WO2012053967A1 - Portable securely erasable memory device, method and computer program - Google Patents

Portable securely erasable memory device, method and computer program Download PDF

Info

Publication number
WO2012053967A1
WO2012053967A1 PCT/SE2011/051247 SE2011051247W WO2012053967A1 WO 2012053967 A1 WO2012053967 A1 WO 2012053967A1 SE 2011051247 W SE2011051247 W SE 2011051247W WO 2012053967 A1 WO2012053967 A1 WO 2012053967A1
Authority
WO
WIPO (PCT)
Prior art keywords
erase
memory device
portable
securely
memory unit
Prior art date
Application number
PCT/SE2011/051247
Other languages
French (fr)
Inventor
Jens Bogarve
Roger Eriksson
Original Assignee
Business Security Ol Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Business Security Ol Ab filed Critical Business Security Ol Ab
Publication of WO2012053967A1 publication Critical patent/WO2012053967A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention relates generally to the field of, and more particularly, it relates to a portable securely erasable memory device, a method, and computer program for securely erasing data from a portable memory device.
  • USB flash drives or memory sticks have a broad range of usage, for example to transport and store personal files such as documents, pictures and videos, application software, configuration information and system software etc.
  • USB flash drives are portable they can also easily be lost or stolen. Even if the memory content has been thoroughly over-written, there is a risk that some, or all, of the data can be recovered by an unauthorized user.
  • USB memory stick When an ordinary USB memory stick is used in an untrusted system there is a risk of contamination (malware). Data or software stored on an USB memory stick may have been infected by malware, i.e data viruses or worms etc, which may be transferred to computers or other devices when the infected USB memory stick is inserted into the computer or device. The risk still remains even if the USB memory has been erased or over-written, because infected files may be hidden.
  • a portable securely erasable memory device comprising a memory unit for data storage, characterized by an internal voltage source of the memory device, and erase activation means configured to erase the memory unit in response to activation.
  • the erase activation means is adapted to disconnect the voltage supply to the memory unit in response to activation.
  • the portable securely erasable memory device may in some embodiments comprise a controller operatively connected to the memory unit, wherein the controller is configured to: detect at least one erase signal, generated in response to the erase activation means being activated for a predetermined time; and generate control commands to erase the memory unit in response to the detected erase signal.
  • the external erase activation means may comprise a single erase button.
  • the erase activation means may comprise a first erase button and a second erase button, and the controller configured to detect the at least one erase signal generated in response to that the first erase button and the second erase button have been simultaneously pressed for a predetermined time.
  • the portable securely erasable memory device may further comprise a time counting unit wherein the controller is configured to detect whether either the internal supply voltage runs low or the memory device has not been connected to a powered port for a predetermined time, and as a response generate control commands or signals to erase the memory unit.
  • the controller is configured to determine when the memory device has been manually or automatically erased, and the controller is powered by the internal supply voltage or by means of connection to a powered port; and as a response formatting the memory unit.
  • the object is achieved by a method of erasing data.
  • the method is characterized by the steps of::
  • the method further comprises the steps of:
  • the object is achieved by a computer program comprising program instructions for causing a computer to perform the method according to the second aspect , when said program is run on a computer.
  • An advantage of some embodiments of the invention is that information transfer can be performed in a protected and controlled manner. All data can be permanently erased within seconds. Due to the secure erase, the memory device can be re-used for different purposes, over and over again.
  • FIG. 1 illustrates a portable securely erasable memory device according to some embodiments of the invention
  • FIG. 2 illustrates a block diagram of the portable securely erasable memory device in FIG. 1 according to some embodiments of the invention
  • FIG. 3 illustrates a portable securely erasable memory device according to some alternative embodiments of the invention
  • FIG. 4 illustrates a block diagram of the portable securely erasable memory device in FIG. 3 according to some embodiments of the invention
  • FIG. 5 illustrates a portable securely erasable memory device according to some alternative embodiments of the invention
  • FIG. 6 illustrates a block diagram of the portable securely erasable memory device in FIG. 5 according to some embodiments of the invention
  • FIG. 7 is a flow diagram illustrating steps in a method for securely erasing data from the portable securely erasable memory device
  • FIGs 1 -7 which all illustrate schematically example arrangements according to some embodiments.
  • FIG 1 illustrates a portable securely erasable memory device 100 according to some embodiments.
  • the portable securely erasable memory device may be, but is not limited to, a USB 2.0 memory stick with secure erase functionality.
  • a casing 110 containing a printed circuit board having power circuitry, integrated circuits and memory may have erase activation means, such as a first erase button 115a and a second erase button 115b in this embodiment.
  • the erase activation means may be arranged on or through openings in the casing 110.
  • One end of the device is fitted with a USB connector 120, which provides a physical interface for connection to, for example, a host computer.
  • the portable securely erasable memory device 100 is intended for temporary storage and transfer of sensitive information. Due to a secure erase, the memory device 100 can be reused for different purposes, over and over again.
  • the secure erase is performed by an internal, battery or other internal supply powered processor. Alternatively, the internal supply voltage may be provided by means of a capacitor.
  • a powered port for example a computer
  • the internal file system of the memory device is formatted and the device is activated and can receive data.
  • the memory device 100 remains active until a secure erase has been performed. Once erased, the memory device 100 must be connected to a powered port to be activated again.
  • the housing 110 may contain a printed circuit board 125 having power circuitry or voltage source or any other power supply, including but is not limited to, a battery 130, a charging circuit 135, a monitoring unit 140, a regulator 145, an RTC (real-time clock) 150, a memory unit 155, and a mass storage controller 160 arranged thereon.
  • a printed circuit board 125 having power circuitry or voltage source or any other power supply, including but is not limited to, a battery 130, a charging circuit 135, a monitoring unit 140, a regulator 145, an RTC (real-time clock) 150, a memory unit 155, and a mass storage controller 160 arranged thereon.
  • the charging circuit 135 may be connected to the USB connector 120 to be charged by input voltage when the memory device 100 is connected to, for example, a powered host computer.
  • the input voltage may be, but is not limited to, USB +5V.
  • the charging circuit 135 is connected to the battery 130, which may be charged until it is fully loaded. Alternatively, a capacitance may be provided instead of the battery. At this stage the charging circuit 135 may continue with compensating charge.
  • a temperature sensor within the battery may be provided to prevent overcharge.
  • the charging regulator may provide, but is not limited to, an input voltage range of +2,5V-5,5V and an output voltage of +3.3V.
  • the memory unit 155 may be, but is not limited to, any volatile memory where every physical bit of information is possible to address.
  • at least one SDRAM unit of arbitrary size may be used by the connected controller 160.
  • the controller 160 may include, but is not limited to, internal Flash and SRAM memories, an SDRAM Controller for controlling the memory unit 155, an USB 2.0 Device Port.
  • the erase activation means is adapted to disconnect the voltage supply to the memory unit 155 in response to activation, wherein the memory unit may be erased.
  • the controller 160 is configured to control erase functions of the memory device 100 to perform a secure and complete erase of the memory content of the memory unit 155. All data, including any file table, is erased by over- writing
  • the erase activation means may be arranged on or through openings in the casing 110 of the memory device 100.
  • the erase activation means i.e the erase buttons 115a and 1 15b in this embodiment, is operatively connected to generate input signal to the controller 160 when activated.
  • a manual secure erase of data from the memory unit 155 may be performed by activating the erase activation means, i.e simultaneously pressing both erase buttons 115a and 115b.
  • the controller is configured to detect input signals forming at least one erase signal generated by means of the erase buttons 1 15a and 115b being pressed.
  • the controller 160 is configured to detect the at least one erase signal, generated in response to the erase activation means being activated for a predetermined time, and to generate one or more control commands to erase the memory unit 155 in response to the detected at least one erase signal.
  • the controller In response to the first erase button 1 15a and the second erase button 1 15b have been pressed for a predetermined time, for example, but not limited to at least one, two or more seconds, the controller is configured to generate control signals or commands to erase the memory unit 155.
  • the controller 160 is configured to perform an automatic secure erase by generating control signals or commands to erase the memory unit 155 if it is detected that any of the internal battery runs low or the memory device 100 is not connected to a powered USB port within a predetermined time, for example, but not limited to, 1, 6, 12, or 24 hours or any other arbitrarily determined time.
  • the RTC 150 keeps track of the elapsed time.
  • the RTC 150 generates an interrupt signal to the controller 160.
  • the controller 160 is configured to detect whether either the internal power supply runs low or the memory device 100 has not been connected to a powered port for a predetermined time, and as a response generate control commands to erase the memory unit 155.
  • the memory device 100 When the memory device 100 that have been manually or automatically erased as described is inserted in a powered USB port, it will be activated and ready to receive data. Data transfer is performed using normal operating system procedures.
  • the controller is configured to format the memory unit 155.
  • the memory unit may be formatted with FAT 32 or any suitable file allocation table.
  • the memory device may be formatted as a stand alone unit, i.e when it is not connected to a computer. In this case the format process has to be performed by means of the internal supply voltage of the memory device.
  • FIG 3 illustrates a portable securely erasable memory device 100' according to some alternative embodiments.
  • these embodiments may have, but is not limited to, four light indicators, for example LED indicators.
  • a data indictor 170a may indicate if the memory device 100' may contain data.
  • An erased indicator 170b may indicate if the memory device 100' has been securely erased.
  • An USB indicator 170c may indicate that data is being transmitted on the USB interface.
  • the indicators 170a, 170b and 170c may generate light with the same or different colour, such as red, green, blue or yellow etc.
  • a battery status indicator 180 may indicate battery capacity and charge progress.
  • the controller 160 is configured to perform an automatic secure erase by generating control signals or commands to erase the memory unit 155 if it is detected that any of the internal battery runs low or the memory device 100' is not connected to a powered USB port within a
  • predetermined time for example, but not limited to, 1, 6, 12, or 24 hours or any other arbitrarily determined time.
  • Data transfer is performed using normal operating system procedures.
  • the controller is configured to format the memory unit 155.
  • the memory unit may be formatted with FAT 32 or any suitable file allocation table.
  • USB indicator 170c While data is being transferred to or from the memory device 100', the USB indicator 170c will be lit green, showing activity on the USB interface.
  • the presence of data may be indicated by the data indicator 170a being lit red. This indicates that the memory device 100' can be transported securely to the receiver and will remain active for the predetermined time, 24 hours (automatic erase time limit) in this embodiment, unless a manual erase is performed or the battery runs low.
  • the erased indicator 170b is lit green or when all indicators are off, the memory device 100' has been securely erased. No previous data remains in memory and the memory device 100' may be reused.
  • This embodiment of the memory device 100' may contain, but is not limited to, a rechargeable lithium-ion battery.
  • the battery will automatically be charged whenever the memory device 100 'is connected to a powered USB port.
  • the battery status indicator 180 will be flashing yellow while charging and lit green when fully charged. The current battery status is indicated when either button 115a or 115b is pressed.
  • the Battery status indicator 180 may be lit green when the battery is fully charged, yellow at medium battery level ( ⁇ 24 hours left in this embodiment) and red at low battery level, the latter indicating that the battery needs charging as soon as possible to avoid automatic erase.
  • Alternative embodiments may have a single erase button 115 instead of two erase buttons as shown in FIGs 5 and 6.
  • a manual secure erase of data from the memory unit of the portable securely erasable memory device may be performed by pressing the single erase button.
  • the controller 160 In response to an erase signal received by the controller 160 generated when the single erase button is pressed for a predetermined time, for example, but not limited to at least one, two or more seconds, the controller generates control signals to erase the memory unit.
  • the button may be arranged to be hard to press and/or arranged in a recess 165 in the casing 1 10 and/or under a cover or lid.
  • the controller 160 has been described above as capable of making various operations to provide the secure erase functionality. To make these operations, the controller 160 may comprise a processing device.
  • the functions of the processing device may, e.g., be implemented using software, which may be run by a processor, such as a CPU.
  • the processing device may be implemented by an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array).
  • the RTC 150 has been described above as capable supporting the controller 160 to keep track of the time elapsed since the memory unit was connected to a powered USB port, for example, but not limited to, 1 , 6, 12, or 24 hours or any other arbitrarily determined time.
  • the disclosure is not intended to be limited by an RTC to keep track of the time elapsed.
  • any suitable time counting unit such as but not limited to a timer or counter etc. may be used to keep track of the time.
  • the erase function has been described above as an erasure or deletion by overwriting or zeroisation.
  • the memory may be overwritten in one or more steps.
  • the memory unit may be erased by either filling the memory unit with zero values (00000%), or one values (1 1 1 1 1...), or randomly with zero and one values (010101100001..), or a combination thereof.
  • the portable securely erasable memory device may be securely erased manually either as a stand alone unit or when it is connected to a device, for example a computer.
  • the erase function has been described above to be performed in response to an activation of the erase activation means, implemented by means of for example one or more erase buttons.
  • the erase activation means may be a temperature sensor adapted to generate an erase signal to the controller when the temperature is detected to be either below or above a threshold value depending on the settings.
  • Other erase activation means is possible within the scope of the disclosure.
  • FIG. 4 is a flow diagram illustrating steps in a method for securely erasing data stored in a memory device 155 of a portable memory device 100; 100'; 100". At least one erase signal from the erase activation means 1 15a, 115b;l 15 is detected in step 200 when it has been activated for a predetermined time; and control commands or signals are generated in step 201 to erase the memory unit 155 of the portable memory device 100; 100'; 100" in response to the detected erase signal.
  • the method may further comprise a step of detecting whether either the internal supply voltage runs low or the memory device 100; 100' ; 100" has not been connected to a powered port for a predetermined time, and a step of generating control commands or signals to erase the memory unit (155).
  • the securely erasable memory device may be embodied as an electronic device with tamper protection, i.e involve prevention of access to the electronic circuitry of the device, or any internal signals generated by the electronic circuitry. Additionally or alternatively, tamper protection of the device may involve that attempts to access the electronic circuitry, information, or signals are detected.
  • the present invention may be embodied as a method in a device, device, or system with a computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, or an embodiment combining software and hardware aspects all generally referred to herein as a unit, component or device. Furthermore, the software of the present invention may take the form of a computer program product.
  • the computer program product may be stored on a computer-usable storage medium having computer-usable program code embodied in the medium.
  • the embodiments of the invention described with reference to the drawings comprise a computer apparatus and processes performed in the computer apparatus.
  • the program may be in the form of source code, object code a code suitable for use in the implementation of the method according to the invention.
  • the carrier can be any entity or device capable of carrying the program.
  • the carrier may be a record medium, computer memory, read-only memory or an electrical carrier signal.
  • Embodiments according to the invention may be carried out when the computer program product is loaded and run in a system having computer capabilities.
  • the memory device may report a unique ID to the operating system of a host computer, including its serial number, for use by a third party white listing service.
  • the secure erase may return the memory device to an unclassified state.
  • the memory device may automatically erase all data after a predetermined time period. Used memory devices, such as USB sticks and CDR media do not have to be destructed.
  • Embodiments of the present invention have been described herein with reference to flowchart and/or block diagrams. It will be understood that some or all of the illustrated blocks may be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions when executed create means for implementing the functions/acts specified in the flowchart otherwise described.
  • a computer program product may comprise computer program code portions for executing the method, as described in the description and the claims, for providing control data when the computer program code portions are run by an electronic device having computer capabilities.
  • a computer readable medium having stored thereon a computer program product may comprise computer program code portions for executing the method, as described in the description and the claims, for providing control data when the computer program code portions are run by an electronic device having computer capabilities.

Abstract

A portable securely erasable memory device (100; 100'; 100"), comprising a memory unit (155) for data storage, an internal voltage source (130) of the memory device (100), erase activation means (115a, 115b; 115) configured to erase the memory unit (155) in response to activation, and a controller (160) operatively connected to the memory unit (155), wherein the controller (160) is configured to: determine when the memory device (100,100') has been manually or automatically erased, and the controller (160) is powered by the internal supply voltage or by means of connection to a powered port; and as a response formatting the memory unit (155).

Description

PORTABLE SECURELY ERASABLE MEMORY DEVICE, METHOD AND
COMPUTER PROGRAM
Technical Field
The present invention relates generally to the field of, and more particularly, it relates to a portable securely erasable memory device, a method, and computer program for securely erasing data from a portable memory device.
Background
USB flash drives or memory sticks have a broad range of usage, for example to transport and store personal files such as documents, pictures and videos, application software, configuration information and system software etc.
With widespread use of USB memory sticks it follows that the risk of sensitive information stored on USB memory sticks falling into the wrong hands is increasing dramatically. When distributing data encryption keys, private keys or documents within a protected system the unnecessary risk of exposure may be considerable. Since USB flash drives are portable they can also easily be lost or stolen. Even if the memory content has been thoroughly over-written, there is a risk that some, or all, of the data can be recovered by an unauthorized user.
When an ordinary USB memory stick is used in an untrusted system there is a risk of contamination (malware). Data or software stored on an USB memory stick may have been infected by malware, i.e data viruses or worms etc, which may be transferred to computers or other devices when the infected USB memory stick is inserted into the computer or device. The risk still remains even if the USB memory has been erased or over-written, because infected files may be hidden.
Inserting an "unclean" USB memory stick or device in a protected system to transfer intended information implies the risk of exposing sensitive information to another user.
In case of an emergency, for example during travel with sensitive information, it might be necessary to have tools or other equipment to destroy the device in order to securely erase all data on the USB memory stick. When handing over an ordinary USB memory stick to another person that is sharing for instance an electronic presentation, possible sensitive file content can be copied to the other persons computer. Summary
It should be emphasized that the term "comprises/comprising" when used in this specification is taken to specify the presence of stated features, integers, steps, or components, but does not preclude the presence or addition of one or more other features, integers, steps, components, or groups thereof.
It is an object of the invention to obviate the above disadvantages and to provide a portable securely erasable memory device and a method of securely erasing information from a portable memory device.
According to a first aspect of the invention, this is achieved by a portable securely erasable memory device, comprising a memory unit for data storage, characterized by an internal voltage source of the memory device, and erase activation means configured to erase the memory unit in response to activation.
In some embodiments the erase activation means is adapted to disconnect the voltage supply to the memory unit in response to activation.
The portable securely erasable memory device may in some embodiments comprise a controller operatively connected to the memory unit, wherein the controller is configured to: detect at least one erase signal, generated in response to the erase activation means being activated for a predetermined time; and generate control commands to erase the memory unit in response to the detected erase signal.
In some embodiments, the external erase activation means may comprise a single erase button.
In some embodiments, the erase activation means may comprise a first erase button and a second erase button, and the controller configured to detect the at least one erase signal generated in response to that the first erase button and the second erase button have been simultaneously pressed for a predetermined time. In some embodiments, the portable securely erasable memory device may further comprise a time counting unit wherein the controller is configured to detect whether either the internal supply voltage runs low or the memory device has not been connected to a powered port for a predetermined time, and as a response generate control commands or signals to erase the memory unit.
In some embodiments the controller is configured to determine when the memory device has been manually or automatically erased, and the controller is powered by the internal supply voltage or by means of connection to a powered port; and as a response formatting the memory unit.
According to a second aspect of the invention, the object is achieved by a method of erasing data. The method is characterized by the steps of::
detecting at least one erase signal from erase activation means when it has been activated for a predetermined time; and
generating control commands to erase a memory unit of the portable memory device in response to the detected erase signal.
In some embodiments, the method further comprises the steps of:
detecting whether either the internal supply voltage runs low or the memory device has not been connected to a powered port for a predetermined time, and
generating control commands or signals to erase the memory unit.
According to a third aspect of the invention, the object is achieved by a computer program comprising program instructions for causing a computer to perform the method according to the second aspect , when said program is run on a computer.
An advantage of some embodiments of the invention is that information transfer can be performed in a protected and controlled manner. All data can be permanently erased within seconds. Due to the secure erase, the memory device can be re-used for different purposes, over and over again.
Brief Description of the Drawings
Further objects, features and advantages of the invention will appear from the following detailed description of embodiments of the invention, with reference being made to the accompanying drawings, in which: FIG. 1 illustrates a portable securely erasable memory device according to some embodiments of the invention;
FIG. 2 illustrates a block diagram of the portable securely erasable memory device in FIG. 1 according to some embodiments of the invention;
FIG. 3 illustrates a portable securely erasable memory device according to some alternative embodiments of the invention;
FIG. 4 illustrates a block diagram of the portable securely erasable memory device in FIG. 3 according to some embodiments of the invention;
FIG. 5 illustrates a portable securely erasable memory device according to some alternative embodiments of the invention;
FIG. 6 illustrates a block diagram of the portable securely erasable memory device in FIG. 5 according to some embodiments of the invention;
FIG. 7 is a flow diagram illustrating steps in a method for securely erasing data from the portable securely erasable memory device;
Detailed Description
Embodiments of the invention will be described with reference to FIGs 1 -7, which all illustrate schematically example arrangements according to some
embodiments of the invention. The same reference signs are used for corresponding features in different figures.
FIG 1 illustrates a portable securely erasable memory device 100 according to some embodiments. The portable securely erasable memory device may be, but is not limited to, a USB 2.0 memory stick with secure erase functionality. A casing 110 containing a printed circuit board having power circuitry, integrated circuits and memory, may have erase activation means, such as a first erase button 115a and a second erase button 115b in this embodiment. The erase activation means may be arranged on or through openings in the casing 110. One end of the device is fitted with a USB connector 120, which provides a physical interface for connection to, for example, a host computer.
Preferably, the portable securely erasable memory device 100 is intended for temporary storage and transfer of sensitive information. Due to a secure erase, the memory device 100 can be reused for different purposes, over and over again. The secure erase is performed by an internal, battery or other internal supply powered processor. Alternatively, the internal supply voltage may be provided by means of a capacitor. The first time the memory device is connected to a powered port, for example a computer, the internal file system of the memory device is formatted and the device is activated and can receive data. The memory device 100 remains active until a secure erase has been performed. Once erased, the memory device 100 must be connected to a powered port to be activated again.
A general block diagram of the portable securely memory device 100 is shown in FIG 2. The housing 110 may contain a printed circuit board 125 having power circuitry or voltage source or any other power supply, including but is not limited to, a battery 130, a charging circuit 135, a monitoring unit 140, a regulator 145, an RTC (real-time clock) 150, a memory unit 155, and a mass storage controller 160 arranged thereon.
The charging circuit 135 may be connected to the USB connector 120 to be charged by input voltage when the memory device 100 is connected to, for example, a powered host computer. The input voltage may be, but is not limited to, USB +5V. The charging circuit 135 is connected to the battery 130, which may be charged until it is fully loaded. Alternatively, a capacitance may be provided instead of the battery. At this stage the charging circuit 135 may continue with compensating charge. A temperature sensor within the battery may be provided to prevent overcharge. The charging regulator may provide, but is not limited to, an input voltage range of +2,5V-5,5V and an output voltage of +3.3V.
The memory unit 155 may be, but is not limited to, any volatile memory where every physical bit of information is possible to address. In this embodiment, at least one SDRAM unit of arbitrary size may be used by the connected controller 160.
The controller 160 may include, but is not limited to, internal Flash and SRAM memories, an SDRAM Controller for controlling the memory unit 155, an USB 2.0 Device Port. According to one embodiment the erase activation means is adapted to disconnect the voltage supply to the memory unit 155 in response to activation, wherein the memory unit may be erased.
The controller 160 is configured to control erase functions of the memory device 100 to perform a secure and complete erase of the memory content of the memory unit 155. All data, including any file table, is erased by over- writing
(zeroisation) when the erase function is activated. The erase activation means may be arranged on or through openings in the casing 110 of the memory device 100. The erase activation means, i.e the erase buttons 115a and 1 15b in this embodiment, is operatively connected to generate input signal to the controller 160 when activated. A manual secure erase of data from the memory unit 155 may be performed by activating the erase activation means, i.e simultaneously pressing both erase buttons 115a and 115b. The controller is configured to detect input signals forming at least one erase signal generated by means of the erase buttons 1 15a and 115b being pressed. Moreover, the controller 160 is configured to detect the at least one erase signal, generated in response to the erase activation means being activated for a predetermined time, and to generate one or more control commands to erase the memory unit 155 in response to the detected at least one erase signal.
In response to the first erase button 1 15a and the second erase button 1 15b have been pressed for a predetermined time, for example, but not limited to at least one, two or more seconds, the controller is configured to generate control signals or commands to erase the memory unit 155.
Additionally or in an alternative embodiment, the controller 160 is configured to perform an automatic secure erase by generating control signals or commands to erase the memory unit 155 if it is detected that any of the internal battery runs low or the memory device 100 is not connected to a powered USB port within a predetermined time, for example, but not limited to, 1, 6, 12, or 24 hours or any other arbitrarily determined time. The RTC 150 keeps track of the elapsed time. When the
predetermined time has elapsed the RTC 150 generates an interrupt signal to the controller 160. Hence, the controller 160 is configured to detect whether either the internal power supply runs low or the memory device 100 has not been connected to a powered port for a predetermined time, and as a response generate control commands to erase the memory unit 155.
When the memory device 100 that have been manually or automatically erased as described is inserted in a powered USB port, it will be activated and ready to receive data. Data transfer is performed using normal operating system procedures.
As soon as the memory device 100 has been manually or automatically erased and the controller is powered by the internal power supply or by means of connection to a powered port of a host computer, the controller is configured to format the memory unit 155. According to some embodiments the memory unit may be formatted with FAT 32 or any suitable file allocation table. According to another embodiment, the memory device may be formatted as a stand alone unit, i.e when it is not connected to a computer. In this case the format process has to be performed by means of the internal supply voltage of the memory device.
While data has been transferred to or from the memory device 100 the memory device lean be transported securely to the receiver and will remain active for the predetermined time, 24 hours (automatic erase time limit) in this embodiment, unless a manual erase is performed or the battery runs low. When all the data has been transferred from the memory device 100, a manual erase should always be performed to ensure that all information is securely and completely erased from the device.
FIG 3 illustrates a portable securely erasable memory device 100' according to some alternative embodiments. In addition to the features of the embodiments described in connection with FIGs 1 and 2 above, these embodiments may have, but is not limited to, four light indicators, for example LED indicators. A data indictor 170a may indicate if the memory device 100' may contain data. An erased indicator 170b may indicate if the memory device 100' has been securely erased. An USB indicator 170c may indicate that data is being transmitted on the USB interface. The indicators 170a, 170b and 170c may generate light with the same or different colour, such as red, green, blue or yellow etc. A battery status indicator 180 may indicate battery capacity and charge progress.
While data is being erased, the data indicator 170a flashes red. The secure erase is complete when the erased indicator 170b is temporarily lit. Additionally or in an alternative embodiment, the controller 160 is configured to perform an automatic secure erase by generating control signals or commands to erase the memory unit 155 if it is detected that any of the internal battery runs low or the memory device 100' is not connected to a powered USB port within a
predetermined time, for example, but not limited to, 1, 6, 12, or 24 hours or any other arbitrarily determined time. Data transfer is performed using normal operating system procedures.
When the memory device 100' that have been manually or automatically erased as described is inserted in a powered USB port, it will be activated and ready to receive data.
As soon as the memory device 100' has been manually or automatically erased and the controller is powered by the internal power supply or by means of connection to a powered port of a host computer, the controller is configured to format the memory unit 155. According to some embodiments the memory unit may be formatted with FAT 32 or any suitable file allocation table.
While data is being transferred to or from the memory device 100', the USB indicator 170c will be lit green, showing activity on the USB interface.
By pressing any of the first and second erase buttons 1 15a or 115b when the memory device 100' has been disconnected from the USB port, the presence of data may be indicated by the data indicator 170a being lit red. This indicates that the memory device 100' can be transported securely to the receiver and will remain active for the predetermined time, 24 hours (automatic erase time limit) in this embodiment, unless a manual erase is performed or the battery runs low.
Moreover, when either button 115a, 115b is pressed the erased indicator 170b is lit green or when all indicators are off, the memory device 100' has been securely erased. No previous data remains in memory and the memory device 100' may be reused.
This embodiment of the memory device 100' may contain, but is not limited to, a rechargeable lithium-ion battery. The battery will automatically be charged whenever the memory device 100 'is connected to a powered USB port. The battery status indicator 180 will be flashing yellow while charging and lit green when fully charged. The current battery status is indicated when either button 115a or 115b is pressed. The Battery status indicator 180 may be lit green when the battery is fully charged, yellow at medium battery level (< 24 hours left in this embodiment) and red at low battery level, the latter indicating that the battery needs charging as soon as possible to avoid automatic erase.
Alternative embodiments may have a single erase button 115 instead of two erase buttons as shown in FIGs 5 and 6. A manual secure erase of data from the memory unit of the portable securely erasable memory device may be performed by pressing the single erase button. In response to an erase signal received by the controller 160 generated when the single erase button is pressed for a predetermined time, for example, but not limited to at least one, two or more seconds, the controller generates control signals to erase the memory unit. In order to avoid unintentional activation of the erase function, the button may be arranged to be hard to press and/or arranged in a recess 165 in the casing 1 10 and/or under a cover or lid.
The controller 160 has been described above as capable of making various operations to provide the secure erase functionality. To make these operations, the controller 160 may comprise a processing device. The functions of the processing device may, e.g., be implemented using software, which may be run by a processor, such as a CPU. Alternatively, the processing device may be implemented by an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array).
The RTC 150 has been described above as capable supporting the controller 160 to keep track of the time elapsed since the memory unit was connected to a powered USB port, for example, but not limited to, 1 , 6, 12, or 24 hours or any other arbitrarily determined time. The disclosure is not intended to be limited by an RTC to keep track of the time elapsed. Alternatively, any suitable time counting unit, such as but not limited to a timer or counter etc. may be used to keep track of the time.
The erase function has been described above as an erasure or deletion by overwriting or zeroisation. The memory may be overwritten in one or more steps. According to some embodiments, the memory unit may be erased by either filling the memory unit with zero values (00000...), or one values (1 1 1 1 1...), or randomly with zero and one values (010101100001..), or a combination thereof.
The portable securely erasable memory device may be securely erased manually either as a stand alone unit or when it is connected to a device, for example a computer. The erase function has been described above to be performed in response to an activation of the erase activation means, implemented by means of for example one or more erase buttons. According to alternative embodiments, the erase activation means may be a temperature sensor adapted to generate an erase signal to the controller when the temperature is detected to be either below or above a threshold value depending on the settings. Other erase activation means is possible within the scope of the disclosure.
FIG. 4 is a flow diagram illustrating steps in a method for securely erasing data stored in a memory device 155 of a portable memory device 100; 100'; 100". At least one erase signal from the erase activation means 1 15a, 115b;l 15 is detected in step 200 when it has been activated for a predetermined time; and control commands or signals are generated in step 201 to erase the memory unit 155 of the portable memory device 100; 100'; 100" in response to the detected erase signal.
According to another embodiment the method may further comprise a step of detecting whether either the internal supply voltage runs low or the memory device 100; 100' ; 100" has not been connected to a powered port for a predetermined time, and a step of generating control commands or signals to erase the memory unit (155).
The securely erasable memory device may be embodied as an electronic device with tamper protection, i.e involve prevention of access to the electronic circuitry of the device, or any internal signals generated by the electronic circuitry. Additionally or alternatively, tamper protection of the device may involve that attempts to access the electronic circuitry, information, or signals are detected.
The invention has been described herein with reference to various
embodiments. However, a person skilled in the art would recognize numerous variations to the described embodiments that would still fall within the scope of the invention. For example, it should be noted that in the description of embodiments of the invention, the partition of functional blocks into particular units is by no means limiting to the invention. Contrarily, these partitions are merely examples. Functional blocks described herein as one unit may be split into two or more units. In the same manner, functional blocks that are described herein as being implemented as two or more units may be implemented as a single unit without departing from the scope of the invention. Hence, it should be understood that the limitations of the described
embodiments are merely for illustrative purpose and by no means limiting. Instead, the scope of the invention is defined by the appended claims rather than by the description, and all variations that fall within the range of the claims are intended to be embraced therein.
The present invention may be embodied as a method in a device, device, or system with a computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, or an embodiment combining software and hardware aspects all generally referred to herein as a unit, component or device. Furthermore, the software of the present invention may take the form of a computer program product. The computer program product may be stored on a computer-usable storage medium having computer-usable program code embodied in the medium. The embodiments of the invention described with reference to the drawings comprise a computer apparatus and processes performed in the computer apparatus. The program may be in the form of source code, object code a code suitable for use in the implementation of the method according to the invention. The carrier can be any entity or device capable of carrying the program. For example the carrier may be a record medium, computer memory, read-only memory or an electrical carrier signal.
Embodiments according to the invention may be carried out when the computer program product is loaded and run in a system having computer capabilities.
Although, the invention has been described with reference to embodiments of USB memory devices, other embodiments of the securely erasable memory device may be configured for operating on any suitable portable memory device including, but not limited to, portable electronic memory devices, portable optical storage devices, or magnetic storage devices.
Moreover, the memory device may report a unique ID to the operating system of a host computer, including its serial number, for use by a third party white listing service.
The secure erase may return the memory device to an unclassified state.
Anyone within a trusted environment may re-use the memory device once a secure erase has been performed.
If the memory device is left behind or lost, it may automatically erase all data after a predetermined time period. Used memory devices, such as USB sticks and CDR media do not have to be destructed.
Embodiments of the present invention have been described herein with reference to flowchart and/or block diagrams. It will be understood that some or all of the illustrated blocks may be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions when executed create means for implementing the functions/acts specified in the flowchart otherwise described.
It is to be understood that the functions/acts noted in the flowchart may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Although some of the diagrams include arrows on communication paths to show a primary direction of communication, it is to be understood that communication may occur in the opposite direction to the depicted arrows.
A computer program product may comprise computer program code portions for executing the method, as described in the description and the claims, for providing control data when the computer program code portions are run by an electronic device having computer capabilities.
A computer readable medium having stored thereon a computer program product may comprise computer program code portions for executing the method, as described in the description and the claims, for providing control data when the computer program code portions are run by an electronic device having computer capabilities.
The many features and advantages of the invention are apparent from the detailed specification, and thus, it is intended by the appended claims to cover all such features and advantages of the invention, which fall within the scope of the invention. However, although embodiments of the method and apparatus of the invention has been illustrated in the accompanying drawings and described in the foregoing detailed description, the disclosure is illustrative only and changes, modifications and substitutions may be made without departing from the scope of the invention as set forth and defined by the following claims.

Claims

1. A portable securely erasable memory device (100; 100' ; 100"), comprising a memory unit (155) for data storage, characterized by an internal voltage source (130) of the memory device (100), and erase activation means (115a, 115b; 115) configured to erase the memory unit (155) in response to activation; and
a controller (160) operatively connected to the memory unit (155) and the erase activation means (115a, 115b; 115), wherein the controller (160) is configured to:
determine when the memory device (100, 100') has been manually or automatically erased, and the controller (160) is powered by the internal supply voltage or by means of connection to a powered port; and as a response formatting the memory unit (155).
2. The portable securely erasable memory device (100; 100' ; 100") of claim
1 , wherein the erase activation means (115a, 115b; 115) is adapted to disconnect the voltage supply to the memory unit (155) in response to activation.
3. The portable securely erasable memory device ( 100; 100 '; 100") of claim 1 or 2, , wherein the controller (160) is configured to: detect at least one erase signal, generated in response to the erase activation means (115a, 115b; 115) being activated for a predetermined time; and generate control commands to erase the memory unit (155) in response to the detected erase signal.
4. The portable securely erasable memory device (100") of any of the claims 1 to 3, wherein the external erase activation means comprises a single erase button (115).
5. The portable securely erasable memory device (100;100') of any of the claims 1-3, wherein the erase activation means comprises a first erase button (115a) and a second erase button (115b), and the controller (160) is configured to detect the at least one erase signal generated in response to that the first erase button (115a) and the second erase button (115b) have been simultaneously pressed for a predetermined time.
6. The portable securely erasable memory device ( 100; 100' ; 100") of any of the claims 1 -5, comprising a time counting unit (150) wherein the controller (160) is configured to detect whether either the internal supply voltage runs low or the memory device (100, 100') has not been connected to a powered port for a predetermined time, and as a response generate control commands or signals to erase the memory unit (155).
7. A method of securely erasing data stored in a memory unit (155) of a portable memory device (100; 100'; 100"), characterized by the steps of:
detecting at least one erase signal from erase activation means (115a,
115b; 115) when it has been activated for a predetermined time;
generating control commands to erase a memory unit (155) of the portable memory device (100; 100' ; 100") in response to the detected erase signal; and
determine when the memory device (100,100') has been manually or automatically erased, and the controller (160) is powered by the internal supply voltage or by means of connection to a powered port; and as a response formatting the memory unit (155).
8. A method of claim 7, further comprising the steps of:
detecting whether either the internal supply voltage runs low or the memory device (100; 100'; 100") has not been connected to a powered port for a predetermined time; and
generating control commands or signals to erase the memory unit (155).
9. A computer program comprising program instructions for causing a computer to perform the method of any of the claims 7-8, when said program is run on a computer.
10. A computer program product comprising a computer readable medium, having thereon: computer program code means, when said program is loaded, to make a an electronic device having computer capabilities execute the method of any of the claims 7-8.
PCT/SE2011/051247 2010-10-18 2011-10-18 Portable securely erasable memory device, method and computer program WO2012053967A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
SE1001027-0 2010-10-18
SE1001027A SE1001027A1 (en) 2010-10-18 2010-10-18 Portable secure erasable memory device, method and computer program
US41869810P 2010-12-01 2010-12-01
US61/418,698 2010-12-01

Publications (1)

Publication Number Publication Date
WO2012053967A1 true WO2012053967A1 (en) 2012-04-26

Family

ID=44993157

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2011/051247 WO2012053967A1 (en) 2010-10-18 2011-10-18 Portable securely erasable memory device, method and computer program

Country Status (2)

Country Link
SE (1) SE1001027A1 (en)
WO (1) WO2012053967A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4420819A (en) * 1981-03-13 1983-12-13 Data Card Corporation System for processing and storing transaction data and for transmitting the transaction data to a remote host computer
US20060101190A1 (en) * 2004-10-21 2006-05-11 Mclean James G Apparatus, system, and method for deliberately preventing unauthorized access to data stored in a non-volatile memory device
US20060236409A1 (en) * 2005-02-18 2006-10-19 Microsoft Corporation Volatile portable memory
US20090106845A1 (en) * 2007-10-17 2009-04-23 Chi Mei Communication Systems, Inc. Systems and methods for securing data in an electronic apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4420819A (en) * 1981-03-13 1983-12-13 Data Card Corporation System for processing and storing transaction data and for transmitting the transaction data to a remote host computer
US20060101190A1 (en) * 2004-10-21 2006-05-11 Mclean James G Apparatus, system, and method for deliberately preventing unauthorized access to data stored in a non-volatile memory device
US20060236409A1 (en) * 2005-02-18 2006-10-19 Microsoft Corporation Volatile portable memory
US20090106845A1 (en) * 2007-10-17 2009-04-23 Chi Mei Communication Systems, Inc. Systems and methods for securing data in an electronic apparatus

Also Published As

Publication number Publication date
SE1001027A1 (en) 2012-04-19

Similar Documents

Publication Publication Date Title
US8495385B2 (en) Adapter for portable storage medium and method of disabling data access
CN105308609B (en) The system and method for storing event data
RU2506638C2 (en) System and method for hardware detection and cleaning of unknown malware installed on personal computer
US20170140148A1 (en) Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation
TW519651B (en) Embedded security device within a nonvolatile memory device
WO2011037665A2 (en) Methods and apparatuses for user-verifiable trusted path in the presence of malware
US8812908B2 (en) Fast, non-write-cycle-limited persistent memory for secure containers
CN101833496B (en) Detection device based on host anti-object reusability of hard disk and detection method thereof
CN104361280B (en) A kind of method realizing carrying out authentic authentication to USB storage device by SMI interrupt
CN108304222A (en) Apparatus management/control system and method
CN201812500U (en) Removable storage device
WO2012053967A1 (en) Portable securely erasable memory device, method and computer program
CN106326782A (en) Information processing method and electronic device
JP2015079525A (en) Adapter for portable storage medium and method for disabling data access
US11182492B2 (en) Secure portable data apparatus
TW200928863A (en) Keyboard with detachable rechargeable mouse
CN110874495B (en) Solid state disk based on automatic locking write protection function and tamper-proof method
CN110362983B (en) Method and device for ensuring consistency of dual-domain system and electronic equipment
JP2008140127A (en) Secondary storage device, and method for managing valid period of storage information
CN107085900A (en) Data processing method, device, system and POS terminal
JP2011034577A (en) Portable storage device
US7570533B1 (en) Completely transportable erasable memory apparatus and method
KR20210021283A (en) Prevent tampering through computer
JP5662600B2 (en) Portable storage medium adapter and data access disabling method
CN212112471U (en) Optical disc read-write equipment and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11784531

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11784531

Country of ref document: EP

Kind code of ref document: A1