Transparent encryption and access control for mass-storage devices
First Claim
1. A method of securing data on a mass storage device, the method comprising:
- obtaining permission for a specified access by a current user to a mass storage device, said mass storage device having one or more blocks of data of a known size stored thereon, each block of data being encrypted with a symmetric cipher that preserves the size of the block;
if permission is obtained, obtaining the encrypted key of the symmetric cipher used for encrypting the blocks on the mass storage device;
obtaining the private key or pass phrase for decrypting the encrypted key of the symmetric cipher;
decrypting the encrypted key using the private key or pass phrase to obtain the key for the symmetric cipher; and
performing a block operation on the mass storage device with the symmetric cipher.
15 Assignments
0 Petitions
Accused Products
Abstract
A system and method for securing data on a mass storage device. A centralized device permission store contains device identifiers for the mass storage devices to be secured along with keys of a symmetric cipher that have been encrypted with public keys or pass phrases of authorized users of the devices. A list of these users also contained in the store. A helper module provides the private key or pass phrase, for imported keys, needed to decrypt the key of the symmetric cipher, which is used to encrypt and decrypt blocks of data stored on the mass storage device. When a read request is made, a protection module intercepts the request, obtains the block from the mass storage device and decrypts the block. When a write request is made, the protection module intercepts the request, encrypts the block and has it stored on the mass storage device.
-
Citations
14 Claims
-
1. A method of securing data on a mass storage device, the method comprising:
-
obtaining permission for a specified access by a current user to a mass storage device, said mass storage device having one or more blocks of data of a known size stored thereon, each block of data being encrypted with a symmetric cipher that preserves the size of the block;
if permission is obtained, obtaining the encrypted key of the symmetric cipher used for encrypting the blocks on the mass storage device;
obtaining the private key or pass phrase for decrypting the encrypted key of the symmetric cipher;
decrypting the encrypted key using the private key or pass phrase to obtain the key for the symmetric cipher; and
performing a block operation on the mass storage device with the symmetric cipher. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for securing data on a mass storage device, the system comprising:
-
a centralized device permission store for storing device identifiers and publicly encrypted keys of a symmetric cipher associated with devices identified by the identifiers, for storing a list of users authorized to use a device identified by an identifier;
an authorization agent in operative communication with the centralized device permission store, configured to initialize new devices and register them with the device permission store, to generate device identifiers and publicly encrypted keys of a symmetric cipher, and to view and modify lists of users authorized to use protected devices;
a helper module for obtaining a private key of an authorized user, the private key for use in decrypting the publicly encrypted key of a symmetric cipher, for obtaining a user pass phrase for use in decrypting an imported encrypted key of a symmetric cipher, and for importing an encrypted key of a symmetric cipher, if it is supplied as a file; and
a protection module in operative communication with the centralized device permission store and the helper module, for intercepting a block to be written to a mass storage device to encrypt the block using a symmetric cipher and for intercepting a block read from the mass storage device to decrypt the block using a symmetric cipher, said symmetric cipher preserving the size of data blocks on the mass storage device
-
Specification