Patent Grant
8321953
1. Field of the Invention
The present invention relates generally to data storage, and more particularly to secure data storage devices.
2. Background Art
As data processing becomes ubiquitous, users are increasingly demanding that data be both mobile and secure. Although networks, such as the Internet, can transmit data from one computer to another, users often must identify and transmit the data they need to the proper destination. Unfortunately, the data may fail to be transmitted due to firewalls, proxies, spam blockers, size limitations, technical error, or human error. Further, it is not always practical for users to guess what data is needed at a future time and the location of the need. The data is also often routed through unsecure servers or network devices which can intercept the data and further compromise security.
As a result of these problems, users often load data on USB memory devices (e.g., a memory stick) and carry data with them. Unfortunately, USB memory devices can be stolen and accessed by thieves. Some USB memory devices have passwords which must be entered on the host computer before accessing the stored data. However, the password can be cracked (e.g., a brute force attack) and the data accessed.
Some USB memory devices lock the stored data after a predetermined number of password attempts have been made to prevent data theft. Unfortunately, the lock is often easy to reset. Further, the attacker can make a copy of the data stored in the USB memory device, enter the predetermined number of password attempts, delete the data, recopy the data, and enter new password attempts. This process can be repeated until successful thereby inevitably accessing the data.
An exemplary system to authorize access to secured data storage comprises a user interface configured to receive a user code offline from a user to allow access to stored data, circuitry configured to authorize access to the stored data based, at least in part, on the user code and provide access to the stored data, and a storage system configured to store the stored data. The system may further comprise a communications interface configured to send a signal to a digital device that the stored data is authorized for access. Also, the circuitry can be further configured to alert the user that access to the stored data is allowed based on the authorization. The system may further comprise a power system to supply power to the circuitry.
In authorizing access to the stored data, the circuitry may be configured to decrypt a security code based on the user code. The circuitry may also be configured to decrypt at least some of the stored data. Further, the circuitry may be configured to send a signal to the digital device to recognize and mount a data partition where the stored data is retained.
The user interface may comprise a numerical keyboard, radial dial, or biometric sensor. The storage system may comprise flash memory or a hard disk drive.
An exemplary method to authorize access to secured data storage comprises receiving a user code offline from a user to allow access to stored data, authorizing access to the stored data based, at least in part, on the user code, and providing access to the stored data.
An exemplary software product to authorize access to secured data storage comprises software operational when executed by a processor to receive a user code offline from a user to allow access to stored data, authorize access to the stored data based, at least in part, on the user code, and provide access to the stored data and a storage medium configured to store the software product.
The embodiments discussed herein are illustrative of one example of the present invention. As these embodiments of the present invention are described with reference to illustrations, various modifications or adaptations of the methods and/or specific structures described may become apparent to those skilled in the art. All such modifications, adaptations, or variations that rely upon the teachings of the present invention, and through which these teachings have advanced the art, are considered to be within the scope of the present invention. Hence, these descriptions and drawings should not be considered in a limiting sense, as it is understood that the present invention is in no way limited to only the embodiments illustrated.
A secure storage device, such as portable memory device, can require the user to input a user code offline to unlock the stored data within the secure storage device. A user code is manually input the secure storage device and comprises a password, code, or a user identifier. The user code can be a unique set of characters that may contain a variety of characters (alphanumeric, numeric, symbols, or special characters). In other embodiments, the user code can comprise a user identifier such as a fingerprint, voice identifier, or retina scan. Entering the user code offline comprises the user entering the user code into the secure storage device before the secure storage device is operationally coupled with a digital device. To be operationally coupled, the secure storage device is coupled with a digital device and is enabled to receive commands and/or data from the digital device. A digital device is any device with a processor capable of sending or receiving data (e.g., a computer, laptop, personal digital assistant, and cell phone).
In one example, the user enters the user code into the secure storage device to authorize access to the stored data. The user can subsequently plug the secure storage device into the digital device. The digital device can then proceed to mount an unlocked data partition and access the stored data. If the user does not enter the user code or enters an incorrect user code and proceeds to plug the secure storage device into the digital device, the digital device may not be able to access the stored data.
By entering the user code directly into the secure storage device rather than through a digital device, neither the stored data nor the device driver may be accessed. In some embodiments, the digital device does not recognize the secure storage device and the media within the secure storage device cannot be mounted until the correct user code is entered. Consequently, the stored data cannot be copied from the secure storage device without a user code. As a result, the stored data cannot be copied from the secure storage device onto another media to attack the user code or apply new software attacks to retrieve the stored data. The danger of theft of the secure storage device is reduced as the thief may not be able to access the stored data.
Referring to
In one example, a user carries stored data within the secure storage device 100. Prior to plugging the secure storage device 100 into a digital device's USB port, the user enters the user code into the secure storage device 100 by turning the user input knob 140 to turn the radial dial input 130 so that one or more code characters 170 are lined up with the code indicator 120. After the correct user code has been entered, the authorization indicator 160 can illuminate or otherwise indicate that access to the stored data has been authorized. The user may then proceed to plug the secure storage device 100 into the digital device to access the stored data.
If the user fails to enter the correct user code but plugs the secure storage device 100 into the digital device, the digital device may fail to recognize the secure storage device 100, fail to mount the digital media within the secure storage device 100, fail to execute the device driver for the secure storage device 100, and/or be unable to access the stored data.
In various embodiments, the user can turn the turn the user input knob 140 to align the code character 170 on the radial dial input 130 with the code indicator 120 and the enter the code character 170 into the secure storage device 100. In one example, the user depresses the user input knob 140 to enter the code character 170 aligned with the code indicator 120. In another example, the user depresses a button (not depicted) to enter the code character 170 into the user code. In some embodiments, there is a switch or button that locks the secure storage device 100 to prevent the user from inputting a user code or code character 170 unintentionally (e.g., while the user is carrying the secure storage device 100 in a pocket).
The USB connector 110 can be coupled to any USB port of the digital device. Although a USB connector 110 is depicted in
In various embodiments, the secure storage device 100 can be physically or wirelessly coupled to the digital device but the connection is not operational until the user code is entered into the secure storage device 100. In one example, the secure storage device 100 comprises the USB connector 110 coupled to the digital device. Until the user code is entered into the secure storage device 100, the digital device may not recognize the secure storage device 100, load the device driver for the secure storage device 100, or mount the media contained within the secure storage device 100.
The storage device housing 150 may contain any type of data storage medium or storage system as well as a power source. The data storage medium (not depicted) may comprise flash memory (e.g., NAND flash or NOR flash memory), a hard drive, ram disk, or any other kind of data storage. A storage system (further described in
Similarly, although the user code input is facilitated by the radial dial input 130, the user input knob 140, and the code indicator 120 in
The authorization indicator 160 displays an indicator when the user code has been accepted and that access to the stored data is authorized. The authorization indicator 160 can comprise a light emitting diode (LED) that emits a light to indicate that the user code has been accepted. In some embodiments, the authorization indicator 160 can generate a light of a first color to indicate user code acceptance (e.g., green) and a second color to indicate that the user code has been rejected (e.g., red). The authorization indicator 160 may comprise multiple LEDs to indicate user code acceptance, rejection, or lockout of the secure storage device 100 (further discussed in
The device controller 200 can comprise the device driver for the secure storage device 100. The device controller 200 controls the communication with the digital device (not depicted) as well as the operations within the secure storage device 100. In some embodiments, the device controller 200 can control a processor or circuitry within the secure storage device 100.
In various embodiments, the device controller 200 receives an identification query from a digital device requesting the type of device of the secure storage device 100. If authorized, the device controller 200 can respond by transmitting a signal to the digital device identifying the secure storage device 100 and allowing any digital media to be mounted within the operating system of the digital device. If not authorized, the device controller 200 may refuse to respond or reject the digital device's attempts to mount the digital media.
In other embodiments, the device controller 200 receives the identification query from the digital device and identifies the secure storage device 100 as a compact disc (CD). The digital device may then attempt to automatically run an authorization check program from the device controller 200. This feature is similar to automatically playing the first song on an audio CD upon loading of the CD. The authorization check program can determine if access to the stored data is authorized. If access to stored data is not authorized, the authorization check program may terminate or the transmission of data between the digital device and the secure storage device 100 may terminate. Further, the device controller 200 may refuse to allow the digital device access to the database 260 and/or refuse to allow the digital media to be mounted.
The device controller 200 may also control the authorization indicator 160 (
The keystore module 210 authorizes access to the stored data within the database 260. The keystore module 210 comprises the authorization module 220 and optionally a file system 230. In some embodiments, the keystore module 210 also comprises one or more authentication passwords to authorize access to the stored data. In other embodiments, the one or more authentication passwords are within the file system 230. An authentication password is a password, code, or key retained the secure storage device 100 to authenticate the user code.
The authorization module 220 receives the user code or a security code (discussed herein) and determines if the user is authorized to access the stored data. In exemplary embodiments, the authorization module 220 determines if the user is authorized to access the stored data based on the user code (or the security code) and the one or more authentication passwords. In one example, the authorization module decrypts an authentication password with user code (or security code). If the decrypted authentication password is correct, then the user may be authorized to access the stored data. If the user is authorized to access the stored data, the authorization module 220 may transmit an authorization signal to the device controller 200 to authorize access. If the user is not authorized, the authorization module 220 may refuse to respond to subsequent attempts to access the data (e.g., locking the secured storage device 100).
In some embodiments, the secure storage device 100 does not comprise authentication passwords. As a result, the authorization module 220 can base the authorization determination on the user code. Those skilled in the art will appreciate that there may be many methods in which the authorization module 220 determine authorization to access the stored data based, at least in part, on the user code or security code.
The file system 230 can maintain a list of one or more authentication passwords and/or the file system of the database 260. In various embodiments, the file system 230 can associate each authentication password with a different partition within the digital media. As a result, separate user codes may access different partitions within the digital media. In one example, a first user code entered by a user may authorize access to a partition with data used at the user's home. A second user code may authorize access to a partition with business data. As a result, a single secure storage device 100 may be shared with co-workers or others which may be allowed to access some, but not all, of the stored data retained within the secure storage device 100. In other embodiments, the file system 230 can maintain a list of one or more user codes associated with the different partitions within the digital media.
Further, in some embodiments, the file system 230 maintains the scrambled database file system of the database 260. The database file system is a map of the stored data retained within the database 260. Without the database file system, the digital device may not be able to identify stored data contained within the database 260. By separating the database file system from the database 260, a thief who removes the database 260 from the secure storage device 100 may fail to steal the database file system. Further, the database file system may be scrambled. The authorization module 220 can unscramble the database file system within the file system 230 or the database 260 when access to the stored data is authorized.
The encryptor 250 functions to encrypt or decrypt security codes, stored data within the database 260, or the file system 230. In exemplary embodiments, the stored data within the database 260 is encrypted. If access to stored data is authorized, the encryptor 250 encrypts data transmitted from the digital device prior to storage within the database 260. Further, as stored data is requested from the database 260, the encryptor 250 can decrypt the stored data prior to transmission of the stored data to the digital device. As a result, the stored data within the database 260 may always be encrypted.
The encryptor 250 can also decrypt the security code using the user code prior to authorization. When the security code is decrypted, the security code may be sent to the authorization module 220 where it may be compared to the one or more authentication passwords within the keystore module 210. In some embodiments, the database 260 and the keystore module 210 are retained on separate chips within the secure storage device 100.
The database 260 can comprise one more databases or other data structures of stored data. The database 260 may be contained within a storage system. The storage system is further discussed in
The user interface module 270 controls the user interface (e.g., the radial dial input 130 in
In step 310, the authorization module 220 (
In step 410, the authorization module 220 determines if access to stored data is authorized. In one example, the authorization module 220 receives and processes the security code. The authorization module 220 can base the authorization determination, at least in part, upon the security code. In other embodiments, the authorization module 220 can bease the authorization determination, at least in part, upon the security code and an authentication password. In an example, the authorization module 220 can retrieve the authentication password from the keystore module 210 (
In step 430, in response to authorization to access the stored data, the encryptor 250 decrypts the encryption key. The encryption key can be used to encrypt data received from the digital device prior to storing within the database 260. Similarly, the encryption key can be used to decrypt stored data received from the database 260 to send to the digital device. The process of encryption/decryption can occur during saving and transmitting data with no appreciable loss of speed. In some embodiments, an encryption key and a separate decryption key are decrypted by the encryptor 250.
Upon authorization, the device controller 200 can descramble the database file system contained within the file system 230. As a result, the data partition containing the database 260 may be mounted once the secure storage device 100 is operationally coupled to the digital device.
In exemplary embodiments, after authorization is indicated, the secure storage device 100 (
In step 440, optionally in response to an identification query from the digital device, the device controller 200 sends a signal to the digital device to identify the secure storage device 100 and mount the data partition. In step 450, the device controller 200 receives a request for stored data from the digital device. The requested stored data is unencrypted by the encryptor 250 with the proper encryption key prior to sending the requested stored data to the digital device in step 460.
In exemplary embodiments, the access to the stored data is authorized only for a predetermined period of time before re-authorization is required. In one example, access to the stored data within the secure storage device 100 remains authorized for two minutes unless the secure storage device 100 is operationally coupled to a digital device during that time.
In other embodiments, re-authorization is required after a predetermined period of inactivity. In one example, access to stored data is authorized and the secure storage device 100 is subsequently operationally coupled to a digital device via a USB connector. If data is not stored on the secure storage device 100 or retrieved from the secure storage device 100 within 30 minutes, then access to stored data may be denied until re-authorization.
In some embodiments, re-authorization is required after the secure storage device 100 is decoupled from the digital device or after the user presses a switch or button to terminate the session. In one example, the user unplugs the secure storage device 100 from a USB port on the digital device which terminates the session and access to the stored data requires re-authorization. It will be apparent to those skilled in the art that there may be many ways to terminate a session and require re-authorization.
In exemplary embodiments, the user can change or otherwise customize the user code. In one example, the user code comprises numbers, letters, symbols, or special characters. The user may enter a customize code to change the user code. In an example, the customize code can be sent from the manufacturer with the secure storage device 100. In another example, the user downloads the customize code from a website. The customize code may be unique to each secure storage device. Further, the customize code may change on every code change or after a predetermined time interval.
The user code can also comprise a fingerprint, voice identifier, or retina scan. In various embodiments, the customize code can be entered into the secure storage device 100 through buttons or switches. The fingerprint, voice identifier, or retina scan can then be entered. The entered fingerprint, voice identifier, or retina scan can then be used as the user code.
In step 510, the authorization module 220 (
In step 540, the device controller 200 locks authorization to the stored data. This “lock out” requires that the secure storage device 100 be reset before access to the stored data is authorized. In some embodiments, a predetermined number of attempts to authorize access occur before the secure storage device 100 is locked out. The device controller 200 can transmit a signal to the authorization indicator 160 (
In exemplary embodiments, the user visits a product website, identifies the secure storage device 100, and requests a reset key. The reset key is a code that resets the secure storage device 100 so that the user can seek access to the stored data. In one example, the user creates an account on a website and must answer specific questions to authenticate the user's identity prior to requesting the reset key. The reset key can change over an interval of time, upon every use, or upon each request for the reset key. In other embodiments, the user receives the reset key upon purchase of the secure storage device 100.
In step 550, the device controller 200 receives the reset key from the user. The reset key can be used to decrypt a reset code prior to resetting the secure storage device 100. Further, the authorization module 220 may determine that the reset key and/or the reset code are authentic prior to resetting.
In step 560, the device controller 200 resets the secure storage device 100. In some embodiments, the device controller 200 transmits a signal to the authorization indicator 160 to indicate that the secure storage device 100 is no longer locked. In some embodiments, the device controller 200 transmits an unlock signal to the authorization module to unlock the secure storage device 100 so that the secure storage device 100 can again receive a user code to access the stored data in step 500.
The memory 610 is any memory configured to store data. Some examples of the memory 610 are storage devices, such as RAM or ROM.
The storage system 620 is any storage configured to retrieve and store data. Some examples of the storage 620 are flash drives, hard drives, optical drives, and/or magnetic tape. The storage system 620 can comprise a database 260 (
The user interface 630 is any device that can receive a user code. The user interface 630 can be, but is not limited to, a radial dial, keypad, or biosensor.
The communication interface 640 can be coupled to any digital device via the link 680. As discussed in
The feedback system 650 is any indicator that signals the user that access to the stored data within the secure storage device 100 is authorized. In some examples, the feedback system 650 can be an LED light or sound. The feedback system 650 may also indicate that access to the stored data is not authorized or that the secure storage device 100 is locked.
The optional power system 660 is any system that can provide power to the secure storage device. The power system 660 can supply power to the secure storage device 100 to receive the user code and authorize access to the stored data. In one example, the power system 660 comprises a rechargeable battery, a replaceable battery, or a capacitor. The batteries or capacitor may be recharged with a power recharger or from power received from the digital device. In some embodiments, the power system 660 is optional, and the user code can be passively received. Once the secure storage device 100 is coupled to the digital device, power can be received from the digital device and the authorization process completed.
In some embodiments, the power system 660 supplies power to the processor 600 when the secure storage device 100 is not coupled to a digital device. In one example, the power system 660 supplies power to the processor 600 during the process of receiving the user code and authorization. Once the secure storage device 100 is coupled to the digital device, the digital device may supply power to the secure storage device.
The above-described functions can be comprised of executable instructions that are stored on storage media. The executable instructions can be retrieved and executed by the processor 600. Some examples of executable instructions are software, program code, and firmware. Some examples of storage media are memory devices, tape, disks, and integrated circuits. The executable instructions are operational when executed by the processor to direct the processor to operate in accord with the invention. Those skilled in the art are familiar with executable instruction processor(s), and storage media
This claims benefit to U.S. provisional patent Ser. No. 60/698,899, filed Jul. 14, 2005, entitled “Secure Storage Device with Offline Password Entry” which is incorporated by reference herein.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4578530 | Zeidler | Mar 1986 | A |
| 5010571 | Katznelson | Apr 1991 | A |
| 5341339 | Wells | Aug 1994 | A |
| 5404485 | Ban | Apr 1995 | A |
| 5479638 | Assar et al. | Dec 1995 | A |
| 5857021 | Kataoka et al. | Jan 1999 | A |
| 5937425 | Ban | Aug 1999 | A |
| 6032227 | Shaheen et al. | Feb 2000 | A |
| 6092196 | Reiche | Jul 2000 | A |
| 6118874 | Okamoto et al. | Sep 2000 | A |
| 6223284 | Novoa | Apr 2001 | B1 |
| 6292899 | McBride | Sep 2001 | B1 |
| 6731536 | McClain | May 2004 | B1 |
| 6763468 | Gupta et al. | Jul 2004 | B2 |
| 6776332 | Allen et al. | Aug 2004 | B2 |
| 6791877 | Miura et al. | Sep 2004 | B2 |
| 6834795 | Rasmussen et al. | Dec 2004 | B1 |
| 6920527 | Cloutier et al. | Jul 2005 | B2 |
| 6961852 | Craft | Nov 2005 | B2 |
| 6987927 | Battaglia et al. | Jan 2006 | B1 |
| 6993661 | Garfinkel | Jan 2006 | B1 |
| 7266699 | Newman et al. | Sep 2007 | B2 |
| 7272723 | Abbott et al. | Sep 2007 | B1 |
| 7275139 | Tormasov et al. | Sep 2007 | B1 |
| 7278025 | Saito et al. | Oct 2007 | B2 |
| 7360091 | Aikawa et al. | Apr 2008 | B2 |
| 7412420 | Holdsworth | Aug 2008 | B2 |
| 7475425 | Bantz et al. | Jan 2009 | B2 |
| 7478248 | Ziv et al. | Jan 2009 | B2 |
| 7631191 | Glazer et al. | Dec 2009 | B2 |
| 7685425 | Wright et al. | Mar 2010 | B1 |
| 7698442 | Krishnamurthy et al. | Apr 2010 | B1 |
| 7757088 | Abdulhayoglu | Jul 2010 | B2 |
| 8015606 | Jevans et al. | Sep 2011 | B1 |
| 20010045451 | Tan et al. | Nov 2001 | A1 |
| 20020029215 | Whitmyer, Jr. | Mar 2002 | A1 |
| 20020046342 | Elteto et al. | Apr 2002 | A1 |
| 20030005336 | Poo et al. | Jan 2003 | A1 |
| 20030041253 | Matsui et al. | Feb 2003 | A1 |
| 20030149670 | Cronce | Aug 2003 | A1 |
| 20030149854 | Yoshino et al. | Aug 2003 | A1 |
| 20030182584 | Banes | Sep 2003 | A1 |
| 20030204735 | Schnitzmeier | Oct 2003 | A1 |
| 20030204754 | Cromer et al. | Oct 2003 | A1 |
| 20030215090 | Saito et al. | Nov 2003 | A1 |
| 20040059925 | Benhammou et al. | Mar 2004 | A1 |
| 20040073797 | Fascenda | Apr 2004 | A1 |
| 20040103288 | Ziv et al. | May 2004 | A1 |
| 20040103325 | Priebatsch | May 2004 | A1 |
| 20040123113 | Mathiassen et al. | Jun 2004 | A1 |
| 20040146015 | Cross et al. | Jul 2004 | A1 |
| 20040148333 | Manion et al. | Jul 2004 | A1 |
| 20040177258 | Ong | Sep 2004 | A1 |
| 20040188710 | Koren et al. | Sep 2004 | A1 |
| 20050015540 | Tsai et al. | Jan 2005 | A1 |
| 20050020315 | Robertson | Jan 2005 | A1 |
| 20050044377 | Huang | Feb 2005 | A1 |
| 20050055519 | Stuart et al. | Mar 2005 | A1 |
| 20050182973 | Funahashi et al. | Aug 2005 | A1 |
| 20060016875 | Bonalle et al. | Jan 2006 | A1 |
| 20060021059 | Brown et al. | Jan 2006 | A1 |
| 20060041932 | Cromer et al. | Feb 2006 | A1 |
| 20060047717 | Pereira | Mar 2006 | A1 |
| 20060069840 | Corbett et al. | Mar 2006 | A1 |
| 20060095688 | Kawamura et al. | May 2006 | A1 |
| 20060117393 | Merry et al. | Jun 2006 | A1 |
| 20060129830 | Haller et al. | Jun 2006 | A1 |
| 20060143476 | McGovern | Jun 2006 | A1 |
| 20060179309 | Cross et al. | Aug 2006 | A1 |
| 20060208066 | Finn et al. | Sep 2006 | A1 |
| 20060224742 | Shahbazi | Oct 2006 | A1 |
| 20060236363 | Heard et al. | Oct 2006 | A1 |
| 20070016756 | Hsieh et al. | Jan 2007 | A1 |
| 20070028033 | Hsieh et al. | Feb 2007 | A1 |
| 20070033330 | Sinclair et al. | Feb 2007 | A1 |
| 20070038802 | Tsai et al. | Feb 2007 | A1 |
| 20070056043 | Onyon et al. | Mar 2007 | A1 |
| 20070067620 | Jevans | Mar 2007 | A1 |
| 20070101434 | Jevans | May 2007 | A1 |
| 20070118898 | Morgan et al. | May 2007 | A1 |
| 20070143530 | Rudelic et al. | Jun 2007 | A1 |
| 20070143532 | Gorobets et al. | Jun 2007 | A1 |
| 20070180509 | Swartz et al. | Aug 2007 | A1 |
| 20070250919 | Shull et al. | Oct 2007 | A1 |
| 20070266421 | Vaidya et al. | Nov 2007 | A1 |
| 20070300031 | Jevans et al. | Dec 2007 | A1 |
| 20070300052 | Jevans | Dec 2007 | A1 |
| 20080005561 | Brown et al. | Jan 2008 | A1 |
| 20090222117 | Kaplan et al. | Sep 2009 | A1 |
| Number | Date | Country |
|---|---|---|
| WO 0247081 | Jun 2002 | WO |
| WO0247081 | Jun 2002 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20070016743 A1 | Jan 2007 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60698899 | Jul 2005 | US |
