Data security for digital data storage

US 7,594,257 B2
Filed: 09/14/2006
Issued: 09/22/2009
Est. Priority Date: 03/27/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of storing data over a computer network from a first client computer system of a plurality of different client computer systems to a remote network server, comprising:

generating a private encryption key and a public encryption key on a first client computer, wherein generating the private and public encryption keys are based at least in part a hardware identifier that is uniquely associated with the first client computer and based at least in part on user input;

encrypting the data on the first client computer with the public encryption key to generate encrypted data;

copying the public encryption key and the encrypted data to the remote network server; and

storing the public encryption key and the encrypted data on a data storage medium in the remote network server in association with a file attribute that designates the data as encrypted, wherein the file attribute further indicates an owner of the public encryption key used to encrypt the encrypted data;

wherein when a request of the remote network server for the encrypted data is received from a requestor, a determination is made whether the requestor is the owner of the public encryption key used to encrypt the encrypted data;

wherein when the requestor is the owner of the public encryption key used to encrypt the encrypted data, automatically forwarding the encrypted data to the requestor; and

wherein when a request is received from the requestor for non-encrypted data automatically encrypting the non-encrypted on the remote network server, with the public encryption key of the requestor and automatically forwarding the encrypted data to the requestor.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.

77 Citations

View as Search Results

18 Claims

1. A method of storing data over a computer network from a first client computer system of a plurality of different client computer systems to a remote network server, comprising:
- generating a private encryption key and a public encryption key on a first client computer, wherein generating the private and public encryption keys are based at least in part a hardware identifier that is uniquely associated with the first client computer and based at least in part on user input;
  
  encrypting the data on the first client computer with the public encryption key to generate encrypted data;
  
  copying the public encryption key and the encrypted data to the remote network server; and
  
  storing the public encryption key and the encrypted data on a data storage medium in the remote network server in association with a file attribute that designates the data as encrypted, wherein the file attribute further indicates an owner of the public encryption key used to encrypt the encrypted data;
  
  wherein when a request of the remote network server for the encrypted data is received from a requestor, a determination is made whether the requestor is the owner of the public encryption key used to encrypt the encrypted data;
  
  wherein when the requestor is the owner of the public encryption key used to encrypt the encrypted data, automatically forwarding the encrypted data to the requestor; and
  
  wherein when a request is received from the requestor for non-encrypted data automatically encrypting the non-encrypted on the remote network server, with the public encryption key of the requestor and automatically forwarding the encrypted data to the requestor.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein when the requestor is not the owner of the public encryption key, the requestor is sent a message indicating the file is not encrypted with the requestor'"'"'s public encryption key.
  - 3. The method of claim 1, wherein the public encryption key is generated during a boot operation.
  - 4. The method of claim 1, further comprising automatically obtaining the public encryption key from the first client computer system when the data is not encrypted.

5. A computer network having one or more servers storing data files created by one or more clients, said computer network comprising:
- at least one data storage device located on a network serverat least one data storage device located on a first client computer system;
  
  first data files encrypted by the first client computer system with an encryption key associated with the first client computer system, wherein the encryption key is derived, at least in part, on an identifier unique to the first client computer system and at least in part on user input, such that the first data is encrypted differently by the first client computer than by other client computer systems and wherein the first encrypted data files and the encryption key are stored on one or more of the network server and the first client computer system, the first encrypted data files comprising a file attribute designating the first data files as encrypted and further indicating an owner of the encryption key;
  
  wherein when a request for data is received by the network server from a requestor, the owner of the encryption key associated with the data is compared to the requestor to determine whether the requestor is the owner of the encryption key;
  
  wherein when the requestor is the owner of the encryption key used to encrypt the data, automatically sending the requested data encrypted with the encryption key to the requestor; and
  
  wherein when the requested data is not encrypted, automatically encrypting the requested data with an encryption key associated with the requestor and automatically sending the encrypted data to the requestor.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The computer network of claim 5, further configured for retrieving the data from the remote network server wherein retrieving the data comprises checking the file attribute prior to routing the data back to the local data storage medium.
  - 7. The computer network of claim 5, further configured for checking the file attribute to determine whether the data is in unencrypted form prior to encrypting.
  - 8. The computer network of claim 5, wherein the file attribute indicates whether the data is in unencrypted form prior to performing the encrypting.
  - 9. The computer system of claim 5, wherein the encryption key is generated during a boot operation.
  - 10. The computer network of claim 5, wherein when the requestor is not the owner of the private encryption key, the requestor is sent a message indicating the file is not encrypted with the requestor'"'"'s public encryption key.
  - 11. The computer network of claim 10, wherein the network server obtains the public key from the first client computer system.

12. A computer network having one or more servers storing data provided by one or more clients, said computer network comprising:
- means for encrypting data with one or more public encryption keys, wherein each public encryption key is respectively unique to each of the one or more clients and derived at least in part from user input;
  
  means for storing the encrypted data and each public encryption key locally to the respective client;
  
  means for copying the encrypted data to a remote network server; and
  
  means for storing the encrypted data in the remote network server in association with a file attribute that designates the data as encrypted and further indicates the owner of the respective unique public encryption key;
  
  wherein when a request for data is received from a requestor and the data is encrypted, the owner of the public encryption key used to encrypt the data is compared to the requestor to determine whether the data was encrypted with the requestor'"'"'s public encryption key;
  
  wherein when the req uestor is the owner of the public key used to encrypt the data, automatically sending the requested data to the requestor; and
  
  wherein when the requested data was not encrypted automatically encrypting the requested data on the remote network server with a public key associated with the requestor and automatically sending the encrypted data to the requestor.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computer network of claim 12, further comprising a means for retrieving the data from the remote network server wherein retrieving the data comprises checking the file attribute prior to routing the data back to the client.
  - 14. The computer network of claim 12, further comprising a means for checking the file attribute to determine whether the data is in unencrypted form prior to encrypting.
  - 15. The computer network of claim 12, wherein the file attribute indicates whether the data is in unencrypted form prior to performing the encrypting.
  - 16. The computer network of claim 12, wherein the private encryption key is derived at least in part from an identification code unique to the client.
  - 17. The computer network of claim 12, wherein when the requestor is not the owner of the private encryption key, the requestor is sent a message indicating the file is not encrypted with the requestor'"'"'s public encryption key.
  - 18. The computer network of claim 17, further comprising means for obtaining the public key from the first client computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Rollins, Doug L.
Primary Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US11/521,163
Publication Number

US 20070014412A1
Time in Patent Office

1,104 Days
Field of Search

380/277, 713/165, 713/168, 713/193
US Class Current

726/3
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/104   Grouping of entities

H04L 67/06   specially adapted for file ...

Data security for digital data storage

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links