Data security for digital data storage

US 9,003,177 B2
Filed: 05/25/2012
Issued: 04/07/2015
Est. Priority Date: 03/27/2001
Status: Expired due to Fees

First Claim

Patent Images

1. Apparatus configured to store data, the apparatus comprising:

a first apparatus configured to receive an encryption key generated by a first computer, the encryption key uniquely associated at least in part with a user of the first computer;

a second apparatus configured to obtain encrypted data via the first computer, the encrypted data having been generated using the encryption key;

a third apparatus configured to receive a file attribute to be stored, the file attribute in association with the encrypted data denoting the data as encrypted, and further indicating a source of the encryption key;

a fourth apparatus configured to cause an indication of a source of the encrypted data to be stored; and

logic configured to cause the apparatus to;

when a request is received from a requestor for the encrypted data, and the requestor is the source of the encrypted data, forward the encrypted data to the requestor; and

when the request is received from the requestor for non-encrypted data, encrypt the non-encrypted data with the encryption key associated with the requestor and forward the encrypted data to the requestor.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system includes data encryption in the data path between a data source and data storage devices. The data storage devices may be local or they may be network resident. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer. In a LAN embodiment, public encryption keys may be automatically transferred to a network server for file encryption prior to file transfer to a client system.

Citations

18 Claims

1. Apparatus configured to store data, the apparatus comprising:
- a first apparatus configured to receive an encryption key generated by a first computer, the encryption key uniquely associated at least in part with a user of the first computer;
  
  a second apparatus configured to obtain encrypted data via the first computer, the encrypted data having been generated using the encryption key;
  
  a third apparatus configured to receive a file attribute to be stored, the file attribute in association with the encrypted data denoting the data as encrypted, and further indicating a source of the encryption key;
  
  a fourth apparatus configured to cause an indication of a source of the encrypted data to be stored; and
  
  logic configured to cause the apparatus to;
  
  when a request is received from a requestor for the encrypted data, and the requestor is the source of the encrypted data, forward the encrypted data to the requestor; and
  
  when the request is received from the requestor for non-encrypted data, encrypt the non-encrypted data with the encryption key associated with the requestor and forward the encrypted data to the requestor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the logic is further configured to cause the apparatus to, when the requestor is not the source of the encrypted data, send the requestor a message indicating that the encrypted data is not associated with the requestor.
  - 3. The apparatus of claim 1, further comprising a fifth apparatus configured to automatically obtain the encryption key from the first computer to encrypt the non-encrypted data.
  - 4. The apparatus of claim 1, further comprising a sixth apparatus configured to process the request to retrieve the data, wherein the processing comprises a check of the file attribute prior to provision of the data back to the first computer.
  - 5. The apparatus of claim 1, further comprising a seventh apparatus configured to check the file attribute to determine whether the request for data is in unencrypted form prior to encryption thereof.
  - 6. The apparatus of claim 1, wherein the encryption key comprises at least one of a private encryption key and a public encryption key.
  - 7. The apparatus of claim 6, wherein the public encryption key is obtained by the first apparatus from the first computer.
  - 8. The apparatus of claim 6, wherein the first apparatus is configured to store the public encryption key and the encrypted data.

9. A computerized storage system, comprising:
- a storage device;
  
  a processor in data communication with the storage device, the processor configured to execute at least one computer program comprising a plurality of instructions configured to, when executed by the processor;
  
  receive a user-specific encryption key;
  
  receive user-specific information enabling an authorized entity to access first data based at least in part on an association of the user-specific information and the first data;
  
  encrypt the first data upon a determination that the first data has not been previously encrypted as a first encrypted data, using at least the user-specific encryption key so as to produce the first encrypted data;
  
  store the first encrypted data and the user-specific information on the storage device;
  
  receive a request for access to the first encrypted data;
  
  determine, based at least in part on the stored user-specific information, whether the request is received from the authorized entity; and
  
  when it is determined that the request is received from the authorized entity, provide the requested first encrypted data thereto.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer storage system of claim 9, wherein the plurality of instructions are further configured to, when executed:
    - determine that a requesting entity is not the authorized entity of the encrypted data; and
      
      cause transmission of a message that indicates that the encrypted data is not associated with the requesting entity.
  - 11. The computer storage system of claim 9, wherein the computerized storage system is configured to obtain the user-specific encryption key from the authorized entity to enable said encryption of the non-encrypted data.
  - 12. The computer storage system of claim 9, wherein the computerized storage system is configured to check the association of the user-specific information and the first data to at least determine that the first data is in unencrypted form prior to encrypting.
  - 13. The computer storage system of claim 9, wherein the authorized entity comprises a specific user.

14. A method of storing data in a computerized storage system, comprising:
- generating an encryption key using a first computer, the encryption key being uniquely associated at least in part with a user;
  
  encrypting data using the encryption key and a first computer to generate first encrypted data;
  
  causing the first encrypted data to be stored on a computerized storage device, the computerized storage device connected via a network to the first computer; and
  
  providing an attribute to be stored on the computerized storage device, the attribute in association with the first encrypted data (i) designating the first encrypted data as encrypted, and (ii) indicating an association between the user and the encryption key;
  
  wherein the attribute is configured to cause requested data that has not been previously encrypted to be encrypted using the encryption key to generate second encrypted data, the second encrypted data to be provided to a source of a request for the requested data.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising decrypting the first encrypted data by the first computer using at least the encryption key.
  - 16. The method of claim 14, further comprising decrypting at least a portion of the second encrypted data by the first computer using at least the encryption key.
  - 17. The method of claim 14, wherein the encryption key associated with the user comprises at least one of a private encryption key and a public encryption key.
  - 18. The method of claim 14, wherein the act of generating the encryption key is based at least in part on receiving a unique identifier from a storage location within the first computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Rollins, Doug L.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US13/481,623
Publication Number

US 20120233454A1
Time in Patent Office

1,047 Days
Field of Search

713/150
US Class Current

713/150
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/104   Grouping of entities

H04L 67/06   specially adapted for file ...

Data security for digital data storage

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links