Systems and methods for protecting data stored on removable storage devices by requiring external user authentication

US 8,812,860 B1
Filed: 12/03/2010
Issued: 08/19/2014
Est. Priority Date: 12/03/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for protecting data stored on removable storage devices by requiring external user authentication, at least a portion of the method being performed by a removable storage device comprising at least one processor, the method comprising:

identifying an attempt by a computing device to access encrypted data stored on the removable storage device;

prior to allowing access to the encrypted data, authenticating a user of the computing device by;

obtaining, at the removable storage device, security credentials from the user, wherein the security credentials comprise a time-synchronized password generated by an external authentication device that is valid for only one login session;

verifying, at the removable storage device, the validity of the security credentials;

upon authenticating the user, allowing access to the encrypted data stored on the removable storage device for only one login session.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for protecting data stored on removable storage devices may include (1) identifying an attempt by a computing device to access encrypted data stored on a removable storage device and then, prior to allowing access to the encrypted data, (2) authenticating a user of the computing device by (a) obtaining security credentials from the user that include a time-synchronized authentication code generated by an external authentication device and (b) verifying the validity of the security credentials. Upon authenticating the user, the method may include allowing access to the encrypted data stored on the removable storage device. Various additional methods, systems, and computer-readable media are also disclosed.

Citations

20 Claims

1. A computer-implemented method for protecting data stored on removable storage devices by requiring external user authentication, at least a portion of the method being performed by a removable storage device comprising at least one processor, the method comprising:
- identifying an attempt by a computing device to access encrypted data stored on the removable storage device;
  
  prior to allowing access to the encrypted data, authenticating a user of the computing device by;
  
  obtaining, at the removable storage device, security credentials from the user, wherein the security credentials comprise a time-synchronized password generated by an external authentication device that is valid for only one login session;
  
  verifying, at the removable storage device, the validity of the security credentials;
  
  upon authenticating the user, allowing access to the encrypted data stored on the removable storage device for only one login session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the time-synchronized password is generated by the external authentication device using:
    - a timestamp obtained from a real-time clock that has been synchronized with an additional real-time clock located within the removable storage device;
      
      a seed value associated with the removable storage device.
  - 3. The method of claim 1, wherein the security credentials further comprise at least one of:
    - a username;
      
      a personal identification number;
      
      biometric data.
  - 4. The method of claim 1, wherein verifying, at the removable storage device, the validity of the security credentials comprises:
    - obtaining a timestamp from a real-time clock located within the removable storage device that has been synchronized with an additional real-time clock associated with the external authentication device;
      
      calculating, using both the timestamp and a seed value securely stored within the removable storage device, an expected password;
      
      determining, by comparing the expected password with the time-synchronized password provided by the user, that the expected password matches the time-synchronized password provided by the user.
  - 5. The method of claim 1, wherein allowing access to the encrypted data stored on the removable storage device for only one login session comprises decrypting the encrypted data using a secure cryptoprocessor located within the removable storage device.
  - 6. The method of claim 1, further comprising:
    - identifying a subsequent attempt by the computing device to access the encrypted data stored on the removable storage device;
      
      determining that the subsequent attempt to access the encrypted data represents a potential security risk;
      
      denying access to the encrypted data stored on the removable storage device.
  - 7. The method of claim 6, wherein determining that the subsequent attempt to access the encrypted data represents a potential security risk comprises at least one of:
    - determining that a password provided during the subsequent attempt indicates that the subsequent attempt represents a potential security risk;
      
      determining that more than a predetermined number of failed user-authentication attempts have occurred.
  - 8. The method of claim 7, wherein determining that the password provided during the subsequent attempt indicates that the subsequent attempt represents a potential security risk comprises at least one of:
    - determining, by comparing an expected password with the password provided during the subsequent attempt, that the expected password does not match the password provided during the subsequent attempt;
      
      determining that the password provided during the subsequent attempt represents an instruction from the external authentication device to deny access to the encrypted data stored on the removable storage device.
  - 9. The method of claim 6, wherein denying access to the encrypted data stored on the removable storage device comprises at least one of:
    - erasing the encrypted data from the removable storage device;
      
      erasing a cryptographic key used to encrypt/decrypt the encrypted data from the removable storage device;
      
      locking the removable storage device.
  - 10. The method of claim 1, further comprising:
    - determining that more than a predetermined amount of time has passed since the user was successfully authenticated;
      
      re-authenticating the user prior to allowing continued access to the encrypted data stored on the removable storage device.
  - 11. The method of claim 1, wherein the external authentication device comprises:
    - an authentication server;
      
      a security token.
  - 12. The method of claim 1, wherein the removable storage device comprises:
    - a flash memory device;
      
      a magnetic memory device;
      
      an optical memory device.

13. A computer-implemented method for authenticating users of removable storage devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- receiving a request from a user for a password for accessing a removable storage device;
  
  authenticating the user by;
  
  obtaining security credentials from the user;
  
  verifying the validity of the security credentials;
  
  generating a time-synchronized password for the user that is valid for only one login session using;
  
  a timestamp obtained from a real-time clock that has been synchronized with an additional real-time clock located within the removable storage device;
  
  a seed value associated with the removable storage device;
  
  providing the time-synchronized password to the user to enable the user to provide the time-synchronized password to the removable storage device to gain access to the encrypted data for the only one login session.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the security credentials comprise at least one of:
    - a unique identifier associated with the removable storage device;
      
      a username;
      
      a personal identification number;
      
      biometric data.
  - 15. The method of claim 13, wherein providing the time-synchronized password to the user comprises providing the time-synchronized password to the user via at least one of:
    - email;
      
      phone;
      
      a text message;
      
      a client-server Internet session.
  - 16. The method of claim 13, further comprising:
    - receiving an instruction from the user to deny subsequent access to the removable storage device;
      
      upon receiving a subsequent password request from an additional user, generating a password that represents an instruction to deny access to the encrypted data on the removable storage device;
      
      providing the password to the additional user.
  - 17. The method of claim 16, wherein the instruction to deny access to the encrypted data on the removable storage device comprises at least one of:
    - an instruction to erase the encrypted data from the removable storage device;
      
      an instruction to erase a cryptographic key used to encrypt/decrypt the encrypted data from the removable storage device;
      
      an instruction to lock the removable storage device.

18. A removable storage device comprising:
- memory;
  
  an authentication module programmed to;
  
  identify an attempt by a computing device to access encrypted data stored in the memory of the removable storage device;
  
  prior to allowing access to the encrypted data, authenticate a user of the computing device by;
  
  obtaining, at the removable storage device, security credentials from the user, wherein the security credentials comprise a time-synchronized password generated by an external authentication device that is valid for only one login session;
  
  verifying, at the removable storage device, the validity of the security credentials;
  
  upon authenticating the user, allow access to the encrypted data stored in the memory of the removable storage device for only one login session;
  
  at least one processor configured to execute the authentication module.
- View Dependent Claims (19, 20)
- - 19. The removable storage device of claim 18, further comprising:
    - a real-time clock that has been synchronized with an additional real-time clock associated with the external authentication device;
      
      a seed value securely stored within the memory of the removable storage device;
      
      wherein the authentication module verifies the validity of the security credentials by;
      
      obtaining a timestamp from the real-time clock;
      
      calculating, using both the timestamp and the seed value, an expected password;
      
      determining, by comparing the expected password with the time-synchronized password provided by the user, that the expected password matches the time-synchronized password provided by the user.
  - 20. The removable storage device of claim 18, further comprising:
    - a cryptographic module programmed to encrypt/decrypt data stored within the memory of the removable storage device;
      
      a secure cryptoprocessor configured to execute the cryptographic module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bray, Ryan
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US12/959,578
Time in Patent Office

1,355 Days
Field of Search

713/182
US Class Current

713/182
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 21/62 Protecting access to data v...

Systems and methods for protecting data stored on removable storage devices by requiring external user authentication

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for protecting data stored on removable storage devices by requiring external user authentication

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links