US20160259736A1 - Encryption bridge system and method of operation thereof - Google Patents

Encryption bridge system and method of operation thereof Download PDF

Info

Publication number
US20160259736A1
US20160259736A1 US15/068,309 US201615068309A US2016259736A1 US 20160259736 A1 US20160259736 A1 US 20160259736A1 US 201615068309 A US201615068309 A US 201615068309A US 2016259736 A1 US2016259736 A1 US 2016259736A1
Authority
US
United States
Prior art keywords
encryption
authenticating
control module
self
decryption control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/068,309
Inventor
Lev M. Bolotin
Simon B. Johnson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Clevx LLC
Original Assignee
Clevx LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/652,035 external-priority patent/US20100174913A1/en
Application filed by Clevx LLC filed Critical Clevx LLC
Priority to US15/068,309 priority Critical patent/US20160259736A1/en
Assigned to CLEVX, LLC reassignment CLEVX, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BOLOTIN, LEV M., JOHNSON, SIMON B.
Publication of US20160259736A1 publication Critical patent/US20160259736A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/15Use in a specific computing environment
    • G06F2212/154Networked environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present invention relates generally to mass storage devices, and more specifically to an apparatus and method of controlling encryption between a host computer system and a mass storage device.
  • Encryption is typically the means to hide sensitive information. It is a complex process that hides data so that it cannot be interpreted until a correct decryption key is used to decode the data.
  • a computer is generally used to access data in internal as well as external mass storage devices. Data is encrypted prior to storing and decrypted upon retrieval.
  • Encryption provided by a computer, consumes system resources whether the encryption is applied to internal or external storage devices.
  • the computer requires higher performance hardware to reduce system burden.
  • a better solution is to put the burden of encryption on the mass storage device to free up computer resources. It then becomes a simple matter of connecting the mass storage device to the computer with no complex formatting and partitioning required on the computer end.
  • An encryption bridge may be used to connect a computer with an external mass storage device reduces the burden on computer resources and is more cost effective than purchasing multiple self-encrypting drives but allows access to secured data just by having possession of the encryption bridge.
  • the present invention provides a method of operation of a self-authenticating encryption bridge including: locking a user input module until a user has been authenticated; encrypting or decrypting data in an encryption/decryption control module when the user has been authenticated in the user input module; transferring encrypted data from a mass storage device to the encryption/decryption control module in a first communication channel; and transferring clear data to a computer from the encryption/decryption control module in a second communication channel.
  • the present invention further provides a self-authenticating encryption bridge including: a user input module for remaining locked until a user has been authenticated; an encryption/decryption control module responsive to the user input module for encrypting or decrypting data when the user has been authenticated; a first communication channel for transferring encrypted data from a mass storage device to the encryption/decryption control module; and a second communication channel for transferring clear data to a computer from the encryption/decryption control module.
  • a self-authenticating encryption bridge including: a user input module for remaining locked until a user has been authenticated; an encryption/decryption control module responsive to the user input module for encrypting or decrypting data when the user has been authenticated; a first communication channel for transferring encrypted data from a mass storage device to the encryption/decryption control module; and a second communication channel for transferring clear data to a computer from the encryption/decryption control module.
  • FIG. 1 is a block diagram of the components of an encryption bridge system in accordance with an embodiment of the present invention.
  • FIG. 2 is a block diagram of a self-authenticating encryption bridge in accordance with a further embodiment of the present invention.
  • FIG. 3 shows a flow chart of a method for validating a user and transferring data in accordance with a still further embodiment of the present invention.
  • FIG. 4 shows a block diagram of a self-authenticating encryption bridge with multiple encryption keys in accordance with an additional embodiment of the present invention.
  • FIG. 5 is a block diagram of a mass storage device with an integrated self-authenticating encryption bridge in accordance with a further additional embodiment of the present invention.
  • FIG. 6 is a flow chart of a method of operation of an encryption bridge system in a further embodiment of the present invention.
  • the encryption bridge system 100 is composed of a self-authenticating encryption bridge 102 connected to a host computer system 104 on an unencrypted or a clear data communication channel 106 and to a storage system such as a mass storage device 108 on an encrypted data channel 110 .
  • the host computer system 104 sends unencrypted data to the self-authenticating encryption bridge 102 .
  • the data is intended to be stored on the mass storage device 108 .
  • the self-authenticating encryption bridge 102 encrypts the data and forwards it on to the mass storage device 108 .
  • the mass storage device 108 sends data to the self-authenticating encryption bridge 102 intended to be received by the host computer system 104 .
  • the self-authenticating encryption bridge 102 decrypts the data and forwards it on to the host computer system 104 .
  • the self-authenticating encryption bridge 102 remains locked until an authorized user has been authenticated.
  • the users must interact with the self-authenticating encryption bridge 102 in order to validate themselves as authorized users and enable the encryption/decryption process.
  • the self-authenticating encryption bridge 200 is a bridge than can be used to identify one or more users and is composed of two modules: an encryption/decryption control module 202 (shortened to encryption control module in the FIGS.) and a user input module 204 .
  • an authentication parameter module 206 for releasing an encryption key in an encryption key module 208 .
  • the user must identify himself or herself by entering authentication information using the user input module 204 .
  • the authentication information can be a PIN (Personal Identification Number), radio frequency, light, biosignature, or other signal entered wirelessly or by wire to the user input module 204 .
  • the encryption/decryption control module 202 verifies a user's identity against authentication parameters in the authentication parameter module 206 .
  • the verification process involves the authentication parameter module 206 providing a signal with authentication parameters to the user input module 204 for comparison by the user input module 204 .
  • the user input module 204 unlocks and causes the release of the encryption key in the encryption key module 208 to the encryption/decryption control module 202 .
  • the encryption/decryption control module 202 then encrypts data moving wirelessly or by wire from the host computer system 104 of FIG. 1 through the clear data communication channel 106 to the mass storage device 108 of FIG. 1 through the encrypted data channel 110 and decrypts data wirelessly or by wire moving in the reverse direction.
  • the encryption/decryption control module 202 also uses the encryption key in the encryption key module 208 to decrypt data moving from the mass storage device 108 to the host computer system 104 .
  • the user input module 204 supplies the authentication interface between the user and the encryption/decryption control module 202 .
  • the user input module 204 may consist of a series of buttons, that when pushed in certain order by a user, allow the encryption/decryption control module 202 to authenticate the user.
  • the series of numerical buttons allows a user to enter a personal identification number (PIN), which can then be compared against a PIN, which is one of the numbers stored in the authentication parameter module 206 .
  • PIN personal identification number
  • the user input module 204 is used herein as a general term that encompasses any number of human input mechanisms that can interact with the user. Examples of these mechanisms are:
  • Buttons for entering a series of numbers like an ATM machine
  • Thumb-wheel for entering a series of numbers like a combination lock
  • Fingerprint reader for receiving and analyzing a user's fingerprint (or other biometric based input devices)
  • RF module for receiving an authentication signal from a key fob.
  • FIG. 3 therein is shown a flow chart 300 of a method for validating a user and transferring data in accordance with a still further embodiment of the present invention.
  • the data flows between the mass storage device 108 and the host computer system 104 of FIG. 1 .
  • the method starts when the user input module accepts input from a user in a block 302 . From the above list of mechanisms, this can be a combination, PIN, fingerprint, etc.
  • the encryption/decryption control module then verifies data sent from the user input module and compares this with an authentication parameter in the authentication parameter module in a block 304 .
  • the self-authenticating encryption bridge waits for data sent either from the host computer system or the mass storage device in a block 310 . Once the self-authenticating encryption bridge receives data, a decision is made if the data was sent from the host computer system in a decision block 312 .
  • the self-authenticating encryption bridge encrypts the data in a block 318 and sends the encrypted data on to the mass storage device in a block 320 . If data is received from the mass storage device, the self-authenticating encryption bridge decrypts the data in a block 322 and sends it on to the host computer system in a block 324 .
  • the method returns to the self-authenticating encryption bridge waits for data in the block 310 .
  • FIG. 4 therein is shown a block diagram of a self-authenticating encryption bridge 400 with multiple encryption keys in accordance with an additional embodiment of the present invention.
  • a user may enter a first code, PIN A, in a user input module 402 for an encryption/decryption control module 404 .
  • the PIN A is associated with an authentication parameter A module 406 .
  • the self-authenticating encryption bridge 400 is unlocked and an encryption key A module 408 allows access to an encryption key A available for the encryption/decryption process.
  • An encryption key B module 410 remains inaccessible.
  • a user may enter the PIN B to unlock the self-authenticating encryption bridge 400 .
  • the PIN B is associated with an authentication parameter B module 412 .
  • the self-authenticating encryption bridge 400 is unlocked and the encryption key B module 410 allows access to an encryption key B to be used for the encryption/decryption process.
  • the encryption key A module 408 remains inaccessible.
  • a single self-authenticating encryption bridge may support multiple encryption keys for multiple users and multiple mass storage devices.
  • Another embodiment includes an encryption/decryption control module containing a single encryption key associated with multiple authentication parameter modules.
  • multiple users with different codes may access the same mass storage device.
  • FIG. 5 therein is shown a block diagram of a mass storage device 500 with an integrated self-authenticating encryption bridge 502 in accordance with a further additional embodiment of the present invention.
  • the integrated self-authenticating encryption bridge 502 is housed within the same package as the mass storage device 500 .
  • An encrypted data channel 504 is internal to the mass storage device 500 and connects internally with a storage media 506 .
  • a clear data channel 508 connects the integrated self-authenticating encryption bridge 502 to the host computer system 104 .
  • a user input module 510 is integral with the package of the mass storage device 500 . Since the integrated self-authenticating encryption bridge 502 is embedded within the mass storage device 500 , the user input module 510 is placed so codes may be entered from outside the mass storage device 500 . Thus, all possible modes of user input, as discussed in FIG. 2 , are made available for the mass storage device 500 .
  • the method 600 includes: authenticating a user using a self-authenticating encryption bridge in a block 602 ; and controlling encryption using the self-authenticating encryption bridge disposed between a computer system and a storage system in response to the authenticating of the user in a block 604 .
  • An encryption bridge system including:
  • a computer connected by way of a communication channel to the self-authenticating encryption bridge; a mass storage device connected by way of a communication channel to the self-authenticating encryption bridge; and a self-authenticating encryption bridge that encrypts data sent from the computer to the mass storage device and decrypts data sent from the mass storage device to the computer after a user has been authenticated.
  • a self-authenticating encryption bridge including:
  • a user input module for verifying user identity
  • an encryption/decryption control module for verifying user identity
  • a communication channel for transferring clear data to the computer
  • a communication channel for transferring encrypted data to the mass storage device.
  • a self-authenticating encryption bridge as described above further including:
  • authentication parameters for authenticating a user authentication parameters for authenticating a user
  • encryption key(s) used for encrypting/decrypting data encryption key(s) used for encrypting/decrypting data.
  • a self-authenticating encryption bridge as described above further including:
  • a user input module capable of accepting keyed or manipulable input.
  • a self-authenticating encryption bridge as described above further including:
  • a user input module capable of accepting biometric input.
  • a self-authenticating encryption bridge as described above further including:
  • a user input module capable of accepting RF transmission input.
  • a self-authenticating encryption bridge as described above further including:
  • an encryption/decryption control module that prevents data on the mass storage device from being accessed until the user has been validated by analyzing parameters sent from the user input module.
  • a self-authenticating encryption bridge as described above further including:
  • an encryption/decryption control module containing multiple pairs of decryption keys and authentication parameters.
  • a self-authenticating encryption bridge as described above further including:
  • an encryption/decryption control module containing a single encryption key associated with multiple authentication parameters.
  • a self-authenticating encryption bridge as described above further including:
  • a self-authenticating encription bridge embodied in and integral to the mass storage device.
  • a self-authenticating encryption bridge as described above further including:
  • a self-authenticating encription bridge embodied in and integral to the communication channel (e.g. cable and/or connectors and/or casing).
  • a self-authenticating encryption bridge as described above further including:
  • a self-authenticating encription bridge embodied in and integral to the output connector on the computer.
  • a self-authenticating encryption bridge as described above further including:
  • a self-authenticating encryption bridge as described above further including:
  • wireless communication used for either or both the encrypted and clear communication channels.
  • a self-authenticating encryption bridge as described above further including:
  • a power source that may be derived from the communication channel or an internal source.

Abstract

A self-authenticating encryption bridge, and method of operation thereof, including: a user input module for remaining locked until a user has been authenticated; an encryption/decryption control module responsive to the user input module for encrypting or decrypting data when the user has been authenticated; a first communication channel for transferring encrypted data from a mass storage device to the encryption/decryption control module; and a second communication channel for transferring clear data to a computer from the encryption/decryption control module.

Description

    CROSS-REFERENCE TO RELATED APPLICATION(S)
  • This application is a Continuation of U.S. patent application Ser. No. 12/684,108 filed Jan. 7, 2010, which claims the benefit of U.S. Provisional Patent Application Ser. No. 61/143,155 filed Jan. 7, 2009, and the subject matter thereof is incorporated herein by reference thereto.
  • The present application contains subject matter related to co-pending U.S. patent application Ser. No. 12/652,035 filed Jan. 4, 2010. The related application is assigned to ClevX, LLC and the subject matter thereof is incorporated herein by reference thereto.
    • TECHNICAL FIELD
  • The present invention relates generally to mass storage devices, and more specifically to an apparatus and method of controlling encryption between a host computer system and a mass storage device.
    • BACKGROUND ART
  • A critical issue with almost all aspects of computer system and mobile electronic device use, including portable memory storage, is security. This also applies to electronic products containing memory storage as an integral part of the design. For example, digital cameras, MP3 players, smart phones, palm computers, gaming devices, etc., that may have confidential information residing in memory. Whether it is an email account, financial information or corporate data, a user must be authenticated in order to gain access to this information.
  • Encryption is typically the means to hide sensitive information. It is a complex process that hides data so that it cannot be interpreted until a correct decryption key is used to decode the data. A computer is generally used to access data in internal as well as external mass storage devices. Data is encrypted prior to storing and decrypted upon retrieval.
  • Encryption, provided by a computer, consumes system resources whether the encryption is applied to internal or external storage devices. Thus, the computer requires higher performance hardware to reduce system burden. A better solution is to put the burden of encryption on the mass storage device to free up computer resources. It then becomes a simple matter of connecting the mass storage device to the computer with no complex formatting and partitioning required on the computer end.
  • There are few self-encrypting mass storage devices on the market. If a user already has a mass storage device, the user must either purchase a new self-encrypting drive or purchase encryption software for the user's computer. Self-encrypting drives are typically more expensive than their non-encrypting counterparts.
  • An encryption bridge may be used to connect a computer with an external mass storage device reduces the burden on computer resources and is more cost effective than purchasing multiple self-encrypting drives but allows access to secured data just by having possession of the encryption bridge.
  • Solutions to these problems have been long sought but prior developments have not taught or suggested any solutions and, thus, solutions to these problems have long eluded those skilled in the art.
    • DISCLOSURE OF THE INVENTION
  • The present invention provides a method of operation of a self-authenticating encryption bridge including: locking a user input module until a user has been authenticated; encrypting or decrypting data in an encryption/decryption control module when the user has been authenticated in the user input module; transferring encrypted data from a mass storage device to the encryption/decryption control module in a first communication channel; and transferring clear data to a computer from the encryption/decryption control module in a second communication channel.
  • The present invention further provides a self-authenticating encryption bridge including: a user input module for remaining locked until a user has been authenticated; an encryption/decryption control module responsive to the user input module for encrypting or decrypting data when the user has been authenticated; a first communication channel for transferring encrypted data from a mass storage device to the encryption/decryption control module; and a second communication channel for transferring clear data to a computer from the encryption/decryption control module.
  • Certain embodiments of the invention have other aspects in addition to or in place of those mentioned above. The aspects will become apparent to those skilled in the art from a reading of the following detailed description when taken with reference to the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of the components of an encryption bridge system in accordance with an embodiment of the present invention.
  • FIG. 2 is a block diagram of a self-authenticating encryption bridge in accordance with a further embodiment of the present invention.
  • FIG. 3 shows a flow chart of a method for validating a user and transferring data in accordance with a still further embodiment of the present invention.
  • FIG. 4 shows a block diagram of a self-authenticating encryption bridge with multiple encryption keys in accordance with an additional embodiment of the present invention.
  • FIG. 5 is a block diagram of a mass storage device with an integrated self-authenticating encryption bridge in accordance with a further additional embodiment of the present invention.
  • FIG. 6 is a flow chart of a method of operation of an encryption bridge system in a further embodiment of the present invention.
    •  BEST MODE FOR CARRYING OUT THE INVENTION
  • The following embodiments are described in sufficient detail to enable those skilled in the art to make and use the invention. It is to be understood that other embodiments would be evident based on the present disclosure, and that process or mechanical changes may be made without departing from the scope of the present invention.
  • In the following description, numerous specific details are given to provide a thorough understanding of the invention. However, it will be apparent that the invention may be practiced without these specific details. In order to avoid obscuring the present invention, some well-known circuits, system configurations, and process steps are not disclosed in detail.
  • Likewise, the drawings showing embodiments of the apparatus/device are semi-diagrammatic and not to scale and, particularly, some of the dimensions are for clarity of presentation and are shown greatly exaggerated in the drawing FIGS.
  • Similarly, the drawings generally show similar orientations of embodiments for ease of description, but this is arbitrary for the most part. Generally, the various embodiments can be operated in any orientation.
  • Referring now to FIG. 1, therein is shown a block diagram of the components of an encryption bridge system 100 in accordance with an embodiment of the present invention. The encryption bridge system 100 is composed of a self-authenticating encryption bridge 102 connected to a host computer system 104 on an unencrypted or a clear data communication channel 106 and to a storage system such as a mass storage device 108 on an encrypted data channel 110.
  • The host computer system 104 sends unencrypted data to the self-authenticating encryption bridge 102. The data is intended to be stored on the mass storage device 108. The self-authenticating encryption bridge 102 encrypts the data and forwards it on to the mass storage device 108.
  • Likewise, the mass storage device 108 sends data to the self-authenticating encryption bridge 102 intended to be received by the host computer system 104. The self-authenticating encryption bridge 102 decrypts the data and forwards it on to the host computer system 104.
  • The self-authenticating encryption bridge 102 remains locked until an authorized user has been authenticated. The users must interact with the self-authenticating encryption bridge 102 in order to validate themselves as authorized users and enable the encryption/decryption process.
  • If the self-authenticating encryption bridge 102 is unable to authenticate the user, encrypted data is sent directly to the host computer system 104 where it will be useless because the host computer system 104 will not be able to decipher the encrypted data from the mass storage device 108.
  • Referring now to FIG. 2, therein is shown a block diagram of a self-authenticating encryption bridge 200 in accordance with a further embodiment of the present invention. The self-authenticating encryption bridge 200 is a bridge than can be used to identify one or more users and is composed of two modules: an encryption/decryption control module 202 (shortened to encryption control module in the FIGS.) and a user input module 204.
  • Within the encryption/decryption control module 202 is an authentication parameter module 206 for releasing an encryption key in an encryption key module 208.
  • The user must identify himself or herself by entering authentication information using the user input module 204. The authentication information can be a PIN (Personal Identification Number), radio frequency, light, biosignature, or other signal entered wirelessly or by wire to the user input module 204. Then, the encryption/decryption control module 202 verifies a user's identity against authentication parameters in the authentication parameter module 206. The verification process involves the authentication parameter module 206 providing a signal with authentication parameters to the user input module 204 for comparison by the user input module 204.
  • If the user is authenticated when the signals for the authentication information and the authentication parameters match, the user input module 204 unlocks and causes the release of the encryption key in the encryption key module 208 to the encryption/decryption control module 202. The encryption/decryption control module 202 then encrypts data moving wirelessly or by wire from the host computer system 104 of FIG. 1 through the clear data communication channel 106 to the mass storage device 108 of FIG. 1 through the encrypted data channel 110 and decrypts data wirelessly or by wire moving in the reverse direction. The encryption/decryption control module 202 also uses the encryption key in the encryption key module 208 to decrypt data moving from the mass storage device 108 to the host computer system 104.
  • The user input module 204 supplies the authentication interface between the user and the encryption/decryption control module 202. For example, the user input module 204 may consist of a series of buttons, that when pushed in certain order by a user, allow the encryption/decryption control module 202 to authenticate the user. In one embodiment, the series of numerical buttons allows a user to enter a personal identification number (PIN), which can then be compared against a PIN, which is one of the numbers stored in the authentication parameter module 206.
  • The user input module 204 is used herein as a general term that encompasses any number of human input mechanisms that can interact with the user. Examples of these mechanisms are:
  • Buttons—for entering a series of numbers like an ATM machine
  • Thumb-wheel—for entering a series of numbers like a combination lock
  • Fingerprint reader—for receiving and analyzing a user's fingerprint (or other biometric based input devices)
  • RF module—for receiving an authentication signal from a key fob.
  • The above is exemplary and not intended to be limiting.
  • Referring now to FIG. 3, therein is shown a flow chart 300 of a method for validating a user and transferring data in accordance with a still further embodiment of the present invention. The data flows between the mass storage device 108 and the host computer system 104 of FIG. 1.
  • The method starts when the user input module accepts input from a user in a block 302. From the above list of mechanisms, this can be a combination, PIN, fingerprint, etc. The encryption/decryption control module then verifies data sent from the user input module and compares this with an authentication parameter in the authentication parameter module in a block 304.
  • A check is then made to determine if the authentication parameter matches those supplied by the user in a decision block 306. If YES, the encryption/decryption control module enables the encryption/decryption process and the mass storage device becomes accessible by the host computer system in a block 308. If NO, the self-authenticating encryption bridge remains locked and the method returns to user input module accepts input in the block 302.
  • The self-authenticating encryption bridge waits for data sent either from the host computer system or the mass storage device in a block 310. Once the self-authenticating encryption bridge receives data, a decision is made if the data was sent from the host computer system in a decision block 312.
  • If data is received from the host computer system, the self-authenticating encryption bridge encrypts the data in a block 318 and sends the encrypted data on to the mass storage device in a block 320. If data is received from the mass storage device, the self-authenticating encryption bridge decrypts the data in a block 322 and sends it on to the host computer system in a block 324.
  • From the block 320 or 324, the method returns to the self-authenticating encryption bridge waits for data in the block 310.
  • Referring now to FIG. 4, therein is shown a block diagram of a self-authenticating encryption bridge 400 with multiple encryption keys in accordance with an additional embodiment of the present invention.
  • In the self-authenticating encryption bridge 400, a user may enter a first code, PIN A, in a user input module 402 for an encryption/decryption control module 404. The PIN A is associated with an authentication parameter A module 406. After a user is authenticated, the self-authenticating encryption bridge 400 is unlocked and an encryption key A module 408 allows access to an encryption key A available for the encryption/decryption process. An encryption key B module 410 remains inaccessible.
  • Likewise, a user may enter the PIN B to unlock the self-authenticating encryption bridge 400. The PIN B is associated with an authentication parameter B module 412. After the user is authenticated, the self-authenticating encryption bridge 400 is unlocked and the encryption key B module 410 allows access to an encryption key B to be used for the encryption/decryption process. The encryption key A module 408 remains inaccessible.
  • In this manner, a single self-authenticating encryption bridge may support multiple encryption keys for multiple users and multiple mass storage devices.
  • Another embodiment includes an encryption/decryption control module containing a single encryption key associated with multiple authentication parameter modules. In this embodiment, multiple users with different codes may access the same mass storage device.
  • Referring now to FIG. 5, therein is shown a block diagram of a mass storage device 500 with an integrated self-authenticating encryption bridge 502 in accordance with a further additional embodiment of the present invention.
  • The integrated self-authenticating encryption bridge 502 is housed within the same package as the mass storage device 500. An encrypted data channel 504 is internal to the mass storage device 500 and connects internally with a storage media 506. A clear data channel 508 connects the integrated self-authenticating encryption bridge 502 to the host computer system 104.
  • A user input module 510 is integral with the package of the mass storage device 500. Since the integrated self-authenticating encryption bridge 502 is embedded within the mass storage device 500, the user input module 510 is placed so codes may be entered from outside the mass storage device 500. Thus, all possible modes of user input, as discussed in FIG. 2, are made available for the mass storage device 500.
  • Referring now to FIG. 6, therein is shown a flow chart of a method 600 of operation of an encryption bridge system 100 in a further embodiment of the present invention. The method 600 includes: authenticating a user using a self-authenticating encryption bridge in a block 602; and controlling encryption using the self-authenticating encryption bridge disposed between a computer system and a storage system in response to the authenticating of the user in a block 604.
  • Various embodiments of the present invention include the following aspects:
  • An encryption bridge system including:
  • providing a computer connected by way of a communication channel to the self-authenticating encryption bridge;
    a mass storage device connected by way of a communication channel to the self-authenticating encryption bridge; and
    a self-authenticating encryption bridge that encrypts data sent from the computer to the mass storage device and decrypts data sent from the mass storage device to the computer after a user has been authenticated.
  • A self-authenticating encryption bridge including:
  • a user input module for verifying user identity;
    an encryption/decryption control module;
    a communication channel for transferring clear data to the computer; and
    a communication channel for transferring encrypted data to the mass storage device.
  • A self-authenticating encryption bridge as described above further including:
  • authentication parameters for authenticating a user; and
    encryption key(s) used for encrypting/decrypting data.
  • A self-authenticating encryption bridge as described above further including:
  • a user input module capable of accepting keyed or manipulable input.
  • A self-authenticating encryption bridge as described above further including:
  • a user input module capable of accepting biometric input.
  • A self-authenticating encryption bridge as described above further including:
  • a user input module capable of accepting RF transmission input.
  • A self-authenticating encryption bridge as described above further including:
  • an encryption/decryption control module that prevents data on the mass storage device from being accessed until the user has been validated by analyzing parameters sent from the user input module.
  • A self-authenticating encryption bridge as described above further including:
  • an encryption/decryption control module containing multiple pairs of decryption keys and authentication parameters.
  • A self-authenticating encryption bridge as described above further including:
  • an encryption/decryption control module containing a single encryption key associated with multiple authentication parameters.
  • A self-authenticating encryption bridge as described above further including:
  • a self-authenticating encription bridge embodied in and integral to the mass storage device.
  • A self-authenticating encryption bridge as described above further including:
  • a self-authenticating encription bridge embodied in and integral to the communication channel (e.g. cable and/or connectors and/or casing).
  • A self-authenticating encryption bridge as described above further including:
  • a self-authenticating encription bridge embodied in and integral to the output connector on the computer.
  • A self-authenticating encryption bridge as described above further including:
  • an encrypted channel and a clear channel composed of termination points capable of plugging directly into a mass storage device and computer without the use of additional cables.
  • A self-authenticating encryption bridge as described above further including:
  • wireless communication used for either or both the encrypted and clear communication channels.
  • A self-authenticating encryption bridge as described above further including:
  • a power source that may be derived from the communication channel or an internal source.
  • While the invention has been described in conjunction with a specific best mode, it is to be understood that many alternatives, modifications, and variations will be apparent to those skilled in the art in light of the aforegoing description. Accordingly, it is intended to embrace all such alternatives, modifications, and variations that fall within the scope of the included claims. All matters set forth herein or shown in the accompanying drawings are to be interpreted in an illustrative and non-limiting sense.

Claims (20)

What is claimed is:
1. A method of operation of a self-authenticating encryption bridge comprising:
locking a user input module until a user has been authenticated;
encrypting or decrypting data in an encryption/decryption control module when the user has been authenticated in the user input module;
transferring encrypted data from a mass storage device to the encryption/decryption control module in a first communication channel; and
transferring clear data to a computer from the encryption/decryption control module in a second communication channel.
2. The method as claimed in claim 1 further comprising:
not encrypting or decrypting data in the encryption/decryption control module when the user is unable to be authenticated in the user input module.
3. The method as claimed in claim 1 further comprising:
containing an authentication parameter for authenticating the user inside of the self-authenticating encryption bridge; and
containing an encryption key for encrypting and decrypting clear data in the encryption/decryption control module.
4. The method as claimed in claim 1 further comprising:
containing a plurality of authentication parameters for authenticating a plurality of users inside of the self-authenticating encryption bridge; and
containing an encryption key for encrypting and decrypting clear data in the encryption/decryption control module.
5. The method as claimed in claim 1 further comprising:
containing an authentication parameter for authenticating the user inside of the self-authenticating encryption bridge; and
containing a plurality of encryption keys for providing a plurality of ways of encrypting and decrypting clear data in the encryption/decryption control module.
6. A method comprising:
locking a user input module until a user has been authenticated;
unlocking the user input module when the user has been authenticated;
allowing a mass storage device to become accessible to a computer when the user has been authenticated in the user input module and the user input module has been unlocked;
transferring encrypted data wirelessly or by wire to and from a mass storage device to and from the encryption/decryption control module in a first communication channel;
encrypting or decrypting data in the encryption/decryption control module when the user has been authenticated in the user input module and the user input module has been unlocked;
decrypting encrypted data to the computer from the mass storage device in the encryption/decryption control module when and the user input module has been unlocked and the mass storage device is accessible to the computer;
transferring clear data wirelessly or by wire to and from a computer to and from the encryption/decryption control module in a second communication channel; and
encrypting clear data from the computer to the mass storage device in the encryption/decryption control module when and the user input module has been unlocked and the mass storage device is accessible to the computer.
7. The method as claimed in claim 6 further comprising:
not encrypting or decrypting data in the encryption/decryption control module when the user is unable to be wirelessly or by wire authenticated in the user input module and the user input module is locked.
8. The method as claimed in claim 6 further comprising:
powering the user input module from the second communication channel; and
powering the encryption/decryption control module from the second communication channel.
9. The method as claimed in claim 6 further comprising:
powering the user input module and the encryption/decryption control module from a power source in the self-authenticating encryption bridge.
10. The method as claimed in claim 6 further comprising:
containing a plurality of authentication parameters for authenticating a plurality of users in the self-authenticating encryption bridge; and
containing an encryption key for encrypting and decrypting clear data in the encryption/decryption control module.
11. A self-authenticating encryption bridge comprising:
a user input module for remaining locked until a user has been authenticated;
an encryption/decryption control module responsive to the user input module for encrypting or decrypting data when the user has been authenticated;
a first communication channel for transferring encrypted data from a mass storage device to the encryption/decryption control module; and
a second communication channel for transferring clear data to a computer from the encryption/decryption control module.
12. The self-authenticating encryption bridge as claimed in claim 11 wherein:
the encryption/decryption control module is responsive to the user input module for not encrypting or decrypting data when the user is unable to be authenticated.
13. The self-authenticating encryption bridge as claimed in claim 11 wherein:
the self-authenticating encryption bridge contains an authentication parameter for authenticating the user; and
the encryption/decryption control module contains an encryption key for encrypting and decrypting clear data.
14. The self-authenticating encryption bridge as claimed in claim 11 wherein:
the self-authenticating encryption bridge contains a plurality of authentication parameters for authenticating a plurality of users; and
the encryption/decryption control module contains an encryption key for encrypting and decrypting clear data.
15. The self-authenticating encryption bridge as claimed in claim 11 wherein:
the self-authenticating encryption bridge contains an authentication parameter for authenticating the user; and
the encryption/decryption control module contains a plurality of encryption keys for providing a plurality of ways of encrypting and decrypting clear data.
16. The self-authenticating encryption bridge as claimed in claim 11 wherein:
the encryption/decryption control module is responsive to the user input module for allowing the mass storage device to become accessible to the computer when the user has been authenticated;
the encryption/decryption control module is for encrypting clear data from the computer to the mass storage device when the mass storage device is accessible to the computer wirelessly or by wire over a first channel; and
the encryption/decryption control module is for encrypting or decrypting data to the computer from the mass storage device when the mass storage device is accessible to the computer wirelessly or by wire over a second channel.
17. The self-authenticating encryption bridge as claimed in claim 16 wherein:
the encryption/decryption control module is responsive to the user input module for not encrypting or decrypting data when the user is unable to be wirelessly or by wire authenticated.
18. The self-authenticating encryption bridge as claimed in claim 16 wherein:
the user input module is powered from the second communication channel; and
the encryption/decryption control module is powered from the second communication channel.
19. The self-authenticating encryption bridge as claimed in claim 16 further comprising:
a power source in the self-authenticating encryption bridge for powering the user input module and the encryption/decryption control module.
20. The self-authenticating encryption bridge as claimed in claim 16 wherein:
the self-authenticating encryption bridge contains a plurality of authentication parameters for authenticating a plurality of users; and
the encryption/decryption control module contains an encryption key for encrypting and decrypting clear data.
US15/068,309 2009-01-07 2016-03-11 Encryption bridge system and method of operation thereof Abandoned US20160259736A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/068,309 US20160259736A1 (en) 2009-01-07 2016-03-11 Encryption bridge system and method of operation thereof

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14315509P 2009-01-07 2009-01-07
US12/652,035 US20100174913A1 (en) 2009-01-03 2010-01-04 Multi-factor authentication system for encryption key storage and method of operation therefor
US12/684,108 US9286493B2 (en) 2009-01-07 2010-01-07 Encryption bridge system and method of operation thereof
US15/068,309 US20160259736A1 (en) 2009-01-07 2016-03-11 Encryption bridge system and method of operation thereof

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/684,108 Continuation US9286493B2 (en) 2009-01-07 2010-01-07 Encryption bridge system and method of operation thereof

Publications (1)

Publication Number Publication Date
US20160259736A1 true US20160259736A1 (en) 2016-09-08

Family

ID=42312477

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/684,108 Active 2031-06-23 US9286493B2 (en) 2009-01-07 2010-01-07 Encryption bridge system and method of operation thereof
US15/068,309 Abandoned US20160259736A1 (en) 2009-01-07 2016-03-11 Encryption bridge system and method of operation thereof

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/684,108 Active 2031-06-23 US9286493B2 (en) 2009-01-07 2010-01-07 Encryption bridge system and method of operation thereof

Country Status (1)

Country Link
US (2) US9286493B2 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9798866B2 (en) 2014-05-03 2017-10-24 Clevx, Llc Network information system with license registration and method of operation thereof
US9813416B2 (en) 2007-09-27 2017-11-07 Clevx, Llc Data security system with encryption
US9837895B2 (en) 2007-12-10 2017-12-05 Clevx, Llc Battery power supply with automatic load sensing
US10025729B2 (en) 2005-07-21 2018-07-17 Clevx, Llc Memory lock system with manipulatable input device and method of operation thereof
US10069315B2 (en) 2010-08-25 2018-09-04 Clevx, Llc Power supply system with automatic sensing mechanism and method of operation thereof
US10146706B2 (en) 2006-01-24 2018-12-04 Clevx, Llc Data security system
US10154020B1 (en) 2015-07-08 2018-12-11 Clevx, Llc Referral identity system and method of operation thereof
US10162965B2 (en) 2009-06-08 2018-12-25 Clevx, Llc Portable media system with virus blocker and method of operation thereof
US10181055B2 (en) 2007-09-27 2019-01-15 Clevx, Llc Data security system with encryption
US10204240B2 (en) 2009-06-29 2019-02-12 Clevx, Llc Encrypting portable media system and method of operation thereof
US10223856B2 (en) 2007-09-26 2019-03-05 Clevx, Llc Self-authenticating credit card system
US10614462B2 (en) 2007-09-26 2020-04-07 Clevx, Llc Security aspects of a self-authenticating credit card
US10778417B2 (en) 2007-09-27 2020-09-15 Clevx, Llc Self-encrypting module with embedded wireless user authentication
US10783232B2 (en) 2007-09-27 2020-09-22 Clevx, Llc Management system for self-encrypting managed devices with embedded wireless user authentication
US10992747B2 (en) 2014-02-27 2021-04-27 Clevx, Llc Data storage system with removable device and method of operation thereof
US11190936B2 (en) 2007-09-27 2021-11-30 Clevx, Llc Wireless authentication system
US11971967B2 (en) 2021-08-20 2024-04-30 Clevx, Llc Secure access device with multiple authentication mechanisms

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110264925A1 (en) * 2010-04-23 2011-10-27 Russo Leonard E Securing data on a self-encrypting storage device
US8856553B2 (en) 2011-09-12 2014-10-07 Microsoft Corporation Managing self-encrypting drives in decentralized environments
US9076018B2 (en) 2012-12-19 2015-07-07 Clevx, Llc Encryption key generation in encrypted storage devices
US9117086B2 (en) 2013-08-28 2015-08-25 Seagate Technology Llc Virtual bands concentration for self encrypting drives
US9176896B2 (en) 2013-10-30 2015-11-03 Seagate Technology Llc Method of managing aligned and unaligned data bands in a self encrypting solid state drive
GB2580549B (en) * 2016-01-04 2020-12-23 Clevx Llc Data security system with encryption
GB2607846B (en) 2018-06-06 2023-06-14 Istorage Ltd Dongle for ciphering data
US11449586B2 (en) * 2018-07-20 2022-09-20 Massachusetts Institute Of Technology Authenticated intention
US11556665B2 (en) 2019-12-08 2023-01-17 Western Digital Technologies, Inc. Unlocking a data storage device
US11366933B2 (en) 2019-12-08 2022-06-21 Western Digital Technologies, Inc. Multi-device unlocking of a data storage device
US11163442B2 (en) 2019-12-08 2021-11-02 Western Digital Technologies, Inc. Self-formatting data storage device
US11088832B2 (en) 2020-01-09 2021-08-10 Western Digital Technologies, Inc. Secure logging of data storage device events
US11469885B2 (en) 2020-01-09 2022-10-11 Western Digital Technologies, Inc. Remote grant of access to locked data storage device
US11265152B2 (en) 2020-01-09 2022-03-01 Western Digital Technologies, Inc. Enrolment of pre-authorized device
US11334677B2 (en) * 2020-01-09 2022-05-17 Western Digital Technologies, Inc. Multi-role unlocking of a data storage device
US11606206B2 (en) 2020-01-09 2023-03-14 Western Digital Technologies, Inc. Recovery key for unlocking a data storage device
US11831752B2 (en) 2020-01-09 2023-11-28 Western Digital Technologies, Inc. Initializing a data storage device with a manager device
US11882434B2 (en) 2020-07-09 2024-01-23 Western Digital Technologies, Inc. Method and device for covertly communicating state changes
US11582607B2 (en) 2020-07-10 2023-02-14 Western Digital Technologies, Inc. Wireless security protocol

Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030005336A1 (en) * 2001-06-28 2003-01-02 Poo Teng Pin Portable device having biometrics-based authentication capabilities
US20030046593A1 (en) * 2001-08-28 2003-03-06 Xie Wen Xiang Data storage device security method and apparatus
US20040059907A1 (en) * 2002-09-20 2004-03-25 Rainbow Technologies, Inc. Boot-up and hard drive protection using a USB-compliant token
US20040059912A1 (en) * 1998-05-07 2004-03-25 Stephen Zizzi Encrypting file system
US6857076B1 (en) * 1999-03-26 2005-02-15 Micron Technology, Inc. Data security for digital data storage
US20050113068A1 (en) * 2003-11-21 2005-05-26 Infineon Technologies North America Corp. Transceiver with controller for authentication
US20050193198A1 (en) * 2004-01-27 2005-09-01 Jean-Michel Livowsky System, method and apparatus for electronic authentication
US20060004974A1 (en) * 2003-03-13 2006-01-05 Paul Lin Portable non-volatile memory device and method for preventing unauthorized access to data stored thereon
US20060036872A1 (en) * 2004-08-11 2006-02-16 Yen Kai H Anti-burglary USB flash drive with press-button type electronic combination lock
US7069447B1 (en) * 2001-05-11 2006-06-27 Rodney Joe Corder Apparatus and method for secure data storage
US20060204047A1 (en) * 2005-03-09 2006-09-14 Sanjay Dave Portable memory storage device with biometric identification security
US20070016743A1 (en) * 2005-07-14 2007-01-18 Ironkey, Inc. Secure storage device with offline code entry
US20070061894A1 (en) * 2005-08-30 2007-03-15 Skinner David N Method, apparatus, and system for securing data on a removable memory device
US20070162962A1 (en) * 2006-01-05 2007-07-12 M-Systems Flash Disk Pioneers Ltd. Powerless electronic storage lock
US20070204171A1 (en) * 2006-02-24 2007-08-30 Canon Kabushiki Kaisha Data processing device and data processing method
US7272723B1 (en) * 1999-01-15 2007-09-18 Safenet, Inc. USB-compliant personal key with integral input and output devices
US20080015995A1 (en) * 2006-07-17 2008-01-17 Yeacheiung Eric Chen Standalone content protection storage device
US20080107275A1 (en) * 2006-11-08 2008-05-08 Mehdi Asnaashari Method and system for encryption of information stored in an external nonvolatile memory
US20080263363A1 (en) * 2007-01-22 2008-10-23 Spyrus, Inc. Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption
US7469303B2 (en) * 2003-06-26 2008-12-23 Samsung Electronics Co., Ltd. Method and apparatus for protecting data during storage/retrieval
US7631195B1 (en) * 2006-03-15 2009-12-08 Super Talent Electronics, Inc. System and method for providing security to a portable storage device
US8078869B2 (en) * 2003-02-28 2011-12-13 Research In Motion Limited System and method of protecting data on a communication device

Family Cites Families (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5974513A (en) 1993-11-04 1999-10-26 Hitachi Maxell, Ltd. IC memory card having read/write inhibit capabilities
US6523119B2 (en) 1996-12-04 2003-02-18 Rainbow Technologies, Inc. Software protection device and method
US5818939A (en) * 1996-12-18 1998-10-06 Intel Corporation Optimized security functionality in an electronic system
JP3120749B2 (en) * 1997-03-04 2000-12-25 日本電気株式会社 Removable storage device for portable terminal device
US6557104B2 (en) * 1997-05-02 2003-04-29 Phoenix Technologies Ltd. Method and apparatus for secure processing of cryptographic keys
US6697489B1 (en) * 1999-03-30 2004-02-24 Sony Corporation Method and apparatus for securing control words
TW428755U (en) * 1999-06-03 2001-04-01 Shen Ming Shiang Fingerprint identification IC card
US7257714B1 (en) * 1999-10-19 2007-08-14 Super Talent Electronics, Inc. Electronic data storage medium with fingerprint verification capability
US7120251B1 (en) 1999-08-20 2006-10-10 Matsushita Electric Industrial Co., Ltd. Data player, digital contents player, playback system, data embedding apparatus, and embedded data detection apparatus
US6407949B1 (en) * 1999-12-17 2002-06-18 Qualcomm, Incorporated Mobile communication device having integrated embedded flash and SRAM memory
US7165175B1 (en) * 2000-09-06 2007-01-16 Widevine Technologies, Inc. Apparatus, system and method for selectively encrypting different portions of data sent over a network
US7082536B2 (en) 2000-11-13 2006-07-25 Globalcerts, Lc System and method for computerized global messaging encryption
US6978376B2 (en) 2000-12-15 2005-12-20 Authentica, Inc. Information security architecture for encrypting documents for remote access while maintaining access control
US7228438B2 (en) * 2001-04-30 2007-06-05 Matsushita Electric Industrial Co., Ltd. Computer network security system employing portable storage device
US20030128101A1 (en) * 2001-11-02 2003-07-10 Long Michael Lee Software for a lock
US7260726B1 (en) * 2001-12-06 2007-08-21 Adaptec, Inc. Method and apparatus for a secure computing environment
US7536548B1 (en) * 2002-06-04 2009-05-19 Rockwell Automation Technologies, Inc. System and methodology providing multi-tier-security for network data exchange with industrial control components
JP3979194B2 (en) * 2002-06-25 2007-09-19 ソニー株式会社 Information storage device, memory access control method, and computer program
JP4016741B2 (en) 2002-06-25 2007-12-05 ソニー株式会社 Information storage device, memory access control system and method, and computer program
US7277431B2 (en) * 2002-10-31 2007-10-02 Brocade Communications Systems, Inc. Method and apparatus for encryption or compression devices inside a storage area network fabric
JP4792196B2 (en) * 2003-03-27 2011-10-12 三洋電機株式会社 Data input / output method, and storage device and host device capable of using the method
US20050039027A1 (en) * 2003-07-25 2005-02-17 Shapiro Michael F. Universal, biometric, self-authenticating identity computer having multiple communication ports
JP4576336B2 (en) 2003-08-18 2010-11-04 サイエンスパーク株式会社 Electronic data management apparatus, control program therefor, and electronic data management method
US7469302B2 (en) * 2003-08-29 2008-12-23 Yahoo! Inc. System and method for ensuring consistent web display by multiple independent client programs with a server that is not persistently connected to client computer systems
JP2005122402A (en) * 2003-10-15 2005-05-12 Systemneeds Inc Ic card system
US7162647B2 (en) * 2004-03-11 2007-01-09 Hitachi, Ltd. Method and apparatus for cryptographic conversion in a data storage system
KR100657581B1 (en) 2004-10-11 2006-12-13 김신호 Iris identification system integrated usb storage device
JP2006217369A (en) * 2005-02-04 2006-08-17 Seiko Epson Corp Encryption/decoding device, communication controller, and electronic device
US20060198515A1 (en) * 2005-03-03 2006-09-07 Seagate Technology Llc Secure disc drive electronics implementation
CN1878055B (en) * 2005-06-07 2010-11-03 北京握奇数据系统有限公司 Separation type mass data encryption/decryption device and implementing method therefor
US8245292B2 (en) * 2005-11-16 2012-08-14 Broadcom Corporation Multi-factor authentication using a smartcard
US8171531B2 (en) * 2005-11-16 2012-05-01 Broadcom Corporation Universal authentication token
US8266378B1 (en) * 2005-12-22 2012-09-11 Imation Corp. Storage device with accessible partitions
EP1982262A4 (en) 2006-01-24 2010-04-21 Clevx Llc Data security system
US7734045B2 (en) 2006-05-05 2010-06-08 Tricipher, Inc. Multifactor split asymmetric crypto-key with persistent key security
US7571471B2 (en) 2006-05-05 2009-08-04 Tricipher, Inc. Secure login using a multifactor split asymmetric crypto-key with persistent key security
US8843768B2 (en) * 2006-09-05 2014-09-23 Netapp, Inc. Security-enabled storage controller
JP2008077366A (en) * 2006-09-21 2008-04-03 Hitachi Ltd Storage control device and method for controlling encrypting function thereof
US20080219449A1 (en) * 2007-03-09 2008-09-11 Ball Matthew V Cryptographic key management for stored data
JP2008234052A (en) * 2007-03-16 2008-10-02 Hitachi Ltd Storage device
JP2009009407A (en) * 2007-06-28 2009-01-15 Hitachi Ltd Storage system provided with encryption function, and method for guaranteeing data
US20090097653A1 (en) * 2007-10-11 2009-04-16 Ole Christian Dahlerud Encryption key stored and carried by a tape cartridge
WO2009055573A1 (en) * 2007-10-23 2009-04-30 Viaclix, Inc. Multimedia administration, advertising, content & services system
US20090125726A1 (en) * 2007-11-14 2009-05-14 Mcm Portfolio Llc Method and Apparatus of Providing the Security and Error Correction Capability for Memory Storage Devices
US20090199004A1 (en) * 2008-01-31 2009-08-06 Mark Stanley Krawczewicz System and method for self-authenticating token
US20090220088A1 (en) 2008-02-28 2009-09-03 Lu Charisse Y Autonomic defense for protecting data when data tampering is detected
EP2272025B1 (en) 2008-04-01 2019-07-24 dormakaba Schweiz AG System and method for providing user media
JP4980288B2 (en) * 2008-04-08 2012-07-18 株式会社日立製作所 Computer system, storage area state control method, and computer
GB0808341D0 (en) * 2008-05-08 2008-06-18 Michael John P External storage security and encryption device
GB2460275B (en) * 2008-05-23 2012-12-19 Exacttrak Ltd A Communications and Security Device
JP5482059B2 (en) 2009-03-13 2014-04-23 富士通株式会社 Storage device and program for controlling access to storage device
JP4747288B2 (en) * 2009-04-03 2011-08-17 株式会社バッファロー External storage device and control method thereof
US8977865B2 (en) * 2010-05-25 2015-03-10 Microsoft Technology Licensing, Llc Data encryption conversion for independent agents
US8745386B2 (en) 2010-06-21 2014-06-03 Microsoft Corporation Single-use authentication methods for accessing encrypted data

Patent Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040059912A1 (en) * 1998-05-07 2004-03-25 Stephen Zizzi Encrypting file system
US7272723B1 (en) * 1999-01-15 2007-09-18 Safenet, Inc. USB-compliant personal key with integral input and output devices
US6857076B1 (en) * 1999-03-26 2005-02-15 Micron Technology, Inc. Data security for digital data storage
US7069447B1 (en) * 2001-05-11 2006-06-27 Rodney Joe Corder Apparatus and method for secure data storage
US20030005336A1 (en) * 2001-06-28 2003-01-02 Poo Teng Pin Portable device having biometrics-based authentication capabilities
US20030046593A1 (en) * 2001-08-28 2003-03-06 Xie Wen Xiang Data storage device security method and apparatus
US20040059907A1 (en) * 2002-09-20 2004-03-25 Rainbow Technologies, Inc. Boot-up and hard drive protection using a USB-compliant token
US8078869B2 (en) * 2003-02-28 2011-12-13 Research In Motion Limited System and method of protecting data on a communication device
US20060004974A1 (en) * 2003-03-13 2006-01-05 Paul Lin Portable non-volatile memory device and method for preventing unauthorized access to data stored thereon
US7469303B2 (en) * 2003-06-26 2008-12-23 Samsung Electronics Co., Ltd. Method and apparatus for protecting data during storage/retrieval
US20050113068A1 (en) * 2003-11-21 2005-05-26 Infineon Technologies North America Corp. Transceiver with controller for authentication
US20050193198A1 (en) * 2004-01-27 2005-09-01 Jean-Michel Livowsky System, method and apparatus for electronic authentication
US20060036872A1 (en) * 2004-08-11 2006-02-16 Yen Kai H Anti-burglary USB flash drive with press-button type electronic combination lock
US20060204047A1 (en) * 2005-03-09 2006-09-14 Sanjay Dave Portable memory storage device with biometric identification security
US20070016743A1 (en) * 2005-07-14 2007-01-18 Ironkey, Inc. Secure storage device with offline code entry
US20070061894A1 (en) * 2005-08-30 2007-03-15 Skinner David N Method, apparatus, and system for securing data on a removable memory device
US20070162962A1 (en) * 2006-01-05 2007-07-12 M-Systems Flash Disk Pioneers Ltd. Powerless electronic storage lock
US20070204171A1 (en) * 2006-02-24 2007-08-30 Canon Kabushiki Kaisha Data processing device and data processing method
US7631195B1 (en) * 2006-03-15 2009-12-08 Super Talent Electronics, Inc. System and method for providing security to a portable storage device
US20080015995A1 (en) * 2006-07-17 2008-01-17 Yeacheiung Eric Chen Standalone content protection storage device
US20080107275A1 (en) * 2006-11-08 2008-05-08 Mehdi Asnaashari Method and system for encryption of information stored in an external nonvolatile memory
US20080263363A1 (en) * 2007-01-22 2008-10-23 Spyrus, Inc. Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10083130B2 (en) 2005-07-21 2018-09-25 Clevx, Llc Memory lock system with manipulatable input device and method of operation thereof
US10503665B2 (en) 2005-07-21 2019-12-10 Clevx, Llc Memory lock system with manipulatable input device and method of operation thereof
US10025729B2 (en) 2005-07-21 2018-07-17 Clevx, Llc Memory lock system with manipulatable input device and method of operation thereof
US10146706B2 (en) 2006-01-24 2018-12-04 Clevx, Llc Data security system
US10223856B2 (en) 2007-09-26 2019-03-05 Clevx, Llc Self-authenticating credit card system
US10614462B2 (en) 2007-09-26 2020-04-07 Clevx, Llc Security aspects of a self-authenticating credit card
US11481774B2 (en) 2007-09-26 2022-10-25 Clevx, Llc Security aspects of a self-authenticating credit card
US10754992B2 (en) 2007-09-27 2020-08-25 Clevx, Llc Self-encrypting drive
US10778417B2 (en) 2007-09-27 2020-09-15 Clevx, Llc Self-encrypting module with embedded wireless user authentication
US11190936B2 (en) 2007-09-27 2021-11-30 Clevx, Llc Wireless authentication system
US10181055B2 (en) 2007-09-27 2019-01-15 Clevx, Llc Data security system with encryption
US10985909B2 (en) 2007-09-27 2021-04-20 Clevx, Llc Door lock control with wireless user authentication
US10783232B2 (en) 2007-09-27 2020-09-22 Clevx, Llc Management system for self-encrypting managed devices with embedded wireless user authentication
US9813416B2 (en) 2007-09-27 2017-11-07 Clevx, Llc Data security system with encryption
US11233630B2 (en) 2007-09-27 2022-01-25 Clevx, Llc Module with embedded wireless user authentication
US11151231B2 (en) 2007-09-27 2021-10-19 Clevx, Llc Secure access device with dual authentication
US9837895B2 (en) 2007-12-10 2017-12-05 Clevx, Llc Battery power supply with automatic load sensing
US10162965B2 (en) 2009-06-08 2018-12-25 Clevx, Llc Portable media system with virus blocker and method of operation thereof
US10769311B2 (en) 2009-06-29 2020-09-08 Clevx, Llc Encrypting portable media system and method of operation thereof
US10204240B2 (en) 2009-06-29 2019-02-12 Clevx, Llc Encrypting portable media system and method of operation thereof
US10069315B2 (en) 2010-08-25 2018-09-04 Clevx, Llc Power supply system with automatic sensing mechanism and method of operation thereof
US10992747B2 (en) 2014-02-27 2021-04-27 Clevx, Llc Data storage system with removable device and method of operation thereof
US10152579B2 (en) 2014-05-03 2018-12-11 Clevx, Llc Network information system with license registration and method of operation thereof
US9798866B2 (en) 2014-05-03 2017-10-24 Clevx, Llc Network information system with license registration and method of operation thereof
US10154020B1 (en) 2015-07-08 2018-12-11 Clevx, Llc Referral identity system and method of operation thereof
US11971967B2 (en) 2021-08-20 2024-04-30 Clevx, Llc Secure access device with multiple authentication mechanisms

Also Published As

Publication number Publication date
US20100174922A1 (en) 2010-07-08
US9286493B2 (en) 2016-03-15

Similar Documents

Publication Publication Date Title
US20160259736A1 (en) Encryption bridge system and method of operation thereof
US11151231B2 (en) Secure access device with dual authentication
US9262611B2 (en) Data security system with encryption
US20100174913A1 (en) Multi-factor authentication system for encryption key storage and method of operation therefor
JP7248754B2 (en) Data security system with cryptography
CN107113175B (en) Multi-user strong authentication token
US8295484B2 (en) System and method for securing data from a remote input device
EP2583212B1 (en) Mass storage device memory encryption methods, systems, and apparatus
US9449162B2 (en) Portable storage device using fingerprint recognition, and control method thereof
JP4867760B2 (en) Information processing apparatus and method, and information processing system
EP1866873B1 (en) Method, system, personal security device and computer program product for cryptographically secured biometric authentication
US20070223685A1 (en) Secure system and method of providing same
KR20080101799A (en) System and method of providing security to an external device
CN102647278B (en) Apparatus and method for authenticating flash program
CN101685425A (en) Mobile storage device and method of encrypting same
WO2013123453A1 (en) Data storage devices, systems, and methods
WO2009038446A1 (en) A portable secure identity and mass storage unit
US20130117864A1 (en) Authentication system
KR20120114614A (en) Ubs security device with smart card and memory card of install type and security method thereof
US20070168667A1 (en) Method, authentication medium and device for securing access to a piece of equipment
US11971967B2 (en) Secure access device with multiple authentication mechanisms
WO2007092429A2 (en) Secure system and method for providing same

Legal Events

Date Code Title Description
AS Assignment

Owner name: CLEVX, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BOLOTIN, LEV M.;JOHNSON, SIMON B.;SIGNING DATES FROM 20100113 TO 20100122;REEL/FRAME:037960/0599

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION