HARDWARE ENCRYPTING STORAGE DEVICE WITH PHYSICALLY SEPARABLE KEY STORAGE DEVICE

US 20100185843A1
Filed: 01/20/2009
Published: 07/22/2010
Est. Priority Date: 01/20/2009
Status: Abandoned Application

First Claim

Patent Images

1. A storage system for storing and providing computing device data, the storage system comprising:

one or more key devices, that are physically and communicationally separable from a storage device, the one or more key devices comprising cryptographic information; and

the storage device comprising;

one or more computer-readable media having data stored thereon;

one or more processing units; and

instructions, executable by the one or more processing units, for performing steps comprising;

securing, with reference to the cryptographic information of a communicationally connected key device, from among the one or more key devices, data to be stored on the one or more computer-readable media; and

denying requests, from a computing device, to access data stored on the one or more computer-readable media, if all of the one or more key devices are communicationally separated from the storage device and at least one of the one or more key devices was previously communicationally connected to the storage device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Storage devices can provide for hardware encryption and decryption of data stored by them. The hardware cryptographic functions can be applied with reference to cryptographic information of a communicationally, and physically, separable key device. Disconnection of the separable key device can render encrypted data inaccessible. Destruction of the separable key device can result in virtual destruction of the encrypted data. The cryptographic information on the separable key device can be provided by a storage device manufacturer, or by a provisioning computing device. The separable key device can be directly communicationally coupled to a provisioning computing device or it can establish a secure communication tunnel with the provisioning device through a computing device to which the separable key device is communicationally coupled. Cryptographic information can be provided by, and deleted from, the provisioning computing device prior to completion of the booting of that device.

105 Citations

View as Search Results

20 Claims

1. A storage system for storing and providing computing device data, the storage system comprising:
- one or more key devices, that are physically and communicationally separable from a storage device, the one or more key devices comprising cryptographic information; and
  
  the storage device comprising;
  
  one or more computer-readable media having data stored thereon;
  
  one or more processing units; and
  
  instructions, executable by the one or more processing units, for performing steps comprising;
  
  securing, with reference to the cryptographic information of a communicationally connected key device, from among the one or more key devices, data to be stored on the one or more computer-readable media; and
  
  denying requests, from a computing device, to access data stored on the one or more computer-readable media, if all of the one or more key devices are communicationally separated from the storage device and at least one of the one or more key devices was previously communicationally connected to the storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The storage system of claim 1, wherein the instructions for securing with reference to the cryptographic information comprise instructions for securing the data to be stored on the one or more computer-readable media with reference to both the cryptographic information and additional cryptographic information stored on the one or more computer-readable media.
  - 3. The storage system of claim 1, wherein the storage device further comprises instructions, executable by the one or more processing units, for marking as no longer usable data on the one or more computer-readable media that was encrypted with reference to the cryptographic information of a former communicationally connected key device, from among the one or more key devices, if a current communicationally connected key device, from among the one or more key devices, is different from the former communicationally connected key device.
  - 4. The storage system of claim 1, further comprising a selector for selecting one of optional instructions executable by the one or more processing units if one or more key devices currently communicationally connected to the storage device are not equivalent to one or more key devices previously communicationally connected to the storage device, the optional instructions comprising:
    - instructions for reporting, to the computing device, that the storage device is not ready; and
      
      instructions for generating internal cryptographic information to be utilized in place of the cryptographic information of the one or more key devices.
  - 5. The storage system of claim 1, wherein the storage device further comprises instructions, executable by the one or more processing units, for sending data to the at least one key device to be signed with reference to the cryptographic information of the at least one key device.
  - 6. The storage system of claim 1, wherein at least some of the cryptographic information is provided to the one or more key devices by a provisioning computing device.
  - 7. The storage system of claim 6, wherein at least one of the one or more key devices comprises one or more key device processing units and instructions, executable by the one or more key device processing units, for establishing a secure communication tunnel with the provisioning computing device.
  - 8. The storage system of claim 6, wherein the cryptographic information is provided by the provisioning computing device during a booting of an operating system of the provisioning computing device;
    - and wherein further the cryptographic information is purged from the provisioning computing device prior to a completion of the booting of the operating system of the provisioning computing device.

9. A storage device, physically and communicationally separable from one or more key devices comprising cryptographic information, the storage device comprising:
- one or more computer-readable media having data stored thereon;
  
  one or more processing units; and
  
  instructions, executable by the one or more processing units, for performing steps comprising;
  
  securing, with reference to the cryptographic information of a communicationally connected key device, from among the one or more key devices, data to be stored on the one or more computer-readable media; and
  
  denying requests, from the computing device, to access data stored on the one or more computer-readable media, if all of the one or more key devices are communicationally separated from the storage device and at least one of the one or more key devices was previously communicationally connected to the storage device.
- View Dependent Claims (10, 11)
- - 10. The storage device of claim 9, further comprising a physical interface for the one or more key devices, wherein at least a portion of the physical interface is visible from outside of the storage device, the portion being indicative of presence or absence of one or more key devices coupled to the physical interface.
  - 11. The storage device of claim 9, further comprising a visual indicator, indicating a status of at least one of the one or more key devices.

12. A key device, physically and communicationally separable from a storage device comprising encrypted data received from a computing device, the key device comprising:
- at least one communicational interface;
  
  computer-readable media comprising cryptographic information utilized to secure the data of the storage device; and
  
  a visible unique identifier of the storage device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The key device of claim 12, further comprising a measuring and sealing module for performing steps comprising:
    - obtaining unique values from at least some components of a communicationally connected storage device;
      
      deriving a measurement of the communicationally connected storage device based on the obtained unique values; and
      
      providing the cryptographic information to the communicationally connected storage device if the measurement of the communicationally connected storage device is equivalent to a previously obtained measurement.
  - 14. The key device of claim 12, wherein the communicational interface physically connects to a connector on the storage device.
  - 15. The key device of claim 12, further comprising a structurally weakened portion intersecting at least one of the computer-readable media and the at least one communicational interface, wherein physically breaking the key device along the structurally weakened portion renders the cryptographic information unusable.
  - 16. The key device of claim 12, wherein the computer-readable media further comprises additional cryptographic information utilized by another storage device.
  - 17. The key device of claim 12, further comprising one or more processing units, wherein the computer-readable media further comprises instructions, executable by the one or more processors, for establishing a secure communications tunnel between the key device and a provisioning computing device providing the cryptographic information.
  - 18. The key device of claim 12, wherein the key device is a GSM SIM card.
  - 19. The key device of claim 12, further comprising one or more processing units for securing data received by the key device with reference to the cryptographic information.
  - 20. The key device of claim 12, wherein the key device is a USB-based device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rogers, Harry Raymond, Falk, Timothy Louis, Sadovsky, Vladimir, Hamilton, James Robert, Olarig, Sompong Paul, Lionetti, Chris

Application Number

US12/356,326
Publication Number

US 20100185843A1
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2107   File encryption

G06F 2221/2153   Using hardware token as a s...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

HARDWARE ENCRYPTING STORAGE DEVICE WITH PHYSICALLY SEPARABLE KEY STORAGE DEVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HARDWARE ENCRYPTING STORAGE DEVICE WITH PHYSICALLY SEPARABLE KEY STORAGE DEVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links