Mass storage device with automated credentials loading

US 20070011724A1
Filed: 12/27/2005
Published: 01/11/2007
Est. Priority Date: 07/08/2005
Status: Active Grant

First Claim

Patent Images

1. A portable device capable of mass storage of user files and of user credential management, the portable device having a physical interface for removably coupling the device to a host device, and comprising:

mass storage solid state memory used to store user files and programs;

a micro controller that controls read and write operations of the mass storage solid state memory;

a one time password generator;

an application residing in the mass storage solid state memory, the application executable by a processor of the host to retrieve a password from the password generator of the device; and

a first seed and counter pair, the first pair to authenticate the device to a first institution.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable mass storage device for use in two factor authentication systems and methods. A secure portable mass storage device protects content from being freely copied with security mechanisms and firmware. The security functionality also protects confidential user credentials and passwords, as well as algorithms and seeds needed for two factor authentication or asymmetric authentication methods. A client application residing in the mass storage device acts as both a password manager and an authentication manager that seamlessly performs the authentication procedures in the background while signing a user into various institutions of his choosing. A very high level of security is integrated into a mass storage device the user has for purposes other than two factor authentication, and the convenience of highly secure password management also comes in a convenient pocket sized package easy for the user to transport. This facilitates the acceptance of two factor authentication, and increases security for a wide variety of online transactions.

303 Citations

18 Claims

1. A portable device capable of mass storage of user files and of user credential management, the portable device having a physical interface for removably coupling the device to a host device, and comprising:
- mass storage solid state memory used to store user files and programs;
  
  a micro controller that controls read and write operations of the mass storage solid state memory;
  
  a one time password generator;
  
  an application residing in the mass storage solid state memory, the application executable by a processor of the host to retrieve a password from the password generator of the device; and
  
  a first seed and counter pair, the first pair to authenticate the device to a first institution.
- View Dependent Claims (2, 3)
- - 2. The portable device of claim 1, wherein the processor executing the application is located in the host device.
  - 3. The portable device of claim 1, wherein the processor executing the application is located in the portable device.

4. A system for controlling access to data sites, the system comprising:
- a mass storage device that can be removably coupled to a host computing device;
  
  a first electronic entity that loads a seed and a device identifier to the host computing device and mass storage device, while the mass storage device is coupled to the host computing device; and
  
  a second electronic entity with which the mass storage device passes a user identifier of a user of the mass storage device, the device identifier, and a one time password value.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 5. The system of claim 4, further comprising a third electronic entity, and wherein the second electronic entity passes the user identifier and one time password value to the third electronic entity for verification of the user and mass storage device.
  - 6. The system of claim 5, wherein the third electronic entity provides an indicator of whether verification was successful or unsuccessful.
  - 7. The system of claim 4, wherein said first electronic entity is operable to establish a secure channel with the mass storage device and to load the seed and identifier over the secure channel.
  - 8. The system of claim 4, further comprising an additional mass storage device, the system operable to transfer authentication rights from one mass storage device to another mass storage device.
  - 9. The system of claim 8, wherein the authentication rights comprise the device identifier and the seed.
  - 10. The system of claim 9, wherein transferring the authentication rights comprises transferring the seed and the device identifier.
  - 11. The system of claim 10, wherein the first electronic entity transfers the authentication rights to the additional mass storage device.
  - 12. The system of claim 11, wherein the system establishes a secure channel with the additional mass storage device and the transfer is completed over the secure channel.
  - 13. The system of claim 8, wherein the system is further operable to remove the authentication rights from the device where the rights are transferred from.
  - 14. The system of claim 13, wherein the authentication rights are removed upon successful verification of the user of the mass storage device where the rights are transferred from.
  - 15. The system of claim 13, wherein the system is further operable to remove the device that had the authentication rights removed from a list of inactive devices.
  - 16. The system of claim 4, wherein upon loss of the mass storage device by the user of the device the system is operable to invalidate the seed and identifier of the device at one or more of the electronic entities.
  - 17. The system of claim 16, wherein upon loss of the mass storage device the identifier and seed of the lost device is transferred to a new device of the user.
  - 18. The system of claim 16, wherein upon loss of the mass storage device a new identifier and seed are transferred to a new device of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
SanDisk Corporation (Western Digital Corporation)
Inventors
Gonzalez, Carlos, Jogand-Coulomb, Fabrice, Ferchau, Joerg

Granted Patent

US 7,748,031 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/79   in semiconductor storage me...

G06F 2221/2115   Third party

G06K 19/07   with integrated circuit chips

G06K 19/07732   the record carrier having a...

G11C 7/24   Memory cell safety or prote...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Mass storage device with automated credentials loading

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

303 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Mass storage device with automated credentials loading

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

303 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links