WO2006002564A1 - Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys - Google Patents
Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys Download PDFInfo
- Publication number
- WO2006002564A1 WO2006002564A1 PCT/CH2005/000363 CH2005000363W WO2006002564A1 WO 2006002564 A1 WO2006002564 A1 WO 2006002564A1 CH 2005000363 W CH2005000363 W CH 2005000363W WO 2006002564 A1 WO2006002564 A1 WO 2006002564A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- data
- case
- station
- securing means
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000013467 fragmentation Methods 0.000 title description 3
- 238000006062 fragmentation reaction Methods 0.000 title description 3
- 230000005540 biological transmission Effects 0.000 claims description 13
- 238000004891 communication Methods 0.000 claims description 7
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 241001441724 Tetraodontidae Species 0.000 claims description 3
- 238000013475 authorization Methods 0.000 claims description 3
- 239000012634 fragment Substances 0.000 description 30
- 238000010586 diagram Methods 0.000 description 12
- 230000008901 benefit Effects 0.000 description 5
- 230000000903 blocking effect Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- NSMXQKNUPPXBRG-SECBINFHSA-N (R)-lisofylline Chemical compound O=C1N(CCCC[C@H](O)C)C(=O)N(C)C2=C1N(C)C=N2 NSMXQKNUPPXBRG-SECBINFHSA-N 0.000 description 1
- 235000001270 Allium sibiricum Nutrition 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 150000001768 cations Chemical class 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 229920000136 polysorbate Polymers 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Definitions
- the invention relates to a method for data archiving with automatic en- and decryption according to the preamble of claim 1.
- the invention further relates to a system for data archiving with automatic en- and de ⁇ cryption according to the preamble of claim 29 and to a securing means.
- archiving in the present document is to be understood such that it covers the storing in an archive as well as the retrieval from an archive.
- Methods and systems of this kind serve for archiving data of one or several client stations on an archive station.
- Archiving of data on a central archive station has the advantage of a better security regarding data loss and data theft.
- An archive station can be in ⁇ stalled in an especially secured room, which is not al ⁇ ways possible at client- or workstations. Further it is easier to make backup copies of the stored data of the archive station on a regular basis, than of a plurality of client stations.
- a central archiving comes with the requirement that the data has to be transferred between the client stations and the archive station and that dif ⁇ ferent customers or users share the archive station. This requires special security provisions.
- Passwords have the disadvantage that they can ⁇ >e forgotten, exchanged -or written-down by the user -and than be stolen. The same applies for encryption hard- and software. It can be stolen as well or at least the docu ⁇ mentation necessary for a reproduction can be stolen. Therefore it is often relatively easy for hackers to ac ⁇ cess the archived data.
- a further weakness are the oper ⁇ ating systems of client and archive station, which have generally a plurality of security holes.
- for installation and use i.e. in particu ⁇ lar the archiving of data, often a plurality of user in ⁇ teractions are necessary, which costs working time and increases the fault frequency. The requirements user- friendliness, reliability and security are achieved at the known systems only imperfect or unbalanced.
- WO 2004/046899 describes a method for storing music data of an MP3 player on a PC.
- This document men ⁇ tions to use a seed within the header of the data and the number stored in the header serves for identification of the data and is not a key. No separate storing of data and seeds is provided.
- the source and the final location contain non encrypted data, so encryption is used only for transmission.
- the key is newly generated for each transmission and stored parallel with the data.
- the key has two parts, a constant and a variable.
- the variable is generated for each transmission and transmitted within the header of the data but the key is not transmitted.
- the receiver takes the variable from the head and gener ⁇ ates the key from the variable and the constant. When data have arrived a the final location they are not en- crypted and can be used several times.
- US-A 5 940 507 shows a method where the source con ⁇ tains non encrypted data and the destination contains en ⁇ crypted data.
- the transmitter of the source encrypts data with a key that is itself-encrypted.
- safe encrypted data and the encrypted key is stored in paral- IeI. If a third person wants to read the stored data from the safe an authorising key is needed that is given only by the transmitter. With this special key first the en ⁇ crypted key is decrypted an afterward the data are de ⁇ crypted with this key. There is no third key nor is there a safeguard against reading of the first key from the lo ⁇ cation.
- the present invention has is concerned with a method and system where the source (client) contains non encrypted data and the final location (server) contains the encrypted data only. On their way from the source to the final location the data are encrypted and vice versa.
- the securing device preferably a separate physical unit, is needed for handling the keys.
- the user enters a password or certifi ⁇ cate. This password or certificate is fragmented by the securing device or means, at least into two parts or fragments or keys, respectively, and preferably into three parts/fragments/keys. Analysing these fragments will not lead back to the password/certificate.
- a frag ⁇ ment itself is not a functional element alone and thus not a "key” in the classical sense and is not useful alone. Nevertheless, as the description proceeds, the ex ⁇ pression "key” or “keyfragments” will be used for the parts/fragments as well.
- the fragment itself can be en ⁇ crypted.
- the source is connected to the final location and the keyfragments are dispatched.
- One fragment is stored parallel to the final location, one fragment is stored parallel with the source and optionally a third fragment is stored in a secure part of the securing means or securing box, respectively. Fragmentation has the re ⁇ sult that only in case of a correct connection from source to final location the dispatched fragments can be read.
- a non original or manipulated connection can be de- tected and reading of the fragments can be blocked. If the source and/or the final location can not be reached by the securing means it is not possible to read the fragments.
- the securing means denies service.
- the optional third fragment stored in the securing device or means, respectively, serves on the one hand for protec ⁇ tion against manipulation of the securing means and for a further control of the correct connection of source an final location, in particular in case of theft.
- data are trans ⁇ ferred from source to final location via the securing de ⁇ vice and are encrypted thereby and decrypted in the oppo- site direction.
- the key needed for encryption/decryption is collected beforehand in form of its fragments from the different locations of these fragments and by putting the fragments together. This happens for each transaction of data (from source to final location and back) each time anew.
- the data in the source may be deleted after trans ⁇ mission to the final location, so that only the encrypted data in the final location are accessible when the con ⁇ nection from source to ⁇ final location -is- -correctly estab ⁇ lished and the outsourced/dispatched fragments form to- gether again a correct full key.
- the present in ⁇ vention and its preferred embodiments provides a securing means, preferably as physically separate box, which se ⁇ curing means is necessary for the transmission of data from source to final location.
- the securing means en ⁇ crypts and decrypts the data passing through it.
- the se ⁇ curing means fragments the password/certificate and dis ⁇ patched/outsources the fragments (within the source, the final location and optionally the securing means itself) .
- the securing means checks the validity and integrity of the connection of source and final location by checking the dispatched/outsourced fragments .
- the securing means validates itself by the optional third fragment stored therein.
- the method and the system and the securing means according to the invention and its preferred em- bodiments has the advantage of security and control.
- the path between source and final location is protected.
- a theft of the securing means and its operation at another physical location is detected and operation can thus be denied.
- By the dispatchment/outsourcing of the fragments it is possible that the user on both sides (source and final location) can interrupt operation at any time by blocking or removing the respective fragment. Only by successful restoration of the 2 to 3 fragments is it pos- sible to get a valid key.
- the fragment within the secu ⁇ rity box validates the internal "intelligence" of the se ⁇ curity means.
- Fig. 1 a block diagram of a preferred embodi ⁇ ment of a system for archiving data based on the method according to the invention
- Fig. 2a a flow diagram of a method for stor ⁇ ing data to be performed in the system of fig. 1,
- Fig. 2b a flow diagram of a method for re ⁇ trieving data to be performed in the system of fig. 1
- Fig. 3 a block diagram of a further preferred embodiment of a system for archiving data based on the method according to the invention
- Fig.4a a flow diagram of a method for storing data to be performed in the system of fig. 3
- Fig. 4b a flow diagram of a method for re ⁇ trieving data to be performed in the system of fig. 3.
- Fig. 1 shows a block diagram of a preferred embodiment of a system for archiving of data 9, 10 based on the method according to the invention.
- client stations 1 are provided. On these plain, i.e. unencrypted, data 9 is stored. Further, for each client station 1 a securing means 2 is provided.
- the securing means 2 serves for en- and decrypting of data 9, 10. For this, it comprises at least a first key 6 and temporarily a second key 7 or fragments 6,7.
- the se ⁇ curing means 2 communica-fee with the ⁇ archi-ve station 4 over the network 3.
- the en- crypted data 10 are stored in a data storage 11. Further the second keys 7, which belong in each case to the en ⁇ crypted data 10, are stored in a key storage 12.
- the data 9, 10 can occur as plain data 9, as well as as encrypted data 10, i.e. in particular be stored and/or be transmitted. If the term "data” is used in the present document without the attribute "plain” or “encrypted”, the information content of the data 9, 10 is meant, independent of the encryption state.
- the encrypted data 10 which belong to particular plain data 9 are, ac- cording to this interpretation instruction, the same data 9, 10.
- the combination of reference numerals "9, 10" is to be understood such that the data 9, 10 can occur gen ⁇ erally both plain and encrypted, however, in the particu ⁇ lar context, also only one can apply.
- the methods described in the following refer ⁇ ring to fig. 2a and 2b constitute together, i.e.
- FIG. 2a shows a flow diagram of a method for storing data 9, 10 to be performed in the system of fig. 1.
- the plain data 9 is at first transmitted from the client station 1 to the securing means 2.
- the securing means 2 generates then, or already at an earlier point in time, a new second key 7.
- the plain data 9 are encrypted by the securing means 2 at least with the first key 6 or fragment 6, respectively, and the second key 7 and afterwards transmitted as en ⁇ crypted data 10 to the archive station 4 (final loca ⁇ tion) .
- the second key 7 or fragment 7, respectively, is also transmitted to the archive station 4 and is then erased locally, i.e. in the securing means 2.
- the trans ⁇ mission of the second key 7 can be carried out together with the encrypted data 10, for example in the header of a file.
- Fig. 2b shows a flow diagram of a method for retrieving data 9, 10 to be performed in the system of fig. 1.
- the client station 1 requests data 9, 10 at the archive station 2 which then becomes the source instead of the final location.
- the requested data 9, 10 are transmitted as encrypted data 10 by the archive sta- tion 4 together with the thereto belonging second key 7 to the securing means 2, are there decrypted using the first and the second key 6, 7 and thereafter transmitted as plain data 9 to the client station 1.
- the second key 7 is erased again in the securing means 2.
- Fig. 3 shows a block diagram of a further preferred embodiment of the system for archiving of data 9, 10 based on the method according to the invention. In contrast to the system of fig.
- a third key 8 is pro ⁇ vided. In each case, between en- and decryption, this third key 8 is swapped out to the client station 1.
- the client station 1 comprises preferably a key storage 13.
- three different connection configurations 15, 16, 17, each for a client station 1 and a securing means 2 belonging thereto, are shown.
- the first configuration 15 corresponds to the so ⁇ lution of fig. 1.
- the securing means 2 is connected be ⁇ tween client station 1 and archive station 4.
- the client station 1 is connected directly to the network 3.
- the securing means 2 is con ⁇ nected to the client station 1 and communicates indi ⁇ rectly through it with the archive station 4.
- a client station 1 is connected to the securing means 2 via a local network 18.
- Fig. 4a shows a flow diagram of a method for staring—data -9 ⁇ 10 to be-performed in the—s-yc-ts ⁇ i of fig. 3.
- the secur ⁇ ing means 2 generates then, or already at an earlier point in time, a new second and a new third key 7, 8.
- the securing means 2 encrypts the plain data 9 at least with the first key 6, the second key 7 and the third key 8 and then transmits them to the archive station 4.
- the second key 7 is also transmitted to the archive station 4.
- the third key 8 is transmitted to the client station 1. Af ⁇ terwards, the second, as well as the third key 7, 8 are deleted locally, i.e. in the securing means 2.
- the trans- mission of the second key 7 can be carried out together with the data 9, 10, for example in the header of a file.
- Fig. 4b shows a flow diagram of a method for retrieving data 9, 10 to be performed in the system of fig. 3.
- the client station 1 transmits the third key 8 to the securing means 2. Afterwards or simultaneously it re ⁇ quests data 9, 10 at the archive station 2.
- the requested data 9, 10 are transmitted from the archive station 4 to the securing means 2 as encrypted data 10 together with the second key 7 belonging thereto, are there decrypted using the three keys 6, 7, 8 and are then transmitted as plain data 9 to the client station 1.
- the second and the third key 7, 8 is deleted in the securing means 2.
- the length .of the keys 6, 7 and, as the case may be, 8 can for example be 1024, 2048 or 4096 bit.
- each of the keys 6, 7 and, as the case may be, 8 should have a length of at least 100 bit.
- the fist key 6 is preferably constant, i.e. it is preferably generated using a random generator and stored during production or initial operation of the se ⁇ curing means 2.
- a copy of the first key 6 can be kept outside of the system, for example by the operator of the archive in a safe, in order to be able to manufacture with it a replacement device in case of a loss or break ⁇ down of the securing means 2.
- the securing means 2 is preferably designed such that the first key 6 can be stored, but cannot be retrieved or can only be retrieved once. It's a kind of "device key” or “private key”, how ⁇ ever not in the sense that there would be a corresponding "public key” to it.
- the second key 7 is preferably regenerated before each data archiving, preferably in the securing means using a random generator. In doing so, all data or files transmitted within one archiving, i.e. transmitted substantially together, are encrypted with the same sec- ond key 7. However, it is also possible to generate a new second key 7, in each case, for each file or group of files and to swap it out after the use. Further it is possible to provide only one constant second key 7, which is for example swapped out to the archive station 4 and which, in each case, is transmitted to the securing means 2 before encryptions. In the embodiments of fig. 1 and fig. 3 the second key 7 is swapped out to the archive station 4 and is in particular transmitted there and transmitted back from there together with the encrypted data 10. In this context, the second key 7 can also be called "data accompanying key" due to its function.
- the third key 8 is,—as -far-as -such- a -key is used, also newly generated preferably in the securing means 2 by use of a random generator, preferably before each data archiving. In this process, for each file or each group of files transmitted together, in each case, a new third key 8 can be generated. In the embodiment of Fig. 3 the third key 8 is swapped out to the client sta- tion 1. In order to retrieve data from the archive, the third key 8 is transmitted back to the securing means 2. In this context, due to its function, it can also be called "data retrieval key".
- third key 7, 8 is gener ⁇ ated newly in each case, there are several second and, as the case may be, third keys 7, 8.
- the communication between the securing means 2 and, as the case may be, the client stations 1, and the archive station 4 is carried out preferably over a net ⁇ work 3.
- a net ⁇ work 3 This can be in particular a wide area network, i.e. WAN, such that a "remote data archiving" is possi ⁇ ble.
- the network 3 can in particular be a public data network, for example the internet. It can further be a network which complies with the Ethernet standard and/or be a virtual private network and/or be designed for re- mote access according to the standard RAS, i.e. remote access service.
- the communication between the client station 1 and the securing means 2 and the communication between the securing means 2 and the archive station 4 can, in a special embodiment, also be carried out over the same network.
- the securing means 2 is preferably a physical unit. It can be a "box" with connectors for a network and/or a computer. In particular it can be a PC card, i.e. a credit card size extension board for computers with PCMCIA-socket (personal computer memory card inter- _j ⁇ a ⁇ xinal-associ-at-ior.) or a USB-device, i.-e. a -device- ac ⁇ cording to the USB-standard (universal serial bus) .
- the blank data 9 on the client station 1 can in particular be in the form of a file or several files.
- the client station 1 is usually a client com ⁇ puter. However, it can also be a server computer " or an embedded system. The method according to the invention can be carried out with one client station 1 only, how ⁇ ever in most cases several client stations 1 will be pro ⁇ vided.
- the client stations 1 can be different regarding hardware and software.
- the client station 1 and the archive station 4 are the same computer.
- the archive station 4 it is important that it is checked by the archive station 4, if a client station 1 or its securing means 2 is authorized to receive the requested data and the second key 7 which belongs to it.
- a trans- mission is only carried out if such an authorization is present.
- the archive station 4 is usually a server or consists of several servers, i.e. computers providing services.
- a first and a second server can be provided, wherein encrypted data 10 are stored on the first server and the second keys 7 belonging thereto are stored on a second server.
- the second keys 7 can also be stored on one or several special hardware mod- ules, in particular on a PCI-Adapter. This has the advan ⁇ tage that for blocking of encrypted data 10 on the ar ⁇ chive station 2 simply the hardware module has to be re ⁇ moved.
- the second keys 7 can be stored encrypted on the archive station 4.
- the archive sta- tion 4 comprises preferably for backup of the stored data, i.e. in particular of the encrypted data 10 and/or of the second keys 7, a storage unit 14 for redundant -data stcr-i-ng, i. ⁇ -.—-a -backupTMs-ystem, -in -particular a tape deck, a disk-array or a CD- or DVD-writer.
- the stored data of the archive station 4 is preferably saved in regular intervals, for example daily, on the storage unit 14.
- the archive station 4 is preferably arranged in a protected room, in particular in a bunker or in an under ⁇ ground shelter.
- a blocking of encrypted data 10 is preferably carried out by removing the second key 7 or second keys 7 from the system, for example by removing the key store as hardware module, as already described above, or by copying the second keys 7 to a data carrier and deleting them in the archive station 4. Though the encrypted data 10 can then be retrieved, they cannot be decrypted. For unblocking the second keys 7 are copied back to the archive station 4 again.
- This procedure has, among other things, the ad ⁇ vantage that the access to the data can be blocked and unblocked without using corresponding functions of the operating system, the security of which, for the most part, cannot be verified.
- the blocking of the encrypted data 10 can alternatively be carried out by erasing of the second keys 7 in the archive station 4 or by erasing of the third keys 8 in the client station 1 or by performing both.
- deleting keys or removing keys from the system such as described in this document, it is to be regarded that the data is actually physically erased and no temporary files or restorable files remain. Further the transmission path should not have a memory, i.e. the information stored in intermediate stations or network nodes, for example for buffering, should be deleted after the transmission.
- first and a second key 6, 7 is provided, wherein the first key 6 is a v device key" or “private key” and is not swapped out.
- This first key 6 can also be omitted, if a secret algorithm or an algo ⁇ rithm modified with secret parameters is used as a re- placement for it.
- the system for performing the method accord ⁇ ing to the invention is preferably configured such that the data encryption is carried out fully automatically in the background and no user input and in particular no password inputs are necessary.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007519590A JP4801059B2 (en) | 2004-07-01 | 2005-06-30 | Method, system and security means for data archiving with automatic encryption and decryption by key fragmentation |
AT05751914T ATE526621T1 (en) | 2004-07-01 | 2005-06-30 | METHOD, SYSTEM AND SECURITY MEANS FOR DATA ARCHIVING WITH AUTOMATIC ENCRYPTION AND DECRYPTION BY FRAGMENTATION OF KEYS |
EP05751914A EP1766492B1 (en) | 2004-07-01 | 2005-06-30 | Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys |
US11/631,237 US8098819B2 (en) | 2004-07-01 | 2005-06-30 | Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP04015475.9 | 2004-07-01 | ||
EP04015475A EP1612636A1 (en) | 2004-07-01 | 2004-07-01 | Method for archiving data with automatic encryption and decryption |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006002564A1 true WO2006002564A1 (en) | 2006-01-12 |
Family
ID=34925571
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CH2005/000363 WO2006002564A1 (en) | 2004-07-01 | 2005-06-30 | Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys |
Country Status (6)
Country | Link |
---|---|
US (1) | US8098819B2 (en) |
EP (2) | EP1612636A1 (en) |
JP (1) | JP4801059B2 (en) |
CN (1) | CN100530029C (en) |
AT (1) | ATE526621T1 (en) |
WO (1) | WO2006002564A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009087183A (en) * | 2007-10-02 | 2009-04-23 | Nippon Telegr & Teleph Corp <Ntt> | Security method for information recording medium, information processing device, program and recording medium |
JP2009104575A (en) * | 2007-10-02 | 2009-05-14 | Nippon Telegr & Teleph Corp <Ntt> | Security method for information recording medium, information processor, program and recording medium |
Families Citing this family (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7809687B2 (en) * | 2006-08-04 | 2010-10-05 | Apple Inc. | Searching a backup archive |
US8166415B2 (en) | 2006-08-04 | 2012-04-24 | Apple Inc. | User interface for backup management |
US8370853B2 (en) | 2006-08-04 | 2013-02-05 | Apple Inc. | Event notification management |
US8311988B2 (en) | 2006-08-04 | 2012-11-13 | Apple Inc. | Consistent back up of electronic information |
US7860839B2 (en) | 2006-08-04 | 2010-12-28 | Apple Inc. | Application-based backup-restore of electronic information |
US9009115B2 (en) | 2006-08-04 | 2015-04-14 | Apple Inc. | Restoring electronic information |
US7809688B2 (en) | 2006-08-04 | 2010-10-05 | Apple Inc. | Managing backup of content |
US7853567B2 (en) | 2006-08-04 | 2010-12-14 | Apple Inc. | Conflict resolution in recovery of electronic data |
US7853566B2 (en) | 2006-08-04 | 2010-12-14 | Apple Inc. | Navigation of electronic backups |
US7856424B2 (en) | 2006-08-04 | 2010-12-21 | Apple Inc. | User interface for backup management |
US8397083B1 (en) * | 2006-08-23 | 2013-03-12 | Netapp, Inc. | System and method for efficiently deleting a file from secure storage served by a storage system |
JP2008152549A (en) * | 2006-12-18 | 2008-07-03 | Spansion Llc | Memory device, and password storage method for memory device |
US8745523B2 (en) | 2007-06-08 | 2014-06-03 | Apple Inc. | Deletion in electronic backups |
US8429425B2 (en) * | 2007-06-08 | 2013-04-23 | Apple Inc. | Electronic backup and restoration of encrypted data |
US20080307017A1 (en) | 2007-06-08 | 2008-12-11 | Apple Inc. | Searching and Restoring of Backups |
US8010900B2 (en) | 2007-06-08 | 2011-08-30 | Apple Inc. | User interface for electronic backup |
US8725965B2 (en) | 2007-06-08 | 2014-05-13 | Apple Inc. | System setup for electronic backup |
US8099392B2 (en) * | 2007-06-08 | 2012-01-17 | Apple Inc. | Electronic backup of applications |
US8307004B2 (en) | 2007-06-08 | 2012-11-06 | Apple Inc. | Manipulating electronic backups |
US8468136B2 (en) | 2007-06-08 | 2013-06-18 | Apple Inc. | Efficient data backup |
AT504798B1 (en) * | 2007-10-24 | 2008-08-15 | Data Noah Gmbh | METHOD AND DEVICE FOR SELF-CREATING BACKUP COPIES |
JP2011004385A (en) * | 2009-03-16 | 2011-01-06 | Ricoh Co Ltd | Information processing apparatus, mutual authentication method, mutual authentication program, information processing system, information processing method, information processing program, and recording medium |
US8138417B2 (en) * | 2009-03-24 | 2012-03-20 | Leach Dana N | Underground storage of operational electronic equipment |
US8605955B2 (en) | 2009-06-29 | 2013-12-10 | DigitalOptics Corporation Europe Limited | Methods and apparatuses for half-face detection |
WO2011024298A1 (en) * | 2009-08-28 | 2011-03-03 | リプレックス株式会社 | Service system |
JP5513255B2 (en) * | 2010-05-20 | 2014-06-04 | 日本電信電話株式会社 | Proxy signature system and method |
CN102291370A (en) * | 2010-06-21 | 2011-12-21 | 中国银联股份有限公司 | Security information interaction system and method |
US8943026B2 (en) | 2011-01-14 | 2015-01-27 | Apple Inc. | Visual representation of a local backup |
US8984029B2 (en) | 2011-01-14 | 2015-03-17 | Apple Inc. | File system management |
US8917872B2 (en) | 2011-07-06 | 2014-12-23 | Hewlett-Packard Development Company, L.P. | Encryption key storage with key fragment stores |
JP2012100352A (en) * | 2012-02-09 | 2012-05-24 | Ripplex Inc | Service system |
LU91969B1 (en) * | 2012-04-02 | 2013-10-03 | Stealth Software Ip S A R L | Binary data store |
LU91968B1 (en) * | 2012-04-02 | 2013-10-03 | Stealth Software Ip S A R L | Binary data store |
EP2648361A1 (en) | 2012-04-02 | 2013-10-09 | Stealth Software IP S.a.r.l. | Binary data store |
US9582671B2 (en) * | 2014-03-06 | 2017-02-28 | Sensity Systems Inc. | Security and data privacy for lighting sensory networks |
GB2511779A (en) * | 2013-03-13 | 2014-09-17 | Knightsbridge Portable Comm Sp | Data Security Device |
US20160292447A1 (en) * | 2015-04-06 | 2016-10-06 | Lawlitt Life Solutions, LLC | Multi-layered encryption |
CN113642028B (en) * | 2021-10-12 | 2022-02-01 | 深圳市诚识科技有限公司 | Trade data system for interfacing different data types and finishing filing and dividing |
CN114584969B (en) * | 2022-05-09 | 2023-06-20 | 成都信息工程大学 | Information processing method and device based on associated encryption |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4015475A (en) | 1974-12-10 | 1977-04-05 | Hoesch Werke Aktiengesellschaft | Method of and device for stripping off a lost measuring head detachably placed upon a measuring lance |
US5802175A (en) * | 1996-09-18 | 1998-09-01 | Kara; Salim G. | Computer file backup encryption system and method |
US5940507A (en) * | 1997-02-11 | 1999-08-17 | Connected Corporation | Secure file archive through encryption key management |
DE19960977A1 (en) * | 1998-12-23 | 2000-07-06 | Ibm | Data achiving system with access check on data recall, has third party acting as manager |
US6134660A (en) * | 1997-06-30 | 2000-10-17 | Telcordia Technologies, Inc. | Method for revoking computer backup files using cryptographic techniques |
WO2004046899A2 (en) * | 2002-11-15 | 2004-06-03 | Koninklijke Philips Electronics N.V. | Archive system and method for copy controlled storage devices |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02110491A (en) | 1988-10-19 | 1990-04-23 | Nippon Telegr & Teleph Corp <Ntt> | Storage device |
JP3143108B2 (en) * | 1990-03-13 | 2001-03-07 | 株式会社日立製作所 | File encryption method and file encryption system |
US6157721A (en) * | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
EP0951767A2 (en) | 1997-01-03 | 1999-10-27 | Fortress Technologies, Inc. | Improved network security device |
WO1998045980A2 (en) * | 1997-03-10 | 1998-10-15 | Fielder Guy L | Secure deterministic encryption key generator system and method |
JPH10271104A (en) * | 1997-03-24 | 1998-10-09 | Hitachi Inf Syst Ltd | Ciphering method and decipherinc method |
US6351536B1 (en) * | 1997-10-01 | 2002-02-26 | Minoru Sasaki | Encryption network system and method |
US6259789B1 (en) * | 1997-12-12 | 2001-07-10 | Safecourier Software, Inc. | Computer implemented secret object key block cipher encryption and digital signature device and method |
US6185681B1 (en) * | 1998-05-07 | 2001-02-06 | Stephen Zizzi | Method of transparent encryption and decryption for an electronic document management system |
JP2002185443A (en) * | 2000-12-11 | 2002-06-28 | Hitachi Ltd | Secret key managing system |
JP2002157167A (en) | 2001-08-23 | 2002-05-31 | Mitsubishi Electric Corp | Electronic information filing device |
US9544297B2 (en) * | 2002-03-08 | 2017-01-10 | Algorithmic Research Ltd. | Method for secured data processing |
-
2004
- 2004-07-01 EP EP04015475A patent/EP1612636A1/en not_active Withdrawn
-
2005
- 2005-06-30 AT AT05751914T patent/ATE526621T1/en active
- 2005-06-30 WO PCT/CH2005/000363 patent/WO2006002564A1/en active Application Filing
- 2005-06-30 CN CNB2005800285325A patent/CN100530029C/en not_active Expired - Fee Related
- 2005-06-30 JP JP2007519590A patent/JP4801059B2/en not_active Expired - Fee Related
- 2005-06-30 US US11/631,237 patent/US8098819B2/en not_active Expired - Fee Related
- 2005-06-30 EP EP05751914A patent/EP1766492B1/en not_active Not-in-force
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4015475A (en) | 1974-12-10 | 1977-04-05 | Hoesch Werke Aktiengesellschaft | Method of and device for stripping off a lost measuring head detachably placed upon a measuring lance |
US5802175A (en) * | 1996-09-18 | 1998-09-01 | Kara; Salim G. | Computer file backup encryption system and method |
US5940507A (en) * | 1997-02-11 | 1999-08-17 | Connected Corporation | Secure file archive through encryption key management |
US6134660A (en) * | 1997-06-30 | 2000-10-17 | Telcordia Technologies, Inc. | Method for revoking computer backup files using cryptographic techniques |
DE19960977A1 (en) * | 1998-12-23 | 2000-07-06 | Ibm | Data achiving system with access check on data recall, has third party acting as manager |
WO2004046899A2 (en) * | 2002-11-15 | 2004-06-03 | Koninklijke Philips Electronics N.V. | Archive system and method for copy controlled storage devices |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009087183A (en) * | 2007-10-02 | 2009-04-23 | Nippon Telegr & Teleph Corp <Ntt> | Security method for information recording medium, information processing device, program and recording medium |
JP2009104575A (en) * | 2007-10-02 | 2009-05-14 | Nippon Telegr & Teleph Corp <Ntt> | Security method for information recording medium, information processor, program and recording medium |
Also Published As
Publication number | Publication date |
---|---|
JP4801059B2 (en) | 2011-10-26 |
US8098819B2 (en) | 2012-01-17 |
ATE526621T1 (en) | 2011-10-15 |
EP1612636A1 (en) | 2006-01-04 |
CN100530029C (en) | 2009-08-19 |
JP2008505571A (en) | 2008-02-21 |
US20080285754A1 (en) | 2008-11-20 |
CN101027623A (en) | 2007-08-29 |
EP1766492B1 (en) | 2011-09-28 |
EP1766492A1 (en) | 2007-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8098819B2 (en) | Method, system and securing means for data archiving with automatic encryption and decryption by fragmentation of keys | |
KR100889099B1 (en) | Data storage device security method and apparatus | |
US7890993B2 (en) | Secret file access authorization system with fingerprint limitation | |
US8281135B2 (en) | Enforcing use of chipset key management services for encrypted storage devices | |
US8191159B2 (en) | Data security for digital data storage | |
CN101441601B (en) | Ciphering transmission method of hard disk ATA instruction and system | |
KR20090101945A (en) | Upgrading a memory card that has security mechanisms that prevent copying of secure content and applications | |
WO2009009052A1 (en) | Memory data shredder | |
KR20120028903A (en) | Method for performing double domain encryption in a memory device | |
WO2007089266A2 (en) | Administration of data encryption in enterprise computer systems | |
CN1478223A (en) | Authentication method and data transmission system | |
JP2004171207A (en) | Data protection/storage method and server | |
CN101036096A (en) | Data security | |
CN105247833A (en) | Self-authentication device and method | |
KR20120028321A (en) | Method and system for content replication control | |
CN116601915A (en) | Encrypting and erasing data stored in a Key per IO enabled device via internal actions | |
JP4612399B2 (en) | Environment restoration method for shared use personal computer system and shared use personal computer | |
CN102473225B (en) | For the protection of the method for digital storage equipment, system and equipment | |
US20210083858A1 (en) | Crypto-erasure via internal and/or external action | |
KR100779985B1 (en) | Protecting method and system of contents | |
JPH10340232A (en) | File copy preventing device, and file reader | |
JP4899196B2 (en) | Data management system, terminal computer, management computer, data management method and program thereof | |
WO2018172914A1 (en) | System and method for secure storage of data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 4803/CHENP/2006 Country of ref document: IN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007519590 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005751914 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580028532.5 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2005751914 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11631237 Country of ref document: US |