ADMINISTRATION OF DATA ENCRYPTION IN ENTERPRISE COMPUTER SYSTEMS

US 20070022285A1
Filed: 06/09/2006
Published: 01/25/2007
Est. Priority Date: 07/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method of remotely administering data encryption in a computing system having an authentication server and at least one client computer having a data storage device suitably arranged for storing encrypted data, comprising:

determining if the client computer on which the encrypted data is stored is an authorized client computer;

passing an encrypted data storage key from the client computer to the authentication server if the client computer is authorized;

decrypting the encrypted data storage key by the authentication server;

passing the decrypted data storage key to the client computer; and

using the decryption key to access the encrypted data on the data storage device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Encrypting data on an originating computer and prevent access to this data if the computer is stolen or otherwise unauthorized for use. Access to the encrypted data is granted based on the originating computer'"'"'s ability to successful send the data encryption keys, via an electronic connection, to a remote computer and have the remote computer decrypt the encryption keys and transmit them back to the he originating computer. When originating computer receives the decrypt encryption keys it can then successfully decrypt the encrypted hard drive using the encryption key provided by the remote computer. In particular a number of embodiments are described.

Citations

30 Claims

1. A method of remotely administering data encryption in a computing system having an authentication server and at least one client computer having a data storage device suitably arranged for storing encrypted data, comprising:
- determining if the client computer on which the encrypted data is stored is an authorized client computer;
  
  passing an encrypted data storage key from the client computer to the authentication server if the client computer is authorized;
  
  decrypting the encrypted data storage key by the authentication server;
  
  passing the decrypted data storage key to the client computer; and
  
  using the decryption key to access the encrypted data on the data storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as recited in claim 1, wherein the client computer is authorized when the client computer is behind a designated firewall.
  - 3. A method as recited in claim 1, further comprising:
    - providing a list of excluded client computers that identify those client computers that are not authorized.
  - 4. A method as recited in claim 3, wherein the determining if the client computer is authorized, comprises:
    - querying the list of excluded client computers for an identifier corresponding to the client computer; and
      
      if the identifier corresponding to the client computer is not on the list of excluded client computers, then authorizing the client computer.
  - 5. A method as recited in claim 1, further comprising:
    - at the authentication server, generating a private key and a public key;
      
      instantiating a communication program; and
      
      embedding the public key in the communication program.
  - 6. A method as recited in claim 5, further comprising;
    - passing the communication program to the authorized client computer; and
      
      installing the communication program on the authorized client computer.
  - 7. A method as recited in claim 5, further comprising;
    - storing the communication program on a portable bootable storage device.
  - 8. A method as recited in claim 6, further comprising;
    - coupling the portable bootable storage device to the authorized client computer; and
      
      installing the communication program on the authorized computer.
  - 9. A method as recited in claim 6, comprising;
    - booting the authorized client computer;
      
      encrypting a data storage key using the public key embedded in the communication program; and
      
      establishing a secure communication link between the authorized client computer and the authentication server.
  - 10. A method as recited in claim 9, comprising;
    - passing the encrypted data storage key from the authorized client computer to the authentication server by way of the secure communication link; and
      
      passing the decrypted data storage key from the authentication server back to the authorized client computer by way of the secure communication link.

11. An apparatus for remotely administering data encryption in a computing system having an authentication server and at least one client computer having a data storage device suitably arranged for storing encrypted data, comprising:
- means for determining if the client computer on which the encrypted data is stored is an authorized client computer;
  
  means for passing an encrypted data storage key from the client computer to the authentication server if the client computer is authorized;
  
  means for decrypting the encrypted data storage key by the authentication server;
  
  means for passing the decrypted data storage key to the client computer; and
  
  means for using the decryption key to access the encrypted data on the data storage device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. An apparatus as recited in claim 11, wherein the client computer is authorized when the client computer is behind a designated firewall.
  - 13. An apparatus as recited in claim 11, further comprising:
    - means for providing a list of excluded client computers that identify those client computers that are not authorized.
  - 14. An apparatus as recited in claim 13, wherein the determining if the client computer is authorized, comprises:
    - means for querying the list of excluded client computers for an identifier corresponding to the client computer; and
      
      means for authorizing the client computer if the identifier corresponding to the client computer is not on the list of excluded client computers.
  - 15. An apparatus as recited in claim 11, further comprising:
    - means for generating a private key and a public key;
      
      means for instantiating a communication program; and
      
      means for embedding the public key in the communication program.
  - 16. An apparatus as recited in claim 15, further comprising;
    - means for passing the communication program to the authorized client computer; and
      
      means for installing the communication program on the authorized client computer.
  - 17. An apparatus as recited in claim 15, further comprising;
    - means for storing the communication program on a portable bootable storage device.
  - 18. An apparatus as recited in claim 16, further comprising;
    - means for coupling the portable bootable storage device to the authorized client computer; and
      
      means for installing the communication program on the authorized computer.
  - 19. An apparatus as recited in claim 16, comprising;
    - means for booting the authorized client computer;
      
      means for encrypting a data storage key using the public key embedded in the communication program; and
      
      means for establishing a secure communication link between the authorized client computer and the authentication server.
  - 20. An apparatus as recited in claim 19, comprising;
    - means for passing the encrypted data storage key from the authorized client computer to the authentication server by way of the secure communication link; and
      
      means for passing the decrypted data storage key from the authentication server back to the authorized client computer by way of the secure communication link.

21. Computer program product executable by a processor for remotely administering data encryption in a computing system having an authentication server and at least one client computer having a data storage device suitably arranged for storing encrypted data, comprising:
- computer code for determining if the client computer on which the encrypted data is stored is an authorized client computer;
  
  computer code for passing an encrypted data storage key from the client computer to the authentication server if the client computer is authorized;
  
  computer code for decrypting the encrypted data storage key by the authentication server;
  
  computer code for passing the decrypted data storage key to the client computer;
  
  computer code for using the decryption key to access the encrypted data on the data storage device; and
  
  computer readable medium for storing the computer code.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. Computer program product as recited in claim 21, wherein the client computer is authorized when the client computer is behind a designated firewall.
  - 23. Computer program product as recited in claim 21, further comprising:
    - computer code for providing a list of excluded client computers that identify those client computers that are not authorized.
  - 24. Computer program product as recited in claim 23, wherein the determining if the client computer is authorized, comprises:
    - computer code for querying the list of excluded client computers for an identifier corresponding to the client computer; and
      
      computer code for authorizing the client computer if the identifier corresponding to the client computer is not on the list of excluded client computers.
  - 25. Computer program product as recited in claim 21, further comprising:
    - computer code for generating a private key and a public key;
      
      computer code for instantiating a communication program; and
      
      computer code for embedding the public key in the communication program.
  - 26. Computer program product as recited in claim 25, further comprising;
    - computer code for passing the communication program to the authorized client computer; and
      
      computer code for installing the communication program on the authorized client computer.
  - 27. Computer program product as recited in claim 25, further comprising;
    - computer code for storing the communication program on a portable bootable storage device.
  - 28. Computer program product as recited in claim 26, further comprising;
    - computer code for coupling the portable bootable storage device to the authorized client computer; and
      
      computer code for installing the communication program on the authorized computer.
  - 29. Computer program product as recited in claim 26, comprising;
    - computer code for booting the authorized client computer;
      
      computer code for encrypting a data storage key using the public key embedded in the communication program; and
      
      computer code for establishing a secure communication link between the authorized client computer and the authentication server.
  - 30. Computer program product as recited in claim 29, comprising;
    - computer code for passing the encrypted data storage key from the authorized client computer to the authentication server by way of the secure communication link; and
      
      computer code for passing the decrypted data storage key from the authentication server back to the authorized client computer by way of the secure communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
GuardianEdge Technologies, Inc. (Gen Digital Inc.)
Inventors
Groth, Noah, Boyadjiev, Krassimir

Granted Patent

US 8,204,233 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/6209 to a single file or object,...

G06F 21/80 in storage media based on m...

ADMINISTRATION OF DATA ENCRYPTION IN ENTERPRISE COMPUTER SYSTEMS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

ADMINISTRATION OF DATA ENCRYPTION IN ENTERPRISE COMPUTER SYSTEMS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links