Permanently erasing mechanism for encryption information
First Claim
Patent Images
1. A security device comprising:
- a storage system; and
a security system, the security system including;
an external input/output interface configured to facilitate communications from (1) outside to inside of the security device and (2) inside to outside of the security device;
an internal input/output interface coupled to the storage system and configured to facilitate communications between the security system and the storage system;
an encryption subsystem (1) coupled to the external input/output interface and the internal input/output interface and (2) configured to produce encrypted data from unencrypted data using a one-time pad; and
a bypass channel coupled to the external input/output interface and the internal input/output interface, wherein the bypass channel is configured to allow communications to bypass the encryption subsystem;
wherein for storing the one-time pad, the security device is configured to;
receive, by the security system, the one-time pad from a key management system via the external input/output interface; and
store, by the security system, the one-time pad in the storage system from the external input/output interface via the internal input/output interface while bypassing the encryption subsystem via the bypass channel;
wherein for encrypting the unencrypted data, the security device is configured to;
receive, by the encryption subsystem, the one-time pad from the storage system via the internal input/output interface,receive, by the encryption subsystem, the unencrypted data from a data source via the external input/output interface when the security device is not in communication with the key management system,produce, by the encryption subsystem, the encrypted data by encrypting the unencrypted data using the one-time pad, andin response to the encryption subsystem producing the encrypted data, store, by the encryption subsystem, the encrypted data in the storage system, wherein storing the encrypted data in the storage system includes overwriting the one-time pad stored in the storage system with the encrypted data; and
wherein for retrieving the encrypted data, the security device is configured to;
receive a request for the encrypted data from a data consumer via the external input/output interface, andretrieve the encrypted data from the storage system via the internal input/output interface and sends the encrypted data to the data consumer via the external input/output interface while bypassing the encryption subsystem via the bypass channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for protecting data includes a virtual zeroisation device which receives data to be encrypted and key material for encrypting the data. The key material is stored in a storage device. As the encryption unit encrypts the data using the key material, the encrypted data is stored in the storage device and overwrites the key material.
9 Citations
17 Claims
-
1. A security device comprising:
-
a storage system; and a security system, the security system including; an external input/output interface configured to facilitate communications from (1) outside to inside of the security device and (2) inside to outside of the security device; an internal input/output interface coupled to the storage system and configured to facilitate communications between the security system and the storage system; an encryption subsystem (1) coupled to the external input/output interface and the internal input/output interface and (2) configured to produce encrypted data from unencrypted data using a one-time pad; and a bypass channel coupled to the external input/output interface and the internal input/output interface, wherein the bypass channel is configured to allow communications to bypass the encryption subsystem; wherein for storing the one-time pad, the security device is configured to; receive, by the security system, the one-time pad from a key management system via the external input/output interface; and store, by the security system, the one-time pad in the storage system from the external input/output interface via the internal input/output interface while bypassing the encryption subsystem via the bypass channel; wherein for encrypting the unencrypted data, the security device is configured to; receive, by the encryption subsystem, the one-time pad from the storage system via the internal input/output interface, receive, by the encryption subsystem, the unencrypted data from a data source via the external input/output interface when the security device is not in communication with the key management system, produce, by the encryption subsystem, the encrypted data by encrypting the unencrypted data using the one-time pad, and in response to the encryption subsystem producing the encrypted data, store, by the encryption subsystem, the encrypted data in the storage system, wherein storing the encrypted data in the storage system includes overwriting the one-time pad stored in the storage system with the encrypted data; and wherein for retrieving the encrypted data, the security device is configured to; receive a request for the encrypted data from a data consumer via the external input/output interface, and retrieve the encrypted data from the storage system via the internal input/output interface and sends the encrypted data to the data consumer via the external input/output interface while bypassing the encryption subsystem via the bypass channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of securely protecting data, the method comprising:
-
receiving, by a security system of a security device, a one-time pad from a key management system via an external input/output interface of the security system, wherein the external input/output interface is configured to facilitate communications from (1) outside to inside of the security device and (2) inside to outside of the security device; storing, by the security system, the one-time pad in a storage system of the security device from the external input/output interface via an internal input/output interface while bypassing an encryption subsystem via a bypass channel, wherein the internal input/output interface is coupled to the storage system and configured to facilitate communications between the security system and the storage system, wherein the bypass channel is coupled to the external input/output interface and the internal input/output interface, wherein the bypass channel is configured to allow communications to bypass the encryption subsystem, and wherein the encryption subsystem is (1) coupled to the external input/output interface and the internal input/output interface and (2) configured to produce encrypted data from unencrypted data using the one-time pad; receiving, by the encryption subsystem, the one-time pad from the storage system via the internal input/output interface; receiving, by the encryption subsystem, the unencrypted data from a data source via the external input/output interface when the security device is not in communication with the key management system; producing, by the encryption subsystem, the encrypted data by encrypting the unencrypted data using the one-time pad; in response to the encryption subsystem producing the encrypted data, storing, by the encryption subsystem, the encrypted data in the storage system, wherein storing the encrypted data in the storage system includes overwriting the one-time pad stored in the storage system with the encrypted data; receiving a request for the encrypted data from a data consumer via the external input/output interface; retrieving the encrypted data from the storage system via the internal input/output interface and sending the encrypted data to the data consumer via the external input/output interface while bypassing the encryption subsystem via the bypass channel. - View Dependent Claims (16, 17)
-
Specification