Patent Application
20160360417
Field of Invention
The present invention relates to a storage device with an access control device and method for accessing the storage device.
Description of Related Art
A portable storage device, such as flash drive or USB flash drive, has been a popular tool for storing massive information and can be conveniently carried by a user. In addition, the USB interface is also one of the popular interfaces for communicating with other electronic systems such as computer systems or personal computer systems. The USB flash drive becomes a very popular digital product. For the application of the USB flash drive, the USB flash drive can store massive information and can be plugged to the computer system or any equipment with the USB interface for accessing the USB flash drive.
For protecting the stored information in the USB flash drive, the USB flash drive would usually be partitioned into a public area and a secured area. When the USB flash drive connected to the USB equipment, such as personal computer system or any USB apparatus, the public area can be freely accessed. However, the equipment needs to pass a security procedure to access the secured area of the USB flash drive. This is not convenient for the user, and there is a possibility that some security information could be revealed to the public.
The invention provides a mobile storage device with an access control device. The access control device in an example can be a blue tooth (BT) control device. The user can conveniently use a mobile apparatus to write an access-control setting information into the access control device to control the access to the mobile storage device.
In an embodiment, a mobile storage device with access control capability includes a portable storage device, partitioned into a secured private zone and a public zone; and a blue-tooth (BT) access control device. The blue-tooth (BT) access control device has a non-volatile memory for storing an access-control setting information with a control flag, wherein the access-control setting information is set by an electronic mobile apparatus through a BT communication interface and determines whether or not an authorization to access the secured private zone is valid, wherein the control flag determines whether or not an authorization setting from the electronic mobile apparatus is required when the portable storage device being authorized and out of a BT operation range of the electronic mobile apparatus becomes within the BT operation range. When the portable storage device with the BT access control device is connected to a master equipment, the secured private zone can be accessed by the master equipment when the authorization is valid.
In an embodiment, a method of access control for a portable storage device, wherein a storage space of the portable storage device is partitioned into a public zone and a secured private zone and a blue tooth (BT) access control device with a non-volatile memory is implemented with the portable storage device. The method includes: setting an access-control setting information into the non-volatile memory of the BT access control device by using an electronic mobile apparatus through a communication interface, wherein the access-control setting information is used to determine whether or not an authorization to access the secured private zone is valid; and setting a control flag of the portable storage device separate from or together with the step of setting the access-control setting information, wherein the control flag determines whether or not an authorization setting from the electronic mobile apparatus is required when the portable storage device being authorized and out of a BT operation range of the electronic mobile apparatus becomes within the BT operation range. When the portable storage device with the BT access control device is connected to a master equipment, the secured private zone allows to be accessed by the master equipment when the authorization is valid.
For easy descriptions, a NFC device is taken as an example for the SRWC devices in the following descriptions, but the invention is not limited to this specific communication technology. For example, the BT or WiFi or IEEE 802.11 access control device can also be applied as the other embodiment.
In a further embodiment, the BT communication can also be used to replace the SRWC communication. The BT communication even allows a longer communication range.
It is to be understood that both the foregoing general description and the following detailed description are exemplary, and are intended to provide further explanation of the invention as claimed.
The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
In the digital world, an electronic mobile apparatus, such as mobile phone, has already been very popular in communication. In addition, a near-field communication (NFC) tag as a passive device, like the RFID tag, has also been developed to store a small amount of data to identify a device or equipment. The NFC technology allows the mobile phone or any equipment installed with NFC application software (APP) to read/write the information from/onto the NFC tag. So, the mobile phone can easily write information to or read information from the NFC tag within short distance, such as about 10 cm, in wireless manner.
In addition, the BT device based on the BT communication is also popular. A BT access control device is also provided in the invention. Another example implemented with portable storage device, in which the BT access control device also carries the access information about the portable storage device. In this manner, like the access control by the SRWC communication, the BT communication can also be used for the access control device. In addition, other similar wireless communication manner, such as IEEE 802.11 or Wi-Fi, can be applied in the invention, as well. The access control method of this invention can be applied to other wireless communication manner such as IEEE 802.11 or Wi-Fi. The SRWC communication as an embodiment is described first, and the BT communication with similar operation would be described after the descriptions of SRWC communication. In addition, the wireless communication manner can also based on IEEE 802.11 or Wi-Fi applied for communication, which can have longer communication range even without limiting to a short range communication. Generally, the invention can generally use any proper product which has capability of wireless communication to set the access control to the portable storage device.
When considering the popularity of the portable storage device, the electronic mobile apparatus, and NFC tag, the invention propose a portable storage device implemented with the NFC tag, so the access control of the portable storage device can be set by the electronic mobile apparatus, such as mobile phone. When the portable storage device with NFC tag is connected to the equipment such as desk-top computer, personal computer (PC), or any master apparatus capable being connected with the portable storage device, the equipment can access the private zone of the portable storage device. The equipment is not necessary to run a security procedure to get authorization for accessing the portable storage device. This application can be more convenient for accessing with the need of security because the access control is set in the NFC tag.
Because the mobile phone and the USB communication interface have been very popular in digital world, mobile phone and the USB flash drive are taken as the examples for describing the invention. However, the mobile apparatus is not just limited to the mobile phone and the portable storage device is not just limited to the USB flash drive. The mobile phone can be changed to tablet computer or mobile digital apparatus, and can be general referred as an electronic mobile apparatus.
Here, mobile phone is an example but not the only choice. For example, in other embodiments, the tablet PC with the SRWC function can be used. The mobile phone can be generally referred as an electronic mobile apparatus with the SRWC function. Also remarkably, the USB storage device is a popular storage device in the current market. However, the invention is not just limited to the USB storage device. Any storage device with the interface other than USB can also be applied with the technology of the invention, such as memory stick, SD card, mobile hard disk, or any like device.
Several embodiments are provided for describing the invention. However, the invention is not just limited to the embodiments.
The storage space of the portable storage device 102a is usually partitioned into a public zone and a private zone. A NFC tag is implemented on the NFC mobile storage device 102, wherein the NFC tag 102b has a non-volatile memory for storing an access-control setting information set by an electronic mobile apparatus 100, such as mobile phone, tablet computer, or mobile digital apparatus via an application software (APP) for security control setting. When the portable storage device 102a with the NFC tag 102b is connected to a master equipment 104, such as a personal computer, the portable storage device 102a will behave according to the preset access-control setting information.
In the mechanism shown in
The portable storage device 102a can be any one of USB flash drive, memory stick, SD card and so on. The memory of the NFC tag is nonvolatile, erasable and programmable, such as EEPROM or flash memory. It can also store a capacity status for indicating a storage space being currently available and a content list of the downloaded contents stored in the portable storage device. In addition, the capacity status and the content list are to be read by any equipment installed with NFC APP.
For the general procedure, the vendor of the NFC mobile storage device would provide a security control setting APP which is usually located in a website. For example, when the user purchases the NFC mobile storage device, the user can download the security control setting APP from the website to an electronic mobile apparatus, such as the smart phone, tablet computer, or any smart apparatus. The NFC tag as purchased has a unique identification (UID). Then, the security control setting APP can be executed in the electronic mobile apparatus, so the user can input an intended password. With the password and the UID of the NFC tag, the security control setting APP will produce an authentication code. The security control setting APP would then take the authentication code to register to the website of storage device vendor and also store the authentication code to the non-volatile memory of the NFC tag through the NFC interface.
Another software, referring to partition software, can be also downloaded from the website of the storage device vendor to the master equipment such as personal computer. User can run this partition software when he wants to partition the storage space. The downloaded partition software reads authentication code from the memory of NFC tag 102b and verifies with the authentication code registered in the website. If the authentication code is correct, the partition software starts to partition the storage space of the portable storage device 102a into a public zone and a private zone. And the zone size is specified by the user. In addition, a data encryption can be employed to the private zone at the stage when the private zone is created. Generally, for the portable storage device 102a configured with public zone and private zone, the private zone can be protected. When the private zone is protected, an access to the private zone needs an access authority. In other words, the portable storage device 102a needs a further setting procedure to set the access authority, so as to access the private zone.
After partitioning, the private zone can still not be accessed yet when the NFC mobile storage device 102 is connected to the computer. The NFC tag of the NFC mobile storage device 102 still further needs an access control setting procedure via the downloaded security control setting APP. The access control setting procedure would set the access control parameters, which provide an access control information and are stored to the non-volatile memory of the NFC tag. The accessibility of the private zone in the invention will work according to the preset parameters when the NFC mobile storage device 102 is connected to the computer next time.
In the embodiment as an example, the private zone of the portable storage device cannot be accessed when the portable storage device is plugged to the computer before setting the access control on the NFC tag for the portable storage device. The NFC tag integrated with the portable storage device is then set with access control information by electronic mobile apparatus using the downloaded security control setting APP. Here, the NFC interface as preciously stated can be generalized as the SRWC (short-range wireless communication) interface. The electronic mobile apparatus can be smart phone, PDA, tablet computer and so on. They have the capability to run the security control setting APP with NFC interface and serve as hosts. The electronic mobile apparatus allows the user to set the access control information, which is then stored in the non-volatile memory of the NFC tag. So, after the setting to access to the private zone of the portable storage device through the electronic mobile device, the master equipment can access the private zone based on the access control information. In an example, the portable storage device 102a carries a firmware, which reads the access control information and checks whether the private zone is still under accessible condition. If it's under accessible condition, the private zone will be able to be read and written by the master equipment.
The access control information includes a parameter N in an example. The parameter N is, for example, a non-negative integer and it is the number of allowed accessing times to the private zone. Each time, after accessing the private zone, the parameter N is subtracted by one in the example. When the value of the parameter N is equal to 0, the private zone can not be accessed unless setting a positive number to the parameter N before accessing it. However, negative integer can also be alternatively used to indicate failure of access or any other information about control the access.
Besides the number of access time, the access control information may include a parameter of maximum accessing time T. When the storage device plugged into the master equipment, the maximum accessing time T will start counting down. If time-out occurs, access to the private zone will be terminated. The implementation of the maximum accessing time can be that it counts down when the master equipment starts accessing the private zone. It can be noted that the invention is not just limited to the embodiments described above only. A further detail in example would be described below.
The mechanism of access control can be divided into several parts as needed. Embodiments are further provided for descriptions but not for restriction of the invention. The mechanism of access control may include a step, in which an APP of the electronic mobile apparatus 100, such as mobile phone, sets an access control count to N when the electronic mobile apparatus 100 connects to the NFC mobile storage device 102 via NFC interface 106. N is a non-negative integer, so as to allow only N times of access.
In further step, a flag in the memory of the NFC tag is set to indicate automatically switching to the private zone by the electronic mobile apparatus 100. In further step, the portable storage device 102a is plugged to master equipment 104 and the portable storage device 102a will switch to the private zone for accessing by the computer.
In other words, if the access-control setting information has already been set with required parameters and when the portable storage device with the SRWC device tag is connected to a master equipment, the portable storage device is automatically switched to a secured private zone for the master equipment to access the secured private zone. It can also be noted that the required parameters for the access-control setting information are not just limited to the examples provided in the present invention and will depend on the actual design as required. When the access-control setting information is still at valid status, then the portable storage device can be automatically switched to a secured private zone.
In addition, a time-out control may be set in the access-control setting information, so as to restrict the accessible time duration of the NFC mobile storage device 102 by setting a maximum accessing time or time-out value.
The time-out control in an example may include a step, in which the mobile phone APP may set the time-out value to the memory of the NFC tag. In further step, as an example, the USB flash drive plugs to a master equipment such as a personal computer. In further step, the time-out value is loaded to the controller of the portable storage device and then the time-out value is cleared from the non-volatile memory, such as EEPROM, of the NFC tag for one time access. In further step, the time-out could be an accumulation of time in use, by accumulating elapse time or operation time. In other words, the time-out value would compare with the accumulation of time in use. As a result, the portable storage device 102a will switch back to public zone.
It can be noted that the way to set the time-out may be done in other procedure. The foregoing procedure is just an example to set time-out function with the NFC tag.
Further, a data protection mode can also be set in the access-control setting information. Under data protection mode, all files in FAT (file allocation table, FAT) be marked off, i.e. be deleted or data blocks will be erased if the storage device is plugged to the mater equipment with zero time allowed for access or zero access time duration. As a result, the data in the NFC mobile storage device 102 no longer exist.
For the above control setting, following features can be an implementation example when time-out control is triggered. When the private zone is allowed for accessing, i.e. N>0, the device will be switched back to public zone right away as the time-out event happens. The time-out control setting will be cleared. If the device is plugged out of master equipment before time-out triggered, the time-out control setting will be cleared also.
For the further applications to the NFC tag 102b implemented onto the portable storage device 102a, the remaining capacity and the content list of files stored in the portable storage device 102b can be easily obtained by the electronic mobile apparatus 100 from the non-volatile memory of the NFC tag 102b.
A mechanism for storing a capacity status and content list of a storage device into NFC tag is further described, according to an embodiment of the invention. When the NFC mobile storage device 102 plugs to the master equipment 104, the master equipment 104 may download a new file into the storage device, such as movie file or music file or delete a file from it, so the content and the remaining storage capacity of the NFC mobile storage device 102 would be changed. In the embodiment, a content list can be updated and stored in the non-volatile memory of the NFC tag when the portable storage device is connected to a master equipment and when a file is written to or deleted from the portable storage device by the master equipment. Then, a remaining capacity in the portable storage device can be calculated, and a capacity status of the remaining capacity can be written into the non-volatile memory of the NFC tag.
It can be noted that the way to create content list and capacity status may be done in other procedure.
Here, the access-control may be involved but is not absolutely necessary. The information of the capacity status and content list of the mobile storage device 102 can be obtained by the electronic mobile apparatus 100 mobile phone.
In the following descriptions, an embodiment of a BT access control device is provided as the access control device.
Referring to
The storage space of the portable storage device 202a is usually partitioned into a public zone and a private zone. The BT access control device 202b is implemented on the mobile storage device 202. Here, the BT access control device 202b can be embedded in the portable storage device 202a or implemented by any proper manner without specific limitation. The BT access control device 202b has a non-volatile memory for storing an access-control setting information set by an electronic mobile apparatus 100, such as mobile phone, tablet computer, or mobile digital apparatus via an application software (APP) for security control setting. When the portable storage device 202a with the BT access control device 202b is connected to a master equipment 104, such as a personal computer, the portable storage device 102a will behave according to the preset access-control setting information.
The content of the access-control setting information can be built up by a user via the BT interface 200. An equivalent APP for the BT access control device 202b of the mobile storage device 202 can be supplied by the manufacturer like the manner for the SRWC tag, so the intended access-control setting information can be set.
Remarkably, due to operation mechanism of BT, the slave BT device would be deactivated by a master BT device, such as an electronic mobile apparatus 100 carried by the user, when the master BT device is out of the operation range. The access-control setting information for the BT access control device 202b may include additional set condition.
When the BT access control device 202b is within a BT operation range of an electronic mobile apparatus 100, the BT access control device 202b is activated for allowing an access to the secured private zone according to the access-control setting information.
When the BT access control device 202b is not within the BT operation range of the electronic mobile apparatus 100, the BT access control device is deactivated and an access to the secured private zone may be stop or kept on according to a direct choice by the user or a setting in the access-control setting information. In addition, an agreement to recognize the access-control setting information is usually made in each time of access when BT APP is activated. So, basically, an agreement to recognize the access-control setting info nation is made in each time of access if the access control device requires this agreement, which may be made by a simple touch on the function block of agreement or even entering another password required by the access control device.
Generally, based on the BT communication, a mobile storage device with access control capability includes a portable storage device, partitioned into a secured private zone and a public zone; and a blue-tooth (BT) access control device. The BT access control device has a non-volatile memory for storing an access-control setting information with a control flag. The access-control setting information is set by an electronic mobile apparatus through BT communication and is used to determine whether or not an authorization to access the secured private zone has been expired. The control flag determines whether or not the secured private zone allows to be accessed. When the BT access control device is out of a BT operation range of an BT mobile device which is or isn't the electronic mobile apparatus, the control flag returns to a lock state as a default, so not to allow accessing to the secured private zone. When the BT access control device is within the BT operation range of the BT mobile device, the control flag is set to an unlock state by the BT mobile device, so to allow accessing to the secured private zone. When the portable storage device with the BT access control device is connected to a master equipment, the secured private zone is accessed by the master equipment depending on the control flag and an authorization state of the access-control setting information.
In general, the SRWC tag and the BT access control device can be referred as an access control device to perform the access control, in which BT may have additional condition due to the operation of BT communication. However, the security mechanism for access control to the storage device is the same.
It will be apparent to those skilled in the art that various modifications and variations can be made to the structure of the present invention without departing from the scope or spirit of the invention. In view of the foregoing descriptions, it is intended that the present invention covers modifications and variations of this invention if they fall within the scope of the following claims and their equivalents.
This application is a continuation-in-part application of and claims the priority benefit of U.S. application Ser. No. 14/542,668, filed on Nov. 17, 2014, now pending. The entirety of the above-mentioned patent application is hereby incorporated by reference herein and made a part of this specification.
| Number | Date | Country | |
|---|---|---|---|
| Parent | 14542668 | Nov 2014 | US |
| Child | 15242613 | US |
