REMOTE STORAGE ENCRYPTION SYSTEM

US 20090300356A1
Filed: 05/26/2009
Published: 12/03/2009
Est. Priority Date: 05/27/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

mapping at least one access credential to at least one encryption key;

receiving a request for the encryption key from a remote requestor;

accepting the access credential with the request;

validating the access credential against a previously stored version thereof;

retrieving the encryption key associated with the access credential based on the mapping; and

sending the key to the remote requester.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary remote storage encryption system includes a data storage unit and a key server having a key management module configured to communicate with a client device. The key management module stores at least one key access map that maps at least one access credential to at least one encryption key to determine which encryption key to provide to the client device. An exemplary method includes mapping the at least one access credential to the at least one encryption key, receiving a request for the encryption key from a remote requestor, accepting the access credential with the request, validating the access credential against a previously stored version thereof, retrieving the encryption key associated with the access credential based on the mapping, and sending the key to the remote requester.

150 Citations

23 Claims

1. A method, comprising:
- mapping at least one access credential to at least one encryption key;
  
  receiving a request for the encryption key from a remote requestor;
  
  accepting the access credential with the request;
  
  validating the access credential against a previously stored version thereof;
  
  retrieving the encryption key associated with the access credential based on the mapping; and
  
  sending the key to the remote requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as set forth in claim 1, further comprising generating the encryption key.
  - 3. A method as set forth in claim 1, further comprising mapping at least one of a data storage unit identifier, a user identifier, a data storage location, and a previously stored version of the access credential to the encryption key.
  - 4. A method as set forth in claim 3, further comprising obtaining at least one additional attribute from the request including at least one of a data storage unit identifier, a user identifier, a data storage location with the request, and wherein retrieving the encryption key is based on said at least one additional attribute.
  - 5. A method as set forth in claim 4, augmenting the access credential with at least one of said additional attributes.
  - 6. A method as set forth in claim 3, further comprising delivering the encryption key mapped to the provided access credential.
  - 7. A method as set forth in claim 1, further comprising sharing at least one encryption key with at least one of a plurality of users and a plurality of data storage units.
  - 8. A method as set forth in claim 1, further comprising providing the access credential with the key request.
  - 9. A method as set forth in claim 1, further comprising initiating an authentication session.
  - 10. A method as set forth in claim 1, wherein the access credential includes at least one of a password, a digital certificate, and a biometric identifier.
  - 11. A method as set forth in claim 1, further comprising:
    - encrypting a resource with the encryption key; and
      
      decrypting the resource with the encryption key.

12. A system comprising:
- a data storage unit; and
  
  a key server in communication with said data storage unit, said key server including a key management module configured to communicate with a client device;
  
  wherein said key management module stores at least one key access map that maps at least one access credential to at least one encryption key to determine which of said at least one encryption keys to provide to the client device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. A system as set forth in claim 12, wherein said key management module is configured to provide the at least one access credential with a key request received from the client device.
  - 14. A system as set forth in claim 12, wherein said key management module is configured to receive a key request from a key request module stored on the client device.
  - 15. A system as set forth in claim 14, wherein said key management module is configured to provide the at least one encryption key to the key request module.
  - 16. A system as set forth in claim 14, wherein said key management module is configured to receive at least one of a user name, a session identifier, a password, a digital certificate, and a biometric identifier as the access credential from the key request module.
  - 17. A system as set forth in claim 12, wherein the at least one access credential includes an identifier of said data storage unit.
  - 18. A system as set forth in claim 12, wherein said key access map includes additional data identifying the type of access credential.
  - 19. A system as set forth in claim 12, wherein said data storage unit is configured to provide at least a portion of the at least one access credential to said key management module.
  - 20. A system as set forth in claim 12, wherein said data storage unit is selectively attachable to the client device.
  - 21. A system as set forth in claim 12, wherein said data storage unit includes a unique identifier.
  - 22. A system as set forth in claim 21, wherein the unique identifier of said data storage unit may be the at least one access credential.

23. A system comprising:
- a data storage unit having a unique identifier, said data storage unit being selectively attachable to a client device; and
  
  a key server in communication with said data storage unit, said key server including a key management module configured to communicate with the client device, said key management module storing at least one key access map that maps at least one access credential to at least one encryption key to determine which of said at least one encryption keys to provide to the client device and said key management module being configured to provide the at least one access credential with a key request received from the client device,wherein said data storage unit is configured to provide at least a portion of the at least one access credential to said key management module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jeffrey L. Crandell
Original Assignee
Jeffrey L. Crandell
Inventors
Crandell, Jeffrey L.

Application Number

US12/472,068
Publication Number

US 20090300356A1
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/6209   to a single file or object,...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0861   using biometrical features,...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3231   Biological data, e.g. finge...

REMOTE STORAGE ENCRYPTION SYSTEM

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

150 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

REMOTE STORAGE ENCRYPTION SYSTEM

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links