Automatic Secure Escrowing of a Password for an Encrypted File or Partition Residing on an Attachable Storage Device that the Device can be Unlocked Without User Intervention

US 20120131336A1
Filed: 11/16/2011
Published: 05/24/2012
Est. Priority Date: 11/17/2010
Status: Active Grant

First Claim

Patent Images

1. A method and apparatus for a user to selectively and securely escrow an encryption password or key to a file residing on a processor based computing device, where said escrowed password or key can be used for automatically unlocking one or more encrypted files or partitions located on an externally attachable data storage device connected to said processor based computing device such that the password need only be optionally provided by the user at least once on said selected processor based computing device and comprising:

a. An externally attachable data storage device containing one or more encrypted files or partitions;

b. an encryption software program or hardware encryption module residing on said externally attachable data storage device which is used for unlocking or locking selected encrypted files or partitions contained on the attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;

c. an escrowing software program for managing the secure escrowing of an encryption password or key, said escrowing software program residing on said externally attached data storage device containing said encrypted files or partitions;

d. said escrowing software program will offer said user the option to securely escrow or save said encryption password or key to said processor based computing device to which said external data storage device is attached;

e. said password or key is then encrypted using an encryption key constructed with a plurality of unique data of which some or all is not under the control of, nor specified by said user and consisting of, but not limited to unique characteristics of said external data storage device and said processor based computing device;

f. said password or key is then securely escrowed on said processor based computing device;

g. said escrow software program will then pass said password or key to said encryption software program or hardware encryption module to unlock said encrypted files or partitions residing on said attached external data storage device;

h. on subsequent insertions of said attached external storage device, if said user had indicated to said escrow software program that said password or key was to be remembered, said escrow software program will retrieve said password or key by reconstructing said encryption key from the plurality of unique data used to encrypt said password or key and decrypting said encrypted password or key without said user intervening, said password or key then being passed to said encryption software program or hardware encryption module and automatically unlocking the selected encrypted files or partitions without the need for the user to insert the encryption password or key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

External data storage device queries the user for a password on at least the first attachment. The password is escrowed in encrypted form. If the user elects this option, the password is then passed to an encryption module which unlocks the encrypted file or partition and upon subsequent attachments of the external data storage device may automatically unlock the encrypted file or partition using the securely escrowed password. The escrow of the encrypted password is managed in an external storage device containing the encrypted file or partition.

Citations

8 Claims

1. A method and apparatus for a user to selectively and securely escrow an encryption password or key to a file residing on a processor based computing device, where said escrowed password or key can be used for automatically unlocking one or more encrypted files or partitions located on an externally attachable data storage device connected to said processor based computing device such that the password need only be optionally provided by the user at least once on said selected processor based computing device and comprising:
- a. An externally attachable data storage device containing one or more encrypted files or partitions;
  
  b. an encryption software program or hardware encryption module residing on said externally attachable data storage device which is used for unlocking or locking selected encrypted files or partitions contained on the attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  c. an escrowing software program for managing the secure escrowing of an encryption password or key, said escrowing software program residing on said externally attached data storage device containing said encrypted files or partitions;
  
  d. said escrowing software program will offer said user the option to securely escrow or save said encryption password or key to said processor based computing device to which said external data storage device is attached;
  
  e. said password or key is then encrypted using an encryption key constructed with a plurality of unique data of which some or all is not under the control of, nor specified by said user and consisting of, but not limited to unique characteristics of said external data storage device and said processor based computing device;
  
  f. said password or key is then securely escrowed on said processor based computing device;
  
  g. said escrow software program will then pass said password or key to said encryption software program or hardware encryption module to unlock said encrypted files or partitions residing on said attached external data storage device;
  
  h. on subsequent insertions of said attached external storage device, if said user had indicated to said escrow software program that said password or key was to be remembered, said escrow software program will retrieve said password or key by reconstructing said encryption key from the plurality of unique data used to encrypt said password or key and decrypting said encrypted password or key without said user intervening, said password or key then being passed to said encryption software program or hardware encryption module and automatically unlocking the selected encrypted files or partitions without the need for the user to insert the encryption password or key.
- View Dependent Claims (6, 7, 8)
- - 6. The methods and apparatus'"'"' of any one of claims 1, 2, 4 or 5 where said attachable data storage device is any of but not limited to the following:
    - a. Flash memory drive;
      
      b. Rotating magnetic hard disk drive;
      
      c. WORM optical or magnetic disk drive;
      
      d. Optical write once disk drive;
      
      e. Optical read/write disk drive.
  - 7. Any of the methods and apparatus'"'"' of any one of claims 1, 2, 4 or 5 where said attachable storage device is connected to said processor based computing device through any but not limited to the following buses:
    - a. Universal Serial Bus (USB)b. IEEE-1394 (Firewire)c. Wireless USBd. Wireless Bluetoothe. Wireless 802.11f. Thunderbolt interface
  - 8. The methods and apparatus'"'"' of any of claims 1, 2, 4 or 5 where said attachable storage device contains a hardware based encryption engine where the said password or key is passed to the said hardware based encryption engine by said escrow software program.

2. A method and apparatus for a user to selectively and securely escrow an encryption password or key to a file residing on a network, said network connected wired or wirelessly to a user'"'"'s processor based computing device, where said escrowed password or key can be used for automatically unlocking one or more encrypted files or partitions located on an externally attachable data storage device connected to said processor based computing device such that the password need only be optionally provided by the user at least once on said selected processor based computing device and comprising:
- a. An externally attachable data storage device containing one or more encrypted files or partitions;
  
  b. an encryption software program or hardware encryption module residing on said externally attachable data storage device which is used for unlocking or locking selected encrypted files or partitions contained on the attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  c. an escrowing software program for managing the secure escrowing of an encryption password or key, said escrowing software program residing on said externally attached data storage device containing said encrypted files or partitions;
  
  d. said escrowing software program will offer said user the option to securely escrow or save said encryption password or key to said file residing on said network, said network connected to said processor based computing device to which said external data storage device is attached;
  
  e. said password or key is then encrypted using an encryption key constructed with a plurality of unique data of which some or all is not under the control of nor specified by said user and consisting of, but not limited to unique characteristics of said external data storage device, said processor based computing device, said network environment and/or the network domain to which said user is assigned;
  
  f. said password or key is then securely escrowed on said file residing on said network;
  
  g. said escrow software program will then pass said password or key to said encryption software program or hardware encryption module to unlock said encrypted files or said partitions residing on said attached external data storage device;
  
  h. on subsequent insertions of said attached external storage device, if said user had indicated to said escrow software program that said password or key was to be remembered, said escrow software program will retrieve said password or key by reconstructing said encryption key from said plurality of unique data used to encrypt said password or key and decrypting said encrypted password residing in said file on said network without said user intervening, said password or key then being passed to said encryption software program or said hardware encryption module and automatically unlocking said encrypted files or partitions without the need for the user to enter said encryption password or key.

3. A method and apparatus for a user to selectively and securely escrow an encryption password or key to a file residing on a processor based computing device, where said escrowed password or key can be used for automatically unlocking one or more encrypted files, folders or partitions located on a local area network attached to said processor based computing device such that the password need only be optionally provided by the user at least once on said selected processor based computing device and comprising:
- a. a local area network with at least a first storage device containing one or more encrypted files, folders or partitions;
  
  b. an encryption software program residing on said local area network which is used for unlocking or locking selected encrypted files or partitions contained on said local area network and also may be used for decrypting data read from selected encrypted files, folders or partitions, and encrypting data to be written to encrypted files, folders or partitions residing on said local area network;
  
  c. an escrowing software program for managing the secure escrowing of an encryption password or key, said escrowing software program residing on said processor based computing device;
  
  d. said escrowing software program will offer said user the option to securely escrow or save said encryption password or key to said processor based computing device attached to said local area network;
  
  e. said password or key is then encrypted by said escrowing software program using an encryption key constructed with a plurality of unique data of which some or all is not under the control of, nor specified by said user and consisting of, but not limited to unique characteristics of said local area network and said processor based computing device;
  
  f. said password or key is then securely escrowed in a file residing on said processor based computing device;
  
  g. said escrow software program will then pass said password or key to said encryption software program to unlock said encrypted files or partitions residing on said local area network storage;
  
  h. on subsequent connection to said local area network storage, if said user had indicated to said escrow software program that said password or key was to be remembered, said escrow software program will retrieve said password or key by reconstructing said encryption key from the plurality of unique data used to encrypt the password or key and decrypting said encrypted password or key without said user intervening, said password or key then being passed to said encryption software program and automatically unlocking the selected encrypted files or partitions without the need for the user to enter the encryption password or key.

4. A method and apparatus for a company department to securely escrow an encryption password or key to a secure escrow file that will be placed on an assigned user'"'"'s processor based computing device connected to a company local area network, where said escrowed password or key is used for automatically unlocking one or more encrypted files or partitions located on an externally attachable data storage device connected to said user'"'"'s processor based computing device comprising:
- a. a company department or group that manages computer systems and data security within a company;
  
  b. An externally attachable data storage device that will contain one or more encrypted files or partitions, said attachable data storage device may contain a hardware encryption engine for unlocking or locking selected encrypted files or partitions contained on said attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  c. an encryption software program used for unlocking or locking selected encrypted files or partitions contained on said attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  d. an escrowing software program for managing the secure escrow file of an encryption password or key;
  
  e. said company department will generate a password or key to be used for unlocking said encrypted files or partitions that will reside on said attachable data storage device;
  
  f. said company department will access said user'"'"'s processor based computing device and collect a plurality of unique data of which some or all is not under the control of, nor specified by said user and consisting of, but not limited to unique characteristics of said external data storage device, said local area network and said processor based computing deviceg. said password or key is then encrypted using an encryption key constructed with said plurality of unique data thus forming a secure escrow file;
  
  h. said company department will then place said secure escrow file on said processor based computing device attached to said local area network;
  
  i. said company department will create an encrypted file or partition on said attachable data storage device using said password or key as the encryption key for said encrypted file or partition;
  
  j. if said attachable data storage device does not contain a hardware encryption engine, said company department will then place an encryption software program on said user'"'"'s processor based computing device, said encryption software program will be used for unlocking or locking selected encrypted files or partitions contained on said attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  k. said company department will then give said user said attachable data storage device;
  
  l. when said user connects said attachable data storage device to his said processor based computing device and said processor based computing device recognizes the presence of said attachable data storage device said escrow software program will be launched and said escrow software program will retrieve said password or key by reconstructing said encryption key from the plurality of unique data used to encrypt said password or key and decrypting said encrypted password or key without said user intervening, said password or key then being passed to said encryption software program or hardware encryption module and automatically unlock said selected encrypted files or partitions without the need for the user to insert the encryption password or key.

5. A method and apparatus for a user to acquire a one or more secure files or partitions from a web site along with the software necessary to create and manage a secure escrow file containing a password or key used for automatically unlocking one or more encrypted files or partitions that will be located on an externally attachable data storage device connected to said user'"'"'s processor based computing device comprising:
- a. a web site accessed by a user via the internet that delivers software modules that will be downloaded or pushed to a user'"'"'s processor based computer system and one or more secure files or partitions that will be created or placed onto an attachable data storage device;
  
  b. An externally attachable data storage device that will contain one or more encrypted files or partitions, said attachable data storage device may contain a hardware encryption engine for unlocking or locking selected encrypted files or partitions contained on said attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  c. an encryption software program used for unlocking or locking selected encrypted files or partitions contained on said attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  d. an escrowing software program for managing the secure escrow file of an encryption password or key that will reside on user'"'"'s said processor based computing device;
  
  e. said web site will generate a password or key to be used for unlocking said encrypted files or partitions that will reside on said attachable data storage device;
  
  f. said web site will access said user'"'"'s processor based computing device and collect a plurality of unique data of which some or all is not under the control of, nor specified by said user and consisting of, but not limited to unique characteristics of said external data storage device, and said processor based computing device;
  
  g. said password or key is then encrypted using an encryption key constructed with said plurality of unique data thus forming a secure escrow file;
  
  h. said web site will then place said secure escrow file on said processor based computing device attached to said web site via the internet;
  
  i. said web site will create an encrypted file or partition on said attachable data storage device using said password or key as the encryption key for said encrypted file or partition by downloading said encrypted file or partition or by creating said encrypted file or partition in real time on said attachable data storage device connected to user'"'"'s said processor based computer device;
  
  j. if said attachable data storage device does not contain a hardware encryption engine, said web site will then place an encryption software program on said user'"'"'s processor based computing device, said encryption software program will be used for unlocking or locking selected encrypted files or partitions contained on said attachable data storage device and also may be used for decrypting data read from selected encrypted files or partitions, and encrypting data to be written to encrypted files or partitions residing on said externally attachable data storage device;
  
  k. when said user connects said attachable data storage device to his said processor based computing device and said processor based computing device recognizes the presence of said attachable data storage device said escrow software program will be launched and said escrow software program will retrieve said password or key by reconstructing said encryption key from the plurality of unique data used to encrypt said password or key and decrypting said encrypted password or key without said user intervening, said password or key then being passed to said encryption software program or hardware encryption module and automatically unlock said selected encrypted files or partitions without the need for the user to insert the encryption password or key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invysta Technology Group
Original Assignee
Invysta Technology Group
Inventors
Price, William P., Streuter, Gary, Robinson, Eric

Granted Patent

US 9,715,598 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/78 to assure secure storage of...

G06F 2221/2107 File encryption

Automatic Secure Escrowing of a Password for an Encrypted File or Partition Residing on an Attachable Storage Device that the Device can be Unlocked Without User Intervention

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic Secure Escrowing of a Password for an Encrypted File or Partition Residing on an Attachable Storage Device that the Device can be Unlocked Without User Intervention

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links