DATA SECURITY
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.
8 Citations
53 Claims
-
1-31. -31. (canceled)
-
32. A method comprising:
-
requesting, at a system, at least one encryption key from a remote authority located in a remote server over a communication network, the at least one encryption key being generated and permitted by the remote authority, the system being geographically remote from and communicatively coupled to the remote authority in the remote server; performing, at the system, a cryptographic operation on data using the at least one encryption key, the cryptographic operation being performed in response, at least in part, to a request to store the data in storage of the system or to retrieve data from the storage; periodically requesting, at the system, that the remote authority indicate whether the at least one encryption key has been revoked; subsequent to receiving, from the remote authority, an indication of revoking the at least one encryption key, not performing, at the system, the cryptographic operation on data using the at least one encryption key; prior to performing the cryptographic operation, determining whether the system is able to communicate with the remote authority; if the system is able to communicate with the remote authority, requesting by the system, permission from the remote authority to use the at least one encryption key; and if the system is unable to communicate with the remote authority, determining by the system whether to permit the cryptographic operation. - View Dependent Claims (33, 34, 35, 36)
-
-
37. An apparatus comprising:
-
a first circuitry to request at least one encryption key from a remote authority located in a remote server over a communication network, the at least one encryption key being generated and permitted by the remote authority, the first circuitry being geographically remote from and communicatively coupled to the remote authority in the remote server; a second circuitry to perform a cryptographic operation on data using the at least one encryption key, the cryptographic operation being performed in response, at least in part, to a request to store the data in local storage or to retrieve data from the local storage; and a third circuitry to periodically request that the remote authority indicate whether the at least one encryption key has been revoked; wherein; subsequent to receipt, from the remote authority, an indication of revoking the at least one encryption key, the second circuitry to not perform, at the apparatus, the cryptographic operation on data using the at least one encryption key; prior to performance of the cryptographic operation, the apparatus to determine whether the apparatus is able to communicate with the remote authority; if the apparatus is able to communicate with the remote authority, the apparatus to request, permission from the remote authority to use the at least one encryption key; and if the apparatus is unable to communicate with the remote authority, the apparatus to determine whether to permit the cryptographic operation. - View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. A system comprising:
-
a storage device; a first circuitry to request at least one encryption key from a remote authority located in a remote server over a communication network, the at least one key being generated and permitted for use by the remote authority, the first circuitry being geographically remote from and communicatively coupled to the remote authority in the remote server; a second circuitry to perform a cryptographic operation on data using the at least one encryption key, the cryptographic operation being performed in response, at least in part, to a request to store the data in the storage device or to retrieve data from the storage device; and a third circuitry to periodically request that the remote authority indicate whether the at least one encryption key has been revoked; wherein; subsequent to receipt, from the remote authority, an indication of revoking the at least one encryption key, the second circuitry to not perform, at the system, the cryptographic operation on data using the at least one encryption key; prior to performance of the cryptographic operation, the system to determine whether the system is able to communicate with the remote authority; if the system is able to communicate with the remote authority, the system to request permission from the remote authority to use the at least one encryption key; and if the system is unable to communicate with the remote authority, the system to determine whether to permit the cryptographic operation. - View Dependent Claims (44, 45, 46, 47, 48)
-
-
49. At least one non-transitory computer-readable storage medium having stored thereon data representing sequences of instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
requesting, at a system, at least one encryption key from a remote authority located in a remote server over a communication network, the at least one encryption key being generated and permitted by the remote authority, the system being geographically remote from and communicatively coupled to the remote authority in the remote server; performing, at the system, a cryptographic operation on data using the at least one encryption key, the cryptographic operation being performed in response, at least in part, to a request to store the data in storage of the system or to retrieve data from the storage; periodically requesting, at the system, that the remote authority indicate whether the at least one encryption key has been revoked; subsequent to receiving, from the remote authority, an indication of revoking the at least one encryption key, not performing, at the system, the cryptographic operation on data using the at least one encryption key; prior to performing the cryptographic operation, determining whether the system is able to communicate with the remote authority; if the system is able to communicate with the remote authority, requesting by the system, permission from the remote authority to use the at least one encryption key; and if the system is unable to communicate with the remote authority, determining by the system whether to permit the cryptographic operation. - View Dependent Claims (50, 51, 52, 53)
-
Specification