VIRTUAL ZEROISATION SYSTEM AND METHOD

US 20140337640A1
Filed: 08/16/2012
Published: 11/13/2014
Est. Priority Date: 08/19/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a data source for providing data to be encrypted;

a key management system for providing key material to encrypt the data to be encrypted;

a virtual zeroisation &

vice adapted to receive the data to be encrypted from the data source and to receive the key material, the virtual zeroisation device including;

an encryption unit adapted to be coupled to the data source for encrypting the data to be encrypted using the key material;

a storage device adapted to be coupled to the encryption unit and to the key management system; and

wherein;

the key material is stored in the storage device, andthe encryption unit encrypts the data to be encrypted to thereby create encrypted data by using selected key material from the storage device; and

the encrypted data is stored in the storage device and overwrites the selected key material.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for protecting data includes a virtual zeroisation device which receives data to be encrypted and key material for encrypting the data. The key material is stored in a storage device. As the encryption unit encrypts the data using the key material, the encrypted data is stored in the storage device and overwrites the key material.

31 Citations

View as Search Results

16 Claims

1. A system comprising:
- a data source for providing data to be encrypted;
  
  a key management system for providing key material to encrypt the data to be encrypted;
  
  a virtual zeroisation &
  
  vice adapted to receive the data to be encrypted from the data source and to receive the key material, the virtual zeroisation device including;
  
  an encryption unit adapted to be coupled to the data source for encrypting the data to be encrypted using the key material;
  
  a storage device adapted to be coupled to the encryption unit and to the key management system; and
  
  wherein;
  
  the key material is stored in the storage device, andthe encryption unit encrypts the data to be encrypted to thereby create encrypted data by using selected key material from the storage device; and
  
  the encrypted data is stored in the storage device and overwrites the selected key material.
- View Dependent Claims (3, 4, 5, 6, 7)
- - 3. A system as in claim 1 further comprising:
    - a data consumer unit adapted to be coupled to the key management system and adapted to be coupled to at least the storage device;
      
      wherein;
      
      the key material from the key management system is provided to the data consumer, the key material provided to the data consumer corresponding to the key material stored in the storage device to thereby provide corresponding key material; and
      
      the corresponding key material is used by the data consumer to decrypt the encrypted data stored in the storage device.
  - 4. A system as in claim 3 wherein the key material comprises a one-time pad.
  - 5. A system as in claim 1 wherein a virtual zeroisation device further comprises:
    - an external input/output unit coupled to the encryption unit and adapted to be coupled to the data source;
      
      an internal input/output unit coupled to the encryption unit and adapted to be coupled to the storage device;
      
      a bypass channel coupled between the external input/output unit and the internal input/output unit; and
      
      wherein the key material is provided by the key management system to the external input/output unit, and then using the bypass channel to the internal input/output unit for storage in the storage device.
  - 6. A system as in claim 5 wherein when the encryption unit operates to encrypt the data to be encrypted and the key material is provided from the key management system through the internal input/output unit to the encryption unit.
  - 7. A system as in claim 6 wherein the encrypted data is provided from the encryption unit to the internal input/output unit for storage in the storage device.

2. A system as in claim I wherein the key material comprises a one-time pad.

8. A virtual zeroisation device comprising:
- an encryption unit adapted to be coupled to an external unit for receiving data to be encrypted, for receiving key material for encrypting the data to be encrypted, and for providing encrypted data;
  
  a storage device coupled to the encryption unit for storing the key material and the encrypted data; and
  
  wherein;
  
  the encryption unit encrypts the data to be encrypted using selected key material from the storage device to thereby provide encrypted data; and
  
  the encrypted data is stored in the storage device and overwrites the selected key material.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A virtual zeroisation device as in claim 8 wherein the key material comprises a one-time pad.
  - 10. A virtual zeroisation device as in claim 8 wherein:
    - the key material is also provided to another unit, andthe encrypted data stored in the storage device is provided to the another unit where it is decrypted using the key material.
  - 11. A virtual zeroisation device as in claim 8 further comprising:
    - an external input/output unit coupled to the encryption unit;
      
      an internal input/output unit coupled between the encryption unit and the storage device;
      
      a bypass channel coupled between the external input/output unit and the internal input/output unit; and
      
      wherein the key material is provided to the external input/output unit, and then using the bypass channel to the internal input/output unit for storage in the storage device.
  - 12. A virtual zeroisation device as in claim 11 wherein when the encryption unit operates to encrypt the data to be encrypted, and the key material is provided from the storage device through the internal input/output unit to the encryption unit.
  - 13. A virtual zeroisation device as in claim 12 wherein the encrypted data is provided from the encryption unit to the internal input/output unit for storage in the storage device.

14. A method of securely protecting data comprising:
- storing one-time pad key material in a storage device;
  
  using the one-time pad key material to encrypt data to be protected to thereby create encrypted data; and
  
  writing the encrypted data into the storage device in place of all of the one-time pad key material used to encrypt the data to be protected.
- View Dependent Claims (15, 16)
- - 15. A method as in claim 14 wherein the storage device comprises a memory device.
  - 16. A method as in claim 14 wherein the one-time pad key material comprises a series of random bits generated by a quantum generator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
QuintessenceLabs Pty Ltd.
Original Assignee
QuintessenceLabs Pty Ltd.
Inventors
Sharma, Vikram, Leiseboer, John

Granted Patent

US 10,102,383 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/79   in semiconductor storage me...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 3/0623   in relation to content

G06F 3/0664   at device level, e.g. emula...

G06F 3/0673   Single storage device

H04L 9/0656   Pseudorandom key sequence c...

H04L 9/0852   Quantum cryptography transm...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/12   Transmitting and receiving ...

VIRTUAL ZEROISATION SYSTEM AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

VIRTUAL ZEROISATION SYSTEM AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links