Memory system with versatile content control
First Claim
1. A system for storing data, comprising:
- a rewritable non-volatile memory storing data; and
a controller controlling access to said non-volatile memory;
wherein a cryptographic key is stored in said non-volatile memory or controller, said key useful for encrypting and/or decrypting data stored in the memory by the controller, said key being substantially inaccessible to devices external to the system; and
wherein the memory also stores a policy concerning different permissions granted to authorized entities to use the key for encrypting and/or decrypting data stored in the memory.
4 Assignments
0 Petitions
Accused Products
Abstract
The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the memory system generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.
-
Citations
22 Claims
-
1. A system for storing data, comprising:
-
a rewritable non-volatile memory storing data; and
a controller controlling access to said non-volatile memory;
wherein a cryptographic key is stored in said non-volatile memory or controller, said key useful for encrypting and/or decrypting data stored in the memory by the controller, said key being substantially inaccessible to devices external to the system; and
wherein the memory also stores a policy concerning different permissions granted to authorized entities to use the key for encrypting and/or decrypting data stored in the memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for storing data, comprising:
-
a flash memory storing data; and
a controller controlling access to said non-volatile memory;
wherein a first cryptographic key is stored in said non-volatile memory or controller, said key useful for encrypting or decrypting data stored in the memory by the controller; and
wherein the memory also stores a policy concerning different permissions granted to authorized entities for using the key for encrypting and/or decrypting data stored in the memory.
-
-
16. A system for storing data, comprising:
-
a rewritable non-volatile memory storing data; and
a controller controlling access to said non-volatile memory;
wherein a cryptographic key is stored in said non-volatile memory or controller, said key useful for encrypting and/or decrypting data stored in the memory by the controller, wherein data in the memory is accessed by an external device in the form of files, and the controller is not aware of files; and
wherein the memory also stores a policy concerning different permissions granted to authorized entities to use the key for encrypting and/or decrypting data stored in the memory. - View Dependent Claims (17)
-
-
18. A secure storage system, comprising:
-
a non-volatile flash memory; and
a controller controlling access to the memory, said memory or controller storing at least two records for controlling access to the memory by at least two corresponding entities, each of said records containing an authentication requirement for and permission(s) to access encrypted and/or unencrypted data stored in the memory by the corresponding entity of the at least two entities wherein the authentication requirement(s) and the permission(s) in the records of the at least two corresponding entities are not entirely the same. - View Dependent Claims (19)
-
-
20. A secure storage system which provides or accepts data files when requested by a host device, said host device providing to the system a key reference associated with a data file, comprising:
-
a non-volatile memory storing said data file; and
a controller controlling access to the memory;
wherein a cryptographic key is generated by said controller and associated with said key reference, said key useful for encrypting and/or decrypting said data file, and said key reference used for communication between the host device and the system for encrypting and/or decrypting said data file. - View Dependent Claims (21, 22)
-
Specification