Content cryptographic firewall system

US 8,464,354 B2
Filed: 05/15/2006
Issued: 06/11/2013
Est. Priority Date: 05/13/2005
Status: Active Grant

First Claim

Patent Images

1. A method of transferring data between a computer and a mobile storage device, the method comprising:

generating a cryptographic key;

generating a security domain secret, the security domain secret being a secret associated with a security domain, the security domain defining a set of objects that are protected by the cryptographic key and a set of computers for accessing the protected objects;

provisioning a mobile storage device as one of the set of objects within the security domain by;

encrypting the cryptographic key using a password and the security domain secret, andstoring the encrypted cryptographic key on the mobile storage device;

provisioning a computer by storing the security domain secret in a memory device on the computer;

coupling the mobile storage device to an interface of the computer; and

performing a data transfer by;

decrypting the cryptographic key with the password and the security domain secret;

performing a cryptographic operation on data using the decrypted cryptographic key; and

transferring the data between the mobile storage device and the computer.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that regulates the various operations between computing stations and storage or content. Any operation that involves or may lead to the exchange or accessing of content (data) between storage or hosting content container and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed/updated upon a computing station for specific User(s) and will regulate the data operations that may take place between the computing stations and storage or content based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied.

70 Citations

View as Search Results

8 Claims

1. A method of transferring data between a computer and a mobile storage device, the method comprising:
- generating a cryptographic key;
  
  generating a security domain secret, the security domain secret being a secret associated with a security domain, the security domain defining a set of objects that are protected by the cryptographic key and a set of computers for accessing the protected objects;
  
  provisioning a mobile storage device as one of the set of objects within the security domain by;
  
  encrypting the cryptographic key using a password and the security domain secret, andstoring the encrypted cryptographic key on the mobile storage device;
  
  provisioning a computer by storing the security domain secret in a memory device on the computer;
  
  coupling the mobile storage device to an interface of the computer; and
  
  performing a data transfer by;
  
  decrypting the cryptographic key with the password and the security domain secret;
  
  performing a cryptographic operation on data using the decrypted cryptographic key; and
  
  transferring the data between the mobile storage device and the computer.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the computer stores a policy, the policy defining a set of allowable operations to be performed by the computer with respect to the mobile storage device.
  - 3. The method of claim 2, wherein the set of operations is selected from the group consisting of read operations and write operations.
  - 4. The method of claim 1, wherein the mobile storage device stores an identifier corresponding to the security domain associated with the mobile storage device, the method further comprising:
    - determining whether the security domain associated with the mobile storage device encompasses the security domain associated with the security domain secret stored on the computer;
      
      allowing the data transfer if the security domain associated with the mobile storage device encompasses a security domain associated with the security domain secret stored on the computer; and
      
      denying the data transfer if the security domain associated with the mobile storage device excludes the security domain associated with the security domain secret stored on the computer.

5. A system for transferring data, the system comprising:
- a mobile storage device, the mobile storage device having stored thereon an encrypted cryptographic key, the encrypted cryptographic key being encrypted with a password and a security domain secret, the security domain secret is a secret associated with a security domain, the security domain defining a set of objects that are protected by the cryptographic key and a set of computers for accessing the protected objects;
  
  a computer having a memory for storing the security domain secret and an interface for coupling to external devices, the computer being configured to;
  
  couple to the mobile storage device at the interface;
  
  transfer data to and from the mobile storage through the interface device by;
  
  decrypting the cryptographic key with the password and the security domain secret;
  
  performing a cryptographic operation on the data using the cryptographic key; and
  
  transferring the data between the mobile storage device and the computer.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein the computer memory stores a policy, the policy defines a set of allowable operations to be performed by the computer with respect to the mobile storage device.
  - 7. The system of claim 6, wherein the set of operations is selected from the group consisting of read operations and write operations.
  - 8. The system of claim 5, wherein the mobile storage device stores an identifier corresponding to the security domain associated with the mobile storage device;
    - and wherein the computer is further configured to;
      
      determine whether the security domain associated with the mobile storage device encompasses a security domain associated with the security domain secret stored on the computer;
      
      allow the data transfer if the security domain associated with the mobile storage device encompasses the security domain associated with the security domain secret stored on the computer; and
      
      deny the data transfer if the security domain associated with the mobile storage device excludes the security domain associated with the security domain secret stored on the computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptomill Incorporated
Original Assignee
Cryptomill Incorporated
Inventors
Teow, Kha Sin, Dainow, Ernest, Nikolaev, Leonid, Thanos, Daniel
Primary Examiner(s)
Darrow, Justin T

Application Number

US11/914,339
Publication Number

US 20100058072A1
Time in Patent Office

2,584 Days
Field of Search

726/9, 726/20, 726/27, 726/28, 726/29, 713/172, 713/176, 713/185, 713/193, 380/270
US Class Current

726/27
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Content cryptographic firewall system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Content cryptographic firewall system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others