Method and apparatus for controlling access to encrypted data
Abstract
A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met, generating the given encryption key and decrypting the given encryption key.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method comprising:
controlling access to encrypted data files, storedstoring, at a memory of a device, the:
(i) encrypted data files categorized according to a plurality of categories, each encrypted data file encrypted using one or more a respective file encryption keys key, each respective file encryption key in a category encrypted using a respective category key respective to the category, the respective category key encrypted using a respective domain master key respective to the category, the respective domain master key available using a system master key, which is in turn encrypted using a processor key stored at a processor of the device, the system master key configured to protect each of the respective domain master keys of each of the plurality of categories; and, (ii) respective access control criteria corresponding to each of the categories, each access control criteria comprising one or more of: the device being turned on; receiving a password at an input device of the device that matches password data stored at the memory; or receiving a personal identification number at the input device that matches data read from an external memory reader of the device;
controlling access to the encrypted data files by:
(i) upon startup of the device, decrypting the system master key using the processor key; and, when
(ii) determining, for each category, whether the corresponding criteria are met;
(iii) in response to determining that the corresponding criteria associated with one of the category categories is met;, one or more of decrypting or generating the respective domain master key;
(iv) decrypting the respective category key using the respective domain master key;
(v) in response to decrypting the respective category key, destroying an unencrypted respective domain master key while retaining the decrypted respective category key; and
(vi) decrypting each of the one or more respective file encryption keys corresponding to the one of the categories, using the respective domain master category key; without the unencrypted domain master keydestroying an unencrypted respective domain master key after the one or more respective file encryption keys are decrypted,
the criteria comprising one or more of: the device being turned on; receiving a password at an input device of the device that matches a password data stored at the memory; or receiving a personal identification number at the input device that matches data read from an external memory reader of the device.
2. The method of claim 1 , wherein each of the plurality of categories is based on one or more of a ranking system, data sensitivity, operational needs of the device, or usability of the device.
3. The method of claim 1 , wherein the encrypted data files are stored in partitions of the memory based on the plurality of categories, each of the partitions comprising one or more of a physical partition of the memory or a virtual partition.
4. The method of claim 1 , wherein:
one of the category comprisesplurality of categories is a start-up category, start-up encrypted data files associated therewith used to start the device when the device is turned on and prior to receiving user input at the input device,
start-upwherein the criteria associated with the start-up category comprising determiningcomprise a determination that the device has been turned on,
wherein the respective domain master domain key comprising is a master start-up domain encryption key,
wherein the respective category key comprisingis a start-up domain encryption key, and
wherein the start-up encrypted data files remaining remain accessible once the master start-up domain encryption key is accessed after one or more of the start-up criteria associated with the start-up category is met, and after the start-up encrypted data files are decrypted using the respective file encryption keys, the respective file encryption keys being decrypted using the start-up domain encryption key.
5. The method of claim 1 , wherein:
one of the category comprisesplurality of categories is an operational category, operational encrypted data files associated therewith used to one or more of: operate the device after the device is turned on; or perform operations at the device; or provide a user with an operational experience at the device;
operationalwherein the criteria associated with the operational category comprisingcomprise:
receivingreceipt of input using anthe input device, that matches one or more of the password data stored at the memory, or the personal identification numberdata read from an external memory received in the external memory reader of the device, wherein the respective domain master domain key comprising is a master operational domain encryption key, wherein the respective category key comprisingis an operational domain encryption key, and
wherein the operational encrypted data files remaining remain accessible once the master operational domain encryption key is accessed after one or more of the operational criteria associated with the operational category is met, and after the operational encrypted data files are decrypted using the respective fil encryption keys, the respective file encryption keys being decrypted using the operational domain encryption key.
6. The method of claim 1 , wherein:
one of the category comprisesplurality of categories is a locked category of locked encrypted data files,
lockedwherein the criteria associated with the locked category comprising: receivingcomprise: receipt of input using the input device, that matches one or more of the password data stored at the memory, or the personal identification numberdata read from an external memory received in the external memory reader of the device,
wherein the respective domain master domain key comprising is a master locked domain encryption key,
wherein the respective category key comprisingis a locked domain encryption key, and
wherein the method further comprising comprises: once the master locked domain encryption key is accessed after one or more of the criteria associated with the locked category is met:
decrypting, using the master locked domain encryption key, at least one of the respective file encryption keys for decrypting the locked encrypted data files; and,
destroying at least one decrypted respective file en encryption key when one or more locking trigger criteria are met such that the locked encrypted data file is no longer accessible until one or more of the criteria associated with the locked criteria category is again met.
7. The method of claim 6 , wherein the locking trigger criteria comprise one or more of:
determining that a time-out period has occurred;
receiving, at the device, a locking command from a server;
receiving a locking command from one of a plurality of applications running at the device;
determining that an external memory has been removed from the external memory reader; or,
determining that the device is being one or more of turned off or powered down.
8. The method of claim 6 , further comprisingone or more of:
controlling one or more applications running at the device to transition to a reduced functionality state once the one or more locking trigger criteria are met; or,
stopping the applications running at the device once the one or more locking trigger criteria are met.
9. A device comprising:
a processor and a memory, the processor configured to storing:
control access to encrypted data, stored at the memory, the(i) encrypted data files categorized according to a plurality of categories, each encrypted data file encrypted using one or morea respective file encryption keyskey, each respective file encryption key in a category encrypted using a respective category key respective to the category, the respective category key encrypted usinausing a respective domain master key respective to the category, the respective domain master key available using a system master key, which is in turn encrypted using a processor key stored at the processor, the system master key configured to protect each of the respective domain master keys of each of the plurality of categories; and,
(ii) respective access control criteria corresponding to each of the categories, each access control criteria comprising one or more of: the device being turned on; receiving a password at an input device of the device that matches password data stored at the memory; or receiving a personal identification number at the input device that matches data read from an external memory reader of the device;
control access to the encrypted data files bya processor configured to:
(i) upon startup of the device, decryptingdecrypt the system master key using the processor key; and, when (ii) determine, for each category, whether the corresponding criteria are met; (iii) in response to determining that the corresponding criteria associated with one of the category categories is met:, one or more of decrypting or generating decrypt or generate the respective domain master key; decrypting(iv) decrypt the respective category key using the respective domain master key; (v) in response to decrypting the respective category key, destroy an unencrypted respective domain master key and retain the decrypted respective category key; and decrypting(vi) decrypt each of the one or more respective file encryption keys corresponding to the one of the categories, using the respective domain mastercategory key;without the unencrypted domain master keydestroying an unencrypted respective domain master key after the one or more respective file encryption keys are decrypted;
the criteria comprising one or more of: the device being turned on; receiving a password at an input device of the device that matches password data stored at the memory; or receiving a personal identification number at the input device that matches data read from a external memory reader of the device.
10. The device of claim 9 , further comprising an input device, wherein:
one of the category comprisesplurality of categories is a start-up category, start-up encrypted data files associated therewith used to start the device when the device is turned on and prior to receiving user input at the input device,
start-upwherein the criteria associated with the start-up category comprising determiningcomprise a determination that the device has been turned on, wherein the respective domain master domain key comprising is a master start-up domain encryption key, wherein the respective category key comprising is a start-up domain encryption key, and
wherein the start-up encrypted data files remaining remain accessible once the master start-up domain encryption key is accessed after one or more of the start-up criteria associated with the start-up category is met, and after the start-up encrypted data files are decrypted using the respective file encryption keys, the respective file encryption keys being decrypted using the start-up domain encryption key.
11. The device of claim 9 , wherein:
one of the category comprisesplurality of categories is an operational category, operational encrypted data files associated therewith used to one or more of: operate the device after the device is turned on; or perform operations at the device; or provide a user with an operational experience at the device,
operationalwherein the criteria associated with the operational category comprisingcomprise: receivingreceipt of input using anthe input device, that matches one or more of the password data stored at the memory, or the personal identification numberdata read from anthe external memory received in the external memory reader of the device, wherein the respective domain master domain key comprising is a master operational domain encryption key, wherein the respective category key comprising is an operational domain encrypted key, and
wherein the operational encrypted data files remainingremain accessible once the master operational domain encryption key is accessed after one or more of the operational criteria associated with the operational criteria is met, and after the operational encrypted data files are decrypted using the respective file encryption keys, the respective file encryption keys being decrypted using the operational domain encryption key.
12. The device of claim 9 , wherein:
one of the category comprisesplurality of categories is a locked category of locked encrypted data files,
lockedwherein the criteria associated with the locked category comprising: receivingcomprise: receipt of input using the input device, that matches one or more of the password data stored at the memory, or the personal identification numberdata read from an external memory received in the external memory readerof the device, wherein the respective master domain key comprising is a master locked domain encryption key, wherein the respective category key comprising is a locked domain encryption key, and
wherein the methodprocessor is further comprisingconfigured to: once the master locked domain encryption key is accessed after one or more of the criteria associated with the locked category is met,
decryptingdecrypt, using the master locked domain encryption key, at least one of the respective file encryption keys for decrypting the locked encrypted data files; and,
destroyingdestroy at least one decrypted respective file en encryption key when one or more locking trigger criteria are met such that the locked encrypted data file is no longer accessible until one or more of the locked criteria associated with the locked category is again met.
13. A non-transitory computer medium storing a computer program code wherein execution of the computer program is for:
controlling access to encrypted data files, storedstoring, at a memory of a device, the:
(i) encrypted data files categorized according to a plurality of categories, each encrypted data file encrypted using one or more a respective file encryption keys key, each respective file encryption key in a category encrypted using a respective category key respective to the category, the respective category key encrypted using a respective domain master key respective to the category, the respective domain master key available using a system master key, which is in turn encrypted using a processor key stored at a processor of the device, the system master key configured to protect each of the respective domain master keys of each of the plurality of categories; and,
(ii) respective access control criteria corresponding to each of the categories, each access control criteria comprising one or more of: the device being turned on; receiving a password at an input device of the device that matches password data stored at the memory; or receiving a personal identification number at the input device that matches data read from an external memory reader of the device;
controlling access to the encrypted data files by:
(i) upon startup of the device, decrypting the system master key using the processor key; and, when
(ii) determining, for each category, whether the corresponding criteria are met;
(iii) in response to determining that the corresponding criteria associated with one of the category categories is met;, one or more of decrypting or generating the respective domain master key;
(iv) decrypting the respective category key using the respective domain master key;
(v) in response to decrypting the respective category key, destroying an unencrypted respective domain master key while retaining the decrypted respective category key; and
(vi) decrypting each of the one or more respective file encryption keys corresponding to the one of the categories, using the respective domain master category key; without the unencrypted domain master keydestroying an unencrypted respective domain master key after the ones or more respective file encryption keys are decrypted,
the criteria comprising one or more of: the device being turned on; receiving a password at an input device of the device that matches password data stored at the memory; or receiving a personal identification number at the input device that matches data read from an external memory reader of the device.
14. The method of claim 1, wherein the system master key one or more of: remains decrypted until the device is turned off; or persists until the device is turned off; and the system master key being otherwise encrypted one or more of: when the device is in an off-state; or prior to an initial boot of the device.
15. The device of claim 9, wherein the system master key one or more of: remains decrypted until the device is turned off; or persists until the device is turned off; and the system master key being otherwise encrypted one or more of: when the device is in an off-state; or prior to an initial boot of the device.
16. The non-transitory computer medium of claim 13, wherein each of the plurality of categories is based on one or more of a ranking system, data sensitivity, operational needs of the device, or usability of the device.
17. The non-transitory computer medium of claim 13, wherein the encrypted data files are stored in partitions of the memory based on the plurality of categories, each of the partitions comprising one or more of a physical partition of the memory or a virtual partition.
18. The non-transitory computer medium of claim 13, wherein: one of the plurality of categories is a start-up category, start-up encrypted data files associated therewith used to start the device when the device is turned on and prior to receiving user input at the input device,
wherein the criteria associated with the start-up category comprise a determination that the device has been turned on, wherein the respective domain master key is a master start-up domain encryption key, wherein the respective category key is a start-up domain encryption key, and wherein the start-up encrypted data files remain accessible once the master start-up domain encryption key is accessed after one or more of the criteria associated with the start-up category is met, and after the start-up encrypted data files are decrypted using the respective file encryption keys, the respective file encryption keys being decrypted using the start-up domain encryption key.
19. The non-transitory computer medium of claim 13, wherein: one of the plurality of categories is an operational category, operational encrypted data files associated therewith used to one or more of: operate the device after the device is turned on; or perform operations at the device,
wherein the criteria associated with the operational category comprise:
receipt of input using an input device, that matches one or more of the password data stored at the memory, or the data read from the external memory reader of the device,
wherein the respective domain master key is a master operational domain encryption key,
wherein the respective category key is an operational domain encryption key, and
wherein the operational encrypted data files remain accessible once the master operational domain encryption key is accessed after one or more of the criteria associated with the operational category is met, and after the operational encrypted data files are decrypted using the respective file encryption keys, the respective file encryption keys being decrypted using the operational domain encryption key.
20. The non-transitory computer medium of claim 13, wherein: one of the plurality of categories is a locked category of locked encrypted data files,
wherein the criteria associated with the locked category comprise: receipt of input using the input device, that matches one or more of the password data stored at the memory, or the data read from the external memory reader of the device, wherein the respective domain master key is a master locked domain encryption key, wherein the respective category key is a locked domain encryption key, and wherein execution of the computer program is for: once the master locked domain encryption key is accessed after one or more of the criteria associated with the locked category is met:
decrypting, using the master locked domain encryption key, at least one of the respective file encryption keys for decrypting the locked encrypted data files; and,
destroying at least one decrypted respective file encryption key when one or more locking trigger criteria are met such that the locked encrypted data file is no longer accessible until one or more of the criteria associated with the locked category is again met.
21. The non-transitory computer medium of claim 20, wherein the locking trigger criteria comprise one or more of:
determining that a time-out period has occurred; receiving, at the device, a locking command from a server; receiving a locking command from one of a plurality of applications running at the device; determining that an external memory has been removed from the external memory reader; or, determining that the device is being one or more of turned off or powered down.
22. The non-transitory computer medium of claim 20, wherein execution of the computer program is for:
controlling one or more applications running at the device to transition to a reduced functionality state once the one or more locking trigger criteria are met.
23. The non-transitory computer medium of claim 13, wherein the system master key one or more of: remains decrypted until the device is turned off; or persists until the device is turned off; and the system master key being otherwise encrypted one or more of: when the device is in an off-state; or prior to an initial boot of the device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.