Device, system and method for data access control

US 6,539,380 B1
Filed: 04/17/2000
Issued: 03/25/2003
Est. Priority Date: 09/30/1999
Status: Expired due to Term

First Claim

Patent Images

1. A system for controlling access to stored data, the stored data having at least one associated type of ion, the system comprising:

(a) an electronic data storage device for storing the stored data; and

(b) an access control device for controlling access to said electronic data storage device according to a type of requested access, wherein said access control device has a plurality of different of access for accessing data on said electronic data storage device, such that the stored data is only accessed through said access control device, and such that said access control device determines access to the stored data by comparing the at least one associated type of permission to said type of access being requested, said access control device comprising a memory for storing the at least one associated type of permission for determining access to the stored data, such that the at least one associated type of permission is determined only according to a data-based definition stored in said memory and such that said at least one associated type of permission is changeable.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device, a method and a system for providing control of access to data which is stored in an electronic data storage device. The device, method and system enable various types of permissions to be set for determining access to the stored data, such that if an attempt is made to access particular data which does not have a suitable permission type, access is denied. Preferably, the present invention is implemented as an access control device, such as a chip for example, which more preferably controls all access to the data storage device. This implementation is preferred, since such electronic devices are more difficult to “hack” for access by an unauthorized user. The device, system and method have a number of different utilizations, such as for controlling access to credit card information; for identifying a user according to a PIN or other identification information; for controlling access to a particular location according to the identity of the user; and for controlling access to various types of data files, such as music files in the MP3 format and so forth.

101 Citations

View as Search Results

41 Claims

1. A system for controlling access to stored data, the stored data having at least one associated type of ion, the system comprising:
- (a) an electronic data storage device for storing the stored data; and
  
  (b) an access control device for controlling access to said electronic data storage device according to a type of requested access, wherein said access control device has a plurality of different of access for accessing data on said electronic data storage device, such that the stored data is only accessed through said access control device, and such that said access control device determines access to the stored data by comparing the at least one associated type of permission to said type of access being requested, said access control device comprising a memory for storing the at least one associated type of permission for determining access to the stored data, such that the at least one associated type of permission is determined only according to a data-based definition stored in said memory and such that said at least one associated type of permission is changeable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein said electronic data storage device and said access control device are implemented on a single chip.
  - 3. The system of claim 2, wherein said access control device includes a microprocessor and firmware for storing a plurality of instructions, such that said access control device determines said access according to said instructions of said firmware.
  - 4. The system of claim 2, wherein said access control device is only logic, the system further comprising:
5. The system of claim 4, wherein said data storage device and said access control device are contained on said chip, and wherein said chip is included in a removable device.
6. The system of claim 1, wherein said data storage device and said access control device are implemented as a plurality of separate components.
7. The system of claim 1, wherein said access control device is implemented as a programmable ASIC.
8. The system of claim 1, wherein said access control device further comprises:
- (i) an input for receiving a request to access the stored data;
  
  (ii) a non-volatile memory for storing at least one permission for determining access to the stored data;
  
  (iii) at least one instruction for determining a permitted access according to the at least one permission, said at least one instruction being stored on said non-volatile memory; and
  
  (iv) a processor for executing said at least one instruction and for comparing said request to said at least one permission, such that if said at least one permission includes a type of access requested in said request, the stored data is provided, and alternatively if said at least one permission does not include a type of access requested in said request, the stored data is not provided.
9. The system of claim 8, wherein said non-volatile memory is a flash memory device.
10. The system of claim 9, further comprising:
- (c) a CPU (central processing unit) for transmitting said request to said access control device and for receiving provided data; and
  
  p1 (d) a bus for connecting said CPU to said access control device, such that said electronic data storage device is not accessed through said CPU, but only through said access control device.
11. The system of claim 10, wherein said bus is a USB (universal serial bus).
12. The system of claim 11, wherein said at least one permission is for comparing said request to the stored data and for returning a positive or negative comparison, such that if said request is identical to the stored data, said comparison is positive, and alternatively such that if said request is not identical to the stored data, said comparison is negative, and such that the stored data is not read.
13. The system of claim 1, wherein said access control device is integrated with said electronic data storage device.
14. The system of claim 1, wherein access is determined according to a biological parameter of a user and said access control device further comprises a biometric detection device for detecting said biological parameter of the user and for determining whether the user has said at least one permission to access the stored data.
15. The system of claim 14, wherein said biometric detection device further comprises:
- (i) a sample collector for collecting said biological parameter of the user; and
  
  (ii) a software module for analyzing said biological parameter to determine whether the user has said at least one permission to access the stored data.
16. The system of claim 15, wherein said biometric detection device further comprises:
- (iii) a memory device for storing said software module and at least one previously collected biological parameter of the user; and
  
  (iv) a data processor for operating said software module.
17. The system of claim 16, wherein said biological parameter of the user is a fingerprint of the user.
18. The system of claim 1, wherein said access control device has a single input and wherein access is determined only through said single input.

19. A device for controlling access to date storing in an electronic data storage devices the device comprising:
- (a) an input for receiving a request to access the stored data, (b) a non-volatile memory for storing at least one permission for determining access to the stored data, such that said at least one type of permission is determined only according to a data-based definition stored in said non-volatile memory;
  
  (c) at least one instruction for determining a permitted access according to the at least one permission, said at least one instruction being stored in said non-volatile memory; and
  
  (d) a processor for executing said at least one instruction and for comparing said request to said at least one permission, such that if said at least one permission includes a type of access requested in said request, the stored data is provided according to said at least one instruction executed by said processor, and alternatively if said at least one permission does not include a type of access requested in said request, the stored data is not provided.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The device of claim 19, wherein the device is implemented as a programmable ASIC.
  - 21. The device of claim 19, wherein said non-volatile memory is a flash memory device.
  - 22. The device of claim 19, wherein access is determined according to a biological parameter of a user, the device further comprising a biometric detection device for detecting said biological parameter of the user and for determining whether the user has said at least one permission to access the stored data, said biometric detection device being connected to said processor.
  - 23. The device of claim 22, wherein said biometric detection device further comprises:
24. The device of claim 23, wherein said biometric detection device further comprises:
- (iii) a memory device for storing said software module and at least one previously collected biological parameter of the user; and
  
  (iv) a data processor for operating said software module.
25. The device of claim 24, wherein said biological parameter of the user is a fingerprint of the user.

26. A method for controlling access to data stored in an electronic storage device, the method comprising the steps of:
- (a) providing an access control device for determining access to the electronic data storage device;
  
  (b) receiving a request to access the stored data by said access control device;
  
  (c) comparing said request to at one permission for determining access to the stored data by said access control device, wherein said at least one permission is one of a plurality of different types of permission, each type of permission determining a different type of access to the stored data and wherein each type of permission is changeable;
  
  (d) if said at least one permission includes a type of access requested in said request, performing said request for accessing the stored data from the electronic data storage device by said access control device; and
  
  (e) alternatively, if said at least one permission does not include a type of access requested in said request, rejecting said request by said access control device.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
- - 27. The method of claim 26, wherein said type of access includes permission to read from the stored data, such that step (d) includes the step of reading from the stored data.
  - 28. The method of claim 27, wherein said type of access includes permission to write to the stored data, such that step (d) includes the step of writing to the stored data.
  - 29. The method of claim 26, wherein said type of access only includes comparing said request to the stored data and for returning a positive or negative comparison, such that if said request is identical to the stored data, step (d) includes the step of returning a positive comparison, and alternatively such that if said request is not identical to the stored data, step (d) includes the step of returning a negative comparison, such that the stored data is not read.
  - 30. The method of claim 26, wherein the stored data is a credit card number, and said credit card number features a plurality of types of data, each of said plurality of types of data being stored with a separately selected access permission.
  - 31. The method of claim 26, wherein the stored data has a permission for a predetermined number of data read accesses, such that step (c) includes the steps of:
32. The method of claim 26, wherein access is determined for a user and wherein step (b) further comprises the steps of:
- (i) collecting a biological parameter of said user; and
  
  (ii) analyzing said biological parameter to determine an identity of said user, such that said at least one permission is determined according to said identity.
33. The method of claim 26, wherein the stored data has a permission for at least one data read access and for no data write accesses, such that step (c) includes the steps of:
- (i) determining whether said request is for a data read access for the stored data; and
  
  (ii) if said request is for said data read access, permitting the stored data to be read.
34. The method of claim 26, wherein the stored data has a permission for a predetermined rate of data read accesses, such that step (c) includes the steps of:
- (i) determining a rate of performed data read accesses for the stored data; and
  
  (ii) if said rate of performed data read accesses is less than said predetermined rate of data read accesses, permitting the stored data to be read.

35. A device for controlling access to data stored in an electronic data storage device by a user, access being determined according to a biological parameter of the user, the device comprising:
- (a) a biometric detection device for detecting said biological parameter of the user and for determining whether the user has said at least one permission to access the stored data;
  
  (b) an input for receiving a request to access the stored data;
  
  (c) a non-volatile memory for storing at least one permission for determining access to the stored data, such that said at least one permission is determined according to a data-based definition stored in said non-volatile memory and wherein said at least one permission is not permanently stored in hardware, (d) at least one instruction for determining a permitted access according to the at least one permission, said at least one instruction being stored on said non-volatile memory as software; and
  
  (c) a processor for executing said at least one instruction and for comparing said request to said at least one permission, said processor being connected to said biometric detection device such that the device for controlling access performs identification according to said biometric detection device such that if said at least one permission includes a type of access requested in said requests the stored data is provided, and alternatively if said at least one permission does not include a type of access requested in said requests the stored data is not provided.

36. A system for controlling access to stored data, access being determined according to a biological parameter of the user, the system comprising:
- (a) an electronic data storage device for storing the stored data, the stored data having at least one associated type of permission, said at least one associated type of permission being determined according to a data-based definitions, wherein said at least one associated type of permission is changeable; and
  
  (b) an access control device for controlling access to said electronic data storage device according to a type of requested access, said access control device having a plurality of different types of access for accessing data on said electronic data storage device, such that the stored data is only accessed through said access control device, and such that said access control device determines access to the stored data by comparing said at least one associated type of permission to said type of access being requested.

37. A system for controlling access to stored data by a user, the stored data having at least one associated type of permission, the system comprising:
- (a) a biometric detection device for detecting said biological parameter of the user and for determining whether the user has said at least one permission to access the stored data;
  
  (a) an electronic data storage device for storing the stored data; and
  
  (c) an access control device for controlling access to said electronic data storage device according to a type of requested access, wherein said access control device has a plurality of different types of access for accessing data on said electronic data storage device, such that the store data is only accessed through said access control devices and such that said access control device determining access to the stored data by comparing the at least one associated type of permission to said type of access being requested, said access control device comprising a memory for storing the at least one associated type of permission for determining access to the stored data, such that the at least one associated type of permission is determined only according to a data-based definition stored in said memory.

38. A system for controlling access to stored data, the stored data having at least one associated type of permission, the system comprising:
- (a) an electronic data storage device for storing the stored data; and
  
  (b) an access control device for controlling access to said electronic data storage device according to a type of requested access, wherein said access control device has a plurality of different types of access for accessing data on said electronic data storage device, such that the stored data is only accessed through said access control devices and such that said access control device determines access to the stored data by comparing the at least one associated type of permission to said type of access being requested, said access control device comprising a memory for storing the at least one associated type of permission for determining access to the stored data, such that the at least one associated type of permission is determined only according to a data-based definition stored in said memory;
  
  wherein access is not determined according to an associated type of permission permanently stored in hardware.

39. A system for controlling access to stored data, the stored data having at least one associated type of permission, the system comprising:
- (a) an electronic data storage device for storing the stored data; and
  
  (b) an access control device for controlling access to said electronic data storage device according to a type of requested access, wherein said access control device has a plurality of different type of access for accessing data on said electric data storage device, such that the stored data is only accessed through said access control device, and such that said access control device determines access to the stored data by comparing the at least one associated type of permission to said type of access being requested such that the at least one associated type of permission is determined only according to a data-based definition;
  
  wherein access is determined only according to operation of software.

40. A system for controlling access to stored data, the stored data having at least one associated type of permission, the system comprising:
- (a) an electronic data storage device for storing the stored data; and
  
  (b) an access control device for controlling access to said electronic data storage device according to a type of requested access, wherein said access control device has a plurality of different types of access for accessing data on said electronic data storage device, such that the stored data is only accessed through said access control device, and such that said access control device determines access to the stored data by comparing the at least one associated type of permission to said type of access being requested, said access control device comprising a writable flash memory for storing the at least one associated type of permission for determining access to the stored data, such that the at least one associated type of permission is determined only according to a data-based definition stored in said memory and such that said at least one type of permission is changeable.

41. A system for controlling access to stored data, the stored data having at least one associated type of permission, the system comprising:
- (a) an electronic data storage device for storing the stored data; and
  
  (b) an access control device for controlling access to said electronic data storage device according to a type of requested access, wherein said access control device has a plurality of different types of access for accessing data on said electronic data storage device, such that the stored data is only accessed through said access control device, and such that said access control device determines access to the stored data by comparing the at least one associated type of permission to said type of access being requested, such that the at least one associated type of permission is determined only according to a data-based definition and such that said at least one type of permission is changeable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Innovative Memory Systems, Inc. (Wi-LAN Inc.)
Original Assignee
M-Systems Flash Disk Pioneers Ltd. (Western Digital Corporation)
Inventors
Moran, Dov
Primary Examiner(s)
Mizrahi, Diane D.

Application Number

US09/550,491
Time in Patent Office

1,072 Days
Field of Search

707/9, 257/679, 711/163, 709/223
US Class Current

707/783
CPC Class Codes

G06F 12/1466   Key-lock mechanism

G06F 21/32   using biometric data, e.g. ...

G06F 21/6218   to a system of files or obj...

G06F 21/72   in cryptographic circuits

G06F 21/77   in smart cards

G06F 21/78   to assure secure storage of...

G06F 21/79   in semiconductor storage me...

G06F 21/85   interconnection devices, e....

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/35765   Access rights to memory zones

G07F 7/084   Additional components relat...

G07F 7/1008   Active credit-cards provide...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

Y10S 707/99939   Privileged access

Device, system and method for data access control

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Device, system and method for data access control

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links