Apparatus and method for secure data storage
DCFirst Claim
Patent Images
1. A secure mass data storage device operable in conjunction with a host computer, comprising:
- a mass storage media;
a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media;
an encryption/decryption unit in control communication and data communication with the command/sector buffer;
a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit;
a media controller in plaintext control communication and plaintext data communication with the command/sector buffer; and
a host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface.
7 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A computer data storage device for storing confidential data incorporating data encryption and user authentication. The user authentication supports multiple distinct users each having their own PIN code or password and distinct access rights. Attempts to attack the data by multiple unsuccessful login attempts is detected during user authentication and users are locked out until the card is reactivated. A special supervisory Security Officer ID and PIN code or password is provided to allow for the customization and configuration of the device as well as administering the user ID'"'"'s and their access rights.
154 Citations
20 Claims
-
1. A secure mass data storage device operable in conjunction with a host computer, comprising:
-
a mass storage media; a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media; an encryption/decryption unit in control communication and data communication with the command/sector buffer; a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit; a media controller in plaintext control communication and plaintext data communication with the command/sector buffer; and a host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A secure mass data storage device operable in conjunction with a host computer, comprising:
-
a mass storage media; a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media; an encryption/decryption unit in control communication and data communication with the command/sector buffer, wherein the encryption/decryption unit is not a part of the host; a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit, wherein the user authentication unit is not a part of the host; a media controller in plaintext control communication and plaintext data communication with the command/sector buffer; and a host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface, wherein the mass storage media, the command/sector buffer, the encryption/decryption unit, the user authentication unit, the media controller, and the host computer interface are mounted on a single support card that may be connected to the host computer through an externally accessible connector of the host computer. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for retrieving information stored on a secure mass data storage device under control of a user, comprising the steps of:
-
providing the secure mass data storage device operable in conjunction with a host computer and comprising a mass storage media, a command/sector buffer in cyphertext control communication and cyphertext data communication with the mass storage media, an encryption/decryption unit in control communication and data communication with the command/sector buffer, a user authentication unit operable to provide a cryptokey and in cryptokey communication to the encryption/decryption unit, a media controller in plaintext control communication and plaintext data communication with the command/sector buffer, and a host computer interface in plaintext control communication and plaintext data communication with the media controller, wherein the cryptokey communication of the user authentication unit to the encryption/decryption unit does not pass through the host computer interface; the user providing a personal identification input to the user authentication unit; the user authentication unit providing a cryptokey to the encryption/decryption unit; the command/sector buffer retrieving data in cyphertext form from the mass storage media and deencrypting the data to plaintext data with the encryption/decryption unit using the cryptokey; and the command/sector buffer supplying the plaintext data to the host computer. - View Dependent Claims (20)
-
Specification