Recovery of encrypted data from a secure storage device

US 8,438,647 B2
Filed: 09/19/2006
Issued: 05/07/2013
Est. Priority Date: 07/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for recovering encrypted data from a target portable secure storage device having a user interface for receiving a user code to access the encrypted data, the method comprising:

coupling the target portable secure storage device to a recovery module;

receiving a recovery request to recover the encrypted data when the user code is unavailable from the user interface;

sending a transfer command to the target portable secure storage device;

receiving an authorization request from the target portable secure storage device in response to the transfer command;

responding to the authorization request with an authorization response;

authenticating the authorization response without verifying the user code;

receiving the encrypted data from the target portable secure storage device;

coupling a plurality of authorized secure storage devices to the recovery module;

retrieving a plurality of encryption keys from the plurality of authorized secure storage devices;

unlocking a decryption key with the plurality of encryption keys; and

decrypting the encrypted data with the decryption key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary software product to recover encrypted data from a target secure storage device can comprise software operational when executed by a processor to receive a recovery request to recovery the encrypted data, send a transfer command to the target secure storage device, receive an authorization request from the target secure storage device in response to the transfer command, respond to the authorization request, and receive the encrypted data from the target secure storage device.

Citations

33 Claims

1. A method for recovering encrypted data from a target portable secure storage device having a user interface for receiving a user code to access the encrypted data, the method comprising:
- coupling the target portable secure storage device to a recovery module;
  
  receiving a recovery request to recover the encrypted data when the user code is unavailable from the user interface;
  
  sending a transfer command to the target portable secure storage device;
  
  receiving an authorization request from the target portable secure storage device in response to the transfer command;
  
  responding to the authorization request with an authorization response;
  
  authenticating the authorization response without verifying the user code;
  
  receiving the encrypted data from the target portable secure storage device;
  
  coupling a plurality of authorized secure storage devices to the recovery module;
  
  retrieving a plurality of encryption keys from the plurality of authorized secure storage devices;
  
  unlocking a decryption key with the plurality of encryption keys; and
  
  decrypting the encrypted data with the decryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - coupling an authorized secure storage device to the recovery module;
      
      retrieving an encryption key from an the authorized secure storage device; and
      
      decrypting the encrypted data with, at least in part, the encryption key.
  - 3. The method of claim 1, wherein the transfer command is digitally signed.
  - 4. The method of claim 1, wherein responding to the authorization request comprises:
    - digitally signing at least a part of an authorization request response with an encryption key from an authorized secure storage device coupled to the recovery module; and
      
      sending the digitally signed authorization request response to the target portable secure storage device.
  - 5. The method of claim 1, wherein responding to the authorization request comprises:
    - decrypting at least a part of the authorization request with an encryption key from an authorized secure storage device coupled to the recovery module; and
      
      sending the encrypted authorization request to the target portable secure storage device.
  - 6. The method of claim 1, wherein the encrypted data is stored within a single data partition within the target portable secure storage device.
  - 7. The method of claim 1, wherein the encrypted data from the target portable secure storage device is recovered from at least one data partition within the target portable secure storage device and the at least one data partition is determined by the authorization response.
  - 8. The method of claim 1, further comprising transmitting an authentication identifier to the target portable secure storage device.
  - 9. The method of claim 8, wherein the authentication identifier is a password or a biometric identifier.
  - 10. The method of claim 1, further comprising storing a verification encryption key on the target portable secure storage device.
  - 11. The method of claim 10, wherein the verification encryption key can verify the transfer request or can verify an authorization request response.
  - 12. The method of claim 1, further comprising storing an encrypted decryption key within the target portable secure storage device.
  - 13. The method of claim 12, wherein the encrypted decryption key may be decrypted by one or more public encryption keys.

14. A system comprising:
- a portable secure storage device having a user interface for receiving a user code to access data on the portable secure storage device; and
  
  a recovery module for accessing the data when the user code is unavailable, the recovery module comprising;
  
  a communication interface configured to couple with the portable secure storage device; and
  
  a processor connected to the communication interface, the processor configured to;
  
  receive a recovery request to recover the data;
  
  send a transfer command to the portable secure storage device;
  
  receive an authorization request from the portable secure storage device in response to the transfer command;
  
  respond to the authorization request by providing an authorization response to the portable secure storage device;
  
  receive the data from the portable secure storage device based on authentication of the authorization response without verifying the user code;
  
  retrieve a plurality of encryption keys from a plurality of authorized secure storage devices coupled to the communication interface;
  
  unlock a decryption key with the plurality of encryption keys; and
  
  decrypt the encrypted data with the decryption key.
- View Dependent Claims (15, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 15. The system of claim 14, wherein the processor is further configured to:
    - retrieve an encryption key from an authorized secure storage device coupled to the communication interface; and
      
      decrypt the data with the encryption key.
  - 17. The system of claim 14, wherein the authorization response is authenticated by comparing to a database on the portable secure storage device.
  - 18. The system of claim 14, wherein the transfer command is digitally signed by a public encryption key from a user of the recovery module.
  - 19. The system of claim 18, wherein the digitally signed transfer command is verified by a verification encryption key stored within the portable secure storage device.
  - 20. The system of claim 15, wherein the portable secure storage device and the authorized secure storage device are simultaneously coupled to the communication interface.
  - 21. The system of claim 20, wherein the transfer command is digitally signed by a private encryption key from the authorized secure storage device.
  - 22. The system of claim 20, wherein the authorization response is digitally signed by a private encryption key from the authorized secure storage device.
  - 23. The system of claim 22, wherein the digitally signed authorization response is verified by a verification encryption key stored within the portable secure storage device.
  - 24. The system of claim 15, wherein the portable secure storage device and the plurality of authorized secure storage devices are simultaneously coupled to the communication interface.
  - 25. The system of claim 14, wherein the user interface comprises means for receiving a user code comprising a password.
  - 26. The system of claim 25, wherein the recovery module is configured to send an authentication identifier comprising the password to the portable secure storage device.
  - 27. The system of claim 14, wherein the user interface comprises means for receiving a user code comprising a voice, fingerprint, or retina scan.
  - 28. The system of claim 27, wherein the recovery module is configured to send an authentication identifier comprising the voice, fingerprint or retina scan to the portable secure storage device.
  - 29. The system of claim 14, wherein the portable secure storage device comprises a flash memory device.
  - 30. The system of claim 29, wherein the communication interface comprises a USB port for coupling to the flash memory device.

16. A non-transitory computer readable storage medium having a program embodied thereon, the program executable by the processor to perform a method for recovering data from a target portable secure storage device having a user interface for receiving a user code to access the data, the method comprising:
- receiving a recovery request to recover the data when the user code is unavailable from the user interface;
  
  sending a transfer command to the target portable secure storage device;
  
  receiving an authorization request from the target portable secure storage device in response to the transfer command;
  
  responding to the authorization request by sending an authorization response from the recovery module to the target portable secure storage device, wherein the authorization response is authenticated without verifying the user code;
  
  receiving the encrypted data from the target portable secure storage device,coupling a plurality of authorized secure storage devices to the recovery module;
  
  retrieving a plurality of encryption keys from the plurality of authorized secure storage devices;
  
  unlocking a decryption key with the plurality of authorized secure storage devices;
  
  unlocking a decryption key with the plurality of encryption keys; and
  
  decrypting the encrypted data with the decryption key.
- View Dependent Claims (31, 32, 33)
- - 31. The computer readable storage medium of claim 16, wherein the program is executable by the processor to perform a method comprising digitally signing the transfer command with a public encryption key.
  - 32. The computer readable storage medium of claim 16, wherein the program is executable by the processor to perform a method comprising digitally signing the transfer request with a private encryption key from an authorized secure storage device operationally coupled to the recovery module.
  - 33. The computer readable storage medium of claim 16, wherein the program is executable by the processor to perform a method comprising digitally signing the authorization response with a private encryption key from an authorized secure storage device operationally coupled to the recovery module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Data Locker Incorporated
Original Assignee
Imation Corporation (Glassbridge Enterprises, Inc.)
Inventors
Jevans, David Alexander
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US11/523,968
Publication Number

US 20070101434A1
Time in Patent Office

2,422 Days
Field of Search

726/26, 713/165
US Class Current

726/26
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

G06F 21/78 to assure secure storage of...

Recovery of encrypted data from a secure storage device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Recovery of encrypted data from a secure storage device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links