SYSTEM AND ASSOCIATED SOFTWARE FOR PROVIDING ADVANCED DATA PROTECTIONS IN A DEFENSE-IN-DEPTH SYSTEM BY INTEGRATING MULTI-FACTOR AUTHENTICATION WITH CRYPTOGRAPHIC OFFLOADING

摘要

The advanced data protection system is implemented by distributing encrypted data across multiple isolated computing systems and using multi-factor authentication to access remote, protected decryption material. Architectural components include: Client application software reading/writing from/to a client data store executing on a client host computer, client application plug-ins communicating with external authentication devices, server application software reading/write data from/to a server data store executing on a host computer which is physically or virtually isolated from the client host computer, authentication devices, components, or systems integrated with or connected to the client computer and exposing programmatic interfaces to client application software, and secure networking components executing on both hosts that provide secure data exchange. The system employs certain associated software that incrementally encrypts client data on both the client and server, storing portions of the results on each computer, and requiring multi-factor authentication for distributed decryption material recovery.

主权项

1. A method comprising:
a. encrypting content with an inner data container using a securely stored client cryptographic key, wherein the securely stored client cryptographic key is stored on a client device; and b. encrypting the content with an outer data container using a unique server-generated and server-stored cryptographic key.