Differential encryption utilizing trust modes

US 20100325443A1
Filed: 04/02/2008
Published: 12/23/2010
Est. Priority Date: 04/02/2008
Status: Active Grant

First Claim

Patent Images

1. A method of data security comprising:

detecting the status of a connection between a system and a security system; and

when detecting that the system is disconnected from a security device, implementing a first encryption paradigm for the system; and

when detecting that the system is connected to the security device, implementing a second encryption paradigm for the system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.

54 Citations

View as Search Results

34 Claims

1. A method of data security comprising:
- detecting the status of a connection between a system and a security system; and
  
  when detecting that the system is disconnected from a security device, implementing a first encryption paradigm for the system; and
  
  when detecting that the system is connected to the security device, implementing a second encryption paradigm for the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the system is one selected from the group consisting of:
    - a client, a server, a personal computer, a handheld device, a personal digital assistant, a cellular phone, a kiosk, an automatic teller machine, a point of sale system, and a vending machine.
  - 3. The method of claim 1, wherein the step of implementing a first encryption paradigm further comprises:
    - creating temporary credentials.
  - 4. The method of claim 3, wherein the step of implementing a second encryption paradigm further comprises:
    - replacing the temporary credentials with credentials allowing access to the security device.
  - 5. The method of claim 1, wherein the step of implementing a first encryption paradigm further comprises:
    - creating a temporary encryption key.
  - 6. The method of claim 5, wherein the step of implementing a second encryption paradigm further comprises:
    - replacing the temporary encryption key with a durable encryption key.
  - 7. The method of claim 5, wherein the step of implementing a first encryption paradigm further comprises:
    - encrypting the temporary encryption key.
  - 8. The method of claim 1, wherein the step of implementing a first encryption paradigm further comprises:
    - obtaining a temporary encryption key previously sent by the security device.
  - 9. The method of claim 5 or 7, wherein the method further comprises:
    - encrypting data with the temporary encryption key.
  - 10. The method of claim 9, wherein the method further comprises:
    - storing the data on the system.
  - 11. The method of claim 9, further comprising:
    - transferring the data from the system to a storage device.
  - 12. The method of claim 11, wherein information about the temporary encryption key is transferred with the data.
  - 13. The method of claim 11, wherein information about the temporary credentials is transferred with the data.
  - 14. The method of claim 1, wherein the step of implementing a second encryption paradigm further comprises:
    - receiving a durable encryption key from the security device.
  - 15. The method of claim 1, wherein the step of implementing a second encryption paradigm further comprises:
    - receiving a new temporary encryption key from the security device.
  - 16. The method of claim 1, wherein the first encryption paradigm includes a first limit on data access.
  - 17. The method of claim 16, wherein the second encryption paradigm includes a second limit on data access.
  - 18. The method of claim 17, wherein the first encryption paradigm includes a first limit on data access, the second encryption paradigm includes a second limit on data access, and wherein the second limit allows for more data access than the first limit.

19. A method of data security comprising:
- detecting whether a system is attended; and
  
  when detecting that the system is unattended, implementing a first encryption paradigm for the system; and
  
  when detecting that the system is attended, implementing a second encryption paradigm for the system.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 20. The method of claim 19, wherein the step of implementing a first encryption paradigm further comprises:
    - creating temporary credentials.
  - 21. The method of claim 19, wherein the step of implementing a first encryption paradigm further comprises:
    - creating a temporary encryption key.
  - 22. The method of claim 21, wherein the step of implementing a first encryption paradigm further comprises:
    - encrypting the temporary encryption key.
  - 23. The method of claim 19, wherein the step of implementing a first encryption paradigm further comprises:
    - obtaining a temporary encryption key previously sent by the security device.
  - 24. The method of claim 21 or 23, wherein the method further comprises:
    - encrypting data with the temporary encryption key.
  - 25. The method of claim 24, further comprising:
    - transferring the data from the system to a storage device.
  - 26. The method of claim 25, wherein information about the temporary encryption key is transferred with the data.
  - 27. The method of claim 25 wherein information about the temporary credentials is transferred with the data.
  - 28. The method of claim 19, wherein the step of implementing a second encryption paradigm further comprises:
    - receiving a new temporary encryption key from the security device.
  - 29. The method of claim 19, wherein the step of implementing a second encryption paradigm further comprises:
    - receiving a durable encryption key from the security device.
  - 30. The method of claim 19, wherein the first encryption paradigm includes a first limit on data access.
  - 31. The method of claim 19, wherein the second encryption paradigm includes a second limit on data access.
  - 32. The method of claim 31, wherein the first encryption paradigm includes a first limit on data access, the second encryption paradigm includes a second limit on data access, and wherein the second limit allows for more data access than the first limit.

33. A computer-readable medium whose contents cause a computer to perform a method of data security comprising:
- detecting the status of a connection between a system and a security system; and
  
  when detecting that the system is disconnected from a security device, implementing a first encryption paradigm for the system; and
  
  when detecting that the system is connected to the security device, implementing a second encryption paradigm for the system.

34. A computer-readable medium whose contents cause a computer to perform a method of data security comprising:
- detecting whether a system is attended; and
  
  when detecting that the system is unattended, implementing a first encryption paradigm for the system; and
  
  when detecting that the system is attended, implementing a second encryption paradigm for the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf

Granted Patent

US 8,225,106 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/4012   Verifying personal identifi...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 9/00   Cryptographic mechanisms or...

H04L 9/32   including means for verifyi...

Differential encryption utilizing trust modes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Differential encryption utilizing trust modes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links