+

WO2016003525A2 - Système et procédé de transmission et de mémorisation sécurisées de données - Google Patents

Système et procédé de transmission et de mémorisation sécurisées de données Download PDF

Info

Publication number
WO2016003525A2
WO2016003525A2 PCT/US2015/026378 US2015026378W WO2016003525A2 WO 2016003525 A2 WO2016003525 A2 WO 2016003525A2 US 2015026378 W US2015026378 W US 2015026378W WO 2016003525 A2 WO2016003525 A2 WO 2016003525A2
Authority
WO
WIPO (PCT)
Prior art keywords
segments
segment
transmission
data object
data
Prior art date
Application number
PCT/US2015/026378
Other languages
English (en)
Other versions
WO2016003525A3 (fr
Inventor
Francis Lambert
Original Assignee
Francis Lambert
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Francis Lambert filed Critical Francis Lambert
Publication of WO2016003525A2 publication Critical patent/WO2016003525A2/fr
Publication of WO2016003525A3 publication Critical patent/WO2016003525A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • PATENT APPLICATION SYSTEM AND METHOD FOR SECURE DATA TRANSMISSION AND STORAGE
  • This invention relates to systems and methods of securely transmitting and securely storing data. More specifically, the invention relates to methods for data obfuscation, transmission, storage, retrieval, reassembly, and recovery of data objects whereby an original data object is compressed, encrypted, obfuscated by using differing permutations of functions described herein, and segmented, and whereby the data object segments are reordered as discrete and separate encrypted data object segment groupings or left as individual segments of the original data object, none of which contain a complete representation of the original data object, and whereby these data object segment groupings or individual segments are further obfuscated by using differing permutations of processing functions, and whereby these data object segment groupings are transmitted via separate data carriers, or via different network infrastructure elements, or via different transmission media, or using different transmission protocols, or at different time delayed time intervals, or are transmitted with invalid data object segments that are not from the original data object, and each segment, or a number of segments insufficient to recover the original data
  • Digital information may include, for example, business records, electronic documents, pictures, video data, audio data, real time measurements, electronic commerce transactions, personal and work related email, messaging such as texts, advertisements, and the like.
  • Types of sensitive digital data may include personal data, financial data, health data, data that is sensitive in nature, data which a user wants to prevent from being exposed, and the like. Because unauthorized individuals, i.e., "hackers”, are constantly developing new methods and systems for eavesdropping, “sniff, "hack", “exploit”, or otherwise gain access to and acquire sensitive digital data, higher security of such digital data is needed.
  • firewalls data encryption, data encoding, digital signatures, hashing, password, biometric identification, and the like.
  • These systems and methods generally include capabilities that either restrict access to data or transform the data into values which are difficult to transform back into their original data values.
  • the data transmitted or stored by these innovations can be protected from the facile discovery by unauthorized access.
  • innovation has also occurred on the part of hackers, thus systems and methods for secure transmission and storage of data must also evolve.
  • the level of security of the transmitted and stored data is often dependent upon the ability of the hacker to decrypt the data, thus, it is often desirable to prevent hackers and other unauthorized entities from accessing, acquiring, or decrypting the data.
  • Most current data security systems are eventually defeated by inventive, persistent, yet unauthorized hackers by brute force attacks or other exploitations. Further, hacking techniques are often widely published on the Internet. Digital data is exposed to hacking and exploitation either while in transit or "at rest" in a storage location. As a result, digital data is vulnerable while being transmitted across public networks, or while being stored, even in an encrypted state, on a file server whether it is in a local system or in a remote system, such as the "cloud”.
  • FIG. IB A high level overview flowchart of the major functional areas of the invention
  • FIG. 1 A high level overview flowchart of the Segment transmission configuration method.
  • FIG. 3 A high level overview flowchart of the Segment transmission method.
  • FIG. 4 A high level overview flowchart of the Segment retrieval method.
  • FIG. 5 A high level overview flowchart of the Segment storage method.
  • FIG. 6 A high level overview flowchart of an embodiment of the Segment retrieval method.
  • Figure 7 A high level overview flowchart of the Segment reassembly method.
  • Figure 9 A diagram illustrating multiple different diverse transmission media over which different Segments, Segment Groupings and Invalid Data are securely and separately transmitted.
  • Figure 10 A diagram illustrating multiple different diverse storage locations, resources, systems, and secure access areas onto which different Segments, Segment Groupings and Invalid Data are securely and separately stored.
  • Figure 20 A flowchart of the originating or RCST system initialization and main loop method.
  • Figure 22 A flowchart of the method that calculates, generates, records, and presents the permutations of function and function value patterns used by other processes in the invention.
  • Figure 24 A flowchart of the method that uses an Obfuscation Pattern Permutation to obfuscate an ODO while recording the obfuscation metadata in an Object Management Record.
  • Figure 26 A flowchart of the method that segments an ODO, reorders, groups, and inserts Invalid Data into the segments, and obfuscates and encrypts the segments using functions specified by the Obfuscation Patter Permutation while recording the segments' processing metadata in a Segment Management Record.
  • Figure 28 A flowchart of the method that prepares, formats and packages processed segments and invalid data object segments for transmission to diverse and separate storage locations.
  • Figure 32 A flowchart of the method in which diverse remote processing RCST systems autonomously prepare a transmission pathway for the diversified, separated transmission and diversified, separated, and secure storage of valid and invalid Segments.
  • Figure 34 A flowchart of the method in which a retrieval system retrieves valid and invalid Segments from diverse, separate, and secure storage, processing, and transmission systems.
  • FIG 36 A flowchart of the method in which a receiving system reassembles packaged and processed Segments and rejects Invalid Data to reassemble and restore an Original Data Object (ODO).
  • OEO Original Data Object
  • Figure 38 A flowchart of the method that calculates, generates, and presents permutations of invalid data as defined herein that are used by other methods in the invention.
  • Figure 40 A flowchart of the method by which an Originating System synchronizes and communicates an ODO with one or more receiving systems.
  • Figure 42 A flowchart of the method by which an Originating System migrates segments to different separate and secure storage locations and secure access areas.
  • Figure 56 An illustration of an embodiment of a Segment Tracking Object structure used to segment an ODO, insert Invalid Data into an ODO or its segments, group the segments of an ODO, and specify the origin of the data contained in a processed Segment or Segment Grouping.
  • Figure 60 A representation of one embodiment of permutations of obfuscation functions and their ranges of input values
  • Figure 62 A representation of one embodiment of permutations of specific input values that are applied to the obfuscation function permutation shown in Figure 60
  • Figure 64 An example of Pattern Functions Tables showing example functions for other types of pattern permutations. These are shown without input value ranges to simplify functional descriptions.
  • Figure 70 An embodiment of an Object Management Record that records the obfuscation processing and processing metadata of an Original Data Object.
  • Figure 72 An embodiment of a Function and Values Record that records the processing executed on an Original Data Object or its segments according to a Pattern Permutation
  • Figure 74 An embodiment of a Segment Management Record that records the segmenting of an Original Data Object, and 105 the obfuscation and transmission preparation processing of its segments.
  • Figure 80 An embodiment of an Addressing Synchronization Table that records the sets of routable packet addressing established between two nodes across which the two nodes can distribute the contents of an original packet.
  • the set of routable packets are used to transmit multiple packets over changing patterns of destination and source addresses that obfuscate and authenticate transmissions in transit.
  • Figure 82 An embodiment of a table of source and destination address permutations into which a table offset is applied to determine that permutation that will be used to pattern the addressing for four packets.
  • Figure 88 An embodiment of a Private VLAN DHCP Synchronization table that records three types of addressing for nodes on a Private Virtual LAN that is federated and synchronized with other LANs to form a single address space that can communicate OSI Level 2 and Level 3 packets across separate but federated LANs in an obfuscated and self authenticating manner over a public 115 network.
  • Figure 90 An embodiment of an RCST connected to two separate LAN's where the RCST is connected to a public network routable first LAN with multiple node addresses that, according to an Address Synchronization Table exemplified by the embodiment in Figure 80, are allocated to distribute obfuscated packet content from a specified node on a separate LAN to which the RCST is also connected and on which the RCST registers only one address.
  • Figure 94 An embodiment of four pairs of LANs that transmit and receive packets over a public network, each LAN with an
  • RCST connected to a public network routable first LAN with multiple node addresses that, according to an Address Synchronization Table exemplified by the embodiment in Figure 80, are allocated to distribute obfuscated packet content from a specified node on a separate isolated LAN to which the RCST is also connected and shares a federated address space with any other synchronized isolated LAN through the maintenance of a shared federated DHCP table .
  • the present invention processes, transmits and stores data objects according to a set of reversible patterns in order to make the data objects secure and private during transmission and storage.
  • the invention provides for the manipulation, processing, obfuscation, transmission, storage, retrieval, and recovery of data objects that allows users of the data to more securely transmit and store the data objects.
  • the security is partially provided through a process providing beneficial utilization of the phenomenon of the degradation of the ability to decrypt encrypted data objects as an increasing number of the bits of the encrypted data object are not
  • the Invention also provides for secure and private data transmission, data storage, file synchronization, file streaming, and
  • Storage and computing resources can be local or remote, including those resources sometimes referred to as "the cloud”.
  • the Invention includes processing software and computing and telecommunications hardware ("the system") used to obfuscate, segment, reorder segments, group segments, transmit, store, retrieve, reassemble, and reconstitute a specified original data object intended for private and secure transmission and storage by using changing permutations of processing and transmission
  • the methods provided for include without limitation: recording a hash value that verifies the content of the data object, calculating unique permutations of patterns according to which the data object and its segments will be obfuscated, segmented, reordered, grouped, transmitted, seeded with invalid data, stored, and retrieved for reassembly. Methods further include obfuscating the data object by compression and/or encryption using differing sequences of functions determined by permutations of a set of functions, executing other functions for obfuscation of the whole, not segmented data object, segmenting that obfuscated data object
  • the transmission methods of the invention provide for transmitting the segments over diverse transmission media that follow separate physical or logical routing, transmitting segments from the same original data object using differing and diverse
  • the invention also provides for transmitting the segments over differing timing periods to obfuscate the association of a group of obfuscated segments, causing the resources receiving the transmission to re-transmit the object segments with additional layers of encryption, obfuscation, and diverse segment identifiers that make the segments anonymous as to their origin and obfuscate the association of data object segments to each other, to the original data object, and to the originating system.
  • the system includes having multiple logically, commercially, politically, or physically separated storage resources and secure data storage access areas store each obfuscated segment separately, or in groups insufficient in number to reassemble the original data object, in separate access areas in a manner that increases the difficulty of accessing and acquiring all of the segments.
  • the invention provides a system to receive the transmitted data object segments, and that a receiving system can further process the transmitted object segments for anonymity and obfuscation, and provides that a receiving system can store the obfuscated
  • the system can further have a storage and receiving system store and transmit invalid data that appears to be part of the original data object but does not come from that object.
  • the invention further provides a retrieving system that retrieves the transmitted data object segments according to a differing and changing retrieval pattern determined by calculating a permutation of a set of retrieval patterns that is different than the
  • the invention provides for retrieval of the data object segments from their diverse and separate storage locations via multiple layers of encryption across multiple receiving and transmitting systems that autonomously process the segments and set independent transmission pathways to preserve anonymity of the segments.
  • the invention provides for deleting the obfuscated segments stored in the storage resources once they are retrieved or after a predetermined retention period.
  • the invention provides for a method that reassembles the retrieved segments according to the reversal of a recordation of obfuscation and transmission function processing results, reversing segment reordering, reassembling the object segments, removing any invalid data that was inserted into the object or its segments, decrypting and decompressing the reassembled data object, and verifying the integrity of the restored data object and its segments using hash values calculated from the data object and its segments prior to obfuscation processing.
  • the invention provides for data that are not from the original data object to be processed, inserted, intermingled, and transmitted with the data from the original data object.
  • the data not from the original data object are intended to obfuscate the data from the original data object during transmission or in storage.
  • the data that are not from the original data object can be referred to herein or in prior applications as "invalid data", “dummy data”, or “false data”. These terms are interchangeable for purposes of the specification of the invention.
  • the invention provides that the invalid data can be interpretable content that is not
  • the data object segments can be portions of a divided original data object, or false, invalid data produced by the methods that produce invalid data. They are processed, transmitted, stored, and retrieved as discrete data objects in their own right and can be referred to herein or in prior applications as "segments”, “data object segments”, “segment groupings”, “groups of data object segments”, “discrete data object segments”, “discrete data objects”, “discrete partial data segments”, “discrete segments”, “data
  • the "Original Data Object” is also referred to as the "ODO” and can be any type of digital file, stream, or object, including word processing files, spreadsheet files, database files, encryption keys, credit card records, obfuscation patterns, retrieval patterns, videos, audio files, image files, email files, and the like. This application provides a glossary of terms for the convenience of the reader.
  • the invention provides for compressing, encrypting, verification hashing, segmenting, reordering
  • the invention in such a manner as to restore the original data object from the various discrete, partial, reordered, and obfuscated data object segments to its original "cleartext" format.
  • a segmenting method that inserts invalid data unrelated to the original data object according to a pattern that is structured so as to allow the reassembly method to discard the unrelated data during the process of reassembling the original data object.
  • a segmenting method that re-encrypts the various segments into which the original encrypted data object is divided using various encryption key lengths and encryption methods according to a pattern that is structured so as to allow the re-assembly method to reverse the encryption of the data object segments using the same diverse encryption key lengths and encryption methods.
  • the computing instance originating the data object processing (“the originating system") 215 optionally obfuscates the original data object ("ODO") by compression and encryption and then by segmenting the obfuscated ODO into smaller pieces.
  • the invention obfuscates the ODO and each of these segments with obfuscating functions specified in an "obfuscation pattern" derived from permutations of patterns of obfuscation functions and function input values.
  • the Obfuscation Function Pattern Permutation is calculated by a permutation calculation algorithm, or acquired from a predetermined list of obfuscation function patterns.
  • the invention may or may not combine non-sequential segments into larger groups ("segment
  • the system then transmits the resulting obfuscated, reordered, and grouped object segments according to a "transmission and storage pattern" over diverse physical and logical transmission media, protocols, and pathways to diverse physical and logical computing and storage resources located in diverse geopolitical, commercial, and legal domains. Storage resources for one or more segments can also be local secure access areas.
  • the "transmission and storage pattern" is also a permutation of related functions and function input values.
  • the segment storage locations are prepared by the originating system negotiating an encryption key exchange, a transmission pattern, and a storage location reservation with a sequence of available storage location systems, or by the systems that receive segment transmissions exchanging encryption keys between themselves to securely transmit the segments. Segments, or groupings of segments insufficient in number to reassemble the ODO, are stored separately from each other on separate storage systems or in separate access areas.
  • the system can obfuscate, transmit, retrieve and reassemble an encryption key just as it would any other data object, and does not distinguish between the intended purposes of an Original Data Object.
  • a segmenting method is provided that reorders the segments of the segmented original encrypted data object into group of non-contiguous segments according to a pattern that is structured so as to be reversed by the reassembly process that reconstructs the original data object.
  • the invention provides that the number, length, validity, cardinality, ordination, type of methodologies used in the function
  • data object segments can also be stored and communicated in formats other than digital packet data, including without limitation in a physical machine-readable format such barcodes, QR codes, stenographic images, removable media, and other physical representations of digital data, or on removable digital media as well, to further render more
  • Some segments may be stored on the local computer, which can be additionally be used as a remote storage server to other remote systems that separately retrieve and reassemble the segmented data object for file synchronization or communications purposes, or other purposes.
  • One beneficial aspect of the invention is that it is easily and effectively utilized using shorter length encryption keys on low cost computing equipment, thereby reducing the cost and complexity of ensuring secure and private data transmission and storage.
  • the invention reduces the efficacy or even the possibility of a "brute force" decryption attack. It provides strong security even with short encryption keys since the absence of content information about the original data object will greatly increase the amount of information which a brute force attack must guess, rendering the known encrypted data bits less decipherable into cipher text, and therefore less usable by the unauthorized accessors of data object segments. Hence, the encryption key lengths of the known segments can be shorter and require
  • reversible patterns are determined through a variety of methods that specify how the data object will be obfuscated, transmitted, stored, retrieved, and reassembled back into its original form. These patterns are recorded into object and segment management 260 records that provide information to make the process secure and reversible.
  • Obfuscation Pattern Sometimes called the "Obfuscation Pattern Permutation" or “OPP", this is a changeable permutation of a set of data object processing functions and values that instruct an obfuscation method how to process the original data object and 265 its segments so as to make them unreadable to a system or party that does not know the obfuscation pattern.
  • This pattern specifies how a data object will be obfuscated, how it will be segmented, how the segments will be reordered and optionally grouped, how
  • Invalid Data will be inserted, as well as how further obfuscation functions will be performed with the segments prior to preparation for transmission.
  • This pattern is a changeable permutation of a set of transmission configurations, protocols, source and destination addresses, actions and functions, and their parameters, attributes, and values that instruct a transmission method how to transmit the obfuscated ODO segments, its segment groupings, and the related invalid data so as to make them difficult to acquire, capture, associate, decrypt, and reassemble by a system or party that does not know the transmission and storage pattern.
  • This pattern also
  • the TPP includes without limitation differing patterns of source and destination addressing in packets containing segments or segment groupings, and differing patterns of storage locations in which segments or segments groupings from the same data objects are stored separately from each
  • Segments or segments groupings from the same data object may be stored in the same secure access areas in groups with segments insufficient in number to easily reassemble the original data object.
  • Retrieval Pattern - This is a set of retrieval functions and their parameters that instruct a retrieval method how to retrieve the obfuscated data object segments from local or remote logical storage locations so as to make it difficult to "sniff, capture, associate,
  • This pattern can include instructions to the local and remote data processing and storage resources for themselves performing secondary retrieval operations from another storage resource.
  • the Retrieval Pattern may also be used by one or more systems other than the originating system for purposes of communicating or synchronizing an ODO across multiple systems.
  • the retrieval pattern may also specify
  • Invalid Data Pattern - This is a set of data generation and presentation functions and their parameters that generate invalid data and make the invalid data available to an invalid data insertion process. These invalid data pattern insertions and transmissions are retained in a system processing record to allow retrieval and reassembly methods to remove invalid data from the retrieved
  • the Invalid Data Pattern also generates invalid data for processes that retrieve invalid pieces of data that were not previously transmitted by the originating system and are intended to be indistinguishable from the actual valid data object segments from the original data object, in order to obfuscate the data object
  • Another aspect of the invention provides a method for calculating permutations of patterns of functions and values for obfuscation, transmission, storage, retrieval, and inserting of invalid data into the original data object and its segments. This method allows the system to generate or acquire a permutation seed value, such as a random number or a value derived from a pass phrase, biometric measurement, a value generated by a time-based password generating algorithm, a
  • Pattern Function Tables that provide the set of functions and their input values that will be permutated for each type of pattern permutation used in the invention.
  • an Obfuscation Pattern Function Table a Transmission and Storage Function Table, an Invalid Data Function Table, and a Retrieval Pattern Function Table.
  • a method for recording the permutations of patterns of functions and function input values used for obfuscating, transmitting, storing, retrieving, and inserting invalid data in the ODO, its segments and segment groupings Also provided are data retrieval and reassembly methods that can utilize either the
  • the invention provides algorithms that calculate permutations of patterns (“Obfuscation Pattern Permutations”) that can direct an object processing method to compress and encrypt a data object and then segment it into variable sized pieces ("segments” or “data object segments” or “segment groupings”), insert false data (“invalid”) bits and bytes, encrypt the segments multiple times using multiple encryption methods as well as compression, or otherwise obfuscate the data in the segments through logical operation
  • RCST local or remote storage devices
  • RCST storage resources store the segment in a specified location (“storage location”) or secure access area that is separate from the storage locations of other
  • the storage locations are determined by a negotiation with the originating system or another RCST system.
  • the RCST system can also re-transmit the transmitted segments according to an instruction and transmission pattern embedded in the segment.
  • the RCST systems can also independently and autonomously prepare a pathway for the transmission and storage of segments and segment groupings.
  • the invention provides a changeable master permutation calculation algorithm that calculates which permutation of a changeable baseline set of functions and the input values will be used by the methods processing an original data object. Selecting different processing permutation patterns for each data object to be processed by the invention allows it to use a different series of permutations of patterns uniquely different from other data objects processed in another instance of the invention.
  • pattern permutations can be calculated for each ODO with widely varying attributes each time a specific data object is securely obfuscated, stored, transmitted, or retrieved by the invention. This is
  • an instance of the invention can construct its own variation of baseline permutation function sets, function input values and algorithms for the calculation of obfuscation, transmission, storage, or retrieval pattern permutations.
  • each instance of the invention can have its own unique structure and selection of functions and values for all patterns, as well as a custom algorithm that determines how the functions ordinate and increment within the permutation table, such as a permutation of a table of obfuscation functions that will be used to obfuscate the object and its segments. Because the
  • parameters for obfuscation, transmission, storage, and retrieval of the data object are defined by an algorithmic calculation of a permutation
  • one embodiment of the file containing the recordation of the obfuscation process only needs to retain the patterns' permutation offset values and a pointer to the associated permutation algorithm and baseline function set to be able to identify and recreate the pattern permutations used to process and restore the ODO.
  • This provides further obfuscation of the data object since a third party desiring to recover the object must know the permutation seed value, permutation calculation algorithm and baseline
  • 355 function set unique to an instance of invention to determine the patterns used to process a data object. Since those values and structures can be unique to each instance of the invention and able to be changed and versioned frequently over time, and even for each unique obfuscated object, it is extremely difficult or impossible to capture, perform cryptanalysis, or reassemble the original data object by using recognition of repetitive patterns.
  • 365 secure and private stored object segments to be accessed, retrieved, and reassembled for file synchronization or communication applications such as a store-and-forward messaging system similar in function to email.
  • object and segment management records, seed values, baseline function sets, algorithms, and decryption keys are maintained in a strongly encrypted format at the system end points in order to preserve the security and privacy of the processed data object.
  • Object Management Record and Segment Management Records specify the functions, attributes and
  • the Object Management Record This collection of data, typically stored as a row in a database, provides the information on how to identify an original data object, how it was obfuscated, and transmitted and stored. It is used to verify and reassemble the
  • the Segment Management Records This collection of data, typically stored as rows in a database, are associated to an Object Management Record as described above, and provide the information on how the segments of an ODO are identified, obfuscated, packaged, transmitted, stored, verified, and retrieved. It can additionally be used to retrieve and reassemble the segments of the original data object.
  • Each transmitted segment is assigned an identifier from a sequence of random or pseudo-random
  • 380 identifiers that is used in transmission, storage, and retrieval to make anonymous and obfuscate the association of data object segments from the same ODO to each other, to the ODO, and to the originating system. This sequence of identifiers is related back to the original data object and its segments by the Segment Management Record.
  • the invention provides for transmitting obfuscated data object segments over separate transmission channels, media, and protocols.
  • a segment transmission method is provided that transmits data
  • 385 object segments of the original data object over different combinations of transmission media such as the Internet, cellular phones, Wireless Data carriers, analog telephone switches, packet switched radio, and others.
  • a data retrieval method that receives the data object segments from the various transmission media so as to allow the reassembly method to reassemble the original data object. Since acquiring all of the pieces of a segmented encrypted data object is critical to decrypting it, transmitting pieces of that object require that an unauthorized accessor monitor and acquire data from a wide variety of transmission media, 390 channels and protocols. This reduces the ability of hackers to obtain the complete data object during transmission, thereby increasing its security.
  • data object segments are transmitted by the invention's transmission method over different data carriers, over different network infrastructure elements such as Internet backbones, different packet routing routes, different transmission and media, either physical or digital, or at different times, or in any combination thereof, so as to render more
  • a transmission method that transmits data object segments using transmission addressing and protocols that may enforce a predetermined or differentiated packet routing or addressing from the routing or addressing of other associated data object segments. This includes without limitation sending data object segments using static IP delivery rules programmed into a packet routing device. Also provided is a data receiving method that receives the data object
  • a transmission method that transmits segments of an original data object to diverse destination systems or to diverse transmission protocol addresses. Also provided is a data receiving method that allows the corresponding diverse destination systems or diverse transmission addresses to receive the data object segments and store them so as to allow the retrieval and reassembly methods to reassemble the original data object.
  • a transmission method that transmits segments of the original data object by using individually or in combination, diverse transmission protocols, such as FTP, SMTP, HTTP, SMS, TCP, UDP, NNTP, and the like, as well as such proprietary transmission protocols as can be devised.
  • a data receiving method that allows the corresponding destinations systems to receive the data object segments by using individually or in combination, diverse transmission protocols such as FTP, SMTP, HTTP, SMS, TCP, UDP, NNTP, and the like, as well as such proprietary transmission protocols as can
  • the invention provides for more secure transmission of the data object segments by embedding the content and metadata of the obfuscated data object segments in the content portion of various transmission and communication protocols that are able to be parsed by the receiving system (RCST system).
  • Different data communications protocols for transmission of segments of the original data object utilized by the invention include without limitation HTTP, FTP, SMTP, NNTP, or other transmission
  • a transmission method that transmits segments of original data objects during varying time intervals and with varying time delays. Also provided is a data receiving method that receives the data object segments
  • the invention provides that the systems transmitting and receiving the data object segments can exchange encryption keys and transmission patterns and assess storage and retention capabilities prior to transmission to determine the optimal set of storage locations and separate access areas for the various segments of the encrypted data object, which include a set of storage 425 locations that store the segments from the same data object in diverse, separate, and securely isolated access areas.
  • the invention can instruct the storage locations' computing resources to perform security enhancing functions on the segments, such as further obfuscation, negotiating secure transmission to another separate storage resource, transmission to another storage location, copying to another storage location to allow access by another system and with a different retention period, and by deleting and destroying the data object segment according to a retention instruction from the transmitting system.
  • Any data object can be an original data object for purposes of the Invention, regardless of purpose.
  • encryption keys are themselves data objects that can be processed and transmitted just as any other original data object as disclosed herein
  • the invention provides methods that allow secure storage and transmission of encryption keys just as any other data object with its own specific function.
  • a segment transmission that uses symmetric key encryption will exchange the symmetric session key with greater security because segments of the complete symmetric key are transmitted in re-ordered segments, over different data carriers using different transmission infrastructure or enforcing data packet routing over different routers, over different types of transmission media such as IP Networks, Wireless Networks, analog switching networks and the like, or any combination thereof, or at different times to make the segments not appear to be part of the same transmission sequence.
  • the security and privacy of encryption keys exchanged between systems is increased when the various segments of those keys are transmitted between systems over different transmission paths, and by different intermediate systems providing anonymity through additional layers of encryption on the exchanged encryption key segments.
  • the invention can provide an increase in the security of an encrypted data object when different data object segments of the complete decryption key data object for that encrypted Original Data Object or its segments or its segment groupings, all and of each of which are also data objects as disclosed in this application, are stored in reordered segments, in different locations, on separate access areas or on storage systems different from segments from the same data object, on different Storage Media, in different Storage System access areas, or any combination thereof, and further are transmitted in reordered segments, over different transmission media, using different transmission protocols, using transmission time lag intervals, or any combination thereof.
  • a transmission method that transmits a negotiation message to the receiving RCST system to alert it to receive a data object segment or combined reordered grouping of segments of the original data object and may or may not specify a specific transmission pathway or addressing pattern over which that segment or grouping will be transmitted.
  • the negotiation object is used to exchange encryption keys with a destination system.
  • the negotiation object is used to reserve a logical indexed storage location for a data object segment on the destination system access area that does not store another segment, or a sufficient number of segments to allow reassembly, from the same data object.
  • the negotiation object is used to verify the authenticity of the destination system.
  • a data receiving method that receives the negotiation object so as to allow the receiving system to retrieve a transmission pattern record and/or instructions with which to prepare various reception subsystems for reception, processing, and storage of the data object segments. Also provided is a data receiving method that receives the negotiation object so as to allow the receiving system to exchange an encryption key for further communications with the transmitting system, either by optionally exchanging the encryption key utilizing the invention or by not utilizing the invention. Also provided is a data receiving method that receives the negotiation object so as to allow the receiving system to reserve a storage location for a received data object segment that is in a different access area or storage system from those storing another segment from the same data object. Also provided is a data receiving system that allows received data object segments to be stored for a specified period of time, or retention period, after which they are automatically destroyed by the receiving or destination system.
  • a data reception method that "times-out" the reception of data object segments according to the delivery latency tolerance parameters contained in the data object segment transmission pattern record or instructions. Also provided is a data reception method that transmits a request to the originating transmission system or systems, requesting a retransmission of any data object segments or negotiation objects that do not arrive within the delivery latency tolerance parameters.
  • a data transmission method that allows a Receive, Compute, Store, and Transmit (RCST) system to receive, authenticate, read instructions from the transmission, process, store, decrypt, re-encrypt, and obfuscate according to the methods described herein, and re-transmit a data object segment that was requested for retransmission by the reception system, optionally storing the data object segment.
  • RCST Receive, Compute, Store, and Transmit
  • RCST systems The invention further provides methods for one or more systems to receive the data object segments or segment groups transmitted from the originating system. In this specification, these systems are referred to as Receive, Compute, Store, and Transmit systems (RCST systems).
  • the invention provides for methods for the RCST systems to perform functions including without limitation a) receive segments and other data objects transmitted from other components of the invention, b) perform computational processing tasks with them including without limitation decrypting, encrypting, de-compressing, compressing, transforming, re-segmenting, re-ordering of segments, amending metadata, and the like, c) store the received and possibly computationally altered data object segment or segment group in a secure access area separate from other segments from the same data object and for the time period specified in the segments' retention metadata, or for a default time if a retention period is not so specified, and d) optionally transmit the received, computationally altered, or stored data object segment to another component of the invention that includes without limitation the originating system, another RCST system, or another receiving system other than the originating system, such as another systems operating as an end point in a communications or synchronization activity.
  • the invention also provides for an RCST system that is able to receive, parse, and process for the purpose of the invention the diverse transmission protocols utilized by the transmission method to transmit the obfuscated data object segments' content and embedded metadata.
  • the invention also provides for an RCST system that is able to receive, parse, and process received segments and data objects according to instructions embedded in the received data object or packaged segment.
  • the RCST system can transmit data object segments and metadata securely to RCST systems or to other receiving systems by using either the methods of the invention herein described or by using more commonly used methods of secure data transmission.
  • the RCST system can transmit segment data in either manner both to systems requesting the segment from it, or to a system with which the transmitting RCST system has negotiated storage location.
  • the RCST system is similarly able to securely receive and process data object segment content and metadata that is transmitted to it by a requesting system, or that it has requested from a transmitting system.
  • Processing the received segment data on the RCST can include without limitation storing it in a pre-reserved logical storage location, decrypting the segment data, re-encrypting the segment data, transmitting the segment data to another RCST or user system, further obfuscating the segment data according to instructions embedded in the segment data and according to obfuscation methods disclosed herein, destroying the segment data at the expiration of the segment data retention period, or other types of instructions that can be embedded in the segment data metadata by a transmitting system.
  • an RCST system can generate and provide transmission encryption keys, reservations for logical storage locations within its system, transmission patterns, or can transmit segments or segment groupings to processes and systems that negotiate a transaction or exchange of data with the RCST system.
  • the invention also provides that the RCST system and the system negotiating a transaction with it may have pre-arranged secure communication methods such as pre-arranged encryption keys, a virtual private network, and other secure communication methods as will be known to those skilled in the art of secure data communications.
  • the invention also provides that the RCST system and the system negotiating a transaction with it may have pre-arranged a set of obfuscation, transmission, storage, and retrieval pattern permutations that they will use to securely exchange symmetric or other types of encryption keys, data object segments or segment groupings, invalid data, or other types of data objects.
  • the RCST systems can also utilize the invention to exchange different pattern permutations to use in place of the pre-arranged sets of pattern permutations to avoid using repetitive pattern permutations.
  • the RCST system can request and retrieve encryption key and pattern set information from other systems of the invention including without limitation other RCST systems, originating systems, and other systems that are retrieving or receiving data object segments.
  • an RCST tracks which logical storage locations in its storage domain are available for storing data object segments and segment groupings.
  • the RCST will know if a storage location in its storage resource is currently claimed, or reserved, by another data object segment.
  • the RCST sends to a system requesting a storage location an identifier for a storage location that is available for use, also referred to in this specification as a "reservation".
  • the RCST sets a flag for that storage location as being unavailable to other storage reservation requests for the period of time specified in the reservation request from the originating system or another RCST. If the RCST does not receive a segment to optionally process and store from the originating system or other RCST within the reservation time, the Storage location is released and made available for further storage requests.
  • the RCST system provides storage location reservations or denials to systems that request to store a data object segment on its system.
  • the RCST verifies the request to store a segment.
  • the RCST then assesses its capacity for storage and retention of the segment based on size and retention metadata included in the request.
  • the RCST then returns a positive or negative response to the requesting system based on its ability execute the request.
  • the RCST system is similarly able to request a logical storage location reservation from another RCST storage resource or other data storage resource, to provide to that resource the required verification and segment storage requirements metadata, and to process and respond as configured to the returned reservation or denial from the system receiving the request.
  • the originating system or a series of RCST systems, performs a negotiation with one or more
  • Receive, Compute, Store, and Transmit (“RCST”) systems that includes without limitation an exchange of encryption keys for secure communication with the RCST, a specification of an encryption technology to be used with the encryption key, and a reservation of a storage location index on the receiving RCST system in a secure access area or storage location separate from other segments from the same data object.
  • RCST Receive, Compute, Store, and Transmit
  • a series of RCST systems can by utilized to predictably receive, re-process, store, or re-transmit the object segments along a known series of transmission and storage locations (the "transmission pathway").
  • the transmission pathway can follow the transmission pathway specified in a transmission pattern permutation calculated by the originating system or by an RCST system.
  • the invention provides two methods for the establishment of a transmission
  • the first method begins with the originating system negotiating directly with one or more receiving RCST systems multiple different transmission encryption keys, originating system identifiers, segment identifiers, transmission patterns, storage locations, and other transmission and storage metadata for secure transmission and data object integrity verification of transmitted segments.
  • the originating system knows all of the encryption keys, storage locations, RCST identifiers and related metadata in the
  • two or more RCST systems independently and autonomously negotiate keys, locations, and identifiers for secure transmission of data object segments with or without informing the originating system of the keys, locations, identifiers, and other transmission and storage metadata.
  • the originating system transmits the segment or segment groupings to a first RCST system with instructions embedded in the metadata of the
  • the segment or grouping will be stored with a specific segment identifier at a particular location on a specific RCST system with a specific encryption key that matches the retrieval pattern permutation for that segment or segment grouping.
  • a sequence of RCST systems then negotiates a secure transmission pathway between themselves according to embedded instructions. They use encryption keys negotiated at the time of segment transmission, negotiated previously so as to be
  • the receiving RCST system can further obfuscate and place different identifiers on a segment or segment grouping to increase the anonymity of the segment and further obfuscate its association with other segments, the originating system, and the original data object.
  • the invention provides a method for the originating system to establish a
  • the originating system determines and negotiates with a sequence of RCST systems that will receive, store and re-transmit the segment or segment grouping along with invalid segments to the next RCST in the pathway after optionally processing it for obfuscation, transforming it into a different protocol packaging, or storing it according to the instruction included with the transmitted segment.
  • the originating system can then embed the destination RCST identifiers and addresses sequentially into segment transmission metadata, and then transmit the segment or segment grouping with a storage location reservation request to the RCST systems.
  • Each RCST in the transmission pathway then in turn receives the segment, decrypts it, verifies it, stores it for the time specified in the retention period, and transmits it to the subsequent RCST in the transmission pathway.
  • the originating system prepares the transmission pathway by negotiating with a number of RCST systems, for example four RCST systems, to transmit an object segment to a storage location on one or more of the RCST systems.
  • the originating system negotiates an exchanged symmetrical or other type of encryption key and a storage location index reservation with each RCST system in the transmission pathway sequence. It then encrypts the object segment in successive layers of encryption in the reverse order of the transmission pathway, beginning with the key exchanged with the RCST that will be the last RCST in the transmission pathway.
  • the first receiving RCST system will be able to decrypt the object segment and transmit it to the second RCST system, which will in turn decrypt the second level of encryption with the key exchanged with the originating system and transmit it to the third RCST in the pathway, and so forth, until the end of the transmission pathway is reached at the last negotiated RCST system and the final decryption of the segment object will occur with the last negotiated key.
  • the originating system negotiates encryption keys and logical storage reservations with multiple RCST systems or user systems, and then encrypts the data object segment or segment grouping, or invalid data object segment, in multiple layers of encryption using the negotiated keys in the reverse order of the RCST systems transmission path to which the segment data will be sent.
  • the originating system encrypts the segment object to be transmitted one or more times with the keys that have been exchanged from the corresponding one or more RCST systems in the reverse order that they will receive the encrypted data object segment.
  • the originating, transmitting system embeds the appropriate instructions within each layer of encryption so that the decrypting RCST system will be directed to transmit, store, or otherwise process the segment according to the transmission pattern negotiated by the originating systems and as determined by the transmission pattern permutation.
  • Within each encryption layer is embedded the destination addressing metadata for the next RCST system in the transmission pathway whose exchanged key will decrypt the next layer of encryption of the segment data in the transmission series, and so forth.
  • the RCST systems operate independently from the originating system in the initiation, preparation, and execution of a multi-stage, multi-encryption-layer transmission pathway used by the invention to obfuscate the association of segments to each other and to establish anonymity of the origin and destination of the data object segments or invalid data object segments.
  • multiple RCST systems negotiate transmission encryption keys and logical storage reservations with one or more other RCST systems or other receiving systems so that data object segments from the same data object are stored in separate secure access areas.
  • the multiple RCST systems send embedded instructions to other RCST systems to similarly negotiate encryption keys and storage locations independently, and then encrypt the data object segment or segment grouping in multiple layers of encryption using the negotiated keys in the reverse order of the transmission pathway negotiated by those other RCST systems.
  • the transmitting RCST system encrypts the segment object to be transmitted multiple times with the keys that have been exchanged from the multiple RCST systems in the reverse order that they will receive the encrypted data object segment.
  • the transmitting RCST system embeds the appropriate instructions within each layer of encryption so that the decrypting RCST system will be directed to transmit, store, or otherwise process the segment according to the instructions embedded in the layer that it can decrypt, including without limitation instructions to negotiate further stages in the transmission pathway, to store the segment or grouping at a reserved storage location, or to embed instructions for a specific RCST system to store the segment or grouping in a specific storage location with a specific encryption key separately from other segments from the same data object as specified.
  • each encryption layer is embedded either instructions to prepare a specified number of RCST systems as a transmission pathway, or the destination addressing for the next RCST system in the transmission pattern path whose exchanged key will decrypt the next layer of encryption of the segment data in the transmission series.
  • the destination addressing for the next RCST system in the transmission pathway is not specified by the metadata from the originating system, but is instead determined by a
  • the initial RCST system is instructed by the originating system to store the segment or grouping encrypted with a specified encryption key on a specific RCST system at a specified storage location that matches the retrieval pattern for the segment as determined by the originating system.
  • the originating system controls the certain instances of the segment's storage pattern so that segments from the same data object are stored in separate access areas or on differing storage systems.
  • the computer systems that receive the segments from the originating computer can perform computational tasks with the received segments including without limitation such as decrypting with the key exchanged with the originating computer, re-encrypting with a different key, for example one exchanged with another RCST, parsing or interpreting the transmission protocol containing the object segment, reading and executing an instruction embedded in the transmission, re-packaging the segment in a different transmission protocol, embedding instructions into
  • the re-packaged object segment transmission packet and re-transmitting the re-packaged segment and its embedded instructions to another RCST system or retrieving system, including a system with which it had previously exchanged encryption keys.
  • the receiving RCST system can also generate, package, and transmit invalid in order to further obfuscate the transmission of valid data.
  • Instructions to the a receiving RCST system and subsequent RCST systems can include instructions on how to transmit the segment to the next stage of its prepared transmission pathway, including transmitting the segment to another specific receiving RCST with
  • the transmitting originating system had previously exchanged keys.
  • This allows the system to construct a transmission pathway in which the encryption key exchange occurs a) between the originating computer and the destination RCST systems along the pathway, b) between the RCST systems constituting the transmission pathway, or c) any combination thereof.
  • the instructions transmitted to and relayed by the RCST systems instruct the RCST systems in the transmission pathway to eventually store the object segment in an RCST location that will allow the retrieving computer to retrieve the segment from that
  • This aspect of the invention allows the retrieval pattern to specify retrieval of the transmitted object segments from storage locations that are different from the storage locations to which the object segments were originally transmitted.
  • This aspect of the invention further provides that the object segment is able to be stored in various formats at various locations throughout a transmission path negotiated either by the originating computer or autonomously by a series of RCST systems, and that the segment
  • the retrieval pattern can contain location, access, protocol, and encryption information for a number of RCST systems that store the segment along the transmission pathway, allowing the retrieval
  • the transmission and storage pattern derived from the transmission permutation can specify the assignment of a specific storage location for each Segment or Segment Grouping that ensures that segments from the same data object are stored separately in different secure
  • Routing a transmission to a specific destination RCST system can be accomplished by multiple methods known to those familiar with the art of transmitting data, including the specification of a static TCP/IP address, a Universal Resource Locator, Strict Source Routing, Loose Source Routing, and the like.
  • a storage method that stores discrete, separate data object segments or segment groupings of the original data object in diverse Data Storage locations and resources that are separate from Data Storage locations and resources storing other segments from the same original data object. Also provided is a data retrieval method that retrieves the discrete, separate segments or segment groupings of the original data object from diverse storage locations and resources that are separate from Data Storage locations storing other segments from the same original data object so as to allow the re-assembly method to reassemble the original data object.
  • a storage method that stores discrete, separate data object segments or segment groupings of an original data object in diverse secure access areas that do not store other segments from the same original data object so as to require diverse authentication events to allow storage, acquisition and re-assembly of the segments contained in the data object.
  • a data retrieval method that performs required authentication events to retrieve the discrete, separate data object segments or segment groupings from diverse storage locations that do not store other segments from the same original data object so as to allow the re-assembly method to re-assemble the original data object. This provision makes it much more difficult for hackers to collect a group of segments sufficient to reassemble the original data object as they would be required to obtain access to a greater number of secure access areas.
  • a storage method that stores discrete, separate data object segments or segment groupings of the same original data object separately and apart from each other on diverse Storage Media and devices, including local or remote Storage Media and devices, so as not to allow exposure of multiple segments of the original data object, and as few as possible, to access to, theft, destruction, or failure of the storage medium or device. Also provided is a data retrieval method that retrieves the discrete, separate segments and segment groupings from diverse separate storage locations that do not contain segments from the same original data object so as to allow the re-assembly method to reassemble the original data object.
  • the data object segments can be transmitted over differing transmission media to and stored separately in different locations, on different Storage Media, or on different Storage System access areas, local storage areas, remote storage areas, or any combination thereof, so as to render more difficult the access to a complete set of the original data object's segments during storage and transmission.
  • the RCST system can request and receive "invalid" segment data and process it in the same manner as valid segment data.
  • This processing of "invalid" data includes without limitation storing it in a pre-reserved logical storage location, decrypting the invalid segment data, re-encrypting the invalid segment data, transmitting the invalid segment data to another RCST or receiving system using the methods of the invention herein described, further obfuscating the invalid segment data according to instructions embedded in the invalid segment data, destroying the invalid segment data at the expiration of the invalid segment data retention period, or other types of instructions that can be embedded in the invalid segment data metadata by a transmitting system.
  • the RCST system can generate invalid data from an invalid data pattern permutation algorithm and transmit that invalid data to other RCST or user systems. Generating and transmitting invalid data allows the system to further obfuscate the transmission of valid data object segments within the system with the intention of making the invalid data appear indistinguishable from valid data to unauthorized users.
  • Segment anonymity Transmitting the data object segment from RCST to RCST with each RCST having its own unique encryption key allows the system to verify the authenticity of the transmission, produce anonymity for the segment both in transit and at rest, and to produce multiple, individually secure copies of segment objects to increase availability and disaster recovery capacity. This allows the segment transmission to show only the RCST network identification and addressing, such as a TCP/IP address or the like, to unauthorized accessors of the segment data either in transmission or at rest, there by preserving the anonymity of the system that originated the segment data.
  • Storing the segment data at various stages in the transmission path also provides the originating system multiple copies of the segment data for disaster recovery purposes, each version of the copy of segment data being more securely encrypted since the key is unique to that stage of the multi encryption layer transmission pathway. If needed, the originating system, or another authorized system with knowledge of the encryption keys associated with a stored segment, can retrieve the multi layered encrypted segment data from any stage in the transmission path in which it was stored and decrypt it to its original pre- transmission format using the sequence of encryption keys with which it was encrypted for multi stage transmission.
  • a retrieval method that retrieves data object segments of original data objects using retrieval protocols that enforce a predetermined, differentiated packet routing from the routing of other data object segments associated with the same original data object. This includes without limitation sending data object segments using static IP delivery rules programmed into a packet routing device. Also provided is a data receiving method that receives the data object segments in the differentiated package routing so as to allow the re-assembly method to reassemble the original data object.
  • a retrieval method that retrieves data object segments to diverse destination systems or to diverse retrieval protocol addresses. Also provided is a data receiving method that allows the corresponding diverse destination systems or diverse retrieval addresses to receive and re-transmit using the same or different protocols by which it received the data object segments so as to allow further retrieval by another destination system or retrieval address that provides the re-assembly method to reassemble the original data object.
  • a retrieval method that retrieves data object segments of the original data object segments by using individually or in combination, diverse retrieval protocols, such as FTP, SMTP, http, and the like, as well as such proprietary retrieval protocols as can be devised, in such a manner that may or may not utilize the same protocol in which the same data object segment was previously transmitted. Also provided is a data receiving method that allows the corresponding destinations systems to receive the data object segments by using individually or in combination, diverse retrieval protocols such as FTP, SMTP,
  • a retrieval method that retrieves data object segments or data object segment groupings of original data objects during varying time intervals and with varying time delays. Also provided is a data receiving method that receives the data object segments during various time intervals and with varying time delays so as to allow the reassembly method to reassemble the original data object.
  • a retrieval method that retrieves data object segments or data object segment groupings from a set of retrieval patterns that change over time. Also provided is a retrieval pattern that sets a retention period on a first RCST system with instructions for each segment to be transmitted with further relocation instructions for the segment or segment grouping to be transmitted to a second RCST storage location according to a pre- established pathway specified by the retrieval pattern. In this aspect of the invention, a retrieval pattern is generated that will provide a
  • the instruction can optionally instruct the first RCST system to destroy the segment stored on its system or continue to retain it after transmitting it to a second RCST system.
  • the first RCST system can optionally embed instructions to the second RCST system to transmit the segment to a third RCST system after the expiration of a specified and optionally different retention
  • the retrieval pattern can specify that only certain segments from an original data object will be relocated at certain time intervals, or all of them will be relocated at different time intervals.
  • a computer system is able to retrieve the stored segments of the original obfuscated data object from the diverse storage locations and reverse the obfuscation of the segments to restore the original data object (the "reassembly").
  • Reassembly is performed by initially retrieving the object management and segment management records detailing how the segments were configured for retrieval and reassembly prior to transmission.
  • the Management Records will inform the system as to the locations of the segments, the keys used to decrypt them, the parts of the transmission pathway with its keys that was prepared for their retrieval known to the retrieving system, the protocols with which the segments can be retrieved, as well as the obfuscation pattern which must be reversed to reorder, reassemble, decompress, and decrypt the Original Data Object and its segments.
  • the retrieval method will perform a retrieval negotiation with RCSTs that both contain the valid encrypted segments from the original data object and those invalid segments that do not, in order to obscure the retrieval and storage pattern and path of the data object's segments.
  • the retrieving system will both retrieve and store segments from multiple RCST's whether or not they contain valid data from the original data object in order to create invalid signals in the data flow.
  • a retrieval system retrieves multiple obfuscated data object segments from diverse, separate
  • the retrieval system can be the same system that transmitted the object or another system which knows the pattern used to retrieve and to reassemble the object from the retrieved segments, or it can be a different system that has the required retrieval and reassembly information and is able to execute the processes required to retrieve and reassemble the various segments of the original data object.
  • This aspect provides for data object synchronization and information communication
  • the retrieval of the object segments can be executed on a system that is different from the originating system.
  • a second system which is operating the invention can be informed of the retrieval pattern and transmission pathway with its associated storage location indices and encryption keys for a certain set of segments, segment groupings, and invalid data associated with an original data object. This retrieval information can be communicated between the
  • a first system operating the invention processes the object and transmits and stores its segments according to a set of patterns known to one or more separate retrieving systems, or according to
  • the Invention When the Invention has retrieved all of the segments of the segmented data object, it then reverses the obfuscation processing that was performed on the object and its segments. It decrypts the segments, reorders them to their original order, removes invalid data, combines them into the original data object, decrypts and decompresses the data object, verifies its authenticity with the hash value calculated prior to object obfuscation. The object is then restored and rendered usable in its original form.
  • the originating system can process and transmit multiple renderings of the segmented object that are obfuscated and transmitted in different patterns for the purpose of providing differing retrieval pattern availability of the segments to multiple retrieving systems that do not know the same retrieval patterns, but are able to retrieve the segments during the allowed retention period with their specific retrieval pattern that matches one of the renderings transmitted by the originating system.
  • the RCST system can be instructed through an
  • an originating system or an RCST system can instruct a receiving or destination system, or RCST system, to receive, transmit, and store in diverse separate secure access areas and storage locations, multiple renderings of the same data object segment using different obfuscation, transmission, retrieval and invalid data patterns. This allows multiple secure and private copies
  • a retrieval pattern communication system that can securely instruct other systems as to how to retrieve and reassemble one or more renderings of the segmented data object.
  • a data retrieval system that is able to utilize these patterns, instructions and parameters to retrieve and reassemble the segmented data object.
  • a security monitoring and reporting method that reports activity within the system and distinguishes anomalous or suspicious activity with the invention. This allows operators of the invention or an automated process to analyze activity to determine if an attack or exploitation of the system has occurred or is occurring. Also provided is a method to instruct the systems storing the segments and segment groupings of the data object to further obfuscate and relocate the data object segments or their groupings to other storage and transmission systems
  • 790 object are further obfuscated through encryption, reordering, inserting invalid data, or other methods, the entity must also correctly decrypt and reverse obfuscation of those objects before being able to determine if it has all of the correct and original segments required to decrypt the original data object, with such a determination being very difficult, if not impossible, to do without knowing the nature of the original data object and how it was obfuscated and segmented.
  • the invention makes it less effective to steal, copy, or otherwise illegally obtain the contents of a data storage device or
  • This data storage and communications system using no central server storing or transmitting an encrypted data object in its entirety, using either remote or local storage with original data object segments stored in separate secure access areas, provides the above advantages over current technologies that store encrypted objects in their entirety on one storage server, allowing for the possibility of theft of that data object and decryption of it by brute force cryptanalysis or other decryption methods.
  • transmitting obfuscated segments of the obfuscated data object over diverse transmission media that follow different physical pathways greatly decreases the likelihood that an entity monitoring the data transmission pathways will be able to collect all of the segments of the original data object needed to reconstruct it. Further, if the transmitting and storage systems transmit invalid data object segments that appear to be obfuscated segments of the original data object, the monitoring entity will have to determine if those segments are part of the segments needed to reconstitute the original object. Further, if the transmitting system transmits the
  • transmitting and retrieving data object segments in multiple parts is often more efficient in terms of speed of communication, so transmitting the data object as smaller pieces provides an efficiency that partially compensates for the additional computing overhead of data obfuscation, transmission and storage of invalid data object segments.
  • the Invention requires that any third party wishing to discover the data object contents and collect all of the object's or encryption key's segments in transmission be able to:
  • the Invention requires that any third party wishing to discover the data object contents and collect all of the object's segments in storage or "at rest" be able to:
  • an unencrypted data object is provided. Also provided are multiple optional data compression and decompression methods to reduce the size and repetitiveness of the data object. Additionally provided are multiple data encryption and decryption methods. Also provided is a process for segmenting, or dissembling an encrypted data object into segments, and for restoring, or reassembling, an encrypted data object from its segments. Also provided is a process for inserting invalid or false data that do not represent the content of the original data object into the original data object and into its data object segments, and a method for removing invalid or false data from the object and segments.
  • a method for transmitting these segment groupings over different data routings, infrastructure, and media and a method for receiving the segment groupings over different data routings, infrastructure, and media. Also provided is a method for receiving these separate segment groupings from different data routings onto computing and storage systems that are able to execute instructions embedded in the data object segment transmission data. Further provided is a method for transmitting and receiving these segments and segment groupings of the data object and invalid data using different transmission protocols. Also provided is a process for receiving these segments and segment groupings with different transmission protocols onto computing and storage systems that are able to execute instructions embedded in the data object segment transmission data. Also provided is a process for translating segments from one transmission protocol to another and then transmitting the segments using a different protocol to another receiving system.
  • a Pattern processor - This method's functions include without limitation to: determine the configured source of permutation seed value, generate seed value if needed, calculate, read, or receive the permutation that specifies the set of functions and function values that the invention will use to obfuscate, transmit, insert and transmit invalid data, store, retrieve data object segments or their groupings, and reassemble distributed object segments into the original data object, and present these patterns to other methods.
  • These other methods include without limitation the obfuscation, transmission package, transmission pathway, invalid data, retrieval and reassembly processors and their methods as disclosed herein, which utilize the associated pattern permutation from this processor to process the data object and its segments.
  • These permutations of patterns of functions and values may or may not be stored in object and segment management records to allow the reassembly of an original data object from those records.
  • An Object processor - This method's functions include without limitation to: read the obfuscation pattern permutation, create and populate an Object Management Record (OMR), create and populate a Segment Tracking Object (STO), digesting or hashing the Original Data Object (ODO) for later verification, identify and obfuscate the encrypted original data object by segmenting, encrypting, adding invalid data, reordering, compressing, performing logical operations on, packaging data objects for segment processing, and otherwise performing obfuscating functions specified by an obfuscation pattern permutation that may be devised.
  • OMR Object Management Record
  • STO Segment Tracking Object
  • OEO Original Data Object
  • a Segment processor This method's functions include without limitation to: read the obfuscation and transmission pattern permutations, segment the original data object, track the segmentation of the original data object, obfuscate data object segments, encrypt segments, add invalid data to segments, reorder segments, compress segments, perform logical operations on segments, format data object segments with specified transmission protocols, embed values and instructions for processing to be performed by a system receiving a transmitted segment, encrypt segments for transmission, and prepare data object segments and segment groupings for transmission.
  • Transmitted segment metadata that is added includes without limitation identifiers for packages and instructions to other systems, target storage resources identifiers, transmission pathway instructions, and other functions as can be devised to obfuscate and prepare for transmission a data object segment. Segment grouping, or invalid data object segment.
  • An Invalid data processor - This method's functions include without limitation to: read the obfuscation pattern permutation and the invalid data pattern permutation, determine the configured setting for generating invalid data, generate invalid data, and provide invalid data to other processes according to the invalid data pattern.
  • a Transmission Package Processor - This method's functions include without limitation to: read the Transmission Pattern
  • TPP Transmission Protocol Permutation
  • a Transmission Pathway Processor - This method's functions include without limitation: read the transmission pattern permutation, prepare one or more transmission pathways with a series of one or more RCST systems for the reception, processing, storage, and transmission of object segments, maintain a database of transmission pathway metadata, handle and prepare transmission keys and metadata prepared by RCST's, identify, handle and prepare available transmission media, generate and exchange encryption keys for hashing and transmitting, negotiate storage location reservations and other transmission metadata, determine and transmit
  • a Retrieval processor - This method's functions include without limitation: read the transmission and retrieval pattern
  • a Reassembly processor - This method's functions include without limitation: read the obfuscation, transmission, invalid data, and retrieval patterns' permutations, or alternatively according to system configuration read the object management and segment management records to determine how to reassemble the data object segments into the original data object, use the Segment Tracking
  • STO 915 Object
  • 920 according to configured parameters of the system and include without limitation: check for queued object retrieval requests, check for queued object transmission and storage requests, use the permutation processor to prepare one or more sets of pattern permutations to prepare for processing of a data object, use transmission pathway processor to prepare one or more transmission pathways, use the invalid data process to prepare invalid data objects, optionally update RCST reference information, and identify available transmission media. This processor then continues to perform these checks, invoke the transmittal of invalid object segments
  • TPP Transmission and Storage Pattern Permutation
  • the invention provides for systems that Receive, Compute, Store, and Transmit (“RCST systems") segments, segment groupings, and invalid data object segments. These systems execute the same processors using the same types of patterns and functions as an originating or receiving system. RCST systems can also provide additional functions for the transmission, obfuscation, 930 storage, receiving, and retrieval of data object segments. These include without limitation:
  • Figure la illustrates a flow diagram according to one embodiment of the present invention.
  • figure la illustrates an overview of a method for securely storing data from the first computer or transmitting and synchronizing data object segments from the first to one or more other computers and storage systems, or in another embodiment, to a second computer.
  • the original data object to be securely transmitted and stored is determined by a transmitting, or originating, computer, 960 step 10.
  • the data may include textual data such as documents, spreadsheets, credit card, financial information, form submissions, video, or the like; images data such as facsimiles, scans, photographs, or the like, and other types of data.
  • Figure 20 illustrates the operation of the system in one embodiment.
  • the originating system starts up, Step 2002, and then invokes the Initialization Processor to prepare the system for operation, which begins by verifying system integrity, step 2004, identifying,
  • Step 2006. optionally requests an update to the RCST reference table, Step 2008, which provides current information as to the IP addresses, Domain URL's, FTP identifiers, or other protocol and specifies which RCST systems are able to exchange segments over a data transmission network.
  • the system then optionally tests the responsiveness of one or more RCST systems, Step 2008.
  • the system queries the retrieval queue, Step 2012, and if there is a retrieval request it invokes the retrieval
  • Step 2014. The system then queries the Data Object process queue, and if there is a Data Object processing request it invokes the Object processor, Steps 2016 to 2018.
  • the originating system uses a Pattern Permutation Processor to calculate unique, or as close to unique and non-repeating as possible, sets of functions and processes, and values and attributes for those functions and processes, that the invention will apply to an original data object and its segments for purposes of obfuscation, transmission, storage, retrieval, and
  • this embodiment accomplishes this by using two algorithms, the first being an algorithm that selects a specific set of functions and processes and the ranges of values and attributes that can be used with those functions and processes called the functions permutation, and the second algorithm determining the specific values and attributes to be used from those ranges for the processing of the data object, called the values permutation.
  • the offset can be calculated from a random or pseudo-random "seed value", or with
  • the initialization processor further polls to see if a transmission pathway is queued and ready to be used by the system, step 2024, and if so configured, will invoke the Transmission Pathway Processor to prepare the number of transmission pathways so configured, step 2026.
  • the system invokes the Transmission Pathway Processor, step 2026, which allows an originating system, as well as RCST systems as disclosed
  • the initialization processor then polls to see if invalid data is queued and ready to be used by the system, step 2028, and if so configured, will invoke the Invalid Data Processor to prepare the amount of invalid data configured to be available, step 2030.
  • the 990 initialization processor then checks to see if the idle cycle processing is enabled, step 2032, and if so configured, will place an invalid segment in the Segment Processor, which will cause the segment to be processed and transmitted according to the next available Transmission Pattern Permutation, step 2034. This transmitting of invalid data object segments increases the difficulty for an unauthorized accessor of monitoring, capturing and decrypting transmissions from the originating system.
  • the initialization processor then checks to see if another process has been "hooked" into the main loop as a way to extend the functionality of the system, step 995 2036.
  • the Main Processor from time to time, and as triggered by an event or by a timer, or by request from other processes, and if enabled to do so in the configuration file, determines that it is instructed to transmit invalid data packaged as a segment of invalid data, step 2033. It then executes a process to point to a configured amount of invalid data being presented by the Invalid Data Processor as ensured by step 2030. It then presents this invalid data pointer as an Original Data Object (ODO) by
  • the subsequent processing will read invalid data from the Invalid Data Processor, package it for transmission, and submit it to the Transmission Pathway Processor queue for transmission in the same manner that a valid data object segment is packaged and submitted for transmission. This action makes it more difficult for an unauthorized accessor to assemble a complete set of valid segments to restore the original object since they do not know if the transmitted invalid segment package is
  • the invalid data package is intended to be indistinguishable from the valid segments packages transmitted by the invention during its operation. To do this, the invalid data transmission process follows the same processes as for valid data transmission described herein, and is processed in a manner identical to a valid object segment. The RCST receiving this packaged invalid data will process it 1010 in the same manner as any other transmitted data object segment as disclosed herein.
  • Figure 22 illustrates one embodiment of the Pattern Processor that calculates the permutations of patterns used to obfuscate, transmit, store, generate invalid data, retrieve and reassemble the original data object.
  • a permutation calculation algorithm calculates the offset of a permutation of a pattern of 1015 obfuscation functions and function value ranges by starting with a base permutation in which the functions are all at the lowest values in their ranges.
  • the permutation table from which the pattern is derived then increments each sequential permutation for the lowest level value field to its maximum value within the range specified as disclosed herein, and then increments the second lowest level value field to its maximum range while re-running the incrementing of the lowest level value field between each new increment of the second lowest level value.
  • the third lowest level 1020 value field is incremented to its maximum range while re-running the full ranges of value fields lower than itself, and so forth, until all of the value fields in the permutation have been incremented through their entire range of values.
  • the permutation offset algorithm can be programmed in a number of ways familiar to those knowledgeable in the art of programming algorithms for permutations.
  • Additional security and privacy can be provided by changing the permutation pattern algorithms in a number of ways that include without limitation changing the functions in the list of functions allowed in the permutation, changing their order of execution, changing the manner of sequencing attributes and values in the value field sequencing (for example, descending instead of ascending), changing the allowed range of values for an obfuscation parameter, and using an algorithm that predictably scrambles the order of the
  • the originating system first determines what type of patterns it will generate, step 2202, and then the number of patterns for each type, step 2204. It then determines the configuration for the source of the patterns, which can include without limitation reading the permutations from a predetermined list of permutations, acquiring the permutations from an external system or user, or by generating random seed values with which to calculate the permutations.
  • the configuration for the source of the patterns can include without limitation reading the permutations from a predetermined list of permutations, acquiring the permutations from an external system or user, or by generating random seed values with which to calculate the permutations.
  • the pattern processor checks to see if there are any types of pattern permutations to generate, step 2208, and if there are in determines the number of those patterns left to generate, step 2212.
  • the processor will calculate the permutations, so it generates two random, or as close to random as possible, values, Step 2214, that will be used to calculate the functions and function input values in a set of permutations that constitute a pattern used for original data object processing. For example, when the invention is invoked to process an original data object for secure storage and transmission, and it will then use this embodiment of the Pattern
  • the values used in the pattern permutation calculation algorithms can be determined by multiple methods, depending on the configuration of the system, including without limitation to automatically generate a random, or as close to random as possible, set of values, to automatically select a set of values from a provided list of values that may or may not be a list of
  • seed values 1060 randomly generated values, to request a set of algorithm input values from an outside source, such as a random number generator connected to a network or an external synchronized number generator, to request the input of a set of values from a system operator, and the like.
  • the set of values, however determined, that are used in the algorithms to calculate the pattern permutation offsets are herein referred to as "seed values”.
  • the Pattern Processor then reads a table of function pointers with function input value ranges for the specific type of pattern being
  • step 2216 1065 processed called the "Pattern Functions Table", step 2216, from which it will determine the set of functions and their input value ranges from which it will calculate the permutation offset to determine a set of functions and value ranges to be used in processing the ODO and its segments. It then determines a first permutation of a Function Set Pattern with value ranges, step 2218, from a permutation of the Pattern Functions Table from the first seed value offset. It then calculates the permutation of the specific values permutation for that Function Set Pattern using the second seed value offset, step 2220. It then assigns the values in the second values
  • the first "seed value” is used as the input to an algorithm that calculates the specific offset of and contents of permutation values 1075 for the ordination of pointers to functions specified in the Pattern Functions Table that determines the processing sequence order, the range of attribute values for, and the enabling or disabling of functions that may be performed by a particular processor method of the invention disclosed herein.
  • the second seed value is used as an input to an algorithm that calculates the permutation offset specifying specific values within the function input value ranges found in the permutation offset calculated by the first permutation algorithm.
  • the second permutation of specific function values will be used as inputs to the functions determined by the first permutation
  • the first algorithm determines the permutation of functions, their processing order, and the input value ranges to be used in a pattern with those functions, step 2218.
  • the second algorithm determines the specific values from the value ranges of the first permutation that will be used in a pattern of functions employed by a processor method in the invention, step 2220.
  • the originating system will execute a program to determine two "seed numbers", step 2214, and use the first 1085 seed value in calculating a first permutation of a set of obfuscation function pointers and use the second seed value in calculating a second permutation of specific input values for the functions determined by the first algorithm's calculation.
  • This pattern of obfuscation functions is herein referred to as an Obfuscation Permutation Pattern, or "OPP"".
  • the system uses the seed number 1090 to calculate a result that acts as a pointer to a position in an algorithmic range of permutations of a set of functions and associated ranges of values.
  • This set of functions and associated ranges of values is defined by a "Pattern Functions Table" an embodiment of which is shown in Figure 64, as provided in the invention that lists data object processing function pointers available for execution by the embodiment of the invention on the originating system.
  • the Pattern Functions Table lists ranges of values that can be used as parameters in the execution of those functions.
  • a row in that table would represent a specification as to which functions are to be performed on the data object, the ranges of values available for each those functions, and the processing sequence order of those functions when used in the process of obfuscating the data object.
  • An "obfuscation pattern" derived from a permutation table will specify an ordination of pointers to functions that perform without limitation compressing the data object including which algorithm will be used (Zip, Tar, Rar, etc.), encrypting the data object 1100 including which encryption algorithm will be used, what key length will be used and how the key will be generated.
  • Any logical operations to be performed on the data object or its segments such as NOT'ing a segment to reverse the values of each of its bits, XOR'ing the object to a defined bit mask, and the like.
  • the permutation can specify that the XOR mask be derived from a password known to a user.
  • the invention provides for specification of a retention period for each stored segment.
  • the "Pattern Functions table” contains pointers to functions and their associated value ranges for the 1110 obfuscation of data objects, their segments, and invalid data. These functions include without limitation Compression Algorithm 1, Compression Algorithm 2, Number and proportion of Segments into which the data object will be divided, 1st Encryption Algorithm, 1st Encryption key range, 2nd Encryption Algorithm, 2nd Encryption key range, 3rd Encryption Algorithm, 3rd Encryption key range, Invalid Nybbles insertion pattern, Invalid Bytes insertion pattern, segments re-ordering pattern, XOR mask, Logical NOT, and the like.
  • obfuscation functions can be included in a Pattern Functions Table that will be known to those familiar with the art of 1115 data obfuscation, such as bit reversal, one time pads, substitution, and others.
  • An important part of the variation in obfuscation patterns is the inclusion and exclusion of specific functions in the pattern.
  • Variation in the Patterns Functions Table produces variations in the pattern permutations used by the system processors, thereby increasing the complexity of the obfuscation and cryptanalysis requirements, thereby making it more difficult for unauthorized accessors to access the original data object.
  • the system then establishes through one of various methods disclosed herein a second "seed number" to calculate an offset in the 1120 second algorithmic table of specific values permutations from the ranges associated with the function permutations calculated in the first permutations table from the "Pattern Functions table".
  • this second calculation will determine the specific value to be used from the range of function input values allowed in the permutation of Pattern Functions determined by the first permutation algorithm.
  • Figure 60 shows a portion of the table for the first permutation of functions, their ordination, and their value ranges from the Pattern Functions Table.
  • the lowest level value field, the Segments Ordering function is incrementing its range of values in the portion of the table shown in this example.
  • Figure 62 shows a portion of the table for the permutations of specific function input values, i.e., the second permutation algorithm, for a particular permutation of function pointers determined by a first permutation algorithm.
  • the "Pattern Functions table” includes without limitation the attribute value ranges and function pointers for computer software functions that perform obfuscation functions including without limitation data compression, XOR masking, encryption with various encryption algorithms, including without limitation AES, RSA, and Triple DES, invalid data generation, and Logical NOT transformation.
  • the first permutation algorithm uses the first seed number to calculate an offset for a permutation of these "Pattern Functions table” function pointers that can be represented as a row in a table as illustrated in Figure 60.
  • step 6002 shows the specified functions and value ranges as calculated by the first permutation algorithm in a partial permutation table with functions reordered by the permutation calculation.
  • the second permutation algorithm will then use the second seed number to calculate the second permutation offset specifying the specific values for the attributes of the first permutation's functions. This combination of functions and values will be used by the
  • the second permutation algorithm uses a second seed value to calculate a permutation offset of input values for the set of functions calculated by the first algorithm, in Figure 62, step 6202.
  • the obfuscation function input values permutation calculated by the second permutation algorithm is assigned to the functions in the first Obfuscation functions permutation, step 2222. It is then presented to and used by other processors in the invention as the
  • this OPP is used by the obfuscation processor to obfuscate a data object in the following manner: Compress the data object with the TAR compression algorithm, do not insert invalid nybbles, insert an invalid byte value after every hexadecimal 31 bytes in the object, then encrypt the object using the RSA encryption algorithm with the encryption key of "0A49FF34", then encrypt the object again using the AES encryption algorithm with the
  • 1150 encryption key of "00115” then transform the encrypted object with an XOR operation using the mask "6AD7”, do not perform a logical NOT transformation, segment the object into 20 segments (hex 14), reorder the segments by positioning after every third segment that segment that is six segments subsequent to it.
  • Other obfuscation functions and actions, as well as other value ranges, as may be devised by those skilled in art of data obfuscation, will be included in other embodiments of the invention.
  • the originating system will similarly calculate permutations of patterns used for the obfuscation of data object segments, the
  • Figure 64 shows other pattern permutation function types for the processors named in this embodiment, and example value ranges for those functions.
  • the functions and value ranges are meant to be exemplary only, and do not imply that in the invention these patterns are limited to performing these specific functions with these specific attribute value ranges.
  • a transmission and storage pattern permutation can specify a series of RCSTs with which the transmitting
  • a transmission and storage pattern permutation will specify how the originating system will encrypt a segment successively with the ordered keys exchanged with the RCSTs that are its intended transmission pathway, or instruct an RCST to initiate an autonomous multi stage encrypted transmission pathway preparation and transmission independently of the originating system, as illustrated in Figure 32.
  • 1165 pattern permutation can also specify the instructions to be embedded with the segments in each successive encryption. These will be the instructions provided to a specific RCST system in the transmission pathway. These instructions can include without limitation instructions to prepare a transmission pathway, retransmit ("relay") the segment to another RCST, to store it in a pre-arranged indexed location (“reservation”) in its storage, or to prepare and transmit other transmission pathway exchanges for a certain count of transmission stages in order to reach an intended storage location that corresponds to the retrieval pattern for a transmitted segment.
  • Pattern Processor then presents to other processors and methods in the invention the Pattern Permutations that it has calculated for the various pattern permutations.
  • Pattern Permutations may be calculated and presented on demand from another process, upon system initialization, during activity lags in the system, or in advance of anticipated system process. In another embodiment, they may optionally be calculated in batches and stored in reference tables to reduce compute time during the processing of an original data object.
  • the Pattern Processor also optionally presents the seed values, the "Pattern Functions table", and other elements used in the calculation of the permutation patterns for recordation by other processes in the original data object, segment, and transmission management records. This allows these other processes and methods to re-calculate the pattern permutations without having to store those permutations to assist in reassembling the original data object.
  • the system then uses a queued transmission pattern to prepare and queue one or more transmission pathways according to the initialization configuration file, Step 2026, or the main loop processing, or during idle cycle process time, step 2036, in order to expedite later transmission of an original data object segments.
  • different processes and processors may require false or invalid data to be inserted into an object, or into an object segment, or to be formed into segments of invalid data and transmitted using various transmission protocols, media, and routings according to the methods of the invention. This is done in order to obfuscate the transmission and storage of valid ODO segments either in transit or at rest. Invalid data uses may include without limitation that the Object processor may request invalid
  • the Segment Processor may request Invalid Data from the Invalid Data Processor for a Segment Tracking Object (STO) to point to during reordering, invalid data insertion, and other obfuscation of the segments, and the Transmission Package Processor may request Invalid Data segments to package and transmit in order to obfuscate which transmitted packets contain valid data from the ODO.
  • STO Segment Tracking Object
  • the Invalid Data is generated and made available to other processes from the Invalid Data Processor.
  • Figure 38 illustrates one
  • this processor first senses a request for Invalid Data, step 3802, and then reads the Invalid Pattern Permutation (IPP) generated by the Pattern Processor which will direct the generation of the Invalid Data, step 3804.
  • IPP Invalid Pattern Permutation
  • the IPP will provide a permutation of a set of functions to generate invalid or random data as specified, as well as specify an amount of Invalid Data to generate.
  • Pattern Functions Table for the IPP may include without limitation functions that generate Invalid Data by stringing together multiple randomly or 1205 pseudo-randomly generated bytes of data, fetching an amount of data from random access memory and then transforming it using a logical operation or other obfuscation methods, using input from sensors or other input devices to generate random data, acquiring intelligible data or content not from the ODO, or other methods of generating unpredictable, non-patterned data as can be devised.
  • the Invalid Data Processor sets up an Invalid Data Object according to the specifications of the IPP, step 3806. It then tests to ascertain if Invalid Data remains to be generated per the IPP, step 3808.
  • the Invalid Data Processor then presents a pointer to the IDO block of invalid data and a length for that block to the requesting process, step 3814.
  • step 3802 When the requesting process completely or nearly uses the content of the IDO, and if it requires more invalid data, that process 1215 will request more Invalid Data from the Invalid Data Processor, step 3802, which will generate another IDO to present to the requesting process, step 3814.
  • the Invalid Data is generated as randomly as possible so that pattern analysis will not reveal that data in transit or at rest conforms to a predictable Invalid Data pattern.
  • the invalid data processor generates invalid data by obfuscating a non-random data object 1220 that contains interpretable content that may convey a meaning that is not from the ODO's contents using the processes disclosed herein.
  • interpretable content may convey a meaning that is not from the ODO's contents using the processes disclosed herein.
  • One of the purposes of this without limitation is to present data to unauthorized accessors the decryption of which can mislead them in a deduction or prediction of the contents of the ODO.
  • the Object Processor
  • the system monitors for the presence of an original 1225 data object pointer in the Object Processor queue specifying an object to be processed according to the invention, Step 2402.
  • Step 2404 When a data object, typically comprised of a binary bitstream but possibly comprised of data blocks, is identified for processing, Step 2404, the system continues processing of the object.
  • the data represented by the object may include textual data such as documents, spreadsheets, credit card, email, SMS texts, financial information, Personally Identifiable Information, Protected Health Information, form submissions, database field values, or 1230 the like; image data such as facsimiles, scans, videos, photos, or the like; or other types of data for which secure transmission and storage is desired.
  • the pointer to the data object to be obfuscated, segmented, and transmitted may be placed into the Object Processor queue by a user action, or in another embodiment the data object may automatically be placed into that queue by another computer program, or by using methods that may be automatic or intentional by a human user, or automatic or intentional by a computer or other processing 1235 system.
  • An example of the latter case is where all the transmissions from a first computer across a network to another computer are to be secured according to the methods described herein.
  • the originating system user double clicks a file icon, executes a file save command from a menu, or drags a file icon into a designated folder, hits save in a computer application, or attaches a data object file to an email, all of which actions result in a pointer to that specific data object being placed into the Object Processor queue.
  • the original data object can be rendered as a "stub" in an operating system interface that will invoke the Retrieval and Reassembly Processors when an action is performed on the stub by a system user, by the occurrence of an event, by an automated process, or the like. If the user or process that the ODO is to be retained on the originating system, then it is not replaced with a stub and is retained.
  • the object processor reads and loads the Obfuscation Pattern Permutation (OPP), step 2406, which provides an ordination of pointers to the obfuscation functions and their input values that will be executed on the original data object.
  • OTP Obfuscation Pattern Permutation
  • the Object Processor then creates an Object Management Record (OMR), step 2408, which it will use to record function pointers, input values, encryption keys, verification hashes, and the like.
  • OMR Object Management Record
  • the OMR will be used after segment retrieval to assist in the reassembly of the ODO.
  • STO Segment Tracking Object
  • the Segment Processor uses the STO to efficiently divide the ODO into segments, reorder and optionally group the segments, and insert invalid data into the ODO and its segments.
  • the system then calculates a digest hash on the data object, step 2412, for verifying the integrity of the reassembled data object.
  • Figure 70 One embodiment of the data definition of the Object Management Record is illustrated in Figure 70. Note that it contains optional pointers to Function and Values Records, the structure of which is shown in Figure 72, which are elements of a list that can hold the
  • the system loops through the functions permutation in the OPP, step 2414, and for each function in the pattern, determines if the function is enabled and is assigned an input value, step 2420, and if so, passes a pointer to the ODO along with the pattern permutation function value to the function pointed to by the permutation function set, step 2422.
  • the pointed to function processes the
  • the data object may be compressed in step 2424.
  • Various compression methods may be used and are well known.
  • the data object may be encrypted in step 2424.
  • Various encryption methods may be used and are well known.
  • the data object may be encrypted one or more times according to the encryption layer
  • FIG. 1270 specification of the OPP in step 2424 An embodiment of this OPP specification is illustrated in Figure 62, step 6202.
  • the data object is encrypted once using a private key of an asymmetric duel key system, as is commonly known to those skilled in the art of encrypting data.
  • encryption methods may be used in an embodiment of the present invention that do not use the method described above, but provide an equivalent encryption capability.
  • Further embodiments of the present invention may use encryption techniques where, as the more valid data from the original data object is not present at time of decryption, the
  • obfuscation methods and functions are executed on the data object as specified by the OPP in step 2424.
  • the OPP can specify the execution of multiple types of obfuscation functions in step 2424 depending on the permutation of functions and values determined by the Pattern Processor. These include without limitation further compression or encryption using the same or other compression and encryption algorithms, inserting invalid data at various locations in the object determined by the
  • the OPP specifies that the object is to be compressed with a TAR compression algorithm, encrypted with a triple-DES multi-layer encryption with the specified keys, that invalid bytes will be inserted from the invalid data queue after every 10 th byte of the data object, and that a logical NOT will be performed on the entire data object.
  • the ODO has been optionally compressed or encrypted, or encrypted in multiple layers, by the Object Processor as illustrated in Figure 24.
  • the ODO is then hashed or digested, the result of which will be recorded in the Object Management Record for later verification purposes by the retrieval and reassembly methods of the invention.
  • the system then mounts an Invalid Data Object (IDO) that is obtained or generated according to the Invalid Permutation Pattern (IPP) which is calculated from 1290 an invalid data permutation algorithm according to the Pattern Processing methods described herein, which can include without limitation generation of the IDO by a sequence of randomly generated numbers, fetching a sequence of bytes from a position in memory, importing intelligible data not from the ODO, or reading a portion of a predetermined string that preexisted in the system.
  • IDO Invalid Data Object
  • IPP Invalid Permutation Pattern
  • Figure 50 illustrates a representation of an Original Data Object (ODO) as it is processed by one instance of the Object Processor and subsequent Segment Processor disclosed below.
  • Step 5002 illustrates in hexadecimal notation a portion of the ODO prior to 1295 processing.
  • the Object Processor then performs functions on this ODO, step 2424, according to the OPP.
  • Step 5004 is a simulated representation of the data object after compression by the TAR compression algorithm as shown in the OPP calculated for this embodiment as shown in the first field of Figure 62, step 6202.
  • Step 5006 in Figure 50 shows a simulated representation of the ODO having been encrypted by the RSA encryption method according to the fifth field in the OPP in step 6202.
  • the functions performed by the Object Processor on the data object are recorded in the 1300 Object Management Record (OMR), step 2428, which provides the record of functions that allows the Reassembly Processor method to reverse the functions of the Object Processor method and restore the data object to its original form.
  • OMR Object Management Record
  • Figure 70 illustrates the database schema used in one embodiment for the Object Management Record.
  • the pattern permutation actions performed on the object are recorded in corresponding pattern Function and Values list records shown in Figure 72, and pointers to those record lists are recorded in fields numbered OMR022, OMR023, and OMR024 as appropriate.
  • the Object Processor when the Object Processor has completed obfuscating the original data object according to the OPP, it inserts a pointer to the processed and segmented original data object into a queue for the Segment Processor and sets a notification flag that a new object is ready for segment processing, Step 2418.
  • Figure 26 illustrates a Segment Processor method in the present embodiment.
  • the Segment Processor determines that there 1310 is a segmented object ready to be processed in its queue, or determines that the new segmented object available flag has been set by the Object Processor, step 2602, it reads and loads the associated OPP, step 2604, Transmission Pattern Permutation (TPP), Step 2606, and STO, Step 2608 .
  • TPP Transmission Pattern Permutation
  • a data object segmenting pattern is determined by reading it from the OPP, step 2610.
  • the segmenting pattern may be generated on the fly, or it may be a predetermined segmenting pattern from a
  • An embodiment of an STO as shown in Figure 56 illustrates that an STO structure contains an array of fields for pointers to data
  • step 5602 object segment locations and lengths within an ODO, an IDO, or another data object, shown in step 5602 showing the segment location, step 5604 showing the segment length, and in combination with step 5612 that specifies in which data object the segment is located.
  • the STO embodiment also provides ordination value fields that allow manipulation of the ordination of the segment pointers for reordering the segments, including invalid or other data object segments.
  • Step 5606 is populated with the ordination of the segment prior to reordering
  • step 5608 is populated with the ordination of the segment after reordering.
  • the STO embodiment in Figure 56 also shows grouping value fields, step 5610, that allow pointers to optionally reordered segments from diverse data objects to be grouped into a specific segment grouping when this field is populated with the same group value.
  • the STO embodiment additionally provides a field as in indicator as to which data object the STO record
  • the STO populates its array of pointers with values pointing to positions in the Original Data Object according to the segmentation specification in the OPP, step 2612, as well as populating pointers with values pointing to positions in a stream of Invalid Data that has been presented by the Invalid Data Processor, step 2614.
  • the OPP may specify that the segments are not of equal length, but of different lengths.
  • the values used as invalid data are returned from a request for invalid data to the Invalid Data Processor in step 2614.
  • the Invalid Data Processor may use a random number to form an invalid data stream, or other methods to form an invalid data stream as herein disclosed, and then return a pointer to the stream of invalid data to any process that requests one.
  • the Segment Processor receives an invalid data stream pointer from the Invalid Data Processor and inserts a length of invalid data into the segment that it is being obfuscated according to the invalid data insertion function specified in the OPP, if such
  • invalid data may be introduced into different locations of the data object and between or within valid data object segments in step 2614 using the STO structure to point to an invalid data object (IDO) as disclosed in greater detail below.
  • IDO invalid data object
  • the location of these invalid data object segments is determined by the OPP's specification for segmenting patterns and the location of invalid data within them.
  • the invalid data inserted into segments may
  • 1345 include data from random data generating algorithms, randomly found data such as an area of Random Access Memory, other intelligible content not from the original data object, or the like, and is also expected that such a step makes it more difficult for unauthorized parties to recover the original data.
  • Figure 50 illustrates a representation of an Original Data Object (ODO) as processed by the invention.
  • ODO Original Data Object
  • the Segment Processor performs segmenting functions on this ODO according to the OPP using the STO in step 2612.
  • Step 5008 illustrates in hexadecimal
  • Step 5010 shows the data object segments reordered by configuration of the ordination fields in the STO pointer structure.
  • Step 5011 shows the presentation of invalid data presented by the Invalid Data Processor, shown as segments numbered 80 through 84.
  • Step 5012 is a representation of the ODO obfuscation with Invalid Data object segments inserted into the ordination of ODO data object segments using the STO as in step 2614.
  • Step 5015 illustrates how the segments can be grouped into data object segment groupings by configuring the values of the
  • Step 5016 in this embodiment shows a grouping of segments numbered as Segment Group 3 which consists of reordered ODO segments numbers 3 and 8, as well as two reordered invalid data object segments numbered 82 and 83.
  • step 5018 illustrates how the individual segments can later be stored in different secure access areas or different storage locations on different RCST systems after transmission.
  • Segment Group 01 as shown in step 5014 has been transmitted to and stored on the RCST 2001 system.
  • step 1360 After the Segment Processor segments the data object into multiple segments according to the OPP, step 1360
  • step 2612 and inserts invalid segments into the STO pointer structure, step 2614, it begins a loop to process each of the data object segments pointed to by the STO, step 2616. During each execution of the loop, it assigns each segment a segment ID as specified in the OPP and creates a Segment Management Record (SMR) associated with this segment, step 2618. It then populates metadata fields in the segment header associated with each segment ID with any instructions that will be embedded and transmitted to the receiving
  • SMR Segment Management Record
  • the SMR embodiment contains optional pointers to Function and Values Records, the structure of which is shown in Figure 72, which are elements of a list that can hold the functions pointers, processing ordination, and input values from the various permutation patterns used in the invention to process the original data object. These can be used instead of re-calculating the pattern permutations for the purpose of
  • the Segment processor then submits the STO pointer to the current segment to the Segment Pattern Permutation Processor loop for further obfuscation and transmission processing by the Segment Processor, Step 2622.
  • the loop determines if any pattern functions remain in the OPP functions to be executed on this segment, step 2622, and if so, the Segment Processor passes the STO segment pointer and the function input values from the OPP to the function pointed to by the pattern function pointer in the OPP, step
  • step 1380 In this stage of this embodiment of the present invention, and depending on the specification of the obfuscation and transmission pattern permutations, specific data object segments from the original data object are processed as individual objects and may be compressed in step 2624. Further, an individual data object segment may be encrypted in step 2624. In this embodiment, all data object segments may be encrypted if that is specified by the OPP. In alternative embodiments, a predetermined number or pattern of data object segments are encrypted, for example, every odd numbered data object segment is encrypted. In another embodiment,
  • every even numbered data object segment can be encrypted with the AES algorithm, while every odd numbered segment is encrypted with the DES algorithm, depending on the pattern specified by the OPP.
  • the type of encryption can vary and multiple encryption schemes can be used, for example, with symmetric keys, with asymmetric keys, with a stream cipher, with a block cipher, and the like. Mixing different encryption algorithms is intended to make cryptanalysis of the segments by unauthorized accessors more difficult.
  • certain data object segments may be encrypted again for further protection in step 2624.
  • Diverse encryption algorithms and diverse key lengths may be used at this stage, i.e., encryption using different levels or types of encryption, different key lengths, and the like. It is expected that such a step makes it more difficult for unauthorized users to recover the original data.
  • the Segment Processor method reads the Transmission Pattern Permutation to determine whether the segments or groups of segments are to be transmitted to another Computer System such as an RCST system, or the
  • 1395 groups are to be stored in local storage or memory, or if they are to be transmitted with an FTP, HTTP, or other protocol, or if there is to be a time lag in the transmission of the segment, and other types of transmission specifications as can be contained in the TPP.
  • the transmission instruction is processed and applied to the data object segment, step 2626.
  • the system then reads the associated Segment Tracking Object (STO) structure that was created in step 2410 and loaded in step 2608.
  • STO structure contains a sequence of pointers that point to both the ODO and the IDO. They are populated with values
  • Obfuscation Pattern Permutation (OPP) that specify the length, order, position, and grouping of the data object segments for packaging, transmission, and storage.
  • OPP Obfuscation Pattern Permutation
  • the values of the fields in the records of the STO will define the group, order, positions and lengths of valid segments of the original data object and invalid segments of the IDO as they will be packaged and transmitted to the RCST units with embedded instructions, values and addressing.
  • the processing of the STO and its pointers provide for insertion of invalid data into and reordering of the original data object segments, as well as other further obfuscation of the
  • the method reads the OPP to determine the number of segments into which the original data object will be divided.
  • the OPP segmenting function and value may specify that the data object be segmented into a set number of segments, such as 32 segments, with each segment being of equal proportion while the last segment includes the remainder, or modulus, or is smaller
  • OPP permutations may specify other ways of segmenting the data object including without limitation to segment the object into a certain number of segments wherein the even number segments are 30% longer than the odd numbered segments, and the like.
  • the first STO record pointer value points to the first byte of the original data object
  • the second STO record pointer value points to the second segment of the original data object, which will begin in the position determined by the length of the
  • the STO records with segment pointers pointing to the ODO are numbered with sequential odd numbers by having their ordination fields populated with sequential odd numbers, which allows the method to logically insert invalid data from an IDO between them by using even number s in the ordination values fields of STO records with segment pointers pointing to inserted invalid data. For example, if the first STO segment pointer which points to byte #1 in the ODO is given an ordination value of #1 in its STO record's ordination field, then the STO record with a pointer that points to the second segment in the ODO is given an
  • the Segment Processor inserts invalid data object segments among the valid data object segments of the ODO by giving even numbered ordination values to STO records that point to the Invalid Data Object (IDO) series of random, predetermined, or found data.
  • IDO Invalid Data Object
  • the STO record structure contains a field that specifies which object each STO record's pointer points to, which can be to the ODO, IDO, or another identified data object.
  • STO pointer structure records also contain a field that specifies the length of the segment to which the STO pointer points.
  • the Segment Processor method will invoke a new record in the STO structure that points to the first available byte in the IDO right after the length of the invalid segment pointed to by the first IDO pointer, which in
  • this embodiment is byte #17 of the IDO, since the first IDO pointer in the STO with an ordination value of #2 started at the first byte of the IDO and is 16 bytes long.
  • the method will ordinate this new pointer as STO pointer #6, thereby logically inserting it between STO pointers #5 and #7, which point to the third and fourth contiguous segments of the ODO.
  • the process has used pointers to logically insert invalid data between the first and second, and the third and fourth contiguous segments of the original data object. In this way, the process did not insert any invalid data between the second and third contiguous segments of the ODO (i.e.,
  • the process can then use the STO to easily and efficiently reorder the segments of the original data object and IDO by simply
  • one group of data object segments includes all even numbered data object segments, and the other group of data object segments includes all the odd numbered data object segments.
  • one group of data object segments includes every fifth data object segment, and the other group of data object segments includes the remaining data object segments.
  • one group of data object segments includes every fourth data object segment, the next group of data object segments
  • a third group includes every fifth segment of the remaining segments, and so forth, until the number of remaining segments is less than the number of segments in the smallest group and they comprise the last segment grouping.
  • one or more invalid data object segments may be intermingled with the data object segments.
  • segment grouping, group number, and ordination of the segment groupings is defined by the OPP and is implemented in
  • the method determines from the OPP for that segment if that segment is intended to be in a group of segments, step 2630. If so, the segment's STO record's group value field is populated with the group identifier from the OPP, step 2632. Segments with the same group value in the STO pointer structure
  • Pointers from the STO to invalid data, processed segments and groups of processed segments are then placed into the Transmission Packaging Processor queue for preparation for transmission and storage, step 2636.
  • the Segment Processor checks if additional segments from the ODO require processing, step 2616. If not, it then checks to see if additional pointers to an ODO or any other data object have been inserted in its processing queue, step 2602. If not, it loops until processor exit or until a new ODO
  • adjacent segments of data objects are reordered within different groups using the STO record grouping value, step 2612. For example, segment one is placed in group one, segment two is placed in group two, segment three is placed in group one, and the like. In another example embodiment, 1 ⁇ 2 segments are placed in group one and the other half of the segments are placed in group two. Further, the ordering of data within segments need not occur in the same order as they
  • the ordering of the data objects may be stored within the segmenting pattern Segment Management Record in step 2634.
  • the Segment Processor method records in the Object Management Record (OMR) the first original ordination, grouping, position, pointed to object, and lengths of the STO before reordering, as well as the ordination, grouping, position, pointed to object, and lengths after reordering. It also records in the OMR the grouping, position, pointed to object, and lengths of the pointers
  • OMR Object Management Record
  • the Segment Management Records store the hash of segments, step 2634 processed by the Segment Processor in step 2628 for later use in verification of the retrieved segments by the Reassembly Processor in step 3606.
  • any of the details of the segmenting of the original data object into discrete segments, reordering of those segments, encryption of those segments, insertion of invalid data into those segments, and the like, may be stored in the SMR, step 2634.
  • the Reassembly Processor will join segments retrieved segments with associated Object
  • the Reassembly Processor will also ignore any segment data pointed to by STO record's object-pointed-to fields indicating that the record points to a non-ODO data object, including IDO invalid data.
  • the Reassembly Processor will then output the retrieved valid ODO segments in the original order of the ODO as specified by the record of the pre-reordering ordination of the STO pointers that point only to the original data object
  • the output object is then verified by the hash calculated from the ODO prior to segmentation and stored in the OMR. If the output object is verified as the authentic processed original data object, it is then passed to the decryption and compression algorithms specified in the OMR or OPP as those originally used to obfuscate the ODO for reversal of the obfuscation processes.
  • the invention can obfuscate, segment, reorder, group, and transmit the data object and its segments to
  • This method provides for efficient use of time due to simultaneous multi-tasking of the processes of retrieving and reassembling the original data object without requiring all of the data object segments to be retrieved and verified before reassembly of the entire original data object can commence.
  • Each original data object "section” can be restored while other segments of other "sections” are being retrieved and processed, allowing for an efficient “joining” of restored "sections" of the
  • This embodiment also provides for partial restoration or reassembly of an original data object in the event that some valid segments of the original data object are not retrievable or restorable.
  • different patterns can be used for obfuscation, invalid data, transmission, storage, and retrieval for the segments of different "sections" of the original data object, thereby increasing the difficulty of restoring the original data object by brute force or other cryptanalytic methods.
  • the Segment Processor submits the processed segment to the Transmission Package Processor, an embodiment of which is illustrated in Figure 28.
  • the Transmission Package Processor :
  • the Transmission Package Processor detects the presence of a pointer to a data object segment in its processing queue, step 2802.
  • step 2804. It then identifies and verifies the segment to prepare it for processing, step 2804. It then loads the SMR for this segment created in step 2618 to read transmission packaging and processing instructions and to write processing results, step 2806. It then reads the Transmission Pattern Permutation (TPP) to determine how to format and package this segment for transmission or for local storage, step 2808. The method then reads the associated STO, step 2810, to determine the ordination, groupings, lengths, and invalid data inclusion in the segment to be packaged for transmission or prepared for local storage, step 2812.
  • TPP Transmission Pattern Permutation
  • the Transmission Package Processor then passes the pointer segment to the Transmission Package Processing Loop, step 2814. If the loop control determines that a function remains to be executed in the TPP function list, it passes STO pointers to the segment or segment group including invalid data and function input values from the SMR to the function pointed to in the TPP, step 2816. The function then processes the segment, step 2818, and then returns control to the loop control, step 2814.
  • the functions that process the segment according to the TPP in step 2818 are well known to those familiar with data processing and are not shown.
  • a Transmission Pathway Processor separately prepares one or more data transmission pathways by negotiating transmission keys and storage locations with one or more RCST systems, as described below in greater detail.
  • the results of the transmission pathway preparation are stored in one or more Transmission Pathway Records (TPR) which are presented on the transmission pathway presentation queue.
  • TPR Transmission Pathway Records
  • the TR structure specifies the receiving system's identifiers, addressing, secure area access method and credentials, the transmission encryption key, transmission protocol, storage protocol, storage location indexing,
  • the Transmission Package Processor queries Transmission Pathway Records and retrieves RCST identifiers, access credentials, addressing, encryption keys and storage location information for the RCST systems on the transmission pathway that the Transmission Pathway Processor has prepared. If a transmission pathway is not prepared, the Transmission Package Processor invokes the Transmission Pathway Processor which then prepares a pathway, prepares the TPR queue, and presents it to the Transmission Package Processor, as disclosed in detail below.
  • the Transmission Package Processor queries Transmission Pathway Records and retrieves RCST identifiers, access credentials, addressing, encryption keys and storage location information for the RCST systems on the transmission pathway that the Transmission Pathway Processor has prepared. If a transmission pathway is not prepared, the Transmission Package Processor invokes the Transmission Pathway Processor which then prepares a pathway, prepares the TPR queue, and presents it to the Transmission Package Processor, as disclosed in detail below.
  • Transmission Pathway Processor uses the TPR queue to provide addressing, encryption keys, ordination, and identifiers for all of the known RCST systems in the prepared transmission pathway for a particular segment or segment grouping.
  • a segment can be transmitted along any prepared transmission pathway as long as the segment is stored along the pathway to allow for retrieval of the segment by a Retrieval Processor.
  • the Transmission Package Processor records and inserts into the associated Segment Management Record (SMR) the transmission packaging and transmission attributes it receives from the Transmission Pathway
  • SMR Segment Management Record
  • Figure 74 illustrates the database schema used in one embodiment for the Segment Management Record.
  • the TPP actions performed on the segment are optionally recorded in corresponding pattern Function and Values records list, Figure 74, pointed to by the pointer value in the field numbered SMR032, as appropriate.
  • the Transmission Package Processor begins the following
  • the Transmission Package Processor will embed transmission and processing instructions and metadata for the segment or segment group for the receiving RCST or other receiving systems as specified by the TPP, step 2822. It will then encrypt the segment for transmission, step 2824, using the specific encryption key in the TPR that was pre-negotiated with the RCST on that stage of the transmission pathway by the Transmission Pathway Processor.
  • the Transmission Package Processor executes the transmission encryption loop, step 2820, to encrypt the segment, its identifiers, and embedded instructions in the sequence corresponding to the reverse order of the stages of the transmission pathway to allow for sequential decryption and processing along the prepared transmission pathway as described herein. It encrypts the object segment in successive layers of encryption, beginning with the key exchanged with the last RCST in the transmission pathway. It then encrypts the object segment with successive layers of encryption key in reverse order of the order of the sequence RCST systems in the
  • the first receiving RCST system which is the last encryption key used to encrypt the object segment package, will be able to decrypt the object segment and transmit it to the second RCST system, which will in turn decrypt the segment with the specific key it exchanged with the Transmission Pathway Processor, and transmit it to the third who will use its exchanged key to decrypt the segment, and so forth, until the end of the transmission pathway is reached.
  • the first receiving RCST is instructed to use its own instance of a Transmission Pathway Processor
  • the Transmission Package Processor reads from the TPP a specification to embed instructions to
  • the Transmission Package Processor enters the transmission encryption loop, step 2820, that will encrypt the segment, embed instructions and metadata that will allow each successive RCST system in the transmission pathway prepared by the
  • first RCST system to decrypt the segment, read the instructions, and transmit the segment to the next RCST system in the pathway until it reaches the fifth RCST system designated by the originating system.
  • This fifth RCST system will store its version of the transmitted segment for the time period specified in the retention metadata for the segment, and the RCST identifier and addressing, storage location, access credentials, encryption keys, and other retrieval metadata will match a retrieval pattern used by a Retrieval Processor to retrieve this segment for the purpose of reassembling the original data object.
  • the Transmission Package Processor processes the segment in a five stage programmatic loop at step 2820 using a LIFO data "get" of the TPR pathway metadata that in each pass performs the following functions with the segment:
  • the embedding process will embed the RCST key for this stage of the transmission pathway and append the 1590 instruction to store and transmit this segment to the RCST system ID and addressing embedded in the transmit instruction, which is the RCST system subsequent to this one in transmission pathway sequence that was previously negotiated by the Transmission Pathway Processor. It will also embed an instruction to the receiving RCST to transmit the segment in a transmission protocol specified by the TPP, and into which the receiving RCST will transform the segment protocol packaging if it does not match the protocol in which the RCST received the segment.
  • the Transmission Package Processor may embed an instruction for the
  • RCST system to store the segment for 15 days, at the expiration of which the instruction will specify it to transmit the segment to another specific RCST system to retain the segment for 30 days, and so forth, in a pattern of segment migration that ensures that a segment will not be stored in the same secure access area as another segment from the same data object, or in another embodiment, no more than three segments from the same data object would be stored in the same secure access area, or similar constraints that will
  • the migration of transmitted segments can happen with any frequency specified by the TPP, including segments from the same data object that migrate at differing time intervals.
  • the first transmitted segment will migrate from its receiving RCST to another specified RCST after 45 minutes, then again after 2 hours, then again after 5 minutes, then again after three days, and so forth.
  • the second transmitted segment will migrate from its receiving RCST to another specified RCST after 15 minutes, then
  • This migration of the segment can synchronize with a changing retrieval pattern to allow the segment to not remain at rest in a specific location for a specific period of time, and still be able to be retrieved at any time by a co-ordinated retrieval process using a co-ordinated retrieval pattern permutation.
  • This process of continuous migration to changing and differing secure storage access areas in coordination with a synchronized changing retrieval pattern makes it more difficult for unauthorized accessors to collect segments from an original data object as the
  • 1610 segment may have migrated before they can gain unauthorized access to its secure storage area.
  • an embedded instruction could instruct the receiving RCST to not store the segment but to immediately transmit it (relay) to another specific RCST system.
  • an embedded instruction could instruct the receiving RCST to prepare a transmission pathway with one or more unspecified RCST systems to reach a final target RCST storage location where it can be stored separately from other segments from the same data object, and to then prepare the segment with the exchanged
  • the 1615 keys, embed instructions for the next RCST receiving the segment, and transmit the segment to the next RCST system in the transmission pathway that it has prepared, and so forth.
  • the embedded instruction could command the RCST to encrypt and then repackage the segment in another different transmission protocol format, such as from an NNTP protocol to an FTP protocol, prior to transmitting the segment to a subsequent receiving system.
  • the Transmission Package Processor then formats and wraps the segment and its metadata in
  • TPP Transmission Pattern Permutation
  • the Processor then appends any transmission delay instructions in the TPP, step 2826, as well as any specific transmission addressing or protocol metadata, step 2828, to the segment package for use by the Transmission Pathway Processor's subsequent transmission process, shown in Figure 3, and in other embodiments in Figures 40 and 42.
  • the Transmission Package Processor determines how the groups of data object segments are to be
  • the TPP instructs the Transmission Package Processor to append routing metadata to the segment package for routing according to the TPP.
  • routing metadata include without limitation the type of transmission socket to be used among TCP, UDP, or others that may be devised, what specific IP address or Universal Resource Locator to embed as the target receiving system, what source address to embed in the packet header, and whether to use a packet or non-packet routing method and media.
  • non -packet routing media may comprise central office telephone networks including modems,
  • the Transmission Package Processor then populates the SMR, step 2830, with the data and metadata used to package the segment for transmission as herein disclosed.
  • the Transmission Package Processor then inserts the processed and packaged segment into the Transmission Pathway Processor queue and sets the "segment ready to transmit" flag, Step 2832, to notify the Transmission Pathway Processor that processed and packaged segments are ready to be transmitted.
  • Figure 5 illustrates an embodiment of the present invention wherein the
  • Transmission Package Processor executes a process to instruct the segment to be stored in a secure access area separate from segments from the same Original Data Object (ODO). It determines from the TPP that data object segments are stored in diverse, separate secure access areas and storage resources. Initially, data object segments are placed in the Storage Processing area of the Transmission Package Processor, step 510. Next, the data object segments are validated, step 512. In the present embodiment, the data
  • the method retrieves a storage pattern for this data sequence from the TPP, step 514.
  • These storage patterns are typically recorded in the Object Management and Segment Management Records.
  • the storage patterns include specifications for storing the data object segments.
  • the Transmission Packaging Processor determines from the TPP if the segments should be stored in diverse devices or locations, step 516. If the TPP specifies storage in diverse devices and
  • the Transmission Packaging Processor method writes the instructions to store the segments in diverse locations into the segment's package metadata, step 518, according to the TPP.
  • the present embodiment determines whether the data object segments should be stored in diverse system access areas, step 520. This is typically specified by the TPP, and can designate local separate secure access areas that do not require transmission of the segment, or to remote storage on receiving systems that does require transmission of the segment. The method then writes the separate
  • 1650 secure access storage instructions into the segment package metadata, step 522.
  • FIG. 2 illustrates a flow diagram of this embodiment.
  • a segments or segment grouping is inserted into the Transmission Package Processor queue, step 210.
  • a transmission pattern is then determined by reading the TPP, step 212.
  • the transmission pattern is used to determine how the groups of data object segments are conditioned and then eventually transmitted, as will be illustrated below.
  • the TPP can be read from a file of pre-determined
  • transmission parameters for each segment are set to the configured default values, step 214.
  • default transmission metadata allows groups of segments to be dispersed and dissociate from other groups during transmission and storage.
  • Some transmission parameters which may be adjusted by the TPP may include without limitation the transmission media, the time intervals between the transmission of the separate segments, ordering of data object
  • authentication metadata techniques may include a PKI digital
  • transmission parameters for each segment is set according to the pattern specified in the Transmission Pattern Permutation (TPP), as illustrated in the following steps.
  • TPP Transmission Pattern Permutation
  • step 216 it is determined whether the separate and distinct segment or segment grouping is to be transmitted using diverse transmission media channels. If so, the Transmission Package Processor sets the segment package transmission
  • step 218 to instruct the Transmission Pathway Processor, which will subsequently transmit the segment, to determine the best available diverse transmission media over which to transmit the segment to the receiving system designated in the segment package metadata.
  • media types include transmission over packet based digital networks, such as the Internet, central office telephone switching circuitry, wireless digital transmission using cellular frequencies, and the like.
  • other groups of data object segments may be stored in a physical format, including digital storage media, such as tapes,
  • Such an embodiment requires an unauthorized accessor of the data to monitor many types of media simultaneously in order to capture all groups of data object segments to recover the original data object. For example, the requirement of monitoring many types of transmission media resources is expected to exceed the capability of most unauthorized accessors, limiting unauthorized users' ability to recover the original data object.
  • the method determines how the transmission pattern permutation (TPP) specifies how the segments will be transmitted to different addresses at different receiving systems, step 220.
  • the TPP specifies, for example, whether one valid or invalid data object segment will be transmitted to a network address and another valid or invalid data object segment will be transmitted to a second network address.
  • the TPP further specifies, for example, whether one valid or invalid segment will be transmitted using a network source address other than the address of the system transmitting the segment.
  • the Transmission Package Processor sets the segment package transmission addressing metadata according to the TPP, step 222. It sets the metadata to instruct the Transmission Pathway Processor to transmit the segment to the specified addressing values.
  • the method forces unauthorized accessors to know the range of addresses to which these segments or groupings of segments will be transmitted, thereby limiting techniques using addressing information to associate and then acquire data packets and data object segments in transit.
  • the method determines whether segment or segment grouping is to be transmitted over varying time intervals, step 224. If so, the Transmission Package Processor sets the segment package transmission metadata to instruct the Transmission Pathway Processor to transmit the segment after a time delay specified in the TPP, step 226.
  • the method determines whether segment or segment grouping is to be transmitted via predetermined routing, step 228. If so, the Transmission Package Processor determines the transmission routings from the TPP and sets the segment metadata for transmission via the specific routing, step 230.
  • the predetermined routing may be connected to a router on a first ISP that is coupled to a backbone network infrastructure element that is different from the backbone network infrastructure coupled to a second ISP to which other routers in the system are connected.
  • This embodiment enables the Transmission Package Processor to instruct the Transmission Pathway Processor to transmit different segments from the same ODO over separate and distinct transmission backbones, or instruct the Transmission Pathway Processor to transmit different segments from the same ODO over different predetermined routings.
  • unauthorized accessors are forced to monitor data traffic on multiple network backbones simultaneously and across multiple transmission protocols in order to capture all of the data object segments derived from a data object.
  • source and destination addressing for a specific segment is also used to establish routing paths that are specific and distinct to a particular network service provider or data carrier for transmitting the packets of a data object segment.
  • This can be accomplished using Strict Source Routing (SSR) or Loose Source Routing (LSR) information in the data packet header metadata.
  • SSR Strict Source Routing
  • LSR Loose Source Routing
  • the source and destination addresses of the data packet are both contained in the address space of the service provider or data carrier, the packets typically stay on that provider's network with higher predictability. This is typically because providers tend to route packets on their own carrier infrastructure to avoid charges resulting from switching packets on to other carriers' infrastructures.
  • the source address specified in the packet header or datagram header for the transmission protocol can represent the address for a system other than the transmitting system. This can be used within a network of transmission, storage, and retrieval systems to further obfuscate the transmission of data object segments.
  • the source address specified by the transmitting system can be the address of another system which is programmed to receive datagram and transmission protocol acknowledgement and verification responses
  • the method determines from the TPP whether a specific information transfer protocol will be used for diverse data object segments, step 232. If so, the Transmission Package Processor determines the transmission protocol from the TPP and sets the segment metadata for transmission via the specific protocol, step 234. The Transmission Package Processor then further packages the segment by processing it to conform with the requirements of transmitting it via the TPP specified transmission protocol, step 236.
  • Types of well known data transfer protocols include FTP, HTTP, SMTP, SMS, MMS, NNTP, and the like.
  • the ability of the system to specify proprietary transfer protocols known to the receiving system is also envisioned. Using diverse protocols to transmit data objects, requires that unauthorized accessors monitor and capture multiple protocol transmissions from a data source, thereby increasing the cost and effort in doing so.
  • transmission capabilities include without limitation protocols that have notice and retrieval messaging and
  • the originating system is able to request that a receiving system retrieve a segment from a separate protocol server, as in step 242.
  • This allows the originating system to confirm that the receiving system received some data and also controls the receiving systems' access to the remaining data.
  • the originating system can send to an RCST an encrypted and embedded HTTP formatted instruction that will allow the receiving RCST system to retrieve a data object segment for storage or transmission purposes from a system acting as a "web server" or http processing resource.
  • This http resource could be the originating
  • step 242 it is determined whether a segment specified by the TPP is to be transmitted from a different transmission system, step 242.
  • the intermediary system transfer information specified by the TPP is written into the
  • Metadata associated with a segment step 244.
  • some or all of the data can be transferred via a virtual private network, dedicated data line, or other privacy enhanced transmission medium, to another transmission system which in turn sends the segment to the receiving system.
  • the originating systems when the originating systems has prepared for transmission one or more segments or groups of segments, they're stored in memory accessed as the Transmission Pathway Processor's transmission queue, step 246.
  • the Transmission Pathway Processor prepares an "announcement" or transmission negotiating object, step 248, which typically comprises Metadata for 1755 the subsequent data transmission that has been encrypted and digitally signed, step 250.
  • the negotiating object is subsequently transmitted to the intended receiving system.
  • the Transmission Pathway Processor has already negotiated a secure transmission to the receiving system and placed the secure transmission metadata in the Transmission Pathway queue. In this case, the transmitting system will use the pre-negotiated transmission metadata instead of the sending a negotiation object to the receiving system.
  • the Transmission Pathway Processor's two main functions are to prepare secure transmission pathways for segment transmission, and to securely transmit segments over those pathways.
  • This method manages activity with the diverse transmission media over which the invention transmits data object segments, as well as the logistical interactions required by the diverse transmission protocols with which the invention transmits data object segments.
  • the Transmission Pathway Processor prepares a transmission pathway with four RCST systems in a sequence
  • the Transmission Pathway Processor negotiates an exchanged symmetrical or other type of encryption key and a storage location index reservation with each RCST system in the transmission pathway sequence according to a TPP. It reserves the storage locations on these RCST systems for a retention period, for example for three hours, at each RCST in the sequence. The RCST system granting the storage reservation will mark the reserved location as unavailable to other storage operations during the retention period.
  • 1770 negotiated transmission metadata including encryption keys is recorded into related Transmission Pathway Records, which are placed into a transmission pathway record queue and marked as a transmission pathway of four RCST stages with the transmission keys and metadata controlled by and known to the originating system.
  • the Transmission Package Processor places a pointer to a segment into the Transmission pathway Processor queue, step 2832. That segment that has typically been encrypted by the Transmission Package Processor in multiple encryption layers, steps 2820 to
  • the segment pointed to in the Transmission Pathway queue may contain valid data, or it may contain invalid data, or a combination thereof.
  • the Transmission Pathway Processor then transmits the encrypted segment to the first destination receiving system in the transmission pathway identified in the segment packaging, typically an RCST system. It will transmit that segment over a
  • the first RCST system Upon successfully receiving the segment transmission, the first RCST system will decrypt the encrypted segment with the previously exchanged key that was the last key used by the Transmission Package Processor in step 2824. The first RCST will then parse the segment package, and execute the embedded instructions. If so instructed, it will then relay the encrypted object to the second RCST in the transmission pathway, which will then decrypt it with the key that the originating system previously
  • the receiving RCST systems decrypt the segment with the keys exchanged with the originating system, and then process the segment according to the instruction embedded in the segment.
  • Each RCST will execute a storage process on the received segment if the embedded instruction so specifies, regardless of whether or not it is the final stage in the segment transmission pathway. This allows each originating system, or any system that has the retrieval patter permutation and encryption keys corresponding to the 1795 storage location of the segment, to be able to retrieve the segment from any RCST storing it, and subsequently decrypt it using the exchanged encryption keys.
  • Each RCST along the transmission pathway in accordance with the instructions embedded with the segment, may or may not store the received segment in a location on that RCST.
  • the TPP used by the Segment Packaging Processor may present instructions that instruct certain RCSTs in the transmission sequence to store the segment it receives with certain retrieval pattern metadata.
  • Segments stored on RCST systems may be retrieved by any system using the associated retrieval pattern permutation and be used to reassemble the original data object.
  • the originating system, or another system or device can retrieve the segments, along with invalid segments for obfuscation, and reconstruct the object by reversing the obfuscation and segment reordering pattern as recorded in the object and segment management records.
  • the Transmission Pathway Processor transmits the queued segments as specified by the TPP to the RCSTs over various diverse and separate transmission media that are available to the transmitting system as disclosed herein. It transmits the queued segments in the various communications protocols in which the segments are packaged, that include without limitation TCP/IP packet messaging, UDP packet messaging, HTTP messaging, FTP, NNTP messaging, and the like. It also transmits the queued segments according to the time delay specifications embedded in the segment package metadata.
  • each RCST in a transmission pathway autonomously negotiates an encryption key exchange, TPP and a storage location reservation directly and independently with the next RCST in the
  • the originating system does not negotiate transmission keys, metadata, and the like with each RCST in the pathway, but instead with the first RCST in the pathway and optionally with specific other RCST systems in the transmission pathway.
  • Some RCST systems in the pathway may have established a Virtual Private Network or already have exchanged encryption keys and thereby may not need to establish secure communications, thereby further reducing computational overhead for the RCST systems as well as the originating system. In this way, the computing and bandwidth overhead for pathway preparation is distributed
  • a series of RCSTs each sequentially and independently exchange an encryption key and a transmission pattern, and "reserve" an index to a logical storage location for a transmitted segment prior to receiving the segment.
  • Each RCST can independently determine which RCST to select as the subsequent RCST in the transmission pathway, or have it determined for them by instructions embedded in the received segment or segment grouping.
  • An RCST can also determine the subsequent RCST to it in
  • the originating system instructs the first receiving RCST system to autonomously prepare a transmission pathway with a number of RCST systems specified in a counter in the embedded instructions, in this example, four RCST systems including the first RCST system.
  • the originating system additionally embeds instructions to the first RCST system to
  • step 1830 store the transmitted segment on the third stage of the transmission pathway, at RCST03, using a predetermined encryption key known to the originating system, step 3206, which is embedded in the transmission metadata and encrypted with the key exchanged between the originating system and the first RCST system.
  • the originating system can use the embedded and encrypted key to subsequently retrieve the stored segment from the RCST03 system according to its retrieval pattern permutation, step3256.
  • the RCST's in the transmission pathway themselves perform the transmission pathway
  • the originating system does not negotiate and prepare the transmission pathway with each RCST in the pathway, but delegates that activity to the RCST systems in the pathway.
  • the RCST systems provides privacy and security to the originating system without imposing any pathway negotiation overhead.
  • the computing and bandwidth overhead for establishing a transmission pathway is distributed among the various systems participating in the transmission and storage of encrypted data object segments across the various stages of the transmission pathway.
  • the originating system exchanges an encryption key with a first RCST system, steps
  • the originating system uses that key to encrypt and transmit embedded instructions to the first RCST system, step 3206, that instruct the first system to prepare a four stage transmission pathway, including the first RCST system, and to store a specific transmitted segment on a certain RCST system known to the originating system, as in this example at the third stage in the transmission pathway and specifically at RCST03.
  • the embedded instructions specify the storage location index and encryption key 1850 that the originating system has pre-negotiated with RCST03. This pre-negotiated encryption key can be used for the transmission, storage and retrieval of the segment from RCST03.
  • the key used for the third stage may be referenced from a table of encryption keys previously established with an RCST system, and use specified retrieval metadata that matches the originating system's associated retrieval pattern permutation.
  • the originating system then securely transmits the encrypted instructions to the first RCST system, step 3206, and the first RCST receives it, decrypts it, reads the instruction to set up a 4 stage autonomous transmission pathway with the ensuing segment to be stored at RCST03 in the third stage using the specified key is embedded in the instructions, step 3208.
  • the first RCST system then prepares a transmission pathway by exchanging an encryption key with a second RCST system RCST02, steps 3210 and 3212, which initiates a key exchange sequence across multiple RCST systems controlled by a decrementing
  • the first RCST system then encrypts the instructions and specified encryption key from the originating system with the key it exchanged with RCST02, and transmits them to RCST02, step 3214, which receives and decrypts them, step3216.
  • the decrypted instructions instruct RCST02 to prepare a transmission pathway with RCST03 using the embedded, specified encryption key.
  • the originating system TPP has pre-determined that storing the segment on RCST03 will not allow an amount of segments from the same original data object sufficient to restore that object to be stored in the same secure access area or storage resource on RCST03.
  • 1865 embedded instructions and metadata used for storing the segment on RCST03 correspond to the originating system's retrieval pattern, including encryption keys, storage locations, and the like.
  • RCST02 exchanges the encryption key specified by the originating system in the decrypted metadata with the third RCST in the transmission pathway, RCST03, steps 3218 and3220.
  • the second RCST system RCST02 then sends instructions encrypted with the specified key to RCST03 that instruct RCST03 to prepare a one stage pathway with another RCST system, which
  • RCST03 receives and decrypts, step 3222.
  • RCST03 selects and exchanges an encryption key with a fourth RCST system, RCST04, step 3224.
  • Extending the transmission pathway to a fourth RCST stage is intended to obfuscate the transmission of the data object segment to unauthorized accessors who may attempt to trace a transmission pathway and determine the storage location of a segment that corresponds to a specific retrieval pattern.
  • the RCST systems in the prepared pathway may optionally return to the originating system
  • the 1875 system all of the keys and metadata they have autonomously negotiated, steps 3280 to 3286.
  • the originating system configuration may specify this key return in order to have multiple RCST systems from which it can retrieve the segment for reliability purposes.
  • the originating system then packages and transmits the data object segment to the first RCST system RCSTOl, step 3230, using the key exchanged in step 3202.
  • RCSTOl receives the segment, step 3232, and then decrypts it with the key exchanged in step 3204, and then re-encrypts it with the key exchanged with RCST02 in step 3210, and transmits the segment to RCST02, step 3236.
  • RCST02 receives and stores the segment, and then decrypts with the key exchanged with RCSTOl in step 3212.
  • RCST02 then re-encrypts the segment with encryption key specified by the originating system, packages it, and then transmits it to RCST03 using the specified key, step 3238.
  • RCST03 receives and stores the segment, step 3242. At this point, RCST03 is storing the data object in a location and with an encryption key known to the originating system, which will allow a retrieval pattern known to the originating system to retrieve the data object segment in order to reassemble the Original Data Object.
  • RCST03 then similarly decrypts the segment package with the originating system specified key, re-encrypts it with the key exchanged with RCST04 in step3224, and transmits the segment to RCST04 using that exchanged key, step 3240.
  • RCST04 receives the encrypted segment and stores it, step 3226.
  • the originating system then receives a request for the Original Data Object (ODO), step 3250. It then invokes the Retrieval Processor disclosed in greater detail below, step 3252. The originating system's instance of the Retrieval Processor then retrieves the
  • each of the RCST systems storing the transmitted segment delete the segment after the expiration of a specified retention period, step 3246 by example.
  • This method operates as a transmission pathway since the RCST systems in Figure 32 each in turn receive the segment, decrypt it using the key exchanged with the previous stage in the transmission pathway, execute the embedded instruction, steps 3208, 3216, 3222, and 3226, and encrypt the segment with the key exchanged with the next stage destination RCST system in the transmission pathway. Each RCST then transmits the encrypted segment to the next RCST system in the pathway, steps 3230 and 3232, 3236, 3238, and 3240, until the end of the transmission pathway is reached.
  • certain RCST systems may execute an embedded instruction to exchange keys with and transmit the segment to a specific RCST system that corresponds to the originating system's retrieval pattern, steps 3218 and 3220, so as to allow retrieval of the segment from the specific RCST system by the originating system.
  • the object segment will be transmitted anonymously from RCST system to system, and be available for retrieval at certain RCST system along the transmission pathway as predetermined by the originating system.
  • the RCST systems illustrated in Figure 32 that prepare and execute the transmission pathway between themselves independently of and as instructed by the originating system, will optionally return to the originating system the entire transmission pathway's exchanged keys, the RCST identifiers and addresses for each stage in the pathway, the storage location reservations in the transmission pathway, and other transmission, storage, and retrieval metadata as needed to retrieve the segment from the stages of the transmission pathway.
  • each RCST receiving an object segment transmits back to the RCST preceding it in the pathway the exchanged keys, identifiers, addressing, metadata as disclosed herein, and the storage location negotiated with the RCST subsequent to it.
  • Each RCST system similarly transmits to its precedent RCST all keys and locations transmitted to it by all RCST systems subsequent to it in the transmission pathway, steps 3280, 3282, 3284, until all of the keys and locations in the transmission pathway are securely transmitted to and recorded by the originating system, step 3286.
  • each RCST system obfuscates and transmits back to the system from which it received the object segment the exchanged encryption key, storage location index, and RCST identifier from the subsequent system to which it transmitted the object. These are then sent to the RCST system that preceded that system in the series, and so forth, until all of the exchanged keys, storage locations, and RCST identifiers have been returned to and recorded by the originating system by the first RCST system using the original key exchanged between the originating system and the first RCST system, steps 3280, 3282, 3284, and 3286.
  • This aspect of the invention allows the originating system to know the keys and locations of the object along the transmission pathway, and thereby be able to retrieve the object segment from any system that stored the object during the transmission of the object along the pathway.
  • the RCST's participating in the transmission pathway may or may not transmit the keys and metadata back to the originating system as disclosed herein, depending on the instructions from the originating system. If they do transmit the keys and transmission metadata back to the originating system, the originating system records the encryption keys and other transmission metadata in the segment management record associated with the transmitted segment, step 3286. This allows the originating system to either 1) encrypt each segment or segment grouping in sequential layers that match the order of the key exchanges executed by the series of destination RCSTs prior to transmission by the originating system, or 2) retrieve the segment from any stage on the transmission pathway that returned its key and retrieval metadata to the originating system.
  • the originating system negotiates a key exchange and storage location reservation with a first RCST system, steps 3202 and 3204. It then uses that negotiated key to transmit an encrypted segment 1935 to that first RCST system as well as an obfuscation pattern and a transmission pathway pattern with embedded instructions to establish a transmission pathway, optionally including a counter value, a combination of steps 3206 and 3230. It includes in the pathway preparation instruction a counter which will decrement to count and control the number of further RCST systems that will constitute a transmission pathway.
  • the embedded instruction instructs the first RCST system to negotiate a key exchange and storage reservation with a second RCST system, steps 3210 and 3212.
  • the first RCST system then encrypts the object segment transmitted by the originating system with the key exchanged between the first and second RCST systems.
  • the first RCST system then transmits the encrypted segment to the second RCST system along with a different obfuscation pattern and transmission pathway pattern and with the decremented counter and instructions to transmit the object segment to a third RCST system, a combination of steps 3214 and 3236.
  • the second RCST receives the segment and embedded instructions for the first RCST system, step 3216.
  • the second system then repeats the actions of the first RCST system
  • a number of RCST systems in the transmission pathway that number matching the counter value transmitted by the originating system, have executed the process that occurred between the first and second RCST systems.
  • the originating system thereby knows the locations, encryption keys, and retrieval metadata for only a specific and limited number of RCST systems in the transmission pathway that will correspond to the retrieval pattern for that
  • an RCST system establishes with another RCST system a secure transmission channel, such as a Virtual Private Network, a changeable synchronized pattern of source and destination addressing distributed over multiple packets specified by a pattern permutation, or the like.
  • a first RCST system can include a second RCST system with which it has already established a secure transmission channel. This eliminates the requirement for a key exchange 1955 between the two RCST systems.
  • Figure 3 illustrates a flow diagram according to an embodiment of the present invention.
  • figure 3 illustrates the procedures executed by a Transmission Pathway Processor when 1960 transmitting ODO and invalid segments.
  • transmissions of segments and groups of segments, as well as the negotiating object may be performed by a logical transmission server.
  • the Transmission Pathway Processor determines that a segment or a group of data object segments are ready to be transmitted, step 312, the Transmission Pathway Processor sorts the segments in order of time delay of transmission, placing pointers to the segments that will be transmitted so that the sooner a segment will be 1965 transmitted, the sooner it will be access on the transmit queue, step 314.
  • the Transmission Pathway Processor determines of there are any segments left to transmit on the transmit queue, step 316. If there are no segments left to transmit, the Processor ends operations, step 334. If there are segments left to transmit, the current Processor retrieves the segment, step 318, and then determines if there is a time delay before the transmission of the retrieved segment, step 320. If so, the Transmission Pathway Processor reads the segment package metadata to determine the time interval and 1970 waits for that time to elapse before commencing the transmission sequence, step 322.
  • the Transmission Pathway Processor determines whether the data object segments are to be transmitted from another system, step 324. If so, the segments and groups of segments are subsequently transferred from the other transmission system to the destination RCST system. If so, then it resets the time delay parameter in the object Metadata to zero, since that time is already expired. It then passes the group of data object segments to a transmission processor, step 328 that subsequently transmits the data 1975 securely to another system. In the present embodiment, it is envisioned that the other system will send the segments in a secure manner as described herein, step 332.
  • step 336 If the segment is flagged for transmission on non-packet routing media, step 336, then it is placed in an appropriate memory area, step 338. It is transmitted over non-packet routing media, step 340.
  • the Transmission Pathway Processor determines whether the Transmission Package Processor has
  • this address may be a router that is connected to a first ISP that is coupled to a backbone network infrastructure element that is different from the backbone network infrastructure coupled to a second ISP to which other routers in the system are connected. This embodiment enables the
  • step 316 After a group of data object segments has been sent, the process disclosed above may be repeated for a next group of segments, step 316. If no other groups of segments are available, the process halts, step 334.
  • the Transmission Pathway Processor determines whether segments are to be sent using a specific transfer protocol, step 348. This typically occurs by reading the protocol specification in the segment package. If the group of data
  • the specified protocol's transmission and receiving processes on the originating and destination systems then manage the transfer of data object segments using that protocol.
  • unauthorized accessors are deterred
  • This embodiment also has the advantage of more predictably transferring a data object segment through firewall Security Systems. For example, ports for common protocols are routinely opened on the firewall to allow email, World Wide Web, file transfer protocol traffic, and the like to be shared with their network outside the firewall protected network.
  • the data object segment is transferred securely using the exchanged key and via a specified transfer protocol
  • the sending and receiving systems exchange authentication tokens in the form of digital signatures, and then begin uploading and capturing the data object segments.
  • data When data are sent through the routers with varying source and destination addresses, they may be sent across varying network paths.
  • This embodiment deters unauthorized accessors from acquiring a complete set of data object segments by using packet address analysis. These accessors would be required to know and monitor a broad range of source and destination addresses and protocols to and from which the data objects can be sent, and then be able to monitor and
  • both invalid and valid segments are transmitted across different carriers and transmission media to separate secure access areas so that enough segments from the same data object are not stored in the same access area so as to allow reassembly of the Original Data Object from the group of segments in the same secure access area.
  • two groups of data object segments have been determined, e.g., odd and even, a first group of
  • data object segments may be transmitted across a TCP/IP Network; and the second group of data object segments may be transmitted across a Cellular Network.
  • the first group of data object segments may be transmitted across a specific transmission media, for example, utilizing a first Computer Network backbone
  • the second group of data object segments may be transmitted across a different transmission media, for example, utilizing a second Computer Network backbone.
  • many different types of diverse communication carriers and transmission media can be used.
  • LSRR Loose-Source Routing
  • SSR Strict-Source Routing
  • Figures 9 and 10 illustrate embodiments of the present invention.
  • Figure 9 illustrates that the diverse transmission media and Communications Networks may include computer backbone networks, 928-932, and may include wireless or landline switching networks 960, 962, 968.
  • an ODO transmitted from an ODO may include computer backbone networks, 928-932, and may include wireless or landline switching networks 960, 962, 968.
  • 2020 originating system 910 may be segmented and the segments may be transmitted over multiple transmission networks and to separate storage areas on separate storage resources and in separate secure access areas.
  • a receiving system 950 may receive transmissions from multiple transmission networks, validate the data, and reassemble the data.
  • a receiving RCST system receives the data object segments.
  • a first receiving computer has access to more than one type of communications carriers or
  • a second RCST system remote from the first RCST system has access to one type of communications carrier, receives one of the data object segments, and stores it in secure access area different from the secure access area where is located the first data object segment transmitted to the first RCST system.
  • the first RCST system receives and stores one segment from the original data object and the second RCST system receives and stores a different segment from the same original data object.
  • the Transmission Pathway Processor dials out on a connected analog modem to the receiving system, exchanges authentication and encryption keys and protocols, and then uploads groups of data object segments to the receiving system. Transmitting data in this manner forces unauthorized outsourcers to monitor both central office type phone calls, and the like, as well as multiple packet routing and non-packet routing simultaneously, greatly reducing the possibility that they will capture and analyze a complete set of data object segments.
  • the originating system invokes a non packet routing media transmission process that dials out on a connected modem to the receiving system, exchanges authentication and encryption keys and protocols, and then uploads a data object segment to a receiving system.
  • the originating system invokes a packet routing media transmission process that connects over a network of packet routers to a separate and distinct receiving system, exchanges authentication and encryption keys and protocols, and then uploads a data object segment to that second separate and distinct receiving system.
  • the originating system then continues to invoke multiple types of transmission processes using diverse transmission media, networks, addressing, and protocols to connect to a variety of diverse and separate receiving systems, exchange separate and distinct authentication and encryption keys and protocols with each of them, and then upload separate and distinct segments from the same data object to each separate and distinct receiving system until there are no further data object segments to transmit. Transmitting data in this manner forces unauthorized outsourcers to monitor both central office type phone calls, and the like, as well as multiple packet
  • Figure 4 illustrates a flow diagram of an embodiment of the present invention.
  • figure 4 illustrates the process of the receiving system when receiving the segments transmitted in the previously disclosed processes.
  • the receiving system receives the negotiating object, step 410.
  • the Metadata typically includes a digital signature from the transmitting system, and encrypted information describing the Metadata such as the reserved storage location, the transmission ID of the segment, embedded instructions for the receiving RCST system, and the like.
  • Metadata associated with the data object segments may also be transmitted with the data object segments.
  • the receiving system decrypts
  • the Metadata determines the transmission instructions, step 412, which may include instructions to store the segment, transmit it to another RCST receiving system, or both.
  • the instructions are derived from the TPP which specifies how segments and groups of data object segments are to be transmitted between and stored on the RCST systems.
  • the method then prepares the system to receive the data, step 414.
  • the system initiates applications for receiving the segment in the various ways in which it could receive a data object segment according to the TPP. For example, the
  • receiving system initiates reception servers and hardware for various transmission media, including putting are receiving modem into auto answer or clearing a cellular channel for incoming data transfer calls, and the like.
  • the method then sets time parameters for reception according to the TPP instruction embodied in the instructions embedded in the transmitted segment's metadata, step 416. This is done so the receiving system can timeout the delivery of data and report possible error conditions. If various known protocol interfaces are specified in the TPP, these servers are also
  • protocol interfaces may include without limitation FTP servers, SMTP servers, and HTTP servers, and the like, and other protocols as may be devised, including proprietary protocols.
  • the receiving RCST system enters into a program loop that checks for the presence of data, step 420.
  • Delivery of objects can be terminated either through delivery of a complete dataset of a segment package, through a timeout and subsequent failure of the delivery process for the current group of data object segments, and the like.
  • step 426 the elapsed time is measured against a latency time expected for delivery of the group, step 428.
  • This latency time may also be specified in the instructions embedded in the metadata of the transmitted segment.
  • a request for retransmission of the group is sent to the Transmission Pathway Processor and a retransmission counter is incremented, step 430.
  • the counter is
  • the transmission counter is stored and accessed in a memory, step 432. If the maximum number of allowed retransmissions has been exceeded, then the group of data object segments is considered invalid. In the present example, if the maximum has not been reached, step 434, a retransmission request for the timed-out data is sent to the originating system, step 436. The timeout counter is then reset, step 438.
  • step 426 the segment package is parsed step 440.
  • the data object segment may then be
  • step 450 the integrity of the data object segment is checked, step 452. This step typically includes checking a hash message digest of the data object segment containing the digital signature attached to the data object segment. If the integrity check is successful, step 454, the data object segment is placed into a memory area, step 456. In this embodiment, the delivery pattern record for the group of data object segments is then flagged as delivered, step 458.
  • the receiving or RCST system then executes the instructions parsed in step 440, which can include without limitation to store the segment a specified storage location, to transmit the segment without storing it (relay the segment), reformat the segment package into a different protocol for transmission, decrypt the object with a shared key, re-encrypt the object with a different shared key, delete the segment and transmit an invalid data object segment with the same identifiers, re-obfuscate the segment and migrate it to another RCST system, and the like.
  • step 440 can include without limitation to store the segment a specified storage location, to transmit the segment without storing it (relay the segment), reformat the segment package into a different protocol for transmission, decrypt the object with a shared key, re-encrypt the object with a different shared key, delete the segment and transmit an invalid data object segment with the same identifiers, re-obfuscate the segment and migrate it to another RCST system, and the like.
  • the present embodiment rejects the delivered segment object, step
  • a retransmission request is generated in step 436, described above, if appropriate and so configured in the system.
  • step 434 for example, the maximum number of retransmission attempts is exceeded, a transmission failure is reported to the originating system.
  • the originating system or another transmission system such as an RCST system, subsequently determines whether or not to retry
  • step 464 a delivery failure is optionally written to an application log file, step 466.
  • FIG. 10 illustrates that storage locations for segments and segment groupings may include storage resources and media maintained at a variety of physical locations, for example, via the Internet, 1040, a new local tangible media, 1052-1056, on a controlled access storage area 1046, and the like.
  • Storage and computing resources may be located across political boundaries and at different storage and computing vendors.
  • segments transmitted from an Originating System 1010 may be stored to multiple types and locations of different Storage Media.
  • the Originating System 1010 can act as a retrieval and receiving system and may receive data from a variety of different Storage Media at different storage locations. Once validated, the segments can then be reassembled into the ODO.
  • the transmitted data object segment are stored so that not enough segments from the same data object are stored in the same access area or in the same storage location so as to allow reassembly of the ODO from those segments stored in the same secure access area or storage location. This makes it more difficult for unauthorized accessors to access a collection of segments sufficient to reassemble the original data object since they are required to "hack into” or access multiple secure storage access areas. In another embodiment, no two segments from the same data object are stored in the same secure access area.
  • the segments are stored so that two or more segments from the same data object may be stored in the same access area if the transmission pattern permutation has calculated that they will be sufficiently obfuscated and made anonymous through multiple stages of Transmission Pathway "anonymization" and obfuscation methods so as to make it more difficult to determine that they are from the same original data object. This is makes it so that if an unauthorized accessors gained access to a secure storage access areas it increases the difficulty of determining that these segments are required to reassemble the original data object.
  • Figure 10 also illustrates an alternative embodiment of the present invention wherein the segments are stored in diverse and separate secure access areas, elements 1044 and 1046 without transmitting them to remote storage resources.
  • the Transmission Pathway Processor is used to login into the secure access areas and write or copy the segments into them.
  • figure 10 can illustrate embodiments where, instead of transmission of segmented data across diverse transmission media, transmission paths, and the like, different segments from the same ODO are stored onto diverse logically and physically separate storage media, at diverse media locations, and the like, elements 1040 through 1052.
  • the Storage Media may be at locations within a local disk drive, element 1052, and within controlled access storage area, element 1046.
  • the Storage Media may include tape drives, CD ROMs, printed media, hard drives, solid state drives, thumb drives, and the like. Further, the storage may occur at remote sites, for example, onto remote servers on a local area network, across a wide area network, such as the Internet, or a combination thereof, and the like. Storage Media for segments can also include paper and microfiche if the segment content is rendered as a printable representation of the digital data of the segment.
  • the pattern processor generates a Transmission and Storage Pattern Permutation (TPP) wherein the storage location of the various segments from the same ODO are structured so that only one segment from the same ODO is stored in a specific controlled access or secure access storage area, or that two or more segments are stored in the same secure access area but not of a sufficient number, as determined by a system configuration, to reassemble the ODO.
  • TPP Transmission and Storage Pattern Permutation
  • the segments are replicated for disaster recovery proposes across RCST's located in diverse electrical, communications, geopolitical and commercial environments to provide failover in case of component or vendor failure, or system theft.
  • knowledge of the encryption/obfuscation, transmission, validity, and storage patterns is still required to decipher the original data object.
  • the obfuscation, transmission, retrieval, and invalid data patterns change each time a new original data object is processed due to the pattern permutation processor, further increasing the use of pattern recognition across data object segments for cryptanalysis.
  • the RCST systems in the same manner as with valid segments, exchange encryption keys, transmit invalid segments, receive invalid segments, and store those invalid segments with other RCSTs with which it has exchanged keys to obfuscate the transmission of valid data object segments.
  • the originating system also sends and receives invalid segments during its use of the invention.
  • invalid segments may be stored with valid segments from the same ODO and the same transmission pattern permutation instance in order to further obfuscate and increase the anonymity of the segments, and their associations with each other and the ODO.
  • the invention also provides a TPP attribute for each segment which specifies which level of diversity of transmission medium or which transmission protocol will be used for that segment.
  • This attribute can specify that some segments be sent over the TCP-IP socket if available, others over an HTTP port, an FTP port, over a separate device such as a cellular phone connected to the originating system if available, via a USB port or wireless Bluetooth connection if available, and the like.
  • an RCST in response to an instruction to do so, or upon a pre-specified event, or upon the lapse of a specific time period, an RCST transmits the segment it received to another RCST matching the retrieving system's retrieval pattern and then does
  • an RCST system receives encrypted obfuscation pattern permutations and encrypted transmission and storage pattern permutations from the originating system or another RCST system preceding it in the transmission pathway, so that the RCST systems may themselves use the invention to obfuscate, package, store, transmit, and receive segments with each other and
  • the RCST transmits the segment to another RCST according to a TPP calculated by the RCST system using the permutation calculations methods disclosed herein, and then securely reports the storage locations and encryption keys back to a retrieval system, which may or may not be the originating system.
  • the Transmission Pathway Processor transmits invalid data object segments that are not related to the patterns or content associated to a specific ODO. These unrelated invalid data object segments can be transmitted with different time intervals
  • the invention generates from a Pattern Processor as illustrated in Figure 22, or acquires from another system, or from a predetermined reference, a Retrieval Pattern Permutation ("RPP"). This Retrieval Pattern Permutation will specify from
  • the Retrieval pattern can be the same as the transmission pattern, whereby the originating system will retrieve the segments from the same RCST storage locations and using the same transmission metadata with which they were transmitted. If the Retrieval pattern is different from the transmission pattern, the RCSTs that have received the segments from the originating system TPP will in turn execute instructions embedded in the segments to
  • the originating system employs a retrieval pattern that is different from the transmission pattern.
  • the originating system can transmit data object and invalid segments to a set of storage locations corresponding to a
  • 2185 systems each with its own unique instance, retrieval pattern, retention period, encryption keys, content redaction, access credentials, transmission format, routing attributes, tracking and reporting, and the like. This allows the originating system to track and control multiple retrievals of the segments.
  • Figure 34 illustrates the invention's Retrieval Processor as provided in the present embodiment. It is invoked by a manual or automatic process requesting the retrieval of a set of segments for a specific ODO. The requesting process places a pointer and
  • Step 3402. This requesting process can be invoked by a user clicking on a file pointer object, an automated system attempting to open a file object, a web browser user clicking on a web page link, a Smartphone communication application streaming a telephone voice call, an email client downloading an email rendered as ODO segments, a database retrieving information to populate a data base field, and the like.
  • the Retrieval Processor identifies the requested ODO and gets the records and patterns needed to retrieve its segments, step 3404.
  • This processor determines, by comparing the information in these records and resolving in case of a conflict in favor of the Retrieval Pattern, which may have changed by methods disclosed herein, the required information regarding the RCST system or systems, storage locations, access credentials, encryption keys, protocol packaging, and formatting requirements for retrieving the valid object segments and associated
  • the Retrieval Processor determines which diverse transmission media are available to the retrieving system and also available to the corresponding storage systems, and by which transmission media to retrieve the object segments.
  • the Retrieval Processor then assigns an available and compatible transmission medium to each segment storage location system, Step 3414.
  • the Retrieval processor then checks to make sure there remain segments to retrieve for this ODO, step 3416, and then reads the RPP, step
  • step 3422 for this segment to determine its location, protocol, and other attributes as disclosed herein.
  • the process resolves to the RPP in case of conflict in storage location data.
  • the Retrieval Processor then establishes a connection to the RCST storing the segment or group of segments, step3424, and then transmits a negotiation object to the RCST system holding a stored segment to prepare the retrieval of that segment from that system over that medium, Step 3426 . If the retrieval proves viable, the retrieval processor exchanges or verifies a previously recorded encryption key with the RCST system, encrypts the retrieval request,
  • the RCST storage system transmits the retrieval request to the RCST storage system specifying the identifiers, access credentials, location identifiers, encryption keys, retention instructions, protocol packaging, and transmission format for the transmission of the segment from the RCST storage system to the retrieving system. If the RCST storage system successfully resolves this metadata from the retrieving system it transmits the segment to the retrieving system using the transmission metadata negotiated with the retrieving system, Step 3428.
  • the retrieval processor If the retrieval processor is not able to negotiate or resolve the retrieval of an object or invalid segment from an RCST storage system it will refer to the SMR and then to the RPP to use the retrieval metadata for another storage instance of the object segment or invalid segment that was executed in the transmission pathway. The retrieval processor will then negotiate retrieval of that alternative storage instance of the segment or invalid data using the retrieval metadata associated with that storage instance.
  • Retrieval of each of the data object segments in the SMRs is tracked by the retrieval processor according to the TPP embodied in
  • the SMR to determine when all of the data object segments have arrived.
  • the receiving system references the SMR and then the RPP to determine when and by which transmission methods remaining groups of data object segments are yet to arrive.
  • the retrieval processor If the retrieval processor is not able to retrieve a segment from any storage instance, it examines the SMR to determine if the segment is entirely comprised of invalid data. If it is entirely comprised of invalid data, then the retrieval process will insert into the reassembly queue an invalid segment of the length and format of the irretrievable segment with the in-process object and segment
  • a transmission failure is reported to the originating system, step 462.
  • the originating system or another retrieving system such as an RCST system, subsequently determines whether or not to retry
  • step 464 If the system determines that it will not retry the retrieval, any data received up to that point is deleted, step 464, and then a delivery failure is optionally written to an application log file, step 466.
  • step 426 the segment is then authenticated against the expected delivery pattern record in the Segment Management Records by the retrieval processor, step 448.
  • step 450 the integrity of the data object segment is checked, step 452. This step typically includes checking a hash message digest
  • step 2235 according to the segment hash digest stored in the SMR in step 2634. If the object authentication or integrity check does not succeed in steps 450 and 454, the present embodiment rejects the retrieved segment, step 460, and a retransmission request is generated in step 436, described above, if appropriate.
  • the retrieval processor when the retrieval processor is able to negotiate the retrieval of a segment stored on an RCST storage instance, it receives the transmission of the object segment from the negotiated storage instance RCST system, step 3428. It then
  • the RCST storage system will examine the retention specification for this segment in its storage repository and determine whether or not to store or to delete the object segment.
  • the retention specification can instruct the storage resource to perform various actions including without limitation to destroy the retrieved segment upon successful reassembly of the ODO, after a certain time period has lapsed, or after another specified event has occurred.
  • the object segment metadata can contain instructions on the disposition method
  • the Retrieval Processor then inserts the retrieved object segment into the Reassembly Processor queue and sets a "segment ready to process" flag, step 3432.
  • Figure 6 shows the processes in another embodiment of the Retrieval Processor method to reliably retrieve segments that were stored according to transmission and storage method disclosed herein.
  • the retrieval processor receives a retrieval request for a set of data object segments, step 610.
  • the retrieval process of the method then validates the request, step 612, both for
  • the method retrieves stored data indexed for this object and segment typically stored in the OMR and SMR, step 614, containing specifications without limitation as to the location, device, protocol, encryption key, format and access area in which the data object segments are stored.
  • the method first determines whether the Metadata specifies that the segments are stored in diverse devices or locations, step 616. If this is so specified, the method retrieves location and device storage Metadata for each object segment, step 618, from the SMR. The method then
  • the method 2255 determines whether the Metadata specifies that the object segments are stored in diverse system access areas, step 620. This is typically the case, since the separation of logical and physical storage of segments sufficient in number to reassemble the ODO, as disclosed herein, provides greater security and privacy for the ODO. If this is so specified, the method retrieves system access Metadata for each object segment, step 622. The method then optionally obtains further authentication information, step passwords, PIN, smart card, biometrics, from operators or otherwise, step 626, if such an action conforms to the security model of the entity
  • the method then performs authentication and access procedures to confirm its ability to establish a connection and session with each system access area specified in the storage Metadata record, step 628.
  • the method then begins a program loop that retrieves data object segments according to the storage metadata records' contents. If the segment is stored in a secure access area, the method then logs onto the system access area specified in the first object's Metadata, step 630. If the target access area for the object retrieval is different than the method's current login area, it logs into the new specified
  • the method than accesses the specified location or a device, step 632.
  • the method then retrieves the data object segment from that location or device to a retrieved object processing area.
  • the method verifies the integrity of the data object segment read, step 636.
  • the method determines if all of the data object segments have been retrieved and verified, step 638. If not, the method retrieves data object segments, step 630, until all have been copied to the retrieved object processing area. When this occurs, the method logs off from its current system access area, step 640, places the retrieved object segment or segments into the
  • step 634 "Reassembly Processor queue" in step 634, as also shown in step 3432 in Figure 34, and optionally logs the retrieval into an application log, step 644.
  • the retrieval processor executes multiple retrieval patterns simultaneously while interspersing the retrieval actions of multiple the patterns for purposes of retrieval action obfuscation, with only one of the retrieval patterns executed to retrieve the segments needed for collecting and reassembling the original data object.
  • the retrieval processor negotiates and retrieves from an RCST system invalid data object segments that may or may not have been transmitted with the original transmission of data object segment for a particular data object. This is intended to obfuscate the retrieval of valid data object segments and render the collection of valid data object segments during retrieval more difficult for unauthorized accessors. Segment Migration: In another embodiment of the invention, the retrieval processor instructs an RCST system storing a segment
  • the 2280 in a retrieval location to relocate, or "migrate", one or more of the data object segments from their storage location to another storage location.
  • the segments are relocated to other storage resources typically in response to an event, such as the lapsing of a period of time, a manual segment relocation command, an automated response to a security attack analysis, and the like.
  • Figure 42 illustrates this segment migration method of the invention.
  • the Retrieval processor generates a new retrieval pattern, either through a permutation algorithm as disclosed herein or through other methods, or acquires a new retrieval
  • the Retrieval Processor then sends a request to the Transmission Package Processor to package invalid segments to be transmitted to the RCST systems currently storing segments that correspond to the retrieval pattern locations being migrated from.
  • the new invalid segments are packaged by the Transmission Packing Processor according to the methods disclosed herein with the embedded instructions that instruct the RCST systems storing
  • the segments to migrate and relocate those segments to different RCST systems are instructed to transmit their segments to other RCST storage locations that correspond to a new retrieval pattern known to a retrieving system.
  • a first RCST system currently storing a segment can transmit the segment either directly or through a prepared transmission pathway that is predetermined or is to be prepared autonomously by the receiving RCST system according to the transmission pathway preparation methods disclosed herein.
  • the method has received a TPP for a segment migration specifying a 3 stage pathway with the new corresponding retrieval pattern location at the third stage of the pathway on RCST03.
  • Other combinations of pathways can occur, depending on the migration TPP.
  • a first RCST system RCST 01, which is storing a segment corresponding to a retrieval pattern being migrated from, exchanges encryption keys with the originating system, steps 4202 and 4204.
  • the Transmission Package Processor
  • the embedded migration instructions specify that RCST01 will prepare an autonomous transmission pathway that will store the segment at the third stage on RCST03 with a specified encryption key.
  • RCST01 system receives, decrypts, and parses the received segment package, step 4208. It then reads and executes the embedded
  • RCST01 may prepare an autonomous transmission pathway across other RCST systems as shown in Figure 32, or transmit the migrating segment directly to the newly specified RCST storage system corresponding to the new retrieval pattern.
  • the RCST01 prepares an autonomous transmission pathway across other RCST systems starting with RCST 02 to increase the anonymity of the segment, step 4210 and step 4212.
  • RCST01 then sends encrypted, embedded instructions to RCST02, step 4214,
  • RCST02 which decrypts and reads the instructions to prepare an autonomous transmission pathway to the destination RCST03 system using a specified encryption key, step 4216.
  • RCST02 prepares the transmission pathway with RCST03 using the specified encryption key, steps 4218 and 4220.
  • RCST01 then decrypts the segment with the original key known to the originating system, and then re-encrypts the segment with the key shared with RCST02 in step 4210. RCST01 then transmits the re-encrypted segment to RCST02, step 4236, and deletes or 2315 retains its copy of the segment according to the instructions or the retention specification, step 4246.
  • RCST02 receives the segment from RCST01, decrypts it, and then re-encrypts it with the originating system specified key exchanged with RCST03 as shown.
  • RCST02 then transmits the re-encrypted segment to RCST03, step 4238, which receives and stores the segment for the specified retention period, step 4242, according to the instructions embedded with the transmitted segment metadata.
  • the segment is now stored with a specified encryption key known to the originating system on the RCST03 system corresponding 2320 to the new retrieval pattern.
  • the originating system is now able to receive a request for the related ODO, step 4250, and then retrieve the ODO's segment from this new third RCST03 storage location that corresponds to the new retrieval pattern, steps 4254, 4256 and 4258.
  • This segment migration method in Figure 42 allows the invention to execute migration patterns for data object segments that prevent or make it more difficult for an unauthorized accessor to access the data object segment in case they discover the first retrieval 2325 pattern.
  • the method can migrate some segments of an ODO and not others, and migrate different segments from the same ODO in different frequencies. In this way, the originating system can invalidate and render obsolete and inoperable a first retrieval pattern in response to an event which causes a migration of the segments stored on diverse storage resources, yet still be able to retrieve the segments with a new retrieval pattern after that migration.
  • the system invokes the Reassembly Processor to restore the segment to its original state so that it can be combined with other restored associated segments to restore and recover the original data object. After retrieving a partial or a complete set of valid data object segments, the invention then reassembles the retrieved segments back into the original data object.
  • the reassembly processor reverses the actions of the segment processor to restore retrieved segments to the state they were in
  • the Reassembly Processor reads the Obfuscation Pattern Permutation (OPP) from the Segment Management Record (SMR) to reverse the obfuscations of the reordered segments according to the OPP.
  • OPP Obfuscation Pattern Permutation
  • the reassembly processor processes the retrieved segment in the reverse manner of the obfuscation functions as performed by the Segment processor according to the segment's or object's original OPP.
  • the Reassembly Processor would reverse the obfuscation functions executed on the specified obfuscated segment when it decompresses the obfuscated segment with a TAR compression algorithm, decrypts the segment with a triple-DES multi-layer decryption using the encryption keys specified in the segment management record, rejects and deletes invalid bytes that have been inserted after every 10 th byte of the data object, and reverses a logical NOT performed on the entire data object by performing a complementary logical NOT on the entire data object.
  • the OPP is so structured as to allow groups of segments originally processed into independently obfuscated "sections" to be restored and reassembled without the requirement for a sufficient amount of the segments to be retrieved and their obfuscations reversed to enable reassembly of the entire ODO.
  • the reassembly processor reads the segment ID of a retrieved segment and locates the Segment Management Record (SMR) associated with that segment ID. It then locates and reads the Object Management Record (OMR) associated with that SMR.
  • SMR Segment Management Record
  • OMR Object Management Record
  • the reassembly process uses the located SMR to determine how to reverse the obfuscation processes performed by the Segment Processor on the retrieved segment, as well as to determine the encryption keys, protocol formats, and other transmission attributes of the retrieved segments represented in the SMR's as derived from the TPPs as disclosed herein.
  • the reassembly processor executes algorithms to reverse obfuscations, restore the original order of reordered data object segments according to the functions and values specified by the OPP as recorded in the SMR and the OMR as disclosed herein.
  • the reassembly processor invokes
  • the reassembly processor reads the object management record that contains, or otherwise acquires, the "seed values" and the "Pattern Function table” used to generate the pattern permutations used in the invention.
  • the 2360 processor then invokes the pattern processor to recalculate the obfuscation, transmission, storage, and invalid data patterns used in the processing of the original data object.
  • the reassembly processor uses the results of the pattern processor to restore the retrieved segments and the original data object in lieu of the OMR and SMR's that contain specifications of the obfuscation, transmission, and invalid data performed on the original data object and its segments by the processors described herein.
  • Figure 7 summarizes the reassembly process according to another embodiment of the present invention.
  • the retrieving 2365 system identifies object segments in reassembly area; in step 716, it authenticates the object segment in its queue, and in step 718, determines the object pattern identifier, which will allow it to retrieve the segment's OMR, SMR, OPP, and other pattern data that will be used by the Reassembly Processor to reassemble the ODO in step 722 and beyond.
  • the process then verifies object segment integrity and completeness, in step 720, typically by using the hash digest stored in the SMR. It then retrieves the reassembly patterns for this object segment in step 722 as disclosed herein, in order to perform subsequent functions according to reassembly pattern.
  • the retrieving 2365 system identifies object segments in reassembly area; in step 716, it authenticates the object segment in its queue, and in step 718, determines the object pattern identifier, which will allow it to
  • step 724 it parses segments, in step 726, discards invalid segments, in step 728, decrypts the re-encrypted segments, in step 730, reorders and combines segments into the original data order according to the reassembly patterns and SMR and OMR records.
  • the STO as disclosed herein, is used to ensure that the data object segments are assembled in the order corresponding to their original order in the original data object.
  • step 732 places the reordered and decrypted it in processing area for object restoration and decryption and General Processing.
  • the Reassembly Processor senses a pointer to a retrieved segment in its processing queue, step 3602. It then accesses the Segment Management Record (SMR) for that object, step 3604. It then verifies the integrity and authenticity of the segment, step 3606, using the hash digest and other verification information in the SMR. It then locates and loads the associated pattern permutations that it will need to assemble the Original Data Object (ODO), step 3608, which is recorded from the segment and object Obfuscation Pattern Permutation (OPP).
  • SMR Segment Management Record
  • ODP Original Data Object
  • the segmenting pattern for the ODO may be determined during the reassembly process by recalculating the pattern permutation with original seed values in the pattern processor, read from the associated object management record in a different format than the STO, or may be located in a predetermined segmenting pattern from a library of segmenting patterns, or the like.
  • the OMR contains the specification for the original ordination of the STO pointers before segment
  • the Reassembly Processor locates the Object Management Record (OMR) associated with the SMR and loads the Segment Tracking Object (STO) for this segment's object. It reads the Object Management Record (OMR) to restore the STO, step 3610, that contains the pointer ordination disclosing the reordering of the data object segments and the location and lengths of inserted invalid data.
  • OMR Object Management Record
  • the reassembly processor uses the STO to determine the original order of the data object
  • step 3612 by reading the original values of the pointer ordination in the STO prior to their re-ordering by the Segment Processor. It then determines if the retrieved segment is actually a combined group of segments from the ODO, step 3614. If the retrieved segment is a group of combined ODO segments, this processor parses the segment using the STO, marks the segments as parsed in the present copy of the STO, and reinserts the segments into the Reassembly Processor queue, step 3616, for further processing as individual segments. If the segment is not a group of segments, then this processor examines the STO to determine if
  • the present segment is comprised of invalid data. If it is, the processor marks this segment as completed and invalid in the present copy of the STO, and returns to the queue insertion sensing portion, step 3602, to get another different segment to process in order to not process the present segment and thereby reject it, step 3618.
  • the Reassembly Processor uses the STO to track the position and length of the segments to reconstruct, reconstitute and restore the original data object.
  • the reassembly processor reads the segment ID of a retrieved segment and refers to the pointers in the STO that state the first, pre-reordered location in the original data object of the
  • the Reassembly Processor will use the odd numbered STO pointers in their original numbering and ordination to write out the original data object during the final stages of this processor.
  • the OMR the OMR
  • STO pointer with the original ordination of #1 will point to the first 125 of the original data object.
  • STO segment pointer with original ordination of #3 will point to byte 126 of the original data object
  • STO segment pointer with original ordination of #5 will point to original data object byte 251 (126+125) and so forth.
  • the OPP had specified that the Segment Processor insert invalid data between every other segment of the original data object to further obfuscate the transmitted and stored segments.
  • the Segment Processor invoked pointers in the STO
  • the reassembly process then ignores the locations and lengths of segment data pointed to by even numbered pointers in the STO structure, thereby ignoring the inserted invalid data with a "yes" decision in step 3618.
  • the reassembly processor will output segment data pointed to by the odd
  • the reassembly processor reads the Segment Management Record (SMR), step 3620, to establish the processing functions and their order in which the segments were obfuscated, reordered, had invalid
  • SMR Segment Management Record
  • the Reassembly Processor then passes the pointer in the STO pointer structure pointing to the segment being processed to the obfuscation function being pointed to by the reverse-ordered Obfuscation Pattern Permutation (OPP), step 3622, along with the function input value in the OPP that was generated from the original permutation calculation of the OPP by the Pattern Processor in step 2220.
  • OPP Obfuscation Pattern Permutation
  • This processor then optionally writes out this obfuscation reversal event to a record in the SMR, step 3626, and then determines if there remain in the OPP for this segment any more functions' obfuscations to reverse, step 3628.
  • This loop in the Reassembly Processor continues to process this segment in this manner until all of the OPP's obfuscation processes recorded in the SMR are reversed for this segment. In this way, the segment obfuscation for each
  • the Reassembly Processor determines if a sufficient amount of unobfuscated, valid data object segments have been restored to allow the reassembly of the ODO, step 3630. If not, the processes returns to the insertion queue sensing portion, step 3602, to continue processing retrieved segments that are inserted into the queue. This processor repeats this obfuscation reversal on retrieved
  • the Reassembly Processor will typically wait until all of the segments associated to an ODO ID have been restored to their pre-obfuscation state as entered into the Segment Processing queue in step 2602.
  • the Reassembly Processor when the Reassembly Processor has completed unobfuscating and restoring segments of the data object according to a reversal of the Obfuscation Pattern Permutation (OPP) as represented in the OMR and SMR records, and when an amount of retrieved segments sufficient to reassemble the original data object have been restored, the Reassembly Processor then outputs the retrieved segments in the original order of the original data object as specified by the record of the pre-reordering ordination of the STO pointers that point only to the original data object valid segments and not to the IDO invalid segments, step
  • OTP Obfuscation Pattern Permutation
  • the object output at this point should be the same as the Original Data Object (ODO) after it was processed by the Object Processor and prior to being processed by the Segment Processor.
  • OEO Original Data Object
  • the output of combined and restored segments is the original data object that was output by the Object Processor to the Segment Processor.
  • the ODO is verified in step 3632 against the post Object Processor obfuscation digest hash of the ODO stored in the OMR in step 2416 prior to segmentation. If the output object is verified as the authentic original data object as
  • the Object processor it is then passed to the decryption and compression algorithms specified in the OMR or OPP as those originally used to obfuscate the original data object, step 3634, so as to reverse the obfuscation actions performed on the original data object by the Object Processor.
  • the Reassembly Processor then reverses the obfuscation of the ODO, step 3634, in a similar manner as to how it reversed the obfuscation of retrieved segments, namely by looping through the obfuscation functions and values in reverse order of the Object OPP as recorded in the associated OMR.
  • This unobfuscated ODO is then verified for integrity against the digest hash that was calculated against the ODO before obfuscation and recorded in the OMR in step 2412.
  • the Reassembly Processor reads the obfuscation pattern permutation (OPP) as recorded in the OMR. It then executes algorithms with and on the reordered original data object to reverse the functions and values in the reverse order as performed by the Object Processor as specified by the OMR. If the OMR specifies that the original data object was compressed using a specific algorithm, the Reassembly Processor will decompress the restored original data object using the same algorithm. Various compression methods may be used and are well known. If the OMR specifies that the original data object was encrypted using a certain algorithm, the Reassembly Processor will decrypt the original data object using that same algorithm and using the encryption keys stored in the OMR. The data object may be decrypted one or more times according to the encryption layer specification of the OMR.
  • OTP obfuscation pattern permutation
  • the data object is decrypted using a private key of an asymmetric duel key system, as is commonly known to those skilled in the art of encrypting data.
  • Other obfuscation methods and functions are reversed on the data object by the Reassembly Processor as specified by the OPP in the OMR. These can include without limitation further decompression or decryption using the same or other compression and encryption algorithms, removing invalid data at various locations in the object determined by the invalid data pattern as recorded in the OMR, reversing logical operations such as an XOR or NOT logical operation on the data object or a portion thereof, or reversing other obfuscation processing as may be devised.
  • the OPP specifies that the object is to be decompressed with a TAR compression algorithm, decrypted with a triple-DES multi-layer encryption with the keys specified in the OMR, that invalid bytes will be removed from the original data object after every 10 th byte of the data object, and that a logical NOT will be performed on the entire restored original data object to reverse a prior logical NOT performed on the original data object.
  • the unobfuscated ODO is then verified against a hash of the unobfuscated ODO as stored in the OMR, step 3634, to determine if it is an accurate restoration of the ODO. It uses the hash and digital signature verification values from the OMR to verify the integrity of the output object and its authenticity as the original data object. If the verification is successful, the reassembled ODO is then presented as the ODO to the process that originally requested the ODO, step 3636.
  • the reassembling system can then retain or delete the OMR, SMR, retrieved segments, diverse permutation patterns, transmission Pathway data, and the like according to the data retention parameters in the system configuration. As long as this retrieval and reassembly metadata persists in storage, and the segments persist in storage on the RCST systems, the ODO and its segments can continue to be retrieved and reassembled by any system with access to the metadata.
  • the invention is used as a system and method to communicate data from an originating system to one of more receiving systems or devices, as in a file synchronization system, or as in a data object publishing or communications system.
  • the originating system obfuscates the ODO, segments the ODO, reorders its segments, obfuscates its segments, packages its segments, performs other processes as disclosed herein, and transmits its segments to RCST systems as disclosed herein.
  • the originating system uses a transmission and storage pattern permutation which transmits and stores the segments as disclosed herein to storage locations and secure access areas that correspond to the retrieval pattern on another receiving system which allows the receiving system to retrieve and reassemble the ODO.
  • the originating system communicates to one or more receiving systems the retrieval and reassembly metadata required to retrieve and reassemble the segments of the ODO being communicated or synchronized.
  • This retrieval metadata consists of the OMR and SMR records, encryption keys, and the Retrieval Patterns for the transmitted and stored ODO segments.
  • the originating system can exchange and share this retrieval metadata with the receiving system by using a secure
  • the receiving system will later use the shared retrieval metadata to retrieve, restore, and reassemble the original data object, thereby gaining authorized access to the ODO on a device or system other than the originating system.
  • the originating system executes a transmission and storage pattern that will transmit and store copies of the
  • the originating system determines a transmission and storage pattern that corresponds to the receiving system's retrieval pattern, and builds a transmission pathway with 3 RCST systems, specified as RCST 01, RCST 02, and RCST 03 in the example embodiment in Figure 40. If the originating system does not already have an encryption key for secure transmission, or other secure transmission method, established with one or more of the RCST systems in the transmission and storage pathway, it
  • the originating system then packages an encrypted segment or segment grouping from the ODO being communicated and securely transmits it, step 4010, to the RCST storage system corresponding to that segment, which the RCST storage system receives and stores, step 4012.
  • the segments from the same ODO are now stored separately in secure access areas and in separate storage locations, which greatly increases the effort for an unauthorized accessor to collect enough segments to reassemble the ODO.
  • the receiving system triggers, typically by one of events suggested herein for initiating the retrieval of an ODO, a request for the ODO whose segments were transmitted and stored onto the RCST systems corresponding to the receiving system's retrieval pattern, step 4016.
  • the receiving system then invokes an instance of the Retrieval Processor, step 4018, for the purpose of retrieving the segments for the requested ODO.
  • the Retrieval Processor on the receiving machine then reads and determines the retrieval metadata required to
  • the receiving system determines if it has already established secure transmission with any of the RCST systems from which it will retrieve ODO segments or segment groupings. If it has, it will use that secure transmission method to retrieve the segment until it expires. If it has not, it will establish secure transmissions with the identified RCST system as disclosed
  • the receiving system exchanges asymmetric encryption keys for secure transmission with the three RCST systems storing the identified ODO segments or segment groupings, steps 4022 and 4024.
  • the receiving system After establishing secure transmission with the RCST system, including using diverse transmission media and protocols as disclosed herein, the receiving system negotiates the retrieval of a segment or segment grouping from the corresponding RCST system as specified in its Retrieval Pattern, step 4026. Upon successful retrieval negotiation, the RCST systems will decrypt the ODO
  • step 3432 executes step 3432 to place the segment onto the reassembly queue for its instance of the Reassembly Processor.
  • the receiving system reassembles the ODO, step 4034, per the reassembly Processor method as shown in Figure 36.
  • the receiving system present the ODO to one or more other processes, step 4036, typically the process that triggered the request in step 4016.
  • the originating system securely shares as previously described with one or more receiving systems only the seed values for the pattern processor, the Pattern Functions Table, and any required encryption keys so that the receiving system can use its instance of the Pattern Processor as shown in Figure 22 to independently generate the Obfuscation, Invalid data, Transmission and Storage, and Retrieval Patterns required to retrieve and reassemble the ODO from the RCST systems.
  • the receiving system or systems invoke the pattern processor to generate the Patterns used for retrieval of segments and
  • the receiving systems 2540 their groupings, and uses them to retrieve, restore, and reassemble the original data object as disclosed herein. If the receiving systems have prior knowledge of the "Pattern Functions Table" and other pattern generating metadata used by the originating system to calculate the Pattern Permutations according to the methods disclosed herein, it is not necessary to securely share it with them. If the receiving systems do not have prior knowledge of the Pattern Functions Table and the other pattern generating metadata, the originating system can securely communicate it to them at the same time it securely communicates the permutation seed values, or at
  • the originating system has previously shared or learned an obfuscation pattern, a retrieval pattern, associated encryption keys, and other required retrieval and reassembly metadata already known to the receiving system before the transmission of segmented ODO data.
  • the originating system does not generate Obfuscation and Retrieval
  • a receiving system can securely publish to other systems obfuscation, retrieval, and reassembly patterns, including SMR and OMR records, to which those other instances of the invention can transmit ODO segments as disclosed herein.
  • the receiving system can poll the storage locations specified in the published retrieval pattern for segments transmitted by other systems intended to be retrieved by the receiving system.
  • the receiving system can then retrieve those segments using the published patterns per the method disclosed in Figure 40. This allows for secure "pushed" transmission of data objects
  • the methods disclosed herein can be used in various embodiments of the invention to synchronize information across diverse devices and systems, including without limitation computers, smart phones, tablets, data storage systems, network servers, remote sensors, video cameras, and the like. These communication methods can be used by different systems to securely communicate information between users, systems, applications,
  • the embodiments disclosed below provide a system, method, device, and its software, for protecting the confidentiality and integrity of data transmitted 2570 on a public network, as well as preventing the "hacking" of network nodes and network connected devices that communicate over a public network through a network gateway.
  • a purpose and benefit of these embodiments of the invention is to prevent unauthorized entities from communicating with or hacking into a network node, to authenticate network communications between entities, and to obfuscate messaging content in transit on a network carrier.
  • the invention controls the content and addressing of certain packets on a network carrier. It is implemented as a 2575 standalone dedicated packet transformation and routing device and can also be implemented as software in a computing device.
  • an RCST component of the invention transmits and receives packets between two separate and independent networks according to transmission and obfuscation pattern permutations herein disclosed.
  • the RCST system will only accept packets on a first network that are transmitted or obfuscated in one or more 2580 specific patterns related to one or more nodes on a second network, process them to transform them into specific formats according to pattern permutations associated with the node on a second network, and then transmit them to that node on the second network.
  • the packets for the first network to communicate packets to a specific node on the second network, the packets must be transmitted on the first network in a specific pre-arranged transmission or obfuscation pattern. For example, the packets must be transmitted with a specific packet ordination and addressing pattern to the RCST system which will confirm compliance with the pre-
  • This embodiment provides the benefit that the nodes on a private network do not have a one to one correspondence with a private and public network address, and so cannot be communicated with from the public network or another private network unless the
  • 2590 communicating node knows the pattern by which the address pattern gateway expects to receive the sequence of content spread over multiple differently and unpredictably addressed network packets.
  • the RCST system acts as a filtering, obfuscating and de-obfuscating network switch and gateway that verifies, transforms, and transmits network packets according to the various pattern permutations herein disclosed between two or more network nodes on separate, independent networks.
  • the RCST when the RCST receives packets from a second independent network and transmits an obfuscated version of those packets onto a first independent network, it obfuscates, segments, and distributes the contents of each of the packets transmitted by the originating second network node into multiple diverse packets and assigns to these diverse packets multiple network addresses that the RCST has registered on the first network.
  • the processing of a second network node's single packet into multiple first network packets is executed according to a permutation of a pattern of functions that is intended to make the obfuscated packet very difficult to
  • This varying pattern of obfuscation functions include without limitation segmentation, encryption, bit transformation, invalid data insertion, segment reordering, segment grouping, and multivariate destination and source address assignment.
  • the RCST When the RCST receives and processes packets from a first network to be transmitted onto a second network according to pattern permutations, it receives packets from a first network, analyzes those packets according to their transmission and obfuscation patterns
  • the function patterns used by the invention to changeably segment, obfuscate, assign addresses, transmit, and receive the packets can be determined in various ways, including without limitation using pre-calculated patterns from a database of patterns, patterns embedded into the device at the time of manufacture, patterns shared from another
  • patterns input by a user or system or patterns derived from offsets to tables of pattern permutations.
  • This disclosure will generally refer to patterns derived from offsets to tables of pattern permutations, but other types of patterns could also be used.
  • Packet Segmenting This is the set of parameters specifying how a packet will be segmented into smaller sections including 2615 without limitation the number of segments, length of segments, how short segments will be padded, and how the segments will be ordered, re-ordered, and grouped into the multiple first private network packets.
  • Segment Obfuscation - This is the set of pointers to functions and their input values that specify how the packet segments will be obfuscated when packaged as first network packets.
  • the obfuscation pattern permutation can include or exclude any identified function and provide a specific input value from a range of values as previously disclosed.
  • Obfuscation functions that can be included 2620 in an obfuscation pattern permutation table include without limitation a first encryption method, a first encryption key, a second encryption method, a second encryption key, a flag indicating a logical NOT is applied to the packet segment, a flag and mask value indicating that the mask value will be applied to the packet segment with a logical XOR, where invalid data will be inserted into the segments, and other methods of obfuscating data that are well know to those skilled in the art of obfuscating data.
  • This pattern includes without limitation the set of values that specify how many multiple first network
  • 2625 packets will be used to transmit the segments from an original second network packet, which source addresses will be assigned to the multiple packets from a list of addresses registered by the invention on the first network, which destination addresses will be assigned to the multiple packets from a list of addresses associated to the receiving node's available addresses, what combination of source and destination addressing will be used on which first network packet, the order in which the first network packets will transmitted, and what time delays will be used between transmission of first network packets.
  • Packet Reception - This pattern specifies the addressing, order and timing patterns to which the packets received by the RCST must correspond. If the received packets do not correspond to this Packet Reception pattern within a configurable tolerance, they will be ignored by the RCST and not transformed and transmitted onto the second network, thereby assuring that this instance of the invention is receiving authentic and valid first network packets instead of non-authentic packets from an unauthorized source, such as in a man-in-the-middle attack, for example.
  • the packet reception pattern is generally the inverse of the packet transmission pattern
  • the packets are transmitted over the network using multiple network addresses. They can be transmitted in such a manner as the content is "out of order" from the original order of the packet segments.
  • the receiving computer analyses the packets as they are received to verify that they are being transmitted over multiple addresses, protocols, and time intervals so as to conform to the synchronized transmission pattern with the transmitting network node.
  • the receiving or requesting network node then parses the packets received over diverse network addresses and reassembles, reorders, decrypts, and removes false data from the packets so as to reconstitute the packet content from the original first transmitting network node. It then sends the reconstituted and reassembled packet to a second network node on a different network address.
  • the invention provides high levels of information security when a random number or a pseudo random number is used to specify the pattern calculated as an offset of a pattern permutation table. Because the pattern permutation using this method rarely, if ever, repeat, this allows the invention and its corresponding instances to communicate in a highly unpredictable manner that is not subject to simple pattern analysis.
  • RCST system (9008) is configured to have independent connections to two or more separate independent networks so that it is able to send and receive packets separately on these separate independent networks.
  • the RCST independently registers address on a first private, separate, independent network (9016) and a second private, separate, independent network (9006).
  • the RCST registers an address on the second network by obtaining a network address from that network's DHCP server and providing a
  • the RCST also registers multiple addresses (9010, 9012, and 9014) on a first separate and independent network through a separate network interface means, such as a separate physical Network Interface Card (NIC).
  • the RCST registers a number of network addresses, for example 5 addresses (9010), on the first separate independent network by composing and presenting that number, for example 5, MAC addresses to the first network's Dynamic Host Configuration Protocol (DHCP) server.
  • DHCP Dynamic Host Configuration Protocol
  • the RCST registers multiple addresses on a first network in order to associate a set of first network addresses to a specific second network node (9002 or 9004).
  • the RCST distributes obfuscated segments of each packet from a second network node across multiple new packets it creates for that purpose, and then addresses those new packets with the multiple addresses registered on the first private network that are associated with the second network node that originated the segmented packet.
  • the RCST then transmits the new
  • the RCST maintains a table, as illustrated in Figure 80, that assigns a specific address of a second network node (9004), for example 10.10.10.24 (8007) to a set of multiple routing addresses on the first network (also 8007), which will be used to contain and transmit the obfuscated packet segments only from that specific second network node (9004).
  • OPP Obfuscation Pattern Permutation
  • the public network (9020) where they will be received by a second instance of the invention's RCST system on another network, or another system that can process pattern permutations, at the packets' destination addresses.
  • Those routable addresses that are specifically assigned to multiple first network addresses will be recognized by the second RCST system on another network as the specific addresses associated with a synchronized transmission pattern specific to a transmitting first RCST device which is transmitting the obfuscated packet from a node at the specific second private network address.
  • the first RCST distributes and addresses the obfuscated segments and segment groupings from the second network node's packet across the multiple first network packets using a transmission pattern permutation derived from a Transmission Pattern
  • the RCST (9008) transforms the packet originally transmitted onto the second network into obfuscated multiple differently addressed packets containing obfuscated segments and segment groupings by treating the second network packet as a data object and submitting it to the Object Processor as shown in Figure 24, and subsequently submitting the segments to the Data Object Segment Processor as shown in Figure 26.
  • the resulting obfuscated segments are submitted to the Transmission Package Processor shown in
  • the first private network has a router node (9018) with a network address translation table that is capable of routing private network packets onto a public network such as the Internet (9020).
  • the second private network (9006) does not have a router node that can route packets onto a public network, but this is not a requirement.
  • the RCST transmits packets between nodes on the first and second networks, as well as onto the first network for routing onto a public network. However, the RCST only transforms
  • the second network (9006) is isolated from the first network (9016) but a second network packet's contents are routable on a public network (9020) after transformation by the RCST into multiple first network packets with first network addresses (9014 and 9010).
  • the first network is not programmed, configured, or otherwise able to dispense, assign, route, access, read, transmit to or from, or recognize the network addresses on the second network. This isolates the second network and prevents it
  • the only way for a node on the public or first networks to communicate with a node on the second network is by transmitting
  • the first and second network use non-routable addresses, so they are considered "private" networks.
  • the RCST will transmit packets from the second private network after transforming their format and addressing according to pattern permutations.
  • the RCST (9008), which is connected to and registered on both the first and second private networks (9016 and 9006, respectively), performs this function by segmenting and obfuscating packets from the second private network and their content
  • 2725 payloads into multiple packets, addressing those multiple packets with addresses that the RCST has registered on the first private network (9014 and 9010), and transmitting those packets onto the first private network (9016).
  • the first private network gateway router (9018) then receives these packets, determines if their destination addresses are on the public network (9020), and if so, translates their first private network source addresses into public network routable source addresses, and transmits them onto the public network. In this way the second private network remains isolated from the first private network, but is still able to transmit
  • the RCST system in this embodiment is not transforming and transmitting packets from the second network to the first network as a simple NAT function, but transforming and obfuscating the content of the original second network packet in such as way so as to obfuscate the segmented packet's content distribution across other packets, source and destination addressing, and origin of the packet
  • a NAT function typically just translates a packet's source address from a private network address to a public network address, which is a far simpler functionality than that performed by the RCST.
  • the RCST component of the invention segments, reorders, obfuscates, and groups the contents of each second network packet into multiple packets addressed with corresponding first network addresses associated with a second network node according to pattern permutations also associated with that second network node before
  • Embodiment as an obfuscating filtering gateway between a LAN and a Private VLAN is separately connected to a first and second network as disclosed in the previous embodiment.
  • the second network (9006) is configured as an IEEE 802.1Q compliant Private Virtual Local Area Network (PVLAN).
  • the RCST connection to the second network PVLAN is configured as a Promiscuous Port on the second network PVLAN, and the second network nodes
  • the RCST system's Promiscuous Port is configured as the uplink for these Isolated Ports.
  • This embodiment allows the PVLAN nodes (9002 and 9004) to communicate with the first network (9016) and the public network (9020) through the RCST as disclosed in the previous embodiment, and also guarantees that they will remain isolated from other nodes on the second network as well as other network devices such as switches and routers that are attached to the second
  • a first RCST (9208) connects to a first separate and independent network (9216) and registers multiple addresses on the first network (9210, 9212, and 9214) while also connecting to a second separate and independent network (9204) and registers a network address on the connection to that network (9206).
  • a second RCST connects to a third separate and independent network (9236) by registering multiple addresses (9230, 9232, and 9234) on the third network in the same manner in which the first RCST connected to the first network as disclosed above, while also connecting to a fourth separate and independent network (9226) and registering an address on the fourth network in !he same manner in which the first RCST connected to the second network as disclosed above.
  • the first and third networks on which the first and second RCST's have respectively registered multiple network addresses are able to route packets onto a fifth network (9220), such as the Internet, using routers (9218 and 9238, respectively) thereby connecting their networks to the fifth network.
  • the routers on the first and third networks route the packets from their respective networks onto the fifth network by translating the non-routable source addressing in the packets on their respective networks into a routable address that can be routed on the fifth network.
  • This allows the first and second RCST's to transmit and receive packets with each other.
  • the translation of non- routable to routable addressing is typically done using a Network Address Translation table function in the routers on the first and third networks, or other means that will be well known to those skilled in the art of routing packets on networks.
  • the two instances of the RCST begin synchronizing their communications by sending each other a message on each of the multiple registered addresses on their respective networks that they will allocate to communications relating to a specific network node, thereby conveying the values and quantity of the routable addresses allocated to communicating obfuscated packets between specific network nodes in the source address fields of the multiple routable packets into which the obfuscated packets have been segmented and distributed.
  • the RCST instances could connect separately to more than two separate networks and perform the same functions disclosed in this embodiment on more than two separate networks.
  • the first RCST transmits and receives obfuscated packets with the second RCST using unpredictable patterns of source and destination addressing that each RCST device independently synchronizes by a means disclosed below.
  • the second RCST synchronizes its addressing pattern permutations with the first RCST in order to verify the authenticity of the received packets through conformance to the synchronized addressing pattern permutations. If the received packets conform to the addressing patterns, the second RCST restores the verified packets to their original format by reversing a synchronized obfuscation pattern, and either transmits the resulting restored packets to a destination node on another network to which it is connected or uses them for an internal process.
  • the first RCST When the first RCST transmits packets to the synchronized second RCST, it does so in accordance with a changeable pattern of network address assignment functions disclosed below.
  • the first RCST assigns some of its registered first network addresses to communications with the second RCST, as shown in Figure 80, row set 8001 and 8003. These assigned addresses are the addresses used to populate the source and destination fields of the routable packets according to the transmission addressing pattern permutation that are sent between the RCST's.
  • the first RCST When a node (9202) on the second network (9204) transmits a packet to a node (9222) on the fourth network (9226), the first RCST obfuscates the packet according to an Obfuscation Pattern permutation and packages the obfuscated packet contents into multiple first network packets.
  • the first RCST transmits these obfuscated multiple packets with first network source addresses (8003) onto the first network according to a pattern of transmission addressing pattern permutations that specify addressing, packet sequences, transmission timings, and packet ordination.
  • Those packets that have public network destination addresses (8001) are consequently transmitted onto the public network by the first private network's router, typically using a NAT table, so that the original packets contents arrive at a public network address in an obfuscated, unpredictable, and secure manner.
  • the segmented and obfuscated packets are typically received by a corresponding second RCST that is implemented either at the destination public network address, or an address on another private network, or as a node on the first private network herein disclosed.
  • This corresponding receiving RCST can be implemented as a dedicated network switch gateway device or embedded into another device that performs other data processing functions.
  • This corresponding receiving RCST has synchronized to the pattern of 2795 functions that the transmitting RCST used to obfuscate, address, and transmit the packets.
  • the second RCST uses this synchronized knowledge of the transmitting RCST's patterns to analyze the transmission pattern, determine the authenticity and validity of the received packets by their conformance to the pattern, and subsequently reverse the packet obfuscation to return the packets' contents to their original form as originally transmitted by the originating network node on the second network, including its original destination addressing.
  • the second RCST then transmits the restored packet from the originating network node to its specified
  • the first and second RCST synchronize addressing and verify pattern permutation synchronization.
  • the first RCST (9208) determines one or more routable address with which it can communicate with the second RCST (9228). This can be performed by a number of means, including without limitation the use of a Domain Name Server on which the second RCST has published a pre-arranged Universal Resource Locator record, a world wide web server that allows the
  • the first RCST uses the second RCST's routable address to establish synchronization of transmission patterns based on synchronized Transmission Pattern Permutations.
  • the first RCST determines from the transmission pattern permutation how many first network addresses it will allocate to
  • the second RCST communications with the second RCST, and sends the second RCST a communication request from each of the allocated first network source addresses.
  • the first network source addresses are translated into routable public network addresses by the first network's NAT function.
  • the packets arrive at the second RCST with the translated first network addresses as routable addresses in the packets' source address fields.
  • the transmissions from this set of addresses inform the second RCST of the set of first network routable addresses allocated to communications with the second RCST.
  • the second RCST responds to the first RCST with an acceptance message from each of the routable addresses that it has allocated to communicate packets relating to with the first RCST.
  • the second RCST will send each of its routable addresses as a source address to each of the first RCST's routable addresses as destination addresses until it has exhausted its set of routable addresses. If it exhausts ⁇ he set of first RCST routable addresses before its set is completely communicated, it restarts at the top of the first RCST's list of routable addresses as a circular queue.
  • each RCST will be able to transmit packets to each other over the fifth network (9220), using unpredictable combinations and ordinations of the multiple addresses as varying patterns of source and destination addresses.
  • This will allow, for example, the first and second RCST's to establish patterns of combinations of source and destination addressing in packet transmissions according to synchronized Transmission Pattern Permutations that can be used to verify the authenticity of the transmitted packets and obfuscate them in transit. This reduces the viability of a man in the middle attack, since the attack will not be
  • the packets already contain encrypted content, and may be transmitted over an encrypted channel such as Secure Socket Layer (SSL), the unpredictable addressing patterns provide additional security to the transmission beyond the security provided by encryption alone.
  • SSL Secure Socket Layer
  • first and second RCST systems share routable addressing information, they populate an address synchronization table with that information as shown in Figure 88. They each maintain a list of addresses relating to a synchronized communication as seen at
  • Each CST connects to a network (9406, 9409, 9420, and 9423) that connects through a router (9407, 9408, 9421, and 9422 respectively) to a public network, such as the Internet (9414).
  • Each RCST registers multiple addresses (9405, 9410, 9419, and 9424) on the network that is connected to the public network.
  • Each RCST also connects independently with a separate interface to another private network (9402, 9414. 9416. and 9428) that is not known to or accessible by the network connected to a public network.
  • the four RCST's exchange
  • routable address information synchronize randomized offset numerical values as disclosed herein, and share DHCP information for all of the nodes registered on their private isolated networks (9402, 9414, 9416, and 9428) to create a federated private isolated LAN out of multiple separate private LANs that is not recognized or "visible" to any nodes on any of the public network connected private LANs (9406, 9409, 9420, and 9423) or on the public network.
  • the four RCST's exchange routable address information as herein disclosed and each populates its own local copy of a Federated DHCP Fable (9403, 9411, 9417, and 9426) as illustrated in Figure 88.
  • Figure 88 illustrates the local Federated DHCP Table (9403) maintained by RCST01 (9404). This table maintains for each node registered in a federated address space the local LAN address for that node (Federated Address), the multiple addresses registered for that node on the public network connected private network (Routing Address), and the MAC address associated to that node on its local LAN (MAC Address) (8801).
  • the Federated DHCP Table also assigns a Routing Ordination value for use in alignin a table address entry to the Ordination values in a Transmission Addressing Permutation table offset ( Figure 82) as disclosed herein.
  • the RCST's transmit the federated, routing, and MAC address attributes, and the Routing Ordination value to all synchronized RCST's that they have registered in their local table (8802).
  • the nodes (9400 and 9401) on the isolated LANs not connected to the public network (9402) cannot be recognized by the public network (9414) or the private network connected to the public network (9406) that is simultaneously connected to the associated RCST (9404). This isolates and protects the LAN not connected to the public network from hackers and intrusion by nodes on the
  • the local connected RCST (9404) will analyze the destination address in the Federated DHCP Table ( Figure 88 at row set 8804) and determine that the destination node address of 10.10.10.26 has associated multiple routing addresses starting at 63.78.124.76:2624 and so forth as listed in Figure 88.
  • the RCST will then segment and obfuscate the packet transmitted by the node (9401), distribute its segments into multiple packets it creates, determine a transmission addressing pattern from a Transmission Addressing Pattern Permutation table o fset that has been generated in a synchronized manner with the
  • the transmitting RCST (9404) then transmits the routable addressed multiple packets onto the network to which it is connected that is also connected to the public network (9406), which in turn transmits the multiple packets onto the public network after translating its local source addresses into routable source addresses with its router's (9407) NAT function.
  • the multiple packets will then route over the public network and arrive at the destination router (9422) where the destination address values will be translated by the NAT function into local 192.168.23.x addresses that are registered to the connected RCST (9427).
  • the RCST will verify conformance to the Transmission Addressing Pattern, de-obfuscate and reassemble the multiple packets into the original packet transmitted by the originating node (9401) and transmit it onto the local isolated network (9428). Since the restored packet will contain both the IP addressing and MAC addressing information retrieved from the Federated DHCP table at the
  • the packet transmitted by RCST04 (9427) onto the network (9428) can be received at both the OSI Level 2 and Level 3 layers by the destination node (9429). This allows the nodes (9401 and 9429) on tiie two isolated networks (9402 and 9428) thai share the same federated address space to behave as though they were connected on the same physical network, even though the transmitted packet was transmitted over the public network in a highly secure format.
  • any of the nodes (9400, 9401, 9413, 9415, and 9429) on any of the connected isolated networks (9402, 9414, 9416, and 9428) are able to transniit packets to each other with ull OSi Layer 2 and Layer 3 functionality securely over a public network using the methods herein disclosed.
  • RCST's synchronize and federate DHCP tables across two or more Private VLANS to create a federated Private VL.AN which communicates over segmented and obfuscated payloads in packets using randomized addressing patterns as herein disclosed mat are synchronized between RCST's at each separate PVLAN while maintaining a federated IEEE 802.1Q port classification type for each node on the separate isolated PVLAN' s.
  • the packet packaging process (the Transmission Package Processor in Figure 2.8) will look up actual routing address values based on a sequence of the "routing ordination" field in the Address Synchronization Table in Figure 80. This address ordination value will be used with the addressing pattern permutation tables offsets by the Transmission Package Processor to point to the actual address values in this Address Synchronization Table that will be used in the transmitted packet.
  • the Transmission Package Processor shown in Figure 28 that is packaging packets for transmission from an RCST will use this table of synchronized addresses to populate source and destination addresses of packets based on the permutations of a transmission pattern permutation table.
  • the Transmission Package Processor will use an Addressing Pattern Permutation table as illustrated in Figure 82 and use table offsets to establish sequences of source and destination address pairings for four packets at a time, per the construction of this Addressing Pattern Permutation table embodiment.
  • the first and second RCST's will use the same offsets into the same table to construct the same addressing patterns independently and in synchronization so that the receiving RCST will be able to verify that the source and addressing combinations in the received packets match the combinations specified by the Transmission Pattern Permutation. If they match, it verifies that they were sent from the first RCST that was constructing them from the same patterns. In this way, the packets are self-authenticating to the receiving second RCST system.
  • the first transmitted packet would be addressed so that the value of the L3 address (or 192.168.2.54 as specified in the 7th row of the Addressing Synchronization Table in Figure 80 and in address set 8003) would be used as the source address and the value of the R2 address (or 117.42.35.61:6253 as shown in the 2nd row and in address set 8001) would be used as the source address and the value of the R2 address (or 117.42.35.61:6253 as shown in the 2nd row and in address set 8001) would
  • 2915 be used as the destination address for the first packet.
  • the Transmission Package Processor would then look up the source and destination address values in a similar manner for the subsequent three packets, using respectively L2-R4, L3-R2, and L5-R4 as specified in the Transmission Addressing table row in the current example.
  • This next pattern of L2-R4 would specify that the transmission of the next packet from the first RCST to the second RCST be addressed so that the source address (P2Src in Figure 82) of the second local registered address (L2, or 192.168.2.124 in
  • the first RCST then transmits packets to the second RCST using the source and destination addressing specified in the offsets to the Transmission Addressing Pattern Permutation Table ( Figure 82). Since the second RCST has synchronized patterns with the first RCST per the method disclosed below, it will analyze the source and destination addressing in the packets it receives to verify that they conform to the patterns in the offsets to the Transmission Addressing Pattern Permutation Table.
  • the second RCST flags the received packets as authentic and passes them to a process (The Reassembly Processor) that will parse, de-obfuscate, and reassemble, according to other corresponding synchronized pattern permutations, the contents of the four transmitted packets back into the form contained in the original packet transmitted by the originating network node.
  • a process The Reassembly Processor
  • the second RCST system that receives the packets routed over the public network has synchronized its pattern permutations to the first RCST that transmitted the packets.
  • the second RCST receives the packets, verifies that their addressing and transmission patterns conform to the synchronized transmission pattern permutation, reverses the packet segmentation and obfuscation according to the synchronized obfuscation pattern permutations, reassembles the segments into the original packet that was transmitted by the specific network node, and then transmits that reassembled packet to the node on another network at the destination address.
  • the transmitted packets were sent specifically to the second RCST system, it will not transmit the reassembled packet onto another network, but use the reassembled packet for its own internal processes, such as a federated DHCP table update, a routable address list update, or other internal processes.
  • the destination address in the reassembled original packet may designate a node on the third, public-network-connected private network, or it may designate a node on the fourth isolated network.
  • the second RCST transmits the packet onto the network containing the node corresponding to the reassembled packet's destination address.
  • a node on an isolated network that is not visible to a node on the public network (the second network) can send an obfuscated, self-authenticating packet to a separate isolated network (the fourth network) that is also not visible to a node on the public network. This allows networks that are not visible to the internet to securely communicate their data over the internet.
  • a first and a second RCST system have been pre-programmed with an identical numeric value used as a "seed value" to simultaneously and independently calculate identical unpredictable numeric values.
  • this is accomplished using the Time-based One-time password algorithm (TOTP) as specified in IETF RFC 6238, or some other method of independent synchronized unpredictable one-way number generation as will be known to those skilled in the art of two-factor authentication and random number generation.
  • TOTP Time-based One-time password algorithm
  • TOTP is typically used as an authentication method, wherein a user is presented a numeric value that is calculated in synchronization with a server that verifies that the number matches its own calculation and allows access to a resource if it does.
  • the current embodiment uses the TOTP algorithm to generate time-based, synchronized numeric values not as an authentication credential, but as offsets into identical pattern permutation tables that will specify the identical pattern permutation simultaneously and independently on multiple systems without the need to communicate a secret "seed value” or pattern permutation between them.
  • TOTP TOTP to independently synchronize the generation of numerical values as permutation table offsets
  • the synchronizing systems know the secret seed number, execute the same algorithm, and share common pattern permutation table structures. These can be shared securely, or pre-programmed into the system. With these, different and separate computers can independently calculate the same unpredictable number at regular time-based intervals.
  • multiple different seed numbers are used to synchronize different number generation algorithms that are allocated to distinct purposes or communication sessions. These purposes and sessions include without limitation synchronizing in a unique manner with multiple other RCST systems or other network nodes.
  • an automobile can synchronize separate and distinct communication patterns based on unique permutation table offsets to transmit operational data differently and separately with the manufacturer of the automobile, the owner's insurance company, and the owner's home computer while keeping the automobile's network transmissions and its network node existence invisible to a public network.
  • a TOTP algorithm is improved to have a configurable pattern of changing the seed values, methods and inputs for calculating unpredictable numbers. These unpredictable numbers can be used as pattern permutations and random seed number table offsets.
  • RCST's pre-install or securely communicate a list of secret random seed numbers and use a certain frequency of TOTP generated numerical values as offsets into the list of seed numbers to jump to an offset and use the specified value as the new master seed.
  • the algorithm includes without limitation methods that change the following, where alphanumeric variables such as x, y, and z are configurable values:
  • Y tokens generated For every Y tokens generated, use the Yth token as an offset into a table of different functions that alter the current time value in a TOTP algorithm to be a number of the correct size to be used in the token calculation, and allow the method to change how the time value calculation input to the token is altered
  • the synchronization of pattern permutations is shared among three or more RCST's to create a community of correspondent RCST's using the same pattern permutations.
  • the same automobile shares a seed to synchronize unpredictable permutation table offset values to create common and shared communication patterns with the manufacturer of the automobile, the owner's smart phone, and the owner's home computer, while synchronizing separate and distinct communication patterns to transmit operational data differently with the owner's insurance company and
  • each type of pattern disclosed herein will be specified from a pattern permutation table specific to that type of pattern, examples of which are shown in Figures 60, 62, and 64.
  • the group of various pattern permutation tables specifying all of the types of patterns for the functioning of
  • the invention is herein referred to as a "set of base permutation tables".
  • the structure and content of the set of base permutation tables must be identical across the corresponding synchronized RCST's. If they are not, the independent calculation of communication or other patterns using pattern permutation table offset values will be produce different results in those RCST's where the set of base permutation tables differ. This will result in those RCST's will be that the invention will not be able to communicate using the methods of the invention herein disclosed.
  • RCST's of the invention can first securely share a value for determining a permutation of the set of base pattern permutation tables, or know the same value through TOTP number generation, or by other means, such as having the value pre-installed when the RCST is implemented. This value can be used to derive the base set of pattern permutation tables from which the communication and obfuscation patterns will be calculated. RCST's can thereby synchronize their pattern
  • a first RCST can securely share with two or more RCST's a randomly or otherwise generated offset number within 3020 the range of the population of permutations of sets of base permutation tables. Each so shared with RCST can then use this offset to determine the base set of permutation tables that will be used in communications with the sharing RCST. This will establish a common set of pattern permutation tables across all RCST's sharing this value. Any RCST can then repeatedly share only offsets for the various types of pattern permutation tables to synchronize obfuscation and communication patterns. Unauthorized acquisition of the pattern permutation offset values will be of little value if the permutation of base set of pattern permutation tables is not known.
  • the sharing RCST's can simply securely share a superseding offset into the permutations of sets of base permutation tables to reset the transmission parameters to a secure state.
  • the tables in the set of base permutation tables are altered slightly whereby the columns of parameters our placed in different orders and the value of ranges within the table parameters are reduced which forces the same
  • the invention is used by a computer application to securely transmit, receive, and store the data it uses to perform its functions.
  • a computer application to securely transmit, receive, and store the data it uses to perform its functions.
  • This includes without limitation databases, file, video, picture and text sharing and storage applications, Voice over IP applications, Web Browsers, Computer Games, remote system access applications, web meeting and collaboration applications, "cloud” storage and retrieval applications, system and file backup applications, and the like.
  • other applications can use the invention to increase the security and privacy of the data and information used in those applications. This can be accomplished by embedding the invention into the executable code of the application, or by providing to the application an Application Programming Interface (an API) that embodies the functionality of the invention for use by an authorized application "calling" the API functions.
  • an API Application Programming Interface
  • a database application uses the invention to securely store and transmit the data in its database.
  • database application has been configured, either with embedded code embodying methods of the invention, or by use of an Application Programming Interface (API), to utilize "write”, “insert”, or “store” commands (or the like) that invoke methods of the invention so that the data to be written, inserted, or stored in a database field would be processed and stored in a secure manner as obfuscated segments on diverse, separate storage locations using different transmission media and protocols according to the invention.
  • API Application Programming Interface
  • the database application similarly utilizes the invention for "get”, “retrieve”, or "read” commands, or the like, that would
  • Pre-Calculating Pattern Permutations In another embodiment, use of the invention by an application, such as a database, web browser, file sharing, or other type of application, can be configured to pre-calculate and present a series of Pattern Permutations, encryption keys, and other metadata required by the invention, as well as transmission pathways and associated encryption keys, as well as other components of the invention required for operation of the invention, so that they are queued for use and immediately available to the application or the API using the invention for secure data obfuscation, transmission, storage, retrieval and reassembly. This reduces the overhead and time requirements to process an original data object at the time of its identification.
  • An embodiment of invoking this pre-calculation and presentation is disclosed in Figure 20, steps 2020 through 2030.
  • the Pattern Permutations and Metadata produced by this pre-calculation and presentation can be configured to persist between instances of the invention on one system or across two or more systems.
  • ODO Streaming In a variation of the embodiment disclosed in Figure 40, the invention can be used for streaming data for applications and data objects including without limitation video, SMS text, MMS text, voice mail, and voice telephony, and other types of streamed data objects as can be devised.
  • the system can delete the segments of the obfuscated, transmitted, stored, and retrieved data stream as the data is streamed, or retain the segments and thereby record the data stream for later retrieval.
  • the system can then re-obfuscate and migrate the segments with different obfuscation, invalid data, transmission and storage, and/or retrieval patterns according to the Segment Migration method as illustrated in Figure 42 to further obfuscate and control access to the retained segments of the streamed data recording.
  • the originating and receiving systems can share transmission and retrieval metadata and patterns that use few or no intermediary RCST systems to transmit the segments, but instead transmit the segments over a small number of RCST relays, say one or two, or directly between the originating and receiving systems, or a combination thereof.
  • the originating system' s TPP can specify transmission of both valid and invalid segments directly to the receiving device or directly to the RCST's specified in the receiving system's retrieval pattern.
  • the invention can be used in an application for backing up or replicating entire originating systems or portions thereof for purposes that include without limitation disaster recovery, archiving, version control, system migration, system synchronization, system replication, and the like.
  • the originating system designates a portion of its system data intended for backing up as the ODO to be obfuscated, segmented, reordered, packaged, transmitted, and stored, and then retrieved and reassembled by a receiving system as disclosed herein.
  • the receiving system may be the same system as or a different system than the originating system.
  • the invention will then execute its methods on the system storage area designated as the ODO as though it is a single data object and securely transmit and store the system storage area data as disclosed herein.
  • the invention allows for a user or system to designate different portions of system data to be backed up or replicated as different original data objects, so that that the invention will transmit and store the backup data area as two or more original data objects, typically in separate secure access areas or storage resources.
  • FTP File Transfer Protocol is a protocol used to transmit data objects between systems.
  • HTTP Hyper Text Transfer Protocol is a protocol used to transmit data to and from world wide web servers.
  • IDO Invalid Data Object is digital data not from an Original Data Object used to obfuscate "valid" data that comes from an Original Data Object.
  • IPP Invalid Data Pattern Permutation is a permutation variation of functions and values that produce an
  • IDO Invalid Data Object
  • NNTP Network News Transfer Protocol is a standard Internet communications protocol.
  • ODO Original Data Object is digital data that is securely obfuscated, segmented, reordered, transmitted, stored, retrieved, and reassembled by the invention.
  • OMR Object Management Record is the collection of data and metadata about the identity, encryption, segmenting, and processing of an ODO.
  • OPP Obfuscation Pattern Permutation is the variation of obfuscating functions and their input values used to obfuscate an ODO and its segments.
  • RCST Receive, Compute, Store, Transmit is a computing, communications, and storage system that receives, processes, stores, and transmits both Invalid Data and ODO segments and segment groupings.
  • RPP Retrieval Pattern Permutation specifies the location and retrieval metadata for retrieving ODO segments and invalid data.
  • SMR Segment Management Record is the collection of data about the identity, processing, encryption, packaging, and transmission of a Segment of an ODO
  • SMS Short Message Service is a text messaging component of a mobile communications system.
  • SMTP Simple Mail Transfer Protocol is a well known email transmission and handling system
  • STO Segment Tracking Object is the data structure that tracks and records the segmenting, reordering, and invalid data insertion of an ODO and its segments
  • TCP Transmission Control Protocol is one of the communication protocols of the Internet.
  • TPP Transmission Pattern Permutation is the permutation variation of the configurations, functions, and values that are used in the packaging and transmission of Segments.
  • UDP User Datagram Protocol is one of the communications protocols of the Internet.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé permettant de mémoriser de façon sécurisée un objet-données, et consistant à identifier l'objet-données à mémoriser de façon sécurisée, à diviser l'objet-données en une pluralité de paquets de données incluant au moins un premier et un second paquet de données, à indiquer un emplacement de mémorisation sécurisé pour le premier paquet de données, à indiquer pour le second paquet de données un emplacement de mémorisation sécurisé différent de l'emplacement de mémorisation indiqué pour le premier paquet de données, à transmettre de façon sécurisée le premier paquet de données à l'emplacement de mémorisation de données indiqué pour lui et à le placer dans l'emplacement de mémorisation sécurisé indiqué pour lui, à transmettre de façon sécurisée le second paquet de données à l'emplacement de mémorisation de données indiqué pour lui et à le placer dans l'emplacement de mémorisation sécurisé indiqué pour lui. Un procédé de transmission sécurisée de données consiste à identifier des paquets de données à transmettre de façon sécurisée, à diviser les paquets en une pluralité de paquets de données, à transmettre la pluralité de paquets de données avec des modèles d'adressage impossibles à prédire, et à recevoir, réassembler et retransmettre les paquets de données dans leur format d'origine.
PCT/US2015/026378 2014-04-18 2015-04-17 Système et procédé de transmission et de mémorisation sécurisées de données WO2016003525A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201461981482P 2014-04-18 2014-04-18
US61/981,482 2014-04-18

Publications (2)

Publication Number Publication Date
WO2016003525A2 true WO2016003525A2 (fr) 2016-01-07
WO2016003525A3 WO2016003525A3 (fr) 2016-03-03

Family

ID=55020074

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/026378 WO2016003525A2 (fr) 2014-04-18 2015-04-17 Système et procédé de transmission et de mémorisation sécurisées de données

Country Status (1)

Country Link
WO (1) WO2016003525A2 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018187212A1 (fr) * 2017-04-03 2018-10-11 Listat Ltd. Procédés et appareil de communication hypersécurisée de dernier kilomètre
US20180359811A1 (en) * 2015-01-26 2018-12-13 Ievgen Verzun Methods And Apparatus For HyperSecure Last Mile Communication
US20190206531A1 (en) * 2017-02-26 2019-07-04 Kirstan A. Vandersluis Aggregation and viewing of health records received from multiple sources
US10382450B2 (en) 2017-02-21 2019-08-13 Sanctum Solutions Inc. Network data obfuscation
CN113572786A (zh) * 2021-08-05 2021-10-29 梁德群 一种基于不等长二进制截取字组成的明文进行加密和解密的方法
US11277390B2 (en) 2015-01-26 2022-03-15 Listat Ltd. Decentralized cybersecure privacy network for cloud communication, computing and global e-commerce
CN114386064A (zh) * 2021-12-28 2022-04-22 杭州美创科技有限公司 数据库透明加密方法、装置、计算机设备及存储介质
CN114553597A (zh) * 2022-04-22 2022-05-27 中国长江三峡集团有限公司 一种电力设备运维数据传输管理方法及系统
CN115309707A (zh) * 2022-08-31 2022-11-08 广州鼎盛商业保理有限公司 一种基于保理业务的信息交互方法
CN116032830A (zh) * 2023-03-24 2023-04-28 微网优联科技(成都)有限公司 一种网络交换机交互的方法、网络交换机及网络系统
US20230360774A1 (en) * 2019-03-08 2023-11-09 Connetix Corp Aggregation and viewing of health records received from multiple sources
CN117135624A (zh) * 2023-10-27 2023-11-28 中国铁道科学研究院集团有限公司通信信号研究所 基于混合加解密算法的车载数据无线下载方法和系统
CN117540434A (zh) * 2024-01-10 2024-02-09 成都数据集团股份有限公司 一种数据库管理及安全分析方法

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8854882B2 (en) * 2010-01-27 2014-10-07 Intelligent Intellectual Property Holdings 2 Llc Configuring storage cells
WO2011143628A2 (fr) * 2010-05-13 2011-11-17 Fusion-Io, Inc. Appareil, système et procédé pour opérations de stockage conditionnel et atomique

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11277390B2 (en) 2015-01-26 2022-03-15 Listat Ltd. Decentralized cybersecure privacy network for cloud communication, computing and global e-commerce
US20180359811A1 (en) * 2015-01-26 2018-12-13 Ievgen Verzun Methods And Apparatus For HyperSecure Last Mile Communication
US11991788B2 (en) 2015-01-26 2024-05-21 Listat Ltd. Methods and apparatus for HyperSecure last mile communication
US11831624B2 (en) 2015-01-26 2023-11-28 Listat Ltd. Decentralized cybersecure privacy network for cloud communication, computing and global e-commerce
US11696367B2 (en) 2015-01-26 2023-07-04 Listat Ltd. Methods and apparatus for HyperSecure last mile communication
US11627639B2 (en) 2015-01-26 2023-04-11 Ievgen Verzun Methods and apparatus for HyperSecure last mile communication
US10382450B2 (en) 2017-02-21 2019-08-13 Sanctum Solutions Inc. Network data obfuscation
US20190206531A1 (en) * 2017-02-26 2019-07-04 Kirstan A. Vandersluis Aggregation and viewing of health records received from multiple sources
US11742063B2 (en) * 2017-02-26 2023-08-29 Connetix Corp Aggregation and viewing of health records received from multiple sources
KR102465085B1 (ko) 2017-04-03 2022-11-09 리스태트 리미티드 안전한 라스트 마일 통신을 위한 방법 및 장치
RU2754871C2 (ru) * 2017-04-03 2021-09-08 Листат Лтд. Способы и устройство гиперзащищенной связи "последней мили"
KR102588164B1 (ko) 2017-04-03 2023-10-11 리스태트 리미티드 안전한 라스트 마일 통신을 위한 방법 및 장치
CN111247773B (zh) * 2017-04-03 2022-05-17 力士塔有限公司 超安全最后一里路通信的方法和设备
CN111247773A (zh) * 2017-04-03 2020-06-05 力士塔有限公司 超安全最后一里路通信的方法和设备
KR102322191B1 (ko) 2017-04-03 2021-11-05 리스태트 리미티드 안전한 라스트 마일 통신을 위한 방법 및 장치
KR20210135000A (ko) * 2017-04-03 2021-11-11 리스태트 리미티드 안전한 라스트 마일 통신을 위한 방법 및 장치
WO2018187212A1 (fr) * 2017-04-03 2018-10-11 Listat Ltd. Procédés et appareil de communication hypersécurisée de dernier kilomètre
KR20220154248A (ko) * 2017-04-03 2022-11-21 리스태트 리미티드 안전한 라스트 마일 통신을 위한 방법 및 장치
KR20200002882A (ko) * 2017-04-03 2020-01-08 리스태트 리미티드 안전한 라스트 마일 통신을 위한 방법 및 장치
US20230360774A1 (en) * 2019-03-08 2023-11-09 Connetix Corp Aggregation and viewing of health records received from multiple sources
CN113572786A (zh) * 2021-08-05 2021-10-29 梁德群 一种基于不等长二进制截取字组成的明文进行加密和解密的方法
CN114386064A (zh) * 2021-12-28 2022-04-22 杭州美创科技有限公司 数据库透明加密方法、装置、计算机设备及存储介质
CN114553597B (zh) * 2022-04-22 2022-07-19 中国长江三峡集团有限公司 一种电力设备运维数据传输管理方法及系统
CN114553597A (zh) * 2022-04-22 2022-05-27 中国长江三峡集团有限公司 一种电力设备运维数据传输管理方法及系统
JP7355913B1 (ja) 2022-04-22 2023-10-03 中国長江三峡集団有限公司 電力装置の運用保守データの伝送管理方法及びシステム
JP2023160718A (ja) * 2022-04-22 2023-11-02 中国長江三峡集団有限公司 電力装置の運用保守データの伝送管理方法及びシステム
CN115309707A (zh) * 2022-08-31 2022-11-08 广州鼎盛商业保理有限公司 一种基于保理业务的信息交互方法
CN115309707B (zh) * 2022-08-31 2023-03-24 广州鼎盛商业保理有限公司 一种基于保理业务的信息交互方法
CN116032830A (zh) * 2023-03-24 2023-04-28 微网优联科技(成都)有限公司 一种网络交换机交互的方法、网络交换机及网络系统
CN117135624A (zh) * 2023-10-27 2023-11-28 中国铁道科学研究院集团有限公司通信信号研究所 基于混合加解密算法的车载数据无线下载方法和系统
CN117540434A (zh) * 2024-01-10 2024-02-09 成都数据集团股份有限公司 一种数据库管理及安全分析方法
CN117540434B (zh) * 2024-01-10 2024-03-15 成都数据集团股份有限公司 一种数据库管理及安全分析方法

Also Published As

Publication number Publication date
WO2016003525A3 (fr) 2016-03-03

Similar Documents

Publication Publication Date Title
US10326798B2 (en) System and method for secure data transmission and storage
WO2016003525A2 (fr) Système et procédé de transmission et de mémorisation sécurisées de données
US11089032B2 (en) Signed envelope encryption
RU2754871C2 (ru) Способы и устройство гиперзащищенной связи "последней мили"
US10447674B2 (en) Key exchange through partially trusted third party
US9619632B2 (en) System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
JP6741675B2 (ja) セキュア動的通信ネットワーク及びプロトコル
US12058260B2 (en) System and method for securing data
CN101479984A (zh) 用于身份管理、验证服务器、数据安全和防止中间人攻击的动态分发密钥系统和方法
US7240202B1 (en) Security context sharing
US20230037520A1 (en) Blockchain schema for secure data transmission
EP3614292A1 (fr) Système de transfert de fichiers comprenant un dispositif de chargement, de stockage et de téléchargement
Joshi Network security: know it all
US20130283363A1 (en) Secure data transfer over an arbitrary public or private transport
Schulz et al. d 2 Deleting Diaspora: Practical attacks for profile discovery and deletion
RU2707398C1 (ru) Способ и система защищенного хранения информации в файловых хранилищах данных
WO2025082030A1 (fr) Procédé de transmission de données, appareil, support de stockage et dispositif
TW202402022A (zh) 感測器無線傳訊的封包加解密方法
EA044169B1 (ru) Способ и система защищенного хранения информации в файловых хранилищах данных
BR112017016047B1 (pt) Método para transmitir pacotes de dados seguramente através de uma nuvem, e, método para transmitir pacotes de dados seguramente de um primeiro dispositivo cliente para um segundo dispositivo cliente por meio de uma nuvem

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15815520

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15815520

Country of ref document: EP

Kind code of ref document: A2

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载