Gold Comet™ Patents
Summaries, Implementation, Compliance
PATENT IMPLEMENTATION
AND CMMC COMPLIANCE TABLE
PATENT TECHNICAL
SUMMARIES
Patent No. 8,379,867:
Secure Email Communication System
Gold Comet’s messaging (email) system was the first product released, designed to create a completely risk-free environment for private information exchange.
TECHNICAL DESCRIPTION: The original product in Gold Comet’s patent portfolio is an internet messaging (email) system designed to provide for the secure exchange of information between two or more parties without disruption or interference by any outside party. As a baseline communications system of the Gold Comet platform, this patent protects the process by which the digital data stream transmitted between the originating party and the designated recipient is enciphered and thus made fully secure using a dynamic key pair generation process. In this system, the data in the data stream is dynamically enciphered (encrypted) with a randomly generated symmetric key which, in turn, is encrypted with the originating user’s asymmetric key pair derived from credential indicia via an encryption algorithm for storage in the originating user’s “sent items.” The symmetric key is also encrypted with the receiving user’s asymmetric key pair also derived from credential indicia via an encryption algorithm. The resulting enciphered data and its assigned encryption key are then stored remotely from the host node and key store. Once stored with its sender’s credential indicia, all copies of the dynamically generated key are deleted from the host node and housed in a secure database node. To decipher the data, the receiving user’s asymmetric key pair decrypts the symmetric key which is then used to decrypt the data stream. This system results in a highly resilient messaging process that is not subject to common infiltration and exfiltration attempts due to its complex encryption process.
Patent No. 8,737,624:
Secure Email Communication System
Gold Comet’s patented messaging encryption method has been refined to include FIPS 140-2 validated AES 256-Bit Object Level Encryption.
​
TECHNICAL DESCRIPTION: With this system patent, the data in the data stream is dynamically enciphered (encrypted) with a randomly generated symmetric key which, in turn, is encrypted with the originating user’s asymmetric key pair derived from credential indicia via an encryption algorithm. This process forms the basis of Object Level Encryption as the encryption process is enacted upon each individual piece of transmitted data, rather than the more common method of encrypting an entire volume of data. In the remote chance that a data element is compromised, the attacker will only have access to that one file; all other data will still be protected by individual encryption keys.
The resulting enciphered data and its assigned encryption key are stored remotely from the host node and key store. Once stored with its sender’s credential indicia, all copies of the dynamically generated key are deleted from the host node and housed in a secure database node. The host node is remotely coupled to the key store through a key port and the database node through the database port and has been further refined to comprise of a data stream port, a dynamic key generation module, a first encipher module, and a decipher module. Patented object level encryption is unique to the Gold Comet platform, providing a secure vehicle for secure transfer of data between users and secure maintenance of file storage.
Patent No. 9,767,299:
Secure Cloud Data Sharing
Gold Comet’s data sharing platform is designed for secure global reach. We provide you with zero-trust collaboration capabilities that work within and across hybrid network channels.
TECHNICAL DESCRIPTION: This patent covers a computer-controlled method for sharing digital information utilizing a cloud-based proprietary storage environment. The first user (sender) node where the data is stored is operable by its sending user with associated first user identifier and assigned private identification key, known only to the first user node. The cloud-based storage environment also recognizes a second user node where the data sent will be received, accessible by the second user with assigned identifier and second user private identification key, known only to the second user node. In the process of transmission, the data is encrypted by the sender’s user node with an encryption key and sent to the cloud server. Once sent, the file key is not retained on the first user node.
The data is then transmitted with an instruction to share the encrypted data which is received and decrypted at the identified second user node using a second generated encryption key. The network server memory maintains an index record of the share keys and random dynamically generated storage names associated with the share keys. The network server processor and the network server non-transitory memory are separate and processed at different locations. This complex and layered encryption and data transmission system provides penetration-tested data security unequalled in the commercial market.
Patent No. 10,055,595:
Secure Credentials Control Method
At Gold Comet, we're always generating rock-solid ways to ensure security. Our patented system controls prohibit god accounts and eliminate insider threats.
TECHNICAL DESCRIPTION: Typical electronic applications allow system administrators unrestricted access to user accounts and credentials (also known as “god accounts”), including usernames, logins, and passwords, with direct permission to view and change these components, with or without the users’ knowledge. This presents an insider threat to enterprise security, a growing problem in today’s cybersecurity environment. This patent provides system controls designed to prevent system administrators from misusing account permissions and reduce the threat of other types of unauthorized access. This method secures access to the account of a user with a first credential set that provides a means for authenticating the user, allowing setup of a universal reset credential associated with the account which is stored in the credential database. The system administrator (who is not the user) is permitted to reset the access feature for the user’s first credential without input from the account user, however, the system administrator is denied permission to change the first credential of the account user.
Additionally, the system is designed to record information related to any change made to the first credential in the secure database and will automatically send a notification of the change to the first credential user, requiring the user to approve or disapprove of the change for it to take effect. This patented process virtually eliminates the insider threat vector, adding another layer of security to this resilient data management system.
Patent No. 10,929,546:
Secure Credentials Control Method
Gold Comet’s platform is build on a patented foundation of zero-trust architecture --never trust, always verify -- which build a strong base of checks and balances.
TECHNICAL DESCRIPTION: This patent covers the method, apparatus, and systems for securing access to user accounts, wherein the account has at least a first credential, such as a password, set as an access feature for authenticating the user. The method includes setting of a universal reset credential associated with the account; denying a system administrator permission to access the original first credential; and permitting the system administrator to reset the access feature from the first credential to the universal reset credential. Thus, when a user is unable to access his/her account, e.g., forgot password, the system administrator can reset the credential to the universal state so that the user can change the password while still protected from the system administrator’s view. Secure access is achieved by storing an access feature for authenticating the user in a credential database comprising of a first credential including an original password to the account set by the user and a universal reset credential. The system administrator is prevented from changing the original password included in first credential. In the event of a reset, a notification is sent to the user which requires confirmation of approval or disapproval of the change to the first credential. First credentials are stored in a secure area of the credential database to which system administrator access is restricted.
Likewise, the system administrator is barred from access to the original second credential (data recipient) account but can change the credential to a universal reset credential. Any change to the second credential will also initiate a notification send that must be confirmed via approval or disapproval by the second credential user. This patent further refines the technology designed to enhance zero trust architecture by mitigating insider threats by personnel who are duly authorized to access the system infrastructure.
Patent No. 11,140,173:
System and Method for Secure Access Control
Gold Comet’s patented access control system restricts harmful administrator activity, requiring that two or more authorized administrators work in concert to successfully execute certain tasks.
TECHNICAL DESCRIPTION: This patent expands on limiting the ability of a single administrator to act unilaterally by requiring the agreement and/or notification of other system administrators, protecting and enhancing the integrity and security of stored data, and thus ameliorating the risk of compromise. Further, this patent requires that certain administrative activities must be accomplished by two (or more) authorized system administrators working in concert to access and manage stored data so that, without notification to users, potential misconduct by account holders may be audited.
The patent sets a minimum number Administrator Integrity Count on the secure access control system which detects in real time, utilizing a gating engine, how many system administrators are currently connected to the secure access processor in an administrative privileges database. To perform certain actions, a minimum number of administrators must be connected and participating in the actions. The concert of administrator activity initiates and sends a notification message to the secure access processor from one or more of the second system administrators as identification of the first authorization so that the action can proceed. The first authorization is denied and will not proceed if one or more second system administrators are not connected to the secure access processor and not participating at the time the action is initiated.
Patent No. 11,575,681:
System and Method for Secure Access Control
In Gold Comet’s patented system of checks and balances provides fail-safe prevention of insider threat, an escalating issue in cybersecurity today.
TECHNICAL DESCRIPTION: This patent enhances the ability of the platform to ensure the security and integrity of stored data and ameliorates compromise by requiring and permitting multiple administrators, acting in concert, to access stored data without notification to the account holder. While user data security is paramount, there are certain times or conditions when system administration must access private data. For example, if a system user is engaging in misconduct that is contrary to system policies and procedures, system administrators, identified by administrator IDs, may work together to access the user’s account to perform corrective actions such as accessing or removing files from the user’s account or closing the account holder’s access. Upon initiation of access to a user account, a notification is generated and sent to one or more additional system administrators as part of the system logging and audit process. An individual system administrator is denied the authority to unilaterally access a user account for the purpose of taking an action whether to correct misconduct or any other valid reason. The system is designed to determine and set a minimum number of system administrators required to perform an action on a database or sensitive data store. The system detects in real time how many system administrators are currently connected to the secure access processor and issues authorization to perform the action when the access count reaches the minimum number. Initiating an administrative action autogenerates a record of the action performed, logging the action for audit purposes. The secure access processor is configured to prevent any unrestricted access to the information saved in the database and the sensitive data store. These role-based access controls ensure that no single administrator can pose an insider threat to a targeted user without triggering an audit notification to other administrators. All restricted actions must always be conducted in concert with additional system administrators.
Patent No. 11,836,261:
Secure Credentials Control Method
With Gold Comet’s patented platform you can enjoy peace of mind that no one, not even a system administrator, has unilateral access to your private data.
TECHNICAL DESCRIPTION: This patent covers the method, apparatus, and systems used for securing access to a user account, wherein the account has at least a first credential (such as a password) set as an access feature for authenticating the user and includes access to all other systems intended to be securely maintained, i.e., data sharing and data storage. The method includes setting a universal reset credential associated with the account for access to user data, denying a system administrator permission to access the first credential, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential. The secure credential control method, apparatus, and systems may track universal reset actions, for example when a new password is established, and reactivations of accounts after a change is made (e.g., change of password).
The system is comprised of a computer-readable storage medium configured to store, in a database, an access feature set by a user for accessing secure data saved in an account. The access feature is comprised of a user password and a universal reset credential; it denies access to the user password by a system administrator of the system. This protective system prevents the system administrator from being able to change the universal reset credential back to the user password without the user’s acknowledgement after the account has been reset. Information relating to the reset of the account is recorded (logged) for audit purposes. The reset event logs the IP address of the party accessing the account, the number of failed attempts to access the account, and the information that was accessed following each change in the account. The processor is also configured to prevent the system administrator from accessing the logged event information.
Patent No. 11,956,247:
System and Method for Secure Access Control
Gold Comet’s secure platform utilizes patented whitelist controls for authorizing information exchange.
TECHNICAL DESCRIPTION: Typical commercial data and cloud storage systems allow system administrators unrestricted access to users’ accounts, data, and credentials (username, login, password). Such access enables an administrator to create, read, edit, and/or delete data without the user's knowledge and opens the door to insider threat account takeovers such as impersonating the user by sending communications via the targeted user’s account or removing files without the user’s permission. This patent comprises a system and method for ameliorating unilateral system administrator access to user data and for achieving secure access control for messaging, data storage, and the cloud storage system. The secure access control system includes a secure access processor configured to issue a first authorization in response to a first concert of action between a first system administrator connected to the secure access processor and a second system administrator connectable to the secure access processor. This control system secures access to users’ messaging, electronic data storage, and cloud storage accounts and requires the participation of at least two system administrators acting in concert to perform administrative tasks regarding private data access. The system tracks system administrator access to user accounts, logging any attempt to access a user accounts, whether unilaterally or acting in concert with another administrator. This includes credential resets, reactivations, etc., recording the date and time of the event for audit purposes.
To summarize, this patent comprises and refines a computer-implemented method for storing a plurality of data access rules associated with one or more system administrators that cover: 1) storing information representing credentials associated with access sessions of user devices in the system, 2) obtaining sensitive data related to a user operating the user device during the access session, 3) determining and setting a minimum number of system administrators required to perform an action, 4) detecting in real time how many system administrators are connected to the secure access processor, and 5) verifying system administrator(s) currently connected to the secure access processor is(are) in accordance with the plurality of data access rules.
