EP2321759A2 - Mise à niveau de dispositif mémoire - Google Patents

Mise à niveau de dispositif mémoire

Info

Publication number
EP2321759A2
EP2321759A2 EP09791573A EP09791573A EP2321759A2 EP 2321759 A2 EP2321759 A2 EP 2321759A2 EP 09791573 A EP09791573 A EP 09791573A EP 09791573 A EP09791573 A EP 09791573A EP 2321759 A2 EP2321759 A2 EP 2321759A2
Authority
EP
European Patent Office
Prior art keywords
storage unit
content
new
credential
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP09791573A
Other languages
German (de)
English (en)
Inventor
Po Yuan
Robert C. Chang
Farshid Sabet-Sharghi
Mei Yan
Bahman Qawami
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SanDisk Technologies LLC
Original Assignee
SanDisk Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/229,165 external-priority patent/US8984645B2/en
Priority claimed from US12/229,090 external-priority patent/US8428649B2/en
Application filed by SanDisk Corp filed Critical SanDisk Corp
Publication of EP2321759A2 publication Critical patent/EP2321759A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1014Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/108Transfer of content, software, digital rights or licenses
    • G06F21/1082Backup or restore
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates

Definitions

  • Embodiments of the present disclosure relate to technology for secure memory devices.
  • Non-volatile semiconductor memory has become more popular for use in various electronic devices.
  • non-volatile semiconductor memory is used in cellular telephones, digital cameras, mobile media players, personal digital assistants, mobile computing devices, non-mobile computing devices and other devices.
  • SIM Subscriber Identity Module
  • Protecting content stored on secure memory devices has become an important feature, especially concerning protection for copyrighted material.
  • a user may purchase copyrighted content, such as music, through an electronic device.
  • Content owners typically intend for only the purchaser to use the content and may require that the purchased content be played only by authorized applications on an electronic device, such as the application used to purchase the content.
  • Securely storing information to protect against unauthorized use of secure content can be performed using a variety of protection techniques, such as encryption.
  • An application on a device that tries to access encrypted content must decrypt the content using an encryption key before that content can be read.
  • An application authorized to access the encrypted content will have the appropriate encryption key for decrypting the content.
  • Unauthorized applications may still be able to access the encrypted content, but without the appropriate encryption key, the unauthorized application may not be able to read the content.
  • the technology described herein pertains to upgrading or replacing a first storage unit that is operatively coupled to a host device.
  • the upgrading is performed by sending content of the first storage unit to a new storage unit that serves as the upgrade to or replacement of the first storage unit.
  • the content is first sent to a trusted third-party server.
  • the content is then transferred from the trusted third-party server to the new storage unit.
  • a portion of the content on the new storage unit is adjusted in one embodiment to maintain content security features that were implemented in the first storage unit.
  • the upgrading can be performed under the control of a software entity that is installed on the device.
  • the first storage unit may be bound to a third storage unit prior to the upgrade process.
  • the first storage unit and the third storage unit may be said to be bound together where one storage unit provides credentials for accessing content on the other storage unit.
  • the upgrade process can include measures to bind the new storage unit to the third storage unit in the same or a similar manner to the way the first storage unit was bound to the third storage unit prior to the upgrade. Some of the content transferred to the new storage unit and/or content on the third storage unit may be modified so as to bind the new storage unit to the third storage unit.
  • a non-volatile memory card and a subscriber identity module (SIM) card are both operatively coupled to a host device.
  • the cards may be bound together based one or more binding types associated with content stored on the non-volatile memory card.
  • the SIM card can store and/or calculate credentials that are used to access the content on the non-volatile memory card.
  • Embodiments in accordance with the present disclosure can be used to replace the existing non-volatile memory card with a new non-volatile memory card and/or replace the existing SIM card with a new SIM card. In either case, the presently disclosed technology facilitates replacement of the card(s) while maintaining the security measures used to protect the content stored on the existing non-volatile memory card.
  • the existing non-volatile memory card is replaced with a new non-volatile memory card
  • content on the existing non-volatile memory card can be transferred to the new non-volatile memory card. At least a portion of the transferred content may be modified so as to bind the new non-volatile memory card to the existing SIM card. Additionally, one or more new credentials may be calculated and stored by the SlM card for accessing the content transferred to the new non-volatile memory card. If the existing SIM card is replaced with a new SIM card, one or more credentials from the existing SIM card can be transferred to the new SIM card. If certain binding types for content on the existing non-volatile memory card are used, new credentials may be calculated and stored by the SIM card and/or modifications to the content on the existing non-volatile memory card may be made.
  • One embodiment includes a process for replacing a first storage unit with a new storage unit.
  • the first storage unit Prior to replacement, the first storage unit is operatively coupled to a host device and is bound to a third storage unit that is also operatively coupled to the host device.
  • the first storage unit stores first content that is bound to the third storage unit based on one or more binding types.
  • the device sends the first content from the first storage unit to the new storage unit.
  • the device modifies a portion of the first content in the new storage unit and a portion of second content in the third storage unit based on the one or more binding types so that the new storage unit is bound to the third storage unit.
  • the device can send the first content from the first storage unit to a server in one embodiment.
  • the first storage unit can then be removed from the device and the new storage unit inserted.
  • the device can then receive the first content from the server and send it to the new storage unit.
  • One embodiment of a process for upgrading a storage device includes sending a credential from a first storage unit to a server.
  • the first storage unit is operatively coupled to a device.
  • the credential is sent to the server under the control of a software entity on the device.
  • the software entity notifies a user to insert a new storage unit in the device.
  • the software entity receives a notification that the new storage unit is inserted.
  • the software entity controls receiving the credential from the server and sending the credential to the new storage unit.
  • One embodiment of a process for upgrading a storage device includes upgrading a first storage unit in a host device to a new storage unit.
  • the first storage unit is associated with a third storage unit based on one or more credentials, and the first storage unit and third storage unit are operatively to the host device.
  • a software entity on the host device provides to a server an identifier that identifies the new storage unit when inserted in the host device.
  • the software entity accesses content on the first storage unit using one or more credentials obtained from the third storage unit.
  • the software entity then provides the content to the server.
  • the software entity controls receipt of the content from the server including first content associated with the third storage unit based on the one or more credentials.
  • the content is sent to the new storage unit under control of the software entity, which notifies the third storage unit to generate new credentials that associate the first content with the new storage unit.
  • the new credentials provide access to the first content.
  • the technology described herein further pertains to accessing content on a first host device where the content is associated with one or more credentials on a second host device.
  • a first storage unit on or controlled using the first host device may be bound to a second storage unit that is on or controlled using the second host device based on binding types for the content on the first storage unit.
  • the second storage unit is needed to calculate a credential for access to the content on the first storage unit.
  • the first host device calculates an account identifier associated with the binding type for the requested content.
  • the account identifier will be sent from the first host device to a server.
  • the server will send the account identifier to the second host device.
  • the second storage unit will use the account identifier to calculate a credential.
  • the credential is then sent to the server, and the server sends the credential to the first host device.
  • the first host device will use the credential to access the requested content if the credential is valid.
  • One embodiment of a process for accessing content includes determining in a first device an account identifier associated with content on a first storage unit that is operatively coupled to the first device.
  • the account identifier is sent from the first device to a server.
  • the first device receives a credential from a second device via the server, where the credential is based on the account identifier.
  • the first device accesses the content using the credential if the credential is valid.
  • One embodiment of a process for accessing content includes receiving at a server an account identifier from a first device.
  • the account identifier is associated with content on a first storage unit that is operatively coupled to the first device.
  • the account identifier is sent from the server to a second storage unit that is operatively coupled to a second device.
  • the second storage unit is associated with the first storage unit.
  • the server receives a credential from the second storage unit in response to sending the account identifier.
  • the credential is based on the account identifier.
  • the server sends the credential to the first device.
  • the credential provides access to the content on the first storage unit if the credential is valid.
  • One embodiment of a process for accessing content includes receiving a request to access content on a first memory card that is operatively coupled to a first device.
  • the first memory card is bound to a second memory card based on a binding type.
  • the second memory card is operatively coupled to a second device.
  • the receiving is performed by a software entity on the first device.
  • the software entity calculates an account identifier based on the binding type and sends the account identifier to the server.
  • the software entity receives a credential from the server.
  • the credential is generated by the second memory card based on the account identifier and the binding type.
  • the software entity accesses the content using the credential if the credential is valid.
  • One embodiment of a process for accessing content includes calculating at a first device an account identifier associated with content on a first storage unit that is operatively coupled to the first device.
  • the first storage unit is associated with a second storage unit that is operatively coupled to a second device.
  • the account identifier is sent from the first device to the second device through a server.
  • the second storage unit generates a credential based on the account identifier.
  • the first device receives the credential from the second storage unit through the server and accesses the content on the first storage unit if the credential is valid.
  • Embodiments in accordance with the present disclosure can include one or more non-volatile storage units and one or more processors in communication with the one or more non-volatile storage units.
  • the one or more processors can be adapted to perform one or more processes to upgrade or access at least one non-volatile storage unit as described.
  • Embodiments in accordance with the present disclosure can be accomplished using hardware, software or a combination of both hardware and software.
  • the software can be stored on one or more computer readable media such as hard disk drives, CD-ROMs, DVDs, optical disks, floppy disks, tape drives, RAM, ROM, flash memory or other suitable storage device(s).
  • some or all of the software can be replaced by dedicated hardware including custom integrated circuits, gate arrays, FPGAs, PLDs, and special purpose processors.
  • software stored on a storage device
  • the one or more processors can be in communication with the one or more non-volatile storage units in the storage system, peripherals and/or communication interfaces.
  • Figure IA is a block diagram of two memory devices in communication with a host device.
  • Figure IB is a block diagram of two memory devices in communication with a handset host device.
  • Figure 2 is a flow chart of a process for accessing content on a memory device.
  • Figure 3 is a flow chart of a process for calculating an account identifier.
  • Figure 4 is a flow chart of a process for calculating a credential.
  • FIGS. 5A-5B are block diagrams of a system depicting the replacement of an existing subscriber identity module (SIM) card with a new SIM card where the existing SIM card was bound to a non-volatile memory card prior to being replaced.
  • SIM subscriber identity module
  • FIG. 6 is a flow chart of a process for replacing an existing SIM card with a new SIM card where the existing SIM card was bound to a non-volatile memory card prior to being replaced
  • Figure 7 is a flow chart of a process for creating new accounts in a SIM card.
  • Figures 8A-8C are block diagrams of a system depicting the replacement of an existing memory card with a new memory card where the existing memory card was bound to a SIM card prior to being replaced.
  • Figure 9 is a flow chart of a process for replacing an existing memory card with a new memory card where the existing memory card was bound to a SIM card prior to being replaced.
  • Figure 10 is a flow chart of a process for saving content on a new memory card.
  • Figure 1 1 is a flow chart of a process for creating a secure channel.
  • Figure 12 is a flow chart of a process for transferring clear content on an existing memory card to a new memory card.
  • Figure 13 is a flow chart of a process for transferring encrypted content on an existing memory card to a new memory card.
  • Figure 14 is a block diagram of a device in communication with a trusted third-party server used for accessing a credential on a handset device.
  • Figure 15 is a flow chart of a process for accessing a credential for content through a network.
  • Figure 16 is a flow chart of a process for accessing a credential for content.
  • Figure 17 is a block diagram of a memory device.
  • Figure 18 is a block diagram depicting one embodiment of a memory array.
  • the disclosed technology provides a secure upgrade from an existing memory device to a new memory device.
  • the existing memory device can include any type of non-volatile storage device, such as a Subscriber Identity Module (SIM) card or a removable memory card.
  • SIM Subscriber Identity Module
  • the existing memory device is operatively coupled to a host device and is typically operated through a host agent on the host device.
  • the host device may be any electronic device, such as a cellular telephone, digital camera, mobile media player, personal digital assistant, mobile computing device or non-mobile computing device.
  • the existing memory device can be removable from or embedded within the host device. Additionally, the existing memory device may be operated through, while not being inside, the host device.
  • the existing memory device may be associated with a third memory device that is also operatively coupled to the host device through the host agent.
  • the third memory device may also be any type of non-volatile storage device.
  • the third memory device may be an embedded memory device, a removable memory device, or a memory device operated through but not within the host device.
  • the existing memory device and the new memory device may be nonvolatile memory cards while the third memory device may be a SIM card.
  • the existing memory device and the new memory device may be SIM cards while the third memory device is a non-volatile memory card.
  • the host agent may be any software entity on the host device that is used to operate the memory devices through the host device, such as an application installed on the host device.
  • the host agent allows access to the memory devices and controls the upgrade for the memory devices.
  • Various processes are described herein as being performed by software entities such as host agents, applets, etc. for the sake of clarity, simplicity and to conform with the standard usage of these terms in the art. It will be appreciated that reference to software entities performing actions may include the performance of the actions by one or more devices (e.g., processors, control circuitry, etc.) under the control of the software entities.
  • the existing memory device and the third memory device implement security features for accessing content on the devices.
  • the existing memory device is bound to the third memory device, and access to content is dependent upon how the devices are bound together.
  • content on a memory card can include a binding type that is used to obtain a credential from a SIM card for accessing the content.
  • the new memory device When an upgrade of the existing memory device is requested, at least a portion of the content of the existing device is sent to the new memory device. If the host device can accept or access both the existing and new memory devices simultaneously, the content can be sent directly from the existing memory device to the new memory device. If the host device can only accept or access one of the cards at a time, the content of the existing device can first be sent to a server.
  • the server can be operated by a network service provider for the host device, such as a mobile network operator (MNO), or by any third-party.
  • MNO mobile network operator
  • the server is a trusted third- party (TTP) server.
  • TTP trusted third- party
  • the content of the existing memory device is sent to the TTP by the host agent on the host device. Once the host agent sends the content from the existing memory device to the TTP, the host agent can request that the new memory device be inserted in the host device. When the new memory device is inserted, the host agent requests the content from the TTP and sends it to the new memory device.
  • Figure IA depicts one example of memory devices that are bound to each other and are operated through a host agent 175 on a host device 100.
  • the host device 100 can be any electronic device.
  • the host device 100 contains a processor 130.
  • the processor 130 can be any type of processor used to operate the host device 100.
  • the processor 130 is used to access SIM card 1 10 and non-volatile memory card 120 through the host device 100.
  • the processor 130 executes the functions of the host agent 175 for SlM card 1 10 and non-volatile memory card 120.
  • Figure IB depicts one example of the system shown in Figure IA.
  • the host device 100 is a handset 105, such as a mobile telephone or other computing device.
  • the first memory device is a SIM card 1 15, and the second memory device is a removable memory card 125.
  • the handset 105 includes a processor (not shown) as described in Figure IA to execute memory card driver 1 55, application 1 160, application 2 165, application n 170, host agent 175, and SIM card driver 180 contained on the handset 105.
  • a processor not shown
  • memory card driver 1 55 for simplicity, much of the disclosure references the example shown in Figure 1 B. However, the disclosed technology is not so limited.
  • the handset 105 has an International Mobile Equipment Identity (IMEI) number used as a unique identifier.
  • the host agent 175 receives requests to access content on the memory card 125 and authenticates the entity attempting to access content before allowing that content to be accessed.
  • the entity attempting to access content can be a user of the handset 105.
  • the user may also attempt to access the content through application 1 160, application 2 165, or application n 170.
  • These applications are also entities that may be subject to authentication before access is allowed.
  • Application I 160, application 2 165, or application n 170 can be any type of application, such as a media player for playing music or video files, a word processor, a calendar, etc.
  • the handset 105 contains a memory card driver 155 that allows the memory card 125 to be accessed through the handset 105.
  • the handset 105 also contains a SIM card driver 180 that allows the SIM card 1 15 to be accessed through the handset 105.
  • the memory card 125 contains a storage area 150 and control circuitry 145.
  • the storage area 150 contains the content that is stored on the memory card 125.
  • the content is accessed through the control circuitry 145, which controls the reading and writing of content to the memory card 125.
  • the memory card 125 also has a unique card identifier (CID) that identifies that particular memory card.
  • CID unique card identifier
  • the storage area 150 can be divided into any number of public or secure partitions. Access to content in a secure partition requires valid authentication from an authorized entity. Content in a public partition can include clear content, which does not require authentication and may be accessed by any entity, and protected content, which requires authentication in order to be accessed. In the example shown in Figure I B, the storage area 150 is divided into two partitions: partition 152 and partition 154. Each partition has a File Allocation Table (FAT) which contains information about where each file is stored within the partition. FAT-O contains information about the content stored in partition 152, and FAT-I contains information for partition 154.
  • FAT File Allocation Table
  • Partition 152 is one example of a secure partition.
  • Secure partitions are hidden partitions that are undetectable to a user or a host device. Any entity attempting to access content within a secure partition must first be authenticated using the host agent 175 on the handset 105. The entity may be a user, an application on the handset 105, or a user attempting to access the content through an application on the handset 105. When an entity attempts to access content in a secure partition, the host agent 175 first accesses the file header of the content.
  • the file header of each file is stored with the file itself and contains information about the content, such as content metadata, which may indicate what type of content is stored, information related to encrypting and decrypting the content, and information related to authentication, such as a binding type. More information about the authentication process can be found in U.S. Patent Application No. 12/124,450, entitled “Authentication for Access to Software Development Kit for a Peripheral Device,” by Mei Yan et al., filed May 21 , 2008, which is incorporated by reference herein in its entirety.
  • Logic groups are content groupings protected by individualized encryptions.
  • Logic groups Domain 1 and Domain 2 are each protected by a content encryption key (CEK). All content stored within Domain 1 , such as File B, is encrypted using a particular CEK associated with Domain 1 , and all content stored within Domain 2, such as File C and File D, is encrypted using another CEK associated with Domain 2.
  • Information related to the CEK for each logic group is stored in the file header of the content in the logic group. That information may be used to access the correct CEK for decrypting the content if the authenticated entity has the proper authority to access the content.
  • the encryption and decryption of content is performed by the control circuitry 145, which may support any encryption method such as symmetric encryption (e.g., AES, DES, 3DES, etc.), cryptographic hash functions (e.g., SHA-I , etc.), asymmetric encryption (e.g., PKl, key pair generation, etc.), or any other cryptography methods.
  • symmetric encryption e.g., AES, DES, 3DES, etc.
  • cryptographic hash functions e.g., SHA-I , etc.
  • asymmetric encryption e.g., PKl, key pair generation, etc.
  • Partition 154 is one example of a public partition containing clear content File E and File F. Public partitions are detectable to a user or a host device. Clear content is any content that is stored in a public partition of the memory device 125 and that is not encrypted with a CEK. Any entity attempting to access clear content within a public partition may do .so without authentication.
  • Access to any content stored on the memory device 125 is controlled using the control circuitry 145.
  • the control circuitry allows the host agent 175 on the handset 105 to access content on the memory device 125 after the host agent 175 has successfully authenticated the entity attempting to access the content.
  • the SIM card 1 15 in Figure IB can be any removable integrated circuit card as typically used in a cellular telephone or mobile computer.
  • the SlM card 1 15 is a memory card that stores the International Mobile Subscriber Identity (IMSI), which is the identifier used to identify the subscriber of the mobile service for the handset 105.
  • IMSI International Mobile Subscriber Identity
  • the subscriber network is the MNO that provides mobile service for the handset 105. When the MNO receives the IMSI from the handset 105, it allows a call to be placed or data to be transferred.
  • the SIM card 1 15 also stores the Mobile Subscriber Integrated Services Digital Network (MSlSDN) number, which is an identifier associated with the telephone number for the SIM card 1 15.
  • MSlSDN Mobile Subscriber Integrated Services Digital Network
  • the SIM card 1 15 is typically operated through one MNO.
  • the MNO can be identified through a network identifier (NetID) that is unique to that particular MNO.
  • the NetID can be any identifier for the MNO such as the Mobile Country Code (MCC) or the Mobile Network Code (MNC).
  • the SIM card 1 15 also stores applications within its memory, such as SIM applet 140.
  • the SIM applet 140 is an application used with the host agent 175 on the handset 105 for authenticating and logging in an entity attempting to access content on the memory card 125.
  • the SIM applet 140 will generate a credential 135 for access to content on the memory card 125 based on the binding type found in the file header for the corresponding content. Because the content on memory card 124 is bound to SIM card 1 15, the cards are bound together.
  • the content on memory card 125 may include different binding types in the file headers for different portions of the content (e.g., different files).
  • FIG. 2 is a flowchart of a process for authenticating and logging in an entity attempting to access protected content on the memory card 125.
  • An entity attempting to access clear content in a public partition need not be authenticated for access to that content.
  • the host agent 175 receives a request to access a file stored in the memory card 125.
  • the request may come from a user of the handset 105.
  • the request may come from an application on the handset 105, such as application 1 160.
  • the host agent 175 accesses the binding type associated with the requested content from the file header of the requested file.
  • All protected content stored in the memory card 125 has a particular binding type associated with it.
  • the binding type can be found in -the file header for the content.
  • the binding type indicates how the content in the memory card 125 is bound to the SIM card 1 15 by indicating that a particular identifier should be used by SIM card 1 15 to calculate the credential needed for access to the content.
  • the memory card 125 can be bound to the SIM card 1 15 based on one or more binding types for the content stored in the memory card 125.
  • the binding type may indicate an identifier for the SIM card 1 15 (i.e. SIM card binding), the handset 105 (i.e. handset binding), the memory card 125 (i.e. memory card binding), or the MNO for the handset 105 (i.e. network binding).
  • Different binding types may be specified in the file headers for different portions of the content.
  • the host agent 175 accesses the appropriate identification values based on the binding type in step 202. If the binding type is SIM card binding, the host agent 1 75 accesses the appropriate SIM card identification value from the SIM card 1 15. In one embodiment, the identification value for SIM card binding is the IMSI number. In another embodiment, the identification value for SIM card binding is the MSISDN number. If the binding type is handset binding, the host agent 175 accesses the appropriate handset identification value from the handset 105. In one embodiment, the identification value for handset binding is the IMEI number. If the binding type is memory card binding, the host agent 175 accesses the appropriate memory card identification value from the memory card 125.
  • the identification value for memory card binding is the CID. If the binding type is network binding, the host agent 175 accesses the appropriate network identification value from the MNO using the telecommunication capabilities of the handset 105. In one embodiment, the identification value for network binding is the NetID.
  • the host agent 175 uses that identification value to calculate an account identifier based on the binding type (step 203).
  • the host agent 175 accesses binding rules in order to calculate the account identifier.
  • the binding rules are typically stored on SIM card 1 15, but can also be stored at the host agent 175, or with the content.
  • the binding rules may indicate a particular algorithm for the calculation and can be specific to each binding type or they can be the same for any of the binding types.
  • the account identifier can be calculated by inputting the identification value (and other values that may optionally be specified by the binding rules) in the particular algorithm associated with the binding rules.
  • the particular algorithm is a cryptographic function.
  • Cryptographic functions are functions that input one or more values and return another value, wherein the other value serves as a representation or fingerprint of the one or more inputted values. Any cryptography method can be used, including by way of non-limiting example, symmetric encryption (e.g., AES, DES, 3DES, etc.), cryptographic hash functions (e.g., SHA-I , etc.), or asymmetric encryption (e.g., PKI, key pair generation, etc.).
  • symmetric encryption e.g., AES, DES, 3DES, etc.
  • cryptographic hash functions e.g., SHA-I , etc.
  • asymmetric encryption e.g., PKI, key pair generation, etc.
  • the SIM applet uses either or both the account identifier and the identification values to calculate a credential 135 based on the binding type (step 205).
  • the binding rules for the binding type indicate how the credential is calculated, specifying for example, that a particular algorithm, such as a cryptographic function, is to be used.
  • the SIM applet 140 calculates the credential 135 using the account identifier and the optional identification values in the algorithm specified by the binding rules.
  • the SIM applet 140 will save the calculated credential 135 in the SIM card 1 15 memory.
  • the SIM applet 140 sends the credential to the host agent 175 (step 206).
  • the host agent 175 uses the credential 135 received in step 206 and the account identifier calculated in step 203 to log in to an account that is associated with the requested file (step 207).
  • Each protected file in the memory card 125 is associated with permissions that indicate which entities are allowed to access that file by indicating the account identifiers that are allowed to access the file.
  • the control circuitry 145 determines whether the account associated with the account identifier may access the content and whether the credential 135 is valid for that account. If the account identifier and the credential 135 are not valid, access is denied.
  • the host agent receives the login status from the control circuitry and returns an error to the entity requesting the content (step 209). If the account identifier 175 and the credential 135 are valid, the host agent 175 allows access to the requested file (step 210).
  • FIG 3 is a flow chart of a process for calculating the account identifier, as described in step 203 of Figure 2.
  • the host agent 175 accesses the binding rules associated with the binding type for the requested content.
  • the host agent 175 determines the algorithm to use for the calculation of the account identifier (step 212).
  • the algorithm is specified by the binding rules.
  • the host agent 175 provides the identification values accessed in step 202 of Figure 2 as the input for the algorithm (step 213). In one embodiment, additional values may be used for the input as well, as specified by the binding rules.
  • the host agent 175 calculates the account identifier by executing the algorithm with the inputs (step 214).
  • FIG 4 is a flow chart of a process for calculating the credential 135, as described in step 205 of Figure 2.
  • the SIM applet 140 accesses the binding rules associated with the binding type for the requested content.
  • the SIM applet 140 determines the algorithm to use for the calculation of the credential 135 (step 216).
  • the algorithm is specified by the binding rules.
  • the SIM applet 140 provides the account identifier as the input for the algorithm (step 217). In one embodiment, additional identification values may be used for the input as well, as specified by the binding rules.
  • the SIM applet 140 calculates the credential 135 by executing the algorithm with the inputs (step 21 8).
  • the SIM applet 140 also saves the credential 135 in the SIM card 1 15 (step 219).
  • FIGS 5A-5B depict a block diagram of one system used to upgrade an existing SIM card 1 15 that provides security features for accessing content on nonvolatile memory card 125.
  • An upgrade application 300 within the host agent 175 is used to facilitate the upgrade of the existing SlM card 1 15 to a new SIM card 1 15' through the memory card driver 155 and the SIM card driver 180.
  • An exemplary flow of data and commands between the various components is illustrated by the arrows in Figures 5A-5B.
  • SIM card 1 15 and non-volatile memory card 125 are operatively coupled to handset 105.
  • Upgrade application 300 receives a request to replace the existing SIM card 1 15 with a new SIM card 1 15'.
  • SIM card 1 15' is depicted apart from handset 105 to illustrate that it is not yet operatively coupled with the handset.
  • the upgrade application 300 requests the credentials 135 stored in the existing SIM card from the SIM applet 140 as represented by arrow 230.
  • the SIM applet 140 sends the credentials 135 to the upgrade application 300 on the host agent 175 as represented by arrow 232.
  • the upgrade application 300 will then send the credentials 135 to the TTP 310 through the secure channel 315 as represented by arrow 234.
  • the secure channel 315 facilitates the transmission of data between the host agent 175 and the TTP 310.
  • the data can be sent through the secure channel 315 over- the-air (OTA) using the handset 105 telecommunication capabilities.
  • the data may also be sent using the secure channel 315 through the internet or other network.
  • the data ' sent from the host agent 175 to the TTP 3 10 through the secure channel 315 is encrypted by the host agent 175 before it is sent to the TTP 310.
  • the content can then be decrypted when it is received at the TTP 310.
  • the data is similarly encrypted before it is sent to the handset 105 for the new storage unit and then decrypted once it is received at the host agent 175.
  • the existing SIM card can be removed from the handset 105 and the new SIM card can be inserted.
  • upgrade application 300 provides an indication to the user to remove the existing SIM card and insert the new one.
  • the upgrade application 300 on the host agent 175 can be invoked after the new SlM card is inserted in the handset 105 and the handset is powered on.
  • Figure 5B depicts the system after removing the existing SlM card 1 15 and inserting the new SIM card 115'.
  • the upgrade application 300 requests the credentials from the TTP 310 through the secure channel 315 as represented by arrow 236.
  • the upgrade application 300 receives the credentials as represented by arrow 238 and sends the received credentials to the SIM applet of the new SlM card as represented by arrow 240.
  • the SIM applet saves the credentials in the new SIM card.
  • FIG. 6 is a flow chart of one embodiment for upgrading a SIM card 1 15.
  • a user or other entity requests that the existing SIM card be upgraded.
  • the user can request the SIM card upgrade through the upgrade application 300 on the host agent 175.
  • the upgrade application 300 notifies the SIM applet 140 in the existing SIM card that an upgrade request was received. This allows the SIM applet 140 to prepare the credentials for the upgrade process.
  • step 404 the upgrade application 300 accesses the TTP 310 using an address for the TTP 310.
  • the address is a uniform resource locator (URL) for the TTP 310 location.
  • URL uniform resource locator
  • the SlM applet 140 on the existing SIM card can upload the saved credentials 135 to the TTP 310 through the upgrade application 300 (step 406).
  • the credentials 135 are uploaded to the TTP 310 through the secure channel 315 created by the upgrade application 300.
  • the upgrade application 300 deletes the credentials from the existing SIM card (step 408). The upgrade application 300 then notifies the user to insert the new SIM card into the handset 105 (step 410). [0073] The upgrade application 300 determines whether the new SlM card is inserted (step 412). Once the upgrade application 300 determines that the new SIM card has been inserted, the upgrade application 300 notifies the SIM applet 140 of the new SIM card to prepare to receive the credentials 135 saved at the TTP 310. In step 414, the SlM applet 140 of the new SIM card downloads the credentials 135 from the TTP 310 through the upgrade application 300. The credentials 135 are sent from the TTP 310 to the SlM applet 140 using the secure channel 315. The SlM applet 140 saves the credentials 135 in the memory for the new SlM card.
  • the accounts associated with that content can be modified. Those accounts on the memory card 125 as well as the credentials associated with those accounts on the new SIM card can be modified.
  • the existing accounts for content having a SIM card binding type are associated with account identifiers and credentials that were calculated based on an identifier for the existing SIM card.
  • the new accounts are created so that the content having a SIM card binding type will be bound to the new SIM card.
  • New account identifiers and credentials can be calculated. This ensures that the content with a SIM card binding type can be accessed using the new SIM card.
  • new accounts are created in the memory card 125 for all of the existing accounts that had a SIM card binding type.
  • the upgrade application 300 notifies the TTP 310 to delete the credentials 135 that were saved on the TTP 310, and the upgrade process for the SIM card 1 15 is completed (step 418).
  • FIG. 7 describes how the step of creating new accounts is performed (step 416 of Figure 6).
  • the upgrade application 300 logs in to the existing accounts associated with a SIM card binding type.
  • the upgrade application 300 uses the credentials saved at the TTP 3 10 to log in to the existing accounts.
  • the upgrade application 300 accesses the appropriate identification values that are needed to calculate the account identifier for the accounts having a SIM card binding type based on the binding rules of the existing accounts. This includes accessing an identification value for the new SIM card, such as the IMSI number or the MSISDN number for example.
  • the upgrade application 300 directs the host agent 175 to calculate new account identifiers for all of the existing accounts using the accessed identification values for the SIM card binding (step 424).
  • the upgrade application 300 sends the new account identifiers and the identification values to the SIM applet 140 in the new SIM card (step 426).
  • the SIM applet 140 generates new credentials for each account identifier received in a manner similar to that described for step 205 of Figure 2.
  • the new credentials are calculated based on the SIM card binding rules.
  • the SIM applet 140 saves the new credentials in the new SIM card in place of the existing credentials associated with the existing accounts (step 430).
  • the existing credentials calculated using an identifier for the existing SIM card can be deleted.
  • the SIM applet 140 sends the new credentials to the upgrade application 300 on the host agent 175 (step 432).
  • the upgrade application 300 sends the newly calculated credentials to the control circuitry 145 of the memory card 125 (step 434) to initiate the creation of new accounts for all of the existing accounts in the memory card 125 having SIM card binding.
  • the memory card 125 creates new accounts for all of the existing accounts with SIM binding (step 436) and associates the new accounts with the corresponding account identifiers and credentials calculated for the new SIM card (step 438).
  • the permissions associated with the existing accounts are delegated to the new accounts (step 440) so that the new accounts are able to access the appropriate content.
  • Figures 8A-8C are block diagrams of a system depicting the upgrade of a non-volatile memory card 125 having content that is accessed using a credential stored or calculated at SIM card 1 15. An exemplary flow of data and commands between the various components is illustrated by the arrows in Figures 8A-8C.
  • Figure 9 is a corresponding flow chart describing one process for upgrading the memory card 125.
  • Figures 8A-8C and 9 will be described in conjunction with one another.
  • Figure 8A depicts the system after a user has removed the existing non-volatile memory card 125 and inserted a new non-volatile memory card 125' to begin the upgrade process at step 450 of Figure 9.
  • the upgrade application 300 When the new memory card 125' is inserted, the upgrade application 300 is notified and accesses the TTP 310 using an address for the TTP 310, such as a URL for example (step 452). At step 454, the upgrade application 300 sends the CID for the new memory card 125 to the TTP 310 as represented by arrow 250. Once the TTP 310 receives the ClD for the new memory card 125, the TTP 310 sends a request at step 456 to the upgrade application 300 that the existing memory card should be inserted as represented by arrow 252. The upgrade application 300 notifies the user to insert the existing memory card (step 458).
  • the upgrade application 300 waits until the new memory card is removed and the existing memory card is inserted (step 460).
  • the handset 105 may be capable of operating multiple memory cards at one time, so the new memory card does not have to be removed from the handset 105 before the content from the existing memory device is sent to the TTP 3 10.
  • an upgrade can be requested explicitly instead of by removing an existing memory card and inserting a new memory card.
  • Figure 8B depicts the system after the new non-volatile memory card 125' has been removed and the existing memory card 125 has been reinserted.
  • the upgrade application 300 directs the SlM applet 140 to upload the credentials 135 on the SlM card 1 15 to the TTP 310 as represented by arrow 254.
  • the credentials 135 are received from the SIM applet as represented by arrow 256 and uploaded to the TTP 310 using the secure channel 315 as represented by arrow 258.
  • the upgrade application 300 uses the credentials 135 to log into the existing memory card accounts on non-volatile memory card 125 as represented by arrow 260. Once the upgrade application 300 has logged into the existing memory card accounts, the upgrade application 300 receives the content from the existing memory card as represented by arrow 262. At step 466, the upgrade application uploads the content to the TTP 310 as represented by arrow 264.
  • the content can include user data and other information stored in the existing memory card.
  • the user data may include the protected or unprotected content or files and the clear content stored in the existing memory card.
  • the other information from the existing memory card can include configuration information, account information, hidden partition, user data information, and any other information associated with the existing memory card.
  • the configuration information indicates how the content is organized and stored within the existing memory card.
  • the account information can be any information associated with the accounts in the existing memory card, such as the account identifier, the credentials associated with the account identifier, and the account hierarchy, for example.
  • the account hierarchy provides information about which accounts have a greater access level relative to the other accounts. Additionally, an account can be created by another account, so the account hierarchy also indicates how the accounts were created.
  • the hidden partition information may include the partition names and sizes for example.
  • Th e user data information may include the permissions associated with the user data (e.g. CEK, rights objects for DRM, etc.).
  • the upgrade application 300 may also provide to the TTP 310 any other information that the memory card 125 may store, such as the existing memory card ClD for example.
  • the upgrade application 300 deletes the content of the existing memory card at step 468 as represented by arrow 266.
  • the upgrade application 300 notifies the user to insert the new memory card once the information and content from the existing memory card have been successfully transferred to the TTP 310 and deleted from the existing memory card (step 470).
  • the upgrade application 300 determines whether the new memory card has been inserted in the handset 105 (step 472).
  • Figure 8C depicts the system after the existing non-volatile memory card 125 has been removed and the new non-volatile memory card 125' has been inserted.
  • the upgrade application 300 sends an upgrade or download request represented by arrow 268 at step 474 to the TTP for the content and configuration information previously uploaded from the existing memory card 125.
  • the download request will include the CID of the new and existing memory card.
  • the TTP 310 checks if the CID received at step 474 from the upgrade application matches the new memory card's CID that was received at step 454. If the CID received at step 474 does not match the CID received at step 454, the TTP returns an error to the upgrade application 300 (step 478).
  • the upgrade application 300 downloads the configuration information for the partitions and accounts from the TTP 310 at step 480 as represented by arrow 270.
  • the upgrade application 300 directs the new memory card to recreate the partitions based on the configuration information as represented by arrow 272.
  • the upgrade application 300 then downloads the account information, such as the account identifiers, the credentials, and the permissions from the TTP 310 as represented by arrow 274.
  • the upgrade application 300 directs the new memory card at step 486 to create new accounts based on the account information and credentials received from the TTP 310 as represented by arrow 276.
  • the upgrade application 300 downloads the content including corresponding permissions (e.g. CEK, rights objects, etc.) from the TTP 310 at step 488 as represented by arrow 278.
  • the upgrade application 300 directs the new memory card to save the content and the permissions in the appropriate locations as represented by arrow 280.
  • the upgrade application 300 also associates the content with the appropriate accounts.
  • the accounts for content that have a binding type associated with the memory card 125 are modified. Additionally, the credentials associated with that content are modified as well so that the content with a memory card binding type will be associated with the new memory card.
  • the upgrade application 300 directs the TTP 310 at step 492 to delete the content stored on the TTP 310 from the existing memory card 125 as represented by arrow 282.
  • Figure 10 describes one process for saving content on the new memory card (step 490 of Figure 9).
  • This process includes modifying the portion of the content that has a memory card binding type. Because that portion of the content has been associated with an account identifier and a credential that were calculated based on the CID for the existing memory card, that portion of the content should be modified so that it is associated with an account identifier and a credential that are calculated based on the ClD for the new memory card. Additionally, a portion of the credentials in the SlM card 1 15 that were calculated based on the ClD of the existing memory card should be modified so that the SIM card 115 stores new credentials calculated based on the CID for the new memory card.
  • the upgrade application 300 accesses the appropriate identification values based on the memory card binding rules of the accounts downloaded from the TTP 310. These identification values may be the CID for the new memory card.
  • the upgrade application 300 uses those identification values to calculate new account identifiers using the memory card binding rules for the accounts that have a memory card binding type (step 502).
  • the upgrade application 300 sends the new account identifiers and the identification values to the SIM applet 140 on the new SIM card (step 504).
  • the SIM applet 140 uses the account identifiers and the identification values sent from the upgrade application 300 to calculate new credentials for the accounts having a memory card binding type (step 506).
  • the SIM applet 140 also modifies the portion of the credentials associated with the existing memory card by saving the new credentials in the SIM card 1 15 and deleting the existing credentials for those accounts.
  • the SIM applet 140 sends the new credentials to the upgrade application 300 (step 508).
  • the upgrade application 300 then sends the new credentials and the new account identifiers to the new memory card to initiate the modification of the content having a memory card binding type (step 510).
  • the upgrade application 300 directs the new memory card to create new accounts for the existing accounts having a memory card binding type that were downloaded from the TTP 310 (step 512).
  • the upgrade application 300 then directs the new memory card to associate the new accounts with the new account identifiers and the new credentials (step 514).
  • the upgrade application 300 directs the new memory card to delegate the permissions for the existing accounts to the corresponding new accounts (step 516). Once the new accounts have been successfully created and associated with the new memory card, the existing accounts that were bound to the existing memory card are deleted from the new memory card (step 518).
  • Figure 1 1 describes one example of how a secure channel 315 is created for the transmission of data between the handset 105 and the TTP 310, such as transferring the credential in step 406 of Figure 6 or transferring the content in step 466 of Figure 9.
  • the host agent 175 creates a session for transferring the data.
  • the session is created by associating the session with a session ID, which is a unique identifier for the session that is created for the transfer.
  • the session ID is associated with a session key, which is an encryption key used to encrypt the data.
  • the host agent 175 encrypts the content (e.g.
  • the host agent 175 sends the session ID to the TTP 310 (step 522).
  • the TTP 310 has a record of which session keys are associated with which session IDs, so the TTP 310 is able to look up the session key that corresponds to the session ID sent by the host agent 175.
  • the host agent 175 sends the encrypted version of the content to the TTP 310 (step 524).
  • the TTP 310 can decrypt the content received from the host agent 175 using the session key associated with the session ID that was sent to the TTP 310 from the host agent 175 (step 526).
  • Figure 12 describes one example of a process for transferring clear content (i.e. unprotected content in a public partition). Because clear content is openly accessible to any entity, the clear content is not associated with an account. Therefore, the steps in Figure 9 and Figure 10 may not be required for clear content.
  • the upgrade application 300 in the host agent 175 uploads the clear content from the existing memory card to temporary storage, for example, the TTP or a computing device or storage medium that is in communication with the existing memory card.
  • the host agent 175 can upload the clear content from the existing memory card to the handset 105 if the handset 105 has enough internal memory to serve as the temporary storage.
  • the upgrade application 300 downloads the clear content from the temporary storage to the new memory card once the temporary storage is in communication with the new memory card.
  • Figure 13 describes one example of a process for encrypting and decrypting the protected content in the memory card using the CEK.
  • the protected content in the existing memory card should be decrypted using the CEK before it is sent to the TTP 310 (step 540).
  • the CEK for the content is indicated by the permissions associated with the content.
  • the upgrade application 300 uploads the decrypted content to the TTP 310 using the secure channel 315 (step 542 and step 466 of Figure 9).
  • the upgrade application 300 downloads the protected content, along with the rights objects associated with the protected content, from the TTP 310 using the secure channel 315 (step 544 and step 488 of Figure 9).
  • the upgrade application 300 sends the content to the new memory card and directs the new memory card to encrypt the protected content using the CEK (step 546).
  • the new memory card saves the encrypted content in the correct locations (step 548 and step 490 of Figure 9).
  • Embodiments in accordance with the present disclosure may also be used to provide access to content on a first memory device that is bound to a second memory device, where the first memory device and second memory device are operatively coupled to different host devices.
  • the first memory device may be any non-volatile storage device, such as a removable non-volatile flash memory card for example.
  • the first memory device is operatively coupled to a first host device.
  • the first memory device may be operated through a host agent on the first host device.
  • the first host device may be any electronic device, such as a cellular telephone, digital camera, mobile media player, personal digital assistant, mobile computing device, non-mobile computing device, or any other device.
  • the second memory device is operatively coupled to a second host device through a host agent on the second host device.
  • the second memory device may also be any non-volatile storage device, such as a Subscriber Identity Module (SIM) card for example.
  • SIM Subscriber Identity Module
  • the first memory device is associated with the second memory device.
  • both memory devices can be operated through one host device using the host agent on one host device.
  • the host agent may be any software entity on the host device and can be used to operate the memory devices through the host device, such as an application installed on the host device. The host agent allows access to the memory devices.
  • the host agent on the first host device calculates an account identifier associated with the requested content.
  • the account identifier is sent to a server.
  • the server can be operated by a network service provider for the host devices, such as a mobile network operator (MNO), or by any third-party.
  • MNO mobile network operator
  • the server is a trusted third-party (TTP) server.
  • TTP trusted third-party
  • the server will be referred to as a TTP.
  • the technology is not limited to this embodiment, and any server can be used with the disclosed technology.
  • the second memory device in the second host device will use the account identifier to calculate a credential.
  • the credential is sent from the second host device to the server and then from the server to the host agent on the first host device. If the credential is valid, the card will allow applications on the device to access to the requested content. The card can return the login status to the host agent.
  • FIG. 14 depicts a block diagram of one system used to access content on a memory card in a first host device 304, wherein the memory card is bound to a SIM card operated in a second host device 305.
  • the system includes the first host device 304, which operates the SIM card 1 15 using the first device host agent 175.
  • a second host device 305 operates the memory card 125 through a second device host agent 175A on the second host device 305.
  • the first and second host devices 304 and 305 may be any electronic device, such as a mobile telephone, a media player, a mobile computing device, a non-mobile computing device, a personal digital assistant, or any other device. The two devices need not be of the same type.
  • the host agent 175 A on the second host device 305 is similar to the host agent 175 on the first host device 304, both of which are as described in Figure 2.
  • a TTP 310 is used to access a credential 135 from the SIM card 1 15 on the first host device 304 so that the second host device 305 may use that credential 135 to access content on the memory card 125.
  • the TTP 310 can be any server, such as a trusted third-party server for example.
  • the second host device 305 communicates with the TTP 310 through channel 2 320.
  • the handset 105 communicates with the TTP 310 using channel 1 315.
  • the host agent 175A accesses the binding type associated with the requested content in the storage area 150 through the control circuitry 145 and calculates an account identifier based on the binding type, as described in Figure 2.
  • Channel 2 320 is a secure channel that may transmit data over-the-air (OTA) using telecommunication capabilities of the second device 305 if the second device 305 is capable of doing so.
  • Channel 2 320 may also transmit data through the internet or other network if the second device 305 is capable of accessing the internet or other network.
  • a secure channel facilitates transmission of data that is encrypted before it is sent through the channel and decrypted after it is received through the channel to prevent another entity from acquiring the data during transmission through the channel.
  • a secure channel is created by initiating a session for transmission. The session is assigned a session ID.
  • Each session ID is associated with a session key, which is an encryption key used to encrypt the data to be transmitted.
  • the session IDs and their corresponding session keys may be located in a reference table maintained by the host agent 175A.
  • the host agent 175A opens a session by assigning a session ID to the session.
  • the host agent 175A encrypts the account identifier using the session key associated with the session ID for that session.
  • the host agent 175A sends the session ID to the TTP 310 and then transmits the encrypted account identifier to the TTP 310 through channel 2 320.
  • the TTP 310 maintains a reference table for the session IDs similar to that maintained by the host agent 175 A.
  • the TTP 310 can use the session ID sent by the host agent 175A to decrypt the received account identifier using the session key associated with that session ID.
  • the encryption and decryption of content for a secure channel is performed by the host agent 175A, host agent 175, or TTP 310, which may support any encryption method such as symmetric encryption e.g., AES, DES, 3DES, etc.), cryptographic hash functions (e.g., SHA-I , etc.), asymmetric encryption (e.g., PKI, key pair generation, etc.), or any other cryptography methods.
  • the TTP 310 sends the account identifier to the handset host agent 175 through channel 1 315.
  • Channel 1 315 is also a secure channel which may transmit data OTA using the telecommunication capabilities of the handset 105.
  • TTP 310 may decrypt the account identifier received from the second device 305 and re-encrypt for transmission to handset 105.
  • the handset host agent 175 directs the SIM applet 140 to calculate the credential 135 using the account identifier for the requested content. When the credential 135 is calculated, the host agent 175 sends the credential to the TTP 310 through secure channel 1 315.
  • the TTP 310 stores a temporary credential 135A at the TTP for a limited amount of time.
  • the temporary credential 135A is stored so that the second device 305 may access the content again during the limited amount of time by providing the account identifier to the TTP 310, and the TTP 310 will not have to request the credential 135 from the SlM card 1 15 on the first host device 304 again.
  • the TTP 310 sends the credential 135 to the host agent 175A on the second device 305 through secure channel 2 320.
  • the host agent I 75A uses the credential 135 to access the content, as described in Figure 2.
  • the device host agent 1 75A also stores a temporary credential 1 35B for a limited amount of time as well so that the content may be accessed during the limited amount of time without having to recalculate another account identifier or credential 135.
  • the temporary credential 135B is stored by the device host agent 175A until the second device 305 is turned off.
  • FIG 15 is a flowchart of a process for accessing the content in a system similar to that shown in Figure 14.
  • the device host agent 175A on the second device 305 receives a request to access a file in the storage area 150 of the memory card 125 on the second device 305.
  • the device host agent 175A accesses the file header of the requested content through the control module 145 of the memory card 125.
  • the file header stores the binding type for the content, the location of the TTP 310, such as a Universal Resource Locator (URL) for the location of the TTP 310 for example, as well as the MSISDN of the SIM card 1 15 that is bound to the memory card 125.
  • the device host agent 175 A may access the binding type associated with the content, the TTP 310 location, and the MSISDN in step 605.
  • URL Universal Resource Locator
  • the device host agent 175A determines whether the requested content is preloaded or clear content. Preloaded content is preloaded onto the memory card 125 by the memory card 125 manufacturer. Preloaded content may be unprotected content or protected content stored in a public partition of the memory card 125. Clear content may be unprotected content stored in a public partition of the memory card 125. If the host agent 175A determines that the requested content is preloaded content, the host agent 175 A allows the requesting entity to access the content (step 615).
  • the host agent 175A determines whether the binding type accessed in step 605 is SlM card binding (step 620). Typically, content that is bound to the SIM card 1 15 can only be accessed when the memory card 125 is operated with the SIM card 1 15 on the same device. If the requested content has a SIM card binding type, the host agent 175A denies access to the content (step 625).
  • the host agent 175A determines whether the requested content has either a NetID or a CID binding type (step 630). If the requested content is not bound to the MNO or to the memory card 125, the host agent 175 A returns an error to the requesting entity (step 635). If the requested content is bound to the MNO or the memory card 125, the device host agent 175A accesses the appropriate identification values based on the binding type (step 640). For example, if the requested content is bound to the MNO, an identification value for the MNO (e.g. MCC, MNC) is accessed. If the requested content is bound to the memory card 125, an identification value for the memory card 125 (e.g. ClD) is accessed.
  • MNO an identification value for the MNO
  • MNC an identification value for the memory card 125
  • the device host agent 175A uses the accessed identification value to calculate an account identifier based on the binding type.
  • the account identifier is calculated as described in step 215 of Figure 2 and in Figure 3.
  • the device host agent 175A locates the TTP 310 using the TTP location accessed in step 605 and sends the account identifier, the identification values accessed in step 640, the MSISDN accessed in step 605, and the binding type accessed in step 605 to the TTP 310 through secure channel 2 320 (step 650).
  • the device host agent 175A may use an API to send the information to the TTP 310 and request the credential 135.
  • An example of the API may be a GetCredential command which contains the following parameters: CID, NetID (which may be "'null” if the requested content is not bound to the MNO), MSISDN, and the account identifier.
  • the host agent I 75A may use this API command to transfer the data to the TTP 310 through secure channel 2 320 by assigning a session ID for the data. Additionally, the TTP 3 10 maintains a database that may store the information, such as the CID, NetID. MSISDN, the account identifier, etc. [00115]
  • the TTP 310 uses the MSISDN to locate the handset 105 with the SIM card 1 15 (step 655).
  • the TTP 310 sends the account identifier, the identification values (e.g. NetID, CID), and the binding type to the host agent 175 on the handset 105 through the secure channel 1 315, and the host agent 175 sends the information to the SIM applet 140 on the SIM card 1 15 (step 660).
  • the SIM applet 140 uses the received information to calculate the credential 135 based on the binding type of the requested content.
  • the credential 135 is calculated as described in step 205 of Figure 2 and in Figure 4.
  • the SlM applet 140 sends the credential 135 to the TTP 310 using secure channel 1 315 (step 670).
  • the TTP 310 saves a temporary credential 135A for a limited amount of time (step 675).
  • the temporary credential 135A is stored in the database that is maintained at the TTP 310. That is, the temporary credential 135A and the time the temporary credential 135A should be deleted from the TTP 310 is maintained in the database with the CID, NetID, MSISDN, and account identifier.
  • the TTP 310 sends the credential 135 to the device host agent 175 A on the other device 305 using secure channel 2 320 (step 680).
  • the device host agent 175A decrypts the received credential sent through the secure channel and saves a temporary credential 135B in the host agent 175 A for a limited amount of time (step 685). After the limited amount of time, the device host agent 175A deletes the temporary credential I 35B.
  • the device host agent 175A uses the credential 135 and the account identifier to attempt to log in to the account associated with the requested content (step 690). The device host agent 175A determines whether the log in was successful (step 692).
  • the device host agent I 75A determines whether the credential is valid for the account associated with the account identifier. If the credential is not valid, the device host agent 175A returns an error to the requesting entity (step 695). If the credential is valid, the device host agent 175A accesses the requested content from the memory card 125 (step 698).
  • Figure 16 is a flowchart of a process for accessing other content in the memory card 125 on the second device 305 after a credential for that content has previously been requested.
  • the previous request for content may be similar to that described in Figure 15.
  • the device host agent 175A on the second device 305 receives another request to access a file stored in the memory card 125.
  • the device host agent 175A determines whether the requested content is preloaded or clear content (step 705). If the requested content is preloaded or clear content, the device host agent 175A allows access to that content (step 710). If the requested content is not preloaded or clear content, the device host agent 175A determines whether the requested content has a SIM card binding type (step 715).
  • the device host agent 175A denies access to the requested content (step 720). If the requested content is not bound to the SIM card 1 15, the device host agent 175A determines whether the requested content is bound to the MNO or the memory card 125 (step 725). If the requested content is not bound to the MNO or the memory card 125, the device host agent 175A returns an error to the requesting entity (step 730).
  • the device host agent 175A determines whether the device host agent 175 A already has a temporary credential 135B stored (step 735). If the device host agent 175A already has the temporary credential 135B, the device host agent 175A uses the temporary credential 135B to attempt to login and access the file (step 765). The memory card 125 allows the device host agent I 75A to access the file if the credential is valid (step 770).
  • the device host agent 175A If the device host agent 175A does not have a temporary credential 135B stored for the requested content, the device host agent 175A calculates an account identifier based on the binding type for the requested content (step 738). This is similar to steps 640-645 in Figure 15. The device host agent 175A accesses the TTP 310 using the TTP location that is stored in the file header for the requested content and sends the account identifier to the TTP 310 through secure channel 2 320 (step 740).
  • the TTP 310 checks if the account identifier received from the device host agent 175A is already stored in the TTP database with a temporary credential 135A (step 745). If the TTP 310 already has the temporary credential 135A associated with the account identifier, the TTP 310 sends the temporary credential 135A to the device host agent 175 A through secure channel 2 320 (step 755).
  • the device host agent 175 A uses the received credential 135A to store a temporary credential 135B in the device host agent 175A for a limited amount of time (step 760).
  • the device host agent 175A uses the temporary credential 135 A to attempt to log into the account associated with the account identifier to access the file (step 765).
  • the memory card allows the device host agent 175A to access the file if the credential is valid (step 770).
  • the TTP 310 uses the account identifier received in step 740 to request the credential from the SIM card 1 15 (step 750). That is, steps 455-480 of Figure 6 are performed since a credential has not previously been requested for the requested content.
  • the TTP 310 obtains the credential 315 from the handset 105, saves the temporary credential 135A at the TTP 3 10, and sends the credential to the second device 305 (see Figure 15, steps 655-680 for more detail).
  • FIG. 17 illustrates a memory device 870 having read/write circuits for reading and programming a page of memory cells (e.g., NAND multi-state flash memory) in parallel.
  • the memory device 870 can be the SlM card 1 15 or the memory card 125.
  • Memory device 870 may include one or more memory die or chips 805.
  • Memory die 805 includes an array (two-dimensional or three dimensional) of memory cells 800, control circuitry 810, and read/write circuits 835A and 835B.
  • access to the memory array 800 by the various peripheral circuits is implemented in a symmetric fashion, on opposite sides of the array, so that the densities of access lines and circuitry on each side are reduced by half.
  • the read/write circuits 835A and 835B include multiple sense blocks 845 which allow a page of memory cells to be read or programmed in parallel.
  • the memory array 800 is addressable by word lines via row decoders 865A and 865B and by bit lines via column decoders 840A and 840B.
  • a controller 855 is included in the same memory device 870 (e.g., a removable storage card or package) as the one or more memory die 805. Commands and data are transferred between the host and controller 855 via lines 860 and between the controller and the one or more memory die 805 via lines 850.
  • Control circuitry 810 cooperates with the read/write circuits 835A and 835B to perform memory operations on the memory array 800.
  • the control circuitry 810 includes a firmware module 815, a state machine 830, an on-chip address decoder 825 and a power control module 820.
  • the firmware module 815 provides the security features of the memory device 870, such as encryption and decryption for example.
  • the state machine 830 provides chip-level control of memory operations.
  • the on-chip address decoder 825 provides an address interface between that used by the host or a memory controller to the hardware address used by the decoders 840A, 840B, 865 A, and 865B.
  • the power control module 820 controls the power and voltages supplied to the word lines and bit lines during memory operations.
  • power control module 820 includes one or more charge pumps that can create voltages larger than the supply voltage.
  • control circuitry 810 power control circuit 820, decoder circuit 825, state machine circuit 830, firmware module 815, decoder circuit 840A, decoder circuit 840B, decoder circuit 865A, decoder circuit 865B, read/write circuits 835A, read/write circuits 835B, and/or controller 855 can be referred to as one or more managing circuits.
  • the one or more managing circuits can perform memory access processes as described herein.
  • Figure 18 depicts an exemplary structure of memory cell array 800.
  • the array of memory cells is divided into a large number of blocks (e.g., blocks 0 - 1023, or another amount) of memory cells.
  • the block can be the unit of erase.
  • Each block can contain the minimum number of memory cells that are erased together. Other units of erase can be used as well.
  • a block contains a set of NAND stings which are accessed via bit lines (e.g., bit lines BLO - BL69623) and word lines (WLO, WLl , WL2, WL3).
  • Figure 17 shows four memory cells connected in series to form a NAND string. Although four cells are shown to be included in each NAND string, more or less than four can be used (e.g., 16, 32, 64, 128 or another number or memory cells can be on a NAND string).
  • One terminal of the NAND string is connected to a corresponding bit line via a drain select gate (connected to select gate drain line SGD), and another terminal is connected to the source line via a source select gate (connected to select gate source line SGS).
  • bit lines are divided into odd bit lines and even bit lines.
  • memory cells along a common word line and connected to the odd bit lines are programmed at one time, while memory cells along a common word line and connected to even bit lines are programmed at another time.
  • all memory cells connected to a common word line are programmed together.
  • Each block is typically divided into a number of pages.
  • a page is a unit of programming.
  • One or more pages of data are typically stored in one row of memory cells.
  • one or more pages of data may be stored in memory cells connected to a common word line.
  • a page can store one or more sectors.
  • a sector includes user data and overhead data (also called system data).
  • Overhead data typically includes header information and Error Correction Codes (ECC) that have been calculated from the user data of the sector.
  • ECC Error Correction Codes
  • the controller calculates the ECC when data is being programmed into the array, and also checks it when data is being read from the array.
  • the ECCs and/or other overhead data are stored in different pages, or even different blocks, than the user data to which they pertain.
  • a sector of user data is typically 512 bytes, corresponding to the size of a sector in magnetic disk drives.
  • a large number of pages form a block, anywhere from 8 pages, for example, up to 32, 64, 128 or more pages. Different sized blocks, pages and sectors can also be used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention porte sur une technologie de remplacement d'une première unité de stockage fonctionnellement couplée à un dispositif. Un contenu de la première unité de stockage est envoyé à une nouvelle unité de stockage qui sert à remplacer la première unité de stockage. Dans un mode de réalisation, le contenu est tout d'abord envoyé à un serveur tiers de confiance puis transféré du serveur à la nouvelle unité de stockage. Une partie du contenu sur la nouvelle unité de stockage est ajustée dans un mode de réalisation pour conserver des caractéristiques de sécurité de contenu qui ont été mises en œuvre dans la première unité de stockage. La mise à niveau peut être effectuée sous la commande d'une entité logicielle qui est installée sur le dispositif. Dans divers modes de réalisation, la première unité de stockage peut être liée à une troisième unité de stockage avant le procédé de mise à niveau. Dans de tels cas, le procédé peut comprendre des mesures pour lier la nouvelle unité de stockage à la troisième unité de stockage.
EP09791573A 2008-08-20 2009-08-17 Mise à niveau de dispositif mémoire Withdrawn EP2321759A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/229,165 US8984645B2 (en) 2008-08-20 2008-08-20 Accessing memory device content using a network
US12/229,090 US8428649B2 (en) 2008-08-20 2008-08-20 Memory device upgrade
PCT/US2009/054015 WO2010021975A2 (fr) 2008-08-20 2009-08-17 Mise à niveau de dispositif mémoire

Publications (1)

Publication Number Publication Date
EP2321759A2 true EP2321759A2 (fr) 2011-05-18

Family

ID=41282430

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09791573A Withdrawn EP2321759A2 (fr) 2008-08-20 2009-08-17 Mise à niveau de dispositif mémoire

Country Status (5)

Country Link
EP (1) EP2321759A2 (fr)
KR (1) KR20110057161A (fr)
CN (1) CN102203790A (fr)
TW (1) TW201013452A (fr)
WO (1) WO2010021975A2 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2580701A4 (fr) * 2010-06-10 2016-08-17 Ericsson Telefon Ab L M Equipement d'utilisateur et son procédé de commande
GB2499787B (en) * 2012-02-23 2015-05-20 Liberty Vaults Ltd Mobile phone
CN104145449A (zh) * 2012-02-29 2014-11-12 交互数字专利控股公司 在不进行定制或预付费协定的情况下进行网络接入和网络服务的提供
CN103309758B (zh) * 2012-03-15 2016-01-27 中国移动通信集团公司 一种卡应用下载的方法、系统和装置
GB2517732A (en) 2013-08-29 2015-03-04 Sim & Pin Ltd System for accessing data from multiple devices
CN109327492A (zh) * 2017-08-01 2019-02-12 联想企业解决方案(新加坡)有限公司 服务器识别设备和方法

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI308306B (en) * 2001-07-09 2009-04-01 Matsushita Electric Ind Co Ltd Digital work protection system, record/playback device, recording medium device, and model change device
WO2007068263A1 (fr) * 2005-12-12 2007-06-21 Telecom Italia S.P.A. Dispositif, système et procédé pour permettre l’accès autorisé à un contenu numérique
CN101127064A (zh) * 2006-08-18 2008-02-20 华为技术有限公司 一种备份和恢复许可证的方法及系统
JP2010509696A (ja) * 2006-11-14 2010-03-25 サンディスク コーポレイション コンテンツを別のメモリデバイスに結合する方法および装置
US8423794B2 (en) * 2006-12-28 2013-04-16 Sandisk Technologies Inc. Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications
WO2008080431A1 (fr) * 2006-12-29 2008-07-10 Telecom Italia S.P.A. Système et procédé permettant d'obtenir des objets de droits sur des contenus et module sécurisé conçu pour leur implémentation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2010021975A2 *

Also Published As

Publication number Publication date
CN102203790A (zh) 2011-09-28
KR20110057161A (ko) 2011-05-31
TW201013452A (en) 2010-04-01
WO2010021975A2 (fr) 2010-02-25
WO2010021975A3 (fr) 2010-04-22

Similar Documents

Publication Publication Date Title
USRE46023E1 (en) Memory device upgrade
US8984645B2 (en) Accessing memory device content using a network
US8966580B2 (en) System and method for copying protected data from one secured storage device to another via a third party
US9075957B2 (en) Backing up digital content that is stored in a secured storage device
US8171310B2 (en) File system filter authentication
US8621601B2 (en) Systems for authentication for access to software development kit for a peripheral device
US20090276474A1 (en) Method for copying protected data from one secured storage device to another via a third party
US20110131421A1 (en) Method for installing an application on a sim card
US11329814B2 (en) Self-encryption drive (SED)
US20130124854A1 (en) Authenticator
US8763110B2 (en) Apparatuses for binding content to a separate memory device
KR20100031497A (ko) 메모리로부터 헤더 데이터를 저장 및 액세싱하는 방법
US20080115211A1 (en) Methods for binding content to a separate memory device
EP2321759A2 (fr) Mise à niveau de dispositif mémoire
JP2010509696A (ja) コンテンツを別のメモリデバイスに結合する方法および装置
US20090293117A1 (en) Authentication for access to software development kit for a peripheral device
CN115037492A (zh) 基于在存储器装置中实施的安全特征的在线安全服务
CN114491682A (zh) 虚拟订户识别模块和虚拟智能卡
KR20120129871A (ko) 첫번째 액세스에서 콘텐트 바인딩
CN115021950A (zh) 用于端点的在线服务商店
CN115037493A (zh) 监测具有安全存储器装置的端点的完整性以用于身份认证
CN115037494A (zh) 无需预先定制端点的云服务登入
CN115037491A (zh) 具有被保护用于可靠身份验证的存储器装置的端点群组中的订阅共享
CN115037495A (zh) 身份验证期间跟踪具有安全存储器装置的端点的活动以用于安全操作
CN115021949A (zh) 具有被保护用于可靠身份验证的存储器装置的端点的识别管理方法和系统

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20110222

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

AX Request for extension of the european patent

Extension state: AL BA RS

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SANDISK TECHNOLOGIES INC.

17Q First examination report despatched

Effective date: 20120720

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20141216