Data security for digital data storage

US 8,191,159 B2
Filed: 09/10/2009
Issued: 05/29/2012
Est. Priority Date: 03/27/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of storing data comprising:

generating an encryption key on a client computer, wherein the encryption key is uniquely associated at least in part with a user of the client computer;

encrypting data on the client computer to generate encrypted data;

copying the encrypted data to a remote network server;

storing a file attribute in association with the encrypted data that (i) designates the data as encrypted, and (ii) indicates an owner of the encryption key; and

storing an indication of an owner of the encrypted data;

wherein when a request is received from a requestor for the encrypted data and the requester is the owner of the encrypted data, automatically forwarding the encrypted data to the requester; and

wherein when a request is received from a requester for non-encrypted data, automatically encrypting the non-encrypted data with the encryption key associated with the requester and automatically forwarding the encrypted data to the requester.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.

Citations

25 Claims

1. A method of storing data comprising:
- generating an encryption key on a client computer, wherein the encryption key is uniquely associated at least in part with a user of the client computer;
  
  encrypting data on the client computer to generate encrypted data;
  
  copying the encrypted data to a remote network server;
  
  storing a file attribute in association with the encrypted data that (i) designates the data as encrypted, and (ii) indicates an owner of the encryption key; and
  
  storing an indication of an owner of the encrypted data;
  
  wherein when a request is received from a requestor for the encrypted data and the requester is the owner of the encrypted data, automatically forwarding the encrypted data to the requester; and
  
  wherein when a request is received from a requester for non-encrypted data, automatically encrypting the non-encrypted data with the encryption key associated with the requester and automatically forwarding the encrypted data to the requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein when the requester is not the owner of the encrypted data, the requester is sent a message indicating the encrypted data is not associated with the requester.
  - 3. The method of claim 1, further comprising automatically obtaining the encryption key from the client computer to encrypt the non-encrypted data.
  - 4. The method of claim 1, further comprising retrieving data from the remote network server wherein retrieving the data comprises checking the file attribute prior to routing the data back to the client computer.
  - 5. The method of claim 1, further comprising checking the file attribute to determine whether data is in unencrypted form prior to encrypting.
  - 6. The method of claim 1, wherein the encryption key comprises at least one of a private encryption key and a public encryption key.
  - 7. The method of claim 6, wherein the remote network server obtains the public key from the client computer.
  - 8. The method of claim 6, wherein the public encryption key and the encrypted data are stored on the remote network server.

9. A computer storage system comprising:
- at least one data storage device associated with a network server;
  
  encrypted data that has been encrypted by a first client computer with an encryption key wherein the encryption key is uniquely associated at least in part with a user of the first client computer, wherein the encrypted data and the encryption key are stored on the data storage device associated with the network server, and wherein the encrypted data has a file attribute associated therewith that identifies an owner of the encrypted data;
  
  wherein when a request is received from a requestor for the encrypted data and the requestor is the owner of the encrypted data, the network server is configured to automatically send the encrypted data to the requestor; and
  
  wherein when a request is received from a requestor for non-encrypted data, the network server is configured to automatically encrypt the non-encrypted data with an encryption key associated with the requestor and automatically send the encrypted data to the requestor; and
  
  wherein the file attribute also indicates an owner of the encryption key used to encrypt the encrypted data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer storage system of claim 9, wherein when the requestor is not the owner of the encrypted data, the requestor is sent a message indicating the encrypted data is not associated with the requestor.
  - 11. The computer storage system of claim 9 wherein the network server is configured to obtain the encryption key from the client computer to encrypt the non-encrypted data.
  - 12. The computer storage system of claim 9, wherein the network server is configured to check the file attribute prior to routing the data back to the client.
  - 13. The computer storage system of claim 9, wherein the network server is configured to check the file attribute to determine whether data is in unencrypted form prior to encrypting.
  - 14. The computer storage system of claim 9, wherein the encryption key comprises a private encryption key and a public encryption key.
  - 15. The computer storage system of claim 14, wherein the network server obtains the public key from the client computer.
  - 16. The computer storage system of claim 14, wherein the public encryption key and the encrypted data are stored on the network server.

17. A method of storing data comprising:
- generating an encryption key on a client computer, the encryption key being uniquely associated at least in part with a user;
  
  encrypting data on the client computer to generate first encrypted data;
  
  storing the first encrypted data on a storage server; and
  
  storing an attribute in association with the first encrypted data that (i) designates the data as encrypted, and (ii) indicates the user'"'"'s association with the encryption key;
  
  wherein;
  
  when a request is received for the data from a requestor authorized to access the data, providing the data to the requestor; and
  
  when a request is received from a requestor for non-encrypted data, encrypting the non-encrypted data with an encryption key associated with the requestor, thereby generating second encrypted data, and providing the second encrypted data to the requestor.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein the requestor authorized to access the data comprises the user.

19. A method of storing data in a computerized storage system, comprising:
- generating an encryption key at a first computer, the encryption key being uniquely associated at least in part with a user;
  
  encrypting data on the first computer to generate first encrypted data;
  
  storing the first encrypted data on a computerized storage device, the computerized storage device connected via a network to the first computer; and
  
  storing an attribute in association with the first encrypted data that (i) designates the data as encrypted, and (ii) indicates the association between the user and the encryption key;
  
  processing a data request from a requestor;
  
  wherein when the request is for data that has not been previously encrypted, encrypting the requested data with the encryption key to generate second encrypted data, and providing the second encrypted data to the requestor.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, further comprising decrypting the first encrypted data by the first computer using the encryption key.
  - 21. The method of claim 19, further comprising decrypting at least a portion of the second encrypted data by the first computer using the encryption key.
  - 22. The method of claim 19, wherein the encryption key associated with the user comprises at least one of a private encryption key and a public encryption key.
  - 23. The method of claim 19, wherein the act of generating the encryption key is based at least in part on receiving a unique identifier from a storage location within the client computer.

24. A method of processing data in a computerized storage system, comprising:
- generating an encryption key at a first computer;
  
  providing non-encrypted data;
  
  encrypting the non-encrypted data on the first computer using the generated key to generate first encrypted data;
  
  storing the first encrypted data on a computerized storage device, the computerized storage device connected via a network to the first computer;
  
  storing an attribute in association with the encrypted data that (i) designates the data as encrypted, and (ii) indicates the association between the user and the encrypted data; and
  
  processing a data request from the user;
  
  wherein when the request is for the non-encrypted data, encrypting the non-encrypted data with an encryption key associated with the user to generate second encrypted data, and providing the second encrypted data to the user.
- View Dependent Claims (25)
- - 25. The method of claim 24, further comprising storing information relating to the generated encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Rollins, Doug L.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/557,334
Publication Number

US 20100005287A1
Time in Patent Office

992 Days
Field of Search

380/277, 380/283, 380/44, 713/165, 713/168, 713/193, 713/150, 726/27
US Class Current

726/27
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/104   Grouping of entities

H04L 67/06   specially adapted for file ...

Data security for digital data storage

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links