Method and system for controlling access to data stored on a data storage device

US 20040030908A1
Filed: 08/08/2002
Published: 02/12/2004
Est. Priority Date: 08/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps:

(a) coupling a token device to the computer system;

(b) activating the computer system;

(c) reading a puzzle stored on the storage device;

(d) transmitting the puzzle to the token device, the token device generating a dynamic key responsive to receipt of the puzzle;

(e) transmitting the dynamic key to a processor of the computer system;

(f) reading an encrypted file key stored on the storage device and transmitting the encrypted file key to the processor;

(g) decrypting the encrypted file key using the dynamic key to generate a clear file key;

(h) storing the clear file key in memory;

(i) generating a subsequent puzzle and storing the subsequent puzzle on the storage device;

(j) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle;

(k) transmitting the subsequent dynamic key to the processor of the computer system and transmitting the clear file key to the processor of the computer system; and

(l) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key and storing the subsequent encrypted file key on the storage device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of data encryption and decryption for controlling access to a data storage device such as a hard disk drive or optical drive is provided. The invented method utilizes data encryption and decryption techniques, combined with a token device, to control access to data stored on the data storage device.

18 Citations

View as Search Results

15 Claims

1. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps:
- (a) coupling a token device to the computer system;
  
  (b) activating the computer system;
  
  (c) reading a puzzle stored on the storage device;
  
  (d) transmitting the puzzle to the token device, the token device generating a dynamic key responsive to receipt of the puzzle;
  
  (e) transmitting the dynamic key to a processor of the computer system;
  
  (f) reading an encrypted file key stored on the storage device and transmitting the encrypted file key to the processor;
  
  (g) decrypting the encrypted file key using the dynamic key to generate a clear file key;
  
  (h) storing the clear file key in memory;
  
  (i) generating a subsequent puzzle and storing the subsequent puzzle on the storage device;
  
  (j) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle;
  
  (k) transmitting the subsequent dynamic key to the processor of the computer system and transmitting the clear file key to the processor of the computer system; and
  
  (l) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key and storing the subsequent encrypted file key on the storage device.

2. The method of 1 wherein a subsequent puzzle and a subsequent dynamic key are generated each subsequent activation of the computer system to generate a subsequent encrypted file key for preventing decryption of the clear file key to prevent access to data stored on the storage device.

3. The method of 1 wherein a unique string of information is stored on the token device and a copy of the unique string of information resides with an administrator, the unique string of information residing with the administrator enabling generation of the dynamic key.
- View Dependent Claims (6)
- - 6. The method of claim 5 wherein if data stored on the storage device becomes inaccessible then providing a method of regaining access to data stored on the storage device comprising the following steps:
    - (1) if the computer system is activated, first deactivating the computer system, then coupling the token device to the computer system, and if the computer system is deactivated, then coupling the token device to the computer system;
      
      (2) activating the computer system;
      
      (3) generating the rescue puzzle and storing the rescue puzzle in the memory of the token device;
      
      (4) generating the clear file key responsive to generation of the rescue puzzle;
      
      (5) transmitting the clear file key to the computer system and storing the clear file key in computer system'"'"'s memory; and
      
      (6) repeating step (f) through step (k) of claim 3 to regain access to data stored on the storage device and to reinstall the method of controlling access to data stored on a storage device in a computer system.

4. The method of 3 wherein if the token device cannot be located, then the method comprising the following steps:
- transmitting the puzzle to the administrator, the administrator selecting a unique string of information corresponding to the puzzle;
  
  generating the dynamic key; and
  
  transmitting the dynamic key to the computer system.

5. A method for installing a method of controlling access to data stored on a storage device in a computer system, the installation method comprising the following steps:
- (a) coupling a token device to the computer system;
  
  (b) activating the computer system;
  
  (c) generating a rescue puzzle and storing the rescue puzzle in a memory of the token device;
  
  (d) generating a clear file key responsive to generation of the rescue puzzle;
  
  (e) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system;
  
  (f) encrypting data stored on the storage device with the clear file key;
  
  (g) generating a first puzzle and storing the first puzzle on the storage device;
  
  (h) transmitting the first puzzle to the token device, the token device generating a first dynamic key responsive to receipt of the first puzzle;
  
  (i) transmitting the clear file key and the first dynamic key to the processor of the computer system;
  
  (j) encrypting the clear file key with the first dynamic key to generate a first encrypted file key; and
  
  (k) storing the first encrypted file key on the storage device.

7. The method of 5 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.

8. A method for installing a method of controlling access to data stored on a storage device in a computer system, the installation method comprising the following steps:
- (a) coupling a token device to the computer system, the token device including a processor and a memory, the processor running a data encryption/decryption program;
  
  (b) activating the computer system;
  
  (c) generating a rescue puzzle and storing the rescue puzzle in the memory of the token device;
  
  (d) generating a clear file key with the token device'"'"'s processor responsive to the token device receiving the rescue puzzle;
  
  (e) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system;
  
  (f) encrypting data stored on the storage device with the clear file key, the clear file key encrypting and decrypting data on the storage device to control access to the data;
  
  (g) generating a first puzzle;
  
  (h) simultaneously transmitting the first puzzle to the token device and storing the first puzzle on the storage device, the token device'"'"'s processor generating a first dynamic key responsive to receipt of the first puzzle;
  
  (i) transmitting the clear file key and the first dynamic key to a processor of the computer system; and
  
  (j) encrypting the clear file key with the first dynamic key to generate a first encrypted file key; and
  
  (k) storing the first encrypted file key on the storage device, the first encrypted file key preventing decryption of the clear file key to prevent access to data encrypted and decrypted by the clear file key.

9. The method of 8 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.

10. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps:
- (a) installing the method on a storage device in the computer system, the installation method comprising the following steps;
  
  (1) coupling a token device to the computer system, the token device including a processor and a memory, (2) activating the computer system;
  
  (3) generating a rescue puzzle and storing the rescue puzzle in the memory of the token device;
  
  (4) generating a clear file key with the token device'"'"'s processor responsive to the token device receiving the rescue puzzle;
  
  (5) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system;
  
  (6) encrypting data stored on the storage device with the clear file key, the clear file key encrypting and decrypting data on the storage device to control access to the data;
  
  (7) generating a first puzzle;
  
  (8) simultaneously transmitting the first puzzle to the token device and storing the first puzzle on the storage device, the token device'"'"'s processor generating a first dynamic key responsive to receipt of the first puzzle;
  
  (9) transmitting the clear file key and the first dynamic key to a processor of the computer system;
  
  (10) encrypting the clear file key with the first dynamic key to generate a first encrypted file key;
  
  (11) storing the first encrypted file key on the storage device, the first encrypted file key preventing decryption of the clear file key to prevent access to data encrypted and decrypted by the clear file key; and
  
  (12) allowing the computer system to complete a boot up process, whereby upon the computer system completing the boot up process access to data stored on the storage device is allowed and whereby when access to data stored on the storage device is no longer desired, the computer system is deactivated and the token device is removed from the computer system; and
  
  (b) controlling access to data stored on a storage device in a computer system comprising the following steps;
  
  (13) coupling the token device to the computer system;
  
  (14) activating the computer system;
  
  (15) reading the first puzzle stored on the storage device;
  
  (16) transmitting the first puzzle to the token device, the token device'"'"'s processor generating the first dynamic key responsive to receipt of the first puzzle;
  
  (17) transmitting the first dynamic key to the computer system'"'"'s processor;
  
  (18) reading the first encrypted file key stored on the storage device and transmitting the first encrypted file key to the computer system'"'"'s processor;
  
  (19) decrypting the first encrypted file key using the first dynamic key to generate the clear file key;
  
  (20) storing the clear file key in the computer system'"'"'s memory, the clear file key encrypting and decrypting data stored on the storage device to control access to the data while the computer system is activated;
  
  (21) generating a subsequent puzzle and storing the subsequent puzzle on the storage device;
  
  (22) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle;
  
  (23) transmitting the clear file key and the subsequent dynamic key to the computer system'"'"'s processor;
  
  (24) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key; and
  
  (25) storing the subsequent encrypted file key on the storage device, whereby storing the subsequent encrypted file key and storing the subsequent puzzle initialize the method for a subsequent activation of the computer.
- View Dependent Claims (11)
- - 11. The method of claim 10 wherein if data stored on the storage device becomes inaccessible then providing a method of regaining access to data stored on the storage device comprising the following steps:
    - (a) if the computer system is activated, first deactivating the computer system, then coupling the token device to the computer system, and if the computer system is deactivated, then coupling the token device to the computer system;
      
      (b) activating the computer system;
      
      (c) generating the rescue puzzle and storing the rescue puzzle in the memory of the token device;
      
      (d) generating the clear file key responsive to generation of the rescue puzzle;
      
      (e) transmitting the clear file key to the computer system and storing the clear file key in computer system'"'"'s memory; and
      
      (f) repeating step (10) through step (12) of claim 8 to regain access to data stored on the storage device and to reinstall the method of controlling access to data stored on a storage device in a computer system.

12. The method of 11 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.

13. The method of 10 wherein a subsequent puzzle and a subsequent dynamic key are generated each subsequent activation of the computer system to generate a subsequent encrypted file key for preventing decryption of the clear file key to prevent access to data stored on the storage device.

14. The method of 10 wherein a unique string of information is stored on the token device and a copy of the unique string of information resides with an administrator, the unique string of information residing with the administrator enabling generation of the dynamic key.

15. The method of 14 wherein if the token device cannot be located, then the method comprising the following steps:
- transmitting the puzzle to the administrator, the administrator selecting a unique string of information corresponding to the puzzle;
  
  generating the dynamic key; and
  
  transmitting the dynamic key to the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authenex Incorporated
Original Assignee
Authenex Incorporated
Inventors
Hon, Henry, Lin, Paul

Granted Patent

US 7,191,344 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2103   Challenge-response

G06F 2221/2153   Using hardware token as a s...

Method and system for controlling access to data stored on a data storage device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling access to data stored on a data storage device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links