Method for protecting data on a mass storage device and a device for the same
First Claim
1. A method for protecting data on a mass storage device, said mass storage device comprising a security module and a data storage area, wherein the method comprises:
- switching by the mass storage device the data storage area between a protected state, in which accessing the data storage area is forbidden by the security module, and an unprotected state, in which accessing the data storage area is authorized by the security module, wherein the security module comprises a secure cryptoprocessor and switching said data storage area from the protected state to the unprotected state comprises steps of;
generating, by said security module of said mass storage device, a request for a one-time password, the request including a One Time Password (OTP) seed and not including, an OTP, in response to an access attempt to said data storage area;
sending by the mass storage device, over a first communications network, said request for the one-time password, the request including the OTP seed, to a remote server via a computing device connected to the mass storage device;
receiving on a mobile communication device, distinct from said mass storage device and said computing device, over a second communications network, a one-time password, generated by the remote server using the OTP seed included by the security module in the request for the one-time password, in response to the sent request including said OTP seed included in said request for the one-time password, in a text format selected from short-message service (SMS) or email;
providing, by a user of the mobile communication device, said received one-time password to the security module using a user interface of the computing device; and
transitioning, by the security module, the data storage area into the unprotected state, once said provided one-time password is deemed valid by said security module by comparing the provided one-time password to a password computed using said OTP seed included in said request for the one-time password.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for protecting data on a mass storage device. The device has a security module and a data storage area configured to be switched between a protected state, in which accessing the data storage area is forbidden and an unprotected state, in which accessing the data storage area is authorized. Switching the data storage area from the protected state to the unprotected state by sending a request to a remote server, receiving a one-time password on a communication device, in response to the sent request, providing the received one-time password to the security module, authorizing access to the data storage area by the security module, once the provided one-time password is deemed valid by the security module.
45 Citations
13 Claims
-
1. A method for protecting data on a mass storage device, said mass storage device comprising a security module and a data storage area, wherein the method comprises:
-
switching by the mass storage device the data storage area between a protected state, in which accessing the data storage area is forbidden by the security module, and an unprotected state, in which accessing the data storage area is authorized by the security module, wherein the security module comprises a secure cryptoprocessor and switching said data storage area from the protected state to the unprotected state comprises steps of; generating, by said security module of said mass storage device, a request for a one-time password, the request including a One Time Password (OTP) seed and not including, an OTP, in response to an access attempt to said data storage area; sending by the mass storage device, over a first communications network, said request for the one-time password, the request including the OTP seed, to a remote server via a computing device connected to the mass storage device; receiving on a mobile communication device, distinct from said mass storage device and said computing device, over a second communications network, a one-time password, generated by the remote server using the OTP seed included by the security module in the request for the one-time password, in response to the sent request including said OTP seed included in said request for the one-time password, in a text format selected from short-message service (SMS) or email; providing, by a user of the mobile communication device, said received one-time password to the security module using a user interface of the computing device; and transitioning, by the security module, the data storage area into the unprotected state, once said provided one-time password is deemed valid by said security module by comparing the provided one-time password to a password computed using said OTP seed included in said request for the one-time password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A password-protected mass storage device, comprising:
a security module comprising a secure cryptoprocessor and a data storage area, said mass storage device being configured to switch said data storage area between a protected state, in which accessing the data storage area is forbidden, and an unprotected state, in which accessing the data storage area is authorized, wherein said module is programmed to switch said data storage area from the protected state to the unprotected state by executing the steps of; generating, by said security module of said mass storage device, a request for a one-time password, the request including a One Time Password (OTP) seed and not including an OTP, in response to an access attempt to said data storage area; sending by the mass storage device, over a first communications network, said request for one-time password, the request including the OTP seed, to a remote server via a computing device connected to the mass storage device; retrieving a one-time password generated by the remote server using the OTP seed, the one-time password provided to the security module on a user interface of a mobile computing device connected to the mass storage device and received, over a second communication network, by a communication device, distinct from said mass storage device and said computing device, in response to the request including said OTP seed included in said request for the one-time password in a text format selected from short-message service (SMS) or email; and transitioning, by the security module, the data storage area into the unprotected state, once said provided one-time password is deemed valid by said security module by comparing the provided one-time password to a password computed using said OTP seed. - View Dependent Claims (10, 11, 12, 13)
Specification