Secure storage of full disk encryption keys
US-9235532-B2 · Jan 12, 2016 · US
Device using secure storage and retrieval of data
US10037436B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10037436-B2 |
| Application number | US-201514967066-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 11, 2015 |
| Priority date | Dec 11, 2015 |
| Publication date | Jul 31, 2018 |
| Grant date | Jul 31, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An appliance is capable of storing and processing data related to details surrounding its ownership, behavior, and history within itself in a secure and unalterable way. The appliance may experience multiple transfers in ownership during its lifetime. Certain data stored in the appliance may be encrypted such that only qualifying parties (e.g., owners) may be able to access the data. Some data may remain private to an individual owner while other data may be made available to subsequent owners by passing a shared secret that can be utilized to decrypt the other data. Data may be stored in the appliance in chronological order and may be signed by appropriate parties such that it is not possible to alter the data without detection.
First claim
Opening claim text (preview).
What is claimed is: 1. An appliance comprising: a processor; a memory coupled to the processor; one or more state monitoring sensors coupled to the processor; and a computer-readable medium coupled to the processor, including code that is executable by the processor, for implementing a method comprising: receiving, by the appliance and from a first owner device, a first encryption key and a second encryption key associated with a first owner of the appliance; storing the first encryption key and the second encryption key in the appliance; encrypting, by the appliance, first owner private data stored in the appliance using the first encryption key, wherein the first owner private data is not accessible to a second owner of the appliance; encrypting, by the appliance, owners private data stored in the appliance using the second encryption key to form encrypted owners private data, wherein the owners private data is accessible by the second owner of the appliance; receiving, by the appliance, from the first owner device associated with the first owner, ownership transfer data including the second encryption key, wherein the second encryption key is encrypted by the first owner device; generating, by the appliance, an ownership transfer entry comprising the ownership transfer data; receiving, by the appliance from a second owner device associated with the second owner, a decryption request for the ownership transfer data; decrypting, by the appliance, the ownership transfer data; retrieving, by the appliance, the second encryption key from the ownership transfer data; and sending, by the appliance, the second encryption key to the second owner device, wherein the second owner device utilizes the second encryption key to access the owners private data. 2. The appliance of claim 1 , wherein the first encryption key and the second encryption key are symmetric encryption keys. 3. The appliance of claim 1 , wherein the method further comprises: receiving, by the appliance from the second owner device, a subsequent decryption request including the second encryption key for the owners private data; decrypting, by the appliance, the encrypted owners private data; retrieving, by the appliance, the owners private data; and sending, by the appliance, the owners private data to the second owner device. 4. The appliance of claim 1 , wherein the method further comprises, prior to encrypting the first owner private data: monitoring, by the one or more state monitoring sensors of the appliance, first data related to the appliance; generating, by the appliance, the first owner private data based on the first data; and storing, by the appliance, the first owner private data. 5. The appliance of claim 1 , wherein the method further comprises, prior to encrypting the owners private data: monitoring, by the one or more state monitoring sensors of the appliance, second data related to the appliance; generating, by the appliance, the owners private data based on the second data; and storing, by the appliance, the owners private data. 6. The appliance of claim 1 , wherein the first owner private data is accessible to only the first owner of the appliance. 7. The appliance of claim 1 , wherein the owners private data is accessible to the first owner and the second owner of the appliance. 8. A method comprising: receiving, by an appliance and from a first owner device, a first encryption key and a second encryption key associated with a first owner of the appliance; storing the first encryption key and the second encryption key in the appliance; encrypting, by the appliance, first owner private data stored in the appliance using the first encryption key, wherein the first owner private data is not accessible to a second owner of the appliance; and encrypting, by the appliance, owners private data stored in the appliance using the second encryption key to form encrypted owners private data, wherein the owners private data is accessible by the second owner of the appliance; receiving, by the appliance, from the first owner device associated with the first owner, ownership transfer data including the second encryption key, wherein the second encryption key is encrypted by the first owner device; generating, by the appliance, an ownership transfer entry comprising the ownership transfer data; receiving, by the appliance from a second owner device associated with the second owner, a decryption request for the ownership transfer data; decrypting, by the appliance, the ownership transfer data; retrieving, by the appliance, the second encryption key from the ownership transfer data; and sending, by the appliance, the second encryption key to the second owner device, wherein the second owner device utilizes the second encryption key to access the owners private data. 9. The method of claim 8 , wherein the first encryption key and the second encryption key are symmetric encryption keys. 10. The method of claim 8 , further comprising: receiving, by the appliance from the second owner device, a subsequent decryption request including the second encryption key for the owners private data; decrypting, by the appliance, the owners private data; retrieving, by the appliance, the owners private data from the owners private data; and sending, by the appliance, the owners private data to the second owner device. 11. The method of claim 8 , further comprising, prior to encrypting the first owner private data: monitoring, by one or more state monitoring sensors of the appliance, first data related to the appliance; generating, by the appliance, the first owner private data based on the first data; and storing, by the appliance, the first owner private data. 12. The method of claim 8 , further comprising, prior to encrypting the owners private data: monitoring, by one or more state monitoring sensors of the appliance, second data related to the appliance; generating, by the appliance, the owners private data based on the second data; and storing, by the appliance, the owners private data. 13. The method of claim 8 , wherein the first owner private data is accessible to only the first owner of the appliance. 14. The method of claim 8 , further comprising: generating, by the appliance, a digest of the first owner private data and owners private data; digitally signing, by the appliance, the digest to form a signed digest; and storing the signed digest in the appliance.
Assignees
Inventors
Classifications
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Providing cryptographic facilities or services · CPC title
Auditing as a secondary aspect · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
using a plurality of keys or algorithms · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10037436B2 cover?
- An appliance is capable of storing and processing data related to details surrounding its ownership, behavior, and history within itself in a secure and unalterable way. The appliance may experience multiple transfers in ownership during its lifetime. Certain data stored in the appliance may be encrypted such that only qualifying parties (e.g., owners) may be able to access the data. Some data …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 31 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).