Apparatus and method for securing data on a portable storage device
First Claim
Patent Images
1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
- a. a storage medium including;
i. a secure user area for storing user data in an encrypted form andii. a register for storing therein an encrypted key; and
b. a microprocessor for;
i. using a user password for selectably encrypting a clear key to obtain said encrypted key and for decrypting said encrypted key to obtain the clear key, andii. using the clear key to selectably decrypt said encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host thereby producing said encrypted form of the user data;
wherein said user password is generated by a user of the secure portable storage device;
wherein said microprocessor is further used to exclude access from said host device to said secure user area unless said user password is provided to said microprocessor; and
wherein said storage medium further includes an offset register, and wherein said secure area is made accessible by said microprocessor by offsetting storage medium addresses by an offset value retrieved from the offset register upon receiving said user password.
8 Assignments
0 Petitions
Accused Products
Abstract
A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.
137 Citations
14 Claims
-
1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
-
a. a storage medium including; i. a secure user area for storing user data in an encrypted form and ii. a register for storing therein an encrypted key; and b. a microprocessor for; i. using a user password for selectably encrypting a clear key to obtain said encrypted key and for decrypting said encrypted key to obtain the clear key, and ii. using the clear key to selectably decrypt said encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host thereby producing said encrypted form of the user data; wherein said user password is generated by a user of the secure portable storage device; wherein said microprocessor is further used to exclude access from said host device to said secure user area unless said user password is provided to said microprocessor; and wherein said storage medium further includes an offset register, and wherein said secure area is made accessible by said microprocessor by offsetting storage medium addresses by an offset value retrieved from the offset register upon receiving said user password. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A secure portable storage device connectable to a host device, comprising:
-
a. a storage medium including a secure user area and a clear user area, both areas selectably used for storing user data exchanged with the host device; and b. a microprocessor operable to exclude access from the host device to the secure user area unless a user password is provided to the microprocessor, and to allow access from said host device to the clear user area without requiring entry of said user password; wherein said user password is generated by a user of the secure portable storage device; and wherein said storage medium, further includes an offset register, said secure user area made accessible via said microprocessor offsetting storage medium addresses by an offset value retrieved from the offset register upon receiving said user password. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for using a user password for securing and accessing user data exchanged with a host device and stored in a portable storage device, the portable storage device including a microprocessor, the method comprising:
-
a. generating a secret key by operating the microprocessor to generate a random clear key, operating the microprocessor to encrypt the clear key with the user password to obtain the secret key, and storing the secret key within the portable storage device; b. selectably storing first user data in the portable storage device by receiving the first user data from the host device, retrieving the secret key from the portable storage device, operating the microprocessor to decrypt the secret key with the user password to obtain the clear key, and operating the microprocessor to encrypt the first user data and store the encrypted first user data within the portable storage device; and c. selectably retrieving second encrypted user data from the portable storage device by reading second encrypted user data from the portable storage device, retrieving the secret key from the portable storage device, operating the microprocessor to decrypt the secret key with the user password to obtain the clear key, and operating the microprocessor to decrypt the second encrypted user data with the clear key and sending the decrypted second user data to the host device;
wherein the user password is generated by a user of the portable storage device and wherein said portable storage device further including a secure storage area and a register to contain a representation of the user password;d. selectably receiving an entered user password; e. operating the microprocessor to check the entered user password against the representation of the user password, and then; if the check is positive, operating the microprocessor to allow access to the secure storage area; and if the check is negative, operating the microprocessor to exclude access from the secure storage area.
-
Specification