Apparatus and method for securing data on a portable storage device

US 7,900,063 B2
Filed: 12/29/2008
Issued: 03/01/2011
Est. Priority Date: 11/27/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for accessing a secure user area of a portable storage device, the method comprising:

performing, by a portable storage device that has a storage medium including a clear user area and a secure user area, wherein the portable storage device is operative to allow access to the clear user area without requiring a user password and to allow access to the secure user area only upon receiving the user password;

receiving the user password from a host device in communication with the portable storage device; and

performing at least one of (a) and (b);

(a) receiving data from the host device, performing on-the-fly encryption of the data, and storing the encrypted data in the secure user area; and

(b) reading encrypted data from the secure user area, performing on-the-fly decryption of the encrypted data, and sending the decrypted data to the host device;

wherein the portable storage device stores a key used for at least one of on-the-fly encryption and on-the-fly decryption, and wherein the key is encrypted.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

69 Citations

View as Search Results

35 Claims

1. A method for accessing a secure user area of a portable storage device, the method comprising:
- performing, by a portable storage device that has a storage medium including a clear user area and a secure user area, wherein the portable storage device is operative to allow access to the clear user area without requiring a user password and to allow access to the secure user area only upon receiving the user password;
  
  receiving the user password from a host device in communication with the portable storage device; and
  
  performing at least one of (a) and (b);
  
  (a) receiving data from the host device, performing on-the-fly encryption of the data, and storing the encrypted data in the secure user area; and
  
  (b) reading encrypted data from the secure user area, performing on-the-fly decryption of the encrypted data, and sending the decrypted data to the host device;
  
  wherein the portable storage device stores a key used for at least one of on-the-fly encryption and on-the-fly decryption, and wherein the key is encrypted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising determining that the user password is valid by comparing the user password with a stored password.
  - 3. The method of claim 1 further comprising determining that the user password is valid by hashing the user password and comparing the hashed user password to a stored hashed password.
  - 4. The method of claim 1, wherein the portable storage device is operative to access the secure user area by offsetting a logical address received from the host device by an offset parameter before transforming the logical address to a physical address.
  - 5. The method of claim 4, wherein the offsetting is performed after the host device remounts the portable storage device.
  - 6. The method of claim 1 further comprising configuring a size of the secure user area based on a request by a user.
  - 7. The method of claim 6, wherein the configuring is performed by a program stored in the portable storage device and executed by the portable storage device.
  - 8. The method of claim 6, wherein the configuring is performed only after determining that the user password is valid.
  - 9. The method of claim 1, wherein the portable storage device is further operative to write and read data in the clear user area without encryption and decryption if the user password is not received from the host device.

10. A storage device comprising:
- an interface to a host device; and
  
  a storage medium including a clear user area and a secure user area;
  
  wherein the storage device is operative to allow access to the clear user area without requiring a user password and to allow access to the secure user area only upon receiving the user password; and
  
  wherein the storage device is further operative to;
  
  receive the user password from the host device via the interface; and
  
  perform at least one of (a) and (b);
  
  (a) receive data from the host device, perform on-the-fly encryption of the data, and store the encrypted data in the secure user area; and
  
  (b) read encrypted data from the secure user area, perform on-the-fly decryption of the encrypted data, and send the decrypted data to the host device;
  
  wherein the storage device stores a key used for at least one of on-the-fly encryption and on-the-fly decryption, and wherein the key is encrypted.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The storage device of claim 10, wherein the storage device is operative to determine that the user password is valid by comparing the user password with a stored password.
  - 12. The storage device of claim 10, wherein the storage device is operative to determine that the user password is valid by hashing the user password and comparing the hashed user password to a stored hashed password.
  - 13. The storage device of claim 10, wherein the storage device is operative to access the secure user area by offsetting a logical address received from the host device by an offset parameter before transforming the logical address to a physical address.
  - 14. The storage device of claim 13, wherein the offsetting is performed after the host device remounts the portable storage device.
  - 15. the storage device of claim 10, wherein the storage device is operative to configure a size of the secure user area based on a request by a user.
  - 16. The storage device of claim 15, wherein the storage device is operative to configure the size of the secure user area by executing a program stored in the portable storage device.
  - 17. The storage device of claim 15, wherein the storage device is operative to configure the size of the secure user only after determining that the user password is valid.
  - 18. The storage device of claim 10, wherein the storage device is further operative to write and read data in the clear user area without encryption and decryption if the user password is not received from the host device.

19. A method for accessing a secure user area of a portable storage device, the method comprising:
- performing, by a portable storage device that has a storage medium including a clear user area and a secure user area, wherein the portable storage device is operative to allow access to the clear user area without requiring a user password and to allow access to the secure user area only upon receiving the user password;
  
  receiving the user password from a host device in communication with the portable storage device; and
  
  performing at least one of (a) and (b);
  
  (a) receiving data from the host device, performing on-the-fly encryption of the data, and storing the encrypted data in the secure user area; and
  
  (b) reading encrypted data from the secure user area, performing on-the-fly decryption of the encrypted data, and sending the decrypted data to the host device;
  
  wherein the portable storage device stores a key used for at least one of on-the-fly encryption and on-the-fly decryption, and wherein the portable storage device is operative to access the secure user area by offsetting a logical address received from the host device by an offset parameter before transforming the logical address to a physical address.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The method of claim 19 further comprising determining that the user password is valid by hashing the user password and comparing the hashed user password to a stored hashed password.
  - 21. The method of claim 19, wherein the key is encrypted.
  - 22. The method of claim 19, wherein the offsetting is performed after the host device remounts the portable storage device.
  - 23. The method of claim 19 further comprising configuring a size of the secure user area based on a request by a user.
  - 24. The method of claim 23, wherein the configuring is performed by a program stored in the portable storage device and executed by the portable storage device.
  - 25. The method of claim 23, wherein the configuring is performed only after determining that the user password is valid.
  - 26. The method of claim 19, wherein the portable storage device is further operative to write and read data in the clear user area without encryption and decryption if the user password is not received from the host device.

27. A storage device comprising:
- an interface to a host device; and
  
  a storage medium including a clear user area and a secure user area;
  
  wherein the storage device is operative to allow access to the clear user area without requiring a user password and to allow access to the secure user area only upon receiving the user password; and
  
  wherein the storage device is further operative to;
  
  receive the user password from the host device via the interface; and
  
  perform at least one of (a) and (b);
  
  (a) receive data from the host device, perform on-the-fly encryption of the data, and store the encrypted data in the secure user area; and
  
  (b) read encrypted data from the secure user area, perform on-the-fly decryption of the encrypted data, and send the decrypted data to the host device;
  
  wherein the storage device stores a key used for at least one of on-the-fly encryption and on-the-fly decryption, and wherein the storage device is operative to access the secure user area by offsetting a logical address received from the host device by an offset parameter before transforming the logical address to a physical address.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The storage device of claim 27, wherein the storage device is operative to determine that the user password is valid by comparing the user password with a stored password.
  - 29. The storage device of claim 27, wherein the storage device is operative to determine that the user password is valid by hashing the user password and comparing the hashed user password to a stored hashed password.
  - 30. The storage device of claim 27, wherein the key is encrypted.
  - 31. The storage device of claim 27, wherein the offsetting is performed after the host device remounts the portable storage device.
  - 32. The storage device of claim 27, wherein the storage device is operative to configure a size of the secure user area based on a request by a user.
  - 33. The storage device of claim 32, wherein the storage device is operative to configure the size of the secure user area by executing a program stored in the portable storage device.
  - 34. The storage device of claim 32, wherein the storage device is operative to configure the size of the secure user only after determining that the user password is valid.
  - 35. The storage device of claim 27, wherein the storage device is further operative to write and read data in the clear user area without encryption and decryption if the user password is not received from the host device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Western Digital Israel Limited (Western Digital Corporation)
Original Assignee
SanDisk IL Ltd. (Western Digital Corporation)
Inventors
Ziv, Aran, Bychkov, Eyal
Primary Examiner(s)
GERGISO, TECHANE

Application Number

US12/345,270
Publication Number

US 20090119517A1
Time in Patent Office

792 Days
Field of Search

713/193, 726/26
US Class Current

713/193
CPC Class Codes

G06F 12/1466   Key-lock mechanism

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 21/78   to assure secure storage of...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2153   Using hardware token as a s...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

Apparatus and method for securing data on a portable storage device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for securing data on a portable storage device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links