ACCESS CONTROL FOR SECURE PORTABLE STORAGE DEVICE
First Claim
1. An apparatus comprising:
- (a) a computer-readable storage medium that includes a bulk storage area and a restricted storage area, with the bulk storage area storing encrypted content, and with the restricted storage area storing a decryption key for use in decrypting the encrypted content and a verification key; and
(b) a control module operatively coupled to said computer-readable storage medium and configured to perform the following steps upon receiving a command to store a value into a specified first location in the bulk storage area;
(i) automatically redirecting the value into a second location in the restricted storage area,(ii) determining if the value is valid by using the verification key, and then(iii) only if the value is valid, allowing the decryption key to be transferred.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure portable storage device includes a control module. When a host sends a first key to the control module with a write command so as to command the control module to write the first key into a redirecting file, the control module stores the first key in a temporary working buffer and verifies whether the first key is valid; when the first key is valid, the control module sends a second key and an encrypted content data to the host for generating a third key by decrypting the second key according to the first key and decrypting the encrypted content data into a content data according to the third key. Moreover, when the host sends multiple read commands to the control module in sequence, the control module verifies whether a sequence of the read commands received is valid and sends the second key and the encrypted content data to the host for an encryption. Related apparatuses, methods and techniques also are provided.
-
Citations
18 Claims
-
1. An apparatus comprising:
-
(a) a computer-readable storage medium that includes a bulk storage area and a restricted storage area, with the bulk storage area storing encrypted content, and with the restricted storage area storing a decryption key for use in decrypting the encrypted content and a verification key; and (b) a control module operatively coupled to said computer-readable storage medium and configured to perform the following steps upon receiving a command to store a value into a specified first location in the bulk storage area; (i) automatically redirecting the value into a second location in the restricted storage area, (ii) determining if the value is valid by using the verification key, and then (iii) only if the value is valid, allowing the decryption key to be transferred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
(a) a computer-readable storage medium that includes a bulk storage area and a restricted storage area, with the bulk storage area storing encrypted content, and with the restricted storage area storing a decryption key for use in decrypting the encrypted content and verification information; and (b) a control module operatively coupled to said computer-readable storage medium and configured to perform the following steps upon receiving data-read commands to read data from the bulk storage area; (i) checking sequences of the data-read commands against the verification information in an attempt to identify a matching read command sequence, and then (ii) only if the matching read command sequence has been identified, allowing the decryption key to be transferred. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification