Method and system to maintain portable computer data secure and authentication token for use therein

US 7,302,571 B2
Filed: 04/09/2002
Issued: 11/27/2007
Est. Priority Date: 04/12/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A system to maintain data stored on a portable computer secure, the system comprising:

an authorization client for use on the portable computer for making requests;

a security device to be associated with an authorized user of the portable computer and including an authorization server for supplying responses to the requests;

a communication subsystem for wirelessly communicating the requests and the responses to the server and the client, respectively, within a range; and

a cryptographic subsystem for use on the portable computer for encrypting the data to obtain corresponding encrypted data when the security device is outside the range of the communication subsystem and for decrypting the encrypted data when the security device is back within the range;

wherein the requests include cryptographic requests for cryptographic information and wherein the server supplies the cryptographic information in response to the cryptographic requests and wherein the cryptographic subsystem utilizes the cryptographic information to either encrypt or decrypt the data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system to maintain portable computer data secure and an authentication token for use in the system are provided. The present invention provides for fine-grained authentication and full security of a laptop file system. The laptop disk is encrypted and each time data is fetched from the disk the laptop sends a short message requesting a decryption key from an authentication token worn or associated with the proper laptop user. If the user and his/her token are “present,” then access is allowed. If the user and his/her token are not “present” (i.e., within a predetermined radius), then access is disallowed and all in-memory data is flushed to the disk. The user wears the small authentication token that communicates with the laptop over a short-range, wireless link. Whenever the laptop needs decryption authority, it acquires it from the token; authority is retained only as long as necessary.

72 Citations

View as Search Results

12 Claims

1. A system to maintain data stored on a portable computer secure, the system comprising:
- an authorization client for use on the portable computer for making requests;
  
  a security device to be associated with an authorized user of the portable computer and including an authorization server for supplying responses to the requests;
  
  a communication subsystem for wirelessly communicating the requests and the responses to the server and the client, respectively, within a range; and
  
  a cryptographic subsystem for use on the portable computer for encrypting the data to obtain corresponding encrypted data when the security device is outside the range of the communication subsystem and for decrypting the encrypted data when the security device is back within the range;
  
  wherein the requests include cryptographic requests for cryptographic information and wherein the server supplies the cryptographic information in response to the cryptographic requests and wherein the cryptographic subsystem utilizes the cryptographic information to either encrypt or decrypt the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as claimed in claim 1 wherein the requests include polling requests.
  - 3. The system as claimed in claim 1 wherein the cryptographic information includes keys.
  - 4. The system as claimed in claim 3 wherein the keys are encrypted.
  - 5. The system as claimed in claim 3 wherein the keys include user and group keys.
  - 6. The system as claimed in claim 1 further comprising a mechanism for establishing a binding between the portable computer and the security device to ensure that the security device only responds to a portable computer with a valid binding.
  - 7. The system as claimed in claim 1 wherein the security device is an authorization token.
  - 8. The system as claimed in claim 1 wherein the computer has a low speed memory and high speed memory and wherein the data stored in the high speed memory is not encrypted and the data stored in the low speed memory is encrypted.
  - 9. The system as claimed in claim 1 wherein the cryptographic subsystem includes encrypted keys and wherein the cryptographic information includes keys for decrypting the encrypted keys.
  - 10. The system as claimed in claim 1 wherein the requests including the polling requests are encrypted.

11. A method to maintain data stored on a portable computer secure, the method comprising:
- providing an authorization client for use on the portable computer for making requests;
  
  providing a security device to be associated with an authorized user of the portable computer and including an authorization server for supplying responses to the requests;
  
  wirelessly communicating the requests and the responses to the server and the client, respectively, within a range;
  
  encrypting the data to obtain corresponding encrypted data when the security device is outside the range; and
  
  decrypting the encrypted data when the security device is back within the range;
  
  wherein the requests include cryptographic requests for cryptographic information and wherein the server supplies the cryptographic information in response to the cryptographic requests and wherein the cryptographic information is used to either encrypt or decrypt the data.
- View Dependent Claims (12)
- - 12. The method as claimed in claim 11 further comprising establishing a binding between the portable computer and the security device to ensure that the security device only responds to a portable computer with a valid binding.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Board of Regents of the University of Michigan (University of Michigan)
Original Assignee
Board of Regents of the University of Michigan (University of Michigan)
Inventors
Corner, Mark D., Noble, Brian D.
Primary Examiner(s)
Revak; Christopher
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US10/119,204
Publication Number

US 20030005300A1
Time in Patent Office

2,058 Days
Field of Search

713/189, 713/172, 705/67, 340/5.6, 379/211.05
US Class Current

713/172
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/43   wireless channels

G06F 21/6227   where protection concerns t...

G06Q 20/3674   involving authentication

Method and system to maintain portable computer data secure and authentication token for use therein

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

72 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Method and system to maintain portable computer data secure and authentication token for use therein

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others