Permanently erasing mechanism for encryption information

US 10,102,383 B2
Filed: 08/16/2012
Issued: 10/16/2018
Est. Priority Date: 08/19/2011
Status: Active Grant

First Claim

Patent Images

1. A security device comprising:

a storage system; and

a security system, the security system including;

an external input/output interface configured to facilitate communications from (1) outside to inside of the security device and (2) inside to outside of the security device;

an internal input/output interface coupled to the storage system and configured to facilitate communications between the security system and the storage system;

an encryption subsystem (1) coupled to the external input/output interface and the internal input/output interface and (2) configured to produce encrypted data from unencrypted data using a one-time pad; and

a bypass channel coupled to the external input/output interface and the internal input/output interface, wherein the bypass channel is configured to allow communications to bypass the encryption subsystem;

wherein for storing the one-time pad, the security device is configured to;

receive, by the security system, the one-time pad from a key management system via the external input/output interface; and

store, by the security system, the one-time pad in the storage system from the external input/output interface via the internal input/output interface while bypassing the encryption subsystem via the bypass channel;

wherein for encrypting the unencrypted data, the security device is configured to;

receive, by the encryption subsystem, the one-time pad from the storage system via the internal input/output interface,receive, by the encryption subsystem, the unencrypted data from a data source via the external input/output interface when the security device is not in communication with the key management system,produce, by the encryption subsystem, the encrypted data by encrypting the unencrypted data using the one-time pad, andin response to the encryption subsystem producing the encrypted data, store, by the encryption subsystem, the encrypted data in the storage system, wherein storing the encrypted data in the storage system includes overwriting the one-time pad stored in the storage system with the encrypted data; and

wherein for retrieving the encrypted data, the security device is configured to;

receive a request for the encrypted data from a data consumer via the external input/output interface, andretrieve the encrypted data from the storage system via the internal input/output interface and sends the encrypted data to the data consumer via the external input/output interface while bypassing the encryption subsystem via the bypass channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for protecting data includes a virtual zeroisation device which receives data to be encrypted and key material for encrypting the data. The key material is stored in a storage device. As the encryption unit encrypts the data using the key material, the encrypted data is stored in the storage device and overwrites the key material.

9 Citations

17 Claims

1. A security device comprising:
- a storage system; and
  
  a security system, the security system including;
  
  an external input/output interface configured to facilitate communications from (1) outside to inside of the security device and (2) inside to outside of the security device;
  
  an internal input/output interface coupled to the storage system and configured to facilitate communications between the security system and the storage system;
  
  an encryption subsystem (1) coupled to the external input/output interface and the internal input/output interface and (2) configured to produce encrypted data from unencrypted data using a one-time pad; and
  
  a bypass channel coupled to the external input/output interface and the internal input/output interface, wherein the bypass channel is configured to allow communications to bypass the encryption subsystem;
  
  wherein for storing the one-time pad, the security device is configured to;
  
  receive, by the security system, the one-time pad from a key management system via the external input/output interface; and
  
  store, by the security system, the one-time pad in the storage system from the external input/output interface via the internal input/output interface while bypassing the encryption subsystem via the bypass channel;
  
  wherein for encrypting the unencrypted data, the security device is configured to;
  
  receive, by the encryption subsystem, the one-time pad from the storage system via the internal input/output interface,receive, by the encryption subsystem, the unencrypted data from a data source via the external input/output interface when the security device is not in communication with the key management system,produce, by the encryption subsystem, the encrypted data by encrypting the unencrypted data using the one-time pad, andin response to the encryption subsystem producing the encrypted data, store, by the encryption subsystem, the encrypted data in the storage system, wherein storing the encrypted data in the storage system includes overwriting the one-time pad stored in the storage system with the encrypted data; and
  
  wherein for retrieving the encrypted data, the security device is configured to;
  
  receive a request for the encrypted data from a data consumer via the external input/output interface, andretrieve the encrypted data from the storage system via the internal input/output interface and sends the encrypted data to the data consumer via the external input/output interface while bypassing the encryption subsystem via the bypass channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The security device of claim 1, wherein:
    - the one-time pad is also provided to the data consumer, andthe encrypted data is decrypted, by the data consumer, using the one-time pad provided to the data consumer.
  - 3. The security device of claim 1, wherein:
    - the key management system is coupled to the security device during a first period for providing the one-time pad to the security device and the data source is not coupled to the security device during the first period; and
      
      the data source is coupled to the security device during a second period for providing the unencrypted data to the security device and the key management system is not coupled to the security device during the second period, the second period being different than the first period.
  - 4. The security device of claim 1, wherein the storage system is filled with key material, and wherein the key material includes the one-time pad.
  - 5. The security device of claim 1, wherein the one-time pad used to produce the encrypted data is a part of a one-time pad that fills the storage system.
  - 6. The security device of claim 1, wherein the external input/output interface facilitates all communications from (1) inside to outside of the security device and (2) outside to inside of the security device.
  - 7. The security device of claim 1, wherein the internal input/output interface facilitates all communications between the security system and the storage system.
  - 8. The security device of claim 1, wherein the data source is a sensor, camera, or the storage system.
  - 9. The security device of claim 1, wherein the storage system is solid state memory, flash memory, or a hard disk.
  - 10. The security device of claim 1, wherein the unencrypted data is video information or military target information.
  - 11. The security device of claim 1, wherein the one-time pad stored in the storage system is configured such that it is only able to be read once from the storage system.
  - 12. The security device of claim 1, the one-time pad includes a series of random bits generated by a quantum generator.
  - 13. The security device of claim 1, the request for the encrypted data is a direct read request addressed to the storage system, a network communication, or a file transfer from an intermediate device.
  - 14. The security device of claim 1, wherein the one-time pad stored in the storage system is destroyed essentially contemporaneously with use of the one-time pad for encryption.

15. A method of securely protecting data, the method comprising:
- receiving, by a security system of a security device, a one-time pad from a key management system via an external input/output interface of the security system, wherein the external input/output interface is configured to facilitate communications from (1) outside to inside of the security device and (2) inside to outside of the security device;
  
  storing, by the security system, the one-time pad in a storage system of the security device from the external input/output interface via an internal input/output interface while bypassing an encryption subsystem via a bypass channel, wherein the internal input/output interface is coupled to the storage system and configured to facilitate communications between the security system and the storage system, wherein the bypass channel is coupled to the external input/output interface and the internal input/output interface, wherein the bypass channel is configured to allow communications to bypass the encryption subsystem, and wherein the encryption subsystem is (1) coupled to the external input/output interface and the internal input/output interface and (2) configured to produce encrypted data from unencrypted data using the one-time pad;
  
  receiving, by the encryption subsystem, the one-time pad from the storage system via the internal input/output interface;
  
  receiving, by the encryption subsystem, the unencrypted data from a data source via the external input/output interface when the security device is not in communication with the key management system;
  
  producing, by the encryption subsystem, the encrypted data by encrypting the unencrypted data using the one-time pad;
  
  in response to the encryption subsystem producing the encrypted data, storing, by the encryption subsystem, the encrypted data in the storage system, wherein storing the encrypted data in the storage system includes overwriting the one-time pad stored in the storage system with the encrypted data;
  
  receiving a request for the encrypted data from a data consumer via the external input/output interface;
  
  retrieving the encrypted data from the storage system via the internal input/output interface and sending the encrypted data to the data consumer via the external input/output interface while bypassing the encryption subsystem via the bypass channel.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein the storage system comprises a memory device.
  - 17. The method of claim 15, wherein the one-time pad includes a series of random bits generated by a quantum generator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
QuintessenceLabs Pty Ltd.
Original Assignee
QuintessenceLabs Pty Ltd.
Inventors
Sharma, Vikram, Leiseboer, John
Primary Examiner(s)
Patel, Ashokkumar B
Assistant Examiner(s)
Farooqui, Quazi

Application Number

US14/239,652
Publication Number

US 20140337640A1
Time in Patent Office

2,252 Days
Field of Search

713189-194, 726 1, 726 6, 726 18, 726 19, 726 23, 726 30
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/79   in semiconductor storage me...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 3/0623   in relation to content

G06F 3/0664   at device level, e.g. emula...

G06F 3/0673   Single storage device

H04L 9/0656   Pseudorandom key sequence c...

H04L 9/0852   Quantum cryptography transm...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/12   Transmitting and receiving ...

Permanently erasing mechanism for encryption information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Permanently erasing mechanism for encryption information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links