Secure storage device with automatic command filtering

US 9,967,252 B2
Filed: 12/09/2015
Issued: 05/08/2018
Est. Priority Date: 05/23/2008
Status: Active Grant

First Claim

Patent Images

1. A removable memory device comprising:

an interface for connecting the removable memory device to a host device;

a data storage coupled to the interface;

a wide area communication interface configured to receive a security message from a remote device, the security message comprising a user data header and message data including a security command; and

a controller coupled to the wide area communication interface and to the data storage and configured to determine whether the remote device is authorized based on an identifier carried by the user data header;

wherein the controller is configured to control access to data based on the security command in the event that the controller determines that the remote device is authorized;

wherein the controller comprises a non-volatile memory storing instructions for controlling access to the data storage based on the security command and wherein the security command comprises a reference to a memory address of the non-volatile memory of the controller and the controller is configured to implement the security command by following instructions associated with that memory address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication and security device for a portable computer is disclosed including a housing, a connector provided on the housing for physical connection to the portable computer, a computer interface coupled to the connector for communicating data with the portable computer, a wireless modem coupled to the computer interface for communicating data between the portable computer and a remote device via a wireless network, a controller configured to control access to the data storage based on an identifier in a security message received via the wireless network.

31 Citations

View as Search Results

18 Claims

1. A removable memory device comprising:
- an interface for connecting the removable memory device to a host device;
  
  a data storage coupled to the interface;
  
  a wide area communication interface configured to receive a security message from a remote device, the security message comprising a user data header and message data including a security command; and
  
  a controller coupled to the wide area communication interface and to the data storage and configured to determine whether the remote device is authorized based on an identifier carried by the user data header;
  
  wherein the controller is configured to control access to data based on the security command in the event that the controller determines that the remote device is authorized;
  
  wherein the controller comprises a non-volatile memory storing instructions for controlling access to the data storage based on the security command and wherein the security command comprises a reference to a memory address of the non-volatile memory of the controller and the controller is configured to implement the security command by following instructions associated with that memory address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The removable memory device of claim 1, comprising an encryption processor coupled between the data storage and the interface for connecting the removable memory device to a host device.
  - 3. The removable memory device of claim 2 wherein the controller is configured to control the encryption processor to control access to data stored in the data storage.
  - 4. The removable memory device of claim 2 wherein the controller is configured to control the encryption processor based on the security command.
  - 5. The removable memory device of claim 2 wherein the controller is configured to inhibit decryption operations of the encryption processor unless the host device provides security information to the remote device.
  - 6. The removable memory device of claim 1 comprising a location determiner coupled to the controller, wherein the controller is configured to transmit, over the wide area communication interface, location information determined by the location determiner to a specified device controlled by an authorised controller of the memory device, to be compared with a stored list of authorised locations, and to enable the controller to determine whether to disable the data storage based on the comparison.
  - 7. The removable memory device of claim 6 comprising an encryption processor wherein the controller is configured to inhibit decryption operations of the encryption processor if it is determined that location information provided by the location determiner does not correspond to an authorised location stored on the removable memory device.
  - 8. The removable memory device of claim 6 wherein the removable memory device is configured to transmit location information provided by the location determiner to a remote device, and to at least one of inhibit and enable decryption operations of the encryption processor in dependence upon authorisation information received from the remote device in response to said location information.
  - 9. The removable memory device of claim 1 comprising a non-volatile memory storing instructions for controlling access to the data storage based on the security command and wherein the security command comprises a reference to a memory address of the non-volatile memory and the controller is configured to implement the security command by following instructions associated with that memory address.

10. A removable memory device comprising:
- an interface for connecting the removable memory device to a host device;
  
  a data storage coupled to the interface;
  
  a wide area communication interface configured to receive a security message from a remote device, the security message comprising a user data header and message data including a security command;
  
  a controller coupled to the wide area communication interface and to the data storage and configured to determine whether the remote device is authorised based on an identifier carried by the user data header;
  
  wherein the controller is configured to control access to the data storage based on the security command in the event that the controller determines that the remote device is authorised;
  
  wherein the controller comprises a non-volatile memory storing instructions for controlling access to the data storage based on the security command and wherein the security command comprises a reference to a memory address of the non-volatile memory of the controller and the controller is configured to implement the security command by following instructions associated with that memory address.
- View Dependent Claims (11, 12, 13)
- - 11. The removable memory device of claim 10 comprising a location determiner coupled to the controller, wherein the controller is configured to transmit, over the wide area communication interface, location information determined by the location determiner to a specified device controlled by an authorized controller of the memory device, to be compared with a stored list of authorized locations, and to enable the controller to determine whether to disable the data storage based on the comparison.
  - 12. The removable memory device of claim 11 comprising an encryption processor wherein the controller is configured to inhibit decryption operations of the encryption processor if it is determined that location information provided by the location determiner does not correspond to an authorized location stored on the removable memory device.
  - 13. The removable memory device of claim 11 wherein the removable memory device is configured to transmit location information provided by the location determiner to a remote device, and to at least one of inhibit and enable decryption operations of the encryption processor in dependence upon authorisation information received from the remote device in response to said location information.

14. A method of securing a memory device the method comprising:
- a memory device receiving a security message via a wide area communication interface, the security message comprising a user header data and message data comprising a security command corresponding to a security function; and
  
  the memory device authenticating the security message based on the user data header;
  
  wherein, in the event that the security message is authenticated, the memory device performs the security function;
  
  controlling access to a data store controlled by the memory device by switching off a power supply to the data store;
  
  wherein the memory device stores instructions for controlling access to the data storage based on the security command and wherein the security command comprises a reference to a memory address of the memory device, the memory device configured to implement the security command by following instructions associated with that memory address.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14 therein the authentication of the security message entails one of:
    - checking that the sender of the security message is included in a list of approved senders; and
      
      , checking whether the message includes a key stored at to the memory device.
  - 16. The method of claim 14 wherein the security function comprises at least one of:
    - to delete data from a data storage;
      
      to disable an encryption processor;
      
      to change or delete an encryption key of the encryption processor;
      
      to delete a directory structure of a data storage;
      
      to overwrite a directory structure of the data storage;
      
      to modify data on the data storage;
      
      to delete nominated data from the data storage;
      
      to read and transmit data from the data storage to a remote device;
      
      to activate a location determining;
      
      to determine the location of the memory device using the location determining;
      
      to transmit location information.
  - 17. The method of claim 14 comprising obtaining location information, and switching off access to a data store controlled by the memory device in the event that the location information indicates that the memory device is not in an authorized location.
  - 18. The method of claim 14 comprising controlling access to a data store controlled by the memory device by controlling a directory structure of the data store;
    - and at least partially overwriting a directory structure of the data store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Exacttrak Limited
Original Assignee
Exacttrak Limited
Inventors
Shaw, Norman, Pragnell, John
Primary Examiner(s)
REHMAN, MOHAMMED H

Application Number

US14/963,360
Publication Number

US 20160094556A1
Time in Patent Office

881 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/14   Protection against unauthor...

G06F 12/1408   by using cryptography for d...

G06F 21/305   by remotely controlling dev...

G06F 21/34   involving the use of extern...

G06F 21/78   to assure secure storage of...

G06F 21/88   Detecting or preventing the...

G06F 2212/1052   Security improvement

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/0428   wherein the data content is...

H04L 63/0492   by using a location-limited...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/12   Applying verification of th...

H04L 63/166   at the transport layer

Secure storage device with automatic command filtering

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage device with automatic command filtering

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links