WO2009130538A2 - Data storage device - Google Patents
Data storage device Download PDFInfo
- Publication number
- WO2009130538A2 WO2009130538A2 PCT/IB2008/051534 IB2008051534W WO2009130538A2 WO 2009130538 A2 WO2009130538 A2 WO 2009130538A2 IB 2008051534 W IB2008051534 W IB 2008051534W WO 2009130538 A2 WO2009130538 A2 WO 2009130538A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- memory
- data
- access
- person
- private data
- Prior art date
Links
- 238000013500 data storage Methods 0.000 title abstract description 16
- 230000015654 memory Effects 0.000 claims abstract description 91
- 238000004891 communication Methods 0.000 claims description 47
- 238000012545 processing Methods 0.000 claims description 27
- 238000013475 authorization Methods 0.000 claims description 9
- 238000000034 method Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000008520 organization Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 206010020751 Hypersensitivity Diseases 0.000 description 3
- 230000007815 allergy Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000003814 drug Substances 0.000 description 3
- 229940079593 drug Drugs 0.000 description 3
- 208000003443 Unconsciousness Diseases 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 238000004883 computer application Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000002747 voluntary effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 208000026935 allergic disease Diseases 0.000 description 1
- 230000003466 anti-cipated effect Effects 0.000 description 1
- 239000003990 capacitor Substances 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 208000002925 dental caries Diseases 0.000 description 1
- 238000004146 energy storage Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004224 protection Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
Abstract
A data storage device (25) comprises a main controller (51 ) for managing the cooperation between a biometric module (52), a mass storage memory (50), a USB connector (37) and a smart card device (56). The biometric module (52) comprises a finger print sensor (54) which is operatively connected to a sensor driver microcontroller (53). The mass storage memory (50) is in form of a flash memory. The smart card device (56) is in the form of a chip. The storage device (25) further comprises a RFID tag (58) and a photo (59) of an authorized user.
Description
Description DATA STORAGE DEVICE
[1] The present application relates to portable data storage devices and, more particularly, to a portable mass storage device for storing private information. Examples of such private information include personal medical information, financial information and emergency information.
[2] Description of Related Art
[3] Persons are associated with a tremendous amount of private information. By this it is meant information that is typically unique to the person and is very often sensitive personal information that the person generally would prefer to keep to themselves and make available to others only in certain situations. An example of this would be personal medical information such as medical histories both of themselves and family members, medical conditions, treatment histories, drug and allergy information, and the like. Another example would be personal financial information such as account information, investment information, balance and transaction information, strategy information, access codes, numbers and authorizations. Yet another example would be emergency information such as an identification of an emergency contact or an identification of relatives with address and phone number data. A still further example would be personal information such as birth records, passport data, drivers license data, identification data, social security data, immigration data, and the like
[4] In any case, the voluminous amount of private information associated with each person could occupy many pages of paper and in such a format would be most difficult for the person to carry with them. Historically, this issue has been addressed in part by having the private information be stored and maintained by the person and/or a third party. For example, a person's medical information is most often stored and maintained by that person's physician or local hospital. Likewise, a person's financial information is most often stored and maintained by that person's bank, financial institution, investment counselor, or lawyer. It is also quite common for persons to additionally keep such financial information themselves in personal files kept at home. This is contrasted with personal medical information which is rarely if ever kept to any significant degree by the patient. With respect to emergency information and personal information, this information is, like financial information, most often maintained by the person in their own files, although many persons additionally store such information in the hands of family members and lawyers.
[5] Nonetheless, it will be noted that most of the information is not physically carried by the person as they go about their daily business. The amount of information is simply too large to conveniently carry. Additionally, even if the information could be earned
by the person, it is generally not secured and thus if misplaced or stolen could give a criminal access to certain pieces of information which would facilitate criminal and/ fraudulent activity, or grant a third party access to private information which the person would prefer not to be known by others (such as net worth financial data, or medical condition data).
[6] Although an infrequent occurrence, there are times when it is critical that the private information be available to the person or authorized third parties. Take, for example, the situation where the person is traveling for business or pleasure and suffers a medical emergency. In such a situation it would be helpful to a caregiver if that person's medical information were immediately available for review. As discussed above, most persons do not carry their medical histories with them and thus the caregiver would have to rely on the person's memory to recall their medical history, or wait until the person's doctor could be contacted. This problem is further complicated if the person's medical condition renders them incapacitated (for example, unconscious) and thus unable to actively participate in the rendering of medical aid.
[7] A need exists in the art for a way to allow persons to store large amounts of private information, such as personal medical information, financial information and/or emergency information, in a portable device which would not only provide for the secure storage of the private information but also allow the person to specify in advance, and thus control exercise control over, the conditions under which third parties would be able to access the securely stored private information from the portable device.
[8] EMBODIMENTS OF THE APPLICATION
[9] In an embodiment, a device comprises a portable housing capable of being carried by a certain person, and a circuit within the portable housing. The circuit comprises a memory for storing private data concerning that certain person, a circuit operable to effectuate storage of the private data in the memory in a secure manner, and a processing unit operable to control access to the memory for purposes of reading private data concerning the certain person from the memory and storing private data concerning the certain person to the memory. The conditions under which access to the memory for read and write operations with respect to the private data is permitted are governed by parameters that are specified by the certain person to whom the stored private data concerns. A hardware encryption such as provided by data from a smart card module secures the data on the mass storage device
[lϋ] In a further embodiment, a system comprises a portable device for storing private data concerning a certain person, a personal computing device; and a communications link interconnecting the personal computing device and the portable device, the communications link carrying private data concerning that certain person for transmission
to the portable device or for transmission from the portable device. The portable device comprises a circuit within a portable housing comprising a memory for storing the private data concerning that certain person, a circuit operable to effectuate storage of the private data in the memory in a secure manner, and a processing unit operable to control access to the memory for purposes of reading private data concerning the certain person from the memory and storing private data concerning the certain person to the memory. The conditions under which access to the memory for read and write operations with respect to the private data is permitted are governed by parameters specified and entered by the certain person to whom the stored private data concerns through personal computing device and communicated over the communications link.
[11] BRIEF DESCRIPTION OF THE DRAWINGS
[12] A more complete understanding of the method and apparatus of the application may be acquired by reference to the following Detailed Description when taken in conjunction with the accompanying Drawings wherein:
[13] FIGURE 1 is a block diagram of a system implementation;
[14] FIGURE 2 illustrates a format for one embodiment of the device.
[15] DETAILED DESCRIPTION OF THE DRAWINGS
[16] An aspect of the present application concerns enabling individual persons to own a private database in a portable format, wherein the database is capable of storing large amounts of private information in a secure way. While one application for the database is the storage of personal medical information, it will be understood that the database can store any information of a personal or even confidential manner as desired by the owner. Generally speaking, this information could be considered private to the person. It will be understood, however, that private in this context does not necessarily mean that the information is secret information, or is information that would necessarily need to be hidden from others. Rather, private information may refer to information that is owned by the person and whose dissemination is controlled by the person in accor dance with some predefined agreement, authorization or condition.
[17] Security-based applications with respect to data is often based on two concepts. First, although the data may relate to a person, that data is owned by an organization other than the person (for example, a doctor, hospital, bank, etc. ), and the organization defines the rules which must be followed in order for access to that data to be granted (for example, a signed release, a PIN number, etc. ). Second, even though the data is the person's data, that person is given access to the data only through the use of an identification mechanism (like the PIN, or presentation of a driver's license) as specified by the organization.
[18] The present application implements a reversal in the ownership scheme with respect to such data from the organization to the individual in an organized and highly secured
environment. To implement this, the present application recognizes the person as the owner of the data, and allows the owner/person to decide how and when (i.e., under what circumstances ) others such as third parties, including the organizations noted above, are to be granted access to the data.
[19] Thus, the owner of the data is allowed to grant third party access to the data in accordance with their own personal decision. In other words, the person to whom the data concerns specifies the conditions under which a third party may access the data, including specifying the degree to which different third parties may retrieve the stored data. This third party access to the data is always given by the predetermined and specified choice (i.e., direction) of the person owning the data, and it is the responsibility of that person to specify all parameters governing third party access to the data. It will be recognized that access to some stored data may be required in certain emergency situations (such as emergency contact data) and that the person should not necessarily be able to control and restrict access to the data by legitimate third parties (for example, a governmental entity such as the police). In all other cases where the personal security of the person/owner would be at risk, the person who owns the data pre-defines the level of third party access rights.
[20] This may be analogized in a way to a person's home. The home is private property and the homeowner can predefine the nature and extent to which third parties such as relatives, friends or a housekeeper are given access to the private property through access to keys and security codes, but the homeowner nonetheless grants a governmental entity such as the fire department access to the home in the event of an emergency. Likewise, with respect to the stored private data, certain keys can be predefined by the person/owner which govern when and to what extent third parties may access the stored data, but nonetheless the person/owner would grant governmental emergency services personnel access to certain data in the event of an emergency situation.
[21] As a further example, consideration may be given to personal medical data. It is recognized that a person's body is their own property and medical information relating to that person's body is likewise the property of the person. A person would authorize others such as doctors, nurses, hospitals, clinics access to their body in order to perform medical analyses. The medical information and data which result from such analyses belong to the person being examined. Thus, diagnostic and treatment data for a person belong to that person. An organization, such as a doctor or an insurance company, may be given access to the stored record of medical information or data for certain predefined purposes, wherein access to the data is granted by area and with respect to predetermined topics as specified by the person/owner of the data. In this way, a doctor can be given one level of data access (perhaps complete access), while
an insurance company or employer is give another more restricted level of access. In this way, the person/owner can define the level of access and privacy desired. Additionally, in an emergency situation, a government agency might be granted authorization to a certain level of data, while in non-emergency situations the level of access could be more restricted.
[22] Consider now the portable data storage device which stores the database of personal medical information (data). As an example, this portable data storage device could comprise a 'smart card1 type of technology known in the art. The person/owner can decide the conditions under which a doctor is granted access to the database. For example, in one scenario, the person may authorize the doctor read-only rights with respect to already stored information, but otherwise the doctor may only write to the database so as to store new data but cannot modify prior data. This may be appropriate, for example, when the person is seeing a doctor other than his/her normal attending physician. In another scenario, the doctor may be authorized by the person to access the database for any read/write operation. In either case, it is the person who owns the data about themselves who can specify the level of access. This may be specified in advance through stored access parameters, or alternatively specified in real time using some sort of keyed authorization such as the entry of a PIN code or through a biometric scan.
[23] The foregoing addresses the situation where a third party is granted access to the database on the portable data storage device. It will also be noted that situations may often arise wherein the person desires to access to the database. In this case, access to the database for read/write purposes may be governed by some sort of keyed authorization such as the entry of a PIN code or through a biometric scan.
[24] In any case, it is the owner of the information/data who is making the decision (either in real time or predetermined) as to whom is given access to their private information and under what circumstances and conditions that access is to be granted. Additionally, it will be noted that ownership of the data never changes from the person. The person remains in control of the database and its contained information /data.
[25] Reference is now made to FIGURE 1 wherein there is shown a block diagram of a system implementation of the present application. A portable data storage device lϋ is provided which includes a mass storage data memory 12, for example of a size at or greater than 1 Gbit, although it will be understood that certain implementations may not require a memory that large. The portable data storage device lϋ may take on any one of a number of known physical formats. A preferred implementation would utilize 'smart card1 technology thus allowing the device lϋ to be earned by the person in a manner similar to the way the person would carry a credit card or other identification card. Another implementation would utilize 'key fob1 technology thus allowing the
device lϋ to be carried by the person along with their house and car keys.
[26] The memory 12 is implemented within an integrated circuit chip 14 that is contained within the housing of the device lϋ in a manner well known in the art. The integrated circuit preferably includes the memory 12 implemented, for example, as a NAND- based FLASH memory. The integrated circuit 14 further includes processing circuitry 16 and communications/interface circuitry 18. The integrated circuit 14 may in an implementation comprise an ASIC circuit or a microcontroller circuit which includes embedded memory 12. The processing circuitry 16 is operable to execute an application program which governs operation of the device lϋ. The application program may be stored in memory 12, or alternatively stored in a separate programming memory (such as EEPROM) associated with the processing circuitry 16. The communications/interface circuitry 18 functions to support external data communication with respect to the device lϋ. Modes of communication which may be supported by the communications/interface circuitry 18 include one or more wireless and/or wireline communication technologies known in the art such as RF communications and USB communications. As an example, the communications/interface circuitry 18 may comprise a 'smart card1 reader circuit supporting 'smart card1 data communications with the device lϋ. Utilizing a data communications link 20 supported by the communications/interface circuitry 18, the processing circuitry 16 can transmit data from the device 10 (as extracted from the memory 12) as well as receive data to the device (for storage in the memory). The other end of the data communications link 20 may be coupled in a known manner to a personal computing device (such as a laptop or other data processor). An application for supporting data communication over the data communications link 20 would be executed by the personal computing device in order to support the transmission of data to the device 10 (for storage in the memory 12) as well as to receive data from the device (as retrieved from storage in the memory).
[27] In an implementation, the device 10 may further include a biometric sensor 22 communicatively coupled to the integrated circuit 14, for example to the processing circuitry 16. The biometric sensor 22 may preferably comprise a fingerprint sensor (for example, of the capacitive-type known in the art) which functions to obtain biometric data. This captured biometric data is processed by the processing circuitry 16 for the purpose of identifying the person/owner of the device 10 (i.e., the person/owner of the information/data which is stored in the memory 12). To this end, application software is stored on the device 10 and executed by the processing circuitry 16 to perform identification operations with respect to the person/owner of the device 10.
[28] The memory 12 supports personal information/data storage on the device 10 in any one of a number of formats. In a further implementation, the personal information/data is stored in the memory 12 of the device 10 in a database format (for example, a
relational database format). Other data storage formats known to those skilled in the art could be used. In addition, a combination of data storage formats may be used wherein the selected format is tailored to the kind of data being stored as well as to the read/ write actions anticipated with respect to that data.
[29] The person/owner of the device lϋ would act to configure their device lϋ in the manner they choose with respect to the issue of how and when (i.e., under what circumstances ) they as well as others such as third parties including the organizations noted above are to be granted access to the data. This can be accomplished by setting certain parameters and storing the parameter data in the device lϋ. The application executed by the processing circuitry 16 would evaluate these set parameters, in the context of the requested access, in order to determine whether access to the memory 12 should be granted, and if so to what degree access is permitted. The degree in this context refers to what files can be accessed as well as whether read, write, or both access is being granted.
[30] The foregoing may be better understood by reference to an example concerning entering personal medical data into the device lϋ for storage in the memory. The person/owner may set certain access parameters for a doctor or pharmacy. The access parameters may permit a doctor or pharmacist (or their assistant) to be able to access the memory 12 for the purpose of writing data to only certain fields. For example, the parameters processed by the processing circuitry 16 may give a doctor broader write access permission as any medical record area, while the pharmacist is permitted by the parameters write access only with respect to a record area where pharmaceutical information is stored (prescriptions written, drugs taken, allergies, etc. ). It should be noted that it is the person/owner of the device and information which sets these write parameters, not the doctor or pharmacist. With respect to the person/owner, write control parameters may be defined which grant the person complete write access to their stored information. Alternatively, the parameters may restrict the person/owner write access to certain fields or areas so as to eliminate the risk of the person/owner accidentally changing critical medical data as entered by the doctor or pharmacist. Again, it is the person/owner of the device and information which sets these write parameters.
[31] The parameters may further define what type of authentication is required in order fo r access to be granted. For example, with respect to the person/owner those parameters may specify, for devices which include a biometric sensor 22 that the request for access include a biometric authentication of the person. Alternatively, the parameters may specify that the request for access include an entered authentication code or PIN associated with the entity making the access request. A combination of biometric and PIN may be required.
[32] Moving next to an example concerning retrieving personal medical data from the
device lϋ and its memory, the person/owner may set certain access parameters for a doctor or pharmacy. The access parameters may permit a doctor or pharmacist (or their assistant) to be able to access the memory 12 for the purpose of reading data from only certain fields. For example, the parameters processed by the processing circuitry 16 may give a doctor broader read access permission as any medical record area, while the pharmacist is permitted by the parameters read access only with respect to a record area where pharmaceutical information is stored (prescriptions written, drugs taken, allergies, etc.) as well as the medical records relating to medical conditions and physician orders and prescriptions. It should be noted that it is the person/owner of the device and information which sets these write parameters, not the doctor or pharmacist. With respect to the person/owner, read control parameters may be defined which generally grant the person complete read access to their stored information. With respect to other third parties, such as emergency personnel, the parameters may restrict the third party read access to certain fields or areas associated with the provision of emergency medical care so as to eliminate the risk of the third party gaining access to private information that the person/owner wishes to keep confidential. Again, it is the person/owner of the device and information which sets these read parameters.
[33] As with the write information, the parameters may further define what type of authentication is required in order for read access to be granted. For example, with respect to the person/owner those parameters may specify, for devices which include a biometric sensor 22 that the request for access include a biometric authentication of the person. It will be noted that even in the event of an emergency where the person/owner was unconscious the ability to biometrically authenticate through a fingerprint may still be performed thus granting the doctor/hospital complete access to the stored medical information. Alternatively, the parameters may specify that the request for access include an entered authentication code or PIN associated with the entity making the access request. A combination of biometric and PIN may be required. In still other situations, the parameters may specify that the request for access need not include any special authentication (but in such situations the parameters would further restrict the third party read access to certain fields or areas, such as in the case of the provision of emergency medical care).
[34] It was mentioned above that the device includes an application executed by the processing circuitry 16. It will be noted that an 'application1 could mean more than one program or computer application for execution on and by the device lϋ. The ap- plication(s) executed on the device should function:
[35] - to include readers inside the device supporting reading by desktop and laptop personal computers;
[36] - to support reading files compliant with Internet-like applications;
[37] - to organize files in a way which follows pertinent file reading standards associated with standard browsers;
[38] - to support the definition and formatting of files in a manner accessible only using a proprietary application executing on the personal computer;
[39] - to support conversion of files between formats;
[40] - with a main application capable of reading all file types and operable to convert files in a format allowing for database creation and support operation of a search engine;
[41] - to support data organization and search engine functions;
[42] - to support organization of the data in a way which supports information searches;
[43] - to support file management, key definition and tagging useful in organizing the database; and
[44] - to support specific files for the application with tags and/or specific extensions.
[45] It was further mentioned above that the personal computer includes an executing application supporting access to the device lϋ. It will be noted that an 'application1 could mean more than one program or computer application for execution on and by the personal computer. The application^ ) executed on the personal computer should function:
[46] - to support organization of the data in a way which supports information searches;
[47] - to support file management, key definition and tagging useful in organizing the database; and
[48] - to support specific files for the application with tags and/or specific extensions.
[49] Reference is now made to FIGURE 4 wherein there is shown a block diagram of an embodiment of the present application. The portable data storage device lϋ is housed using a smart card-type housing within which is provided a >lGbit mass storage data memory 12. The memory may comprise, for example, a NAND FLASH memory implemented as an integrated circuit or a hard-drive memory. The memory 12 operates to store information/data preferably in a file and/or database organized format. The portable data storage device lϋ further includes a microcontroller (processing circuitry) 16 with EEPROM which is coupled to the mass storage data memory 12. Browser code or a Java applet executing on the personal computer supports a functionality for externally reading the microcontroller. Thus, it will be recognized that the microcontroller supports PC reader emulation. The portable data storage device lϋ further includes a high level security ID smart card integrated circuit 3ϋ interfaced with the mass storage data memory 12 and the microcontroller (processing circuitry) 16. The smart card circuit 3ϋ functions in a manner known in the art to secure access to data stored in the mass storage data memory 12 via PIN number, password or other authentication and scramble data organization on memory access such that the memory
12 cannot be read without the presence and approval of the smart card integrated circuit 30. The smart card circuit 30 may further include communications/interface circuitry 18 supporting a data communications link 20 over which data can be transmitted from the device 10 (as extracted from the memory 12) as well transmitted to the device (for storage in the memory). The portable data storage device 10 may further include a biometric sensor 22 communicatively coupled to the processing circuitry 16. The sensor 22 is preferably a touch-chip fingerprint sensor which can be configured and is operable to identify one or more persons based on their unique fingerprint patterns. The processing circuitry 16 may further support communications/ interface circuitry 18 supporting a data communications link 20, using USB-based wireline communications technology, over which data can be transmitted from the device 10 (as extracted from the memory 12) as well transmitted to the device (for storage in the memory).
[50] The memory 12, microcontroller (processing circuitry) 16, smart card circuit 30 and sensor 22 may be implemented as separate integrated circuits and/or components within the smart card housing. Alternatively, some integration of multiple ones of the circuits together may also be provided.
[51] Although embodiments of the method and apparatus of the present application have been illustrated in the accompanying Drawings and described in the foregoing Detailed Description, it will be understood that the application is not limited to the embodiments disclosed, but is capable of numerous rearrangements, modifications and substitutions without departing from the spirit of the application as set forth and defined by the following claims.
[52] This concept supporting the present application allows a security risk very important reduction. A intrusion and data corruption (voluntary by virus or involuntary by system crash) may directly induce the lost of corruption of Millions of individual information owners. The level of structure of the device presented in this invention voluntary or involuntary corruption may induce a very significant activity (Elementary Devices stilling. Fingerprint Module Craking, Smart Card C raking) that in case of improbable success would reduce the lost impact in a ratio of numbers of individual (i.e. in the case of Medical Records and Information in a factor of Millions)
[53] Figure 2 shows a further embodiment of the application.
[54] The device 25 comprises a main controller 51 which is managing the cooperation between the further elements of the device 25.
[55] There is provided a biometric module 52 which in turn comprises a finger print sensor 54 which is operatively with a sensor driver microcontroller 53 over a communication link CPl. The communication between the biometric module 52 and the main controller 51 is handled over a communication link CP2.
[56] There is also provided a mass storage memory 50 which is here in the form of a flash memory. The communication between the mass storage memory 50 and the main controller 51 is handled over a communication link CP4.
[57] Further, there is a provided a smart card device 56 which is here in the form of a chip which is used in common smart cards. The smart card device is in charge of the key algorithm storage to manage the physical encryption of the read and write accesses with the mass storage device 50. The communication between the smart card device 56 and the main controller 51 is handled over a communication link CP5.
[58] A USB connector 37 with a common access logic and a power supply is further provided. The communication between the USB connector 37 and the main controller 51 is handled over a communication link CP3. The communication between the USB connector 37 and the external user of the device can be handled according to the serial USB protocol but other protocols can be applied such as TCP/IP, LAN, FireWire, etc. The USB connector 37 comprises externally accessible connectors for accessing the device 25.
[59] In a further embodiment not shown here, the USB connector 37 is not provided with an electromagnetic wave based communication system such as the Bluetooth protocol. Power supply to the device can not only be made via connectors such as the 5V power lines of a USB connector. Power supply to the device can also be achieved with a sort of an energy storage means such as a replaceable battery, a rechargeable battery or a large capacitor which may be recharged with electromagnetic waves.
[60] The device 25 also comprises an RF ID tag. The RF tag can in principal be arranged to communicate with the main controller 51 but in the present embodiment, there is no communication provided between the RF tag and the main controller 51.
[61] The communication links CPl, CP2, CP3, CP4, and CP5 may be driven according to a standardized protocol such as USB (CP3), Flash (CP4) or simply a personalized protocol.
[62] The device 25 is taken up into a housing which is not shown here. The housing may comprise plastic material which is arranged such that the components of the device 25 are waterproof or at least protected from environmental influences. A photo 59 of an authorized user may be visibly included into the housing.
[63] In the present embodiment, the biometric module 52, the sensor driver microcontroller 53, the mass storage memory 50, the smart card device 56, and the USB connector 37 are further named sub-microcontrollers as a generic expression.
[64] The main controller 51 comprises a communication module, a processing module and a memory module EEPROM. The main controller 51 interfaces the other sub- microcontrollers for different purposes. The main controller 51 exchanges data via the communication protocol CP2 with the Biometric Sensor controller 52 to setup and ac-
knowledge the fingerprint recognition of a user of the device 25, with the smart card 56 microcontroller via the communication protocole CP5 to receive a PIN and/or others personal Identification as device owner picture or Genomic Identification, for example Base Pair Counts or other significant data. The main controller 51 in Fig. 2 is also communicating with the mass storage support, which is formed as a flash memory 50 in Fig. 2.
[65] The smart card 56 plays the following role in the device 25. The embedded smart card circuit 56 or a similar microcontroller with an embedded ROM and a memory circuit is communicating with the main controller 51 of the device 25 and it is sending a memory encryption code allowing the physical encryption of the mass memory storage device 50.
[66] The embedded smart card 56 can also contain in its non-volatile memory a key references of the device 25. A key reference is an information which is linked to the authorized user such as a social security number or a biologically unique information such as a characteristic DNA code segment. The smart card 56 can also contain generic information which allows owner identification of an authorized user and or private specific information as DNA sub code or Base Pairs counts as sub-characteristics of the device owner.
[67] The RF ID Tag id dedicated to fast owner identification in a specific location. The
RF ID Tag id identification can be must faster and consume less energy than running the device 25 together with an external computer for reading out data. The RF ID tag also permits a quick search for the device 25 if it is lost, using a portable scanner.
[68] The RF ID tag 58 embedded in the housing of the device 25 is here not electrically connected to the main storage device 50. The RF ID tag 58 caries both the patient identification such as name, social security number etc. as well as a device retrieval information and function in case of lost in a defined environment, e.g. in a hospital.
[69] The Biometric Sensor Module 52 here as an example of a finger print sensor 54 contains the biometric sensor 54 which is a fingerprint capacitive sensor in the present example, and a controller circuit 53. The controller circuit 53 is activated by the main controller 51 of the device and it starts the sensing fingerprint recognition process with the sensor circuit via a communication protocole CPl. The biometric module controller 53 manages the scan and acquisition and storage of the key fingerprint minuates or with others recognition algorithms or methods.
[70] One of the underlying technical concepts of the embodiment is that the portable device contais a main controller 51 with a core firmware driving a set of sensors, one or more mass storage memories, a security device via internal communication protocols (CP2/CP4/CP5 ) as well as an external communication protocol CP3 to exchange data with the owner of the device. The device functionalities ate therefore
visible by the owner or to other persons over a secure server that will appear as a known Internet Web Site.
[71] Once the device 25 is activated such as plugged into any external computer with communication port USB in the case of current description of the embodiment, the microcontroller 51 and the other sub-microcontrollers will be supplied with energy and enter into the boot mode to setup a pre-configured structure of operation.
[72] The microcontroller 51 will initiate an autorun procedure on the external computer which starts a webpage with the data of the mass storage memory 50. In the present embodiment an interpreter language such as Java is used for running the application program.
[73] One of the first steps of the autorun process will be to display a photo of the authorized user on a monitor screen of the computer, the picture of the owner permitting a first level of visual identification and a check. An authentification request via one of the identification predefined media such as using the fingerprint sensor 52, entry of owner PIN number over a keyboard of the external computer, is provided, too.
[74] After completing the identification of the authorized owner, the data of the mass storage device 50 can be displayed and manipulated using the external computer. The device 25 appears as a known type of an autonomous web server.
[75] The term webserver can mean a computer program that is responsible for accepting
HTTP requests from clients, which are known as web browsers, and serving them HTTP responses along with optional data contents, which usually are web pages such as HTML documents and linked objects such as images. A webserver is also a computer that runs a computer program as described above.
[76] The present embodiment is secure against the following manipulation. An unauthorized user takes the mass storage memory 50 out of the device 25 and he connects it into an external computer which is not shown here. Despite the computer being able to communicate with the mass storage memory 50 using the protocol CP4, the data on the mass storage memory 50 cannot be used because the external computer has no access to the content of the smart card 56. The content of the smart card 56 is necessary to decode the data which is exchanged over the protocol CP4. This is provided with a hardware encryption function using the smart card data.
[77] In a more advanced approach to tamper the mass storage memory 50, the unauthorized user could try - using the protocol CP5 - to use the smart card 56 in order to use the encryption code stored thereon for accessing the mass storage memory 50. Such approaches can be made more difficult or even prevented by encrypting the information on the smart card with software or hardware protections which disable the smart card unit 56 and other sub-processors if they are taken out of the device 25. One further embodiment which is not shown here provides an interaction between the main
controller 51 and the sub-microcontroller such that an operation is only possible if the modules of the device 25 are present in the original configuration after producing it.
Claims
[1] L A device, comprising:
- a portable housing; and
- a circuit within the portable housing, the circuit comprising:
- a memory for storing data;
- a storage circuit operable to effectuate storage of the data in the memory;
- a processing unit operable to control access to the memory for purposes of reading data from the memory and storing data to the memory, wherein access to the storage circuit is secured with a hardware encryption.
[2] The device of claim 1 wherein the portable housing has a size and shape similar to a credit card.
[3] The device of claim 1 wherein the portable housing has a size and shape similar to a key fob.
[4] The device of claim 1 wherein the parameters include a first parameter specifying that access to the memory with respect to first certain ones of the files of the private data is to be prevented by the processing unit unless that access is expressly authorized by the certain person to whom the stored private data concerns and a second parameter specifying that access to the memory with respect to second certain ones of the files of the private data is permitted without the express authorization of the certain person.
[5] The device of claim 4 wherein the parameters further include a third parameter specifying that access to the memory with respect to third certain ones of the files of the private data is permitted by the processing unit as to certain third parties who are expressly authorized by the certain person to whom the stored private data concerns.
[6] The device of claim 1 wherein the circuit further comprises means for receiving an identification of the certain person, the conditions under which access to the memory for read and write operations with respect to the private data is permitted being further governed by receipt of the identification.
[7] The device of claim 6 wherein the means for receiving the identification comprises a biometric scanner for biometrically identifying the certain person.
[8] The device of claim 6 wherein the means for receiving the identification comprises circuitry for receiving an identification code of the certain person.
[9] The device of claim 6 wherein the parameters include a first parameter specifying that access to the memory with respect to first certain ones of the files of the private data is to be prevented by the processing unit unless that access is expressly authorized by the certain person to whom the stored private data
concerns through receipt of the identification of the certain person by the means for receiving and a second parameter specifying that access to the memory with respect to second certain ones of the files of the private data is permitted without the express authorization of the certain person through receipt of the identification of the certain person by the means for receiving.
[lϋ] The device of claim 9 wherein the parameters further include a third parameter specifying that access to the memory with respect to third certain ones of the files of the private data is permitted by the processing unit as to certain third parties who are expressly authorized by the certain person to whom the stored private data concerns.
[11] The device of claim 1 wherein the storage circuit operable to effectuate storage of the private data in the memory in a secure manner comprises a circuit that scrambles the private data for storage on the memory.
[12] The device of claim 1 wherein the storage circuit operable to effectuate storage of the private data in the memory in a secure manner comprises a security identification smart card circuit.
[13] The device of claim 1 wherein private data concerning the certain person comprises personal medical information of that certain person.
[14] The device of claim 1 wherein private data concerning the certain person comprises personal financial information of that certain person.
[15] The device of claim 1 wherein private data concerning the certain person comp rises personal emergency information of that certain person.
[16] A system, comprising:
- a portable device for storing private data;
- a personal computing device;
- a communications link interconnecting the personal computing device and the portable device, the communications link carrying data for transmission to the portable device or for transmission from the portable device; wherein the portable device comprises a circuit within a portable housing, the circuit comprising:
- a memory for storing the private data;
- a storage circuit operable to effectuate storage of the data;
- a processing unit operable to control access to the memory for purposes of reading data from the memory and storing data to the memory, the conditions under which access to the memory for read and write operations with respect to the data is permitted being governed by parameters specified and entered by the person to whom the stored data concerns through personal computing device and communicated over the communications link.
[17] The system of claim 16 wherein the parameters include a first parameter specifying that access to the memory with respect to first certain ones of the files of the private data is to be prevented by the processing unit unless that access is expressly authorized by the certain person to whom the stored private data concerns and a second parameter specifying that access to the memory with respect to second certain ones of the files of the private data is permitted without the express authorization of the certain person.
[18] The system of claim 17 wherein the parameters further include a third parameter specifying that access to the memory with respect to third certain ones of the files of the private data is permitted by the processing unit as to certain third parties who are expressly authorized by the certain person to whom the stored private data concerns.
[19] The system of claim 16 wherein the circuit further comprises means for receiving an identification of the certain person, the conditions under which access to the memory for read and write operations with respect to the private data is permitted being further governed by receipt of the identification.
[20] The system of claim 19 wherein the means for receiving the identification comprises a biometric scanner for biometrically identifying the certain person.
[21] The system of claim 19 wherein the means for receiving the identification comprises circuitry for receiving an identification code of the certain person, that authorization code having been entered through the personal computing device and communicated over the communications link to the circuit.
[22] Method for using a device and or a system to one or more of the claims 1 to 22 for transporting, storing, altering or reading data on or from a mass storage device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/IB2008/051534 WO2009130538A2 (en) | 2008-04-22 | 2008-04-22 | Data storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/IB2008/051534 WO2009130538A2 (en) | 2008-04-22 | 2008-04-22 | Data storage device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| WO2009130538A2 true WO2009130538A2 (en) | 2009-10-29 |
| WO2009130538A3 WO2009130538A3 (en) | 2010-06-03 |
Family
ID=41217191
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/IB2008/051534 WO2009130538A2 (en) | 2008-04-22 | 2008-04-22 | Data storage device |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2009130538A2 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678994A (en) * | 2013-12-05 | 2014-03-26 | 中国科学院数据与通信保护研究教育中心 | USB encrypted storage method and USB encrypted storage system with environment control function |
| CN104598947A (en) * | 2015-02-11 | 2015-05-06 | 成都布林特信息技术有限公司 | Electronic tag data processing method |
| CN104636652A (en) * | 2015-02-11 | 2015-05-20 | 成都布林特信息技术有限公司 | Information processing method based on radio frequency identification |
| US9141951B2 (en) | 2009-07-02 | 2015-09-22 | Biometric Payment Solutions | Electronic transaction verification system with biometric authentication |
| GB2577631A (en) * | 2017-03-30 | 2020-04-01 | Kingston Digital Inc | Smart security storage |
| EP3832515A1 (en) * | 2019-12-03 | 2021-06-09 | Samsung Electronics Co., Ltd. | Storage device including memory controller, and non-volatile memory system including the same and operating method thereof |
| EP3832505A1 (en) * | 2019-12-03 | 2021-06-09 | Samsung Electronics Co., Ltd. | Storage device, nonvolatile memory system including memory controller, and operating method of the storage device |
| US11936645B2 (en) | 2017-03-30 | 2024-03-19 | Kingston Digital, Inc. | Smart security storage system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003048892A2 (en) * | 2001-11-14 | 2003-06-12 | Mari Myra Shaw | Access, identity, and ticketing system for providing multiple access methods for smart devices |
| GB2390705A (en) * | 2002-07-11 | 2004-01-14 | Ritech Internat Ltd | Portable biodata protected data storage unit |
| US20040139044A1 (en) * | 2001-01-10 | 2004-07-15 | Jorg Rehwald | System for detecting and storing individual-specific data, a corresponding storage element, and a method for rescuing and/or medically caring for living beings in an emergency |
| US20050097338A1 (en) * | 2003-10-30 | 2005-05-05 | Lee Kong P. | Biometrics parameters protected USB interface portable data storage device with USB interface accessible biometrics processor |
| US20080028146A1 (en) * | 2006-07-26 | 2008-01-31 | Sandisk Il Ltd. | USB flash disk device and method |
| US20080052528A1 (en) * | 2001-06-28 | 2008-02-28 | Trek 2000 International Ltd. | Portable device having biometrics-based authentication capabilities |
| US20080059236A1 (en) * | 2006-08-31 | 2008-03-06 | Cartier Joseph C | Emergency medical information device |
-
2008
- 2008-04-22 WO PCT/IB2008/051534 patent/WO2009130538A2/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040139044A1 (en) * | 2001-01-10 | 2004-07-15 | Jorg Rehwald | System for detecting and storing individual-specific data, a corresponding storage element, and a method for rescuing and/or medically caring for living beings in an emergency |
| US20080052528A1 (en) * | 2001-06-28 | 2008-02-28 | Trek 2000 International Ltd. | Portable device having biometrics-based authentication capabilities |
| WO2003048892A2 (en) * | 2001-11-14 | 2003-06-12 | Mari Myra Shaw | Access, identity, and ticketing system for providing multiple access methods for smart devices |
| GB2390705A (en) * | 2002-07-11 | 2004-01-14 | Ritech Internat Ltd | Portable biodata protected data storage unit |
| US20050097338A1 (en) * | 2003-10-30 | 2005-05-05 | Lee Kong P. | Biometrics parameters protected USB interface portable data storage device with USB interface accessible biometrics processor |
| US20080028146A1 (en) * | 2006-07-26 | 2008-01-31 | Sandisk Il Ltd. | USB flash disk device and method |
| US20080059236A1 (en) * | 2006-08-31 | 2008-03-06 | Cartier Joseph C | Emergency medical information device |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11138594B2 (en) | 2009-07-02 | 2021-10-05 | Biometric Payment Solutions, Llc | Electronic transaction verification system with biometric authentication |
| US10664834B2 (en) | 2009-07-02 | 2020-05-26 | Biometric Payment Solutions | Electronic transaction verification system with biometric authentication |
| US11783320B2 (en) | 2009-07-02 | 2023-10-10 | Biometric Payment Solutions, Llc | Electronic transaction verification system with biometric authentication |
| US9141951B2 (en) | 2009-07-02 | 2015-09-22 | Biometric Payment Solutions | Electronic transaction verification system with biometric authentication |
| US9846875B2 (en) | 2009-07-02 | 2017-12-19 | Biometric Payment Solutions | Electronic transaction verification system with biometric authentication |
| US10304054B2 (en) | 2009-07-02 | 2019-05-28 | Biometric Payment Solutions | Electronic transaction verification system with biometric authentication |
| CN103678994A (en) * | 2013-12-05 | 2014-03-26 | 中国科学院数据与通信保护研究教育中心 | USB encrypted storage method and USB encrypted storage system with environment control function |
| CN104636652A (en) * | 2015-02-11 | 2015-05-20 | 成都布林特信息技术有限公司 | Information processing method based on radio frequency identification |
| CN104598947A (en) * | 2015-02-11 | 2015-05-06 | 成都布林特信息技术有限公司 | Electronic tag data processing method |
| GB2577631A (en) * | 2017-03-30 | 2020-04-01 | Kingston Digital Inc | Smart security storage |
| GB2577631B (en) * | 2017-03-30 | 2020-12-02 | Kingston Digital Inc | Smart security storage |
| US10880296B2 (en) | 2017-03-30 | 2020-12-29 | Kingston Digital Inc. | Smart security storage |
| US11936645B2 (en) | 2017-03-30 | 2024-03-19 | Kingston Digital, Inc. | Smart security storage system |
| US11888845B2 (en) | 2017-03-30 | 2024-01-30 | Kingston Digital, Inc. | Smart security storage |
| US11947466B2 (en) | 2019-12-03 | 2024-04-02 | Samsung Electronics Co., Ltd. | Storage device, nonvolatile memory system including memory controller, and operating method of the storage device |
| US11645000B2 (en) | 2019-12-03 | 2023-05-09 | Samsung Electronics Co., Ltd. | Storage device including memory controller, and non-volatile memory system including the same and operating method thereof |
| US11586559B2 (en) | 2019-12-03 | 2023-02-21 | Samsung Electronics Co., Ltd. | Storage device, nonvolatile memory system including memory controller, and operating method of the storage device for independently performing a relink to a host device |
| EP3832515A1 (en) * | 2019-12-03 | 2021-06-09 | Samsung Electronics Co., Ltd. | Storage device including memory controller, and non-volatile memory system including the same and operating method thereof |
| EP3832505A1 (en) * | 2019-12-03 | 2021-06-09 | Samsung Electronics Co., Ltd. | Storage device, nonvolatile memory system including memory controller, and operating method of the storage device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009130538A3 (en) | 2010-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8219771B2 (en) | Portable device for storing private information such as medical, financial or emergency information | |
| US20220222329A1 (en) | Systems and methods for securely processing a payment | |
| JP5659246B2 (en) | Protected personal data processing and management system | |
| WO2009130538A2 (en) | Data storage device | |
| US5995965A (en) | System and method for remotely accessing user data records | |
| US7472275B2 (en) | System and method of electronic signature verification | |
| US6997381B2 (en) | Dual-sided smart card reader | |
| US9886592B2 (en) | Medical alert computer interface tamper-proof secure device | |
| US7043754B2 (en) | Method of secure personal identification, information processing, and precise point of contact location and timing | |
| US7298872B2 (en) | Electronic identification system for form location, organization, and endorsment | |
| US20030028811A1 (en) | Method, apparatus and system for authenticating fingerprints, and communicating and processing commands and information based on the fingerprint authentication | |
| US20070279187A1 (en) | Patient information storage and access | |
| BRPI0717818A2 (en) | SECURITY SYSTEM FOR MEDICAL RECORDS; METHOD FOR SAFE ACCESS TO MEDICAL RECORDS; AND SYSTEM FOR SECURE ACCESS OF MEDICAL RECORDS. | |
| EA011789B1 (en) | Method for secure transfer of medical data to a mobile unit/terminal | |
| US20210295968A1 (en) | Systems, devices and methods for securing, storing and accessing pet and veterinary information | |
| Neame | Effective sharing of health records, maintaining privacy: a practical schema | |
| EP1077415A1 (en) | System and method for remotely accessing user data records | |
| US8904501B2 (en) | Method and system for automated emergency access to medical records | |
| Cidon | Making IT better: how biometrics can cure healthcare | |
| US8770486B2 (en) | Arrangement, apparatus, and associated method, for providing stored data in secured form for purposes of identification and informational storage | |
| US20060178998A1 (en) | Personal electronic web health log | |
| JP2001344345A (en) | System and method for medical nursing care | |
| JP2024000227A (en) | Medical information server and terminal | |
| Sharma et al. | Smart Card for Healthcare System | |
| WO2005002105A1 (en) | System and method for network security and electronic signature verification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08737941 Country of ref document: EP Kind code of ref document: A2 |
|
| NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 08737941 Country of ref document: EP Kind code of ref document: A2 |