Method forversatile content control
First Claim
1. A method for storing data in a memory system which comprises a rewritable non-volatile memory, and a memory controller controlling access to said non-volatile memory;
- said method comprising;
causing the controller to generate a key useful for encrypting and/or decrypting data stored in the memory by the controller, said key being substantially inaccessible to devices external to the system; and
storing in the memory a policy concerning different permissions granted to authorized entities to use the key for encrypting and/or decrypting data stored in the memory.
4 Assignments
0 Petitions
Accused Products
Abstract
The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the memory system generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.
-
Citations
19 Claims
-
1. A method for storing data in a memory system which comprises a rewritable non-volatile memory, and a memory controller controlling access to said non-volatile memory;
- said method comprising;
causing the controller to generate a key useful for encrypting and/or decrypting data stored in the memory by the controller, said key being substantially inaccessible to devices external to the system; and
storing in the memory a policy concerning different permissions granted to authorized entities to use the key for encrypting and/or decrypting data stored in the memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- said method comprising;
-
13. A method for storing data in a memory system which comprises a flash memory, and a memory controller controlling access to said non-volatile memory;
- said method comprising;
causing the controller to generate a key useful for encrypting and/or decrypting data stored in the memory by the controller; and
storing in the memory a policy concerning different permissions granted to authorized entities to use the key for encrypting and/or decrypting data stored in the memory.
- said method comprising;
-
14. A method for storing data in a memory system which comprises a rewritable non-volatile memory, and a memory controller controlling access to said non-volatile memory;
- said method comprising;
storing in the memory a key useful for encrypting and/or decrypting data stored in the memory by the controller;
accessing data in the memory in the form of files, wherein the controller is not aware of files; and
storing in the memory a policy concerning different permissions granted to authorized entities to use the key for encrypting and/or decrypting data stored in the memory. - View Dependent Claims (15)
- said method comprising;
-
16. A secure storage method for use in a storage system comprising a non-volatile flash memory;
- and a controller controlling access to the memory;
said method comprising;
storing in said memory or controller at least two records for controlling access to the memory by at least two corresponding entities, each of said records containing an authentication requirement for and permission(s) to access encrypted and/or unencrypted data stored in the memory by the corresponding entity of the at least two entities wherein the authentication requirement(s) and the permission(s) in the records of the at least two corresponding entities are not entirely the same; and
controlling access by at least two corresponding entities to data stored in said memory according to the at least two records. - View Dependent Claims (17)
- and a controller controlling access to the memory;
-
18. A secure storage method for providing or accepting data files when requested by a host device, said system comprising a non-volatile memory storing a data file and a controller controlling access to the memory;
- said method comprising;
providing to the system a key reference associated with said data file;
causing said controller to generate a cryptographic key and to associate said key with said key reference, said key useful for encrypting and/or decrypting said data file; and
using said key reference for communication between the host device and the system for encrypting and/or decrypting said one of the plurality of data files. - View Dependent Claims (19)
- said method comprising;
Specification