×

Method and system for controlling access to data stored on a data storage device

  • US 7,191,344 B2
  • Filed: 08/08/2002
  • Issued: 03/13/2007
  • Est. Priority Date: 08/08/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method (200) for allowing access to a storage device comprising:

  • (a) accepting (204) a token device (20) that was plugged into a data port (18) of a computer (10) before booting up;

    (b) after booting up, transmitting (206) a puzzle (Sn) read from a hard disk storage device (12) on said computer (10) to the token device (20);

    (c) recognizing (208) puzzle (Sn) as a challenge, and using an encryption/decryption program to output a dynamic key (Kn) with a token processor (22) from said puzzle (Sn) in the token device (20);

    (d) transmitting (210) the dynamic key (Kn) through the data port (18) to a processor (14) of the computer system;

    (e) transmitting (212) an encrypted file key (EFKn) stored on the hard disk storage device (12) to the processor (14);

    (f) decrypting (214) the encrypted file key (EFKn) with the processor (14) using the dynamic key (Kn) to generate a clear file key (CFK);

    (g) storing (216) the clear file key (CFK) in memory (16) of the computer (10) until it is powered down;

    thereafter, using an encryption/decryption program running on the computer processor (14), and the clear file key (CFK) in memory (16), to routinely decrypt data as it is read from hard disk storage device (12) to computer memory (16), and to routinely encrypt data as it is written from computer memory (16) to the hard disk storage device (12);

    (h) for a next boot up of computer (10), automatically generating (218) a subsequent puzzle (Sn+1);

    (i) storing the subsequent puzzle (Sn+1) both on the hard disk storage device (12) and in the token device (20) so as to overwrite the previous puzzle (Sn);

    (j) generating (222) from the subsequent puzzle (Sn+1), a subsequent dynamic key (Kn+1) in the token device (20);

    (k) transmitting (224) the clear file key (CFK) and the subsequent dynamic key (Kn+1) to the processor (14) of the computer system;

    (l) encrypting (226) the clear file key (CFK) with the subsequent dynamic key to generate a subsequent encrypted file key (EKFn+1); and

    (m) storing (228) the subsequent encrypted file key (EKFn+1) on the hard disk storage device (12).

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×