ENCRYPTION PROGRAM OPERATION MANAGEMENT SYSTEM AND PROGRAM

US 20110219241A1
Filed: 04/28/2011
Published: 09/08/2011
Est. Priority Date: 12/25/2008
Status: Active Grant

First Claim

Patent Images

1. An encryption program operation management system comprising:

a processing device configured to implement an encryption key table generator, the encryption key table generator configured to generate encryption keys and to generate an encryption key table comprising encrypted versions of the encryption keys and items of plain-text index information, the encrypted versions of the encryption keys being associated with the items of index information, the encryption key table generator being configured to encrypt the generated encryption keys by using a first encryption key shared by an administrator managing an encryption program and a client using a computer upon which the encryption program is to be installed,wherein the processing device is further configured to implement an installation package generator configured to generate an installation package for distribution, the installation package comprising the encryption program, the encryption key table, and an installation program configured to cause the computer to install the encryption program on the computer;

wherein the installation program is configured to cause the computer to select one of the encrypted versions of encryption keys in the encryption key table contained in the installation package used by the encryption program, and to generate and store an encryption key file comprising the selected one of the encrypted versions of encryption keys and one of the items of index information associated with the selected one of the encrypted versions of encryption keys when the installation program installs the encryption program on the computer, the installation program being configured to decrypt the selected one of the encrypted versions of encryption keys by using the first encryption key at the time of retrieving it from the encryption key table and to re-encrypt the selected one of the encrypted versions of encryption keys by using a second encryption key at the time of storing it in the encryption key file, the second encryption key being uniquely created by the client, the encryption key file being used for determination of the selected one of the encrypted versions of encryption keys, which is encrypted by using the second encryption key uniquely created by the client, by the administrator.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an encryption program operation management system includes an encryption key table creation module which creates encryption keys and creates an encryption key table including encrypted versions of the encryption keys and items of plaintext index information for recognizing the encryption keys, and an installation package creation module which creates an installation package including an encryption program, the encryption key table, and an installation program for installing the encryption program into a computer. The installation program causes the computer to carry out an operation of selecting one of the encrypted versions of encryption keys and an operation of creating and storing encryption key information including the selected one of the encrypted versions of encryption key and one of the items of plaintext index information associated with the selected one of the encrypted versions of encryption keys.

17 Citations

View as Search Results

6 Claims

1. An encryption program operation management system comprising:
- a processing device configured to implement an encryption key table generator, the encryption key table generator configured to generate encryption keys and to generate an encryption key table comprising encrypted versions of the encryption keys and items of plain-text index information, the encrypted versions of the encryption keys being associated with the items of index information, the encryption key table generator being configured to encrypt the generated encryption keys by using a first encryption key shared by an administrator managing an encryption program and a client using a computer upon which the encryption program is to be installed,wherein the processing device is further configured to implement an installation package generator configured to generate an installation package for distribution, the installation package comprising the encryption program, the encryption key table, and an installation program configured to cause the computer to install the encryption program on the computer;
  
  wherein the installation program is configured to cause the computer to select one of the encrypted versions of encryption keys in the encryption key table contained in the installation package used by the encryption program, and to generate and store an encryption key file comprising the selected one of the encrypted versions of encryption keys and one of the items of index information associated with the selected one of the encrypted versions of encryption keys when the installation program installs the encryption program on the computer, the installation program being configured to decrypt the selected one of the encrypted versions of encryption keys by using the first encryption key at the time of retrieving it from the encryption key table and to re-encrypt the selected one of the encrypted versions of encryption keys by using a second encryption key at the time of storing it in the encryption key file, the second encryption key being uniquely created by the client, the encryption key file being used for determination of the selected one of the encrypted versions of encryption keys, which is encrypted by using the second encryption key uniquely created by the client, by the administrator.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1, wherein the encryption program is configured to cause the computer to:
    - obtain an encryption key to be used for writing data to a hard disk and reading data from the hard disk, by decrypting the selected one of the encrypted versions of encryption keys in the encryption key file by using the second encryption key;
      
      encrypt target data using the obtained encryption key and write the encrypted data into the hard disk; and
      
      read the encrypted data from the hard disk and decrypt the encrypted data using the obtained encryption key.
  - 3. The system of claim 2, wherein the processing device is further configured to implement a recovery module configured to read and decrypt, when the computer of the client malfunctions, the encrypted data from the hard disk of the computer of the client using a computer of the administrator comprising a drive accessible to the installation package,wherein the recovery module is configured to access the index information from the encryption key file in the hard disk of the computer of the client, and to read one of the encrypted versions of the encryption keys that is used by the encryption program incorporated in the computer of the client based on the read index information accessed from the encryption key table contained in the installation package set in the drive, the recovery module being configured to obtain an encryption key for decrypting the encrypted data read from the hard disk of the computer of the client, by decrypting the read one of the encrypted versions of the encryption keys by using the first encryption key.

4. A computer-readable non-transitory storage medium comprising a program configured to cause a computer of an administrator that manages an encryption program that is to be distributed and installed to:
- generate encryption keys and an encryption key table comprising encrypted versions of the encryption keys and items of plain-text index information, such that the encrypted versions of the encryption keys are associated with the items of index information, the generated encryption keys being encrypted by using a first encryption key shared by the administrator and a client using a computer upon which the encryption program is to be installed; and
  
  generate an installation package for distribution, the installation package comprising the encryption program, the encryption key table, and an installation program configured to cause the computer of the client to install the encryption program on the computer of the client,wherein the installation program is configured to cause the computer of the client to select one of the encrypted versions of encryption keys in the encryption key table contained in the installation package used by the encryption program, and to generate and store an encryption key file comprising the selected one of the encrypted versions of encryption keys and one of the items of index information associated with the selected one of the encrypted versions of encryption keys, when the installation program installs the encryption program on the computer of the client, the installation program being configured to decrypt the selected one of the encrypted versions of encryption keys by using the first encryption key at the time of retrieving it from the encryption key table and to re-encrypt the selected one of the encrypted versions of encryption keys by using a second encryption key at the time of storing it in the encryption key file, the second encryption key being uniquely created by the client.
- View Dependent Claims (5, 6)
- - 5. The computer-readable non-transitory storage medium of claim 4, wherein the encryption program is configured to cause the computer of the client to:
    - obtain an encryption key to be used for writing data to a hard disk and reading data from the hard disk, by decrypting the selected one of the encrypted versions of encryption keys in the encryption key file by using the second encryption key;
      
      encrypt target data by using the obtained encryption key and write the encrypted data into the hard disk; and
      
      read the encrypted data from the hard disk and decrypt the encrypted data by using the obtained encryption key.
  - 6. The computer-readable non-transitory storage medium of claim 5, wherein the program is further configured to cause the computer of the administrator to read and decrypt, when the computer of the client malfunctions, the encrypted data from the hard disk of the computer of the client as a recovery module, the computer of the administrator comprising a drive accessible to the installation package,wherein the recovery module is configured to access the index information from the encryption key file in the hard disk of the computer of the client, and to read one of the encrypted versions of the encryption keys that is used by the encryption program incorporated in the computer of the client based on the read index information from the encryption key table contained in the installation package set in the drive, the recovery module being configured to obtain an encryption key for decrypting the encrypted data read from the hard disk of the computer of the client, by decrypting the read one of the encrypted versions of the encryption keys by using the first encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toshiba Client Solutions CO., Ltd. (Hon Hai Precision Industry Co., Ltd.)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Takeda, Jun

Granted Patent

US 8,352,751 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 2221/2107   File encryption

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

ENCRYPTION PROGRAM OPERATION MANAGEMENT SYSTEM AND PROGRAM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTION PROGRAM OPERATION MANAGEMENT SYSTEM AND PROGRAM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links