Method for versatile content control with partitioning
First Claim
1. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, the controller or memory storing a structure dividing the memory into partitions of logical addresses, where data in a first set of one or more partitions is accessible without requiring authentication, and data in a second set of one or more partitions is accessible substantially only by authenticated entities, wherein data in one or more of the partitions in the second set is encrypted using one or more keys;
- said method comprising;
granting access to data in the first set of one or more partitions without authentication, and access to data in the second set of one or more partitions only after successful authentication; and
decrypting data in one or more of the partitions in the second set only after successful authentication to access such partition(s).
3 Assignments
0 Petitions
Accused Products
Abstract
In some mobile storage devices, content protection is afforded by dividing the memory into separate areas where access to protected areas requires prior authentication. While such feature does provide some protection, it does not protect against a user who obtained a password by illicit means. Thus, another aspect of the invention is based on the recognition that a mechanism or structure may be provided to divide a memory into partitions and so that at least some data in the partitions can be encrypted with a key, so that in addition to authentication that is required for accessing some of the partitions, access to one or more keys may be required to decrypt the encrypted data in such partitions. In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.
138 Citations
19 Claims
-
1. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, the controller or memory storing a structure dividing the memory into partitions of logical addresses, where data in a first set of one or more partitions is accessible without requiring authentication, and data in a second set of one or more partitions is accessible substantially only by authenticated entities, wherein data in one or more of the partitions in the second set is encrypted using one or more keys;
- said method comprising;
granting access to data in the first set of one or more partitions without authentication, and access to data in the second set of one or more partitions only after successful authentication; and
decrypting data in one or more of the partitions in the second set only after successful authentication to access such partition(s). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- said method comprising;
-
13. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, data in said memory organized according to a structure for controlling access to content stored in the memory, said structure dividing the memory into partitions, where data in a set of the partition(s) is accessible to any entity for reading purposes without requiring authentication, said method comprising:
-
receiving access requests to the set of the partition(s); and
controlling access to the set of the partition(s) of the memory so that the content stored therein is accessible for reading purposes without authentication, but can be altered or deleted only by authenticated entity or entities.
-
- 14. A method for storing data in a storage system, comprising a rewritable non-volatile memory storing data, and a controller controlling access to said non-volatile memory, so that access to one or more partitions of the memory is limited to authenticated entities with first credentials, wherein a cryptographic key is stored in said non-volatile memory or controller, said key useful for encrypting and/or decrypting data stored in the one or more partitions of the memory by the controller, said method further comprising encrypting and/or decrypting data stored in the one or more partitions of the memory using said key only after successful authentication using credentials different from the first credentials.
-
17. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, the controller or memory storing a structure dividing the memory into partitions of logical addresses, where data in a first set of one or more partitions is accessible without requiring authentication, and data in a second set of one or more partitions is accessible substantially only by authenticated entities, wherein data in one or more of the partitions is encrypted using one or more keys;
- said method comprising;
granting access to data in the first set of one or more partitions without authentication, and access to data in the second set of one or more partitions only after successful authentication; and
decrypting data in one or more of the partitions only after successful authentication using credentials different from that used in gaining access to the second set of one or more partitions.
- said method comprising;
-
18. A method for accessing protected content stored in a memory system, comprising:
-
providing authenticating information of a first account to the system to gain access to protected data associated with said first account; and
denying access to protected data associated with an account different from the first account unless authenticating information of such account has been provided to the system. - View Dependent Claims (19)
-
Specification