Secure storage device with on-board encryption control
First Claim
1. A security device for controlling a host device, the host device having a processor, a data storage, and a data storage controller, the security device comprising:
- an interface for connecting the security device to the host device to enable the security device to control encryption and decryption of data communication between the processor of the host device and the data storage of the host device;
data storage for storing an encryption key for the encryption and decryption of the data communication;
a security processor, coupled to the interface and to the data storage for controlling the data communication by use of the encryption key; and
a wide area communication interface configured for secure communication with a remote device;
wherein the security processor is configured to control, based on the secure communication, the data communication between the processor of the host device and the data storage of the host device;
wherein the security processor is configured to take control of the host device during a boot sequence of the host device for performing data modification actions on the data storage of the host device; and
wherein the security processor is configured to disable the decryption of the host device data communication between the processor of the host device and the data storage of the host device in certain geographical locations.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication and security device for a portable computer having an interface for connecting the security device to a host device to enable the security device to control encryption and decryption of data communication between a processor of the host device and a data storage of the host device. Examples include a security device with data storage for storing an encryption key for the encryption and decryption of the data communication, a security processor coupled to the interface and to the data storage for controlling the data communication by use of the encryption key, and a wide area communication interface configured for secure communication with a remote device. The security processor may be configured to control the data communication between the processor of the host device and the data storage of the host device based on the secure communication.
-
Citations
19 Claims
-
1. A security device for controlling a host device, the host device having a processor, a data storage, and a data storage controller, the security device comprising:
-
an interface for connecting the security device to the host device to enable the security device to control encryption and decryption of data communication between the processor of the host device and the data storage of the host device; data storage for storing an encryption key for the encryption and decryption of the data communication; a security processor, coupled to the interface and to the data storage for controlling the data communication by use of the encryption key; and a wide area communication interface configured for secure communication with a remote device; wherein the security processor is configured to control, based on the secure communication, the data communication between the processor of the host device and the data storage of the host device; wherein the security processor is configured to take control of the host device during a boot sequence of the host device for performing data modification actions on the data storage of the host device; and wherein the security processor is configured to disable the decryption of the host device data communication between the processor of the host device and the data storage of the host device in certain geographical locations. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data access control device comprising:
-
a chassis having an industry standard form factor for integration of the data access control device with a host device, the host device comprising a processor, a data storage, and a data storage controller; and a wide area communication interface configured to receive a security message from a remote device, the security message comprising a security command; wherein the data access control device is configured to control data communication between the processor of the host device and the data storage of the host device based on the security command by controlling the data access controller of the host device; wherein the processor is configured to take control of the host device during a boot sequence of the host device for performing data modification actions on the data storage of the host device wherein the processor is configured to disable the decryption of the host device data communication between the processor of the host device and the data storage of the host device in certain geographical locations. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system comprising a host device and a data access control device for controlling the host device,
the host device comprising a processor, a data storage, and a data storage controller, the host device having a boot sequence controlled by a BIOS; -
the data access control device comprising a wide area communication interface configured to receive a security message from a remote device, the security message comprising a security command, wherein the data access control device is configured to control data communication between the processor of the host device and the data storage of the host device based on the security command; wherein the data access control device is further configured to modify the BIOS of the host device so that, during the boot sequence of the host device, the host device passes control of the data storage to the data access control device; and wherein the processor is configured to disable the decryption of the host device data communication between the processor of the host device and the data storage of the host device in certain geographical locations. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification