Secure storage device with offline code entry

US 8,321,953 B2
Filed: 07/14/2006
Issued: 11/27/2012
Est. Priority Date: 07/14/2005
Status: Active Grant

First Claim

Patent Images

1. A portable data storage device comprising:

a memory system comprising a database for storing data;

an encryptor for encrypting and decrypting the data stored within the database;

a module for authorizing access to the data stored within the database, the module comprising;

a file system for maintaining a scrambled database file system comprising a map of the data stored within the database, the file system separated from the database on the portable data storage device; and

an authorization module for authenticating a user code to authorize access to the data stored within the database, wherein the authorization module unscrambles the database file system and generates an authorization signal when the access is authorized;

a user interface for receiving the user code offline, before operationally coupling the portable data storage device to a digital device; and

a controller for communicating with the digital device, wherein the controller provides access to the data stored within the database based on the authorization signal from the authorization module.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system to authorize access to secured data storage can comprise a user interface configured to receive a user code offline from a user to allow access to stored data, circuitry configured to authorize access to the stored data based, at least in part, on the user code and provide access to the stored data, and a storage system configured to store the stored data.

109 Citations

View as Search Results

35 Claims

1. A portable data storage device comprising:
- a memory system comprising a database for storing data;
  
  an encryptor for encrypting and decrypting the data stored within the database;
  
  a module for authorizing access to the data stored within the database, the module comprising;
  
  a file system for maintaining a scrambled database file system comprising a map of the data stored within the database, the file system separated from the database on the portable data storage device; and
  
  an authorization module for authenticating a user code to authorize access to the data stored within the database, wherein the authorization module unscrambles the database file system and generates an authorization signal when the access is authorized;
  
  a user interface for receiving the user code offline, before operationally coupling the portable data storage device to a digital device; and
  
  a controller for communicating with the digital device, wherein the controller provides access to the data stored within the database based on the authorization signal from the authorization module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The storage device of claim 1, further comprising separate chips within the storage device for retaining the database and the module for authorizing access to the data.
  - 3. The storage device of claim 2, wherein the digital device is not able to identify the data stored within the database without the database file system.
  - 4. The storage device of claim 1, wherein a data partition containing the database is mounted when the access is authorized, in response to operationally coupling the storage device to the digital device.
  - 5. The storage device of claim 1, wherein the encryptor is configured to decrypt a security code using the user code.
  - 6. The storage device of claim 5, wherein the authorization module is configured to compare the security code to one or more authentication passwords stored within the file system.
  - 7. The storage device of claim 6, wherein the file system associates each authentication password with a different partition for mounting when the storage device is operationally coupled to the digital device.
  - 8. The storage device of claim 1, wherein the file system maintains a list of user codes associated with different partitions for mounting when the storage device is operationally coupled to the digital device.
  - 9. The storage device of claim 1, wherein the controller is configured to identify the storage device as a compact disc in response to an identification query from the digital device.
  - 10. The storage device of claim 9, wherein the controller provides an automatic authorization check program to determine whether access to the data stored within the database is authorized.
  - 11. The storage device of claim 10, wherein the controller is configured to refuse access to the database when the access is not authorized, as determined by the automatic authorization check program.
  - 12. The storage device of claim 1, further comprising an authorization indicator on the storage device, wherein the device controller is configured to send a signal to the authorization indicator to indicate that access is authorized or denied, and to generate a signal for the authorization indicator to indicate that the storage device is locked.
  - 13. The storage device of claim 1, wherein the user interface comprises means for entering a character.
  - 14. The storage device of claim 1, wherein the user interface comprises means for receiving a voice, fingerprint, or retina scan.
  - 15. The storage device of claim 1, wherein the authorization module is configured to lock the storage device based on a predetermined number of attempts to authorize access, such that the storage device refuses to accept any user code until reset.
  - 16. The storage device of claim 15, wherein the device controller is configured to receive a reset key and the authorization module is configured to determine whether the reset key is authentic prior to resetting the storage device.
  - 17. The storage device of claim 16, wherein the reset key is requestable by authenticating a user identity on a website.
  - 18. The storage device of claim 16, wherein the reset key is receivable on purchase of the storage device.
  - 19. The storage device of claim 1, wherein the access is authorized only for a predetermined amount of time before reauthorization is required, unless the storage device is operationally coupled to the digital device.
  - 20. The storage device of claim 19, wherein re-authorization is required after a predetermined period of inactivity when the storage device is operationally coupled to the digital device, such that the access is denied until the re-authorization.
  - 21. The storage device of claim 1, further comprising a connector for operationally coupling the storage device to the digital device.
  - 22. The storage device of claim 21, wherein the connector comprises a USB connector.
  - 23. The storage device of claim 1, further comprising wireless means for operationally coupling the storage device to the digital device.

24. A method comprising:
- receiving a user code from a user interface on a portable data storage device, wherein the user code is received offline, before operationally coupling the portable data storage device to receive commands from a processor;
  
  authenticating the user code to authorize access to data stored within a database on the portable data storage device;
  
  upon authorization, descrambling a database file system maintained by a file system separated from the database on the portable data storage device, wherein the database file system comprises a map to identify the data stored within the database;
  
  in response to the operational coupling, mounting a partition containing the database;
  
  decrypting the data stored within the database; and
  
  providing access to the data stored within the database to the processor.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, further comprising encrypting data transmitted from the processor and storing the encrypted data within the database.
  - 26. The method of claim 24, wherein the file system and the database are provided on separate chips within the portable data storage device.
  - 27. The method of claim 24, wherein the processor is not able to identify the data stored within the database without the database file system.
  - 28. The method of claim 24, further comprising maintaining a list of different partitions within the file system, wherein mounting the partition containing the database comprises mounting one of the different partitions based on the user code.
  - 29. The method of claim 24, further comprising:
    - in response to an identification query from the processor, identifying the storage device as a compact disc;
      
      providing an automatic authorization check program to the processor, wherein the automatic authorization check program determines whether access to the data stored within the database is authorized; and
      
      refusing access to the database when the access is not authorized, as determined by the automatic authorization check program.
  - 30. The method of claim 24, further comprising locking the storage device based on a predetermined number of attempts to authorize access, such that the storage device refuses to authorize the access until reset.

31. A portable memory device comprising:
- a USB connector for operationally coupling the device to a host system;
  
  a memory system comprising a database for storing data;
  
  an encryptor connected to the memory system for encrypting and decrypting the data;
  
  a user interface connected to the encryptor for receiving a user code to access the data, wherein the user code is received offline, before operationally coupling to the host system;
  
  a controller connected to the encryptor for providing the host system access to the data by mounting a partition containing the database in response to the operational coupling, when the access is authorized; and
  
  a module connected to the controller and separated from the database on the device, the module separated from the database comprising;
  
  an authorization module for authorizing the access by authenticating the user code; and
  
  a file system maintaining a scrambled database file system configured to identify the data stored within the database, wherein the authorization module descrambles the database file system when the access is authorized.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The device of claim 31, wherein the database and the module separated from the database are retained on separate chips on the portable memory device.
  - 33. The device of claim 31, wherein the file system maintains a list of user codes associated with different partitions and the controller mounts the partition containing the database based on the list and the user code.
  - 34. The device of claim 31, wherein the authorization module is configured to lock the storage device based on a predetermined number of attempts to authorize access, such that the device refuses to authorize the access until reset.
  - 35. The device of claim 31, wherein the controller is configured to refuse access to the database when the access is not authorized, as determined by an automatic authorization check program provided to the host system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kingston Digital, Inc. (Kingston Technology Corporation)
Original Assignee
Imation Corporation (Glassbridge Enterprises, Inc.)
Inventors
Jevans, David Alexander
Primary Examiner(s)
Popham, Jeffrey D

Application Number

US11/486,799
Publication Number

US 20070016743A1
Time in Patent Office

2,328 Days
Field of Search

726/27, 707/825
US Class Current

726/27
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/79   in semiconductor storage me...

Secure storage device with offline code entry

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage device with offline code entry

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links