Method and system for controlling access to data stored on a data storage device
First Claim
Patent Images
1. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps:
- (a) coupling a token device to the computer system;
(b) activating the computer system;
(c) reading a puzzle stored on the storage device;
(d) transmitting the puzzle to the token device, the token device generating a dynamic key responsive to receipt of the puzzle;
(e) transmitting the dynamic key to a processor of the computer system;
(f) reading an encrypted file key stored on the storage device and transmitting the encrypted file key to the processor;
(g) decrypting the encrypted file key using the dynamic key to generate a clear file key;
(h) storing the clear file key in memory;
(i) generating a subsequent puzzle and storing the subsequent puzzle on the storage device;
(j) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle;
(k) transmitting the subsequent dynamic key to the processor of the computer system and transmitting the clear file key to the processor of the computer system; and
(l) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key and storing the subsequent encrypted file key on the storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of data encryption and decryption for controlling access to a data storage device such as a hard disk drive or optical drive is provided. The invented method utilizes data encryption and decryption techniques, combined with a token device, to control access to data stored on the data storage device.
18 Citations
15 Claims
-
1. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps:
-
(a) coupling a token device to the computer system;
(b) activating the computer system;
(c) reading a puzzle stored on the storage device;
(d) transmitting the puzzle to the token device, the token device generating a dynamic key responsive to receipt of the puzzle;
(e) transmitting the dynamic key to a processor of the computer system;
(f) reading an encrypted file key stored on the storage device and transmitting the encrypted file key to the processor;
(g) decrypting the encrypted file key using the dynamic key to generate a clear file key;
(h) storing the clear file key in memory;
(i) generating a subsequent puzzle and storing the subsequent puzzle on the storage device;
(j) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle;
(k) transmitting the subsequent dynamic key to the processor of the computer system and transmitting the clear file key to the processor of the computer system; and
(l) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key and storing the subsequent encrypted file key on the storage device.
-
-
2. The method of 1 wherein a subsequent puzzle and a subsequent dynamic key are generated each subsequent activation of the computer system to generate a subsequent encrypted file key for preventing decryption of the clear file key to prevent access to data stored on the storage device.
- 3. The method of 1 wherein a unique string of information is stored on the token device and a copy of the unique string of information resides with an administrator, the unique string of information residing with the administrator enabling generation of the dynamic key.
-
4. The method of 3 wherein if the token device cannot be located, then the method comprising the following steps:
-
transmitting the puzzle to the administrator, the administrator selecting a unique string of information corresponding to the puzzle;
generating the dynamic key; and
transmitting the dynamic key to the computer system.
-
-
5. A method for installing a method of controlling access to data stored on a storage device in a computer system, the installation method comprising the following steps:
-
(a) coupling a token device to the computer system;
(b) activating the computer system;
(c) generating a rescue puzzle and storing the rescue puzzle in a memory of the token device;
(d) generating a clear file key responsive to generation of the rescue puzzle;
(e) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system;
(f) encrypting data stored on the storage device with the clear file key;
(g) generating a first puzzle and storing the first puzzle on the storage device;
(h) transmitting the first puzzle to the token device, the token device generating a first dynamic key responsive to receipt of the first puzzle;
(i) transmitting the clear file key and the first dynamic key to the processor of the computer system;
(j) encrypting the clear file key with the first dynamic key to generate a first encrypted file key; and
(k) storing the first encrypted file key on the storage device.
-
-
7. The method of 5 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.
-
8. A method for installing a method of controlling access to data stored on a storage device in a computer system, the installation method comprising the following steps:
-
(a) coupling a token device to the computer system, the token device including a processor and a memory, the processor running a data encryption/decryption program;
(b) activating the computer system;
(c) generating a rescue puzzle and storing the rescue puzzle in the memory of the token device;
(d) generating a clear file key with the token device'"'"'s processor responsive to the token device receiving the rescue puzzle;
(e) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system;
(f) encrypting data stored on the storage device with the clear file key, the clear file key encrypting and decrypting data on the storage device to control access to the data;
(g) generating a first puzzle;
(h) simultaneously transmitting the first puzzle to the token device and storing the first puzzle on the storage device, the token device'"'"'s processor generating a first dynamic key responsive to receipt of the first puzzle;
(i) transmitting the clear file key and the first dynamic key to a processor of the computer system; and
(j) encrypting the clear file key with the first dynamic key to generate a first encrypted file key; and
(k) storing the first encrypted file key on the storage device, the first encrypted file key preventing decryption of the clear file key to prevent access to data encrypted and decrypted by the clear file key.
-
-
9. The method of 8 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.
-
10. A method for controlling access to data stored on a storage device in a computer system, the method comprising the following steps:
-
(a) installing the method on a storage device in the computer system, the installation method comprising the following steps;
(1) coupling a token device to the computer system, the token device including a processor and a memory, (2) activating the computer system;
(3) generating a rescue puzzle and storing the rescue puzzle in the memory of the token device;
(4) generating a clear file key with the token device'"'"'s processor responsive to the token device receiving the rescue puzzle;
(5) transmitting the clear file key to the computer system and storing the clear file key in a memory of the computer system;
(6) encrypting data stored on the storage device with the clear file key, the clear file key encrypting and decrypting data on the storage device to control access to the data;
(7) generating a first puzzle;
(8) simultaneously transmitting the first puzzle to the token device and storing the first puzzle on the storage device, the token device'"'"'s processor generating a first dynamic key responsive to receipt of the first puzzle;
(9) transmitting the clear file key and the first dynamic key to a processor of the computer system;
(10) encrypting the clear file key with the first dynamic key to generate a first encrypted file key;
(11) storing the first encrypted file key on the storage device, the first encrypted file key preventing decryption of the clear file key to prevent access to data encrypted and decrypted by the clear file key; and
(12) allowing the computer system to complete a boot up process, whereby upon the computer system completing the boot up process access to data stored on the storage device is allowed and whereby when access to data stored on the storage device is no longer desired, the computer system is deactivated and the token device is removed from the computer system; and
(b) controlling access to data stored on a storage device in a computer system comprising the following steps;
(13) coupling the token device to the computer system;
(14) activating the computer system;
(15) reading the first puzzle stored on the storage device;
(16) transmitting the first puzzle to the token device, the token device'"'"'s processor generating the first dynamic key responsive to receipt of the first puzzle;
(17) transmitting the first dynamic key to the computer system'"'"'s processor;
(18) reading the first encrypted file key stored on the storage device and transmitting the first encrypted file key to the computer system'"'"'s processor;
(19) decrypting the first encrypted file key using the first dynamic key to generate the clear file key;
(20) storing the clear file key in the computer system'"'"'s memory, the clear file key encrypting and decrypting data stored on the storage device to control access to the data while the computer system is activated;
(21) generating a subsequent puzzle and storing the subsequent puzzle on the storage device;
(22) transmitting the subsequent puzzle to the token device, the token device generating a subsequent dynamic key responsive to receipt of the subsequent puzzle;
(23) transmitting the clear file key and the subsequent dynamic key to the computer system'"'"'s processor;
(24) encrypting the clear file key with the subsequent dynamic key to generate a subsequent encrypted file key; and
(25) storing the subsequent encrypted file key on the storage device, whereby storing the subsequent encrypted file key and storing the subsequent puzzle initialize the method for a subsequent activation of the computer. - View Dependent Claims (11)
-
-
12. The method of 11 wherein the rescue puzzle is stored in a portion of the memory of the token device configured to maintain data when power is not supplied to the token device.
-
13. The method of 10 wherein a subsequent puzzle and a subsequent dynamic key are generated each subsequent activation of the computer system to generate a subsequent encrypted file key for preventing decryption of the clear file key to prevent access to data stored on the storage device.
-
14. The method of 10 wherein a unique string of information is stored on the token device and a copy of the unique string of information resides with an administrator, the unique string of information residing with the administrator enabling generation of the dynamic key.
-
15. The method of 14 wherein if the token device cannot be located, then the method comprising the following steps:
-
transmitting the puzzle to the administrator, the administrator selecting a unique string of information corresponding to the puzzle;
generating the dynamic key; and
transmitting the dynamic key to the computer system.
-
Specification