1. Field of the Invention
The present invention provides a methodology to protect data in a novel way, using multiple hosts to assist with the protection process and the retrieving of the protected data utilizing those same hosts.
2. Related Art Discussion
With advances in technology and the expansion of the Internet, on-line transfers of critical data has become more commonplace every day. This has lead to an increase in the motivation to steal data: whether transactions, personal information, communications, media or other forms of sensitive data.
Sensitive information in many cases is obtained by stealing data from one or more databases. Database hacking typically involves theft of information from a storage database. Also an important point of vulnerability is attacking while the data is in transit, by “man-in-the-middle” attacks where the data is “sniffed” out by someone else who somehow has access to the network.
In many cases theft of information from a data storage site results from an “inside job” by an employee with relative ease of access to the database. An employee may be enticed into such criminal activity by substantial potential payments from other criminals using the information for their own illegal purposes.
In many cases, such thefts have occurred from unencrypted databases, but obtaining encryption certificate and key information is possible for an insider, and even encrypted database access is possible in such cases.
Overview of Current Technologies in Protecting Data
Currently, almost invariably, with using a data protection service when protecting data, it requires a high level of trust of the people empowered with capabilities to view or steal data within the data facility. The issue becomes especially apparent when using cloud-based storage services where the data is moved away from the owner.
In most cases, where administered data centers/services are used to store data, the databases are actively overseen by personnel with knowledgeable backgrounds and skills allowing them access to the sensitive data.
When there are people at the data sites with the know-how to find and use the data, there is a potential for theft of that data. At the present time, if we were to ask a database administrator within a typical data center if it were possible to steal or even a look at any sensitive data, in most cases the answer would undoubtedly be in the affirmative.
With nearly all methods to secure data, encryption is the primary means for protection, and is an effective method as it renders data unreadable without the key to decipher the data. Encryption is especially effective against the “outsider” who has no access to an encryption algorithm or certificate, but a lesser degree of protection when the key to the encryption may be exposed to an insider.
Some protection methods use a code or license given to the individual who must utilize the code to retrieve data that is stored elsewhere. In this case, the stored data can remain viewable to other people who may be on the network and able to see the transferred data in motion in a complete and legible form.
Or, in many cases, an insider can find the stored data with some knowledgeable probing.
Some current techniques for protection also include methods of cutting a portion of the data fields and separating in two spots. This method still communicates the vital links back to the original data, so, though it comes closer to complete seclusion between locations, it is still very feasible for an insider to assemble usable data when this method is used.
Popular current methodology for storing or moving any data is to include both the data header and a key to identify the data. The data in this complete format can be identified and could be usable to another with ill intent.
Also, a popular means of transferring data is to include all data, or at least data that is identifiable in transit. Since the identifiable key and/or header information is normally included, this implies that the data is in a usable format for reading, identifying or further manipulation. This, opening up a possible man-in-the-middle attack on the network.
In most all cases, one or the other location used in protection has all the information potentially available to re-assemble the original data.
On the other hand, if we were to remove the header and any other possible identifier to the data, as in our embodiment, this would render the data as unidentifiable and in a crippled, unusable state.
Broad Benefits of the Invention
In our embodiment, during and after the data protection, data is protected solidly against theft at any stage of the protection. Moving the core of the sensitive portion away from the primary location, the system does not include any identifying information with that data. No name, description, subject, or any header information is included in the transfer. Even the primary index key is omitted in the partial data transfer.
The system outwardly makes any potential data to be stolen incomplete, unconnected, and invisible between the final storage locations. The data owner/user retains sole control of the primary host application using only the original data header for that control.
Data keys for both portions of the data record remain only respectively available at each individual site, lacking any exposure to each other. To assemble them back together, the connection between both identifier links are found only at another third site.
Thus, with complete data seclusion, a high level of security is attained between all sites. Any one, or even two simultaneous attacks to the data would prove futile.
Both man-in-the-middle and insider attacks would provide only unusable, unidentifiable data. Once the data has been protected, it has had vital components removed at both ends, rendering it inaccessible from either data site, or even both sites at once.
In our embodiment it will always take all three simultaneously integrated applications to reassemble the protected data for any single data record.
Therefore, even any attempt at theft would be unlikely, and any partial attempt would prove to be unsuccessful with alarms going off pointing back to the attempted network address.
Alarms and Logging
The question may be considered: Why aren't immediate alarms normally sounded when an attempt is made at data theft in most cases? Two possible problems with this are considered:
First, the access technology used when the theft occurs may be without any usable attribute to flag an attack event. A breach of data may not appear outside of the norm, using only standard normal channels for authorized and trusted data personnel.
Second, logging, and tracking data operations by its inherent nature, introduces potential breaching by possible linking of logged data back to other protectively held data. Time values, for example, could possibly be used to match the log with the original data, depending on the data traffic, and the wherewithal to put it together.
Whereas with our embodiment, we can, and do log the operations, because the data moved is without related time information, or other information usable for linking data between hosts.
Since the system logs all operations, any theft attempt is logged with the originator address, and an alarm signaled. This logging procedure therefore provides the final bastion against any successful attempt at data theft.
Objects and Advantages of the Invention
The system provides a service to data owners/users for the object of protecting various forms of electronic data against data theft.
Benefits of Structure
The combination of the structural factors prove to be a strong mechanism against data theft whether in motion or at rest, because the act of protection:                1. requires all of three separately managed entities to protect or retrieve data,        2. moves limited core data with imperceptible identity,        3. stores limited core data with imperceptible identity,        4. provides sole control of protected data with the data owner,        5. validates all stages of protection and        6. logs anomalies with notification capabilities.        
A foundational assumption held behind the concept of the invention is that unidentifiable data is unusable data. It is resistant to searching and linking, and is not usable in almost any practical case after the data is protected.
Both during and after the data has been processed through the protection system, data is safe from outside eyes and/or potential thieves. No location outside of the owner-held location is ever exposed to all of the original data. Only the primary application, which is under exclusive owner control is exposed to all the data, and that, only prior to its protection.
Retrieving and re-assembling the original data after protection requires all three parts from disparate locations:    1. the data header to see what the data is.    2. The remaining (core) data.    3. The way to find and reassemble the data.
The conclusion made here is that it's not feasible that someone, including knowledgeable “hackers”, would attempt a three-prong attack at three different locations to obtain data. Any possible method in obtaining the data in a usable format requires proper access solely through the owner and the first application, of which only the owner has access. And, it follows, the chance of any one successfully actually accomplishing a full breach of data would be extremely low, if not impossible.