USRE47324EExpiredUtility

Data encryption systems and methods

57
Assignee: TRANSPACIFIC IP LTDPriority: Sep 22, 2004Filed: Jan 5, 2017Granted: Mar 26, 2019
Est. expirySep 22, 2024(expired)· nominal 20-yr term from priority
Inventors:Bo Wei
G06F 12/1408
57
PatentIndex Score
0
Cited by
92
References
30
Claims

Abstract

Data encryption systems and methods. The system includes a storage device storing data and an encryption/decryption module. The encryption/decryption module randomly generates a device key seed according to the occurrence time of a specific operation or the interval between two specific operations on the storage device, and applies the device key seed to data encryption.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A data encryption system, comprising:
 a storage device adapted to store data D, the storage device including:   an encryption/decryption module adapted to randomly generate a device key seed S d  according to a time interval between two specific operations on the storage device, and adapted to apply the generated device key seed S d  to data encryption of the data D,   wherein the storage device is adapted to randomly generate the device key seed S d  in response to interrupts that notify the storage device of occurrence of the two specific operations.   
     
     
       2. The system of  claim 1 , further A data encryption system, comprising:
 a storage device adapted to store data D, the storage device including:
 an encryption/decryption module adapted to randomly generate a device key seed S d  according to a time interval between two specific operations on the storage device, and adapted to apply the generated device key seed S d  to data encryption of the data D,   wherein the storage device is adapted to randomly generate the device key seed S d  in response to interrupts that notify the storage device of occurrence of the two specific operations, and   
 a host adapted to receive the generated device key seed S d  from the storage device, to generate a host key seed S h , to generate a first key K n  according to the received device key seed S d , to encrypt the generated host key seed S h  using the generated first key K n , and to transmit the encrypted host key seed K n (S h ) to the storage device, 
 wherein the storage device is further adapted to generate the first key K n  according to the device key seed S d , to decrypt the transmitted encrypted host key seed K n (S h ) using the generated first key K n  to obtain the host key seed S h , to generate a second key K n+1  according to the obtained host key seed S h  and the device key seed S d , and to encrypt the data D using the generated second key K n+1 . 
 
     
     
       3. The system of  claim 2  wherein the host is further adapted to receive the encrypted data K n+1 (D) from the storage device, to generate the second key K n+1  according to the host key seed S h  and the device key seed S d , and to decrypt the encrypted data K n+1 (D) using the generated second key K 1+1  to obtain the data D. 
     
     
       4. The system of  claim 1  wherein one of the specific operations is received on the storage device, and corresponds to a control transmission defined by USB (Universal Serial Bus). 
     
     
       5. The system of  claim 4  wherein the control transmission includes at least one of status getting, feature clearing, feature setting, address setting, descriptor getting, descriptor setting, configuration getting, configuration setting, interface getting, interface setting, or frame synchronization. 
     
     
       6. The system of  claim 1  A data encryption system, comprising:
 a storage device adapted to store data D, the storage device including:
 an encryption/decryption module adapted to randomly generate a device key seed S d  according to a time interval between two specific operations on the storage device, and adapted to apply the generated device key seed S d  to data encryption of the data D, 
 wherein the storage device is adapted to:
 randomly generate the device key seed S d  in response to interrupts that notify the storage device of occurrence of the two specific operations, 
 use the device key seed S d  to create a first encryption key, 
 decrypt an encrypted host key seed S h  using the first encryption key, 
 use the host key seed S h  to generate a second encryption key, and 
 encrypt the data D using the second encryption key; 
 
 
 wherein one of the specific operations is received on the storage device, and corresponds to a normal data transmission defined by USB (Universal Serial Bus). 
 
     
     
       7. A data encryption method, comprising:
 randomly generating a device key seed S d  according a time interval between two specific operations on a storage device; and   applying the generated device key seed S d  to data encryption of data D,   wherein the device key seed S d  is said randomly generated in response to interrupts that notify the storage device of occurrence of the two specific operations.   
     
     
       8. The method of  claim 7 , further A data encryption method, comprising:
 randomly generating a device key seed S d  according a time interval between two specific operations on a storage device; and 
 applying the generated device key seed S d  to data encryption of data D, 
 wherein the device key seed S d  is said randomly generated in response to interrupts that notify the storage device of occurrence of the two specific operations; 
 transmitting by the storage device the generated device key seed S d  to a host; 
 receiving by the storage device from the host an encrypted host key seed K n (S h ), wherein S h  is a host key seed generated by the host and K n  is a first key generated by the host according to the device key seed S d  transmitted by the storage device; 
 generating by the storage device the first key K n  according to the device key seed S d ; 
 decrypting by the storage device the received encrypted host key seed K n (S h ) using the generated first key K n  to obtain the host key seed S h ; 
 generating by the storage device a second key K n+1  according to the obtained host key seed S h  and the device key seed S d ; and 
 encrypting by the storage device the data D using the generated second key K n+1 . 
 
     
     
       9. The method of  claim 8 , further comprising:
 transmitting by the storage device the encrypted data K n+1 (D) to the host so as to enable the host to: 
 generate the second key K n+1  according to the host key seed S h  and the device key seed S d  in the host; and 
 decrypt the encrypted data K n+1 (D) using the generated second key K 1+1  to obtain the data D. 
 
     
     
       10. The method of  claim 7  A data encryption method comprising:
 randomly generating a device key seed S d  according a time interval between two specific operations on a storage device, wherein the device key seed S d  is randomly generated in response to interrupts that notify the storage device of occurrence of the two specific operations; 
 using the device key seed S d  to create a first encryption key, 
 decrypting an encrypted host key seed S h  using the first encryption key, 
 using the host key seed S h  to generate a second encryption key, 
 encrypting data using the second encryption key, and 
 transmitting the encrypted data to another device; 
 wherein one of the specific operations is received on the storage device, and corresponds to a control transmission defined by USB (Universal Serial Bus). 
 
     
     
       11. The method of  claim 10  wherein the control transmission includes at least one of status getting, feature clearing, feature setting, address setting, descriptor getting, descriptor setting, configuration getting, configuration setting, interface getting, interface setting, or frame synchronization. 
     
     
       12. The method of  claim 7  wherein one of the specific operations is received on the storage device, and corresponds to a normal data transmission defined by USB (Universal Serial Bus). 
     
     
       13. The system of  claim 1  wherein the encryption/decryption module is further adapted to randomly generate the device key seed S d  according to an occurrence time of one of the specific operations as obtained from a clock. 
     
     
       14. The method of  claim 7 , further comprising randomly generating the device key seed S d  according to an occurrence time of one of the specific operations as obtained from a clock. 
     
     
       15. A tangible non-transitory computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
 randomly generating a device key seed S d  according a time interval between two specific operations on a storage device; and   applying the generated device key seed S d  to data encryption of data D,   wherein the device key seed S d  is said randomly generated in response to interrupts that notify the storage device of occurrence of the two specific operations.   
     
     
       16. The A tangible non-transitory computer-readable medium of  claim 15  wherein the having stored thereon computer-executable instructions that, if executed by the a computing device, cause the computing device to perform the a method that further comprises comprising:
 randomly generating a device key seed S d  according a time interval between two specific operations on a storage device; 
 applying the generated device key seed S d  to data encryption of data D, 
 wherein the device key seed S d  is said randomly generated in response to interrupts that notify the storage device of occurrence of the two specific operations; 
 transmitting by the storage device the generated device key seed S d  to a host; 
 receiving by the storage device from the host an encrypted host key seed K n (S h ), wherein S h  is a host key seed generated by the host and K n  is a first key generated by the host according to the device key seed S d  transmitted by the storage device; 
 generating by the storage device the first key K n  according to the device key seed S d ; 
 decrypting by the storage device the received encrypted host key seed K h (S h ) using the generated first key K n  to obtain the host key seed S h ; 
 generating by the storage device a second key K n+1  according to the obtained host key seed S h  and the device key seed S d ; and 
 encrypting by the storage device the data D using the generated second key K n+1 . 
 
     
     
       17. The tangible non-transitory computer-readable medium of  claim 16  wherein the computer-executable instructions, if executed by the computing device, cause the computing device to perform the method that further comprises:
 transmitting by the storage device the encrypted data K n+1 (D to the host so as to enable the host to:
 generate the second key K n+1  according to the host key seed S h  and the device key seed S d  in the host; and 
 decrypt the encrypted data K n+1 (D) using the generated second key K n+1  to obtain the data D. 
 
 
     
     
       18. A tangible non-transitory computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
 sending by a host a request for data D to a storage device, wherein the storage device randomly generates a device key seed S d  according a time interval between two specific operations on the storage device; 
 receiving by the host the generated device key seed S d ; 
 generating by the host a host key seed S h ; 
 generating by the host a first key K n  according to the received device key seed S d ; 
 encrypting by the host the host key seed S h  using the generated first key K n ; and 
 transmitting by the host the encrypted host key seed K n (S h ) to the storage device to enable the storage device to:
 generate the first key K n  according to the device key seed S d ; 
 decrypt the transmitted encrypted host key seed K n (S h ) using the generated first key K n  to obtain the host key seed S h ; 
 generate a second key K n+1  according to the obtained host key seed S h  and the device key seed S d ; and 
 encrypt the data D using the generated second key K n+1  to obtain encrypted data K n+1 (D). 
 
 
     
     
       19. The tangible non-transitory computer-readable medium of  claim 18  wherein the computer-executable instructions, if executed by the computing device, cause the computing device to perform the method that further comprises:
 receiving by the host the encrypted data K n+1  (D); 
 generating by the host the second key K n+1  according to the host key seed S h  and the device key seed S d ; and 
 decrypting by the host the encrypted data K n+1 (D) using the generated second key K n+1  to obtain the data D. 
 
     
     
       20. The tangible non-transitory computer-readable medium of  claim 18  wherein the device key seed S d  is also randomly generated by the storage device according to an occurrence time of one of the specific operations as notified by an interrupt. 
     
     
       21. A host apparatus, comprising:
 means for sending a request for data D to a storage device, wherein the storage device randomly generates a device key seed S d  according a time interval between two specific operations on the storage device; 
 encryption/decryption means for:
 receiving the generated device key seed S d ; 
 generating a host key seed S h ; 
 generating a first key K n  according to the received device key seed S d ; 
 encrypting the host key seed S h  using the generated first key K n ; and 
 transmitting the encrypted host key seed K n (S h ) to the storage device to enable the storage device to:
 generate the first key K n  according to the device key seed S d ; 
 
 decrypt the transmitted encrypted host key seed K n (S h ) using the generated first key K n  to obtain the host key seed S h ; 
 generate a second key K n+1  according to the obtained host key seed S h  and the device key seed S d ; and 
 encrypt the data D using the generated second key K n+1  to obtain encrypted data K n+1 (D). 
 
 
     
     
       22. The host apparatus of  claim 21  wherein the encryption/decryption means further is for:
 receiving the encrypted data K n+1 (D); 
 generating the second key K n+1  according to the host key seed S h  and the device key seed S d ; and 
 decrypting the encrypted data K n+1 (D) using the generated second key K n+1  to obtain the data D. 
 
     
     
       23. The host apparatus of  claim 21  wherein the device key seed S d  is also randomly generated by the storage device according to an occurrence time of one of the specific operations as notified by an interrupt. 
     
     
       24. A data encryption system, comprising:
 a storage device including:
 an encryption/decryption module adapted to randomly generate a device key seed S d  according to a time interval between two specific operations on the storage device, 
 wherein the storage device is adapted to randomly generate the device key seed S d  in response to interrupts that notify the storage device of occurrence of the two specific operations; and 
   a host adapted to receive the generated device key seed S d  from the storage device, to generate a host key seed S h  to generate a first key K n  according to the received device key seed S d , to encrypt the generated host key seed S h  using the generated first key K n , and to transmit the encrypted host key seed K n (S h ) to the storage device;
 wherein the storage device is further adapted to generate the first key K n  according to the device key seed S d , to decrypt the transmitted encrypted host key seed K n (S h ) using the generated first key K n  to obtain the host key seed S h  to generate a second key K n+1  according to the obtained host key seed S h  and the device key seed S d . 
   
     
     
       25. A data encryption method comprising:
 generating, at a first device, a first seed based at least partly on a time interval between execution of an application and previous receipt of a second seed from a second device;   generating an encryption key based at least partly on the first seed at the first device;   encrypting the first seed at the first device to produce an encrypted first seed;   electronically transmitting the encrypted first seed to the second device to enable the second device to encrypt data for transmission to the first device based at least partly on the first seed;   receiving encrypted data at the first device from the second device; and   decrypting the encrypted data at the first device using the encryption key.   
     
     
       26. The data encryption method of claim 25, wherein the first device is a host and the second device is a storage device. 
     
     
       27. The data encryption method of claim 25, wherein the first device is a computer system and the second device is a mobile device. 
     
     
       28. The data encryption method of claim 25, wherein one or both of the first seed and the second seed are 32 bits. 
     
     
       29. The data encryption method of claim 28, wherein the encryption key has 8m bits, where m is an integer from 1 to 8. 
     
     
       30. The data encryption method of claim 25, wherein said encrypting the first seed comprises using symmetric encryption.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.