Securing backing storage data passed through a network

US 9,178,694 B2
Filed: 04/18/2014
Issued: 11/03/2015
Est. Priority Date: 04/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method to secure data read from a storage device before the data is passed to a network, comprising:

reading data from the storage device before the data is passed to the network;

examining, with an electronic device, the data read from the storage device to identify header information that indicates whether the data is either compressed or uncompressed;

identifying the data as either compressed or uncompressed based on the examination of the header information;

evaluating the data to determine whether the data read from the storage device is in encrypted form or whether the data read from the storage device is in unencrypted form;

passing the data read from the storage device without further encryption in response to determination that the data read from the storage device is in encrypted form so as to avoid double encryption of the data;

encrypting the data read from the storage device in response to determination that the data read from the storage device is not in encrypted form;

passing the encrypted data to the network; and

storing the encrypted data in a cache.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques described herein generally relate to methods, data processing devices and computer readable media to ensure that data stored in a remote backing storage device are in encrypted form before that data is transferred to another device or over a network. In some examples, the methods, data processing devices and computer readable media may be arranged to encrypt the data passed to the network when the data stored in the backing storage device is in unencrypted form. Also disclosed are methods, data processing devices and computer readable media that identify when the data stored in the backing storage device is in unencrypted form, including methods that may detect that the data may appear to be in encrypted form as a result of the data being compressed.

Citations

21 Claims

1. A method to secure data read from a storage device before the data is passed to a network, comprising:
- reading data from the storage device before the data is passed to the network;
  
  examining, with an electronic device, the data read from the storage device to identify header information that indicates whether the data is either compressed or uncompressed;
  
  identifying the data as either compressed or uncompressed based on the examination of the header information;
  
  evaluating the data to determine whether the data read from the storage device is in encrypted form or whether the data read from the storage device is in unencrypted form;
  
  passing the data read from the storage device without further encryption in response to determination that the data read from the storage device is in encrypted form so as to avoid double encryption of the data;
  
  encrypting the data read from the storage device in response to determination that the data read from the storage device is not in encrypted form;
  
  passing the encrypted data to the network; and
  
  storing the encrypted data in a cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising encrypting the data read from the storage device for the data that is identified as compressed before the data read from the storage device is passed to the network.
  - 3. The method of claim 1, wherein evaluating the data read from the storage device to determine whether the data is in encrypted form comprises examining a table associated with the data read from the storage device.
  - 4. The method of claim 1, wherein evaluating the data read from the storage device to determine whether the data is in encrypted form comprises evaluating records in a file or a file system that indicate encryption.
  - 5. The method of claim 1, further comprising:
    - receiving security credentials;
      
      erasing the data in the cache if the security credentials are determined to be compromised.
  - 6. The method of claim 5, wherein the security credentials are determined to be compromised in response to loss of contact by the cache with the network.
  - 7. The method of claim 1, wherein encrypting the data includes using an advanced encryption standard (AES) routine.

8. A remote data storage system that includes data security, the remote data storage system comprising:
- a storage device configured to store data in encrypted form unencrypted form, or combinations thereof; and
  
  an electronic device coupled to the storage device, the electronic device configured to examine data read from the storage device before the data is passed to a network, the electronic device further configured to identify the data read from the storage device as either stored in encrypted form or stored in unencrypted form,wherein the electronic device is further configured to encrypt the data read from the storage device before the data read from the storage device is output from the remote data storage system to the network, in response to the data read from the storage device being identified as stored in unencrypted form and in response to identification of an authorized user by an input device coupled to the electronic device, andwherein the electronic device is further configured to examine the data read from the storage device to identify header information that indicates whether the data read from the storage device is either compressed or uncompressed and further configured to identify the data read from the storage device as either compressed or uncompressed based on the examination of the header information.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The remote data storage system of claim 8, wherein the input device is configured to receive information from a radio frequency identification card.
  - 10. The remote data storage system of claim 8, wherein the input device is configured to receive biometric information.
  - 11. The remote data storage system of claim 8, further comprising a cache coupled to the electronic device through the network, wherein the cache is configured to receive the data stored in encrypted form from the electronic device.
  - 12. The remote data storage system of claim 11, wherein the electronic device is further configured to erase the encrypted data from the cache if the authorized user is not identified by the input device.
  - 13. The remote data storage system of claim 11, wherein the electronic device is further configured to erase the encrypted data from the cache in response to entry of the remote data storage system into a sleep mode.

14. A data processor system to secure data transferred over a network, comprising:
- a remote data storage system, the remote storage system comprising;
  
  a storage device configured to store certain data in encrypted form, unencrypted form, or a combination thereof; and
  
  an electronic device coupled to the storage device, the electronic device configured to identify the certain data stored in the storage device as either encrypted or unencrypted and pass the certain data to the network encrypted, the electronic device further configured to only encrypt the certain data prior to passage of the certain data to the network responsive to identification of the certain data as unencrypted such that the certain data is not double encrypted,the electronic device further configured to examine the certain data to identify header information that indicates whether the certain data is either compressed or uncompressed and configured to identify the certain data as either compressed or uncompressed based on the examination of the header information; and
  
  a computer system communicatively coupled to the remote data storage system, the computer system comprising;
  
  a processor;
  
  a data cache coupled to the processor and configured to store the certain data from the network for use by the processor.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The data processor system of claim 14, wherein the computer system further comprises an input device coupled to the processor and configured to receive security credentials, wherein the computer system is further configured to erase at least a portion of the certain data from the data cache if the input device does not receive the security credentials.
  - 16. The data processor system of claim 15, wherein the input device is configured to receive the security credential from a radio frequency identification card.
  - 17. The data processor system of claim 15, wherein the input device includes a thumbprint scanner.
  - 18. The data processor system of claim 14, wherein the electronic device comprises:
    - a first component configured to examine the certain data read from the storage device to identify the certain data read from the storage device as stored in either encrypted form or unencrypted form; and
      
      a second component arranged in cooperation with the first component and configured to encrypt the certain data read from the storage device before passage of the certain data to the network if the first component identifies the certain data read from the storage device as stored in unencrypted form.
  - 19. The data processor system of claim 18, wherein the second component is further configured to pass the certain data read from the storage device to the network without further encryption if the first component identifies the certain data read from the storage device as stored in encrypted form.
  - 20. The data processor system of claim 18, wherein the second component is further configured to identify the certain data read from the storage device as either compressed or uncompressed, and wherein the second component is further configured to encrypt the certain data read from the storage device before the certain data is passed to the network if the second component identifies the certain data read from the storage device as compressed.
  - 21. The data processor system of claim 18, wherein the second component is configured to use a native encryption routine to encrypt the certain data read from the storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Original Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Inventors
Wolfe, Andrew, Conte, Thomas Martin
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US14/256,616
Publication Number

US 20150033036A1
Time in Patent Office

564 Days
Field of Search

713/193, 713/150, 713/165, 713/167, 713/189, 726/3, 726/15
US Class Current

1/1
CPC Class Codes

H04L 2209/08   Randomization, e.g. dummy o...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/0631   Substitution permutation ne...

Securing backing storage data passed through a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Securing backing storage data passed through a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links