Patents by Inventor Mark J. Gurkowski
Mark J. Gurkowski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9672333Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decType: GrantFiled: November 5, 2012Date of Patent: June 6, 2017Assignee: Adobe Systems IncorporatedInventors: Lane W. Lee, Mark J. Gurkowski, Randal Hines
-
Publication number: 20170070345Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decType: ApplicationFiled: November 5, 2012Publication date: March 9, 2017Inventors: Lane W. Lee, Mark J. Gurkowski, Randal Hines
-
Publication number: 20140129847Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decType: ApplicationFiled: November 5, 2012Publication date: May 8, 2014Applicant: Divan Industries, LLCInventors: Lane W. Lee, Mark J. Gurkowski, Randal Hines
-
Patent number: 8307217Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decType: GrantFiled: February 5, 2008Date of Patent: November 6, 2012Inventors: Lane W. Lee, Mark J. Gurkowski, Randal Hines
-
Patent number: 8010790Abstract: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.Type: GrantFiled: September 10, 2008Date of Patent: August 30, 2011Assignee: DPHI, Inc.Inventors: Lane W. Lee, Randal C. Hines, Mark J. Gurkowski, David L. Blankenbeckler
-
Patent number: 8001387Abstract: In one embodiment, a storage device with biometric access includes: a biometric scanner adapted to scan a biological feature of a user to provide a corresponding extracted biometric template; and a storage engine adapted to retrieve an encrypted biometric template from a storage medium and to retrieve a corresponding encrypted content key from the storage medium. The storage engine generates a first key and combines the first key with a media identifier from the storage medium to provide a content key. Using the content key, the storage engine decrypts the retrieved encrypted biometric template. If the extracted biometric template matches the retrieved biometric template, the storage engine grants a user access to content on the storage medium.Type: GrantFiled: April 19, 2006Date of Patent: August 16, 2011Assignee: DPHI, Inc.Inventors: Lane W. Lee, Mark J. Gurkowski, David H. Davies
-
Patent number: 7549044Abstract: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.Type: GrantFiled: October 28, 2003Date of Patent: June 16, 2009Assignee: DPHI Acquisitions, Inc.Inventors: Lane W. Lee, Randal C. Hines, Mark J. Gurkowski, David L. Blankenbeckler
-
Publication number: 20090003608Abstract: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.Type: ApplicationFiled: September 10, 2008Publication date: January 1, 2009Inventors: Lane W. Lee, Randal C. Hines, Mark J. Gurkowski, David L. Blankenbeckler
-
Publication number: 20080294914Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decType: ApplicationFiled: February 5, 2008Publication date: November 27, 2008Inventors: Lane W. Lee, Mark J. Gurkowski, Randal Hines
-
Publication number: 20030169733Abstract: An interface protocol for transmitting variable-sized packets between a host system and a storage device. The protocol supports a plurality of signals for transmitting data between the host system and the storage device. One or more address signals indicate whether the packet includes command, data, or status information. An enable signal indicates when the packets may be transmitted to and from the storage device. Read and write strobe signals are also included to allow the host to request data from and transmit data to the storage device. The protocol includes an extensible command set which includes a function code, one or more interrupt requests, and signals to indicate when the storage device is busy, when the storage device is ready to transfer data, when the storage device is ready to receive bytes from a command packet, when the storage device is ready to receive or transmit a data block, and when the storage device is ready to transmit status bytes.Type: ApplicationFiled: November 6, 2002Publication date: September 11, 2003Inventors: Mark J. Gurkowski, Stan M. Keeler, Lane W. Lee