Data security for digital data storage
First Claim
Patent Images
1. A method of storing data over a computer network from a first client computer system of a plurality of different client computer systems to a remote network server, comprising:
- generating a private encryption key and a public encryption key on a first client computer, wherein generating the private and public encryption keys are based at least in part a hardware identifier that is uniquely associated with the first client computer and based at least in part on user input;
encrypting the data on the first client computer with the public encryption key to generate encrypted data;
copying the public encryption key and the encrypted data to the remote network server; and
storing the public encryption key and the encrypted data on a data storage medium in the remote network server in association with a file attribute that designates the data as encrypted, wherein the file attribute further indicates an owner of the public encryption key used to encrypt the encrypted data;
wherein when a request of the remote network server for the encrypted data is received from a requestor, a determination is made whether the requestor is the owner of the public encryption key used to encrypt the encrypted data;
wherein when the requestor is the owner of the public encryption key used to encrypt the encrypted data, automatically forwarding the encrypted data to the requestor; and
wherein when a request is received from the requestor for non-encrypted data automatically encrypting the non-encrypted on the remote network server, with the public encryption key of the requestor and automatically forwarding the encrypted data to the requestor.
10 Assignments
0 Petitions
Accused Products
Abstract
A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.
77 Citations
18 Claims
-
1. A method of storing data over a computer network from a first client computer system of a plurality of different client computer systems to a remote network server, comprising:
-
generating a private encryption key and a public encryption key on a first client computer, wherein generating the private and public encryption keys are based at least in part a hardware identifier that is uniquely associated with the first client computer and based at least in part on user input; encrypting the data on the first client computer with the public encryption key to generate encrypted data; copying the public encryption key and the encrypted data to the remote network server; and storing the public encryption key and the encrypted data on a data storage medium in the remote network server in association with a file attribute that designates the data as encrypted, wherein the file attribute further indicates an owner of the public encryption key used to encrypt the encrypted data; wherein when a request of the remote network server for the encrypted data is received from a requestor, a determination is made whether the requestor is the owner of the public encryption key used to encrypt the encrypted data; wherein when the requestor is the owner of the public encryption key used to encrypt the encrypted data, automatically forwarding the encrypted data to the requestor; and wherein when a request is received from the requestor for non-encrypted data automatically encrypting the non-encrypted on the remote network server, with the public encryption key of the requestor and automatically forwarding the encrypted data to the requestor. - View Dependent Claims (2, 3, 4)
-
-
5. A computer network having one or more servers storing data files created by one or more clients, said computer network comprising:
-
at least one data storage device located on a network server at least one data storage device located on a first client computer system; first data files encrypted by the first client computer system with an encryption key associated with the first client computer system, wherein the encryption key is derived, at least in part, on an identifier unique to the first client computer system and at least in part on user input, such that the first data is encrypted differently by the first client computer than by other client computer systems and wherein the first encrypted data files and the encryption key are stored on one or more of the network server and the first client computer system, the first encrypted data files comprising a file attribute designating the first data files as encrypted and further indicating an owner of the encryption key; wherein when a request for data is received by the network server from a requestor, the owner of the encryption key associated with the data is compared to the requestor to determine whether the requestor is the owner of the encryption key; wherein when the requestor is the owner of the encryption key used to encrypt the data, automatically sending the requested data encrypted with the encryption key to the requestor; and wherein when the requested data is not encrypted, automatically encrypting the requested data with an encryption key associated with the requestor and automatically sending the encrypted data to the requestor. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
12. A computer network having one or more servers storing data provided by one or more clients, said computer network comprising:
-
means for encrypting data with one or more public encryption keys, wherein each public encryption key is respectively unique to each of the one or more clients and derived at least in part from user input; means for storing the encrypted data and each public encryption key locally to the respective client; means for copying the encrypted data to a remote network server; and means for storing the encrypted data in the remote network server in association with a file attribute that designates the data as encrypted and further indicates the owner of the respective unique public encryption key; wherein when a request for data is received from a requestor and the data is encrypted, the owner of the public encryption key used to encrypt the data is compared to the requestor to determine whether the data was encrypted with the requestor'"'"'s public encryption key; wherein when the req uestor is the owner of the public key used to encrypt the data, automatically sending the requested data to the requestor; and wherein when the requested data was not encrypted automatically encrypting the requested data on the remote network server with a public key associated with the requestor and automatically sending the encrypted data to the requestor. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification