MASS STORAGE DEVICE MEMORY ENCRYPTION METHODS, SYSTEMS, AND APPARATUS

US 20110314304A1
Filed: 06/16/2011
Published: 12/22/2011
Est. Priority Date: 06/16/2010
Status: Active Grant

First Claim

Patent Images

1. A mass storage device for storing data comprising:

a communication interface for communicating with a connected host computer;

a mass-memory storage component for storing data;

a secure key storage component adapted to securely store at least one master secret; and

an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component;

the encryption-decryption component adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component;

the encryption-decryption component further adapted to decrypt encrypted data stored in the mass-memory storage component for returning said data to the host computer in response to a read data command from the host computer and whereby said decrypting uses a decryption algorithm and at least one decryption key the security of which is protected using a master secret securely stored in the secure key storage component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component. The encryption-decryption component may also be adapted to decrypt encrypted data stored in the mass-memory storage component for returning the data to the host computer in response to a read data command from the host computer using a decryption algorithm and at least one decryption key the security of which is protected using a master secret securely stored in the secure key storage component.

50 Citations

View as Search Results

18 Claims

1. A mass storage device for storing data comprising:
- a communication interface for communicating with a connected host computer;
  
  a mass-memory storage component for storing data;
  
  a secure key storage component adapted to securely store at least one master secret; and
  
  an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component;
  
  the encryption-decryption component adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component;
  
  the encryption-decryption component further adapted to decrypt encrypted data stored in the mass-memory storage component for returning said data to the host computer in response to a read data command from the host computer and whereby said decrypting uses a decryption algorithm and at least one decryption key the security of which is protected using a master secret securely stored in the secure key storage component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The device of claim 1, whereby the encryption-decryption component obtains the at least one decryption key by accessing a master secret securely stored in the secure key storage component.
  - 3. The device of claim 2, whereby the encryption-decryption component obtains the at least one encryption key by accessing a master secret securely stored in the secure key storage component.
  - 4. The device of claim 3, whereby the encryption-decryption component accessing a master secret securely stored in the secure key storage component comprises the encryption-decryption component reading that master secret.
  - 5. The device of claim 2, whereby the encryption-decryption component accessing a master secret securely stored in the secure key storage component comprises the secure key storage component deriving an intermediate secret from that master secret and returning the intermediate secret to the encryption-decryption component and whereby the encryption-decryption component derives the decryption key from the intermediate secret.
  - 6. The device of claim 5, whereby the encryption-decryption component accessing a master secret securely stored in the secure key storage component to obtain the encryption key comprises the secure key storage component deriving an intermediate secret from that master secret and returning the intermediate secret to the encryption-decryption component and whereby the encryption-decryption component derives the encryption key from the intermediate secret.
  - 7. The device of claim 2, whereby the encryption-decryption component is further adapted to obtain an encryption key, have a data element mathematically related to the encryption key encrypted, and store the encrypted data element mathematically related to the encryption key in the mass-memory storage component;
    - and whereby obtaining the decryption key by accessing a master secret securely stored in the secure key storage component comprises reading the encrypted data element from the mass-memory storage component and having it decrypted with a key that is mathematically related to a master secret securely stored in the secure key storage component.
  - 8. The device of claim 7, whereby the at least one master secret stored in the secure key storage component comprises an asymmetric private key and whereby decrypting the encrypted data element with a key that is mathematically related to a master secret securely stored in the secure key storage component comprises decrypting that encrypted element with an asymmetric decryption algorithm using that asymmetric private key.
  - 9. The device of claim 2, whereby accessing the master secrets stored on the secure key storage component is subjected by the secure key storage component to access control mechanisms.
  - 10. The device of claim 9, whereby the secure key storage component grants or denies access to the master secrets depending on status conditions.
  - 11. The device of claim 10, whereby the secure key storage component grants or denies access to the master secrets depending on a user authentication status.
  - 12. The device of claim 11, whereby the secure key storage component denies access to the master secrets if the user has not been authenticated.
  - 13. The device of claim 11, whereby the secure key storage component is furthermore adapted to perform user authentication.
  - 14. The device of claim 13, whereby the secure key storage component authenticates the user by verifying a PIN or password.
  - 15. The device of claim 11, whereby the user is authenticated on the basis of a biometric measurement.
  - 16. The device of claim 1, wherein the communication interface comprises a USB connector.
  - 17. The device of claim 16, wherein the encryption-decryption component is connected to the USB connector and is furthermore adapted to handle the USB protocol with the host computer.
  - 18. The device of claim 1, wherein the secure key storage component comprises a smart card chip.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Original Assignee
Vasco Data Security Incorporated (OneSpan, Inc.)
Inventors
BRAAMS, HARM

Granted Patent

US 9,910,996 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/78   to assure secure storage of...

G06F 21/79   in semiconductor storage me...

MASS STORAGE DEVICE MEMORY ENCRYPTION METHODS, SYSTEMS, AND APPARATUS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

MASS STORAGE DEVICE MEMORY ENCRYPTION METHODS, SYSTEMS, AND APPARATUS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links