Data security for digital data storage
First Claim
Patent Images
1. A method of storing data comprising:
- generating an encryption key on a client computer, wherein the encryption key is uniquely associated at least in part with a user of the client computer;
encrypting data on the client computer to generate encrypted data;
copying the encrypted data to a remote network server;
storing a file attribute in association with the encrypted data that (i) designates the data as encrypted, and (ii) indicates an owner of the encryption key; and
storing an indication of an owner of the encrypted data;
wherein when a request is received from a requestor for the encrypted data and the requester is the owner of the encrypted data, automatically forwarding the encrypted data to the requester; and
wherein when a request is received from a requester for non-encrypted data, automatically encrypting the non-encrypted data with the encryption key associated with the requester and automatically forwarding the encrypted data to the requester.
7 Assignments
0 Petitions
Accused Products
Abstract
A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.
-
Citations
25 Claims
-
1. A method of storing data comprising:
-
generating an encryption key on a client computer, wherein the encryption key is uniquely associated at least in part with a user of the client computer; encrypting data on the client computer to generate encrypted data; copying the encrypted data to a remote network server; storing a file attribute in association with the encrypted data that (i) designates the data as encrypted, and (ii) indicates an owner of the encryption key; and storing an indication of an owner of the encrypted data; wherein when a request is received from a requestor for the encrypted data and the requester is the owner of the encrypted data, automatically forwarding the encrypted data to the requester; and wherein when a request is received from a requester for non-encrypted data, automatically encrypting the non-encrypted data with the encryption key associated with the requester and automatically forwarding the encrypted data to the requester. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer storage system comprising:
-
at least one data storage device associated with a network server; encrypted data that has been encrypted by a first client computer with an encryption key wherein the encryption key is uniquely associated at least in part with a user of the first client computer, wherein the encrypted data and the encryption key are stored on the data storage device associated with the network server, and wherein the encrypted data has a file attribute associated therewith that identifies an owner of the encrypted data; wherein when a request is received from a requestor for the encrypted data and the requestor is the owner of the encrypted data, the network server is configured to automatically send the encrypted data to the requestor; and wherein when a request is received from a requestor for non-encrypted data, the network server is configured to automatically encrypt the non-encrypted data with an encryption key associated with the requestor and automatically send the encrypted data to the requestor; and wherein the file attribute also indicates an owner of the encryption key used to encrypt the encrypted data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of storing data comprising:
-
generating an encryption key on a client computer, the encryption key being uniquely associated at least in part with a user; encrypting data on the client computer to generate first encrypted data; storing the first encrypted data on a storage server; and storing an attribute in association with the first encrypted data that (i) designates the data as encrypted, and (ii) indicates the user'"'"'s association with the encryption key; wherein; when a request is received for the data from a requestor authorized to access the data, providing the data to the requestor; and when a request is received from a requestor for non-encrypted data, encrypting the non-encrypted data with an encryption key associated with the requestor, thereby generating second encrypted data, and providing the second encrypted data to the requestor. - View Dependent Claims (18)
-
-
19. A method of storing data in a computerized storage system, comprising:
-
generating an encryption key at a first computer, the encryption key being uniquely associated at least in part with a user; encrypting data on the first computer to generate first encrypted data; storing the first encrypted data on a computerized storage device, the computerized storage device connected via a network to the first computer; and storing an attribute in association with the first encrypted data that (i) designates the data as encrypted, and (ii) indicates the association between the user and the encryption key; processing a data request from a requestor; wherein when the request is for data that has not been previously encrypted, encrypting the requested data with the encryption key to generate second encrypted data, and providing the second encrypted data to the requestor. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method of processing data in a computerized storage system, comprising:
-
generating an encryption key at a first computer; providing non-encrypted data; encrypting the non-encrypted data on the first computer using the generated key to generate first encrypted data; storing the first encrypted data on a computerized storage device, the computerized storage device connected via a network to the first computer; storing an attribute in association with the encrypted data that (i) designates the data as encrypted, and (ii) indicates the association between the user and the encrypted data; and processing a data request from the user; wherein when the request is for the non-encrypted data, encrypting the non-encrypted data with an encryption key associated with the user to generate second encrypted data, and providing the second encrypted data to the user. - View Dependent Claims (25)
-
Specification