Data security for digital data storage
First Claim
Patent Images
1. A method of transferring data over a computer network from a network server to a first client computer system, the method comprising:
- receiving a request by a requestor using a first client computer system for data from at least one network server storing data, at least some of the data stored by the network server being encrypted;
verifying whether a public encryption key associated with the requestor is good;
if verification fails, requesting user input from the requestor and generating a public encryption key and a private encryption key based at least in part on the user input and based at least in part on an identification code associated with the first client computer system;
checking an attribute of the requested data stored on the network server to determine whether the requested data stored on the network server is encrypted with the public encryption key associated with the requestor;
if the attribute stored on the network server indicates that the requested data stored on the network server is encrypted with the public encryption key associated with the requestor, automatically sending the encrypted data to the first client computer system;
if the attribute stored on the network server indicates that the requested data is encrypted with a public encryption key that is different than the public encryption key associated with the requestor, automatically sending a message to the requestor indicating that the requested data is not encrypted with the public encryption key of the requestor;
if the attribute stored on the network server indicates that the requested data is unencrypted, encrypting the requested data stored on the server with the public encryption key associated with the requestor automatically and without user intervention to create encrypted data; and
sending the encrypted data to the first client computer system wherein the first client computer system automatically uses the private encryption key to decrypt the encrypted data without user intervention and sending the requested data to the first client computer system only if the requested data is encrypted and if the requestor is the owner of the encryption key.
9 Assignments
0 Petitions
Accused Products
Abstract
A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.
94 Citations
10 Claims
-
1. A method of transferring data over a computer network from a network server to a first client computer system, the method comprising:
-
receiving a request by a requestor using a first client computer system for data from at least one network server storing data, at least some of the data stored by the network server being encrypted; verifying whether a public encryption key associated with the requestor is good; if verification fails, requesting user input from the requestor and generating a public encryption key and a private encryption key based at least in part on the user input and based at least in part on an identification code associated with the first client computer system; checking an attribute of the requested data stored on the network server to determine whether the requested data stored on the network server is encrypted with the public encryption key associated with the requestor; if the attribute stored on the network server indicates that the requested data stored on the network server is encrypted with the public encryption key associated with the requestor, automatically sending the encrypted data to the first client computer system; if the attribute stored on the network server indicates that the requested data is encrypted with a public encryption key that is different than the public encryption key associated with the requestor, automatically sending a message to the requestor indicating that the requested data is not encrypted with the public encryption key of the requestor; if the attribute stored on the network server indicates that the requested data is unencrypted, encrypting the requested data stored on the server with the public encryption key associated with the requestor automatically and without user intervention to create encrypted data; and sending the encrypted data to the first client computer system wherein the first client computer system automatically uses the private encryption key to decrypt the encrypted data without user intervention and sending the requested data to the first client computer system only if the requested data is encrypted and if the requestor is the owner of the encryption key. - View Dependent Claims (2, 3)
-
-
4. A method of data storage and retrieval comprising:
-
verifying whether a public encryption key associated with the requestor is good; if verification fails, requesting user input and automatically generating independently of information from a network server, a public encryption key and a corresponding private encryption key in a first client computer system based at least in part on the user input and based at least in part on an identification code associated with the first client computer system, wherein the network server stores at least some data in an encrypted format; storing the public encryption key and the corresponding private encryption key in the first client computer system such that access to the private encryption key is limited solely to the first client computer system and wherein both the public and the private encryption keys are needed to decrypt encrypted data; associating an attribute with a data file on the network server, the attribute indicating whether the data file is encrypted with the public encryption key associated with different requestors when stored on the network server, and the attribute indicating an owner of the public encryption key; requesting the data file by a requestor from the network server using the first client computer system; checking the attribute of the requested data file to determine whether the requested data file is encrypted with the public key of the requestor; if the attribute stored on the network server indicates that the requested data is encrypted with a public encryption key that is not associated with the requestor, sending a message to the requestor indicating that the requested data is not encrypted with their key; if the attribute stored on the network server indicates that the requested data file is encrypted with the public key associated with the requestor, forwarding the requested data file to the first client computer system; and if the attribute stored on the network server indicates that the requested data file is unencrypted, sending the public encryption key from the first client computer system to the network server automatically and without user intervention; forwarding the requested data file to the first client computer system after the public encryption key associated with the requestor is used to encrypt the requested data file to create an encrypted data file wherein the encrypted data file is forwarded to the requestor and sending the requested data file to the first client computer system if the requested data file is encrypted and the requestor is the owner of the public encryption key; and automatically decrypting without user intervention storing the encrypted data file with the private encryption key on a storage medium in the first client computer system. - View Dependent Claims (5, 6)
-
-
7. A computer readable data storage medium having stored thereon commands that are operative to cause a general purpose computer configured as a network server to perform a method of data retrieval comprising:
-
verifying whether an encryption key associated with a requestor is good; if verification fails, requesting user input from the requestor and generating an encryption key based at least in part on the user input and based at least in part on an identification code associated with the first client computer system; receiving a request for a data file from a requestor using a first client computer system at a network server, wherein at least some data files are encrypted; checking a file attribute of the requested data file stored on the network server to determine whether the requested data file is encrypted with the encryption key associated with the requestor, wherein the attribute is alterable by a network administrator; if the file attribute stored on the network server indicates that the requested data file is encrypted with the encryption key associated with the requestor, routing the encrypted data file to the first client computer system if the requested data file is encrypted and the requestor is the owner of the encryption key; if the file attribute stored on the network server indicates that the requested data file is encrypted with an encryption key that is different than the encryption key associated with the requestor, sending a message to the requestor indicating that the requested data is not encrypted with the encryption key associated with the requestor and; if the file attribute stored on the network server indicates that the requested data file is unencrypted, automatically requesting the public encryption key associated with the requestor from the first client computer system; automatically encrypting the requested data file using the public encryption key associated with the requestor to create an encrypted data file; and routing the encrypted data file to the first client computer system if the requested data file is encrypted and the requestor is the owner of the encryption key; and automatically decrypting without user intervention the encrypted data file with the private encryption key associated with the requestor. - View Dependent Claims (8, 9, 10)
-
Specification