Content Control Method Using Versatile Control Structure

US 20080010685A1
Filed: 11/06/2006
Published: 01/10/2008
Est. Priority Date: 07/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for providing data processing services to a host by means of an apparatus comprising a non-volatile memory system with data stored therein, a security data structure stored in said non-volatile memory system and at least one software application stored in said non-volatile memory system;

said method comprising;

removably connecting the non-volatile memory system to the host;

invoking using the host said at least one software application to process said data to obtain information; and

accessing said information by the host, wherein said invoking and said accessing are controlled by the security data structure.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object. A second set of protocols can be used to retrieve data from the data object, or data derived from such data, irrespective of which of the first set of protocols was used to enable the provision and storing of data in the object.

Citations

22 Claims

1. A method for providing data processing services to a host by means of an apparatus comprising a non-volatile memory system with data stored therein, a security data structure stored in said non-volatile memory system and at least one software application stored in said non-volatile memory system;
- said method comprising;
  
  removably connecting the non-volatile memory system to the host;
  
  invoking using the host said at least one software application to process said data to obtain information; and
  
  accessing said information by the host, wherein said invoking and said accessing are controlled by the security data structure.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, said security data structure including a first and a second control structure, said first control structure associated with said at least one software application, said second control structure controlling access to said information by the host, said method further comprising said first control structure delegating control of access to said information to said second control structure.
  - 3. The method of claim 1, wherein the host is unable to access said data.
  - 4. The method of claim 1, wherein said data includes a seed value, and said information includes said one time pass word, said invoking causing said at least one software application to generate a one time pass word from the seed.
  - 5. The method of claim 1, wherein said data relates to at least one license for accessing encrypted content stored or to be in the non-volatile memory system, said invoking causing said at least one software application to generate an indication as to whether the at least one license is valid.
  - 6. The method of claim 5, wherein said non-volatile memory system stores encrypted data, said method further comprising said security data structure determining whether decryption of said encrypted data is permitted in response to said information.

7. A method for providing data processing services to hosts by means of a non-volatile memory device, said device storing therein a plurality of software applications, comprising:
- receiving data at the non-volatile memory device from a data source through one of the hosts;
  
  invoking, in response to a request from said one host, a first software application of said plurality of software applications to create a data object in the non-volatile memory device and store said data or derivative data derived from said data in the data object; and
  
  associating said data object with a second software application of said plurality of software applications, so that when said data object is accessed, said second software application is invoked.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The method of claim 7, wherein said first software application and said second software application are the same software application.
  - 9. The method of claim 7, said non-volatile memory device configured to be removably connected to each of the hosts, said method further comprising removably connecting the non-volatile memory device and one of the hosts.
  - 10. The method of claim 7, said non-volatile memory device including a security data structure, wherein said security data structure comprises a first and a second control structure, said first control structure associated with said first software application and controls access to said data object, said method further comprising said first control structure delegating control of access to said data object to said second control structure.
  - 11. The method of claim 10, further comprising accessing said data object through one of the hosts, wherein said accessing is controlled by said second control structure.
  - 12. The method of claim 7, wherein said data relates to a seed value for generating a one time password, said method further comprising said first software application creating the data object and storing said seed value in the data object.
  - 13. The method of claim 12, further comprising accessing said data object by an entity different from the source, wherein said second software application is invoked to perform data processing using the seed value to generate the one time password, said method further comprising providing said one time password to the entity.
  - 14. The method of claim 7, wherein said data includes a license object, said method further comprising said first software application creating the data object and storing a decryption key in the data object, said decryption key capable of being used for decrypting encrypted content stored or to be stored in the non-volatile memory device.
  - 15. The method of claim 14, wherein said license object includes the decryption key, wherein said storing stores the decryption key in said license object in the data object.
  - 16. The method of claim 14, said non-volatile memory device including a security data structure, wherein said license object does not include the decryption key, said method further comprising said first software application requesting said security data structure to generate the decryption key, wherein said storing stores the decryption key generated by said security data structure in the data object.

17. A method for providing data processing services to hosts using a data storage apparatus comprising:
- a non-volatile memory system configured to be removably connected to individual ones of the hosts and capable of storing data;
  
  a security data structure stored in said non-volatile memory system;
  
  at least one data object stored in said non-volatile memory system;
  
  a plurality of first sets of different protocols stored in said non-volatile memory system;
  
  a second set of protocols that is stored in said non-volatile memory system and that enables said data or derivative data derived from said data to be retrieved from said at least one data object under the control of said security data structure;
  
  said method comprising;
  
  selecting one of the first sets to enable data from the host, to which the memory system is connected, or derivative data to be provided to and stored in said at least one data object under the control of said security data structure; and
  
  using said second set of protocols to enable the retrieval of said data or derivative data irrespective of which of the first sets of protocols enabled the providing and storing.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17, wherein a difference between said first sets of protocols relates to authentication of said non-volatile memory system or encryption of said data.
  - 19. The method of claim 17, said data storage apparatus further comprising a plurality of different software applications stored in said non-volatile memory system, wherein each of at least some of said different software applications corresponds to one of the first sets of protocols, so that the selecting of said one of the first sets of protocols invokes the software application corresponding to said one first set to process said data or derivative data.
  - 20. The method of claim 19, wherein said at least some different software applications produce different results from processing said data or derivative data.
  - 21. The data storage method of claim 19, wherein said data or derivative data includes one of a plurality of seed values, wherein the invoked software application processes a corresponding one of said plurality of seed values to produce a corresponding one time pass word.
  - 22. The data storage method of claim 19, wherein said non-volatile memory system stores encrypted data, said data or derivative data includes one of a plurality of decryption keys for decrypting said encrypted content, wherein the invoked software application employs a corresponding one of said plurality of decryption keys for decrypting said encrypted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Holtzman, Michael, Jogand-Coulomb, Fabrice, Barzilai, Ron

Granted Patent

US 8,613,103 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 12/1483   using an access-table, e.g....

G06F 21/10   Protecting distributed prog...

G06F 21/445   by mutual authentication, e...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/79   in semiconductor storage me...

G06F 21/805   using a security table for ...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

Content Control Method Using Versatile Control Structure

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Content Control Method Using Versatile Control Structure

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links