SECURE PORTABLE DATA TRANSPORT & STORAGE SYSTEM
First Claim
1. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
- a first processor configured for communication with a host computer to which the portable data transport device is connected, the first processor configured to block mounting of the portable data transport device to the host computer until the first processor receives a data key match;
a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device;
a biometric processor in communication with the non-volatile memory; and
a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read;
wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory;
wherein the first processor is configured to receive the output confirming data key from the biometric processor, compare the received confirming data key with a stored reference data key, and if a match is found, cease blocking the mounting of the portable data transport device to the connected host computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer for securing and transporting data. The portable data transport device includes a first processor and a biometric identification system. Upon successful biometric identification of an enrolled user, the first processor permits mounting of the data transport device to a host computer. However, prior to the commencement of read/write operations, cross-checking of stored identification codes of components of the portable data transport device occurs, including the use of a hash function. If any identifier does not match, no read/write data operations are permitted. The portable data transport device includes a file security program that includes a DLL encryption/decryption program having a self-check feature. Upon self check, if any changes were made to the encryption/decryption program, no read/write operations are permitted. The portable data transport device permits the selection of multiple files for encryption together into a single data container pack file and to store that data container pack file. The file security program permits an enrolled user at a host computer to assign only a password to a data container pack file. If a user at a host computer enters an incorrect password a predetermined number of times, portable data transport device processor will erase all data in any volatile memory it is using and will lock itself in a non-operational configuration.
56 Citations
32 Claims
-
1. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor configured for communication with a host computer to which the portable data transport device is connected, the first processor configured to block mounting of the portable data transport device to the host computer until the first processor receives a data key match; a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device; a biometric processor in communication with the non-volatile memory; and a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read; wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory; wherein the first processor is configured to receive the output confirming data key from the biometric processor, compare the received confirming data key with a stored reference data key, and if a match is found, cease blocking the mounting of the portable data transport device to the connected host computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor configured for communication with a host computer; a non-volatile memory in which may be stored encrypted files; and a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device. - View Dependent Claims (19, 20, 21)
-
-
22. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor configured for communication with a host computer to which the portable data transport device is connected, the first processor configured to block mounting of the portable data transport device to the host computer until the first processor receives a data key match; a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device; a biometric processor in communication with the non-volatile memory; and a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read; wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory; wherein the first processor is configured to receive the output confirming data key from the biometric processor, compare the received confirming data key with a stored reference data key, and if a match is found, cease blocking the mounting of the portable data transport device to the connected host computer; wherein the first processor is configured so that once it has been initialized, it cannot be reset except by a guardian; and once memory used by the biometric processor has been used for storing enrolled user parameter data or for storing the reference data key, that memory is locked from further read/write operations except for use by an identified guardian.
-
-
23. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor configured for communication with a host computer, the first processor configured to block mounting of the portable data transport device to a host computer to which it is connected until the first processor receives a data key match; a first non-volatile memory in which is stored a reference data key; a biometric processor forming a permanent part of the portable data transport device; a second non-volatile memory disposed with and in communication with the biometric processor on the portable data transport device, the second memory storing data representing a physical characteristic of an enrolled user and a confirming data key; a biometric reader forming a permanent part of each of the portable data transport devices and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the read physical parameter; wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to data stored in the second non-volatile memory representing a physical parameter of an enrolled user, and if a data match results, output the confirming data key from the second non-volatile memory; and wherein the communication processor is configured to receive the output confirming data key from the biometric processor, compare the received output confirming data key with the reference data key stored in the first data transport device, and if a match is found, permit mounting of the portable data transport device to the connected host computer. - View Dependent Claims (24, 25, 26)
-
-
27. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor configured for communication with a host computer to which the portable data transport device is connected; an embedded product identifier; an encryption/decryption program having an associated identifier; executable operational software having an associated identifier; firmware and associated firmware memory that is accessible only to the firmware, wherein a current hash function value is stored in the firmware memory; wherein the software is configured to run a hash function comprising the embedded product identifier, the encryption/decryption associated identifier, and the software identifier and provide a created hash function value; and the portable data transport device compares the created hash function value against the current hash function value stored in the firmware memory and if a match is found, the firmware removes write protection from the portable data transport device. - View Dependent Claims (28, 29)
-
-
30. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor disposed on the portable data transport device configured for communication with a host computer; a non-volatile memory in which may be stored encrypted files by the first processor; a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device, wherein; the file security program is configured to permit an enrolled user to selectively assign a single password to each data container pack file whereby individual files within the data container pack file do not have individual passwords and are subject to decryption only upon successful entry of the password for the entire data container pack file; the file security program is configured so that data container pack files stored on the portable data transport device cannot be opened without input of the unique password for the data container pack file; and the file security program comprises a dynamic link library containing the encryption/decryption operation program; wherein the portable data transport device is configured to perform a self-check of the encryption/decryption program of the dynamic link library prior to permitting read/write operations of the portable data transport device, wherein the self check process comprises determining if any changes have occurred in the encryption/decryption program of the dynamic link library since the last check of the dynamic link library and if any changes are found, the portable data transport device is further configured to prohibit read and write operations of the portable data transport device
-
-
31. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor configured for communication with a host computer to which the portable data transport device is connected; a non-volatile memory in which is stored a confirming data key and data representing a physical parameter of an enrolled user of the portable data transport device; a biometric processor in communication with the non-volatile memory; and a biometric reader disposed as part of the portable data transport device and disposed in communication with the biometric processor, the biometric reader configured to read a predetermined physical parameter of a person and provide data representing the physical parameter that was read; wherein the biometric processor is configured to receive the data representing the read physical parameter, compare it to stored data representing a physical characteristic of an enrolled user stored in the non-volatile memory, and if a match results, output the confirming data key from the non-volatile memory; wherein the non-volatile memory may store encrypted files; a file security program comprising an encryption operation that allows an enrolled user to select multiple files to be encrypted together into a single data container pack file, assign a single password to each pack file, and to store that data container pack file on the portable data transport device, the host computer, or other storage device with which the data transport device is in communication.
-
-
32. A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer, the portable data transport device comprising:
-
a first processor disposed on the portable data transport device configured for communication with a host computer; a non-volatile memory disposed on the portable data transport device in which may be stored encrypted files by the first processor; a file security program comprising an encryption operation that allows an enrolled user of a host computer to select multiple files to be encrypted together into a single data container pack file and to store that data container pack file on the portable data transport device, wherein; the file security program is configured to permit an enrolled user to selectively assign a single password to a data container pack file whereby individual files within the data container pack file do not have individual passwords and are subject to decryption only upon successful entry of the password for the entire data container pack file; the file security program is configured so that data container pack files stored on the portable data transport device cannot be opened without input of the unique password for the data container pack file; and the file security program comprises a dynamic link library containing the encryption/decryption operation program; wherein the portable data transport device is configured to perform a self-check of the encryption/decryption program of the dynamic link library prior to permitting read/write operations of the portable data transport device, wherein the self check process comprises determining if any changes have occurred in the encryption/decryption program of the dynamic link library since the last check of the dynamic link library and if any changes are found, the portable data transport device is further configured to prohibit read and write operations of the portable data transport device.
-
Specification