News Column

"Anti-Wikileaks Usb/Cd Device" in Patent Application Approval Process

February 4, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent application by the inventors Powell, Carl Marshall Eliot (Laytonsville, MD); Hull, Thao N. (Elliott City, MD), filed on July 10, 2012, was made available online on January 23, 2014, according to news reporting originating from Washington, D.C., by VerticalNews correspondents.

This patent application has not been assigned to a company or institution.

The following quote was obtained by the news editors from the background information supplied by the inventors: "Embodiments of the present invention are related to the field of data encryption and encryption key management.

"Cryptography is frequently used to control unauthorized viewing of sensitive data on a variety of removable media types (e.g., USB flash drives, CD-ROMs, DVD-ROMs) by encrypting the data. However, the encryption (or decryption) key associated with that data is generally possessed by the user. While this allows the user to access their own data and prevents others from using that data without the owner's knowledge, it would not prevent an insider leak as happened in the highly publicized WikiLeaks release. (In that case, the owner of the media was also the source of the release.) Encrypting the information using standard methods would not have blocked the release of the information because the authorized owner (or possessor) of the medium containing the sensitive data would likely also possess the decryption key and therefore would be able to decrypt the contents once outside of the enterprise (e.g., a corporation, a facility, a military unit, etc.).

"Prohibiting the use of removable media within an enterprise is one alternative, but this deprives the enterprise of the advantages of being able to quickly move large amounts of information (e.g., physically transporting removable media from one place to another when network connections are comparatively slow). For example, such restrictions have generated a enough of an impact that some military units in the field override these restrictions because the loss of function was deemed to have a greater negative impact than a potential leak might.

"Therefore, it would be desirable to have a system that is capable of restricting the disclosure of information by an insider who has authorization to view or use that information. Existing techniques either provide very limited protection against this kind of attack or provide protection in a manner that unacceptably reduces the functionality of the system being protected."

In addition to the background information obtained for this patent application, VerticalNews journalists also obtained the inventors' summary information for this patent application: "Embodiments of the present invention are directed to systems and methods for storing, encrypting, and decrypting information on removable media such that users authorized to access and use the data do not have direct access to the encryption and decryption keys.

"According to one embodiment of the present invention, a method for encrypting and storing data on a removable medium includes: obtaining a medium key uniquely associated with the removable medium; encrypting the data using the medium key to generate encrypted data; and writing the encrypted data onto the removable medium.

"When the removable medium is uninitialized, the obtaining the medium key associated with the removable medium may include: generating a medium identifier associated with the removable medium; initializing the removable medium by writing the medium identifier onto the removable medium; generating the medium key; and storing the medium key.

"The storing the medium key may include: associating the medium key with the medium identifier; and storing the medium key with the associated medium identifier in a central database.

"The storing the medium key may include: encrypting the medium key using a public key associated with a destination encrypting input/output system to generate an encrypted medium key; and writing the encrypted medium key onto the removable medium.

"When the removable medium is previously initialized, the obtaining the medium key associated with the removable medium may include: reading a medium identifier from the removable medium; and querying a central database using the medium identifier to retrieve the medium key associated with the removable medium.

"When the removable medium is previously initialized, the obtaining the medium key associated with the removable medium may include decrypting an encrypted medium key using a private key of a destination encrypting input/output system, the encrypted medium key being stored on the removable medium.

"According to another embodiment of the present invention, a method of reading encrypted data from a removable medium includes: obtaining a medium key associated with the removable medium; and decrypting the encrypted data using the medium key.

"The obtaining the medium key associated with the removable medium may include: reading a medium identifier from the removable medium; and querying a central database using the medium identifier to retrieve the medium key associated with the removable medium.

"The obtaining the medium key associated with the removable medium may include decrypting an encrypted medium key using a private key of a destination encrypting input/output system, the encrypted medium key being stored on the removable medium.

"According to still another embodiment of the present invention, a system for encrypting and storing data on a removable medium includes a first encrypting input/output system (EIOS) configured to: obtain a medium key associated with the removable medium; encrypt the data using the medium key to generate encrypted data; and write the encrypted data onto the removable medium.

"The first EIOS may be further configured to obtain the medium key associated with the removable medium by: generating a medium identifier associated with the removable medium; initializing the removable medium by writing the medium identifier onto the removable medium; generating the medium key; and storing the medium key, when the removable medium is uninitialized.

"The system may further include a central database connected to the first EIOS over a network, wherein the storing the medium key comprises transmitting the medium key with the medium identifier over the network to be stored in the central database.

"The system may further include a second encrypting input/output system (EIOS), wherein the storing the medium key may include: encrypting the medium key using a public key associated with the second EIOS to generate an encrypted medium key; and writing the encrypted medium key onto the removable medium.

"The system may further include a central database connected to the first EIOS over a network, wherein the first EIOS may be further configured to obtain the medium key associated with the removable medium by: reading a medium identifier from the removable medium; and querying the central database using the medium identifier to retrieve the medium key associated with the removable medium, when the removable medium is previously initialized.

"The first EIOS may be further configured to obtain the medium key associated with the removable medium by: decrypting an encrypted medium key using a private key of the first EIOS to obtain the medium key, the encrypted medium key being stored on the removable medium.

"According to another embodiment of the present invention, a system for decrypting encrypted data stored a removable medium includes a first encrypting input/output system (EIOS) configured to: obtain a medium key associated with the removable medium; and decrypt the data using the medium key to generate encrypted data.

"The first EIOS may be further configured to obtain the medium key associated with the removable medium by: reading a medium identifier from the removable medium; and querying a central database using the medium identifier to retrieve the medium key associated with the removable medium.

"The first EIOS may be further configured to obtain the medium key associated with the removable medium by: decrypting an encrypted medium key using a private key of the first EIOS to obtain the medium key, the encrypted medium key being stored on the removable medium.

BRIEF DESCRIPTION OF THE DRAWINGS

"The accompanying drawings, together with the specification, illustrate exemplary embodiments of the present invention, and, together with the description, serve to explain the principles of the present invention.

"FIG. 1 is a block diagram illustrating a system for encrypting removable media according to one embodiment of the present invention.

"FIG. 2 is a flowchart illustrating a method of using a removable medium with an encrypting input/output system (EIOS) according to one embodiment of the present invention.

"FIG. 3A is a flowchart illustrating a method of initializing a removable medium for use with an EIOS according to one embodiment of the present invention.

"FIG. 3B is a flowchart illustrating a method of initializing a removable medium for use with an EIOS according to another embodiment of the present invention.

"FIG. 4 is a flowchart illustrating a method of obtaining a medium key according to one embodiment of the present invention.

"FIG. 5 is a block diagram illustrating a system for encrypting removable media for transfer to destination user machines not having a network connection according to one embodiment of the present invention.

"FIG. 6 is a flowchart illustrating a method of encrypting a medium key SK.sub.M for access by a destination user machine not having a network connection according to one embodiment of the present invention.

"FIG. 7 is a flowchart illustrating a method of initializing a removable medium for use with an EIOS according to one embodiment of the present invention."

URL and more information on this patent application, see: Powell, Carl Marshall Eliot; Hull, Thao N. Anti-Wikileaks Usb/Cd Device. Filed July 10, 2012 and posted January 23, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=372&p=8&f=G&l=50&d=PG01&S1=20140116.PD.&OS=PD/20140116&RS=PD/20140116

Keywords for this news article include: Patents, Information Technology, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools