Multiple stakeholder secure memory partitioning and access control

US 8,190,919 B2
Filed: 12/20/2006
Issued: 05/29/2012
Est. Priority Date: 11/07/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A machine implemented system that effectuates secure access to a flash memory component, comprising:

a security component that intercepts communications between an external processor and the flash memory component and implements authentication and access control to the flash memory component, wherein, based on the security component receiving appropriate public key infrastructure authentication information associated with a partition formed within the flash memory and the partition being in an open state, the security component permits access to the partition, wherein the partition is further associated with a change access right access type that requires a password and the appropriate public key infrastructure authentication information to be supplied in order to change the change access right access type; and

a processing component that rounds a start address or an end address to an erase unit boundary of the flash memory component.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine implemented system and method that effectuates secure access to a flash memory associated with a mobile device. The system includes a security component that intercepts transactions between an external processor and the flash memory and implements authentication and access control to the flash memory. The system further includes components that can partition the flash memory and can associate authentication and access control information with the partitioned flash memory.

Citations

20 Claims

1. A machine implemented system that effectuates secure access to a flash memory component, comprising:
- a security component that intercepts communications between an external processor and the flash memory component and implements authentication and access control to the flash memory component, wherein, based on the security component receiving appropriate public key infrastructure authentication information associated with a partition formed within the flash memory and the partition being in an open state, the security component permits access to the partition, wherein the partition is further associated with a change access right access type that requires a password and the appropriate public key infrastructure authentication information to be supplied in order to change the change access right access type; and
  
  a processing component that rounds a start address or an end address to an erase unit boundary of the flash memory component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, the processing component divides the flash memory component into the partition based on a unique identifier associated with the flash memory component and the start address and the end address.
  - 3. The system of claim 2, the processing component associates a state to the partition, the state includes one of an open state and a close state.
  - 4. The system of claim 3, the processing component associates an access permit to the partition, the access permit includes at least one of a PKI certificate, an unrestricted access, and access allowed when the state associated with the partition is the open state.
  - 5. The system of claim 1, the processing component associates an access type to the partition.
  - 6. The system of claim 5, the access type includes one of read, write, or change access right.
  - 7. The system of claim 6, the change access right comprises partition attributes that include a partition attribute that indicates that the partition is always changeable, a partition attribute that indicates that the partition is changeable when a password is supplied, a partition attribute that indicates that the partition is changeable when appropriate public key infrastructure authentication information is supplied, or a partition attribute that indicates that the partition is changeable when an appropriate public key infrastructure authentication information or password is supplied.
  - 8. The system of claim 1, the security component further includes a security engine that implements hardware access control.
  - 9. The system of claim 8, the security engine includes a cryptographic component that implements one or more symmetric and asymmetric cryptographic techniques to enforce hardware access control over the flash memory component.
  - 10. The system of claim 1, the security component implemented on a application specific integrated circuit.
  - 11. The system of claim 1, the flash memory component, the security component and the external processor integrated to form a mobile device, the flash component and the security component embedded in the mobile device.

12. A method implemented on a processor for facilitating and effectuating secure access to a flash memory component, comprising:
- intercepting communications between an external host and the flash memory; and
  
  utilizing a cryptographic technique to enforce the secure access to the flash memory component that is partitioned based on a start address or an end address that are rounded to an erase unit boundary of the flash memory component, wherein enforcement of the secure access includes utilization of appropriate public key infrastructure authentication information and the flash memory that is partitioned being in an open state, and wherein the flash memory that is partitioned is associated with a change access right access type of with password or with pki, wherein the change access right access type of with password or with pki requires that a password or the appropriate public key infrastructure authentication information be supplied in order to modify the change access right access type associated with the flash memory that is partitioned.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, the cryptographic technique includes utilizing a symmetric cryptographic algorithm, an asymmetric cryptographic algorithm and a secure hashing algorithm to deny access to a partition created within the flash memory component.
  - 14. The method of claim 13, further including soliciting credential information from an entity requesting access to the partition.
  - 15. The method of claim 14, utilizing the credential information to grant one or more of a read, a write, and a change access right access type to the partition.
  - 16. The method of claim 13, further including eliciting biometric information from the entity requesting access to the partition.
  - 17. The method of claim 16, the biometric information includes at least iris data, face data and fingerprint data.
  - 18. The method of claim 12, the processor, the external host and the flash memory incorporated to form a mobile device.
  - 19. The method of claim 18, the mobile device one of a multimedia player, a Personal Digital Assistant, a cell phone, a lap top computer, and a hand held computing device.

20. A method that divides a flash memory component into one or more partitions, comprising:
- partitioning the flash memory component into the one or more partitions, wherein a start or end address of the one or more partitions is aligned on an erase unit boundary of the flash memory component;
  
  assigning a pass code to the one or more partitions; and
  
  ascertaining and associating a public key infrastructure (PKI) key and an access control attribute to the one or more partitions, wherein access to the one or more partitions is permitted when the one or more partitions are in an open state and the access control attribute is set to when_open_or_with_PKI, wherein the access control attribute when_open_or_with_PKI permits access to the one or more partitions in response to one of the one or more partitions being in an open state and an appropriate PKI key being supplied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cypress Semiconductor Corporation (Infineon Technologies AG)
Original Assignee
Spansion LLC (Infineon Technologies AG)
Inventors
Natarajan, Venkat, Werner, Jeremy Isaac Nathaniel, Obereiner, Willy, Tom, Joe Yuen, Barck, Russell
Primary Examiner(s)
McNally, Michael S

Application Number

US11/613,691
Publication Number

US 20080109662A1
Time in Patent Office

1,987 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1441   for a range

G06F 2212/2022   Flash memory

Multiple stakeholder secure memory partitioning and access control

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple stakeholder secure memory partitioning and access control

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links