,- THE FILLE IN_AR._h(M), ANOS
`TiO, A RECEIPT=(TID, YES/NO, AND
`
`S), AND THE DIGITAL SIGNATURE OF
`
`THE TRUST ENGINE. FOR EXAMPLE, A
`HASH OF THE RECEIPT ENCRYPTED
`WITH THE TRUST ENGINE'S PRIVATE
`
`KEY (Priv_TE(H(RECEIPT)))
`
`
`16
`
`16
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 13 of 36
`
`US8,266,438 B2
`
`Figure 12
`
`1200
`
`
`
`
`
`
`
`SEND|RECEIVE ACTION
`
`DECRYPTION
`
` ENCRYPTION/DECRYPTION DATA FLOW
`
`
` SSL
`
`
`
`
`PERFORM AUTHENTICATION DATA
`PROCESS 1000,
`INCLUDE THE
`SESSION KEY (SYNC)
`IN THE
`AR, WHERE THE SYNC HAS GEEN
`ENCRYPTED WITH THE PUBLIC
`KEY OF THE USER AS
`PUB_USER(SNYC)
`
`
`AUTHENTICATE THE USER
`
`
`1215
`
`1220 |
`
`CE
`
`
`
`
`
`
`
`
`
`
`
`FuLL
`
`TRANSMIT THE TID AND THE
`|PORTION OF THE PRIVATE KEY
`AS (PUB_AE(TID, KEY_USER))
`CE ASSEMBLES THE
`
`CRYPTIOGRAPHIC KEY AND
`
`DECRYPTS THE SYNC
`
`
`
`
`
`ci™~ir
`
`
`12é3 runt|TOs THE FILLED IN ARcr Ae
`
`1250
`INCLUDING DECRYPTED SYNC
`FORWARD TO TE
`
`AEEWENDOR 1/2|TID, YES/NO, SYNC
`
`ENCRYPTION
`REQUEST FOR PUBLIC KEY
`TE
`REQUESTING |
`NO
`OF USER
`PP/VENDOR
`
`PteSes]SMS REQ CATE
`TRANSMIT DIGITAL CERTIFICATE|MS
`REQUESTING
`1/2|TRANSMIT. DIGITAL CERTIFICATE
`
`17
`
`17
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 14 of 36
`
`US8,266,438 B2
`
`Figure 13
`
`me ee ee ee
`
`TRANSACTION perository|__---7]_ AUTHENTICATION
`
`ENGINE
`COMMUNICATION
`ENGINE
`LINK
`
`me 10/FRON—-——
`
`TRANSACTION
`ENGINE
`
`18
`
`18
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet15 of 36
`
`US 8,266,438 B2
`
`Figure 14
`
`1400
`
`
`7405
`
`pion ron ne NN neee eee 5
`
`{
`i
`\
`|
`
`AUTHENTICATION
`
`REDUNDANCY
`
`TRANSACTION
`
`eeeeee
`
`ee|
`
`
`REQUNDANCY
`AUTHENTICATION
`
`ENGINE
`
`MODULE
`
`
`
`
`
`
`
` ce te ee eee ie ee
`a
`(lea
`
`‘
`
`TRANSACTION
`
`AUTHENTICATION
`REDUNDANCY
`t
`ENGINE
`MODULE
`ENGINE
`
`
`
`
`AUTHENTICATION
`
`ENGINE
`
`DEPOSITORY
`
`}
`
`19
`
`19
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 16 of 36
`
`US8,266,438 B2
`
`Figure 15
`
`REDUNDANCY
`MODULE
`
`
`
`COMPARATOR
`
`
`TO Ad
`TRANSACTION ENGINE
`
`FROM A?
`
`FROM AS
`
`20
`
`20
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 17 of 36
`
`US 8,266,438 B2
`
`Figure 16
`
`AUTHENTICATION INSTANCE
`
`EXTRACT DATA FOR EACH
`
`GENERATE RELIABILITY BASED
`ON AUTHENTICATION INSTANCE
`TECHNIQUE
`
`
`SELECT NEXT AUTHENTICATION
`
`INSTANCE
`
`GENERATE RELIABILITY BASED
`ON AUTHENTICATION INSTANCE
`DATA AND CIRCUMSTANCES
`
`
`
`
`
`WAS AN ADDITIONAL
`GENERATE A RELIABILITY
`
`AUTHENTICATION
`
`FOR THIS AUTHENTICATION
`INSTANCE USED
`
`INSTANCE
`
`
`
`
`
`
`
`
`COMBINE RELIABILITY OF
`INDIVIDUAL AUTHENTICATION
`INSTANCES TG PRODUCE
`AUTHENTICATION CONFIDENCE
`
`
`
`
`DeceeeeeseeceehateeecemeeTementee
`
`21
`
`
`
`
`
`
`
`Generate Required Frust Level Based
`on Size/Risk of Transaction specified
`in Authentication Request
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 18 of 36
`
`US8,266,438 B2
`
`Figure 17
`
`Transaction Engine Receives TID and
`Completed Authentication Request
`
`
`
`
`
`Compare Required Trust Level
`ond Authentication
`Conlidence Level
`
`
`
`Is Authentication
`Confidence Level greater
`then Required Trust
`Level?
`
`
`
`Ganerate Positiva
`
`Authentication
`
`
`
`
`
`
`
`
`Send Authentication Result
`Vendor
`
`to
`
`22
`
`22
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 19 of 36
`
`US 8,266,438 B2
`
`Figure18
`
`START
`
`+)
`
`1800 “YO
`
`
`
`7810
`GENERATE NEGATIVE
`AUTHENTICATION
`
`NO
`
`LOSS
`END AUTHENTICATION \
`RESULT TO VENDOR
`
`FBOS
`
`IS FURTHER
`ARBITRAGE
`PERMITTED
`?
`
`YES
`
`1820 ~
`CONTACT USER: REQUEST
`ADDITIONAL
`AUTHENTICATION AND
`OFFER INSURANCE
`
`
`
`
`
`1830
`
`CONTACT VENDOR:
`CONFIRM REQUIRED TRUST
`LEVEL AND OFFER
`
`INSURANCE
`
`NO
`
`1825
`
`
`HAS
`USER PROVIDED
`
`
`
`ADDITIONAL
`DATA
`?
`
`YES
`ENGINE
`
`4075
`
`SEND NEW
`AUTHENTICATION DATA
`TO AUTHENTICATION
`
`
`
`HAS VENDOR
`
`ADJUSTED REQUIRED
`
`TRUST LEVEL
`
`
`
`
` COMPARE
`
`AUTHENTICATION CONFIDENCE
`
`LEVEL AND REQUIRED
`TRUST LEVEL
`
`1840
` ADJUST
`
`
`
`AUTHENTICATION
`NO’ Was INSURANCE
`CONFIDENCE LEVEL
`
`PURCHASED
`°
`
`AND REQUIRED
`TRUST LEVEL BASED
`
`
`ON INSURANCE
`PURCHASED
`
`1850
`
`WAIT FOR RESPONSE
`PERIOD TO EXPIRE
`
`23
`
`23
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 20 of 36
`
`US 8,266,438 B2
`
`Figure19
`
`USER
`1900 ~~
`FILL OUT ORDER FORM ONLINE
`ON VENDOR’S WEB PAGE
`
`UST
`
`VENDOR
`
`
`1995
`
`4970
`
`SUBMIT FORM AND REQUEST
`AUTHENTICATION
`
`VERIFY AUTHENTICATION AND
`APPEND SIGNED HASH OF FORM
`
`1915
`
`RECEIVED SIGNED FORM
`
`1920
`
`GENERATE CONTRACT
`
`1925-~
`SEND CONTRACT 10 USERAND
`REQUEST SIGNATURE
`
`1940-~
`REVIEW CONTRACT
`
`(HB
`GENERATE AUTHENTICATION
`DATA
`
`1950
`
`[SEND AUTHENTICATION DATA
`ANO HASH OF CONTRACT TO
`TRUST ENGINE
`
`
`
`
`RECIEVE RECEIPT (SIGNED BY
`TRUST ENGINE) AND HASH OF
`
`
`
`CONTRACT(SIGNED BY SIGNED
`BY VENDOR)
`
`
`VERIFY AUTHENTICATION OF USER
`S960 ~
`IGES
`
`
`SIGN HASH OF CONTRACT WITH
`
`RECEIVE RECEIPT(SIGNED BY
`USER'S PRIVATE KEY; FORWARD
`
`
`TRUST ENGINE)ANO HASH OF
`
`CONTRACT TO VENDOR SIGNED
`
`CONTRACT(SIGNED BY USER)
`BY_TRUST ENGINE
`
`1976
`
`$9S5~
`VERIFY AUTHENTICATION OF
`VENDOR
`
`1955S
`
`130
`—|__[SEND HASH OF CONTRACT AND
`AUTHENTICATION REQUEST TO
`TRUST ENGINE
`
`
`
`
`
`SIGN HASH OF CONTRACT WITH
`VENDOR'S PRIVATE KEY;
`FORWARD CONTRACT TO USER
`SIGNED BY TRUST ENGINE
`
`24
`
`24
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 21 of 36
`
`US8,266,438 B2
`
`Figure 20
`
`405
`
`£000
`
`USER SYSTEM
`APPLICATION
`2010,|
`
`
`
`SPM - SOFTWARE
`
`L020
`
`£030
`
`_
`
`CRYPTOGRAPHIC
`
`2025
`
`HARDWARE DEVICE
`
`125
`
`COMMUNICATION LINK
`
`io
`
`TRUST ENGINE
`
`25
`
`25
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 22 of 36
`
`US8,266,438 B2
`
`Figure 21
`
` Data to be
`
`Encrypt
`
`
`RC4
`Generate
`
`Session key
`
`
`
`Encryption
`to be
`session
`
`
`with session
`secured
`
`master key
`
`
`
`
`
`
`Access
`&plit Session
`Split data
`
`
`
`
`session
`%y accor ing
`Parser
`according to
`
`
`master key
`Master key
`session key
`
`
`
`
`
`parsed
`_——————_—_>
`
`Masterkey
`
`Session
`Encrypted
` Encrypted
`
`
`
`data
`data
`key
`
`share 1
`share 3
` share 1
`
`
`
`Encrypted
`Session
`
`
`
`Encrypted
`Session
`data
`key
`
`
`
`data
`key
`share 2
`share 2
`
`
`sharen
`share n
`
`
`
`
`
`
`Generate
`Generate
`Generate
`
`
`share 2 key
`share 3 key
`share 1 key
`
`
`|
`
`Encrypt—
`Piecesy¥
`
`Encrypt share
`Encrypt share
`Encrypt share
`Encrypt share
`
`
`
`n data with
`2 data with
`3 data with
`1 data with
`
`share n key
`share 2 key
`share 3 key
`share 1 key
`
`
`
`
`
`
`Encrypted share 3
`
`Encrypted share 1
`
`
`(data / session
`(data / session
`
`key)
`
`key)
`
`
`
`Obfuscate
`Encrypted share n
`
`Encrypted share 2
`
`
`(data / session
`(data / session
`key)
`key)
`
`
`
`
`26
`
`26
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 23 of 36
`
`US8,266,438 B2
`
`Figure 22
`
`
`RC4
`;
`
`
`
`
`Sessionkey
`policing
`Encryption
`
`
`
`masterkey
`waterkey
`eg
`
`
`
`Session key
`
`
`Generate
`Store
`
`management
`Transaction
`
`Transaction ID
`
`
`/ Session Key
`(ID
`
`
`
`
`
`
`
`Split
`
`Access
`Split data
`Access
`Transaction
`
`
`
`session
`according to
`Parser
`ID according
`
`
`
`master key
`session key
`Master key
`to Parser
`
`
`
` Master key
`
`
`Parse
`
`Encrypted
`
`data
`share 1
`
`Encrypted
`
`
`
`
`data
`Encrypted
`share 2
`share 2
`data
`
`
`
`
`share n
`
`
`
`
`
`Generate
`share n key
`
`:
`
`Generate
`Generate
`
`share 2 key
`share 1 key
`
`
`i
`
`
`
`59)
`
`
`
`
`Encrypt share
` Encrypt share
`Encrypi share
`Encrypt share
`
`
`fn data with
`3 data with
`2 data with
`1 data with
`
`share n key
`share 1 key
`share 2 key
`share 3 key
`
`
`
`
`Generate
`share 3 key
`.
`
`On
`
`
`
`Encrypted share 3
`
`(data / trans ID)
`Encrypted share 1
`
`(data / trans 1D)
`
`
`Encrypted share n
`Encrypted share 2
`
`Obfuscate
`(data / trans ID)
`(data / trans 1D)
`
`
`27
`
`27
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 24 of 36
`
`US8,266,438 B2
`
`Figure 23
`
`
`Data to be
`
`parsed
`
`
`
`
`
` Gl
`Session
`enerate
`Master Key
`
`Session
`tobe
`
`secured
`
`Encrypt data
`
`Key (Parser
`
`
`
`
`Master XOR
`Intermediary
`
`
`
`Session
`Key
`Master)
`
`
`Session key
`Transaction
`Generate
`management
`
`ID
`
`Transaction iD
`Store
`/ Session Key
`
`
`
`
`.
`
`Access
`Split data
`
`
`
`Intermediary
`acornfo
`
`
`Y
`Key
`
`
`
`Access
`
`Parser
`
`Master key
`
`
`Split
`Transaction
`(1D according
`to Parser
`Master key
`
`=ae“
` data
`Encrypted
`Tra\/iD
`share 3
`share 3
`
`Encrypted
`cata
`share 2
`
`Trans
`ID
`share 2
`
`Encrypted
`dala
`share n
`
`Trans
`1D
`share n
`
`Generate
`share 1 key
`
`Generate
`share 2 key
`
`Pieces
`
`—
`Enerypt share
`1 data with
`share 1 key
`
`
`—
`Encrypt share
`2 data with
`share 2 key
`
`
`
`
`
`
`Encrypt share
`n data with
`share n key
`
`
`
`Generate
`
`share n key
`
`
`
`Encrypted share 3
`(data / trans ID)
`
`Encrypted share 1
`
`(data / trans ID)
`
`
`(data / trans ID) Encrypted share n
`Encrypted share 2
`
`
`Obfuscate
`(data / trans ID)
`
`
`28
`
`28
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 25 of36
`
`US 8,266,438 B2
`
`Figure 24
`
`Session key
`management
`
`Transaction (0
`Store
`/ Session Key
`
`
`Transaction
`Generate
`
`
`Data to be
`
`parsed
`
`
`Access
`
`
`
`
`Parser
`Generat
`Session
`
`
`
`
`Master Key
`; elo
`Master Key
`essiol
`to be
`
`
`Master Key
`secured
`
`Encrypt data
`Key(Parser
`
` with
`
`Master XOR
`Intermediary
`
`Session
`Key
`Master)
`(D
`
`
`
`;
`Access
`aSenata0
`
`
`Intermediary
`a
`
`Key
`intermediary
`y
`
`
`; a
`Access
`mi Ny)
`iy
`7
`Parser
`5}
`
`Master key
`Yh
`fi
`
`
`Split
`Transaction
`ID aceording
`to Parser
`Master key
`
`Parse
`
`Encrypted
`
`
`Trans-Encrypted Trand\_/
`data
`ID
`data
`ID
`share 1
`share 1
`share 3
`share 3
`
`Encrypted
`Trans
`data
`ID
`share 2
`share 2
`
`Encrypted
`data
`sharen
`
`Trans
`ID
`share n
`
`ae
`
`Encrypt|5y,
`
`—
`Pieces
`Encrypt share
`Encrypt share
`1 data with
`n data with
`share 1 key
`share n key
`
`
`
`
`
`
`Encrypted share 3
`
`{data / trans ID)
`Encrypted share 1
`
`
`(data / trans ID)
`
`
` Encrypted share n
` Encrypted share 2
`
`(data / trans 1D) Obfuscate
`(data / trans 1D)
`
`
`29
`
`29
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 26 of 36
`
`US8,266,438 B2
`
`Figure 25
`
`vP
`Marketing
`
`Marketing
`Director
`
`Network
`Admin.
`
`f
`
`Manager
`
`30
`
`30
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 27 of36
`
`US 8,266,438 B2
`
`STORAGE AREA
`
`|
`
`|
`
`aro2
`PARSED DATA
`|
`
`PERTIOA! OF
`
`
`
`Z
`
`at
`
`\oa tal
`|
`|
`:
`||
`
`31
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 28 of 36
`
`US8,266,438 B2
`
`— 2b of
`
`sore|
`
`\ E
`
`XISTIAIG SYSTEM
`
`AmteeNngnRIC,7ape
`
`- A602.
`
`Va
`
`|
`PARSEI2,
`a
`
`.-earninaeac STORAGE
`
`DEN ICE
`
`
`
`
`
`32
`
`32
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 29 of 36
`
`US8,266,438 B2
`
`|
`
`enbeep
`|
`~ 270
`Ty
`i9067
`A?7OG
`
`NET WIG RIK,
`
`
`
`EIGCURE 28
`
`33
`
`33
`
`
`
`U.S. Patent
`
`Sep. 11, 2012
`
`Sheet 30 of 36
`
`US 8,266,438 B2
`
`\
`|
`|{
`
`|
`
`2F10
`
`{
`|
`|
`
`\
`
`(
`
`MEWoRk
`
`
`\
`
`(seaver
`
`
`
`
`[Message
`|_|
`
`FIGURE 29
`
`34
`
`34
`
`
`
`U.S
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
