SELF-ENCRYPTING DRIVE

US 20180307869A1
Filed: 06/28/2018
Published: 10/25/2018
Est. Priority Date: 09/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting a connection to a data storage device having a data channel that is locked, the data storage device further comprising a memory, an authentication subsystem having authentication information and an encryption key, an encryption engine, and a wireless transceiver for radiofrequency communications;

receiving user authentication input, via the wireless transceiver, while the data channel is locked;

unlocking the data channel of the data storage device based on the received user authentication input and the authentication information of the authentication subsystem; and

while the data channel is unlocked;

encrypting, with the encryption key, data received through the data channel before storing the encrypted data in the memory; and

decrypting, with the encryption key, data read from the memory before sending the decrypted data through the data channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data security system, and a method of operation thereof, includes a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.

141 Citations

20 Claims

1. A method comprising:
- detecting a connection to a data storage device having a data channel that is locked, the data storage device further comprising a memory, an authentication subsystem having authentication information and an encryption key, an encryption engine, and a wireless transceiver for radiofrequency communications;
  
  receiving user authentication input, via the wireless transceiver, while the data channel is locked;
  
  unlocking the data channel of the data storage device based on the received user authentication input and the authentication information of the authentication subsystem; and
  
  while the data channel is unlocked;
  
  encrypting, with the encryption key, data received through the data channel before storing the encrypted data in the memory; and
  
  decrypting, with the encryption key, data read from the memory before sending the decrypted data through the data channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, further comprising:
    - transmitting the encryption key from the authentication subsystem to the encryption engine based on the unlocking, wherein the encryption key is not stored in the memory of the data storage device, wherein the encryption key is not accessible from an outside of the data storage device.
  - 3. The method as recited in claim 1, wherein receiving the user authentication input further comprises:
    - communicating with an application in a mobile device via the wireless transceiver; and
      
      receiving the user authentication input from the mobile device.
  - 4. The method as recited in claim 1, wherein receiving the user authentication input further comprises:
    - communicating with an application in a mobile device via the wireless transceiver, wherein the application includes a user interface for entering the user authentication input by a user, and when the user authentication input is validated by a remote server, the remote server sends a confirmation to the application; and
      
      receiving, by the data storage device, the user authentication input from the mobile device after the user is validated by the remote server.
  - 5. The method as recited in claim 4, further comprising:
    - receiving a command to change the authentication information from the application in the mobile device after the application in the mobile device receives the command to change the authentication information from the remote server.
  - 6. The method as recited in claim 4, wherein the application in the mobile device allows the mobile device to lock the data storage device, unlock the data storage device, change a user name, change the authentication information, and reset the data storage device.
  - 7. The method as recited in claim 4, wherein the application in the mobile device enables the remote server to reset the data storage device and to unlock the data storage device.
  - 8. The method as recited in claim 4, wherein the application in the mobile device enables the remote server to restrict use of the data storage device to specific locations using geo-fencing.
  - 9. The method as recited in claim 4, wherein the application in the mobile device enables the remote server to restrict use of the data storage device to specific time zones and time periods.
  - 10. The method as recited in claim 1, wherein the data channel is a computer bus interface such as serial AT Attachment (SATA).
  - 11. The method as recited in claim 1, wherein the radiofrequency communications is one of Wireless Fidelity (WiFi), Bluetooth (BT), Bluetooth Smart (BLE), Near Field Communication (NFC), or cellular communication.

12. A data storage device comprising:
- a memory;
  
  a data channel that is locked until a user is authenticated;
  
  a wireless transceiver for radiofrequency communications, the wireless transceiver being configured for receiving user authentication input;
  
  an authentication subsystem having authentication information and an encryption key, the authentication subsystem unlocking the data channel of the data storage device based on the received user authentication input and the authentication information; and
  
  an encryption engine for encrypting, with the encryption key, data received through the data channel before storing the encrypted data in the memory, and for decrypting, with the encryption key, data read from the memory before sending the decrypted data through the data channel.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The data storage device as recited in claim 12, wherein the authentication subsystem transmits the encryption key to the encryption engine based on the unlocking, wherein the encryption key is not stored in the memory of the data storage device, wherein the encryption key is not accessible from the outside of the data storage device.
  - 14. The data storage device as recited in claim 12, wherein receiving the user authentication input further comprises:
    - communicating with an application in a mobile device via the wireless transceiver; and
      
      receiving the user authentication input from the mobile device.
  - 15. The data storage device as recited in claim 12, wherein receiving the user authentication input further comprises:
    - communicating with an application in a mobile device via the wireless transceiver, wherein the application includes a user interface for entering the user authentication input by a user, and when the user authentication input is validated by a remote server, the remote server sends a confirmation to the application; and
      
      receiving, by the data storage device, the user authentication input from the mobile device after the user is validated by the remote server.
  - 16. The data storage device as recited in claim 15, wherein the authentication subsystem is configured for receiving a command to change the authentication information from the application in the mobile device after the application in the mobile device receives the command to change the authentication information from the remote server.

17. A non-transitory machine-readable storage medium including instructions that, when executed by a machine, cause the machine to perform operations comprising:
- detecting a connection to a data storage device having a data channel that is locked, the data storage device further comprising a memory, an authentication subsystem having authentication information and an encryption key, an encryption engine, and a wireless transceiver for radiofrequency communications;
  
  receiving user authentication input, via the wireless transceiver, while the data channel is locked;
  
  unlocking the data channel of the data storage device based on the received user authentication input and the authentication information of the authentication subsystem; and
  
  while the data channel is unlocked;
  
  encrypting, with the encryption key, data received through the data channel before storing the encrypted data in the memory; and
  
  decrypting, with the encryption key, data read from the memory before sending the decrypted data through the data channel.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory machine-readable storage medium as recited in claim 17, wherein the machine further performs operations comprising:
    - transmitting the encryption key from the authentication subsystem to the encryption engine based on the unlocking, wherein the encryption key is not stored on the memory of the data storage device, wherein the encryption key is not accessible from the outside of the data storage device.
  - 19. The non-transitory machine-readable storage medium as recited in claim 17, wherein receiving the user authentication input further comprises:
    - communicating with an application in a mobile device via the wireless transceiver; and
      
      receiving the user authentication input from the mobile device.
  - 20. The non-transitory machine-readable storage medium as recited in claim 17, wherein receiving the user authentication input further comprises:
    - communicating with an application in a mobile device via the wireless transceiver, wherein the application includes a user interface for entering the user authentication input by a user, and when the user authentication input is validated by a remote server, the remote server sends a confirmation to the application; and
      
      receiving, by the data storage device, the user authentication input from the mobile device after the user is validated by the remote server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ClevX LLC
Original Assignee
ClevX LLC
Inventors
Bolotin, Lev M., Lemelev, Alex, Singer, Marc

Granted Patent

US 10,754,992 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

H04L 63/083   using passwords cryptograph...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

SELF-ENCRYPTING DRIVE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

141 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SELF-ENCRYPTING DRIVE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links