Preventing access of a host device to malicious data in a portable device

US 10,460,131 B2
Filed: 08/30/2017
Issued: 10/29/2019
Est. Priority Date: 09/15/2011
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a host device, comprising:

performing a mutual authentication between a storage device and the host device using a key exchange mechanism, the storage device contains a read only partition and a removable partition;

copying a protection application from the read only partition of the storage device to a memory in the host device, wherein the storage device is connected to the host device;

running the protection application on the host device, wherein the protection application restricts access from the removable partition of the storage device by the host device;

then requesting, by the protection application, access to a file allocation table data of the removable partition for analyzing information stored therein;

then sending the file allocation table data to the protection application on the host device;

then analyzing the file allocation table data;

determining if the protection application on the host device has finished a scanning of the file allocation table data; and

pursuant to the finishing of the scanning of the file allocation table data, sending an expose command to a controller of the storage device to notify that the data in the removable partition of the storage device is safe and available for use by the host device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage device comprising a memory, a controller, and a host interface operative to connect with a host. The memory containing data locations access to which are controllable by a protection application which is executable on a host. When the host interface operatively coupled to a host data locations in the memory are accessible to an operating system of the host only under permission from the protection application. The controller communicates with the protection application running on the host for allowing the protection application access to data locations in the memory. Upon a host request for access to a data location, the controller determines if permission to access the requested data location is acquired from the protection application. The permission is based on determination of the protection application that the data location does not contain malicious data harmful to the host operating system, to any application and/or to any data on the host.

23 Citations

20 Claims

1. A method for protecting a host device, comprising:
- performing a mutual authentication between a storage device and the host device using a key exchange mechanism, the storage device contains a read only partition and a removable partition;
  
  copying a protection application from the read only partition of the storage device to a memory in the host device, wherein the storage device is connected to the host device;
  
  running the protection application on the host device, wherein the protection application restricts access from the removable partition of the storage device by the host device;
  
  then requesting, by the protection application, access to a file allocation table data of the removable partition for analyzing information stored therein;
  
  then sending the file allocation table data to the protection application on the host device;
  
  then analyzing the file allocation table data;
  
  determining if the protection application on the host device has finished a scanning of the file allocation table data; and
  
  pursuant to the finishing of the scanning of the file allocation table data, sending an expose command to a controller of the storage device to notify that the data in the removable partition of the storage device is safe and available for use by the host device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method according to claim 1, wherein the restricting of the access to the file allocation table data on the storage device is through a controller on the storage device.
  - 3. The method according to claim 1, further comprising:
    - sending a command with the protection application from the host device to the storage device.
  - 4. The method according to claim 3, wherein the command that is sent from the protection application to the storage device provides protection application access to memory areas of the storage device with the restricted access.
  - 5. The method according to claim 4, wherein the command instructs a controller in the storage device to read data from a specified data location in a removable memory allocation of the storage device.
  - 6. The method according to claim 4, wherein the command instructs a controller in the storage device to write data to a specified data location in a removable memory allocation of the storage device.
  - 7. The method according to claim 1, wherein the storage device is a universal serial bus device.
  - 8. The method according to claim 1, wherein the storage device is one of a secure digital, a mini SD, a micro SD, a hard drive, a memory stick and a multi-media card.
  - 9. The method according to claim 1, wherein the host device is one of a computer, a hand held computing device, a server, a cellular communication device, an audio reproducing device, a global positioning device and a video camera.
  - 10. The method according to claim 1, wherein the storage device has at least two memory partitions.
  - 11. The method according to claim 10, wherein a first of the memory partitions is a removable partition.
  - 12. The method according to claim 11, wherein a second of the memory partitions is a read-only partition.
  - 13. The method according to 11, wherein the restricting access to the file allocation table data on the storage device by the host device is to the removable partition.
  - 14. The method according to claim 1, further comprising:
    - analyzing the removable partition for a presence of a virus by the protection application.
  - 15. The method according to claim 14, wherein the analyzing the removable partition involves analyzing the file allocation table data.
  - 16. The method according to claim 15, further comprising:
    - transferring data infected by the virus to the protection application.
  - 17. The method according to claim 16, further comprising:
    - cleaning the transferred data infected by the virus in the protection application.

18. An apparatus, comprising:
- means for performing a mutual authentication between a storage device and a host device using a key exchange mechanism, the storage device contains a read only partition and a removable partition;
  
  means for storing data, the means for storing data being operatively connected to a host device;
  
  means for providing a copy protection application from the read only partition of the means for storing data to a memory in the host device;
  
  means for running the protection application on the host device, wherein the protection application restricts access from the removable partition of the storage device by the host device;
  
  means for requesting, by the protection application, access to a file allocation table data of the removable partition for analyzing information stored therein;
  
  means for sending the file allocation table data to the protection application on the host device;
  
  means for analyzing the file allocation table data;
  
  means for determining if the protection application on the host device has finished a scanning of the file allocation table data; and
  
  means for pursuant to the finishing of the scanning of the file allocation table data, sending an expose command to a controller of the storage device to notify that the data in the removable partition of the storage device is safe and available for use by the host device.
- View Dependent Claims (19, 20)
- - 19. The apparatus according to claim 18, wherein the means for storing data has a first partition and a second partition.
  - 20. The apparatus according to claim 19, wherein the first partition is viewed at the host device as a removable partition and the second partition is viewed at the host device as a read-only device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Inventors
Sobol, Eyal, Paz, Nir Ofek
Primary Examiner(s)
Korsak, Oleg
Assistant Examiner(s)
Almeida, Devin E

Application Number

US15/690,387
Publication Number

US 20180004981A1
Time in Patent Office

790 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/56 Computer malware detection ...

G06F 21/78 to assure secure storage of...

Preventing access of a host device to malicious data in a portable device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing access of a host device to malicious data in a portable device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links