Content Control System Using Versatile Control Structure

US 20080034440A1
Filed: 11/06/2006
Published: 02/07/2008
Est. Priority Date: 07/07/2006
Status: Abandoned Application

First Claim

Patent Images

1. A data storage apparatus providing data processing services to hosts, comprising:

a non-volatile memory system configured to be removably connected to individual ones of the hosts and capable of storing data;

a security data structure stored in said non-volatile memory system; and

at least one software application stored in said non-volatile memory system, said at least one software application capable of being invoked by the hosts to perform processing of said data, said security data structure controlling access to information obtainable from said data and to the at least one software application by one of the hosts to which the memory system is connected through an authentication process.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object. A second set of protocols can be used to retrieve data from the data object, or data derived from such data, irrespective of which of the first set of protocols was used to enable the provision and storing of data in the object.

121 Citations

View as Search Results

41 Claims

1. A data storage apparatus providing data processing services to hosts, comprising:
- a non-volatile memory system configured to be removably connected to individual ones of the hosts and capable of storing data;
  
  a security data structure stored in said non-volatile memory system; and
  
  at least one software application stored in said non-volatile memory system, said at least one software application capable of being invoked by the hosts to perform processing of said data, said security data structure controlling access to information obtainable from said data and to the at least one software application by one of the hosts to which the memory system is connected through an authentication process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The data storage apparatus of claim 1, wherein said data is accessible by the at least one software application invoked by at least one of the hosts, after said at least one host has been authenticated in said authentication process.
  - 3. The data storage apparatus of claim 1, wherein the at least one software application processes at least some of said data to obtain said information.
  - 4. The data storage apparatus of claim 3, wherein said information is revealable to at least one of the hosts, after said at least one host has been authenticated in said authentication process.
  - 5. The data storage apparatus of claim 4, said security data structure including a first and a second control structure, said first control structure associated with said at least one software application, wherein said first control structure has the rights to delegate control of access to said information to said second control structure, said second control structure controlling access to said information by the hosts by said authentication process.
  - 6. The data storage apparatus of claim 4, wherein the at least one host does not have access to said data.
  - 7. The data storage apparatus of claim 3, wherein said data includes a seed value for generating a one time pass word by said at least one software application, and said information includes said one time pass word.
  - 8. The data storage apparatus of claim 3, wherein said data relates to at least one license for accessing encrypted content stored or to be in the non-volatile memory system, and said information indicates whether the at least one license is valid.
  - 9. The data storage apparatus of claim 8, wherein said non-volatile memory system stores encrypted data, and said security data structure controls decryption of said encrypted data in response to said information.
  - 10. The data storage apparatus of claim 8, said apparatus including a plurality of DRM software applications stored in said non-volatile memory system, said DRM software applications selectable and capable of being invoked by the hosts for processing the data.
  - 11. The data storage apparatus of claim 1, said apparatus comprising a plurality of software applications stored in the non-volatile memory system.
  - 12. The data storage apparatus of claim 11, wherein said hosts invoke said plurality of software applications by data processing requests, said apparatus further comprising a communication channel corresponding to each one of said plurality of software applications for passing said data processing requests from said hosts to the applications, said security data structure controlling the communication channels to pass one of said data processing requests from at least one of said hosts to one of the applications through the communication channel corresponding to said one application.
  - 13. The data storage apparatus of claim 12, wherein said security data structure does not discern information in the one data processing request when the one data processing request is in the communication channel corresponding to said one application.
  - 14. The data storage apparatus of claim 12, said security data structure controlling the communication channels so that there is no crosstalk between the communication channels.
  - 15. The data storage apparatus of claim 12, wherein each of at least some of the software applications is selectable by the hosts by selecting the communication channel corresponding to said each software application.
  - 16. The data storage apparatus of claim 15, wherein each of at least some of the communication channels is selectable by the hosts after the hosts have been authenticated by said security data structure in said authentication process.
  - 17. The data storage apparatus of claim 12, said security data structure comprising at least one control structure controlling access to at least one of the communication channels by the hosts.
  - 18. The data storage apparatus of claim 1, further comprising an interface between said security data structure and the hosts, and between said security data structure and the at least one software application.
  - 19. The data storage apparatus of claim 18, wherein said at least one software application sends requests to the said security data structure, and said interface does not distinguish between requests from the hosts and from the at least one software application, so that the said security data structure is unaware of whether the requests are from the hosts or from the at least one application.
  - 20. The data storage apparatus of claim 1, further comprising at least one data object accessible by the hosts and stored in the non-volatile memory system, said at least one data object storing the data, and at least one association between said at least one data object and said at least one software application, so that when a request for the information is sent to the security data structure by one of the hosts, the at least one software application is invoked through said at least one association.
  - 21. The data storage apparatus of claim 20, further comprising encrypted content stored in the non-volatile memory system, wherein said data includes a decryption key value, and said information includes decrypted content obtained from said encrypted content and said decryption key value by the at least one software application.
  - 22. The data storage apparatus of claim 20, said data including a seed value for generating a one time pass word by said at least one software application, and said information including the one time pass word.
  - 23. The data storage apparatus of claim 1, further comprising an object including a key pair comprising a private key and a public key, at least one certificate containing the public key, wherein said at least one software application employs said at least one certificate for certifying to at least one of the hosts that the public key is genuine, and for obtaining data encrypted with said public key.
  - 24. The data storage apparatus of claim 1, further comprising encrypted data stored in said non-volatile memory system, wherein encrypted data is decryptable by means of a value of at least one decryption key stored in said non-volatile memory system, and said security data structure exclusively controls access to the value of said at least one decryption key.
  - 25. The data storage apparatus of claim 24, wherein said at least one software application and said hosts do not have access to the value of the at least one decryption key.

26. A data storage apparatus providing data processing services to hosts, comprising:
- a non-volatile memory system configured to be removably connected to individual ones of the hosts;
  
  a security data structure stored in said non-volatile memory system, said security data structure controlling access to data stored in the non-volatile memory system by the host to which the memory system is connected;
  
  at least one software application stored in said non-volatile memory system, said at least one software application capable of being invoked by the hosts to perform processing of said data; and
  
  a set of protocols stored in said non-volatile memory system for communication between the hosts and the data storage apparatus;
  
  wherein at least one of said protocols is modifiable by invocation of said at least one software application.
- View Dependent Claims (27, 28)
- - 27. The data storage apparatus of claim 26, wherein the invocation of said at least one software application replaces said at least one protocol by a different protocol.
  - 28. The data storage apparatus of claim 27, wherein the different protocol relates to a credential revocation scheme.

29. A data storage apparatus providing data processing services to hosts, comprising:
- a non-volatile memory system configured to be removably connected to individual ones of the hosts;
  
  a security data structure stored in said non-volatile memory system, said security data structure controlling access to data stored or to be stored in the non-volatile memory system; and
  
  at least one software application stored in said non-volatile memory system, said at least one software application capable of being invoked by one of the hosts to which the memory system is connected;
  
  wherein said security data structure controls access to the data by executing an access policy and the invocation of said at least one software application imposes at least an additional condition that is different from the access policy for access to the data by the hosts.
- View Dependent Claims (30, 31)
- - 30. The data storage apparatus of claim 29, wherein said at least an additional condition relates to a license.
  - 31. The data storage apparatus of claim 29, wherein said hosts will need to comply with both the first and second access policies before access to the data is granted.

32. A data storage apparatus providing data processing services to hosts, comprising:
- a non-volatile memory system configured to be removably connected to individual ones of the hosts;
  
  a security data structure stored in said non-volatile memory system, said security data structure controlling access to data stored or to be stored in the non-volatile memory system;
  
  at least one software application stored in said non-volatile memory system, said at least one software application capable of being invoked by the host to which the memory system is connected to perform processing of said data; and
  
  at least one data object stored in said non-volatile memory system and containing at least some of said data, and at least one association between said at least one data object and said at least one software application, so that when said at least one data object is accessed by the host to which the memory system is connected, the at least one software application is invoked through said at least one association to process said at least some data in said at least one data object to obtain information.
- View Dependent Claims (33, 34)
- - 33. The data storage apparatus of claim 32, said security data structure controlling access to the data stored in the non-volatile memory system by the at least one host an authentication process, wherein the information is revealable to the at least one host, without any further invocation of said at least one application, after the at least one host has been authenticated by said security data structure through an authentication process.
  - 34. The data storage apparatus of claim 33, wherein the at least one host does not have access to said at least some data in said at least one data object.

35. A data storage apparatus providing data processing services to hosts, comprising:
- a non-volatile memory system configured to be removably connected to individual ones of the hosts;
  
  a security data structure stored in said non-volatile memory system, said security data structure comprising a first control structure for controlling access by the host, to which the memory system is connected, to information obtainable from data stored or to be stored in the non-volatile memory system; and
  
  at least one software application stored in said non-volatile memory system, said at least one software application capable of being invoked by the hosts to perform processing of said data to obtain said information, said security data structure comprising a second control structure for controlling invocation of said at least one software application, wherein said first and second control structures employ substantially the same control mechanism.

36. A data storage apparatus providing data processing services to hosts, comprising:
- a non-volatile memory system configured to be removably connected to individual ones of the hosts and capable of storing data;
  
  a security data structure stored in said non-volatile memory system;
  
  at least one data object stored in said non-volatile memory system;
  
  a plurality of first sets of different protocols stored in said non-volatile memory system, the first sets being individually selectable by one of the hosts, to which the memory system is connected, to enable data from the hosts or derivative data derived from said data to be provided to and stored in said at least one data object under the control of said security data structure;
  
  a second set of protocols stored in said non-volatile memory system and that enables said data or derivative data to be retrieved from said at least one data object under the control of said security data structure;
  
  wherein said second set of protocols is capable of enabling the retrieval of said data or derivative data irrespective of which of the first sets of protocols enabled the providing and storing.
- View Dependent Claims (37, 38, 39, 40, 41)
- - 37. The apparatus of claim 36, wherein a difference between said first sets of protocols relates to authentication of said non-volatile memory system or encryption of said data.
  - 38. The apparatus of claim 36, further comprising a plurality of different software applications stored in said non-volatile memory system, wherein each of at least some of said different software applications corresponds to one of the first sets of protocols, so that when one of the first sets of protocols is selected to enable the providing and storing of said data or derivative data, the software application corresponding to said one first set is invoked to process said data or derivative data.
  - 39. The apparatus of claim 38, wherein said at least some different software applications produce different results from processing said data or derivative data.
  - 40. The data storage apparatus of claim 38, wherein said data or derivative data includes one of a plurality of seed values, wherein each of said at least some software applications processes a corresponding one of said plurality of seed values to produce a corresponding one time pass word.
  - 41. The data storage apparatus of claim 38, wherein said non-volatile memory system stores encrypted data, said data or derivative data includes one of a plurality of decryption keys for decrypting said encrypted content and each of said at least some software applications employs a corresponding one of said plurality of decryption keys for decrypting said encrypted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Inventors
Holtzman, Michael, Jogand-Coulomb, Fabrice, Barzilai, Ron

Application Number

US11/557,056
Publication Number

US 20080034440A1
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/603   Digital right managament [DRM]

H04L 9/3228   One-time or temporary data,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Content Control System Using Versatile Control Structure

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Content Control System Using Versatile Control Structure

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links