Time-based key management for encrypted information
First Claim
Patent Images
1. An apparatus comprising:
- a host interface coupled to a host device, said host interface configured to accept a read command;
a storage device interface coupled to a storage device capable of storing information;
a data status table storing information associated with data stored on said storage device, wherein acceptance of said read command by said host interface causes data status information to be retrieved from said data status table;
a decryption apparatus coupled to said host interface and to said storage device interface;
a key storage circuit storing a plurality of decryption keys, wherein at least one of said plurality of decryption keys can be used to decrypt information stored on said storage device, and wherein a selection of a decryption key is based on said data status information;
a real time clock apparatus coupled to said key storage circuit;
wherein said real time clock provides a signal to cause said key storage circuit to erase one or more of said plurality of decryption keys on a periodic basis.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are utilized to manage keys associated with encrypted stored information. Sensitive information is stored in an encrypted form, and by creating and deleting the keys needed to decrypt information according to a time-based policy, the convenient expiration of stored data can be realized. By periodically erasing old keys and creating new keys, information that has not been written recently becomes virtually deleted. A refresh policy can be utilized to cause information that is read to be re-encrypted using a newer key, thereby extending the time before it will become inaccessible.
-
Citations
6 Claims
-
1. An apparatus comprising:
-
a host interface coupled to a host device, said host interface configured to accept a read command; a storage device interface coupled to a storage device capable of storing information; a data status table storing information associated with data stored on said storage device, wherein acceptance of said read command by said host interface causes data status information to be retrieved from said data status table; a decryption apparatus coupled to said host interface and to said storage device interface; a key storage circuit storing a plurality of decryption keys, wherein at least one of said plurality of decryption keys can be used to decrypt information stored on said storage device, and wherein a selection of a decryption key is based on said data status information; a real time clock apparatus coupled to said key storage circuit; wherein said real time clock provides a signal to cause said key storage circuit to erase one or more of said plurality of decryption keys on a periodic basis. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification