Abstract: Systems and methods are provided for creating, managing and implementing data encryption and key management in a software application through an application programming interface (API) via a SAAS-based API-based platform. A developer can quickly and easily build encryption into any application with an API accessed through an API-based platform that allows the developer to enter basic information about an application, generate encryption keys, download a client library and implement the encryption into the application based on the application information and encryption keys with only two calls to the API. The encryption is built into the software layer and the keys are managed remotely, providing security and simplicity for implementing and executing encryption.

Abstract: A system for authenticated communications between devices, the system comprising: a plurality of devices comprising at least a first and second device; and one or more communication pathways configured to communicatively couple the first and second devices for data streaming of a data object; and the first device comprising a memory coupled to at least one processor, the first device configured to: generate a plurality of datasets corresponding to a plurality of data fragments constituting the data object, each dataset comprising encryption keys used to encrypt the corresponding data fragments, encrypt a first dataset of the plurality of datasets using a first dataset key derived based, in part, on a first encryption algorithm, and determine a second dataset key based, in part, on at least one of the first encryption algorithm and second encryption algorithm.

Abstract: Systems and methods for generating a data map for retrieval of a data object. An example method includes: receiving an indication to generate a data entry for the data map, the data entry corresponding to a field identifier and a field value related to the field identifier; obfuscating the field identifier to generate a record locator associated with the data entry based, at least in part, on one or more variable storage parameters; and encrypting the field identifier and field value and storing the data entry in the data map as an encrypted field identifier and field value in association with the record locator.

Abstract: A method for storing a first data object includes: decomposing the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscating the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypting the first fragment using a first encryption key and the second fragment using a second encryption key; and storing, to at least a first of a plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated record locator.

Abstract: Systems and methods for retrieving a data object. An example method includes: receiving a query comprising a field identifier and a field value related to the field identifier; determining the field identifier corresponds to an entry of a data map, the data map comprising a plurality of entries generated in part based on a plurality of field identifiers; in response to the determination, obfuscating at least one of the field identifier, field value, and both the field identifier and the field value to generate a record locator; identifying one or more encrypted values within the data map based on the record locator, wherein the one or more encrypted values is associated with the entry having an corresponding record locator that matches the generated record locator; and decrypting and forwarding the one or more encrypted values as a response to the query.

Abstract: Systems and methods for generating a data map for retrieval of a data object. An example method includes: receiving an indication to generate a data entry for the data map, the data entry corresponding to a field identifier and a field value related to the field identifier; obfuscating the field identifier to generate a record locator associated with the data entry based, at least in part, on one or more variable storage parameters; and encrypting the field identifier and field value and storing the data entry in the data map as an encrypted field identifier and field value in association with the record locator.

Abstract: A method for storing a first data object includes: altering one or more original record locators corresponding to one or more fragments of a decomposed data object based on one or more variable storage parameters; applying an obfuscating function to the altered record locators for each fragment of the decomposed data object, the obfuscated function based at least in part on the one or more variable storage parameters; and storing, in at least one storage location, the obfuscated record locators with and the corresponding fragments.

Abstract: Systems and integrated circuits are provided herein. In one aspect, an integrated circuit comprises: a plurality of connection nodes comprising at least a first and second connection node; a secure IP block and a decrypt IP block coupled to the first and second connection nodes, respectively. The secure IP block is configured to: receive a data object via the first connection node, disassemble the data object into a plurality of data fragments, encrypt the plurality of data fragments, and send the plurality of encrypted data fragments to a plurality of storage locations. The decrypt IP block is configured to: receive an electrical signal indicative of a request to access a data object via the second connection node, retrieve a plurality of encrypted data fragments stored at a plurality of storage locations, decrypt the plurality of encrypted data fragments, and reassemble the decrypted data fragments into the data object.

Abstract: Systems and methods for accessing a first data object are provided. In an aspect, the method comprises: receiving, by a server from a plurality of client devices, a plurality of requests to retrieve a first data object, each client device operated by a user of a plurality of users; generating a plurality of unique data objects based on the requested first data object, each unique data object associated with the first data object and associated with a user of the plurality of users; and for each client device of the plurality of client devices, providing the client device access to a respective unique data object of the plurality unique data objects based on a respective user corresponding to the client device and associated with the respective unique data object.

Abstract: A system for authenticated communications between devices, the system comprising: a plurality of devices comprising at least a first and second device; and one or more communication pathways configured to communicatively couple the first and second devices for data streaming of a data object; and the first device comprising a memory coupled to at least one processor, the first device configured to: generate a plurality of datasets corresponding to a plurality of data fragments constituting the data object, each dataset comprising encryption keys used to encrypt the corresponding data fragments, encrypt a first dataset of the plurality of datasets using a first dataset key derived based, in part, on a first encryption algorithm, and determine a second dataset key based, in part, on at least one of the first encryption algorithm and second encryption algorithm.

Abstract: A system for storing and managing credentials and encryption keys includes a first data store, a second data store, a client device, and a secure key platform. The client device is configured to transmit a request to retrieve user data stored in the first data store. The secure key platform configured to: store user credentials and data store credentials in the second data store separate from the user data stored in the first data store; receive a request to retrieve user data; retrieve, from the second data store, user credentials of a user of the client device and data store credentials of the first data store in response to the request; use the user credentials of the user of the client device and data store credentials of the first data store to retrieve user data from the first data store; and provide the user data to the client device.

Abstract: Systems and methods for storing, accessing and management a data object are provided. The systems comprise: a trusted file manager system comprising a plurality of data repositories corresponding to a plurality of storage locations configured to store encrypted data fragments; a secure server; and a client device comprising and an application running on the client device and one or more processors, the application communicatively coupled to the secure platform and the trusted file manager system.

Abstract: A system for storing and managing credentials and encryption keys includes a first data store, a second data store, a client device, and a secure key platform. The client device is configured to transmit a request to retrieve user data stored in the first data store. The secure key platform configured to: store user credentials and data store credentials in the second data store separate from the user data stored in the first data store; receive a request to retrieve user data; retrieve, from the second data store, user credentials of a user of the client device and data store credentials of the first data store in response to the request; use the user credentials of the user of the client device and data store credentials of the first data store to retrieve user data from the first data store; and provide the user data to the client device.

Abstract: A system for storing data with a virtual file system includes: means for receiving a file; means for disassembling the file into fragments; means for encrypting the fragments; means for mapping the fragments to different storage locations in the virtual file system; means for transmitting the encrypted file fragments to the different storage locations in the virtual file system; and means for storing the encrypted file fragments to the different storage locations in the virtual file system.

Abstract: Systems and methods for generating a data map for retrieval of a data object. An example method includes: receiving an indication to generate a data entry for the data map, the data entry corresponding to a field identifier and a field value related to the field identifier; obfuscating the field identifier to generate a record locator associated with the data entry based, at least in part, on one or more variable storage parameters; and encrypting the field identifier and field value and storing the data entry in the data map as an encrypted field identifier and field value in association with the record locator.

Abstract: Systems and methods for retrieving a data object. An example method includes: receiving a query comprising a field identifier and a field value related to the field identifier; determining the field identifier corresponds to an entry of a data map, the data map comprising a plurality of entries generated in part based on a plurality of field identifiers; in response to the determination, obfuscating at least one of the field identifier, field value, and both the field identifier and the field value to generate a record locator; identifying one or more encrypted values within the data map based on the record locator, wherein the one or more encrypted values is associated with the entry having an corresponding record locator that matches the generated record locator; and decrypting and forwarding the one or more encrypted values as a response to the query.

Abstract: A method for storing a first data object includes: altering one or more original record locators corresponding to one or more fragments of a decomposed data object based on one or more variable storage parameters; applying an obfuscating function to the altered record locators for each fragment of the decomposed data object, the obfuscated function based at least in part on the one or more variable storage parameters; and storing, in at least one storage location, the obfuscated record locators with and the corresponding fragments.

Abstract: A method for storing a first data object includes: decomposing the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscating the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypting the first fragment using a first encryption key and the second fragment using a second encryption key; and storing, to at least a first of a plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated record locator.

Abstract: A method for storing a first data object includes: decomposing the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscating the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypting the first fragment using a first encryption key and the second fragment using a second encryption key; and storing, to at least a first of a plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated record locator.

Abstract: A system for storing and managing credentials and encryption keys, includes: a first data store and a second data store; a client device configured to transmit a request to retrieve user data stored in the first data store; a secure key platform configured to: store user credentials and data store credentials in the second data store separate from the user data stored in the first data store; receive, from the client device, the request to retrieve user data stored in the first data store; retrieve, from the second data store, user credentials associated with a user of the client device and data store credentials associated with the first data store in response to the request to retrieve user data; use the user credentials of the user of the client device and data store credentials of the first data store to retrieve user data from the first data store; and provide the user data to the client device.