Data security for digital data storage

US 7,526,795 B2
Filed: 03/27/2001
Issued: 04/28/2009
Est. Priority Date: 03/27/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of transferring data over a computer network from a network server to a first client computer system, the method comprising:

receiving a request by a requestor using a first client computer system for data from at least one network server storing data, at least some of the data stored by the network server being encrypted;

verifying whether a public encryption key associated with the requestor is good;

if verification fails, requesting user input from the requestor and generating a public encryption key and a private encryption key based at least in part on the user input and based at least in part on an identification code associated with the first client computer system;

checking an attribute of the requested data stored on the network server to determine whether the requested data stored on the network server is encrypted with the public encryption key associated with the requestor;

if the attribute stored on the network server indicates that the requested data stored on the network server is encrypted with the public encryption key associated with the requestor, automatically sending the encrypted data to the first client computer system;

if the attribute stored on the network server indicates that the requested data is encrypted with a public encryption key that is different than the public encryption key associated with the requestor, automatically sending a message to the requestor indicating that the requested data is not encrypted with the public encryption key of the requestor;

if the attribute stored on the network server indicates that the requested data is unencrypted, encrypting the requested data stored on the server with the public encryption key associated with the requestor automatically and without user intervention to create encrypted data; and

sending the encrypted data to the first client computer system wherein the first client computer system automatically uses the private encryption key to decrypt the encrypted data without user intervention and sending the requested data to the first client computer system only if the requested data is encrypted and if the requestor is the owner of the encryption key.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.

94 Citations

View as Search Results

10 Claims

1. A method of transferring data over a computer network from a network server to a first client computer system, the method comprising:
- receiving a request by a requestor using a first client computer system for data from at least one network server storing data, at least some of the data stored by the network server being encrypted;
  
  verifying whether a public encryption key associated with the requestor is good;
  
  if verification fails, requesting user input from the requestor and generating a public encryption key and a private encryption key based at least in part on the user input and based at least in part on an identification code associated with the first client computer system;
  
  checking an attribute of the requested data stored on the network server to determine whether the requested data stored on the network server is encrypted with the public encryption key associated with the requestor;
  
  if the attribute stored on the network server indicates that the requested data stored on the network server is encrypted with the public encryption key associated with the requestor, automatically sending the encrypted data to the first client computer system;
  
  if the attribute stored on the network server indicates that the requested data is encrypted with a public encryption key that is different than the public encryption key associated with the requestor, automatically sending a message to the requestor indicating that the requested data is not encrypted with the public encryption key of the requestor;
  
  if the attribute stored on the network server indicates that the requested data is unencrypted, encrypting the requested data stored on the server with the public encryption key associated with the requestor automatically and without user intervention to create encrypted data; and
  
  sending the encrypted data to the first client computer system wherein the first client computer system automatically uses the private encryption key to decrypt the encrypted data without user intervention and sending the requested data to the first client computer system only if the requested data is encrypted and if the requestor is the owner of the encryption key.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein identification code is uniquely associated with hardware in the first client computer system.
  - 3. The method of claim 2, wherein the encryption key is derived at least in part from user input.

4. A method of data storage and retrieval comprising:
- verifying whether a public encryption key associated with the requestor is good;
  
  if verification fails, requesting user input and automatically generating independently of information from a network server, a public encryption key and a corresponding private encryption key in a first client computer system based at least in part on the user input and based at least in part on an identification code associated with the first client computer system, wherein the network server stores at least some data in an encrypted format;
  
  storing the public encryption key and the corresponding private encryption key in the first client computer system such that access to the private encryption key is limited solely to the first client computer system and wherein both the public and the private encryption keys are needed to decrypt encrypted data;
  
  associating an attribute with a data file on the network server, the attribute indicating whether the data file is encrypted with the public encryption key associated with different requestors when stored on the network server, and the attribute indicating an owner of the public encryption key;
  
  requesting the data file by a requestor from the network server using the first client computer system;
  
  checking the attribute of the requested data file to determine whether the requested data file is encrypted with the public key of the requestor;
  
  if the attribute stored on the network server indicates that the requested data is encrypted with a public encryption key that is not associated with the requestor, sending a message to the requestor indicating that the requested data is not encrypted with their key;
  
  if the attribute stored on the network server indicates that the requested data file is encrypted with the public key associated with the requestor, forwarding the requested data file to the first client computer system; and
  
  if the attribute stored on the network server indicates that the requested data file is unencrypted, sending the public encryption key from the first client computer system to the network server automatically and without user intervention;
  
  forwarding the requested data file to the first client computer system after the public encryption key associated with the requestor is used to encrypt the requested data file to create an encrypted data file wherein the encrypted data file is forwarded to the requestor and sending the requested data file to the first client computer system if the requested data file is encrypted and the requestor is the owner of the public encryption key; and
  
  automatically decrypting without user intervention storing the encrypted data file with the private encryption key on a storage medium in the first client computer system.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein at least one of the public encryption key and the corresponding private encryption key are based on a password entered by a user when logging on to the first client computer system.
  - 6. The method of claim 4, wherein the identification code is uniquely associated with hardware in the first client computer system.

7. A computer readable data storage medium having stored thereon commands that are operative to cause a general purpose computer configured as a network server to perform a method of data retrieval comprising:
- verifying whether an encryption key associated with a requestor is good;
  
  if verification fails, requesting user input from the requestor and generating an encryption key based at least in part on the user input and based at least in part on an identification code associated with the first client computer system;
  
  receiving a request for a data file from a requestor using a first client computer system at a network server, wherein at least some data files are encrypted;
  
  checking a file attribute of the requested data file stored on the network server to determine whether the requested data file is encrypted with the encryption key associated with the requestor, wherein the attribute is alterable by a network administrator;
  
  if the file attribute stored on the network server indicates that the requested data file is encrypted with the encryption key associated with the requestor, routing the encrypted data file to the first client computer system if the requested data file is encrypted and the requestor is the owner of the encryption key;
  
  if the file attribute stored on the network server indicates that the requested data file is encrypted with an encryption key that is different than the encryption key associated with the requestor, sending a message to the requestor indicating that the requested data is not encrypted with the encryption key associated with the requestor and;
  
  if the file attribute stored on the network server indicates that the requested data file is unencrypted, automatically requesting the public encryption key associated with the requestor from the first client computer system;
  
  automatically encrypting the requested data file using the public encryption key associated with the requestor to create an encrypted data file; and
  
  routing the encrypted data file to the first client computer system if the requested data file is encrypted and the requestor is the owner of the encryption key; and
  
  automatically decrypting without user intervention the encrypted data file with the private encryption key associated with the requestor.
- View Dependent Claims (8, 9, 10)
- - 8. The computer readable data storage medium of claim 7, wherein the encryption key is based at least partially on data associated with the first client computer system.
  - 9. The computer readable data storage medium of claim 8, wherein the data associated with the first client computer system is uniquely associated with the first client computer system.
  - 10. The computer readable data storage medium of claim 8, wherein the encryption key is also based on user input provided to the first client computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Rollins, Doug L.
Primary Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US09/818,699
Publication Number

US 20020141588A1
Time in Patent Office

2,954 Days
Field of Search

380/277, 380/282, 713/168, 713/165, 705/71, 726 2- 3
US Class Current

726/3
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/104   Grouping of entities

H04L 67/06   specially adapted for file ...

Data security for digital data storage

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links