Secure data storage device

US 6,631,453 B1
Filed: 11/27/2001
Issued: 10/07/2003
Est. Priority Date: 02/14/2001
Status: Expired due to Term

First Claim

Patent Images

1. A secure storage system for protecting data exchanged between a first and second computer both capable of requesting the reading of data and the writing of data, the secure storage system comprising:

an active connector capable of receiving data or sending data, coupled to the first computer;

a passive connector capable of receiving data or sending data, coupled to the second computer;

a disk controller coupled to the passive connector;

a disk electronics unit coupled to the disk controller;

a storage media having stored data written from the first computer capable of processing simultaneous requests from the first and second computers, the storage media coupled to the disk electronics unit and allowing the second computer to read the stored data and ignores any command received from the passive connector to write data on the storage media.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data storage/transmission hardware device (or multiple devices physically linked together) with two (or more) access channels is disclosed. One of the access channels allows for reading and writing of information (referred to as the “active channel”) while the other access channel(s) (referred to as “passive channels”) allow solely for the reading of information. The actual limitation of “write” access of the passive access channels is brought about by a combination of hardware and firmware. The information stored/or transmitted through the device may be (but is not limited to) data such as digital, graphical, image, multi-media, stream or any other type of computing information. This methodology spans multiple media and computing device types. This method can be physically implemented through the use of a shared media between the dynamic and passive channel(s) or it can be implemented with separate media for each primary/passive channel with added software/firmware that relays information from the primary channel media to the passive channel media.

48 Citations

View as Search Results

29 Claims

1. A secure storage system for protecting data exchanged between a first and second computer both capable of requesting the reading of data and the writing of data, the secure storage system comprising:
- an active connector capable of receiving data or sending data, coupled to the first computer;
  
  a passive connector capable of receiving data or sending data, coupled to the second computer;
  
  a disk controller coupled to the passive connector;
  
  a disk electronics unit coupled to the disk controller;
  
  a storage media having stored data written from the first computer capable of processing simultaneous requests from the first and second computers, the storage media coupled to the disk electronics unit and allowing the second computer to read the stored data and ignores any command received from the passive connector to write data on the storage media.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system in claim 1 wherein the active connector has a unique identification address assigned to data it receives and the passive connector has a second unique identification address assigned to data it receives.
  - 3. The system in claim 2 further comprising:
    - a first slot having a unique identification number coupled to the active connector; and
      
      a second slot having a unique identification number coupled to the passive connector.
  - 4. The system in claim 3 wherein the disk controller is coupled to the active connector.
  - 5. The system in claim 4 wherein the disk electronics unit includes firmware which controls the reading and writing of data on the storage media wherein the firmware reads data received from the active and passive connectors and the unique identification addresses and the unique identification number of the slots to determine whether to write the received data on the storage media.
  - 6. The system in claim 5 wherein the firmware is installed in the disk electronics after being modified to control the storage media.
  - 7. The system in claim 6 wherein the firmware is programmed with the identification addresses of the active and passive connectors and the unique identification numbers of the first and second slots.
  - 8. The system in claim 4 wherein the disk controller includes firmware which controls the reading and writing of data on the storage media wherein the firmware reads data received from the active and passive connectors and the unique identification addresses and the unique identification number of the slots to determine whether to write the received data on the storage media.
  - 9. The system in claim 8 wherein the firmware is installed in the disk controller after being modified to control the storage media.
  - 10. The system in claim 9 wherein the firmware is programmed with the identification addresses of the active and passive connectors and the unique identification numbers of the first and second slots.
  - 11. The system in claim 3 further comprising:
12. The system in claim 1 wherein the storage media is a hard disk.
13. The system in claim 1 wherein the storage media includes:
- a magnetic platter storing data;
  
  a read only head coupled to an actuator arm controlled by the disk electronics which reads data requested by the second computer; and
  
  a read/write head coupled to a second actuator arm controlled by the disk electronics which reads data requested by the first computer and writes data received from the first computer.
14. The system in claim 1 wherein the active and passive connections are Ethernet connections.
15. The system in claim 1 wherein the active and passive connections are fiber optics.

16. A method of making data from a first computer available to a second computer while preventing alteration of the data, the method comprising:
- establishing an active data connection to the first computer;
  
  establishing a passive data connection for the second computer;
  
  writing data on a storage device from the first computer;
  
  examining requests from the second computer and restricting access to the storage device from the second computer by ignoring all requests for writing data from the second computer to the storage device; and
  
  allowing the processing of simultaneous requests to the storage device from the first and second computers.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The method in claim 16 further comprising:
18. The method in claim 17 further comprising:
- reading data received from the first and second computer and assigning the data the first or second unique identification address;
  
  identifying whether the data is from the active and passive connection by the first and second unique identification address; and
  
  processing commands in response based on whether the data is from the passive or active connection.
19. The method in claim 17 further comprising:
- determining the unique identifier for the active connection;
  
  determining the unique identifier for the passive connection;
  
  modifying firmware for hardware controlling the storage media to store the unique identifiers for the active and passive connection;
  
  modifying firmware to control the storage media to write data having only the unique identifier for the active connection;
  
  loading the modified firmware into the secure storage device.
20. The method in claim 19 wherein the storage device is a hard drive and the firmware is part of a disk controller coupled to a disk electronics unit for controlling the storage device.
21. The method in claim 19 wherein the storage device is a hard drive and the firmware is part of a disk electronics unit which controls the storage device.
22. The method in claim 18 further comprising rejecting data received from the passive connection and sending an error message to the passive connection.
23. The method in claim 16 wherein the passive connection is an Internet connection.
24. The method in claim 16 wherein the passive and active connections are Ethernet connections.
25. The method in claim 21 wherein the passive and active connections are fiber optics.

26. A computing system for the secure exchange of data and prevent data tampering, the system comprising:
- a first computing source having protectable data and an external data conduit;
  
  a second computing source having an external data conduit; and
  
  a secure storage device having an active connector coupled to the external data conduit of the first computing source and a passive connector coupled to the external data conduit of the second computing source, the secure storage device including a storage media which stores the protectable data and accepts requests to write the protectable data from the first computing source, allows reading of the protectable data by the second computing source, allows processing simultaneous requests from the first and second computers and ignores requests to write data on the secure storage device from the second computing source.
- View Dependent Claims (27, 28, 29)
- - 27. The computing system in claim 26 further comprising a second secure storage device having an active connector coupled to the external data conduit of the second computing source and a passive connector coupled to the external data conduit of the first computing source, the second secure storage device including a storage media which stores the protectable data and accepts writing of the protectable data from the second computing source and only reading of the protectable data by the first computing source.
  - 28. The system of claim 26 wherein the data conduit of the second computing source is an Internet connection.
  - 29. The system of claim 26 further comprising a second secure storage device having an active connector coupled to the external data conduit of the first computing source and a passive connector coupled to the external data conduit of a third computing source, the secure storage device including a second storage media which stores the protectable data and accepts writing of the protectable data from the first computing source and only reading of the protectable data by the third computing source wherein the data on the first secure storage device is private to the owner of the second computing source and the data on the second secure storage device is private to the owner of third computing source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zecurity LP
Original Assignee
Zecurity LP
Inventors
Friday, Victor
Primary Examiner(s)
Nguyen, T. V.

Application Number

US09/996,550
Time in Patent Office

679 Days
Field of Search

713/200, 713/201, 711/152, 711/155, 711/163, 711/164
US Class Current

711/163
CPC Class Codes

G06F 21/78   to assure secure storage of...

G06F 3/0623   in relation to content

G06F 3/0655   Vertical data movement, i.e...

G06F 3/0674   Disk device

H04L 63/02   for separating internal fro...

H04L 63/083   using passwords cryptograph...

Secure data storage device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data storage device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links