Hidden plug-in storage drive for data integrity

US 9,225,527 B1
Filed: 12/31/2014
Issued: 12/29/2015
Est. Priority Date: 08/29/2014
Status: Active Grant

First Claim

Patent Images

1. A storage device for storing data, the storage device comprising:

a secure storage drive including a flash memory storage area;

a first portion of firmware instructions pertaining to access to the secure storage drive, the first portion of firmware instructions having access to unhide information stored on the secure storage drive, the unhide information pertaining to unhiding the secure storage drive;

a second portion of firmware instructions pertaining to access to the flash memory storage area; and

a data access controller configured to utilize the first and second portions of firmware instructions to control access to the secure storage drive and the flash memory storage area;

wherein the first portion of firmware instructions comprise instructions that initiate execution upon connection of the secure storage drive to a computer device, and prevent completion of an enumeration process of the secure storage drive with the computer device unless the computer device provides proper authentication information upon a start of the enumeration process of the secure storage drive with the computer device, the proper authentication information corresponding to the unhide information, andwherein upon receipt of the proper authentication information, the first portion of firmware instructions allows completion of the enumeration process of the secure storage drive with the computer device and allow the second portion of firmware instructions to control access requests from the computer device to the flash memory storage area.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure (e.g., protected) storage drive for use with an associated computer device is disclosed. The secure storage drive allows access only when properly authenticated to the computer device attempting to access the secure storage drive. Additionally, other levels of authentication may be required prior to allowing access. For example, access may only be allowed if both the computer device and a user authenticated to the computer device are recognized by the secure storage drive. If access to the secure storage drive is not permitted, then the secure storage drive may remain hidden and not accessible to the operating system of the computer device. Accordingly, if hidden, no command of the operating system of the computer device can access, alter, or erase data on the secure storage drive.

209 Citations

23 Claims

1. A storage device for storing data, the storage device comprising:
- a secure storage drive including a flash memory storage area;
  
  a first portion of firmware instructions pertaining to access to the secure storage drive, the first portion of firmware instructions having access to unhide information stored on the secure storage drive, the unhide information pertaining to unhiding the secure storage drive;
  
  a second portion of firmware instructions pertaining to access to the flash memory storage area; and
  
  a data access controller configured to utilize the first and second portions of firmware instructions to control access to the secure storage drive and the flash memory storage area;
  
  wherein the first portion of firmware instructions comprise instructions that initiate execution upon connection of the secure storage drive to a computer device, and prevent completion of an enumeration process of the secure storage drive with the computer device unless the computer device provides proper authentication information upon a start of the enumeration process of the secure storage drive with the computer device, the proper authentication information corresponding to the unhide information, andwherein upon receipt of the proper authentication information, the first portion of firmware instructions allows completion of the enumeration process of the secure storage drive with the computer device and allow the second portion of firmware instructions to control access requests from the computer device to the flash memory storage area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The storage device of claim 1, further comprising a USB interface for connection to the computer device.
  - 3. The storage device of claim 1, wherein the first portion of firmware instructions execute prior to the second portion of firmware instructions.
  - 4. The storage device of claim 1, wherein the first portion of firmware instructions execute prior to the second portion of firmware instructions, the first portion of firmware instructions comprising instructions to decrypt at least a portion of authentication information provided by the computer device.
  - 5. The storage device of claim 1, wherein the authentication information comprises two-factor authentication information, and the two-factor authentication information comprises information identifying a user previously authenticated to the computer device.
  - 6. The storage device of claim 1, wherein the authentication information comprises information including biometric access control to identify a user.
  - 7. The storage device of claim 1, wherein the first portion of firmware instructions and the second portion of firmware instructions are (i) integrated as a single set of firmware instructions, and/or (ii) integrated with other firmware instructions executed by the data access controller.
  - 8. The storage device of claim 1, wherein the flash memory storage area comprises an area of memory on a secure digital card.
  - 9. The storage device of claim 1, wherein data in at least a portion of the flash memory storage area is encrypted.
  - 10. The storage device of claim 1, wherein the first portion of firmware instructions execute prior to the second portion of firmware instructions, the first portion of firmware instructions comprising instructions to decrypt at least a portion of authentication information provided by the computer device using a first decryption key;
    - andwherein data in at least a portion of the flash memory storage area is encrypted using a different decryption key than the first decryption key.
  - 11. The storage device of claim 1, wherein the storage device comprises a removable storage device that is capable of being plugged in to the computer device.
  - 12. The storage device of claim 1, wherein the preventing of completion of the enumeration process is not contingent upon one or more previous attempts to authenticate.

13. A computer system configured to access a secure storage drive, the computer system comprising:
- an operating system;
  
  a memory for loading the operating system thereto;
  
  a processor for executing the operating system; and
  
  one or more device drivers, the one or more device drivers providing an interface between physical hardware and the operating system;
  
  wherein a first of the one or more device drivers comprises instructions to interface with a secure storage drive, the instructions to interface comprising instructions to cause the first device driver to;
  
  initiate execution on the processor upon detection of connection of a device that may later be determined to be the secure storage drive;
  
  determine whether or not the device is the secure storage drive;
  
  provide, upon a start of an enumeration process of the secure storage drive with the computer system, unhide information to the secure storage drive based on a determination that the device is the secure storage drive;
  
  receive a response at the processor from the secure storage drive after providing the unhide information; and
  
  provide an interface between the operating system and the secure storage drive if the received response passes one or more authentication criteria, the interface allowing access to a data storage area on the secure storage drive, wherein completion of the enumeration process of the secure storage drive with the computer system is prevented unless the received response passes the one or more authentication criteria.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The computer system of claim 13, wherein the computer system comprises a special purpose computer device configured as a mobile surveillance system.
  - 15. The computer system of claim 13, wherein the instructions to interface with the secure storage drive comprise instructions locked for execution on a specified computer system.
  - 16. The computer system of claim 15, wherein the instructions locked for execution on the specified computer system comprise instructions locked for execution using a central processing unit identification (CPUID) or a media access control (MAC) address.
  - 17. The computer system of claim 13, wherein the instructions to interface with the secure storage drive further comprise instructions to prevent access to the device based on a determination that the device is not the secure storage drive.
  - 18. The computer system of claim 13, wherein the instructions to interface with the secure storage drive further comprise instructions to prevent all access by the operating system to the secure storage drive if the received response fails one or more of the authentication criteria.
  - 19. The computer system of claim 13, wherein the instructions to cause the first device driver to provide unhide information comprise instructions to cause the first device driver to provide at least a portion of the unhide information as encrypted information.
  - 20. The computer system of claim 13, wherein the computer system is configured to transmit metadata to the secure storage drive, assuming the received response has passed the one or more authentication criteria and the interface between the operating system and the secure storage drive has been provided, the metadata comprising information associating audio and/or video data with either a user and/or a device, the audio and/or video data having been stored or to be stored on the secure storage drive, and the user and/or device having been assigned to the secure storage drive and having been authenticated by the computer system and/or the secure storage drive.
  - 21. The computer system of claim 13, wherein the preventing of completion of the enumeration process is not contingent upon one or more previous attempts to authenticate.

22. A non-transitory computer readable medium comprising instructions stored thereon that when executed by a processor cause the processor to configure one or more device drivers on a computer system or computer device, the one or more device drivers providing an interface between physical hardware and an operating system;
- wherein a first of the one or more device drivers comprises instructions to interface with a secure storage drive, the instructions to interface comprising instructions to cause the first device driver to;
  
  initiate execution upon detection of connection of a device that may later be determined to be the secure storage drive;
  
  determine whether or not the device is the secure storage drive;
  
  provide, upon a start of an enumeration process of the secure storage drive with the operating system, unhide information to the secure storage drive based on a determination that the device is the secure storage drive;
  
  receive a response from the secure storage drive after providing the unhide information; and
  
  provide an interface between the operating system and the secure storage drive if the received response passes one or more authentication criteria, the interface allowing access to a data storage area on the secure storage drive, wherein completion of the enumeration process of the secure storage drive with the operating system is prevented unless the received response passes the one or more authentication criteria.
- View Dependent Claims (23)
- - 23. The non-transitory computer readable medium of claim 22, wherein the preventing of completion of the enumeration process is not contingent upon one or more previous attempts to authenticate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Coban Technologies Incorporated (Safe Fleet Holdings LLC)
Original Assignee
Coban Technologies Incorporated (Safe Fleet Holdings LLC)
Inventors
Chang, Hung C
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
Nguyen, Trong

Application Number

US14/588,139
Time in Patent Office

363 Days
Field of Search

726 17- 19, 726/21, 726 26- 30, 726 34- 35
US Class Current

1/1
CPC Class Codes

G06F 12/0246   in block erasable memory, e...

G06F 12/1408   by using cryptography for d...

G06F 16/13   File access structures, e.g...

G06F 16/21   Design, administration or m...

G06F 16/43   Querying

G06F 21/1011   to devices

G06F 21/44   Program or device authentic...

G06F 21/79   in semiconductor storage me...

G06F 2212/1024   Latency reduction

G06F 2212/1052   Security improvement

G06F 2212/7202   Allocation control and poli...

G06F 2212/7207   management of metadata or c...

G06Q 50/26   Government or public servic...

G11B 27/10   Indexing; Addressing; Timin...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3242   involving keyed hash functi...

H04N 21/214   Specialised server platform...

H04N 21/2353   specifically adapted to con...

H04N 21/239   Interfacing the upstream pa...

H04N 21/2543   Billing , e.g. for subscrip...

H04N 21/25816 : involving client authentica...

H04N 21/2743 : Video hosting of uploaded d...

H04N 7/185 : from a mobile camera, e.g. ...

View All

Hidden plug-in storage drive for data integrity

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

209 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Hidden plug-in storage drive for data integrity

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

209 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links