Systems and methods to secure data using computer system attributes

US 10,193,690 B1
Filed: 09/29/2017
Issued: 01/29/2019
Est. Priority Date: 09/29/2017
Status: Active Grant

First Claim

Patent Images

1. A method for securing data in a computing system, comprising:

receiving, at the computing system, data for storage to a data storage device;

acquiring values of one or more system attributes from a plurality of system attributes associated with the computing system based on a key generation policy;

transforming the values of the one or more system attributes using a transformation function based on the key generation policy to generate a cryptographic key;

encrypting the received data using the generated cryptographic key to generate an encrypted data file;

adding a decryption algorithm to the encrypted data file; and

providing the encrypted data file to a requesting device, wherein the requesting device generates the received data from the encrypted data file using the decryption algorithm contained in the encrypted file, and the generated cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of the present disclosure are directed to a computing system configured to provide seamless protection to data (which can include, without limitation, data files, executable files, system configuration files, program files, and other data) stored in the computing system, while making it nearly impossible for attackers to be able to access the data outside of the computing system. The computing system uses targeted encryption and decryption, in which values of one or more system attribute are used to generate a cryptographic key used for encryption and decryption of data stored in the computing system.

28 Citations

View as Search Results

20 Claims

1. A method for securing data in a computing system, comprising:
- receiving, at the computing system, data for storage to a data storage device;
  
  acquiring values of one or more system attributes from a plurality of system attributes associated with the computing system based on a key generation policy;
  
  transforming the values of the one or more system attributes using a transformation function based on the key generation policy to generate a cryptographic key;
  
  encrypting the received data using the generated cryptographic key to generate an encrypted data file;
  
  adding a decryption algorithm to the encrypted data file; and
  
  providing the encrypted data file to a requesting device, wherein the requesting device generates the received data from the encrypted data file using the decryption algorithm contained in the encrypted file, and the generated cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18)
- - 2. The method of claim 1, wherein acquiring the values of the one or more system attributes from the plurality of system attributes associated with the computing system based on the key generation policy includes acquiring values of at least one of a file system attribute and a hardware attribute associated with the computing system.
  - 3. The method of claim 2, wherein the file system attribute includes data including at least one of a file name, a directory name, a partition name, data within a file, and metadata.
  - 4. The method of claim 2, wherein the hardware attribute includes at least one of a media access control (MAC) address, a universally unique identifier (UUID), and an international mobile equipment identity (IMEI).
  - 5. The method of claim 1, wherein the key generation policy defines a number and type of system attributes to be acquired to be used for generating the cryptographic key.
  - 6. The method of claim 1, wherein the key generation policy defines a type of transformation function used for generating the cryptographic key.
  - 7. The method of claim 1, further comprising, storing, in a list, the acquired values of the one or more system attributes, the key generation policy, and an identity of the corresponding received data that has been encrypted.
  - 8. The method of claim 7, further comprising:
    - receiving a request to decrypt the generated encrypted data;
      
      accessing the list to determine the acquired values of the one or more system attributes and the key generation policy corresponding to the identity of the received data that has been encrypted;
      
      re-generating the cryptographic key using the determined values of the one or more system attributes and the key generation policy; and
      
      using the generated cryptographic key to decrypt the encrypted data.
  - 17. The method of claim 1, wherein acquiring the values of the one or more system attributes from the plurality of system attributes associated with the computing system based on the key generation policy includes acquiring values of a hardware attribute, and wherein the hardware attribute includes at least one of a universally unique identifier (UUID) and an international mobile equipment identity (IMEI).
  - 18. The method of claim 1, wherein acquiring the values of the one or more system attributes from the plurality of system attributes associated with the computing system based on the key generation policy includes acquiring values of a file attribute, and wherein the file attribute includes at least one of a file name and a directory name.

9. A computing system, comprising:
- a computer processor having programmed instructions to acquire values of one or more system attributes from a plurality of system attributes associated with the computing system based on a key generation policy, and transforms the values of the one or more system attributes using a transformation function based on the key generation policy to generate a cryptographic key;
  
  an input/output port that receives a request for encrypting data for storage in a data storage device,wherein the computer processor encrypts the received data to generate an encrypted data file using the cryptographic key and adds a decryption algorithm to the encrypted data file, and the computer processor provides the encrypted data file to a requesting device, wherein the requesting device generates the received data from the encrypted data file using the decryption algorithm contained in the encrypted file, and the generated cryptographic key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 19, 20)
- - 10. The computing system of claim 9, wherein the values of the one or more system attributes includes values of at least one of a file system attribute and a hardware attribute associated with the computing system.
  - 11. The computing system of claim 10, wherein the file system attribute includes data including a file name, a directory name, a partition name, data within a file, and metadata.
  - 12. The computing system of claim 10, wherein the hardware attribute includes at least one of a media access control (MAC) address, a universally unique identifier (UUID), and an international mobile equipment identity (IMEI).
  - 13. The computing system of claim 9, wherein the key generation policy defines a number and type of system attributes to be acquired to be used for generating the cryptographic key.
  - 14. The computing system of claim 9, wherein the key generation policy defines a type of transformation function used for generating the cryptographic key.
  - 15. The computing system of claim 9, further comprising a memory that stores, in a list, the acquired values of the one or more system attributes, the key generation policy, and an identity of the corresponding received data.
  - 16. The computing system of claim 15, wherein the computer processor:
    - accesses the list in memory to determine the acquired values of the one or more system attributes and the key generation policy corresponding to the identity of the received data that has been encrypted, andre-generates the cryptographic key using the determined values of the one or more system attributes and the key generation policy.
  - 19. The computing system of claim 9, wherein the values of the one or more system attributes includes values of a hardware attribute, and wherein the hardware attribute includes at least one of a universally unique identifier (UUID) and an international mobile equipment identity (IMEI).
  - 20. The computing system of claim 9, wherein the values of the one or more system attributes includes values of a hardware attribute a file attribute, and wherein the file attribute includes at least one of a file name and a directory name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
US Bank National Association (US Bancorp)
Original Assignee
US Bank National Association (US Bancorp)
Inventors
Self, Blake, Lord, David
Primary Examiner(s)
Jhaveri, Jayesh M

Application Number

US15/720,604
Time in Patent Office

487 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/73   by creating or determining ...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0877   using additional device, e....

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

Systems and methods to secure data using computer system attributes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to secure data using computer system attributes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links