Using hardware to secure areas of long term storage in CE devices

US 20060161750A1
Filed: 01/20/2005
Published: 07/20/2006
Est. Priority Date: 01/20/2005
Status: Active Grant

First Claim

Patent Images

1. A system for securing long-term storage in an electronic device, the system comprising:

a memory including one or more areas of long-term storage, including at least one area of secured long-term storage;

a memory management unit for managing at least the secured long-term storage area of the memory;

a security component for regulating access to at least the secured long-term storage area, the security component including;

a memory security application for receiving and authenticating a cryptographic authorization code that controls access to at least the secured long-term storage area, and a controller for sending instructions from the memory security application to the memory management unit to disable writing into at least the secured long-term storage area of the memory if the security application does not authenticate the cryptographic authorization code;

wherein the security component is implemented by dedicated circuitry.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes long-term storage (e.g., flash memory) for storing sensitive data and critical components of a consumer electronic (CE) device such as an operating system (OS) kernel, private cryptographic key values, security applications, and firmware configurations, for example. Security hardware/software designates and restricts access to secured portions of long-term storage that contain the critical components. Requests for access to these secured portions are addressed by the security hardware/software, which authenticates a cryptographic authorization code received with the request. Read-write access to the secured portions is allowed for download and installation of, for example, a software or firmware upgrade if the cryptographic authorization code is authenticated.

Citations

22 Claims

1. A system for securing long-term storage in an electronic device, the system comprising:
- a memory including one or more areas of long-term storage, including at least one area of secured long-term storage;
  
  a memory management unit for managing at least the secured long-term storage area of the memory;
  
  a security component for regulating access to at least the secured long-term storage area, the security component including;
  
  a memory security application for receiving and authenticating a cryptographic authorization code that controls access to at least the secured long-term storage area, and a controller for sending instructions from the memory security application to the memory management unit to disable writing into at least the secured long-term storage area of the memory if the security application does not authenticate the cryptographic authorization code;
  
  wherein the security component is implemented by dedicated circuitry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A system according to claim 1, wherein the memory management system operates in an address space, the secured long-term storage is accessed using a portion of the address space and the memory security application controls access to the portion of the address space.
  - 3. A system according to claim 1 wherein the memory security application includes an authenticating process selected from a group consisting of a Triple Data Encryption Standard (3DES) algorithm, an Advanced Encryption Standard (AES) algorithm, a Rivest Shamir Adleman (RSA) algorithm and a Symmetric Algorithm Based Public Key Standard (S-PKS) algorithm.
  - 4. A system according to claim 1, wherein the security component further comprises a data security application including predetermined decryption algorithms for receiving, validating and saving the data;
  - 5. A system according to claim 1, wherein the secured long-term memory includes data selected from a group consisting of:
    - an operating system kernel;
      
      the data and memory security applications;
      
      one or more firmware configurations for reconfigurable hardware elements;
      
      one or more secret key values; and
      
      one or more checksum, CRC and hash values of the data.
  - 6. A system according to claim 1, wherein the memory includes a further secured long-term storage area for storing one or more of:
    - one or more secret key values;
      
      one or more checksum, CRC and hash values of data stored in the secured long- term storage;
      
      a communications log; and
      
      an installation log.
  - 7. A system according to claim 6, wherein the further secured long-term storage area is configured to be accessed only by the security component.
  - 8. A system according to claim 1, further comprising a temporary storage for storing, at least, received data waiting to be validated and saved to the secured long-term storage by the data security application.
  - 9. A system according to claim 1, further comprising a receiver for receiving data through a medium selected from a group consisting of:
    - a wired network, a wireless network, a secure digital card, a portable storage device, an infrared channel, a satellite link, a fiber optic link, a cable link, and a digital subscriber line.

10. A method of controlling access to a secured long-term storage of an electronic device, the method comprising the steps of:
- a) receiving data and a request to store the data in the secured long-term storage;
  
  b) receiving a cryptographic authorization code associated with the received data;
  
  b) authenticating the cryptographic authorization code d) preventing the storing the data into the secured long-term storage if the cryptographic authorization code is not authenticated.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. A method according to claim 10, wherein the long-term storage system is implemented as a memory-mapped input/output (I/O) device which is accessed by performing memory operations to a portion of an address space used by the electronic device and the method further includes the step of preventing the storage of data into the portion of the address space if the cryptographic authorization code is not authenticated.
  - 12. A method according to claim 10, further including the steps of:
    - receiving a request for data from the secured long-term storage;
      
      performing a data authentication process selected from a group consisting of;
      
      a cyclic redundancy check, a checksum and a hash computation on the requested data to obtain a computed message digest of the requested data;
      
      retrieving a stored message digest of the requested data;
      
      comparing the stored message digest with the computed message digest; and
      
      aborting the request for data from the secured long-term storage if the stored message digest does not match the computed message digest.
  - 13. A method according to claim 12, wherein the secured long-term storage includes first and second parts, the first part being secured by the cryptographic authorization code and the second part being secured by a further cryptographic authorization code, and the step of retrieving the stored message digest includes the step of retrieving the stored message digest from the second part of the secured long-term storage.
  - 14. A method according to claim 12 wherein the secured long-term storage includes first and second parts, the first part being secured by the cryptographic authorization code and the second part being accessible only to a security application, and the step of retrieving the stored message digest includes the step of retrieving the stored message digest from the second part of the secured long-term storage
  - 15. A method according to claim 10, further including the steps of:
    - determining a source of the data to be compromised if the cryptographic authorization code is not authenticated and notifying a trusted authority that the source of the data is compromised;
  - 16. A method according to claim 10, wherein the data is received from a source and the step of authenticating the cryptographic authorization code further includes the step of determining whether the source is authorized to store the data in the secured long- term storage.
  - 17. A method according to claim 10, further comprising the step of writing a log entry for the request for data stored in the secured long-term storage, the log entry including at least an identifier for the data and the time of the request.
  - 18. A method according to claim 10, further including the step of writing a log entry including download information into the secured long-term storage, the download information, including at least an identifier for a service provider from which the request to store the data was received, an identifier for the data, and a time at which the request to store the data was received.
  - 19. A method according to claim 10, wherein:
    - step (a) includes;
      
      a1) receiving a transmission from a service provider including a service provider identifier and an encrypted session key;
      
      a2) requesting authentication of the service provider from a trusted authority;
      
      a3) receiving authentication information from the trusted authority;
      
      a4) aborting the method if the authentication information indicates that the service provider is not authentic and continuing the method if the authentication information indicates that the service provider is authentic;
      
      a5) obtaining a public key for decrypting at least a portion of the transmission from the service provider to recover the session key; and
      
      a6) securing a communications channel to the service provider with the session key; and
      
      a7) receiving the data from the service provider through the secured communications channel; and
      
      step b) includes receiving the and the cryptographic authorization code from the service provider through the secured communications channel.
  - 20. A method according to claim 19, further including the steps of:
    - receiving a client authentication key from the trusted authority prior to step (a5);
      
      authenticating the public key with the client authentication key;
      
      aborting the method if the public key is not authenticated; and
      
      continuing the method if the public key is authenticated.

21. A method of controlling access to a secured long-term storage of an electronic device, the method comprising the steps of:
- receiving a request for data from the secured long-term storage;
  
  performing a data authentication process on the requested data to obtain a computed message digest of the requested data;
  
  retrieving a stored message digest of the requested data;
  
  comparing the stored message digest with the computed message digest; and
  
  aborting the request for data from the secured long-term storage if the stored message digest does not match the computed message digest.
- View Dependent Claims (22)
- - 22. A method according to claim 21, wherein the data authentication process is selected from a group consisting of:
    - a cyclic redundancy check, a checksum and a hash computation

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sovereign Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Inventors
Perkins, Gregory M., Braun, David Alan

Granted Patent

US 7,502,946 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/164
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 2209/80   Wireless

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Using hardware to secure areas of long term storage in CE devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Using hardware to secure areas of long term storage in CE devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links