Data security for digital data storage
First Claim
Patent Images
1. Apparatus configured to store data, the apparatus comprising:
- a first apparatus configured to receive an encryption key generated by a first computer, the encryption key uniquely associated at least in part with a user of the first computer;
a second apparatus configured to obtain encrypted data via the first computer, the encrypted data having been generated using the encryption key;
a third apparatus configured to receive a file attribute to be stored, the file attribute in association with the encrypted data denoting the data as encrypted, and further indicating a source of the encryption key;
a fourth apparatus configured to cause an indication of a source of the encrypted data to be stored; and
logic configured to cause the apparatus to;
when a request is received from a requestor for the encrypted data, and the requestor is the source of the encrypted data, forward the encrypted data to the requestor; and
when the request is received from the requestor for non-encrypted data, encrypt the non-encrypted data with the encryption key associated with the requestor and forward the encrypted data to the requestor.
7 Assignments
0 Petitions
Accused Products
Abstract
A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.
-
Citations
18 Claims
-
1. Apparatus configured to store data, the apparatus comprising:
-
a first apparatus configured to receive an encryption key generated by a first computer, the encryption key uniquely associated at least in part with a user of the first computer; a second apparatus configured to obtain encrypted data via the first computer, the encrypted data having been generated using the encryption key; a third apparatus configured to receive a file attribute to be stored, the file attribute in association with the encrypted data denoting the data as encrypted, and further indicating a source of the encryption key; a fourth apparatus configured to cause an indication of a source of the encrypted data to be stored; and logic configured to cause the apparatus to; when a request is received from a requestor for the encrypted data, and the requestor is the source of the encrypted data, forward the encrypted data to the requestor; and when the request is received from the requestor for non-encrypted data, encrypt the non-encrypted data with the encryption key associated with the requestor and forward the encrypted data to the requestor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computerized storage system, comprising:
-
a storage device; a processor in data communication with the storage device, the processor configured to execute at least one computer program comprising a plurality of instructions configured to, when executed by the processor; receive a user-specific encryption key; receive user-specific information enabling an authorized entity to access first data based at least in part on an association of the user-specific information and the first data; encrypt the first data upon a determination that the first data has not been previously encrypted as a first encrypted data, using at least the user-specific encryption key so as to produce the first encrypted data; store the first encrypted data and the user-specific information on the storage device; receive a request for access to the first encrypted data; determine, based at least in part on the stored user-specific information, whether the request is received from the authorized entity; and when it is determined that the request is received from the authorized entity, provide the requested first encrypted data thereto. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of storing data in a computerized storage system, comprising:
-
generating an encryption key using a first computer, the encryption key being uniquely associated at least in part with a user; encrypting data using the encryption key and a first computer to generate first encrypted data; causing the first encrypted data to be stored on a computerized storage device, the computerized storage device connected via a network to the first computer; and providing an attribute to be stored on the computerized storage device, the attribute in association with the first encrypted data (i) designating the first encrypted data as encrypted, and (ii) indicating an association between the user and the encryption key; wherein the attribute is configured to cause requested data that has not been previously encrypted to be encrypted using the encryption key to generate second encrypted data, the second encrypted data to be provided to a source of a request for the requested data. - View Dependent Claims (15, 16, 17, 18)
-
Specification