What technology area does this patent fall under?

Primary CPC classification H04L9/0891. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).

System and method for wiping encrypted data on a device having file-level content protection

US11263020B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11263020-B2
Application number	US-201816017940-A
Country	US
Kind code	B2
Filing date	Jun 25, 2018
Priority date	Apr 7, 2010
Publication date	Mar 1, 2022
Grant date	Mar 1, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for controlling access to a computing device, the method comprising, at the computing device: transitioning into a locked state under which the computing device prohibits access to at least one file that is accessible when the computing device is operating in an unlocked state; purging, from a volatile memory communicably coupled to the computing device, at least one encryption key, and data of at least one file that is associated with the at least one encryption key; receiving a request to transition into the unlocked state, wherein the request includes a password; utilizing the password to decrypt an encrypted key bag to produce a decrypted key bag, wherein the decrypted key bag includes a plurality of encryption keys; decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file; in response to verifying that the decrypted at least one file matches expected data for the at least one file: transitioning into the unlocked state to permit access to the computing device; and in response to identifying that the decrypted at least one file does not match the expected data for the at least one file: remaining in the locked state to prohibit access to the computing device. 2. The method of claim 1 , wherein prohibiting access to the computing device further comprises: displaying a first indication that an input of the password is invalid. 3. The method of claim 1 , further comprising, prior to receiving the input of the password: interfacing with a security process to determine whether an input of the password is required; receiving a second indication from the security process that the input the password is required; and displaying a prompt at the computing device to input the password. 4. The method of claim 1 , wherein, when the computing device transitions into the unlocked state, the computing device permits access to at least one file that is inaccessible when the computing device is operating in the locked state. 5. The method of claim 1 , further comprising: generating a new encryption key; adding the new encryption key to the decrypted key bag; and encrypting the decrypted at least one file using the new encryption key. 6. The method of claim 1 , further comprising: identifying at least one encryption key in the decrypted key bag that has no association with any encrypted files stored on the computing device; and removing the at least one encryption key from the decrypted key bag. 7. At least one non-transitory computer readable storage medium configured to store instructions that, when executed by at least one processor included in a computing device, cause the computing device to control access to the computing device, by carrying out steps that include: transitioning into a locked state under which the computing device prohibits access to at least one file that is accessible when the computing device is operating in an unlocked state; purging, from a volatile memory communicably coupled to the computing device, at least one encryption key, and data of at least one file that is associated with the at least one encryption key; receiving a request to transition into the unlocked state, wherein the request includes a password; utilizing the password to decrypt an encrypted key bag to produce a decrypted key bag, wherein the decrypted key bag includes a plurality of encryption keys; decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file; in response to verifying that the decrypted at least one file matches expected data for the at least one file: transitioning into the unlocked state to permit access to the computing device; and in response to identifying that the decrypted at least one file does not match the expected data for the at least one file: remaining in the locked state to prohibit access to the computing device. 8. The at least one non-transitory computer readable storage medium of claim 7 , wherein prohibiting access to the computing device further comprises: displaying a first indication that an input of the password is invalid. 9. The at least one non-transitory computer readable storage medium of claim 7 , wherein the steps further include, prior to receiving the input of the password: interfacing with a security process to determine whether an input of the password is required; receiving a second indication from the security process that the input the password is required; and displaying a prompt at the computing device to input the password. 10. The at least one non-transitory computer readable storage medium of claim 7 , wherein, when the computing device enters into the unlocked state, the computing device permits access to at least one file that is inaccessible when the computing device is operating in the locked state. 11. The at least one non-transitory computer readable storage medium of claim 7 , wherein the steps further include: generating a new encryption key; adding the new encryption key to the decrypted key bag; and encrypting the decrypted at least one file using the new encryption key. 12. The at least one non-transitory computer readable storage medium of claim 7 , wherein the steps further include: identifying at least one encryption key in the decrypted key bag that has no association with any encrypted files stored on the computing device; and removing the at least one encryption key from the decrypted key bag. 13. A computing device configured to control access to the computing device, the computing device comprising: at least one processor; and at least one memory storing instructions that, when executed by the at least one processor, cause the computing device to: transition into a locked state under which the computing device prohibits access to at least one file that is accessible when the computing device is operating in an unlocked state; purge, from a volatile memory communicably coupled to the computing device, at least one encryption key, and data of at least one file that is associated with the at least one encryption key; receive a request to transition into the unlocked state, wherein the request includes a password; utilize the password to decrypt an encrypted key bag to produce a decrypted key bag, wherein the decrypted key bag includes a plurality of encryption keys; decrypt, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file; in response to verifying that the decrypted at least one file matches expected data for the at least one file: transition into the unlocked state to permit access to the computing device; and in response to identifying that the decrypted at least one file does not match the expected data for the at least one file: remain in the locked state to prohibit access to the computing device. 14. The computing device of claim 13 , wherein prohibiting access to the computing device further comprises: displaying a first indication that an input of the password is invalid. 15. The computing device of claim 13 , wherein the at least one processor further causes the computing device to, prior to receiving the input of the password: interface with a security process to determine whether an input of the password is required; receive a second indication from the security process t

Assignees

Apple Inc

Inventors

Classifications

H04L9/0891Primary
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
H04L9/3226
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
G06F21/602
Providing cryptographic facilities or services · CPC title
H04W12/04
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
H04L9/12
Transmitting and receiving encryption devices synchronised or initially set up in a particular manner · CPC title

Patent family

Related publications grouped by family.

View patent family 44761779

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11263020B2 cover?: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default k…
Who is the assignee on this patent?: Apple Inc
What technology area does this patent fall under?: Primary CPC classification H04L9/0891. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).