Apparatus and method for securing data on a portable storage device

US 7,478,248 B2
Filed: 11/27/2002
Issued: 01/13/2009
Est. Priority Date: 11/27/2002
Status: Active Grant

First Claim

Patent Images

1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:

a. a storage medium including;

i. a secure user area for storing user data in an encrypted form andii. a register for storing therein an encrypted key; and

b. a microprocessor for;

i. using a user password for selectably encrypting a clear key to obtain said encrypted key and for decrypting said encrypted key to obtain the clear key, andii. using the clear key to selectably decrypt said encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host thereby producing said encrypted form of the user data;

wherein said user password is generated by a user of the secure portable storage device;

wherein said microprocessor is further used to exclude access from said host device to said secure user area unless said user password is provided to said microprocessor; and

wherein said storage medium further includes an offset register, and wherein said secure area is made accessible by said microprocessor by offsetting storage medium addresses by an offset value retrieved from the offset register upon receiving said user password.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

137 Citations

View as Search Results

14 Claims

1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
- a. a storage medium including;
  
  i. a secure user area for storing user data in an encrypted form andii. a register for storing therein an encrypted key; and
  
  b. a microprocessor for;
  
  i. using a user password for selectably encrypting a clear key to obtain said encrypted key and for decrypting said encrypted key to obtain the clear key, andii. using the clear key to selectably decrypt said encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host thereby producing said encrypted form of the user data;
  
  wherein said user password is generated by a user of the secure portable storage device;
  
  wherein said microprocessor is further used to exclude access from said host device to said secure user area unless said user password is provided to said microprocessor; and
  
  wherein said storage medium further includes an offset register, and wherein said secure area is made accessible by said microprocessor by offsetting storage medium addresses by an offset value retrieved from the offset register upon receiving said user password.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The secure portable storage device of claim 1, wherein said storage medium further includes a clear user area, and wherein said microprocessor is further used to allow access from the host device to the clear user area without requiring entry of said user password.
  - 3. The secure portable storage device of claim 1, wherein said offsetting takes place in cooperation with said microprocessor causing said host device to remount said secure portable storage device.
  - 4. The secure portable storage device of claim 1, wherein said user password includes alphanumeric characters entered by the user.
  - 5. The secure portable storage device of claim 1, wherein said user password includes biometric data.
  - 6. The secure portable storage device of claim 1, wherein said storage medium further includes a user password register storing therein a hashed representation of said user password, and wherein said microprocessor is also operable to hash said user password.

7. A secure portable storage device connectable to a host device, comprising:
- a. a storage medium including a secure user area and a clear user area, both areas selectably used for storing user data exchanged with the host device; and
  
  b. a microprocessor operable to exclude access from the host device to the secure user area unless a user password is provided to the microprocessor, and to allow access from said host device to the clear user area without requiring entry of said user password;
  
  wherein said user password is generated by a user of the secure portable storage device; and
  
  wherein said storage medium, further includes an offset register, said secure user area made accessible via said microprocessor offsetting storage medium addresses by an offset value retrieved from the offset register upon receiving said user password.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The secure portable storage device of claim 7, wherein said offsetting takes place in cooperation with said microprocessor causing said host device to remount said secure portable storage device.
  - 9. The secure portable storage device of claim 7, wherein said user password includes alphanumeric data.
  - 10. The secure portable storage device of claim 7, wherein said user password includes biometric data.
  - 11. The secure portable storage device of claim 7, wherein the operability of said microprocessor to exclude access includes use of said clear key to decrypt said user data read from said secure user area and to encrypt said user data written onto said secure user area.
  - 12. The secure portable storage device of claim 11, wherein said storage medium further includes a register for storing therein an encrypted key that has been encrypted from said clear key under said user password, and wherein said microprocessor is further operable to use said user password for decrypting the encrypted key to obtain said clear key prior to said using said clear key.
  - 13. The secure portable storage device of claim 7, wherein said storage medium further includes a user password register storing therein a hashed representation of said user password, and wherein said microprocessor is also operable to hash said user password.

14. A method for using a user password for securing and accessing user data exchanged with a host device and stored in a portable storage device, the portable storage device including a microprocessor, the method comprising:
- a. generating a secret key by operating the microprocessor to generate a random clear key, operating the microprocessor to encrypt the clear key with the user password to obtain the secret key, and storing the secret key within the portable storage device;
  
  b. selectably storing first user data in the portable storage device by receiving the first user data from the host device, retrieving the secret key from the portable storage device, operating the microprocessor to decrypt the secret key with the user password to obtain the clear key, and operating the microprocessor to encrypt the first user data and store the encrypted first user data within the portable storage device; and
  
  c. selectably retrieving second encrypted user data from the portable storage device by reading second encrypted user data from the portable storage device, retrieving the secret key from the portable storage device, operating the microprocessor to decrypt the secret key with the user password to obtain the clear key, and operating the microprocessor to decrypt the second encrypted user data with the clear key and sending the decrypted second user data to the host device;
  
  wherein the user password is generated by a user of the portable storage device and wherein said portable storage device further including a secure storage area and a register to contain a representation of the user password;
  
  d. selectably receiving an entered user password;
  
  e. operating the microprocessor to check the entered user password against the representation of the user password, and then;
  
  if the check is positive, operating the microprocessor to allow access to the secure storage area; and
  
  if the check is negative, operating the microprocessor to exclude access from the secure storage area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jpmorgan Chase Bank NA As The Agent
Original Assignee
M-Systems Flash Disk Pioneers Ltd. (Western Digital Corporation)
Inventors
Ziv, Aran, Bychkov, Eyal
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
GERGISO, TECHANE

Application Number

US10/304,772
Publication Number

US 20040103288A1
Time in Patent Office

2,239 Days
Field of Search

713/193, 713/185, 713/183, 711/164
US Class Current

713/193
CPC Class Codes

G06F 12/1466   Key-lock mechanism

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 21/78   to assure secure storage of...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2153   Using hardware token as a s...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

Apparatus and method for securing data on a portable storage device

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for securing data on a portable storage device

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others