Self-encrypting module with embedded wireless user authentication

US 10,778,417 B2
Filed: 08/16/2018
Issued: 09/15/2020
Est. Priority Date: 09/27/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more computer processors;

a data channel connected to the one or more computer processors; and

a self-encrypting device connected to the data channel, the self-encrypting device comprising;

an authentication subsystem comprising an authentication controller;

an encryption engine;

a storage media that stores encrypted data that is encrypted with an encryption key provided by the authentication subsystem;

a radio frequency (RF) transceiver for communications outside the data channel; and

a data interface of an interface controller coupled with the data channel, the data interface being locked from sending and receiving data until the self-encrypting device is unlocked by the authentication subsystem with user-authentication information received via the RF transceiver.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer programs are presented for a self-encrypting device (SED) incorporated into a host system. In one example, the host system includes a memory, a processor, a data channel in communication with the memory and the processor, and the SED. The SED comprises an authentication subsystem, a storage subsystem that stores encrypted data that is encrypted with an encryption key provided by the authentication subsystem, a radio frequency (RF) transceiver, and a data interface in electrical contact with the data channel. The data interface is locked from sending and receiving data until the SED is unlocked by the authentication subsystem with user-authentication information received via the RF transceiver.

257 Citations

20 Claims

1. A system comprising:
- one or more computer processors;
  
  a data channel connected to the one or more computer processors; and
  
  a self-encrypting device connected to the data channel, the self-encrypting device comprising;
  
  an authentication subsystem comprising an authentication controller;
  
  an encryption engine;
  
  a storage media that stores encrypted data that is encrypted with an encryption key provided by the authentication subsystem;
  
  a radio frequency (RF) transceiver for communications outside the data channel; and
  
  a data interface of an interface controller coupled with the data channel, the data interface being locked from sending and receiving data until the self-encrypting device is unlocked by the authentication subsystem with user-authentication information received via the RF transceiver.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system as recited in claim 1, wherein the self-encrypting device authenticates a user without use of the one or more computer processors of the system.
  - 3. The system as recited in claim 1, wherein the RF transceiver is configured for receiving, from a mobile device, the user-authentication information, the mobile device being separate from the one or more computer processors, wherein the self-encrypting device is configured for unlocking the data interface in response to receiving the user-authentication information from the mobile device.
  - 4. The system as recited in claim 3, wherein the RF transceiver is configured for using independent encryption in RF communications with the mobile device, the independent encryption being separate from encryption provided by a communication protocol for the RF communications.
  - 5. The system as recited in claim 3, wherein an application in the mobile device provides a user interface for obtaining the user-authentication information from a user.
  - 6. The system as recited in claim 3, wherein an application in the mobile device authenticates a user by validating the user with a management server, wherein the mobile device sends to the self-encrypting device an unlock command in response to the management server validating the user.
  - 7. The system as recited in claim 1, further comprising:
    - an encryption engine, wherein the authentication subsystem stores an encryption key and the authentication subsystem transmits the encryption key to the encryption engine when a user is successfully authenticated.
  - 8. The system as recited in claim 1, wherein the self-encrypting device initializes a timer when a shutdown of the system is detected, wherein the self-encrypting device initializes in an unlocked state if the system is restarted before an expiration of the timer, wherein the self-encrypting device initializes in a locked state if the system is restarted after the expiration of the timer.
  - 9. The system as recited in claim 1, wherein data is transmitted in clear form between the data interface and the data channel.
  - 10. The system as recited in claim 1, wherein the system is one of a laptop, a personal computer, a kitchen appliance, a printer, a scanner, a server, a tablet device, a medical device, a door-unlocking system, a secure access system, an access control device, a home-automation device, a home appliance, a mobile phone, a vehicle, or a smart television set.
  - 11. The system as recited in claim 1, wherein the self-encrypting device further includes a power source for supplying power to the authentication subsystem while self-encrypting device is locked.

12. A method comprising:
- providing a self-encrypting device in a host computer system, the host computer system further having one or more processors and a data channel connected to the one or more processors and connected to the self-encrypting device;
  
  establishing a communication channel between a data interface of the self-encrypting device and the data channel, the communication channel being locked until the self-encrypting device is authenticated;
  
  receiving, via a radio frequency (RF) transceiver of the self-encrypting device for communications outside the data channel, user-authentication information;
  
  unlocking, by an authentication subsystem of the self-encrypting device, the communication channel based on the user-authentication information;
  
  encrypting data, received by the self-encrypting device through the data interface, with an encryption key provided by the authentication subsystem of the self-encrypting device; and
  
  storing the encrypted data in a storage subsystem of the self-encrypting device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method as recited in claim 12, wherein the self-encrypting device authenticates a user without use of the one or more processors of the host computer system.
  - 14. The method as recited in claim 12, further comprising:
    - receiving, via the RF transceiver and from a mobile device, the user-authentication information; and
      
      unlocking the self-encrypting device in response to receiving the user-authentication information via the RF transceiver.
  - 15. The method as recited in claim 14, wherein an application in the mobile device authenticates a user by validating the user with a management server, the method further comprising:
    - receiving an unlock command from the mobile device in response to the management server validating the user.
  - 16. The method as recited in claim 12, wherein the self-encrypting device initializes a timer when a shutdown of the host computer system is detected, wherein the self-encrypting device initializes in an unlocked state if the host computer system is restarted before an expiration of the timer, wherein the self-encrypting device initializes in a locked state if the host computer system is restarted after the expiration of the timer.

17. A non-transitory machine-readable storage medium including instructions that, when executed by a machine, cause the machine to perform operations comprising:
- providing a self-encrypting device in a host computer system, the host computer system further having one or more processors and a data channel connected to the one or more processors and connected to the self-encrypting device;
  
  establishing a communication channel between a data interface of the self-encrypting device and the data channel, the communication channel being locked until the self-encrypting device is authenticated;
  
  receiving, via a radio frequency (RF) transceiver of the self-encrypting device for communications outside the data channel, user-authentication information;
  
  unlocking, by an authentication subsystem of the self-encrypting device, the communication channel based on the user-authentication information;
  
  encrypting data, received by the self-encrypting device through the data interface, with an encryption key provided by the authentication subsystem of the self-encrypting device; and
  
  storing the encrypted data in a storage subsystem of the self-encrypting device.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory machine-readable storage medium as recited in claim 17, wherein the self-encrypting device authenticates a user without use of the one or more processors of the host computer system.
  - 19. The non-transitory machine-readable storage medium as recited in claim 17, wherein the machine further performs operations comprising:
    - receiving, via the RF transceiver and from a mobile device, the user-authentication information; and
      
      unlocking the self-encrypting device in response to receiving the user-authentication information via the RF transceiver.
  - 20. The non-transitory machine-readable storage medium as recited in claim 19, wherein an application in the mobile device authenticates a user by validating the user with a management server, wherein the machine further performs operations comprising:
    - receiving an unlock command from the mobile device in response to the management server validating the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ClevX LLC
Original Assignee
ClevX LLC
Inventors
Bolotin, Lev M., Lemelev, Alex, Singer, Marc
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US16/103,979
Publication Number

US 20190007203A1
Time in Patent Office

761 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/602   Providing cryptographic fac...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 9/0819   Key transport or distributi...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

H04L 9/3297   involving time stamps, e.g....

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/04   Key management, e.g. using ...

H04W 12/043   using a trusted network nod...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/61   Time-dependent

H04W 12/64   using geofenced areas

Self-encrypting module with embedded wireless user authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

257 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Self-encrypting module with embedded wireless user authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

257 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others