SELECTIVELY SECURING DATA AND/OR ERASING SECURE DATA CACHES RESPONSIVE TO SECURITY COMPROMISING CONDITIONS

US 20100281223A1
Filed: 04/29/2009
Published: 11/04/2010
Est. Priority Date: 04/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for processing from a cache data stored in a backing storage device in encrypted form using a data processing device that includes a processor, the method comprising:

detecting a condition indicative of user authentication;

reading data from the backing storage when the condition indicative of user authentication is detected;

evaluating the data read from the cache to identify the data as either encrypted or unencrypted;

unencrypting the data to provide unencrypted data when the data read from the cache is identified as being encrypted; and

storing the unencrypted data in the cache.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are generally described for methods, systems, data processing devices and computer readable media configured to decrypt data to be stored in a data cache when a particular condition indicative of user authentication or data security has occurred. The described techniques may also be arranged to terminate the storage of decrypted data in the cache when a particular condition that may compromise the security of the data is detected. The describe techniques may further be arranged to erase the decrypted data stored in the cache when a particular condition that may compromise the security of the data is detected.

Citations

20 Claims

1. A method for processing from a cache data stored in a backing storage device in encrypted form using a data processing device that includes a processor, the method comprising:
- detecting a condition indicative of user authentication;
  
  reading data from the backing storage when the condition indicative of user authentication is detected;
  
  evaluating the data read from the cache to identify the data as either encrypted or unencrypted;
  
  unencrypting the data to provide unencrypted data when the data read from the cache is identified as being encrypted; and
  
  storing the unencrypted data in the cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining when the encrypted data stored in the backing storage is needed for use by the processor in the data processing system;
      
      decrypting the encrypted data stored in the backing storage device to generate decrypted data when the encrypted data stored in the backing storage device is determined to be needed for use by the processor;
      
      storing the decrypted data in the cache; and
      
      passing the decrypted data from the cache to the processor.
  - 3. The method of claim 1 wherein detecting the condition indicative of user authentication comprises:
    - obtaining the data identifying the user of the data processing device;
      
      determining when the obtained data identifying the user matches authorization data identifying an authorized user; and
      
      registering the condition indicative of user authentication when the obtained data identifying the user is determined to match the authorization data identifying an authorized user.
  - 4. The method of claim 1, further comprising:
    - detecting a condition indicating that the security of the data stored in the cache may be compromised; and
      
      erasing at least some of the data stored in the cache when the detected condition indicates that the security of the data stored in the cache may be compromised.
  - 5. The method of claim 4 wherein the erasing at least some of the data stored in the cache when the detected condition indicates that the security of the data stored in the cache may be compromised comprises erasing all of the data stored in the cache.
  - 6. The method of claim 4 wherein the erasing at least some of the data stored in the cache when the detected condition indicates that the security of the data stored in the cache may be compromised comprises erasing only the unencrypted data stored in the cache that corresponds to data that was stored in the backing storage device in encrypted form.
  - 7. The method of claim 1, further comprising:
    - detecting a condition indicating that the security of the data stored in the cache may be compromised; and
      
      terminating further storage of decrypted data in the cache when the detected condition indicates that the security of the data stored in the cache may be compromised.
  - 8. The method of claim 1, further comprising:
    - detecting the condition indicating that the security of data stored in the cache may be compromised;
      
      monitoring a time lapse from when the condition indicating that the security of data stored in the cache may be comprised was detected; and
      
      determining when the time lapse exceeds a particular authorization time limit.
  - 9. The method of claim 8, further comprising:
    - detecting a re-authentication from the user of the data processing device; and
      
      resetting the time lapse from when the condition indicative of user authentication was detected when the re-authentication from the user is detected.

10. A method of protecting unencrypted data stored in a cache on a data processing device, comprising:
- detecting a condition indicating that the security of data stored in the cache may be compromised; and
  
  erasing at least some of the data stored in the cache when the condition indicating the security of data stored in the cache is detected as compromised.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10 wherein detecting the condition indicating that the security of data stored in the cache may be compromised comprises detecting when the data processing device has entered a sleep or hibernate mode.
  - 12. The method of claim 10 wherein detecting the condition indicating that the security of data stored in the cache may be compromised comprises detecting that communication with the data processing device in a wireless domain has been lost.
  - 13. The method of claim 10 wherein detecting the condition indicating that the security of data stored in the cache may be compromised comprises detecting that the data processing device has lost a connection to a network or proximity to a user.
  - 14. The method of claim 10 wherein the erasing of the data stored in the cache comprises:
    - determining when a portion of the data stored in the backing storage is encrypted; and
      
      conditioning the erasing of the decrypted data stored in the cache on the determination that the corresponding portion of the data stored in the backing storage is encrypted.

15. A data processing system responsive to input from a user, the data processing system comprising:
- an authentication device for generating authentication data associated with user input;
  
  a cache to store data; and
  
  a data processor arranged to decrypt data to be stored in the cache, wherein the data processor is configured to;
  
  detect a condition indicative of user authentication in response to the authentication data;
  
  receive data;
  
  determine when a portion of the received data is encrypted;
  
  when the condition indicative of user authentication is detected, decrypt the portion of received data that is determined to be encrypted to generate decrypted data; and
  
  storing the decrypted data in the cache.
- View Dependent Claims (16, 17, 18)
- - 16. The data processing system of claim 15 wherein the authentication device comprises one of a radio frequency identification reader, a thumbprint scanner, or a retinal scanner.
  - 17. The data processing system of claim 15 wherein the data processor is further configured to:
    - identify the received data that is unencrypted; and
      
      storing the already unencrypted data in the cache.
  - 18. The data processing system of claim 15 wherein the data processor is further configured to:
    - detect a condition indicating that the security of data stored in the cache may be compromised; and
      
      erase the unencrypted data stored in the cache after the condition indicating that the security of data stored in the cache may be compromised is detected.

19. A data processing system comprising:
- a cache for storing data; and
  
  a data processor arranged in cooperation with the cache, wherein the data processor is configured to;
  
  detect a condition indicating that the security of data stored in the cache may be compromised; and
  
  erase at least a portion of the data stored in the cache after the condition indicating that the security of data stored in the cache may be compromised is detected.

20. A computer accessible medium having stored thereon computer executable instructions to be executed by a processor for data cache encryption and decryption, wherein the computer executable instructions are configured to enable the processor to:
- detect a condition indicating that the security of data stored in the cache may be compromised; and
  
  erase at least a portion of the data stored in the cache after the condition indicating that the security of data stored in the cache may be compromised.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Original Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Inventors
Wolfe, Andrew, Conte, Thomas Martin

Granted Patent

US 8,352,679 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/133
CPC Class Codes

G06F 12/0808   with cache invalidating mea...

G06F 12/1408   by using cryptography for d...

G06F 12/1458   by checking the subject acc...

G06F 21/6209   to a single file or object,...

G06F 21/79   in semiconductor storage me...

SELECTIVELY SECURING DATA AND/OR ERASING SECURE DATA CACHES RESPONSIVE TO SECURITY COMPROMISING CONDITIONS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SELECTIVELY SECURING DATA AND/OR ERASING SECURE DATA CACHES RESPONSIVE TO SECURITY COMPROMISING CONDITIONS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links