ACCESS CONTROL FOR SECURE PORTABLE STORAGE DEVICE

US 20110022850A1
Filed: 09/30/2010
Published: 01/27/2011
Est. Priority Date: 07/26/2006
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus comprising:

(a) a computer-readable storage medium that includes a bulk storage area and a restricted storage area, with the bulk storage area storing encrypted content, and with the restricted storage area storing a decryption key for use in decrypting the encrypted content and a verification key; and

(b) a control module operatively coupled to said computer-readable storage medium and configured to perform the following steps upon receiving a command to store a value into a specified first location in the bulk storage area;

(i) automatically redirecting the value into a second location in the restricted storage area,(ii) determining if the value is valid by using the verification key, and then(iii) only if the value is valid, allowing the decryption key to be transferred.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure portable storage device includes a control module. When a host sends a first key to the control module with a write command so as to command the control module to write the first key into a redirecting file, the control module stores the first key in a temporary working buffer and verifies whether the first key is valid; when the first key is valid, the control module sends a second key and an encrypted content data to the host for generating a third key by decrypting the second key according to the first key and decrypting the encrypted content data into a content data according to the third key. Moreover, when the host sends multiple read commands to the control module in sequence, the control module verifies whether a sequence of the read commands received is valid and sends the second key and the encrypted content data to the host for an encryption. Related apparatuses, methods and techniques also are provided.

Citations

18 Claims

1. An apparatus comprising:
- (a) a computer-readable storage medium that includes a bulk storage area and a restricted storage area, with the bulk storage area storing encrypted content, and with the restricted storage area storing a decryption key for use in decrypting the encrypted content and a verification key; and
  
  (b) a control module operatively coupled to said computer-readable storage medium and configured to perform the following steps upon receiving a command to store a value into a specified first location in the bulk storage area;
  
  (i) automatically redirecting the value into a second location in the restricted storage area,(ii) determining if the value is valid by using the verification key, and then(iii) only if the value is valid, allowing the decryption key to be transferred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. An apparatus according to claim 1, wherein the decryption key must itself be decrypted before being used to decrypt the encrypted content.
  - 3. An apparatus according to claim 2, wherein the value that has been verified can be used to decrypt the decryption key.
  - 4. An apparatus according to claim 1, wherein the encrypted content is stored within a file system in the bulk storage area.
  - 5. An apparatus according to claim 1, wherein the control module and the computer-readable storage medium are incorporated within a portable storage device.
  - 6. An apparatus according to claim 1, wherein said steps are stored as firmware.
  - 7. An apparatus according to claim 1, wherein said determining step comprises comparing the value to the verification key.
  - 8. An apparatus according to claim 1, wherein when the value is determined to be valid, the control module automatically sends the encrypted content and the decryption key to a device that issued the command to store the value into the specified first location.
  - 9. An apparatus according to claim 1, wherein the control module sends the encrypted content in response to a command to read the encrypted content, but only after the value is determined to be valid.
  - 10. An apparatus according to claim 1, wherein the restricted storage area is only accessible to the control module for its internal processing purposes.

11. An apparatus comprising:
- (a) a computer-readable storage medium that includes a bulk storage area and a restricted storage area, with the bulk storage area storing encrypted content, and with the restricted storage area storing a decryption key for use in decrypting the encrypted content and verification information; and
  
  (b) a control module operatively coupled to said computer-readable storage medium and configured to perform the following steps upon receiving data-read commands to read data from the bulk storage area;
  
  (i) checking sequences of the data-read commands against the verification information in an attempt to identify a matching read command sequence, and then(ii) only if the matching read command sequence has been identified, allowing the decryption key to be transferred.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. An apparatus according to claim 11, wherein the decryption key must itself be decrypted before being used to decrypt the encrypted content.
  - 13. An apparatus according to claim 11, wherein the encrypted content is stored within a file system in the bulk storage area.
  - 14. An apparatus according to claim 11, wherein the control module and the computer-readable storage medium are incorporated within a portable storage device.
  - 15. An apparatus according to claim 11, wherein the restricted storage area is only accessible to the control module for its internal processing purposes.
  - 16. An apparatus according to claim 11, wherein the matching read command sequence comprises a sequence of commands to read from specific locations in a specified order.
  - 17. An apparatus according to claim 11, wherein when the matching read command sequence has been identified, the control module automatically sends the encrypted content and the decryption key to a device that issued the matching read command sequence.
  - 18. An apparatus according to claim 11, wherein the control module sends the encrypted content in response to a command to read the encrypted content, but only after the matching read command sequence has been identified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ATP Electronics Taiwan Inc.
Original Assignee
ATP Electronics Taiwan Inc.
Inventors
Kuo, Patty, LEE, Hondar, Hsieh, Tim

Application Number

US12/894,892
Publication Number

US 20110022850A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/79   in semiconductor storage me...

H04L 2209/60   Digital content management,...

H04L 9/088   Usage controlling of secret...

H04L 9/0897   involving additional device...

ACCESS CONTROL FOR SECURE PORTABLE STORAGE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS CONTROL FOR SECURE PORTABLE STORAGE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links