Apparatus and method for securing data on a portable storage device
First Claim
Patent Images
1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
- a storage medium including;
a secure user area for storing therein user data in an encrypted form, anda register for storing therein an encrypted key; and
a microprocessor configured to;
use a user password for encrypting a clear key to produce the encrypted key and, in turn, for decrypting the encrypted key to produce the clear key, anduse the clear key to decrypt the encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host device thereby producing the encrypted form of the user data;
wherein the user password is generated by a user of the secure portable storage device;
wherein the microprocessor is further configured to control access from the host device to the secure user area such that the access is allowed only upon the microprocessor receiving the user password; and
wherein, upon receiving the user password, the secure portable storage device is remounted to the host device by disconnecting a communication link between the secure portable storage device and the host device and then reconnecting the communication link between the secure portable storage device and the host device.
1 Assignment
0 Petitions
Accused Products
Abstract
A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.
-
Citations
19 Claims
-
1. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
-
a storage medium including; a secure user area for storing therein user data in an encrypted form, and a register for storing therein an encrypted key; and a microprocessor configured to; use a user password for encrypting a clear key to produce the encrypted key and, in turn, for decrypting the encrypted key to produce the clear key, and use the clear key to decrypt the encrypted form of the user data read from the secure user area, and to encrypt the user data received from the host device thereby producing the encrypted form of the user data; wherein the user password is generated by a user of the secure portable storage device; wherein the microprocessor is further configured to control access from the host device to the secure user area such that the access is allowed only upon the microprocessor receiving the user password; and wherein, upon receiving the user password, the secure portable storage device is remounted to the host device by disconnecting a communication link between the secure portable storage device and the host device and then reconnecting the communication link between the secure portable storage device and the host device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A secure portable storage device connectable to a host device, the secure portable storage device comprising:
-
an interface to a host device; and a storage medium including; a secure user area for storing user data; and registers including; a password register for storing therein a clear or hash version of a user password, which user password being user-generated; and a key register for storing therein an encrypted key which is a clear key encrypted by the user password, wherein decryption of the encrypted key with the user password exposes the clear key, the clear key being exposable for use thereof in encrypting and decrypting user data communicated via the interface; wherein the secure portable storage device is configured to bar access from the host device to the secure user area unless the secure portable storage device receives a user-entered password, via the interface, and matches the user-entered password with the clear or hash version thereof in the password register, and if there is such match the secure portable storage device is further configured to prompt the host device to remount the secure portable storage device to the host device by disconnecting a communication link between the secure portable storage device and the host device and then reconnecting the communication link between the secure portable storage device and the host device. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A method for accessing a secure user area of a secure portable storage device, the method comprising:
performing by a secure portable storage device that has an interface to a host device and a storage medium including a secure user area for storing user data, a password register for storing therein a clear or hash version of a user password which is user-generated, and a key register for storing therein an encrypted key, which is a clear key encrypted by the user password; receiving a user-entered password from the host device via the interface; matching the user-entered password with the clear or hash version of the user password stored in the password register; in response to such matching, prompting the host device to remount the secure portable storage device to the host device and providing the host device with access to the secure user area; decrypting the encrypted key with the user password to expose the clear key; and performing at least one of; encrypting user data communicated via the interface and decrypting user data communicated via the interface. - View Dependent Claims (14, 15, 16, 17, 18, 19)
Specification