Trusted storage and display
First Claim
Patent Images
1. A storage token comprising:
- a first bus;
a port configured to connect the storage token to a computer via the first bus, the port supporting bi-directional data communication with the computer over the first bus;
a memory configured to store a hierarchical file system of the storage token;
a display;
an input;
a processor executing a token operating system configured to;
receive, from the computer, a request for access to a hierarchical memory location within the hierarchical file system of the storage token;
present, on the display;
the request for access received from the computer on the display of the storage token, the request being displayed with a depiction of the hierarchical memory location within the hierarchical file system of the storage token;
a confirmation message that the request for access to the hierarchical memory location is verified; and
an instruction for a user to approve or deny the request for access to the hierarchical memory location within the hierarchical file system of the storage token; and
a second bus separate from the first bus, the second bus being configured to connect the display, the input, and the processor executing the token operating system.
2 Assignments
0 Petitions
Accused Products
Abstract
A storage token has a display and a keyboard, or other input device, that allows a user to view a request to access a memory location and enter a response to the request. The display allows presentation of details of the request, such as a pathname to a requested memory location, metadata describing a cryptographic key for use in a transaction confirmation, and/or transaction details which are awaiting verification by a credential stored on the token. The storage token may also include a cryptographic engine and a secure memory allowing signing data returned in response to the request.
9 Citations
27 Claims
-
1. A storage token comprising:
-
a first bus; a port configured to connect the storage token to a computer via the first bus, the port supporting bi-directional data communication with the computer over the first bus; a memory configured to store a hierarchical file system of the storage token; a display; an input; a processor executing a token operating system configured to; receive, from the computer, a request for access to a hierarchical memory location within the hierarchical file system of the storage token; present, on the display; the request for access received from the computer on the display of the storage token, the request being displayed with a depiction of the hierarchical memory location within the hierarchical file system of the storage token; a confirmation message that the request for access to the hierarchical memory location is verified; and an instruction for a user to approve or deny the request for access to the hierarchical memory location within the hierarchical file system of the storage token; and a second bus separate from the first bus, the second bus being configured to connect the display, the input, and the processor executing the token operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method performed by a storage token having a processor and a user interface integral to the storage token, the method comprising:
-
detecting that the storage token is connected to a host at a first time; while the storage token is connected to the host at the first time, accepting a request for access to the storage token from the host; displaying the request for access to the storage token on the user interface, including displaying a reference to a type of the request; detecting that the storage token has been disconnected from the host; while the storage token is disconnected from the host, receiving an instruction via the user interface of the storage token, the instruction corresponding to the request; detecting that the storage token is connected to the host at a second time after receiving the instruction; and providing, to the host, a signed response to the request for access. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A storage token comprising:
-
a processor; computer-readable storage storing executable instructions and a plurality of cryptographic keys; a display; and a cryptographic unit, wherein the executable instructions cause the processor to; create a session when the storage token is coupled to a computer; receive a request via the session for access to the computer-readable storage, the request identifying an individual cryptographic key stored on the computer-readable storage of the storage token; display the request, including an identifier of the individual cryptographic key identified by the request for access to the computer-readable storage of the storage token; receive a personal identification number (PIN); verify that the PIN corresponds to an authorized entity; retrieve data corresponding to the request when the PIN is verified; cause the cryptographic unit to sign the data to form signed data; and respond to the request with the signed data. - View Dependent Claims (21, 22)
-
-
23. A storage token comprising:
-
a user interface; a processor; and computer-readable storage storing executable instructions that cause the processor to; detect that the storage token is connected to a host at a first time; while the storage token is connected to the host at the first time, accept a request for access to the storage token from the host; display the request for access to the storage token on the user interface; detect that the storage token has been disconnected from the host; while the storage token is disconnected from the host, receive an instruction via the user interface of the storage token, the instruction corresponding to the request; detect that the storage token is connected to the host at a second time after receiving the instruction; and provide, to the host, a signed response to the request for access. - View Dependent Claims (24, 25, 26, 27)
-
Specification