Method for versatile content control with partitioning

US 20060242065A1
Filed: 12/20/2005
Published: 10/26/2006
Est. Priority Date: 12/21/2004
Status: Active Grant

First Claim

Patent Images

1. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, the controller or memory storing a structure dividing the memory into partitions of logical addresses, where data in a first set of one or more partitions is accessible without requiring authentication, and data in a second set of one or more partitions is accessible substantially only by authenticated entities, wherein data in one or more of the partitions in the second set is encrypted using one or more keys;

said method comprising;

granting access to data in the first set of one or more partitions without authentication, and access to data in the second set of one or more partitions only after successful authentication; and

decrypting data in one or more of the partitions in the second set only after successful authentication to access such partition(s).

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some mobile storage devices, content protection is afforded by dividing the memory into separate areas where access to protected areas requires prior authentication. While such feature does provide some protection, it does not protect against a user who obtained a password by illicit means. Thus, another aspect of the invention is based on the recognition that a mechanism or structure may be provided to divide a memory into partitions and so that at least some data in the partitions can be encrypted with a key, so that in addition to authentication that is required for accessing some of the partitions, access to one or more keys may be required to decrypt the encrypted data in such partitions. In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.

138 Citations

View as Search Results

19 Claims

1. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, the controller or memory storing a structure dividing the memory into partitions of logical addresses, where data in a first set of one or more partitions is accessible without requiring authentication, and data in a second set of one or more partitions is accessible substantially only by authenticated entities, wherein data in one or more of the partitions in the second set is encrypted using one or more keys;
- said method comprising;
  
  granting access to data in the first set of one or more partitions without authentication, and access to data in the second set of one or more partitions only after successful authentication; and
  
  decrypting data in one or more of the partitions in the second set only after successful authentication to access such partition(s).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein said granting includes permitting authenticated entities to read and write data in the second set of partition(s).
  - 3. The method of claim 1, wherein said granting does not include permitting access to key(s) used to encrypt and/or decrypt data in the second set of partition(s).
  - 4. The method of claim 1, wherein said granting includes permitting authenticated entities to only read data in the second set of partition(s).
  - 5. The method of claim 1, wherein each of one or more data files is encrypted using one of the keys, and the controller is not aware of the files, said method comprising responding to requests for data at specified logical addresses associated with the one or more files for accessing the data files by fetching data associated with the specified logical addresses.
  - 6. The method of claim 1, wherein each of at least one of the keys has an attribute that restricts access to the data therein irrespective of any authentication process said method further comprising controlling access to said at least one of the keys according to the attribute.
  - 7. The method of claim 6, wherein said attribute limits the number of entities that can access the at least one key.
  - 8. The method of claim 6, wherein said attribute causes access to the at least one key to be denied to specific entity or entities on a list.
  - 9. The method of claim 1, wherein at least one of the keys is accessible by a plurality of entities forming a corresponding group, said method further comprising granting access to said at least one of the keys by entities in the corresponding group and deny access to said at least one of the keys by entities not in the corresponding group.
  - 10. The method of claim 9, wherein member entities of said group have different access permissions to the at least one key.
  - 11. The method of claim 10, wherein one or more member entities of said group have read only access permission to the at least one key, and one or more member entities of each of said groups have read and write access permissions to the at least one key.
  - 12. The method of claim 1, wherein the content stored at one of the partitions of the memory is accessible for reading purposes without authentication, said method further comprising controlling access to said one of the partitions of the memory so that the content stored therein can only be altered or deleted only by authenticated entity or entities.

13. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, data in said memory organized according to a structure for controlling access to content stored in the memory, said structure dividing the memory into partitions, where data in a set of the partition(s) is accessible to any entity for reading purposes without requiring authentication, said method comprising:
- receiving access requests to the set of the partition(s); and
  
  controlling access to the set of the partition(s) of the memory so that the content stored therein is accessible for reading purposes without authentication, but can be altered or deleted only by authenticated entity or entities.

14. A method for storing data in a storage system, comprising a rewritable non-volatile memory storing data, and a controller controlling access to said non-volatile memory, so that access to one or more partitions of the memory is limited to authenticated entities with first credentials, wherein a cryptographic key is stored in said non-volatile memory or controller, said key useful for encrypting and/or decrypting data stored in the one or more partitions of the memory by the controller, said method further comprising encrypting and/or decrypting data stored in the one or more partitions of the memory using said key only after successful authentication using credentials different from the first credentials.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, wherein a plurality of keys are stored in said non-volatile memory or controller, said keys useful for encrypting and/or decrypting different sets of data stored in the memory by the controller, said method further comprising encrypting and/or decrypting different sets of data using said keys.
  - 16. The method of claim 15, wherein at least two of the keys are useful for encrypting and/or decrypting different sets of data stored in the same partition of the memory by the controller, said method further comprising encrypting and/or decrypting said different sets of data using said at least two of the keys.

17. A secure storage method for use on a storage system, comprising a non-volatile memory, and a controller controlling access to the memory, the controller or memory storing a structure dividing the memory into partitions of logical addresses, where data in a first set of one or more partitions is accessible without requiring authentication, and data in a second set of one or more partitions is accessible substantially only by authenticated entities, wherein data in one or more of the partitions is encrypted using one or more keys;
- said method comprising;
  
  granting access to data in the first set of one or more partitions without authentication, and access to data in the second set of one or more partitions only after successful authentication; and
  
  decrypting data in one or more of the partitions only after successful authentication using credentials different from that used in gaining access to the second set of one or more partitions.

18. A method for accessing protected content stored in a memory system, comprising:
- providing authenticating information of a first account to the system to gain access to protected data associated with said first account; and
  
  denying access to protected data associated with an account different from the first account unless authenticating information of such account has been provided to the system.
- View Dependent Claims (19)
- - 19. The method of claim 18, wherein after authenticating information of a first account has been provided to the system, different applications are permitted to access protected data associated with said first account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Holtzman, Michael, Jogand-Coulomb, Fabrice, Barzilai, Ron, Qawami, Bahman

Granted Patent

US 8,601,283 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2145   Inheriting rights or proper...

Method for versatile content control with partitioning

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method for versatile content control with partitioning

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links