Content cryptographic firewall system
First Claim
1. A method of transferring data between a computer and a mobile storage device, the method comprising:
- generating a cryptographic key;
generating a security domain secret, the security domain secret being a secret associated with a security domain, the security domain defining a set of objects that are protected by the cryptographic key and a set of computers for accessing the protected objects;
provisioning a mobile storage device as one of the set of objects within the security domain by;
encrypting the cryptographic key using a password and the security domain secret, andstoring the encrypted cryptographic key on the mobile storage device;
provisioning a computer by storing the security domain secret in a memory device on the computer;
coupling the mobile storage device to an interface of the computer; and
performing a data transfer by;
decrypting the cryptographic key with the password and the security domain secret;
performing a cryptographic operation on data using the decrypted cryptographic key; and
transferring the data between the mobile storage device and the computer.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method that regulates the various operations between computing stations and storage or content. Any operation that involves or may lead to the exchange or accessing of content (data) between storage or hosting content container and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed/updated upon a computing station for specific User(s) and will regulate the data operations that may take place between the computing stations and storage or content based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied.
-
Citations
8 Claims
-
1. A method of transferring data between a computer and a mobile storage device, the method comprising:
-
generating a cryptographic key; generating a security domain secret, the security domain secret being a secret associated with a security domain, the security domain defining a set of objects that are protected by the cryptographic key and a set of computers for accessing the protected objects; provisioning a mobile storage device as one of the set of objects within the security domain by; encrypting the cryptographic key using a password and the security domain secret, and storing the encrypted cryptographic key on the mobile storage device; provisioning a computer by storing the security domain secret in a memory device on the computer; coupling the mobile storage device to an interface of the computer; and performing a data transfer by; decrypting the cryptographic key with the password and the security domain secret; performing a cryptographic operation on data using the decrypted cryptographic key; and transferring the data between the mobile storage device and the computer. - View Dependent Claims (2, 3, 4)
-
-
5. A system for transferring data, the system comprising:
-
a mobile storage device, the mobile storage device having stored thereon an encrypted cryptographic key, the encrypted cryptographic key being encrypted with a password and a security domain secret, the security domain secret is a secret associated with a security domain, the security domain defining a set of objects that are protected by the cryptographic key and a set of computers for accessing the protected objects; a computer having a memory for storing the security domain secret and an interface for coupling to external devices, the computer being configured to; couple to the mobile storage device at the interface; transfer data to and from the mobile storage through the interface device by; decrypting the cryptographic key with the password and the security domain secret; performing a cryptographic operation on the data using the cryptographic key; and transferring the data between the mobile storage device and the computer. - View Dependent Claims (6, 7, 8)
-
Specification