Security System Using Physical Key for Cryptographic Processes

US 20120237024A1
Filed: 03/18/2011
Published: 09/20/2012
Est. Priority Date: 03/18/2011
Status: Abandoned Application

First Claim

Patent Images

1. A device for cryptographic process comprising:

a cipher engine that encrypts or decrypts data from a host;

a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and

a controller that manages interactions of the cipher engine and the storage with the host.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the invention is based on the recognition that by keeping the encryption key (DEK) in a key device, and using the key device to perform all encryption and decryption, where the DEK is not supplied to the computing system, the above noted security problems can be overcome. The encrypted information is stored in the computing system and not in the key device. However, without the key device, it is not possible to access the encrypted information stored in the computing system. Thus, the function of the key device is similar to that of a physical key used in daily life for unlocking a door or drawer, except that the user gains access to protected information instead of access to a building, drawer or car.

Citations

25 Claims

1. A device for cryptographic process comprising:
- a cipher engine that encrypts or decrypts data from a host;
  
  a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and
  
  a controller that manages interactions of the cipher engine and the storage with the host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, wherein said controller uses a seed designated by the host for generating a cipher key
  - 3. The device of claim 1, further comprising a random number generator, wherein said controller causes the engine to generate a cipher key using a number generated by said random number generator.
  - 4. The device of claim 1, wherein said controller causes the engine to generate a slave cipher key using a public slave identifier and a hidden master cipher key stored in the storage.
  - 5. The device of claim 1, wherein said controller controls the encryption and decryption of the data from the host by said cipher engine, wherein said controller does not store the data that is encrypted or decrypted by the cipher engine.
  - 6. The device of claim 1, said host having an operating system, said device further comprising a storage medium storing a computer program for creating in the host a file in the host that behaves like a disk drive to the operating system of the host, and for translating accesses to this file by the host into commands, wherein the cipher engine performs encryption and/or decryption of data to/from such file and/or to be stored into such file in response to the commands.
  - 7. The device of claim 1, said host having an operating system, said device further comprising a storage medium storing information useful to a user for obtaining and using a computer program for creating in the host a file that behaves like a disk drive to the operating system of the host, and for translating accesses to this file by the host into commands, wherein the cipher engine performs encryption and/or decryption of data from such file and/or to be stored into such file in response to the commands.
  - 8. The device of claim 1, wherein said controller controls data access with a password by using the password to encrypt and/or decrypt a cipher key in the storage, and sends the decrypted cipher key to the cipher engine for encrypting and/or decrypting data from the host.
  - 9. The device of claim 1, wherein said controller manages interactions of the cipher engine and the storage with the host as soon as the device is connected to the host without the host having to re-boot.
  - 10. The device of claim 9, wherein said device complies with the USB protocol.

11. A host computing system having a memory and an operating system, said computing system running a computer program to create in the system a file that behaves like a disk drive to the operating system of the system for storing encrypted information sent to it by a key device that is connected to the system and that performs cryptographic processes, and to translate accesses to this file by the system into commands, wherein when a command to read or write is issued by the system to the file, the computer program when executed by the system will cause a cipher engine in the key device to perform encryption and/or decryption of data from such file and/or to be stored into such file.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computing system of claim 11, wherein the file is accessible by a user only when the key device is connected to the system.
  - 13. The computing system of claim 11, further comprising a display, wherein the file is visible on a display of the system only when the key device is connected to the system.
  - 14. The computing system of claim 11, said wherein the computer program when executed by the system causes traces of data in the memory that are obsolete as a result of data deletion or data relocation in the memory to be overwritten after such deletion and/or relocation.
  - 15. The computing system of claim 11, wherein the computer program when executed by the system creates a file name and path way in a directory in the system accessible by the operating system of the system, and a driver in the system that accesses data in the file using said file name and path way.
  - 16. The computing system of claim 11, wherein the computer program includes a driver that translates a logical block address from the operating system into a file offset in the file for accessing data in the file.
  - 17. The computing system of claim 11, wherein the computer program includes a driver that transmits to the key device commands that control encrypt and decrypt processes in the key device.

18. A method for cryptographic process comprising:
- supplying a key device including a cipher engine that encrypts or decrypts data from a host; and
  
  a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and
  
  supplying a storage medium storing a computer program for creating in the host a file that behaves like a disk drive to an operating system of the host, and for translating accesses to this file by the host into commands, wherein the cipher engine performs encryption and/or decryption of data from such file and/or to be stored into such file in response to the commands.

19. A method for cryptographic process comprising:
- supplying a key device including a cipher engine that encrypts or decrypts data from a host; and
  
  a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and
  
  supplying information for obtaining a computer program for creating in the host a file that behaves like a disk drive to an operating system of the host, and for translating accesses to this file by the host into commands, wherein the cipher engine performs encryption and/or decryption of data from such file and/or to be stored into such file in response to the commands.

20. A computer readable storage medium storing a computer program for use in a computing system having a memory and an operating system, wherein when the computer program is executed by the computing system, a file that behaves like a disk drive to the operating system of the system is created in the memory of the system for storing encrypted information sent to it by a key device that is connected to the system and that performs cryptographic processes, and accesses to this file by the system are translated into commands, wherein when a command to read or write is issued by the system to the file, the computer program when executed by the system will cause a cipher engine in the key device to perform encryption and/or decryption of data from such file and/or to be stored into such file.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The storage medium of claim 20, wherein the file is accessible by a user only when the key device is connected to the system.
  - 22. The storage medium of claim 20, wherein the computer program when executed by the system causes traces of data in the memory that are obsolete as a result of data deletion or data relocation in the memory to be overwritten after such deletion and/or relocation.
  - 23. The storage medium of claim 20, wherein the computer program when executed by the system creates a file name and path way in a directory in the system accessible by the operating system of the system, and a driver in the system that accesses data in the file using said file name and path way.
  - 24. The storage medium of claim 20, wherein the computer program includes a driver that translates a logical block address from the operating system of the host into a file offset in the file for accessing data in the file.
  - 25. The storage medium of claim 20, wherein the computer program includes a driver that issues commands that control encrypt and decrypt processes in the key device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LucidPort Technology, Inc.
Original Assignee
LucidPort Technology, Inc.
Inventors
Augustin, Reid, Liu, Wei-Ti, Chen, Adam, Do, Kevin Wayne

Application Number

US13/051,829
Publication Number

US 20120237024A1
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 9/0869   involving random numbers or...

H04L 9/0877   using additional device, e....

H04L 9/0897   involving additional device...

Security System Using Physical Key for Cryptographic Processes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Security System Using Physical Key for Cryptographic Processes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links