SECURE PORTABLE DATA TRANSPORT & STORAGE SYSTEM

US 20090327743A1
Filed: 01/16/2009
Published: 12/31/2009
Est. Priority Date: 01/18/2008
Status: Active Grant

First Claim

Patent Images

1. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:

a first processor configured for communication with a host computer to which the portable data transport device is connected, the first processor configured to block mounting of the portable data transport device to the host computer until the first processor receives a data key match;

a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device;

a biometric processor in communication with the non-volatile memory; and

a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read;

wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory;

wherein the first processor is configured to receive the output confirming data key from the biometric processor, compare the received confirming data key with a stored reference data key, and if a match is found, cease blocking the mounting of the portable data transport device to the connected host computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer for securing and transporting data. The portable data transport device includes a first processor and a biometric identification system. Upon successful biometric identification of an enrolled user, the first processor permits mounting of the data transport device to a host computer. However, prior to the commencement of read/write operations, cross-checking of stored identification codes of components of the portable data transport device occurs, including the use of a hash function. If any identifier does not match, no read/write data operations are permitted. The portable data transport device includes a file security program that includes a DLL encryption/decryption program having a self-check feature. Upon self check, if any changes were made to the encryption/decryption program, no read/write operations are permitted. The portable data transport device permits the selection of multiple files for encryption together into a single data container pack file and to store that data container pack file. The file security program permits an enrolled user at a host computer to assign only a password to a data container pack file. If a user at a host computer enters an incorrect password a predetermined number of times, portable data transport device processor will erase all data in any volatile memory it is using and will lock itself in a non-operational configuration.

56 Citations

View as Search Results

32 Claims

1. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor configured for communication with a host computer to which the portable data transport device is connected, the first processor configured to block mounting of the portable data transport device to the host computer until the first processor receives a data key match;
  
  a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device;
  
  a biometric processor in communication with the non-volatile memory; and
  
  a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read;
  
  wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory;
  
  wherein the first processor is configured to receive the output confirming data key from the biometric processor, compare the received confirming data key with a stored reference data key, and if a match is found, cease blocking the mounting of the portable data transport device to the connected host computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The portable data transport device of claim 1 wherein:
    - the biometric reader comprises a unique biometric reader identifier code;
      
      the non-volatile memory stores a reference biometric reader identifier code for the biometric reader; and
      
      the biometric processor is configured to process physical parameter data from the reader only after it has;
      
      read the unique identifier code from the biometric reader,compared it to the reference biometric reader identifier code stored in the non-volatile memory, andfound a match between the two identifier codes.
  - 3. The portable data transport device of claim 1 wherein:
    - the portable data transport device comprises;
      
      an embedded product identifier; and
      
      executable operational software having an associated identifier;
      
      the software is configured to apply a hash function comprising the embedded product identifier and the software identifier to create a hash value;
      
      the portable data transport device compares the created hash value against a current hash value stored in the portable data transport device and if a match is found, the portable data transport device permits both read and write operations to occur.
  - 4. The portable data transport device of claim 3 wherein:
    - the portable data transport device further comprises;
      
      firmware and associated firmware memory that is accessible only to the firmware, wherein the current hash value is stored in the firmware memory; and
      
      an encryption/decryption program having an associated identifier;
      
      the software is configured to run the hash function further comprising the encryption/decryption program identifier;
      
      the firmware compares the created hash value against the current hash value stored in the firmware memory and if a match is found, the firmware removes write protection from the portable data transport device.
  - 5. The portable data transport device of claim 3 wherein:
    - neither the comparison between data keys nor the comparison between hash function values can be overridden or otherwise avoided; and
      
      the received confirming data key must match with the stored reference data key and the created hash function value must match with a stored current hash function value before read and write operations on the portable data transport device are permitted.
  - 6. The portable data transport device of claim 1 wherein the first processor is configured, upon mounting the portable data transport device to the host computer, to initially review data on the portable memory for unencrypted data and if such is found, to prohibit read/write operations until either the unencrypted data is deleted or encrypted and to indicate to an enrolled user that such data must be encrypted or deleted before further operations with the portable data transport device will be permitted.
  - 7. The portable data transport device of claim 1 wherein the first processor is configured to review data on the portable memory for unencrypted data after mounting the portable data transport device to the host computer, and to auto-detect and delete any unencrypted data found on the portable data transport device.
  - 8. The portable data transport device of claim 1 wherein the portable data transport device includes a file security program comprising a dynamic link library containing an encryption/decryption operation program;
    - wherein the portable data transport device is configured to perform a self-check of the encryption/decryption program of the dynamic link library prior to permitting read/write operations of the portable data transport device, wherein the self check process comprises determining if any changes have occurred in the encryption/decryption program of the dynamic link library since the last check of the dynamic link library and if any changes are found, the portable data transport device is further configured to prohibit read and write operations of the portable data transport device.
  - 9. The portable data transport device of claim 1 wherein the first processor comprises a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device.
  - 10. The portable data transport device of claim 9 wherein the file security program further comprises:
    - a decryption operation that allows an enrolled user at a host computer to select and decrypt files included in a data container pack file; and
      
      a listing window program that lists all data container pack files present on the portable data transport device so that each may be selected.
  - 11. The portable data transport device of claim 10 wherein the file security program further comprises a viewer program with which an enrolled user may view the contents of a selected data container pack file.
  - 12. The portable data transport device of claim 7 further comprising a file security program that comprises:
    - an encryption operation that allows an enrolled user at a host computer to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device; and
      
      a decryption operation that allows an enrolled user at a host computer to select and decrypt files included in a data container pack file stored on the portable data transport device;
      
      a listing window program that lists all data container pack files present on the portable data transport device so that each may be selected;
      
      a viewer program with which an enrolled user may view the contents of a selected data container pack file;
      
      wherein data container pack files are configured such that when initially selected to be opened by a decryption operation at the portable data transport device, only an index of the files encrypted together into the selected data container pack file is displayed, and from that index one or more files may be selected for decryption;
      
      wherein the portable data transport device includes a file viewer program with which an enrolled user using a host computer may view an index of data container pack files stored in the portable data transport device.
  - 13. The portable data transport device of claim 12 wherein the biometric function, identifier matching functions, and the file security program are self-contained whereby the portable data transport device is agnostic in regard to host computers.
  - 14. The portable data transport device of claim 12 wherein:
    - the file security program is configured to permit an enrolled user at a host computer to selectively assign a different password to each data container pack file on the data transport device whereby individual files within the data container pack file do not have individual passwords and are subject to decryption only upon successful entry of the password for the associated data container pack file;
      
      the file security program is configured so that data container pack files stored on the portable data transport device cannot be opened without input of the unique password for the data container pack file; and
      
      if a user enters an incorrect password a predetermined number of times, the first processor will lock itself in a non-operational configuration.
  - 15. The portable data transport device of claim 1 further comprising:
    - a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device, on the host computer, or on another device as selected.
  - 16. The portable data transport device of claim 1 wherein:
    - the biometric processor is programmed to receive identifying physical parameter data from a person designated as a guardian, to enroll the guardian by storing such identifying data in memory, and to identify the guardian by data comparisons from future biometric scans;
      
      wherein the first processor requires that the guardian be successfully identified from such a scan before a person can be enrolled as a user of the portable data transport device; and
      
      the first processor restricts the guardian to administrative actions and does not permit the guardian to review any data stored on the portable data transport device.
  - 17. The portable data transport device of claim 16 wherein the first processor is configured to require the enrollment of two guardians before a user can be enrolled.

18. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor configured for communication with a host computer;
  
  a non-volatile memory in which may be stored encrypted files; and
  
  a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device.
- View Dependent Claims (19, 20, 21)
- - 19. The portable data transport device of claim 18 wherein the file security program further comprises:
    - a decryption program that allows an enrolled user to select and decrypt files included in a data container pack file; and
      
      a listing window program that lists all data container pack files present on the portable data transport device so that each may be selected.
  - 20. The portable data transport device of claim 19 wherein the file security program further comprises a viewer program with which an enrolled user may view the contents of a selected data container pack file.
  - 21. The portable data transport device of claim 18 wherein the file security program is configured to permit an enrolled user at a host computer to selectively assign a different password to each data container pack file whereby individual files within the data container pack file do not have individual passwords and are subject to decryption only upon successful entry of the password for the entire data container pack file;
    - the file security program is configured so that data container pack files stored on the portable data transport device cannot be opened without input of the unique password for the data container pack file.

22. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor configured for communication with a host computer to which the portable data transport device is connected, the first processor configured to block mounting of the portable data transport device to the host computer until the first processor receives a data key match;
  
  a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device;
  
  a biometric processor in communication with the non-volatile memory; and
  
  a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read;
  
  wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory;
  
  wherein the first processor is configured to receive the output confirming data key from the biometric processor, compare the received confirming data key with a stored reference data key, and if a match is found, cease blocking the mounting of the portable data transport device to the connected host computer;
  
  wherein the first processor is configured so that once it has been initialized, it cannot be reset except by a guardian; and
  
  once memory used by the biometric processor has been used for storing enrolled user parameter data or for storing the reference data key, that memory is locked from further read/write operations except for use by an identified guardian.

23. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor configured for communication with a host computer, the first processor configured to block mounting of the portable data transport device to a host computer to which it is connected until the first processor receives a data key match;
  
  a first non-volatile memory in which is stored a reference data key;
  
  a biometric processor forming a permanent part of the portable data transport device;
  
  a second non-volatile memory disposed with and in communication with the biometric processor on the portable data transport device, the second memory storing data representing a physical characteristic of an enrolled user and a confirming data key;
  
  a biometric reader forming a permanent part of each of the portable data transport devices and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the read physical parameter;
  
  wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to data stored in the second non-volatile memory representing a physical parameter of an enrolled user, and if a data match results, output the confirming data key from the second non-volatile memory; and
  
  wherein the communication processor is configured to receive the output confirming data key from the biometric processor, compare the received output confirming data key with the reference data key stored in the first data transport device, and if a match is found, permit mounting of the portable data transport device to the connected host computer.
- View Dependent Claims (24, 25, 26)
- - 24. The portable data transport device of claim 23 wherein:
    - the biometric reader comprises a unique biometric reader identifier code;
      
      the second non-volatile memory stores a reference identifier code for the biometric reader;
      
      the biometric processor is configured to process physical parameter data from the reader only after it has;
      
      read the unique identifier code from the biometric reader,compared it to the reference identifier code stored in the non-volatile memory, andfound a match between the two identifier codes.
  - 25. The portable data transport device of claim 24 wherein the biometric reader forms a permanent part of the portable data transport device by means of being tethered and permanently electrically connected to the portable data transport device.
  - 26. The portable data transport device of claim 24 wherein the first processor is configured to receive power from the host computer to which the portable data transport device is connected but to block data transfer to and from the portable data transport device until the portable data transport device is mounted to the host computer.

27. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor configured for communication with a host computer to which the portable data transport device is connected;
  
  an embedded product identifier;
  
  an encryption/decryption program having an associated identifier;
  
  executable operational software having an associated identifier;
  
  firmware and associated firmware memory that is accessible only to the firmware, wherein a current hash function value is stored in the firmware memory;
  
  wherein the software is configured to run a hash function comprising the embedded product identifier, the encryption/decryption associated identifier, and the software identifier and provide a created hash function value; and
  
  the portable data transport device compares the created hash function value against the current hash function value stored in the firmware memory and if a match is found, the firmware removes write protection from the portable data transport device.
- View Dependent Claims (28, 29)
- - 28. The portable data transport device of claim 27 wherein the first processor is configured, upon mounting the portable data transport device to the host computer, to initially review data on the portable memory for unencrypted data and if such is found, prohibit read/write operations until the unencrypted data is deleted or encrypted and indicate to an enrolled user that such data must be encrypted or deleted before further operations with the portable data transport device will be permitted.
  - 29. The portable data transport device of claim 28 wherein the first processor is configured to auto-detect and delete any unencrypted data found on the portable data transport device.

30. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor disposed on the portable data transport device configured for communication with a host computer;
  
  a non-volatile memory in which may be stored encrypted files by the first processor;
  
  a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device, wherein;
  
  the file security program is configured to permit an enrolled user to selectively assign a single password to each data container pack file whereby individual files within the data container pack file do not have individual passwords and are subject to decryption only upon successful entry of the password for the entire data container pack file;
  
  the file security program is configured so that data container pack files stored on the portable data transport device cannot be opened without input of the unique password for the data container pack file; and
  
  the file security program comprises a dynamic link library containing the encryption/decryption operation program;
  
  wherein the portable data transport device is configured to perform a self-check of the encryption/decryption program of the dynamic link library prior to permitting read/write operations of the portable data transport device, wherein the self check process comprises determining if any changes have occurred in the encryption/decryption program of the dynamic link library since the last check of the dynamic link library and if any changes are found, the portable data transport device is further configured to prohibit read and write operations of the portable data transport device

31. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor configured for communication with a host computer to which the portable data transport device is connected;
  
  a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device;
  
  a biometric processor in communication with the non-volatile memory; and
  
  a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read;
  
  wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory;
  
  wherein the non-volatile memory may store encrypted files;
  
  a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file, assign a single password to each pack file, and to store that data container pack file on the portable data transport device, the host computer, or other storage device with which the data transport device is in communication.

32. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor disposed on the portable data transport device configured for communication with a host computer;
  
  a non-volatile memory disposed on the portable data transport device in which may be stored encrypted files by the first processor;
  
  a file security program comprising an encryption operation that allows an enrolled user of a host computer to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device, wherein;
  
  the file security program is configured to permit an enrolled user to selectively assign a single password to a data container pack file whereby individual files within the data container pack file do not have individual passwords and are subject to decryption only upon successful entry of the password for the entire data container pack file;
  
  the file security program is configured so that data container pack files stored on the portable data transport device cannot be opened without input of the unique password for the data container pack file; and
  
  the file security program comprises a dynamic link library containing the encryption/decryption operation program;
  
  wherein the portable data transport device is configured to perform a self-check of the encryption/decryption program of the dynamic link library prior to permitting read/write operations of the portable data transport device, wherein the self check process comprises determining if any changes have occurred in the encryption/decryption program of the dynamic link library since the last check of the dynamic link library and if any changes are found, the portable data transport device is further configured to prohibit read and write operations of the portable data transport device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Photonic Data Security LLC
Original Assignee
Aridian Technology Company Incorporated
Inventors
Lee, Lane, Gurkowski, Mark, Finlayson, James, Gordon, Reena B.

Granted Patent

US 8,479,013 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

SECURE PORTABLE DATA TRANSPORT & STORAGE SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE PORTABLE DATA TRANSPORT & STORAGE SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links