Apparatus and Method For Securing Data on a Portable Storage Device

US 20090055655A1
Filed: 10/24/2008
Published: 02/26/2009
Est. Priority Date: 11/27/2002
Status: Active Grant

First Claim

Patent Images

1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:

a. a storage medium including;

i. a secure user area for storing therein user data in an encrypted form andii. a register for storing therein an encrypted key; and

b. a microprocessor for;

i. using a user password for encrypting a clear key to produce the encrypted key and, in turn, for decrypting the encrypted key to produce the clear key, andii. using the clear key to decrypt the encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host device thereby producing the encrypted form of the user data;

wherein the user password is generated by a user of the secure portable storage device;

wherein the microprocessor is further used to exclude access from the host device to the secure user area unless the user password is provided to the microprocessor; and

wherein, upon the user password being provided to the microprocessor, the secure portable storage device is remounted to the host device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

Citations

25 Claims

1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
- a. a storage medium including;
  
  i. a secure user area for storing therein user data in an encrypted form andii. a register for storing therein an encrypted key; and
  
  b. a microprocessor for;
  
  i. using a user password for encrypting a clear key to produce the encrypted key and, in turn, for decrypting the encrypted key to produce the clear key, andii. using the clear key to decrypt the encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host device thereby producing the encrypted form of the user data;
  
  wherein the user password is generated by a user of the secure portable storage device;
  
  wherein the microprocessor is further used to exclude access from the host device to the secure user area unless the user password is provided to the microprocessor; and
  
  wherein, upon the user password being provided to the microprocessor, the secure portable storage device is remounted to the host device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The secure portable storage device of claim 1, wherein the storage medium further includes a clear user area, and wherein the microprocessor is further used to allow access from the host device to the clear user area without requiring entry of the user password.
  - 3. The secure portable storage device of claim 1, wherein the user password includes alphanumeric characters entered by the user.
  - 4. The secure portable storage device of claim 1, wherein the user password includes biometric data.
  - 5. The secure portable storage device of claim 1, wherein the storage medium further includes a user password register storing therein a hashed representation of the user password, and wherein the microprocessor is also operable to hash the user password.

6. A secure portable storage device connectable to a host device, comprising:
- a. a storage medium including a secure user area and a clear user area, both areas used for storing user data exchanged with the host device; and
  
  b. a microprocessor operable to exclude access from the host device to the secure user area unless a user password is provided to the microprocessor, and to allow access from the host device to the clear user area without requiring entry of the user password;
  
  wherein the user password is generated by a user of the secure portable storage device; and
  
  wherein, upon the user password being provided to the microprocessor, the secure portable storage device is remounted to the host device.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The secure portable storage device of claim 6, wherein the user password includes alphanumeric data.
  - 8. The secure portable storage device of claim 6, wherein the user password includes biometric data.
  - 9. The secure portable storage device of claim 6, wherein the operability of the microprocessor to exclude access includes use of the clear key to decrypt the user data read from the secure user area and to encrypt the user data written onto the secure user area.
  - 10. The secure portable storage device of claim 9, wherein the storage medium further includes a register for storing therein an encrypted key that has been encrypted from the clear key under the user password, and wherein the microprocessor is further operable to use the user password for decrypting the encrypted key to produce the clear key prior to the using the clear key.
  - 11. The secure portable storage device of claim 6, wherein the storage medium further includes a user password register storing therein a hashed representation of the user password, and wherein the microprocessor is also operable to hash the user password.

12. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
- an interface to a host device; and
  
  a storage medium including;
  
  a secure user area for storing user data; and
  
  registers including;
  
  a password register for storing therein a clear or hash version of a user password, which user password being user-generated; and
  
  a key register for storing therein an encrypted key which is a clear key encrypted by the user password, wherein decryption of the encrypted key with the user password exposes the clear key, the clear key being exposable for use thereof in encrypting and decrypting user data communicated via the interface;
  
  wherein the secure portable storage device is configured to exclude access from the host device to the secure user area unless a user-entered password is provided to the secure portable storage device, via the interface, and matched with the clear or hash version of the user password stored in the password register so that in response to such match the secure portable storage device prompts the host device to remount the secure portable storage device to the host device.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The secure portable storage device of claim 12, wherein the remounting prompted by the secure portable storage device is to establish the secure portable storage device as a disk drive with which the host device handles read-write operations.
  - 14. The secure portable storage device of claim 13, wherein the established disk drive is a CD drive.
  - 15. The secure portable storage device of claim 12, wherein the secure portable storage device is configured to, in response to such match, disconnect a communication link between the secure portable storage device and the host device before prompting the host device to remount the secure portable storage device.
  - 16. The secure portable storage device of claim 15, wherein the secure portable storage device prompts the host device to remount the secure portable storage device to the host device by reconnecting the communication link between the secure portable storage device and the host device.
  - 17. The secure portable storage device of claim 12, wherein the secure portable storage device is configured to, during set-up of the secure portable storage device:
    - receive a command from the host device to format a clear user area in the storage medium;
      
      prompt the host device to dismount the secure portable storage device from the host device;
      
      prompt the host device to remount the secure portable storage device to the host device; and
      
      receive a command from the host device to format the secure user area.
  - 18. The secure portable storage device of claim 12, wherein, in response to a password change, the secure portable storage device is configured to store a new password in the password register and to store a new encrypted key in the key register, wherein the new encrypted key is the clear key encrypted by the new password, and wherein decryption of the new encrypted key with the new user password exposes the same clear key as exposed when the first-mentioned encrypted key was decrypted with the first-mentioned user password.

19. A method for accessing a secure user area of a secure portable storage device, the method comprising:
- performing by a secure portable storage device that has an interface to a host device and a storage medium including a secure user area for storing user data, a password register for storing therein a clear or hash version of a user password which is user-generated, and a key register for storing therein an encrypted key, which is a clear key encrypted by the user password;
  
  receiving a user-entered password from the host device via the interface;
  
  matching the user-entered password with the clear or hash version of the user password stored in the password register;
  
  in response to such matching, prompting the host device to remount the secure portable storage device to the host device and providing the host device with access to the secure user area;
  
  decrypting the encrypted key with the user password to expose the clear key; and
  
  performing at least one of;
  
  encrypting user data communicated via the interface anddecrypting user data communicated via the interface.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, wherein the remounting prompted by the secure portable storage device is to establish the secure portable storage device as a disk drive with which the host device handles read-write operations.
  - 21. The method of claim 20, wherein the established disk drive is a CD drive.
  - 22. The method of claim 19 further comprising:
    - in response to such matching but before prompting the host device to remount the secure portable storage device, disconnecting a communication link between the secure portable storage device and the host device.
  - 23. The method of claim 22, wherein prompting the host device to remount the secure portable storage device to the host device comprising reconnecting the communication link between the secure portable storage device and the host device.
  - 24. The method of claim 19 further comprising, during set-up of the secure portable storage device:
    - receiving a command from the host device to format a clear user area in the storage medium;
      
      prompting the host device to dismount the secure portable storage device from the host device;
      
      prompting the host device to remount the secure portable storage device to the host device; and
      
      receiving a command from the host device to format the secure user area.
  - 25. The method of claim 19 further comprising:
    - storing a new password in the password register;
      
      storing a new encrypted key in the key register, wherein the new encrypted key is the clear key encrypted by the new password; and
      
      decrypting the new encrypted key with the new user password, wherein such decrypting exposes the same clear key as exposed when the first-mentioned encrypted key was decrypted with the first-mentioned user password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Western Digital Israel Limited (Western Digital Corporation)
Original Assignee
SanDisk IL Ltd. (Western Digital Corporation)
Inventors
Ziv, Aran, Bychkov, Eyal

Granted Patent

US 8,103,882 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 12/1466   Key-lock mechanism

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 21/78   to assure secure storage of...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2153   Using hardware token as a s...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

Apparatus and Method For Securing Data on a Portable Storage Device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and Method For Securing Data on a Portable Storage Device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links