JP7248754B2 - Data security system with cryptography - Google Patents

Description

The present invention relates generally to electronic devices, and more particularly to memory devices.

Security is an important issue in almost every aspect of computer use. Storage media such as hard disk drives connected to computers contain valuable information at risk of data theft. Considerable funds and efforts are made to protect personal, business, and government security information.

As portable memory storage devices become smaller, easier to lose, more ubiquitous and cheaper, and have more memory capacity, security concerns become more pronounced. Portables such as universal serial bus flash drives and micro drives, mobile phones, camcorders, digital cameras, iPODs, MP3/4 players, smart phones, palm computers, laptop computers, gaming devices, authenticators, tokens (including memory), etc. Large amounts of information can be covertly downloaded to a memory storage device, typically a mass storage device (MSD).

Specifically, there are various MSDs for backup, transfer, intermediate storage, and main storage that allow information to be easily downloaded from a computer and taken away. The primary purpose of any MSD is to store and retrieve "portable content", data and information that is tied to a specific owner rather than a specific computer.

The most common means of providing storage security is to authenticate users with passwords entered into computers. The password is verified against the MSD stored value and if matched, the drive will be opened. Alternatively, the password itself is used as an encryption key for encrypting/decrypting data stored on the MSD.

For drives that support on-the-fly encryption, the encryption key may be stored on the storage medium in encrypted form. Since the encryption key is stored on the storage medium, it is readily available to anyone wishing to bypass the standard interface and read the storage medium directly. A password is therefore used as a key to encrypt the encryption key.

For self-authenticating drives, their authentication subsystem is responsible for maintaining security and is not dependent on the host computer to which they are connected. Therefore, a password cannot (and need not) be sent from the host to unlock the MSD. In fact, it is no longer necessary to store cryptographic keys on storage media, and authentication subsystems have become a means of managing cryptographic keys.

Therefore, there is still a need for improved security. Finding solutions to these problems is critical in view of the ever-increasing commercial competitive pressures, along with rising consumer expectations and diminishing opportunities for meaningful product differentiation in the marketplace. In addition, the need to reduce costs, improve efficiency and performance, and meet competitive pressures has increased the urgency to find solutions to these problems.

Solutions to these problems have long been sought, but previous developments have not taught or suggested any solutions, and therefore solutions to these problems have long been elusive to those skilled in the art.

The present invention provides a method of operating a data security system, comprising the steps of providing a data security system application for connection with the data security system to a mobile device; and activating the data security system application. and maintaining a connection between the data security system and the mobile device.

The present invention is a data security system comprising a data security transceiver or receiver, an authentication subsystem operably connected to said data security transceiver or receiver, and a storage subsystem connected to said authentication subsystem. I will provide a.

Certain embodiments of the invention have other aspects in addition to or in place of those described above. Those aspects will become apparent to those skilled in the art upon reading the following detailed description with reference to the accompanying drawings.

1 is a schematic diagram of a data security system according to one embodiment of the present invention; FIG. FIG. 3 illustrates an authenticated key distribution method used with the data security system; FIG. 3 illustrates another system for user interaction with the data security system; FIG. 1 illustrates how a user interacts with a data security system using a host computer system; 1 illustrates a data security method with user verification for a data security system; FIG. 1 illustrates an exemplary data security communication system; FIG. FIG. 4 is an administrator sequence diagram showing the sequence of operations between the mobile device and the data security system; FIG. 4 is an unlocking sequence diagram when the mobile device is the authentication factor; FIG. 4 is an unlock sequence diagram showing unlocking using PIN entry from a mobile device; FIG. 4 is an unlock sequence diagram showing unlock with PIN entry and user ID/location/time verification via server/console; FIG. 4 is a reset sequence diagram showing resetting a data security system using a server/console; FIG. 4 is an unlock sequence diagram showing unlocking of the data security system using the server/console; User password change sequence diagram using the server/console.

The following embodiments are described in sufficient detail to enable those skilled in the art to make and use the invention. It is to be understood that other embodiments based on the present disclosure are apparent and that system, process, or mechanical changes may be made without departing from the scope of the present invention.

Numerous specific details are set forth below to provide a thorough understanding of the present invention. It may be evident, however, that the present invention may be practiced without these specific details. Some well known circuits, system configurations and processing steps have not been disclosed in detail to avoid obscuring the present invention.

Similarly, the drawings depicting embodiments of the system are semi-schematic and are not to scale and are shown exaggerated in the drawings, particularly for purposes of drawing clarity. Where multiple embodiments are disclosed and described that have certain features in common, similar or similar features are generally labeled with similar or identical references for clarity of illustration, description, and understanding thereof. Numbered and described. Similarly, although the views of the figures are shown in a generally similar orientation for ease of illustration, this manner of illustration is largely arbitrary. In general, the invention can be practiced in any orientation.

As used herein, the term "system" refers to and is defined as a method and apparatus of the present invention, depending on the context in which the term is used. As used herein, the term "method" refers to and is defined as the operating steps of an apparatus.

For convenience, and not by way of limitation, the term "data" is defined as information that can be generated by or stored in a computer. The term "data security system" is defined to mean any portable memory device incorporating a storage medium. As used herein, the term "storage medium" refers to and is defined as solid state, NAND flash, and/or magnetic data recording systems. The term "locked" refers to the data security system with the storage medium inaccessible, and the term "unlocked" refers to the data security system with the storage medium accessible.

There are generally two ways to make a storage device tamper-resistant, the first is to apply epoxy to the components, and the epoxy applied to the printed circuit board destroys the storage media. can make it difficult to disassemble the storage device without The second is a method of encrypting memory data, where the data is encrypted when written to the storage medium and an encryption key is required to decipher the data.

Referring to FIG. 1, a schematic diagram of a data security system 100 according to one embodiment of the invention is shown. The data security system 100 consists of an external communication channel 102 , an authentication subsystem 104 and a storage subsystem 106 .

Storage subsystem 106 is an electronic circuit that includes interface controller 108 , encryption engine 110 , and storage media 112 . Storage medium 112 includes internal or external hard disk drives, USB flash drives, solid state drives, hybrid drives, memory cards, tape cartridges, and optical discs (e.g., Blu-ray discs, digital versatile discs or DVDs, and compact discs or CDs). ) can be any optical medium. Storage media 112 may include data protection devices, archival storage systems, and cloud data storage systems. A cloud storage system is another system coupled to a host computer using a plug-in application or extension software installed in a browser application, or to a host computer via a wired or RF or optical wireless network. or access the World Wide Web.

Interface controller 108 includes an electronic component such as a microcontroller with a software or hardware encryption engine 110 , which may reside in a separate controller within storage subsystem 106 .

The authentication subsystem 104 is an electronic circuit that includes an authentication controller 114, such as a microcontroller, which itself may have non-volatile memory such as electrically erasable programmable read-only memory (EEPROM).

External communication channel 102 provides a means of exchanging data with host computer system 120 . Universal Serial Bus (USB) is one of the most common means of connecting data security system 100 to host computer system 120 . Other examples of external communication channels 102 include Firewire, wireless USB, serial ATA (SATA), high-definition multimedia interface (HDMI), RS-232 (Recommended Standard 232), and radio frequency wireless networks. be

Interface controller 108 can convert USB packet data into data that can be written to storage medium 112 in a USB flash drive.
Encryption engine 110 is implemented as part of interface controller 108 and receives cleartext and/or data (information) from host computer system 120 and converts it into an encrypted form that is written to MSD or storage medium 112 . Convert. Encryption engine 110 transforms encrypted information from storage medium 112 and decrypts it into clear information for host computer system 120 . The encryption engine 110 includes a cryptographic controller that has cryptographic functions to encrypt/decrypt data on-the-fly while managing communication protocols, memory, and other operating conditions, and a communication, cryptographic key management, and cryptographic controller. There may be two controller subsystems with a communication/security controller for handling communications of the .

Encryption engine 110 requires encryption key 116 to encrypt/decrypt information. Cryptographic key 116 is used in an algorithm (e.g., 256-bit Advanced Encryption Standard (AES) encryption) that encrypts/decrypts data with an encryption algorithm to render the data unreadable or readable. . Cryptographic key 116 may be stored either internal or external to authentication controller 114 .

Once user 122 with an identification number or key is verified against authentication key 118 , encryption key 116 is sent by authentication subsystem 104 to encryption engine 110 .
It has been found that the portable memory storage device of various embodiments of the present invention, through the use of authentication keys 118 and encryption keys 116, can provide an extremely high level of security previously unavailable in such devices. .

Once the data security system 100 is locked, the authentication key 118 remains internal to the authentication subsystem 104 and cannot be read externally. One way to hide authentication key 118 is to store authentication key 118 in authentication controller 114 within authentication subsystem 104 . Setting a security fuse in authentication control 114 makes it impossible to access authentication key 118 unless user 122 is verified and authentication control 114 authorizes retrieval. Many microcontrollers are equipped with safety fuses, and if the safety fuse blows, the internal memory becomes inaccessible. This is a well known and widely used security feature. Such a microcontroller can be used for authentication controller 114 . Authentication controller 114 may be a microcontroller or microprocessor.

The authentication key 118 can be used in several functions: 1... can be used as a cryptographic key 116 for directly encrypting/decrypting information; 2... a data security system that can be accessed by the interface controller 108. 3 . . . can be used for direct comparison by the interface controller 108 to activate the external communication channel 102 .

Referring to FIG. 2, an authenticated key distribution method used with data security system 100 is shown. In this figure, the authentication key 118 and the encryption key 116 are the same. Encryption engine 110 uses authentication key 118 as encryption key 116 .

User 122 must interact with authentication subsystem 104 by providing user identification information 202 (a number or key) to authentication subsystem 104 . Authentication subsystem 104 authenticates user 122 against authentication key 118 . Authentication subsystem 104 then sends authentication key 118 to interface controller 108 as encryption key 116 .

Encryption engine 110 within interface controller 108 uses its authentication key 118 to convert clear information to encrypted information and vice versa along channel 206 . Attempting to read encrypted information from storage medium 112 without encryption key 116 will only result in information that is unusable by any computer.

Referring to FIG. 3, another system for user 122 to interact with data security system 300 is illustrated. This interaction can be through communication combination 301, which can be through physical contact, a wired connection, or a wireless connection from a mobile phone, smartphone, smartwatch, wearable device, or other wireless device.

In one authentication system, mobile transceiver 302 is used to transmit user identification information 304 to data security transceiver 306 within authentication subsystem 310 . For illustrative purposes, multiple transceivers are used for the flexibility of two-way communication, but a combination of transceivers for one-way communication can also be used. Authentication subsystem 310 includes authentication controller 114 coupled to interface controller 108 within storage subsystem 106 . User identification information 304 is provided by mobile transceiver 302 from outside storage subsystem 106 of data security system 300 to data security transceiver 306 within authentication subsystem 310 . Wireless communication includes Wi-Fi, Bluetooth (BT®), Bluetooth Smart, Near Field Communication (NFC), Global Positioning System (GPS), Optical, Cellular (e.g., LTE-A), Code Division Including Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Universal Mobile Telecommunications System (UMTS), Wireless Broadband (WiBro), or Global System for Mobile Communications (GSM), etc. be able to.

Authentication subsystem 310 authenticates user 122 to authentication key 118 by virtue of the code sent from mobile transceiver 302 being matched against authentication key 118 . Authentication subsystem 310 then transmits cryptographic key 116 to interface controller 108 via communication combination 301 .

Encryption engine 110 then uses encryption key 116 to convert clear information to encrypted information and encrypted information to clear information along channel 206 . Attempting to read encrypted information from storage medium 112 without encryption key 116 would only yield information unusable by host computer system 120 .

In an optional second authentication mechanism, authentication subsystem 310 causes user 122 to use biometric sensor 320 to provide biometric input 322 to confirm the user's identity as an authenticated user. User 122 is authenticated against authentication key 118 by allowing the user 122 to authenticate. Types of biometrics include fingerprints, iris scans, and voiceprints.

In an optional third authentication mechanism, authentication subsystem 310 causes user 122 to use electromechanical input mechanism 330 to enter a unique code 332 to confirm the user's identity as an authenticated user. It authenticates the user 122 against the authentication key 118 by having it supplied. Unique code 332 may include a numeric, alphanumeric or alphabetic code, such as a PIN. Electromechanical input mechanism 330 resides within authentication subsystem 310 . Electromechanical input mechanism 330 receives a unique code 332 from user 122 from outside data security system 300 . Unique code 332 is provided to electromechanical input mechanism 330 within authentication subsystem 310 from outside storage subsystem 106 of data security system 300 .

Whichever method is used to verify user 122, authentication key 118 and encryption key 116 remain hidden until user 122 is authenticated.
Referring to FIG. 4, the manner in which user 122 interacts with data security system 400 using host computer system 120 is illustrated.

Host computer system 120 includes host application 402 . Host application 402 is software or firmware that communicates over external communication channel 102 of data security system 400 .

The host application 402 contains the serial number of an internal component (eg, hard drive), the media access control (MAC) address of the network card, the user's login name, the network Internet Protocol (IP) address, and the data security system created and stored on the host. Distributes a host identifier 406 associated with the environment, such as an ID created by a data security system and stored on a network. Host identifier 406 is used by authentication subsystem 408 within data security system 400 .

Once authentication subsystem 408 authenticates user 122 against authentication key 118 by verifying host identifier 406, data security system 400 is unlocked.

For example, user 122 connects locked data security system 400 to host computer system 120 . Host application 402 sends the MAC address of its network card to data security system 400 . The data security system 400 recognizes this MAC address as valid and unlocks without requiring the user 122 of FIG. 1 to enter user identification information. This is an example implementation that does not require interaction with the user 122 . In this case, it is the host computer system 120 and its associated environment that are being verified.

The data security system 400 provides the authentication key 118 stored in the authentication subsystem 104, verifies the host computer system 120 by the authentication subsystem 104, and passes the cryptographic key 116 to the storage subsystem 106 by the authentication subsystem 104. Presenting includes enabling access to the storage medium 112 by the storage subsystem 106 by decrypting the contents of the storage medium.

The data security system further includes an authentication subsystem 104 for interpreting biometric input and validating user 122 .
The data security system further includes using authentication key 118 directly as encryption key 116 .

The data security system further includes using the authentication key 118 to decrypt and retrieve the encryption key 116 used to decrypt the internal content.
The data security system further includes an authentication subsystem 104 for signal input interpretation and transmission unit verification.

The data security system further includes an authentication subsystem 104 for interpreting manually entered inputs and validating users 122 .
The data security system further includes an authentication subsystem 104 for interpreting input sent by the host resident software application for verification of the host computer system 120 .

The data security system is a cryptographic engine 110 external to the interface controller 108 that is connected to the external communication channel 102 for the purpose of converting clear data into encrypted data for unlocking the data security system 100 . Further includes a rendering engine 110 .

Referring to FIG. 5, a data security method 500 using user verification for the data security system 100 is shown. The data security method 500 includes the steps of verifying a user against an authentication key at block 502, using the authentication key to retrieve a cryptographic key at block 504, and transferring data between a host computer system and a storage medium at block 506. and using the cryptographic key to enable unencrypted communication through the storage subsystem of the.

Referring to FIG. 6, an exemplary data security communication system 600 is shown. Exemplary data security communication system 600 includes mobile device 610 , data security system (DSS) 620 , host computer 630 and server/console 640 . Mobile device 610 and server/console 640 are connected by a wired connection or by a wireless connection through cloud 650, which may be an Internet cloud. Mobile device 610 and data security system 620 are connected by communication combination 301 .

Communication combination 301 in exemplary data security communication system 600 includes mobile transceiver 612 in mobile device 610 having antenna 614 in wireless communication with antenna 622 of data security transceiver 624 in data security system 620 .

In one embodiment, mobile device 610 may be a smart phone. In mobile device 610 , mobile transceiver 612 may be connected with conventional mobile device components and with data security system SS) application 618 that provides information for use with data security system 620 .

The data security transceiver 624 is connected to a security controller 626, which contains identification information, passwords, profiles, etc. that can access the data security system 620, including those of different mobile devices. information can be retained. Security controller 626 is connected to subsystems similar to authentication subsystem 310 , storage subsystem 106 (which in some embodiments may have a cipher to encrypt data), and external communication channel 102 . be.

The external communication channel 102 is connectable to the host computer 630 and allows access to data within the storage subsystem 106 under prescribed circumstances.
An example implementation of data security system 620 may omit biometric sensor 320 and electromechanical input mechanism 330 of FIG. 3 and have only a wireless link to mobile device 610, such as a smart phone. It has been found that this implementation can make the data security system 620 more secure and useful.

The data security system application 618 allows the mobile device 610 to discover all data security systems near the mobile device 610 and indicate their status (locked/unlocked/blank, paired/unpaired, etc.). do.

Data security system application 618 allows mobile device 610 to connect/pair, lock, unlock, change name and password, and reset all data on data security system 620 .

The data security system application 618 allows the mobile device 610 to set an inactive auto-lock mode in which the data security system 620 automatically locks after a predetermined length of period of inactivity, or locks the mobile device for a predetermined period of time. Allow mobile device 610 to set a proximity auto-lock mode such that data security system 620 locks (to improve reliability and avoid signal debouncing) when device 610 is not within a predetermined proximity range. to

Data security system application 618 enables mobile device 610 to remember passwords and use TouchID and AppleWatch (both TouchID and AppleWatch are given as examples only, but have biometric sensors and wearables). (used in a similar mode where there are many other mobile devices), the data security system 620 can be unlocked without re-entering the password into the mobile device.

The data security system application 618 can configure the mobile device 610 to operate only when a particular mobile device, such as mobile device 610, is present to prevent other mobile devices from unlocking the data security system 620 ( 1 phone).

Data security system application 618 allows mobile device 610 to set data security system 620 to read-only mode.
Data security system application 618 allows mobile device 610 to operate in user mode or administrator mode (administrator mode ignores user settings) and use server/console 640 . Server/console 640 is a combination of a computer and a console for entering information into the computer.

Server/console 640 includes user management database 642 , which contains additional information that may be transmitted to mobile device 610 via cloud 650 to provide additional functionality to mobile device 610 .

User management database 642 allows server/console 640 to create and identify users using user IDs (usernames and passwords), prohibit/allow unlocking data security system 620, and provide remote help. enable

User management database 642 allows server/console 640 to remotely reset or unlock data security system 620 .
User management database 642 allows server/console 640 to remotely change data security system user PINs.

User management database 642 allows server/console 640 to restrict/authorize unlocking data security system 620 from specific locations (through the use of geofencing).

User management database 642 allows server/console 640 to restrict/allow unlocking of data security system 620 to defined time periods and different time periods.

User management database 642 allows server/console 640 to restrict unlocking of data security system 620 outside of a defined team/organization/network or the like.

Referring to FIG. 7, an administrator sequence diagram illustrating the operational sequence between mobile device 610 and data security system 620 is shown.
First, the connection state 700 between the data security system 620 and the mobile device 610 is established through mutual discovery of the device and the system, pairing of the device and the system, and connection of the device and the system. This connection state 700 is protected through the use of a shared secret, which is used to secure (encrypt) communications between the data security system 620 and the mobile device 610 during subsequent communication sessions. be done. Standard encryption algorithms are selected that are efficient to run on the data security system 620 and are approved by global security standards.

As long as the data security system 620 and the mobile device 610 are within a predetermined distance of each other, the connected state 700 is maintained by the data security system application 618 or by the security controller 628 or both in cooperation. If away from that predetermined distance, the data security system 620 will be locked after the connected state 700 has been maintained for a predetermined period of time.

After connection between the mobile device 610 and the data security system 620 , a data security system administrator application initiation operation 702 is performed on the mobile device 610 . The administrator then sets a password at administrator password operation 704 . After connecting the mobile device 610 and the data security system 620 , the data security system 620 is powered and made discoverable by the host computer 630 within the data security system 620 in a data security system connect, power, discoverable operation 706 . are connected to the host computer 630 in FIG.

After administrator password operation 704 , mobile device 610 sends administrator password set and unlock signal 708 to data security system 620 . The set administrator password and unlock signal 708 causes a set administrator password and unlock data security system operation 716 in the data security system 620 .

Upon completion of the administrator password setting and data security system unlock operation 716 , a data security system unlock confirmation signal 712 is sent to the mobile device 610 to confirm the data security system unlock as an administrator operation 714 on the mobile device 610 . is executed. Upon confirmation of the data security system unlock as an administrator action 714, other set limit actions 716 are permitted to be performed using the mobile device 610. FIG. Another Set Limits operation 716 causes a Set Admin Limits signal 718 to be sent to the data security system 620 where the admin limits are set and a Set Limits Confirmation signal 720 is returned to the mobile device 610 . be done. Mobile device 610 and data security system 620 are then in fully operational communication.

Because it is possible to communicate with the data security system 620 without having physical contact with the data security system 620, important interactions with the data security system 620 include printing on the data security system 620 itself or 620 package and is readily available to the owner of the data security system 620.

This unique identifier (unique ID) is required when requesting an operation that affects user data, such as unlocking or resetting the data security system 620 . Attempts to perform these actions without the correct identifier will be ignored and sanitized. This unique identifier allows the user to have physical control over the data security system 620 and establishes a connection state 700 between an authenticated and previously paired device and system, such as the mobile device 610 and the data security system 620 . is used to identify the data security system 620 to the mobile device 610 in a manner to verify that the Once the devices are paired, they use a shared secret to keep their communications confidential.

Pairing involves establishing and maintaining a unique and defined relationship between the mobile device and the data security system at some point in the past.
The unique identifier gives the user some control over the data security system while the user has physical control over the data security system.

To increase the security of communication with the data security system 620 when the mobile device 610 is a smart phone, the user may choose to enable features such as the feature referred to in this embodiment as "1Phone". This feature limits significant user interaction with the data security system 620 to only one mobile device 610 . This is done by replacing the data security system unique identifier described above with a random identifier that is securely shared between the data security system 620 and the mobile device 610 . Thus, for example, when the user unlocks the data security system 620, instead of presenting the data security system unique identifier, he must present the 1Phone identifier. In effect, this makes the user's mobile device 610 a second authentication factor for using the data security system 620 in addition to the PIN or password. As an example, a paired user phone selected as "1Phone" can be used without a PIN and can be used as a single factor of user authentication and/or in combination with other user authentication factors. If this feature (1Phone) is selected, no other phone can open the data security system 620 unless Admin Unlock was previously enabled.

It will be appreciated that other embodiments may require an administrator password on the data security system 620 to use the 1Phone feature. In another embodiment, the server/console 640 may enable the data security system 620 to recover if the 1Phone data of the mobile device 610 is lost.

A user can enable the proximity auto-lock feature of the data security system 620 . During the communication session, data security transceiver 624 of FIG. 6 reports signal strength measurements of mobile device 610 to data security system 620 . The data security system application 618 on the mobile device 610 transmits to the data security system 620 both the source's signal power level and the proximity range threshold.

Since signal strength varies with environmental conditions around the transceiver, data security system 620 mathematically smoothes the signal strength measurements to reduce the likelihood of false positives. Data security system 620 immediately locks data security system 620 to prevent access to storage subsystem 106 of FIG.

Data security system 620 can be used in three different modes. a user mode in which the functionality of the data security system 620 can be determined by the user; an administrator password can be set by the administrator; Auto-Lock, Read-Only, 1Phone) and an administrator mode in which the server/console 640 can remotely reset the data security system 620, change user passwords, or unlock the data security system 620. It is a server mode that sets the administrator role for

Referring to FIG. 8, an unlock sequence diagram is shown when mobile device 610 is the authenticator. This diagram illustrates the automatic unlocking process of data security system 620 initiated by data security system application 618 from a particular mobile device, mobile device 610 . A user can only use a single mobile device that has been previously paired with data security system 620 . If the paired mobile device 610 is lost, it will not be possible to unlock the data security system 620 (unless the administrator password has been previously set as shown in FIG. 7).

Similar to FIG. 7, a data security system application start operation 800 occurs after the connection state 700 is established. After the data security system connect, power, discoverable operation 706, an unlock request signal 802 is sent from the mobile device 610 to the data security system 620 with the mobile device ID. A data security system unlock operation 804 is performed and a data security system unlock confirmation signal 712 is sent from the data security system 620 . After data security system unlock confirmation operation 806, mobile device 610 and data security system 620 are in a fully operational communication.

If no PIN (Personal Identification Number) is set, the paired mobile device is used as 1-authentication factor.
Referring to FIG. 9, an unlock sequence diagram illustrating the unlock operation using PIN entry from mobile device 610 is shown. This diagram shows the process of unlocking the data security system 620 by entering a PIN into the data security system application 618 within the mobile device 610 . The data security system 620 cannot be unlocked without entering the correct PIN.

Similar to FIGS. 7 and 8, a data security system application start operation 800 is followed by a username/password entry operation 900 . After the username/password entry operation 900 , the mobile device 610 sends a user ID verification signal 902 to the server/console 640 . Server/console 640 then performs username/password suitability determination 904 .

Once the username/password goodness determination 904 verifies the user, a good user signal 906 is sent to the mobile device 610 to prompt the user to enter the correct PIN at a PIN entry operation 908 on the mobile device 610 . Mobile device 610 then transmits unlock verification signal 910 to determine if the correct PIN was entered into server/console 640 .

Server/console 640 makes a user authentication decision 912 to determine whether the user is authorized to use a particular data security system (eg, data security system 620) that is PIN-authorized. If authenticated, an unlock authorization signal 914 is sent to the mobile device 610 and the mobile device 610 passes an unlock request signal 916 to the data security system 620 .

A data security system unlock operation 804 is performed, a data security system unlock confirmation signal 712 is sent to the mobile device 610, and a data security system unlock operation confirmation 806 is performed.

Referring to FIG. 10, an unlock sequence diagram illustrating the unlock operation using PIN entry and user ID/location/time verification via server/console 640 is shown. This illustration is illustrated by entering a PIN from a mobile device 610 into a data security system application 618 and confirming with a server/console 640 server using a user ID (username/password) and We illustrate the most secure process of unlocking the data security system 620 by verifying the geofencing permission to unlock the data security system 620 at . Data security system 620 is unlocked without entering a PIN, username and password, and without mobile device 610 being present at a particular (predetermined) location at a particular (predetermined) time. You can't.

Similar to FIGS. 7-9, at server/console 640, a designated data security system unlocker is provided to enable configuration of the conditions required for operation of a designated data security system, such as data security system 620. A lock operation 1000 is performed. For example, the condition may be within a particular geographic region and/or within a particular time frame.

At the mobile device 610 a current state determination is made, such as a get location and/or current time operation 1002 . This operation is performed to determine where mobile device 610 is located and/or the current time where mobile device 610 is located. Other current conditions around the mobile device 610 are determined and may be sent by the unlock verification signal 1004 to the server/console 640 where a conformance determination 1006 is made.

When the desired conditions are met, an unlock grant signal 1008 is sent to the mobile device 610 causing the PIN entry operation 908 to be performed. After entering the PIN, an unlock verification signal 1010 is sent along with the PIN and identification of the data security system 620 in operable proximity to the mobile device 610 . Once the verify unlock signal 1010 is received by the server/console 640, a data security system authorization decision 1012 is made to determine that the authorized user is authorized to unlock the specified data security system. Server/console 640 verifies that this "specific" user is authorized to use the designated data security system.

After determining that the correct information has been provided, server/console 640 provides unlock grant signal 914 to mobile device 610 and mobile device 610 provides unlock request signal 916 . The unlock request signal 916 activates the data security system 620 .

Referring to FIG. 11, a reset sequence diagram illustrating the operation of resetting data security system 620 using server/console 640 is shown. This diagram illustrates the ability to remotely reset data security system 620 via server/console 640 . Data security system 620 may only receive commands from mobile device 610 via the wireless connection. However, by setting a "reset" flag for a particular data security system (using a serial number) in server/console 640, data security system application 618 running on mobile device 610 can Any flags/pending requests in the user management database 642 will be queried at any time. When a user connects to the data security system 620, the data security system application 618 on the mobile device 610 will execute a "reset" wait command. After a successful reset (after all user data and credentials have been lost), the server/console 640 removes the reset flag so that the next time the mobile device 610 connects to a particular data security system, the reset will occur. Not executed.

Similar to FIGS. 7-10, the mobile device 610 responds to the proper user signal 906 by sending a wait for any command signal 1100 to the server/console 640 to make a reset command determination 1102 . When a reset command is present, a reset execute signal 1104 is sent to the mobile device 610 .

Mobile device 610 sends security system reset signal 1106 to data security system 620 to initiate data security system reset operation 1108 . Upon completion of data security system reset operation 1108, data security system 620 sends data security system reset confirmation signal 1110 to mobile device 610 to configure data security system reset confirmation operation 1112 to be performed. Mobile device 610 and data security system 620 are then in fully operational communication with reset data security system 620 .

Referring to FIG. 12, an unlock sequence diagram illustrating the operation of unlocking data security system 620 using server/console 640 is shown. This diagram illustrates the ability to remotely unlock data security system 620 via server/console 640 . Data security system 620 may only receive commands from mobile device 610 via the wireless connection. However, by setting an "administrator unlock" flag on the server/console 640 console for a particular data security system (using a serial number), the data security system application 618 running on the mobile device 610 can It will query the server/console 640 for any flags/pending requests. When the user connects to the data security system 620, the data security system application 618 on the mobile device 610 executes the "administrator unlock" wait command. After a successful administrator unlock, the user data remains intact, but the user password is deleted (the data security system 620 cannot be unlocked by the user). Server/console 640 removes the reset flag for data security system 620 so that the next time mobile device 610 connects to data security system 620 no reset is performed.

Similar to FIGS. 7-11, after receiving any command waiting signal 1100, the server/console 640 performs an unlock 1200 if there is a command to unlock with an administrator password. Once the administrator password unlock signal 1202 is sent to the mobile device 610 , the mobile device 610 provides an administrator password unlock signal 1204 to the data security system 620 to initiate the data security system unlock operation 804 . . Mobile device 610 and data security system 620 are then in fully operational communication.

Referring to FIG. 13, a user password change sequence diagram using server/console 640 is shown. This diagram illustrates the ability to remotely change user passwords for data security system 620 via server/console 640 . Data Security System 620 can only receive commands from Mobile Device 610 over a wireless connection, but set a "Change User Password" flag in Server/Console 640 console for a particular Data Security System (using serial number). This causes the data security system application 618 running on the mobile device 610 to query the server/console 640 for any flags/pending requests. When a user connects to his data security system 620, the data security system application 618 on the mobile device 610 executes the "change user password" wait command. After a successful unlock and password change, the data security system 620 can be unlocked with the new user password, while the user data remains intact. The server/console 640 removes the "change user password" flag for this data security system 620 so that the user password change will not be performed the next time the mobile device 610 connects to the particular data security system.

Similar to FIGS. 7-12, server/console 640 responds to any command waiting signal 1100 by making a password change decision 1300 . A password change at the server/console 640 causes a user password change signal 1302 to be sent to the mobile device 610 , which in turn sends a user password change signal 1304 to the data security system 620 . Mobile device 610 and data security system 620 are then in fully operational communication with the new password.

A method of operating a data security system includes providing a data security system application to a mobile device for connection with the data security system, activating the data security system application, and connecting the data security system and the mobile device. and maintaining the connection state of.

In the above method, maintaining the connected state maintains the connected state when the data security system is within a predetermined proximity range from the mobile device.
In the above method, maintaining the connected state maintains the connected state when the data security system is within a predetermined proximity range of the mobile device for a predetermined period of time.

In the above method, establishing the connection state includes using two-way communication between the data security system and the mobile device.
In the above method, establishing the connection state includes using unidirectional communication between the data security system and the mobile device.

The above method further comprises communication between the mobile device having the data security system application and a server containing a user management database.
The above method further comprises providing security information to a security controller of the data security system.

The above method comprises the steps of providing identification information of a designated data security system to a server; providing specific identification information to said data security system; and said identification information of said designated data security system being said and unlocking the data security system when identical to the specific identification.

In the above method, the step of providing the data security system application to a mobile device includes providing a data security system administrator application, further setting an administrator password to the mobile device; transmitting from a mobile device to the data security system; and setting the administrator password in the data security system to unlock the data security system.

The method comprises providing an unlock request from the mobile device to the data security system along with mobile device identification information, and receiving the unlock request at the data security system to unlock the data security system. Prepare more.

The above method comprises the steps of entering a username or password into the mobile device and determining when the username or password is valid at a server after receiving the username or password from the mobile device; communicating from the server to the mobile device when the username or password is valid; and from the mobile device when the username or password is valid to unlock the data security system. and communicating to the data security system.

The above method comprises the steps of entering a username or password into the mobile device and determining when the username or password is valid at a server after receiving the username or password from the mobile device. communicating from the server to the mobile device if the username or password is valid; and determining when the identification number is valid at the server after receiving an identification number from the mobile device. and unlocking the data security system via the mobile device if the server determines that the identification number is valid.

The above method comprises the steps of: providing a server with a valid location of the mobile device; determining at the server when the mobile device is at the valid location; and unlocking the data security system via the mobile device when determined by .

The above method comprises the steps of: providing to a server a current time of operation for the data security system on the mobile device; determining at the server when the mobile device is within the current time; unlocking the data security system via the mobile device when the server determines that it has the current time.

The above method includes the steps of providing a command to a server; providing the command from the server to the mobile device in response to a command waiting signal from the mobile device; and when the command is provided from the server. and executing the command at the data security system via the mobile device.

The above method comprises the steps of providing a password change command to a server; providing the password change command from the server to the mobile device in response to a password change signal from the mobile device; and unlocking the data security system with the changed password of .

The above method further comprises connecting the data security system to a host computer for power and making it discoverable by the host computer.
A data security system comprises a data security transceiver or receiver, an authentication subsystem operably connected to said data security transceiver or receiver, and a storage subsystem connected to said authentication subsystem.

The above system further comprises a security controller connected to said data security transceiver or receiver and said authentication subsystem.
The above system further comprises a mobile device having a data security system application cooperating with the security controller to maintain connectivity when the data security system is within a predetermined proximity range from the mobile device.

The above system further includes the mobile device having a data security system application cooperating with the security controller to maintain connectivity when the data security system is within a predetermined proximity range of the mobile device for a predetermined period of time. Prepare.

The above system further comprises the mobile device having a mobile transceiver or receiver for maintaining connectivity including using two-way communication between the data security system and the mobile device.

The above system further comprises the mobile device having a mobile transceiver or receiver for maintaining connectivity including using unidirectional communication between the data security system and the mobile device.

The above system further comprises a wired or wireless connection communication between the mobile device and the mobile device having the data security system application and the server containing the user management database, and the server containing the user management database.

In the above system, said data security system includes an external communication channel for connecting with a host computer.
Although the invention has been described in relation to a specific best mode, it should be understood that many alternatives, modifications and variations will be apparent to those skilled in the art in light of the foregoing description. Accordingly, it is intended to embrace all such alternatives, modifications and variations that fall within the scope of the appended claims. All matter contained in the specification or shown in the accompanying drawings is to be interpreted in an illustrative and non-limiting sense.

Claims (16)

A secure access device,
memory;
an interface controller coupled to the memory and for coupling to an external data channel, the interface controller configured to disable access to the memory through the external data channel until a user is authenticated; and,
an electromechanical input mechanism for entering a PIN code for authentication;
a radio transceiver for radio frequency communication outside the external data channel , the radio transceiver configured to receive a user code for authentication ;
an authentication subsystem configured to receive a PIN code for authentication via the electromechanical input mechanism and a user code for authentication via the wireless transceiver; further configured to send an unlock command to the interface controller to enable access to the memory via the external data channel after authenticating the PIN code or the user code. and the authentication subsystem ;
an application within a wireless device that communicates via the radio transceiver includes a user interface for entering the user code;
The application in the wireless device allows the wireless device to lock the external data channel, unlock the external data channel, change the user code, change the PIN code, and reset the secure access device. A secure access device that allows Claim further comprising a biometric sensor for receiving biometric input for authentication , wherein said authentication subsystem is configured to receive said biometric input for authentication via said biometric sensor. The secure access device according to Item 1. The secure access device of claim 1, wherein the PIN code for authentication is one of a numeric code, an alphanumeric code, or an alphabetic code. The secure access device of claim 1, wherein the electromechanical input mechanism receives the PIN code for authentication from outside the secure access device. encrypting data received over the external data channel before storing the encrypted data in the memory, and reading decrypted data from the memory before transmitting the decrypted data over the external data channel; The secure access device of Claim 1, further comprising a cryptographic engine for decrypting data. The user interface of the application includes one or more options for configuring the secure access device, the one or more options being: change PIN code ; change user code ; The secure access device of claim 1 , comprising resetting, operation of the secure access device with a particular mobile device, operation of the secure access device in user mode, and configuration of administrator mode. 2. The secure device of claim 1 , wherein a remote server enables the application in the wireless device to restrict usage of the secure access device to a predetermined geographic zone, a predetermined time period, or a combination thereof. access device. 2. The secure access apparatus of claim 1, wherein said authentication subsystem is further configured to receive host authentication information from a host device via said external data channel. a method,
an interface controller within a secure access device disabling access to memory within said secure access device via an external data channel until a user has been authenticated by said secure access device;
said secure access device receiving authentication information, said secure access device receiving a user code for authentication via a radio transceiver for radio frequency communication within said secure access device; and configured to receive a PIN code for authentication via an electromechanical input mechanism;
an authentication subsystem in the secure access device authenticating the PIN code for authentication received via the electromechanical input mechanism or the user code for authentication received via the wireless transceiver; ,
sending an unlock command from the authentication subsystem to the interface controller to allow access to the memory via the external data channel after the authenticating ;
after said authentication, said interface controller enabling access to said memory via said external data channel ;
an application within a wireless device that communicates via the radio transceiver includes a user interface for entering the user code;
The application in the wireless device allows the wireless device to lock the external data channel, unlock the external data channel, change the user code, change the PIN code, and reset the secure access device. A method that allows you to A secure access device,
memory;
an interface controller connected to said memory and connected to an external data channel for communicating with a host device from said host device via said external data channel until a user is authenticated for access to said memory; the interface controller configured to disable access to memory;
a radio transceiver for radio frequency communication outside the external data channel , the radio transceiver configured to receive a user code for authentication ;
an authentication subsystem configured to receive host authentication information from the host device via the external data channel and configured to receive a user code for authentication via the wireless transceiver; , after authenticating the host authentication information or the user code , sending an unlock command to the interface controller to enable access to the memory via the external data channel. an authentication subsystem ;
an application within a wireless device that communicates via the radio transceiver includes a user interface for entering the user code;
The application in the wireless device allows the wireless device to lock the external data channel, unlock the external data channel, change the user code, change the host authentication information, and unlock the secure access device. A secure access device that allows resetting . 11. The secure of claim 10 , wherein the application in the wireless device enables a remote server to restrict use of the secure access device to predetermined geographic zones, predetermined time periods, or a combination thereof. access device. 11. The application of claim 10 , wherein the application in the wireless device is configurable to set inactivity autolock to automatically lock the secure access device after a predetermined period of inactivity. Secure access device. 11. The secure access device of claim 10 , wherein the secure access device comprises a proximity autolock that locks the secure access device when a wireless device communicating via the radio transceiver is not within a predetermined proximity range for a predetermined period of time. Secure access device. 11. The secure access device of Claim 10 , wherein the secure access device is configured to interface with a host application that supplies the host authentication information. The wireless device is configured to interact with a remote server to verify the user code to allow access over the external data channel , the remote server transmitting an unlock authorization signal to the 11. The secure access device of claim 10 , wherein, after transmitting to a wireless device , an unlock request signal is received from said wireless device via said wireless transceiver. a method,
an interface controller within a secure access device disabling access to memory within said secure access device via an external data channel until a user has been authenticated by said secure access device;
said secure access device receiving authentication information from said user code and host device for authentication via a radio transceiver for radio frequency communication within said secure access device; receiving the authentication information, configured to receive host authentication information via an external data channel;
an authentication subsystem in the secure access device authenticating the host authentication information received via the external data channel or the user code for authentication received via the wireless transceiver;
sending an unlock command from the authentication subsystem to the interface controller to allow access to the memory via the external data channel after the authenticating ;
after said authentication, said interface controller enabling access to said memory via said external data channel ;
an application within a wireless device that communicates via the radio transceiver includes a user interface for entering the user code;
The application in the wireless device causes the wireless device to lock the external data channel, unlock the external data channel, change the user code for authentication, change the host authentication information, A method that allows resetting a secure access device .

Images