Apparatus and method for secure data storage

US 7,069,447 B1
Filed: 05/10/2002
Issued: 06/27/2006
Est. Priority Date: 05/11/2001
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A secure mass data storage device operable in conjunction with a host computer, comprising:

a mass storage media;

a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media;

an encryption/decryption unit in control communication and data communication with the command/sector buffer;

a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit;

a media controller in plaintext control communication and plaintext data communication with the command/sector buffer; and

a host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface.

View all claims

7 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A computer data storage device for storing confidential data incorporating data encryption and user authentication. The user authentication supports multiple distinct users each having their own PIN code or password and distinct access rights. Attempts to attack the data by multiple unsuccessful login attempts is detected during user authentication and users are locked out until the card is reactivated. A special supervisory Security Officer ID and PIN code or password is provided to allow for the customization and configuration of the device as well as administering the user ID'"'"'s and their access rights.

154 Citations

20 Claims

1. A secure mass data storage device operable in conjunction with a host computer, comprising:
- a mass storage media;
  
  a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media;
  
  an encryption/decryption unit in control communication and data communication with the command/sector buffer;
  
  a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit;
  
  a media controller in plaintext control communication and plaintext data communication with the command/sector buffer; and
  
  a host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The secure mass data storage device of claim 1, wherein the mass storage media, the command/sector buffer, the encryption/decryption unit, the user authentication unit, the media controller, and the host computer interface are mounted on a single support card.
  - 3. The secure mass data storage device of claim 1, wherein the mass storage media, the command/sector buffer, the encryption/decryption unit, the user authentication unit, the media controller, and the host computer interface are mounted on a support card selected from the group consisting of a PCMCIA support card and a Compact Flash.
  - 4. The secure mass data storage device of claim 1, wherein the mass storage media, the command/sector buffer, the encryption/decryption unit, the user authentication unit, the media controller, and the host computer interface are supported on a single support card that may be connected to the host computer through an externally accessible connector of the host computer.
  - 5. The secure mass data storage device of claim 1, wherein the user authentication unit comprises an externally physically accessible personal identification input device.
  - 6. The secure mass data storage device of claim 1, wherein the user authentication unit comprises an externally physically accessible personal identification input device selected from the group consisting of a keyed input device and a biometric sensor.
  - 7. The secure mass data storage device of claim 1, wherein the user authentication unit is not a part of the host computer.
  - 8. The secure mass data storage device of claim 1, wherein the user authentication unit receives personal identification input from a user of the secure mass data storage device, and wherein no personal identification input is communicated through the host computer interface.
  - 9. The secure mass data storage device of claim 1, wherein the encryption/decryption unit is not a part of the host customer.
  - 10. The secure mass data storage device of claim 1, wherein the command/sector buffer and the encryption/decryption unit are implemented as a crypto/system emulator.
  - 11. The secure mass data storage device of claim 1, wherein the user authentication unit is in data communication with the command/sector buffer and with the encryption/decryption unit.
  - 12. The secure mass data storage device of claim 1, wherein the cryptokey comprises two key components, including a user-selected key component and a manufactured key component.
  - 13. The secure mass data storage device of claim 1, wherein the user authentication unit comprises a user privilege list.

14. A secure mass data storage device operable in conjunction with a host computer, comprising:
- a mass storage media;
  
  a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media;
  
  an encryption/decryption unit in control communication and data communication with the command/sector buffer, wherein the encryption/decryption unit is not a part of the host;
  
  a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit, wherein the user authentication unit is not a part of the host;
  
  a media controller in plaintext control communication and plaintext data communication with the command/sector buffer; and
  
  a host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface,wherein the mass storage media, the command/sector buffer, the encryption/decryption unit, the user authentication unit, the media controller, and the host computer interface are mounted on a single support card that may be connected to the host computer through an externally accessible connector of the host computer.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The secure mass data storage device of claim 14, wherein the user authentication unit includes an externally physically accessible personal identification input device.
  - 16. The secure mass data storage device of claim 14, wherein the command/sector buffer comprises a crypto subsystem/emulator.
  - 17. The secure mass data storage device of claim 14, wherein the cryptokey comprises two key components, including a user-selected key component and a manufactured key component.
  - 18. The secure mass data storage device of claim 14, wherein the user authentication unit includes a user privilege list.

19. A method for retrieving information stored on a secure mass data storage device under control of a user, comprising the steps of:
- providing the secure mass data storage device operable in conjunction with a host computer and comprisinga mass storage media,a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media,an encryption/decryption unit in control communication and data communication with the command/sector buffer,a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit,a media controller in plaintext control communication and plaintext data communication with the command/sector buffer, anda host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface;
  
  the user providing a personal identification input to the user authentication unit;
  
  the user authentication unit providing a cryptokey to the encryption/decryption unit;
  
  the command/sector buffer retrieving data in cyphertext form from the mass storage media and deencrypting the data to plaintext data with the encryption/decryption unit using the cryptokey; and
  
  the command/sector buffer supplying the plaintext data to the host computer.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the mass storage media, the command/sector buffer, the encryption/decryption unit, the user authentication unit, the media controller, and the host computer interface are mounted on a single support card, and wherein the step of the user providing the personal identification input includes the step ofproviding the personal identification input to the user authentication unit when the host computer interface is not in communication with the host computer, and wherein the method includes the additional step, after the step of the user providing the personal identification input, ofplacing the host computer interface into communication with the host computer.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Soteria Encryption II, LLC (Brian Yates)
Original Assignee
Corder Engineering, Inc.
Inventors
Corder, Rodney Joe
Primary Examiner(s)
Song, Hosuk

Application Number

US10/143,288
Time in Patent Office

1,509 Days
Field of Search

713/168, 713/182, 713185-186, 713/189, 713192-194, 713/150, 380/200, 380/277
US Class Current

713/189
CPC Class Codes

G06F 21/79   in semiconductor storage me...

G06F 21/80   in storage media based on m...

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0844   with user authentication or...

H04L 9/3231   Biological data, e.g. finge...

Apparatus and method for secure data storage

First Claim

7 Assignments

Litigations

0 Petitions

Accused Products

Abstract

154 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for secure data storage

First Claim

7 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links