Method for controlling information supplied from memory device

US 8,266,711 B2
Filed: 11/06/2006
Issued: 09/11/2012
Est. Priority Date: 07/07/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for supplying information on security features of a memory device, the method comprising:

generating, by a memory device, a response to a query, the memory device storing a control structure which controls access to protected data on the memory device, the control structure including a publicly accessible component and a plurality of confidential components to which access is restricted to only authenticated entities, wherein different authenticated entities have access to different confidential components, such that an authenticated entity is authorized to access part but not all of the plurality of confidential components, and wherein the publicly accessible component and the plurality of confidential components control access to the protected data on the memory device, the generating includes;

(a) if the query is for the publicly accessible component, obtaining the publicly accessible component and including it in the response; and

(b) if the query is for one of the plurality of confidential components, obtaining such confidential component, provided that an entity which sent the query is authenticated to the memory device and is allowed to access this confidential component, and including such obtained confidential component in the response; and

(c) supplying the response to the query.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A memory storing public and confidential information is removably connected to a host device. General information on data stored in memory devices is accessible to the host device without authentication. Only a portion of confidential information stored in the memory device is accessible through the host device to an authenticated entity, where the entity has access rights to such portion. The entity is not able to access other portions of confidential information to which it has no rights. The public and confidential information is stored in a non-volatile storage medium, and a controller controls the supply of information. Preferably, the non-volatile storage medium and the controller are enclosed in a housing.

Citations

20 Claims

1. A method for supplying information on security features of a memory device, the method comprising:
- generating, by a memory device, a response to a query, the memory device storing a control structure which controls access to protected data on the memory device, the control structure including a publicly accessible component and a plurality of confidential components to which access is restricted to only authenticated entities, wherein different authenticated entities have access to different confidential components, such that an authenticated entity is authorized to access part but not all of the plurality of confidential components, and wherein the publicly accessible component and the plurality of confidential components control access to the protected data on the memory device, the generating includes;
  
  (a) if the query is for the publicly accessible component, obtaining the publicly accessible component and including it in the response; and
  
  (b) if the query is for one of the plurality of confidential components, obtaining such confidential component, provided that an entity which sent the query is authenticated to the memory device and is allowed to access this confidential component, and including such obtained confidential component in the response; and
  
  (c) supplying the response to the query.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the publicly accessible component is included in the response irrespective of whether the entity which sent the query has been authenticated or not.
  - 3. The method of claim 1, wherein each of the plurality of confidential components comprises a shared portion and an unshared portion, the shared portion being supplied to all authenticated entities and the unshared portion being supplied only to one authenticated entity.
  - 4. The method of claim 3, wherein the memory device stores therein software applications having life cycle states, and the shared portion of the plurality of confidential components includes names of software applications and their life cycle states.
  - 5. The method of claim 3, wherein the control structure comprises at least one sub-control structure, and wherein the query includes a list of the at least one sub-control structure.
  - 6. The method of claim 5, wherein the at least one sub-control structure comprises at least one root access control record, and wherein the shared portion includes a list of the at least one root access control record.
  - 7. The method of claim 1, wherein the plurality of confidential components includes at least one of the following:
    - names and access rights to partitions, names and access rights to keys and software applications, at least one child sub-control structure, secure data objects and identity objects.
  - 8. The method of claim 1, wherein the publicly accessible component includes a list of software applications on the memory device and their running states.
  - 9. The method of claim 1, wherein the publicly accessible component and the plurality of confidential components are supplied in at least one group of information objects, with one of the groups sent in response to each query in a sequence of queries.
  - 10. The method of claim 9, wherein each group of information objects comprises not more than 512 bytes.

11. A memory device comprising:
- a non-volatile storage medium storing a control structure which controls access to protected data on the memory device, the control structure including a publicly accessible component and a plurality of confidential components to which access is restricted to only authenticated entities, wherein different authenticated entities have access to different confidential components, such that an authenticated entity is authorized to access part but not all of the plurality of confidential components, and wherein the publicly accessible component and the plurality of confidential components control access to the protected data on the memory device; and
  
  a controller in communication with the non-volatile storage medium and operative to generate a response to a query, the generating includes;
  
  (a) if the query is for the publicly accessible component, obtaining the publicly accessible component and including it in the response; and
  
  (b) if the query is for one of the plurality of confidential components, obtaining such confidential component, provided that an entity which sent the query is authenticated to the memory device and is allowed to access this confidential component, and including such obtained confidential component in the response; and
  
  (c) supplying the response to the query.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The memory device of claim 11, wherein the publicly accessible component is included in the response irrespective of whether the entity which sent the query has been authenticated or not.
  - 13. The memory device of claim 11, wherein each of the plurality of confidential components comprises a shared portion and an unshared portion, the shared portion being supplied to all authenticated entities and the unshared portion being supplied only to one authenticated entity.
  - 14. The memory device of claim 13, wherein the non-volatile storage medium stores therein software applications having life cycle states, and wherein the shared portion of the plurality of confidential components includes names of software applications and their life cycle states.
  - 15. The memory device of claim 13, wherein the control structure comprises at least one sub-control structure, and wherein the query includes a list of the at least one sub-control structure.
  - 16. The memory device of claim 15, wherein the at least one sub-control structure comprises at least one root access control record, and wherein the shared portion includes a list of the at least one root access control record.
  - 17. The memory device of claim 11, wherein the plurality of confidential components includes at least one of the following:
    - names and access rights to partitions, names and access rights to keys and software applications, at least one child sub-control structure, secure data objects and identity objects.
  - 18. The memory device of claim 11, the publicly accessible component includes a list of software applications on the memory device and their running states.
  - 19. The memory device of claim 11, wherein the publicly accessible component and the plurality of confidential components are supplied in at least one group of information objects, with one of the groups sent in response to each query in a sequence of queries.
  - 20. The memory device of claim 19, wherein each group of information objects comprises not more than 512 bytes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Holtzman, Michael, Barzilai, Ron, Jogand-Coulomb, Fabrice
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
GUIRGUIS, MICHAEL M

Application Number

US11/557,052
Publication Number

US 20080022413A1
Time in Patent Office

2,136 Days
Field of Search

726/27, 726/17, 711/163
US Class Current

726/27
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 21/78 to assure secure storage of...

Method for controlling information supplied from memory device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for controlling information supplied from memory device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links