Method for protecting data on a mass storage device and a device for the same

US 9,985,960 B2
Filed: 05/21/2013
Issued: 05/29/2018
Est. Priority Date: 05/23/2012
Status: Active Grant

First Claim

Patent Images

1. A method for protecting data on a mass storage device, said mass storage device comprising a security module and a data storage area, wherein the method comprises:

switching by the mass storage device the data storage area between a protected state, in which accessing the data storage area is forbidden by the security module, and an unprotected state, in which accessing the data storage area is authorized by the security module, wherein the security module comprises a secure cryptoprocessor and switching said data storage area from the protected state to the unprotected state comprises steps of;

generating, by said security module of said mass storage device, a request for a one-time password, the request including a One Time Password (OTP) seed and not including, an OTP, in response to an access attempt to said data storage area;

sending by the mass storage device, over a first communications network, said request for the one-time password, the request including the OTP seed, to a remote server via a computing device connected to the mass storage device;

receiving on a mobile communication device, distinct from said mass storage device and said computing device, over a second communications network, a one-time password, generated by the remote server using the OTP seed included by the security module in the request for the one-time password, in response to the sent request including said OTP seed included in said request for the one-time password, in a text format selected from short-message service (SMS) or email;

providing, by a user of the mobile communication device, said received one-time password to the security module using a user interface of the computing device; and

transitioning, by the security module, the data storage area into the unprotected state, once said provided one-time password is deemed valid by said security module by comparing the provided one-time password to a password computed using said OTP seed included in said request for the one-time password.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting data on a mass storage device. The device has a security module and a data storage area configured to be switched between a protected state, in which accessing the data storage area is forbidden and an unprotected state, in which accessing the data storage area is authorized. Switching the data storage area from the protected state to the unprotected state by sending a request to a remote server, receiving a one-time password on a communication device, in response to the sent request, providing the received one-time password to the security module, authorizing access to the data storage area by the security module, once the provided one-time password is deemed valid by the security module.

45 Citations

13 Claims

1. A method for protecting data on a mass storage device, said mass storage device comprising a security module and a data storage area, wherein the method comprises:
- switching by the mass storage device the data storage area between a protected state, in which accessing the data storage area is forbidden by the security module, and an unprotected state, in which accessing the data storage area is authorized by the security module, wherein the security module comprises a secure cryptoprocessor and switching said data storage area from the protected state to the unprotected state comprises steps of;
  
  generating, by said security module of said mass storage device, a request for a one-time password, the request including a One Time Password (OTP) seed and not including, an OTP, in response to an access attempt to said data storage area;
  
  sending by the mass storage device, over a first communications network, said request for the one-time password, the request including the OTP seed, to a remote server via a computing device connected to the mass storage device;
  
  receiving on a mobile communication device, distinct from said mass storage device and said computing device, over a second communications network, a one-time password, generated by the remote server using the OTP seed included by the security module in the request for the one-time password, in response to the sent request including said OTP seed included in said request for the one-time password, in a text format selected from short-message service (SMS) or email;
  
  providing, by a user of the mobile communication device, said received one-time password to the security module using a user interface of the computing device; and
  
  transitioning, by the security module, the data storage area into the unprotected state, once said provided one-time password is deemed valid by said security module by comparing the provided one-time password to a password computed using said OTP seed included in said request for the one-time password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising rejecting said one-time password when said one-time password is not provided to the security module within a preset amount of time after the sending of the request including an OTP seed.
  - 3. The method of claim 1, further comprising displaying said received one-time password on the communication device.
  - 4. The method of claim 1, wherein providing said one-time password includes inputting said one-time password into a user interface of said computing device connected to the security module.
  - 5. The method of claim 1, wherein transitioning the data storage area into the unprotected state includes decrypting contents of said data storage area.
  - 6. The method of claim 1 wherein the communications device is a mobile computing device.
  - 7. The method of claim 1 wherein the first communication network is the Internet and the second communication network is a short message service (SMS) system.
  - 8. The method of claim 1 wherein the one-time password is received in an email message and the first communication network as well as the second communication network is the Internet.

9. A password-protected mass storage device, comprising:
- a security module comprising a secure cryptoprocessor and a data storage area, said mass storage device being configured to switch said data storage area between a protected state, in which accessing the data storage area is forbidden, and an unprotected state, in which accessing the data storage area is authorized, wherein said module is programmed to switch said data storage area from the protected state to the unprotected state by executing the steps of;
  
  generating, by said security module of said mass storage device, a request for a one-time password, the request including a One Time Password (OTP) seed and not including an OTP, in response to an access attempt to said data storage area;
  
  sending by the mass storage device, over a first communications network, said request for one-time password, the request including the OTP seed, to a remote server via a computing device connected to the mass storage device;
  
  retrieving a one-time password generated by the remote server using the OTP seed, the one-time password provided to the security module on a user interface of a mobile computing device connected to the mass storage device and received, over a second communication network, by a communication device, distinct from said mass storage device and said computing device, in response to the request including said OTP seed included in said request for the one-time password in a text format selected from short-message service (SMS) or email; and
  
  transitioning, by the security module, the data storage area into the unprotected state, once said provided one-time password is deemed valid by said security module by comparing the provided one-time password to a password computed using said OTP seed.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The mass storage device of claim 9, wherein the security module comprises a chip card.
  - 11. The mass storage device of claim 9 wherein the communications device is a mobile computing device.
  - 12. The mass storage device of claim 9 wherein the first communication network is the Internet and the second communication network is a short message service (SMS) system.
  - 13. The mass storage device of claim 9 wherein the one-time password is received in an email message and the first communication network as well as the second communication network is the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Gemalto SA (Thales SA)
Inventors
Chi, Zhaolin
Primary Examiner(s)
LYNCH, SHARON S

Application Number

US14/403,327
Publication Number

US 20150156195A1
Time in Patent Office

1,834 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

H04L 63/0838   using one-time-passwords

Method for protecting data on a mass storage device and a device for the same

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for protecting data on a mass storage device and a device for the same

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links