SELF-PROTECTING STORAGE DEVICE

US 20090150631A1
Filed: 12/04/2008
Published: 06/11/2009
Est. Priority Date: 12/06/2007
Status: Abandoned Application

First Claim

Patent Images

1. A self-protecting storage device comprising:

a data storage module; and

a verification module in communication with the data storage module and adapted to receive access commands from a host system, the verification module configured to detect a watermark inserted into the access commands by the host system and to determine if the watermark is associated with an authorized attempt to access the data storage module, the verification module enabling access to the data storage module when the watermark is determined to be associated with an authorized attempt to access the data storage module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described are a self-protecting storage device and method that can be used to monitor attempts to access protected information. Access is allowed for authorized host systems and devices while unauthorized access is prevented. Authorization use includes inserting a watermark into access commands, such as I/O requests, sent to the storage device. The access commands are verified before access is permitted. In one embodiment, block addresses in I/O requests are encrypted at the host device and decrypted at the self-protecting storage device. Decrypted block addresses are compared to an expected referencing pattern. If a sufficient match is determined, access to the stored information is provided. Self-protection can be provided to a range of storage devices including, for example, SD flash memory, USB thumb drives, computer hard drives and network storage devices. A variety of host devices can be used with the self-protecting storage devices, such as cell phones and digital cameras.

Citations

32 Claims

1. A self-protecting storage device comprising:
- a data storage module; and
  
  a verification module in communication with the data storage module and adapted to receive access commands from a host system, the verification module configured to detect a watermark inserted into the access commands by the host system and to determine if the watermark is associated with an authorized attempt to access the data storage module, the verification module enabling access to the data storage module when the watermark is determined to be associated with an authorized attempt to access the data storage module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The self-protecting storage device of claim 1 wherein the watermark is a digital signature.
  - 3. The self-protecting storage device of claim 1 wherein the watermark is a verification code.
  - 4. The self-protecting storage device of claim 1 wherein the watermark comprises encrypted block addresses included in the access commands.
  - 5. The self-protecting storage device of claim 1 wherein the watermark is a predefined relationship between the access commands.
  - 6. The self-protecting storage device of claim 4 further comprising a decryption module in communication with the verification module, the decryption module receiving the access commands from the host system and providing decrypted block addresses to the verification module, wherein the verification module determines if the watermark is associated with an authorized attempt to access the data storage module through a comparison of the decrypted block addresses and a predetermined pattern of block addresses.
  - 7. The self-protecting storage device of claim 6 wherein the predetermined pattern of block addresses comprises a serial progression of block addresses.
  - 8. The self-protecting storage device of claim 7 wherein the watermark is determined to be associated with an authorized attempt to access the data storage module if a number of variations in the decrypted block addresses from the serial progression of the block addresses does not exceed a maximum allowable number of variations.
  - 9. The self-protecting storage device of claim 1 further comprising the host system and wherein the host system comprises memory adapted to store at least one encryption key.
  - 10. The self-protecting storage device of claim 1 further comprising the host system and wherein the host system is configured to acquire the watermark for the access commands based on a disconnected mechanism from a device disposed proximate to the host system.
  - 11. The self-protecting storage device of claim 6 wherein the verification module comprises a saturating counter that generates a value indicating a degree to which the decrypted block addresses match the predetermined pattern of block addresses.
  - 12. The self-protecting storage device of claim 4 wherein data are stored in the data storage module at the decrypted block addresses.
  - 13. The self-protecting storage device of claim 1 wherein the verification module initiates execution of a predetermined function of the data storage module if the received access commands do not have a watermark associated with an authorized attempt to access the data storage module.
  - 14. The self-protecting storage device of claim 13 wherein the predetermined function comprises erasure of data in at least a portion of the data storage module.
  - 15. The self-protecting storage device of claim 13 wherein the predetermined function comprises providing access to false data stored in the data storage module.
  - 16. The self-protecting storage device of claim 13 wherein the predetermined function comprises preventing access to the data storage module until an unlock sequence is received.
  - 17. The self-protecting storage device of claim 13 wherein the predetermined function comprises preventing access to the data storage module for a predetermined time period.

18. A method for accessing a protected storage device, the method comprising:
- generating a plurality of access commands for the protected storage device;
  
  inserting a watermark into the access commands;
  
  sending the access commands with the inserted watermark to the protected storage device; and
  
  providing access to the protected storage device if the watermark is determined to be associated with an authorized attempt to access the protected storage device.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 19. The method of claim 18 wherein the access commands comprise an attempt to write data to the protected storage device.
  - 20. The method of claim 18 wherein the access commands comprise an attempt to read data from the protected storage device.
  - 21. The method of claim 18 wherein the watermark is a digital signature.
  - 22. The method of claim 18 wherein the watermark is a verification code.
  - 23. The method of claim 18 wherein the watermark comprises encrypted block addresses included in the access commands.
  - 24. The method of claim 18 wherein the watermark is a predefined relationship between the access commands.
  - 25. The method of claim 23 wherein determining if the watermark is associated with an authorized attempt to access the protected storage device comprises:
    - decrypting the encrypted block addresses included in the access commands; and
      
      comparing the decrypted block addresses to a predetermined pattern of block addresses.
  - 26. The method of claim 25 wherein the predetermined pattern of block addresses comprises a serial progression of block addresses.
  - 27. The method of claim 25 wherein access is provided to the protected storage device if a number of variations in a serial progression of the decrypted block addresses relative to the predetermined pattern of block addresses does not exceed a maximum allowable number of variations.
  - 28. The method of claim 18 further comprising executing a predetermined function of the protected storage device if the access commands do not have a watermark associated with an authorized attempt to access the protected storage device.
  - 29. The method of claim 28 wherein the predetermined function comprises erasure of data stored in the protected storage device.
  - 30. The method of claim 28 wherein the predetermined function comprises providing access to false data stored in the protected storage device.
  - 31. The method of claim 28 wherein the predetermined function comprises preventing access to the protected storage device until an unlock sequence is detected.
  - 32. The method of claim 28 wherein the predetermined function comprises preventing access to the protected storage device for a predetermined time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Clifton Labs, Inc.
Original Assignee
Clifton Labs, Inc.
Inventors
Wilsey, Philip A., Anderson, Roy Brian, Borowczak, Mike

Application Number

US12/328,034
Publication Number

US 20090150631A1
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/16   Program or content traceabi...

G06F 21/6209   to a single file or object,...

G06F 21/74   operating in dual or compar...

G06F 21/78   to assure secure storage of...

G06F 21/85   interconnection devices, e....

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2143   Clearing memory, e.g. to pr...

SELF-PROTECTING STORAGE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SELF-PROTECTING STORAGE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links