WO2014142659A1 - Data storage device and computer system comprising such data storage device - Google Patents

Data storage device and computer system comprising such data storage device Download PDF

Info

Publication number
WO2014142659A1
WO2014142659A1 PCT/NL2014/050147 NL2014050147W WO2014142659A1 WO 2014142659 A1 WO2014142659 A1 WO 2014142659A1 NL 2014050147 W NL2014050147 W NL 2014050147W WO 2014142659 A1 WO2014142659 A1 WO 2014142659A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
data storage
time sequence
memory
interface circuit
Prior art date
Application number
PCT/NL2014/050147
Other languages
French (fr)
Inventor
Wibren Willem DRAAIJER
Original Assignee
Uksi B.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Uksi B.V. filed Critical Uksi B.V.
Publication of WO2014142659A1 publication Critical patent/WO2014142659A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Definitions

  • the invention relates to a data storage device, a computer system comprising such data storage device, a method of securely booting a computer device and a method of remote access
  • adverse software such as computer viruses (e.g. a virus, malware, troyans, spyware, key logger, or any other unintended software etc.) are considered a mayor threat for computer safety.
  • a virus malware
  • a virus may result in an execution of software by the computer to be damaged, impeded, or even worse, in a leakage of sensitive data, such as passwords, or other personal data that may be used by another person, e.g. for getting access to an online bank account, performing or changing online money transfer orders, obtaining personal data such as passport data, credit card data, etc.
  • Antivirus software commonly operates using a signature list, i.e. scans data traffic, files, etc., for the occurrence of data that matches a signature from the list, and if such match is found, to perform a corrective action, such as blocking the data from execution by the computer, deleting the data, etc.
  • a signature list i.e. scans data traffic, files, etc.
  • viruses may have effect on many computers not being detected by antivirus software.
  • certain classes of viruses may keep themselves hidden and inactive when detecting that a scan is performed by an antivirus program, thus reducing the probability that the virus in question is detected by the antivirus software.
  • the invention intends to provide an improved detection of viruses and/or other additional (unauthorised) data.
  • a data storage device comprising:
  • a data storage memory for storing data
  • a data interface circuit connected to the data storage memory and arranged for providing a data connection between the data storage memory and a computer device, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit, and
  • an access controller having a monitoring signal input which is connected to the monitoring signal output of the data interface circuit, the access controller comprising an access controller memory for storing a reference time sequence, the access controller being arranged for:
  • data storage memory is loaded with program instructions forming a bootable software application.
  • the data storage device is connected to an external device, such as a computer device.
  • the computer is then switched on, reset, rebooted or restarted, causing the computer to perform a booting operation from the data storage device. Any other means to perform a restart may be applied.
  • Other starting conditions may be used as a starting point as well.
  • software running on the computer device may create a shielded virtual computer environment in which the boot of the virtual computer is initiated from the data storage device.
  • the computer device (also briefly referred to in this document as "computer") may be programmed to initiate a boot sequence from a specified memory or successively specified memories.
  • the computer upon performing the boot sequence, the computer will start execution of software program instructions as stored on the data storage device, or other wise access the data stored on the data storage device.
  • a monitoring signal that signals a presence of data communication via the data interface circuit, is provided and a time sequence of the monitoring signal is compared to a reference time sequence.
  • Any deviation of the sequence of access to the data storage device, as compared to the stored reference sequence of access to the data storage device, is detected.
  • a change in the data e.g. software program instructions stored in and executed from the data storage device
  • may indicate a presence of (unauthorized) additional data such as a virus as executed from the external device or in the data as stored in the data storage device.
  • the detection of a deviation may be exact, however the detection of a deviation may also make use of a tolerance window, in particular a tolerance window in time.
  • the tolerance in time may be set as a fixed time window or as a predetermined fraction (e.g.
  • a sensitivity may be adapted so as to meet a rate of change of the sequence.
  • the term computer device or computer may refer to any data processing device such as a personal computer, a laptop computer, a tablet computer, a smartphone, etc.
  • the data storage memory of the data storage device may comprise any suitable type of memory, for example a read only memory or a programmable memory which is set into a read only status after having been loaded with a suitable software program. When the data storage device is in a read only state, a virus or other (unauthorized) data may be impeded from entering the data as stored in the data storage memory of the data storage device.
  • the data interface circuit may comprise any data interface circuit such as a serial data bus, a parallel data bus, a wireless interface such as a Bluetooth interface or other wireless personal area network interface, etc.
  • the interface circuit may be an external interface of the computer or an internal interface, such as an internal data bus.
  • the data storage device may hence form a separate device or be built into the computer.
  • the access controller may be provided in a form of a microcontroller or microprocessor, such as a standalone microcontroller or microprocessor. In order to prevent any virus or additional (unauthorized) data from getting access to the access controller, and thus attempt to get an influence on the comparison with the reference time sequence or the reference time sequence itself, the access controller may be kept unconnected from the data interface circuit and data storage memory, except for the monitoring signal.
  • the monitoring signal may not provide a direct data connection between the data interface circuit and the access controller, in the sense that no data exchange between access controller and data interface circuit is possible thereby (only the transmission of information that informs the access controller about a presence of access to the data storage memory of the data storage device), access of viruses to the access controller may be prevented.
  • a signaling may be provided in that the access controller activates an optical or acoustical indicator of the data storage device so as to correspondingly provide an optical or acoustical indication (e.g. blinking of an LED) by the data storage device.
  • the monitoring signal output of the data interface circuit is at least one of a data read signal and a data write signal.
  • the monitoring may hence be performed on data reading actions, data writing actions or both, so as to provide an accurate monitoring.
  • the reference time sequence may comprise a reference read sequence, a reference write sequence, a combined read/write reference sequence, or both a reference read sequence and a reference write sequence.
  • the bootable software application will be read from the data storage device, causing a read sequence monitoring to suffice in order to determine if the (read) time sequence corresponds to the reference time sequence. Additional monitoring may be provided by monitoring the write actions (to e.g. monitor when temporary data, settings or possibly malicious data is stored).
  • the data interface circuit comprises a data interface circuit controller for controlling the data communication via the data interface circuit, the data interface circuit controller comprising a data communication monitoring output, the data interface circuit controller being arranged for signaling at the data communication monitoring output a presence of the data communication via the data interface circuit, the data connection between the data interface circuit and the access controller being formed by the data communication monitoring output being connected to the data monitoring input of the access controller.
  • the data interface circuit controller may for example be a data bus controller, such as a serial data bus controller (in case the interface circuit is formed by a serial data bus), a parallel data bus controller (in case the interface circuit is formed by a parallel data bus), etc.
  • Such data interface circuit controller may provide a signal that may be applied as the monitoring signal, namely a signal indicating the presence of a read action, a signal indicating a presence of a write action, or both, such signals commonly be applied for driving a corresponding LED or other indicator, such as an other optical indicator, that reliably and conveniently signals the such read or write actions from or to the data storage device taking place.
  • the access controller is further arranged for:
  • the reference time sequence may be learned, e.g. from performing a detection of a sequence once, performing the detection plural times and averaging the detected sequences, etc.
  • the reference time sequence may be stored in the access controller memory.
  • the access controller memory is preferably implemented as a memory separate from the memory device this reducing a risk of manipulation of the reference time sequence by a virus or other malware.
  • the access controller memory may be implemented as a part of the memory device of the data storage device which is preferably isolated from the data interface circuit.
  • the access controller may further be arranged for:
  • the access controller may further be arranged for setting the access status of the access controller memory to read only in response to receipt of a user input command.
  • the user may for example allow the memory device to learn a reference time sequence once or a plurality of times, and then end the learning by a user input command, such as the user pressing a button on the data storage device or the user entering a code (such as an activation code) at the computer device.
  • the access controller may thereto be arranged to compare the entered access code with a stored access code or an access code received via the internet, and set the data storage device from the learning mode into normal operation.
  • the data storage memory is a read only memory which may prevent any virus or other malware from performing a change to the data as stored in the data storage device.
  • monitoring a read sequence may be effective.
  • the data storage memory is loaded with program instructions forming a bootable software application, thus allowing the computer to boot from the data storage device, hence largely preventing any possible virus or other malware, as present on other storage devices of the computer, to be loaded, as the computer boots from the data storage device.
  • the bootable software application may comprise a bootable operating system and an application program (e.g. a program that enables remote access, such as a browser ) to be executed under the operating system.
  • the data storage device further comprises a second data storage memory connected to the data interface circuit, the second data storage memory or the data interface circuit having an enable input for setting the second data storage memory in an enabled or disabled state, the access controller comprising an enable output connected to the enable input and being arranged for setting the second data storage memory from the disabled to the enabled state when the access controller has established that the detected time sequence equals the reference time sequence.
  • the second data storage memory of the data storage device may be enabled when the access controller has determined from the comparison between the reference time sequence and the monitored time sequence, that a normal operation, free of computer viruses, seems to be established.
  • User data may be stored in the second data storage memory, and the second data storage memory in which such user data may be stored, may be kept disabled in order to protect access to the user data, until the access controller has established a defined, likely virus free environment.
  • the second data storage memory may comprise a non volatile memory, a volatile memory or both.
  • the non-volatile memory (such as a flash memory) may be used to retain data such as user data, e.g. settings that may be required to allow software stored on the data storage memory to operate.
  • the volatile memory may be applied for storing temporary data such as cookies, downloaded documents, etc. from a session by the user.
  • the volatile memory may be provided with a temporary back-up power supply arranged for maintaining a supply voltage to the volatile memory for a predetermined time, in order to retain data stored in the volatile memory for a predetermined time, and erased thereafter: when the computer device is in normal operating mode, i.e. the (e.g. bootable) software application running from the data storage device has been terminated, a user may read the temporary data from the volatile memory before being erased, so as to obtain a copy of a downloaded document, etc. The erasing provides that any possible malicious data is removed.
  • the bootable software application may comprise program instructions for reading from the second data storage memory operating settings for the bootable software application.
  • the access controller would not enable access to the data stored in the second data storage memory (as e.g. the detected time sequence does not correspond to the reference time sequence)
  • the second data storage memory is not read enabled, causing the bootable software application to stop, as settings required for its operation (e.g. access network settings, remote logging in settings etc., are not available.
  • settings required for its operation e.g. access network settings, remote logging in settings etc.
  • the first and second memories may be conveniently controlled: any data traffic, including read and write actions via the data interface circuit to the data storage memory and/or the second data storage memory may be monitored by the data interface circuit controller, while read and/or write enabling of the (non-volatile and/or volatile) second data storage memory may be effectively controlled by corresponding enable/disable signals as provided by the data interface circuit controller.
  • the enable output may comprise a read enable output and a write enable output, the access controller being arranged to enable a writing in the second data storage memory before enabling a reading from the second data storage memory.
  • the writing before reading may enable the bootable software application running from the data storage memory to delete (overwrite) any virus on the second data storage memory (in particular non volatile memory), before allowing the memory to be read, i.e. before such virus could be activated.
  • the write enable and/or read enable signals as provided by the access controller may be provided directly to the second data storage memory.
  • the write enable and/or read enable signals as provided by the access controller may be provided to the data interface controller which may in turn control the read and/or write access status of the second data storage memory. Thereby, use may be made of memory access control already available in an existing data interface controller circuit.
  • the access controller may be arranged to signal a writing of data into the non volatile second data storage memory, e.g. by activation of an optical or acoustical indicator of the data storage device so that no software (that could be tampered by a virus) is involved in such signaling.
  • the bootable software application may be arranged to prompt the user if the data stored in the non volatile second data storage memory is to be deleted, and to overwrite data stored in the non volatile second data storage memory if instructed.
  • the user when being indicated that data is stored in the non volatile second data storage memory, reboot again and instruct to delete the data is stored in the non volatile second data storage memory so as to avoid any malicious data from being activated.
  • a rebooting may be initiated and the data overwritten.
  • the data interface circuit comprises a Universal Serial Bus interface circuit, i.e. an interface circuit in accordance with the USB interface standard, so as to allow easy and convenient connectivity to a wide range of computer devices.
  • a computer device comprising a data storage device according to the invention, the data storage memory of the data storage device being loaded with a bootable software application, the computer device being bootable (i.e. start operation and loading an operating system ) from the data storage memory.
  • a method of securely booting of a computer device comprising: - executing a bootable software application from a data storage device , the data storage device being connected to the computer device by a data interface circuit, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit ,
  • the method may further comprise
  • An access status of the access controller memory may be set to read only.
  • a method of remote access by a computer device to a server comprising:
  • the bootable software application comprises a remote access software application
  • the data storage device may be applied for providing secure remote access from the computer device to a server.
  • the computer device may thereto boot from software stored in the data storage memory of the data storage device.
  • a sequence of the start of the software e.g. the booting in case of bootable software
  • an occurrence of a virus may be detected and a warning to the user generated.
  • a remote access application contained in the software as stored on the data storage memory may be started, and remote access (such as remote banking) may be provided.
  • Settings required for operation of the remote access application may be stored in the second memory.
  • Any virus contained in other (mass) storage devices of the computer device may be prevented from operation, as - directly when switching on or resetting the computer device - the bootable program from the data storage device will start running, thereby preventing any virus infected other software of the computer device from turning into operation.
  • BIOS Basic Input Output System
  • Figure 1 A depicts a block schematic view of a data storage device according to an embodiment of the invention
  • Figure 1 B depicts a block schematic view of an alternative configuration of a data storage device according to an embodiment of the invention
  • Figure 1C depicts a block schematic view of another alternative configuration of a data storage device according to an embodiment of the invention.
  • FIG. 2A - 2D depict timing diagrams of various operating situations of the data storage device in accordance with Figure 1A and 1 B.
  • Figure 1A depicts a data storage device comprising data storage memory DSM, such as a read only memory in which data is stored, such as in this example a bootable software program.
  • the data may be mask programmed into the memory or programmed into the memory by any other suitable programming means (fuse programmable, etc.), after which the data storage memory is set into a read only state.
  • the data storage device comprises a data interface circuit DIC for communication with an external device such as in this example a computer.
  • the data interface circuit may for example comprise an interfacing circuit (such as an interface bus driver circuit and interface bus connector) and an interface controller to control data communication via the interface.
  • the data interface circuit may for example be formed by an USB (universal serial bus) interface circuit.
  • the data storage device may further comprise an access controller AC and an associated access controller memory ACM.
  • the data interface circuit comprises a monitoring signal output MSO at which a monitoring signal is provided.
  • the monitoring signal signals a presence of data communication via the data interface circuit.
  • the monitoring signal output is connected to a monitoring signal input MSI of the access controller.
  • a reference time sequence is stored in the access controller memory.
  • the access controller is arranged to detect a time sequence of the monitoring signal, e.g. by logging the monitoring signal over a certain time period, and comparing the time sequence of the monitoring signal to the reference time sequence. In case the time sequence corresponds to the reference time sequence, it may be established that no abnormalities have been detected, resulting in a safe operation.
  • a virus may be involved resulting in a change of the sequence of operation, and a warning signal may be generated by the access controller and displayed to the user, for example in that the access controller activates an optical warning indicator such as a status LED of the data storage device.
  • the software application as stored in the data storage memory may be a bootable software application and a remote access program and/or other software applications.
  • the data storage device is connected via the data interface circuit to an interface circuit of the computer, when the computer is off or on or standby. The computer is then switched on or reset, causing it to perform a boot sequence from the data storage device.
  • the computer is to be set in advance to check for the presence of bootable software on a device connected to its interface circuit (e.g. an USB bus), and upon detection of the bootable software on the data storage device, the computer will boot therefrom.
  • the monitoring may be completed when the booting has been completed, and when the time sequence appears to correspond to the reference time sequence, the remote access software (e.g. an internet banking application, secure logging in session, user identification, etc.) may start.
  • the user may allow the data storage device to initially monitor the sequence (e.g. boot sequence) once or a predetermined number of times (e.g. by averaging), and derive a reference time sequence therefrom, which the access controller then stores in the access controller memory.
  • the reference time sequence may then be "locked” by the access controller setting a status of the access controller memory to read only.
  • the access controller may be almost "isolated" from the remainder of the data storage device and the computer device, causing a risk of virus contamination of the access controller and the time sequence determination, to be low.
  • the interface circuit may be formed by an USB interface circuit and comprise an USB interface controller.
  • a read indictor/write indicator line of the USB control may form the monitoring signal output.
  • Figure 1 A further depicts a second data storage memory SDM.
  • the Second data storage memory is likewise to the data storage memory DSM connected to the data interface circuit, so as to allow the computer device to which the data storage device is connected, to have access to the second data storage memory.
  • An access to the second data storage memory is controlled by the access controller.
  • access controller When the access controller has established that - upon booting or other defined process - the monitored time sequence corresponds to the reference time sequence (so that a safe operation may be assumed), access to the second data storage memory may be enabled by means of the access controller setting to the second data storage memory a read enable state, write enable state or both.
  • a non-volatile second data storage memory NV-SDM such as a flash memory
  • a volatile second data storage memory V- SDM such as a random access chip memory.
  • the non-volatile memory may be applied for storage of settings, such as communication settings of the remote access software application stored on the data storage memory, etc.
  • the volatile memory may be applied for storing data gathered in e.g. a last session, such as cookies, temporary files, downloaded documents (e.g. an account overview in the case of internet banking) etc.
  • the volatile memory may be provided with a temporary data retention backup, such as a data retention capacitor or a battery.
  • the data storage device may be provided with a timer (e.g. implemented by the access controller) that removes the data retention voltage from the volatile memory after a predetermined time period has lapsed (e.g. as of switching off).
  • a timer e.g. implemented by the access controller
  • FIG. 1 B and 1C are identical to that of figure 1 A, except that in the configuration as depicted in Figure 1 B, the read and write enable signals R/W NV-DSM/VDSM as provided by the access controller AC are provided to the data interface circuit controller DIC, which in turn controls read and write access to the data storage memory and the second data storage memory.
  • a write enable signal is provided from the access controller AC to the data interface circuit controller DIC, which allows to program the data storage memory with e.g. a bootable software application and set the data storage memory to read only thereafter.
  • Figure 2A-2C each depict a time diagram in which time is set out on the horizontal axis and data activities of first and second memories are depicted.
  • Each of Figure 2A - 2C depicts from top to bottom a time line of reading R and writing W of the data storage memory DSM, a non volatile part of the second data storage memory NV-SDM, and a volatile part V- SDM thereof. Where reading R or writing W is enabled, this is represented by a shading.
  • two phases are identified, a boot stage BST wherein the bootable software application runs, and wherein the access controller performs the monitoring, and a following application stage APS wherein the application software stored on the data storage memory may be executed.
  • the data storage device is read only (as the boot program is read from it) and a boot sequence (comprising e.g. one interrupted reading or a plurality of read cycles having a same or different length) are executed.
  • a boot sequence comprising e.g. one interrupted reading or a plurality of read cycles having a same or different length
  • the application program is started from the data storage device, while access (Read and Write) to the volatile second data storage device is enabled, while write access to the non-volatile second data storage device is enabled, allowing if needed to overwrite any malicious data on the non-volatile second data storage device, before reading from the non-volatile second data storage device is enabled (i.e. before such malicious software could be loaded by the computer devices).
  • the reading from the non-volatile second data storage device is enabled for a predetermined time to allow reading of settings, e.g. by the application program.
  • a write action WA is performed onto the non- volatile second data storage memory.
  • the non-volatile second data storage memory is write disabled by the access controller, and a notification is made to the user. A reboot may be performed afterwards.
  • FIG 2C a situation in which a deviation in comparison the time sequence of the monitoring to the reference time sequence is detected, is depicted .
  • the access controller does not enable the application program to start a (optical or acoustical) warning is provided to the user as described above.
  • the application program is inhibited from operating as an access to operating settings as stored in the NV-DSM, which settings are required for the application program to run, cannot be provided as reading from the NV-DSM is not enabled.
  • Figure 2D depicts the situation wherein the computer device is in normal operating mode NOM, .i.e. the computer device has not performed a boot sequence from the data storage device.
  • the volatile second data storage memory V-DSM is set in read enabled state RTD for a predetermined time allowing a user (when back to the regular computing environment of the computer) to read the data (which has been written in a recent run of the bootable software application) from the volatile second data storage memory.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

A data storage device comprises: a data storage memory for storing data, a data interface circuit connected to the data storage memory and arranged for providing a data connection between the data storage memory and a computer device, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit, and an access controller having a monitoring signal input which is connected to the monitoring signal output of the data interface circuit, the access controller comprising an access controller memory for storing a reference time sequence. The access controller is arranged for: -detecting a time sequence of the monitoring signal provided at the monitoring signal input, -comparing the detected time sequence with the reference time sequence as stored in the access controller memory, and -providing a signal at a signaling output of the access controller to signal if the detected time sequence deviates from the reference time sequence wherein the data storage memory is loaded with program instructions forming a bootable software application.

Description

Title: Data storage device and computer system comprising such data storage device The invention relates to a data storage device, a computer system comprising such data storage device, a method of securely booting a computer device and a method of remote access
In present day computer systems, adverse software such as computer viruses (e.g. a virus, malware, troyans, spyware, key logger, or any other unintended software etc.) are considered a mayor threat for computer safety. A virus (malware) may result in an execution of software by the computer to be damaged, impeded, or even worse, in a leakage of sensitive data, such as passwords, or other personal data that may be used by another person, e.g. for getting access to an online bank account, performing or changing online money transfer orders, obtaining personal data such as passport data, credit card data, etc.
In present computer systems, it is therefore recommended to make use of virus protection by means of antivirus software. Antivirus software commonly operates using a signature list, i.e. scans data traffic, files, etc., for the occurrence of data that matches a signature from the list, and if such match is found, to perform a corrective action, such as blocking the data from execution by the computer, deleting the data, etc.
Other types of antivirus software compare a behaviour of the computer system and its data streams, with previously detected (e.g. learned) behaviour, and generate a warning when certain deviations in respect of previous behaviour is detected.
Given the fact that current computer software (Microsoft, Apple, Android or other platforms) rapidly evolve, large numbers of computers being connected to the internet, newly developed viruses may have effect on many computers not being detected by antivirus software. Furthermore, certain classes of viruses may keep themselves hidden and inactive when detecting that a scan is performed by an antivirus program, thus reducing the probability that the virus in question is detected by the antivirus software.
The invention intends to provide an improved detection of viruses and/or other additional (unauthorised) data.
In order to achieve this goal, according to an aspect of the invention there is provided a data storage device comprising:
a data storage memory for storing data,
a data interface circuit connected to the data storage memory and arranged for providing a data connection between the data storage memory and a computer device, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit, and
an access controller having a monitoring signal input which is connected to the monitoring signal output of the data interface circuit, the access controller comprising an access controller memory for storing a reference time sequence, the access controller being arranged for:
detecting a time sequence of the monitoring signal provided at the monitoring signal input,
comparing the detected time sequence with the reference time sequence as stored in the access controller memory, and
providing a signal at a signaling output of the access controller to signal if the detected time sequence deviates from the reference time sequence
wherein the data storage memory is loaded with program instructions forming a bootable software application.
In operation, the data storage device is connected to an external device, such as a computer device. The computer is then switched on, reset, rebooted or restarted, causing the computer to perform a booting operation from the data storage device. Any other means to perform a restart may be applied. Other starting conditions may be used as a starting point as well. For example, software running on the computer device may create a shielded virtual computer environment in which the boot of the virtual computer is initiated from the data storage device. The computer device (also briefly referred to in this document as "computer") may be programmed to initiate a boot sequence from a specified memory or successively specified memories. Having set the computer so as to perform the boot sequence from the memory device (or from an interface connection to which the memory device is connected), upon performing the boot sequence, the computer will start execution of software program instructions as stored on the data storage device, or other wise access the data stored on the data storage device. A communication via the data interface circuit of the data storage device, via which the data storage device is accessible for the computer, is monitored. A monitoring signal, that signals a presence of data communication via the data interface circuit, is provided and a time sequence of the monitoring signal is compared to a reference time sequence. As the computer hardware will generally be unchanged in respect of a previous performing of the same process, and assuming that the data that is accessed from the memory device remains the same, a time sequence of the process that is performed will remain the same. Any deviation of the sequence of access to the data storage device, as compared to the stored reference sequence of access to the data storage device, is detected. In case of a difference between the detected sequence of access to the data storage device and the reference sequence of access to the memory device, a change in the data (e.g. software program instructions stored in and executed from the data storage device) may have occurred, which may indicate a presence of (unauthorized) additional data such as a virus as executed from the external device or in the data as stored in the data storage device. The detection of a deviation may be exact, however the detection of a deviation may also make use of a tolerance window, in particular a tolerance window in time. The tolerance in time may be set as a fixed time window or as a predetermined fraction (e.g. 5%) of a shortest time between consecutive changes in the reference time sequence or as a predetermined fraction (e.g. 5%) of a shortest time between consecutive changes in the measured time sequence. For example, the time between any two consecutive state-changes in the time-sequence of the detected signal may deviate from the time between the two associated state changes in the reference time-sequence, no more than the predetermined fraction (e.g. 5%) of the shortest time-sequence between two consecutive state-changes to be measured. Thus, tolerances in temperature, power supply voltage, etc. may be taken into account thereby avoiding false alarms due to environmental changes such as power supply voltage change, temperature change, etc. By setting the tolerance window in line with the shortest time between consecutive changes, a sensitivity may be adapted so as to meet a rate of change of the sequence.
In this document, the term computer device or computer may refer to any data processing device such as a personal computer, a laptop computer, a tablet computer, a smartphone, etc. The data storage memory of the data storage device may comprise any suitable type of memory, for example a read only memory or a programmable memory which is set into a read only status after having been loaded with a suitable software program. When the data storage device is in a read only state, a virus or other (unauthorized) data may be impeded from entering the data as stored in the data storage memory of the data storage device. The data interface circuit may comprise any data interface circuit such as a serial data bus, a parallel data bus, a wireless interface such as a Bluetooth interface or other wireless personal area network interface, etc. The interface circuit may be an external interface of the computer or an internal interface, such as an internal data bus. The data storage device may hence form a separate device or be built into the computer. The access controller may be provided in a form of a microcontroller or microprocessor, such as a standalone microcontroller or microprocessor. In order to prevent any virus or additional (unauthorized) data from getting access to the access controller, and thus attempt to get an influence on the comparison with the reference time sequence or the reference time sequence itself, the access controller may be kept unconnected from the data interface circuit and data storage memory, except for the monitoring signal. As the monitoring signal may not provide a direct data connection between the data interface circuit and the access controller, in the sense that no data exchange between access controller and data interface circuit is possible thereby (only the transmission of information that informs the access controller about a presence of access to the data storage memory of the data storage device), access of viruses to the access controller may be prevented. A signaling may be provided in that the access controller activates an optical or acoustical indicator of the data storage device so as to correspondingly provide an optical or acoustical indication (e.g. blinking of an LED) by the data storage device.
In an embodiment, the monitoring signal output of the data interface circuit is at least one of a data read signal and a data write signal. The monitoring may hence be performed on data reading actions, data writing actions or both, so as to provide an accurate monitoring. Correspondingly, the reference time sequence may comprise a reference read sequence, a reference write sequence, a combined read/write reference sequence, or both a reference read sequence and a reference write sequence. In a practical embodiment, the bootable software application will be read from the data storage device, causing a read sequence monitoring to suffice in order to determine if the (read) time sequence corresponds to the reference time sequence. Additional monitoring may be provided by monitoring the write actions (to e.g. monitor when temporary data, settings or possibly malicious data is stored). In an embodiment, the data interface circuit comprises a data interface circuit controller for controlling the data communication via the data interface circuit, the data interface circuit controller comprising a data communication monitoring output, the data interface circuit controller being arranged for signaling at the data communication monitoring output a presence of the data communication via the data interface circuit, the data connection between the data interface circuit and the access controller being formed by the data communication monitoring output being connected to the data monitoring input of the access controller. The data interface circuit controller may for example be a data bus controller, such as a serial data bus controller (in case the interface circuit is formed by a serial data bus), a parallel data bus controller (in case the interface circuit is formed by a parallel data bus), etc. Such data interface circuit controller may provide a signal that may be applied as the monitoring signal, namely a signal indicating the presence of a read action, a signal indicating a presence of a write action, or both, such signals commonly be applied for driving a corresponding LED or other indicator, such as an other optical indicator, that reliably and conveniently signals the such read or write actions from or to the data storage device taking place.
In an embodiment, the access controller is further arranged for:
- detecting the sequence of data communication via the data interface circuit,
- deriving the reference time sequence data from the detected sequence of data
communication, and
- storing the reference time sequence data in the access controller memory. Thus, the reference time sequence may be learned, e.g. from performing a detection of a sequence once, performing the detection plural times and averaging the detected sequences, etc. The reference time sequence may be stored in the access controller memory. The access controller memory is preferably implemented as a memory separate from the memory device this reducing a risk of manipulation of the reference time sequence by a virus or other malware. Alternatively, the access controller memory may be implemented as a part of the memory device of the data storage device which is preferably isolated from the data interface circuit.
In order to prevent any possible overwriting or other manipulation of the reference time sequence, the access controller may further be arranged for:
- setting an access status of the access controller memory to read only after having stored the reference time sequence data in the access controller memory.
The access controller may further be arranged for setting the access status of the access controller memory to read only in response to receipt of a user input command. The user may for example allow the memory device to learn a reference time sequence once or a plurality of times, and then end the learning by a user input command, such as the user pressing a button on the data storage device or the user entering a code (such as an activation code) at the computer device. The access controller may thereto be arranged to compare the entered access code with a stored access code or an access code received via the internet, and set the data storage device from the learning mode into normal operation.
In an embodiment, the data storage memory is a read only memory which may prevent any virus or other malware from performing a change to the data as stored in the data storage device. Correspondingly, monitoring a read sequence may be effective.
In an embodiment, the data storage memory is loaded with program instructions forming a bootable software application, thus allowing the computer to boot from the data storage device, hence largely preventing any possible virus or other malware, as present on other storage devices of the computer, to be loaded, as the computer boots from the data storage device. The bootable software application may comprise a bootable operating system and an application program (e.g. a program that enables remote access, such as a browser ) to be executed under the operating system. Should a virus have worked its way into the program instructions as stored on the data storage memory of the data storage device, such virus may result in a change in the sequence with which the computer device boots from the data storage device, as the bootable program may have been changed by such virus, causing the access controller to detect a difference between the monitored time sequence of data communication and the reference sequence, and as a result of detecting a difference, may generate a warning signal, examples of which having been described above. In an embodiment, the data storage device further comprises a second data storage memory connected to the data interface circuit, the second data storage memory or the data interface circuit having an enable input for setting the second data storage memory in an enabled or disabled state, the access controller comprising an enable output connected to the enable input and being arranged for setting the second data storage memory from the disabled to the enabled state when the access controller has established that the detected time sequence equals the reference time sequence. Thereby, the second data storage memory of the data storage device may be enabled when the access controller has determined from the comparison between the reference time sequence and the monitored time sequence, that a normal operation, free of computer viruses, seems to be established. User data may be stored in the second data storage memory, and the second data storage memory in which such user data may be stored, may be kept disabled in order to protect access to the user data, until the access controller has established a defined, likely virus free environment. The second data storage memory may comprise a non volatile memory, a volatile memory or both. The non-volatile memory (such as a flash memory) may be used to retain data such as user data, e.g. settings that may be required to allow software stored on the data storage memory to operate. The volatile memory may be applied for storing temporary data such as cookies, downloaded documents, etc. from a session by the user. The volatile memory may be provided with a temporary back-up power supply arranged for maintaining a supply voltage to the volatile memory for a predetermined time, in order to retain data stored in the volatile memory for a predetermined time, and erased thereafter: when the computer device is in normal operating mode, i.e. the (e.g. bootable) software application running from the data storage device has been terminated, a user may read the temporary data from the volatile memory before being erased, so as to obtain a copy of a downloaded document, etc. The erasing provides that any possible malicious data is removed.
The bootable software application may comprise program instructions for reading from the second data storage memory operating settings for the bootable software application. As a result, in case the access controller would not enable access to the data stored in the second data storage memory (as e.g. the detected time sequence does not correspond to the reference time sequence), the second data storage memory is not read enabled, causing the bootable software application to stop, as settings required for its operation (e.g. access network settings, remote logging in settings etc., are not available. Thus, operation of the bootable software application is interrupted in a potentially unsafe environment.
When making use of a data interface circuit controller (such as an USB controller), the first and second memories may be conveniently controlled: any data traffic, including read and write actions via the data interface circuit to the data storage memory and/or the second data storage memory may be monitored by the data interface circuit controller, while read and/or write enabling of the (non-volatile and/or volatile) second data storage memory may be effectively controlled by corresponding enable/disable signals as provided by the data interface circuit controller. The enable output may comprise a read enable output and a write enable output, the access controller being arranged to enable a writing in the second data storage memory before enabling a reading from the second data storage memory. The writing before reading may enable the bootable software application running from the data storage memory to delete (overwrite) any virus on the second data storage memory (in particular non volatile memory), before allowing the memory to be read, i.e. before such virus could be activated. The write enable and/or read enable signals as provided by the access controller may be provided directly to the second data storage memory. Alternatively, the write enable and/or read enable signals as provided by the access controller may be provided to the data interface controller which may in turn control the read and/or write access status of the second data storage memory. Thereby, use may be made of memory access control already available in an existing data interface controller circuit.
The access controller may be arranged to signal a writing of data into the non volatile second data storage memory, e.g. by activation of an optical or acoustical indicator of the data storage device so that no software (that could be tampered by a virus) is involved in such signaling. The bootable software application may be arranged to prompt the user if the data stored in the non volatile second data storage memory is to be deleted, and to overwrite data stored in the non volatile second data storage memory if instructed. The user, when being indicated that data is stored in the non volatile second data storage memory, reboot again and instruct to delete the data is stored in the non volatile second data storage memory so as to avoid any malicious data from being activated. Thus, when the user for example recognizes that data is stored in the non volatile second data storage memory while no authorization has been given to do so, a rebooting may be initiated and the data overwritten.
In an embodiment, the data interface circuit comprises a Universal Serial Bus interface circuit, i.e. an interface circuit in accordance with the USB interface standard, so as to allow easy and convenient connectivity to a wide range of computer devices.
According to another aspect of the invention, there is provided a computer device comprising a data storage device according to the invention, the data storage memory of the data storage device being loaded with a bootable software application, the computer device being bootable (i.e. start operation and loading an operating system ) from the data storage memory.
According to yet another aspect of the invention, there is provided a method of securely booting of a computer device, the method comprising: - executing a bootable software application from a data storage device , the data storage device being connected to the computer device by a data interface circuit, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit ,
- detecting a time sequence of memory access to the data storage device by detecting a time sequence of the monitoring signal provided at the monitoring signal output,
- comparing the detected time sequence of the monitoring signal with a reference time sequence, and
- providing a warning signal to signal if the detected time sequence deviates from the reference time sequence.
The method may further comprise
- deriving a reference time sequence from the time sequence, and
- storing the reference time sequence data in an access controller memory.
An access status of the access controller memory may be set to read only.
According to still another aspect of the invention, there is provided a method of remote access by a computer device to a server, comprising:
- booting the computer device in accordance with the method according to the invention, whereby the bootable software application comprises a remote access software application, and
- remotely accessing the server by the remote access software application executed by the computer device.
With the computer device and methods according to the invention, the same or similar effects may be achieved as with the data storage device according to the invention. Also, the same or similar preferred embodiments may be provided, providing the same or similar effects.
The data storage device according to the invention may be applied for providing secure remote access from the computer device to a server. The computer device may thereto boot from software stored in the data storage memory of the data storage device. A sequence of the start of the software (e.g. the booting in case of bootable software), is monitored and compared to the reference time sequence. In case of a deviation from the reference time sequence, an occurrence of a virus may be detected and a warning to the user generated. When no deviation from the reference time sequence has been detected, a remote access application contained in the software as stored on the data storage memory, may be started, and remote access (such as remote banking) may be provided. Settings required for operation of the remote access application may be stored in the second memory. Any virus contained in other (mass) storage devices of the computer device (e.g. its normal boot program, BIOS (Basic Input Output System) and operating system) may be prevented from operation, as - directly when switching on or resetting the computer device - the bootable program from the data storage device will start running, thereby preventing any virus infected other software of the computer device from turning into operation. Should a virus contained in other (mass) storage devices of the computer device have worked its way into the program instructions during the boot from the data storage memory of the data storage device, such virus may result in a change in the sequence, causing the access controller to detect a difference between the monitored time sequence of data communication and the reference sequence, and as a result of detecting a difference, may generate a warning signal Further advantages, features and effects of the invention will follow from the appended drawing and corresponding description, in which a non-limiting embodiment of the invention is shown, wherein:
Figure 1 A depicts a block schematic view of a data storage device according to an embodiment of the invention;
Figure 1 B depicts a block schematic view of an alternative configuration of a data storage device according to an embodiment of the invention;
Figure 1C depicts a block schematic view of another alternative configuration of a data storage device according to an embodiment of the invention and
Figure 2A - 2D depict timing diagrams of various operating situations of the data storage device in accordance with Figure 1A and 1 B.
Figure 1A depicts a data storage device comprising data storage memory DSM, such as a read only memory in which data is stored, such as in this example a bootable software program. The data may be mask programmed into the memory or programmed into the memory by any other suitable programming means (fuse programmable, etc.), after which the data storage memory is set into a read only state. The data storage device comprises a data interface circuit DIC for communication with an external device such as in this example a computer. The data interface circuit may for example comprise an interfacing circuit (such as an interface bus driver circuit and interface bus connector) and an interface controller to control data communication via the interface. The data interface circuit may for example be formed by an USB (universal serial bus) interface circuit. The data storage device may further comprise an access controller AC and an associated access controller memory ACM. The data interface circuit comprises a monitoring signal output MSO at which a monitoring signal is provided. The monitoring signal signals a presence of data communication via the data interface circuit. The monitoring signal output is connected to a monitoring signal input MSI of the access controller. In the access controller memory, a reference time sequence is stored. The access controller is arranged to detect a time sequence of the monitoring signal, e.g. by logging the monitoring signal over a certain time period, and comparing the time sequence of the monitoring signal to the reference time sequence. In case the time sequence corresponds to the reference time sequence, it may be established that no abnormalities have been detected, resulting in a safe operation. Otherwise, in case of a deviation from the reference time sequence, a virus may be involved resulting in a change of the sequence of operation, and a warning signal may be generated by the access controller and displayed to the user, for example in that the access controller activates an optical warning indicator such as a status LED of the data storage device. The software application as stored in the data storage memory may be a bootable software application and a remote access program and/or other software applications. In operation, the data storage device is connected via the data interface circuit to an interface circuit of the computer, when the computer is off or on or standby. The computer is then switched on or reset, causing it to perform a boot sequence from the data storage device. The computer is to be set in advance to check for the presence of bootable software on a device connected to its interface circuit (e.g. an USB bus), and upon detection of the bootable software on the data storage device, the computer will boot therefrom. The monitoring may be completed when the booting has been completed, and when the time sequence appears to correspond to the reference time sequence, the remote access software (e.g. an internet banking application, secure logging in session, user identification, etc.) may start.
Upon taking into operation the data storage device, the user may allow the data storage device to initially monitor the sequence (e.g. boot sequence) once or a predetermined number of times (e.g. by averaging), and derive a reference time sequence therefrom, which the access controller then stores in the access controller memory. The reference time sequence may then be "locked" by the access controller setting a status of the access controller memory to read only.
As the data storage device according to the invention only requires a monitoring signal connection (and optionally an enable/disable read/write signaling connection as described below) between the data interface circuit and the access controller, the access controller may be almost "isolated" from the remainder of the data storage device and the computer device, causing a risk of virus contamination of the access controller and the time sequence determination, to be low.
The interface circuit may be formed by an USB interface circuit and comprise an USB interface controller. A read indictor/write indicator line of the USB control may form the monitoring signal output.
Figure 1 A further depicts a second data storage memory SDM. The Second data storage memory is likewise to the data storage memory DSM connected to the data interface circuit, so as to allow the computer device to which the data storage device is connected, to have access to the second data storage memory. An access to the second data storage memory is controlled by the access controller. When the access controller has established that - upon booting or other defined process - the monitored time sequence corresponds to the reference time sequence (so that a safe operation may be assumed), access to the second data storage memory may be enabled by means of the access controller setting to the second data storage memory a read enable state, write enable state or both. In this example two second data storage memories are provided, a non-volatile second data storage memory NV-SDM, such as a flash memory, and a volatile second data storage memory V- SDM, such as a random access chip memory. The non-volatile memory may be applied for storage of settings, such as communication settings of the remote access software application stored on the data storage memory, etc. The volatile memory may be applied for storing data gathered in e.g. a last session, such as cookies, temporary files, downloaded documents (e.g. an account overview in the case of internet banking) etc. The volatile memory may be provided with a temporary data retention backup, such as a data retention capacitor or a battery. In order for the data stored in the volatile memory to be removed after the user has had the opportunity to read the data, the data storage device may be provided with a timer (e.g. implemented by the access controller) that removes the data retention voltage from the volatile memory after a predetermined time period has lapsed (e.g. as of switching off).
The alternative configuration as depicted in Figure 1 B and 1C are identical to that of figure 1 A, except that in the configuration as depicted in Figure 1 B, the read and write enable signals R/W NV-DSM/VDSM as provided by the access controller AC are provided to the data interface circuit controller DIC, which in turn controls read and write access to the data storage memory and the second data storage memory. In the configuration as depicted in Figure 1C, in addition to the read and write enable signals R/W NV-DSM/VDSM in accordance with Figure 1 B, a write enable signal is provided from the access controller AC to the data interface circuit controller DIC, which allows to program the data storage memory with e.g. a bootable software application and set the data storage memory to read only thereafter.
An operation of the data storage device will further be explained in some more detail from Figure 2A - 2C, in which a timing diagram is depicted.
Figure 2A-2C each depict a time diagram in which time is set out on the horizontal axis and data activities of first and second memories are depicted. Each of Figure 2A - 2C, depicts from top to bottom a time line of reading R and writing W of the data storage memory DSM, a non volatile part of the second data storage memory NV-SDM, and a volatile part V- SDM thereof. Where reading R or writing W is enabled, this is represented by a shading. Along the horizontal time line, two phases are identified, a boot stage BST wherein the bootable software application runs, and wherein the access controller performs the monitoring, and a following application stage APS wherein the application software stored on the data storage memory may be executed. As depicted in Figure 2A, during the boot stage, the data storage device is read only (as the boot program is read from it) and a boot sequence (comprising e.g. one interrupted reading or a plurality of read cycles having a same or different length) are executed. In the example depicted in Figure 2A, it is established that the sequence corresponds to the reference time sequence, and the application program is started from the data storage device, while access (Read and Write) to the volatile second data storage device is enabled, while write access to the non-volatile second data storage device is enabled, allowing if needed to overwrite any malicious data on the non-volatile second data storage device, before reading from the non-volatile second data storage device is enabled (i.e. before such malicious software could be loaded by the computer devices). Then, the reading from the non-volatile second data storage device is enabled for a predetermined time to allow reading of settings, e.g. by the application program.
In Figure 2B, a same process is depicted, however in addition to the actions as described above with reference to Figure 2A, a write action WA is performed onto the non- volatile second data storage memory. After completion of the writing action, the non-volatile second data storage memory is write disabled by the access controller, and a notification is made to the user. A reboot may be performed afterwards.
In Figure 2C, a situation in which a deviation in comparison the time sequence of the monitoring to the reference time sequence is detected, is depicted . As a result, the access controller does not enable the application program to start a (optical or acoustical) warning is provided to the user as described above. The application program is inhibited from operating as an access to operating settings as stored in the NV-DSM, which settings are required for the application program to run, cannot be provided as reading from the NV-DSM is not enabled.
Figure 2D depicts the situation wherein the computer device is in normal operating mode NOM, .i.e. the computer device has not performed a boot sequence from the data storage device. The volatile second data storage memory V-DSM is set in read enabled state RTD for a predetermined time allowing a user (when back to the regular computing environment of the computer) to read the data (which has been written in a recent run of the bootable software application) from the volatile second data storage memory.

Claims

1. A data storage device comprising:
a data storage memory for storing data,
a data interface circuit connected to the data storage memory and arranged for providing a data connection between the data storage memory and a computer device, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit, and
an access controller having a monitoring signal input which is connected to the monitoring signal output of the data interface circuit, the access controller comprising an access controller memory for storing a reference time sequence, the access controller being arranged for:
detecting a time sequence of the monitoring signal provided at the monitoring signal input,
comparing the detected time sequence with the reference time sequence as stored in the access controller memory, and
providing a signal at a signaling output of the access controller to signal if the detected time sequence deviates from the reference time sequence,
wherein the data storage memory is loaded with program instructions forming a bootable software application.
2. The data storage device according to claim 1 , wherein the monitoring signal output of the data interface circuit is at least one of a data read signal and a data write signal.
3. The data storage device according to claim 1 or 2, wherein the data interface circuit comprises a data interface circuit controller for controlling the data communication via the data interface circuit, the data interface circuit controller comprising a data communication monitoring output, the data interface circuit controller being arranged for signaling at the data communication monitoring output a presence of the data communication via the data interface circuit, the data connection between the data interface circuit and the access controller being formed by the data communication monitoring output being connected to the data monitoring input of the access controller.
4. The data storage device according to any of the preceding claims, wherein the access controller is further arranged for: - detecting the sequence of data communication via the data interface circuit,
- deriving the reference time sequence data from the detected sequence of data communication, and
- storing the reference time sequence data in the access controller memory.
5. The data storage device according to claim 4, wherein the access controller is arranged for:
- setting an access status of the access controller memory to read only after having stored the reference time sequence data in the access controller memory.
6. The data storage device according to claim 4 or 5, wherein the access controller is arranged for setting the access status of the access controller memory to read only in response to receipt of a user input command.
7. The data storage device according to any of the preceding claims, wherein the data storage memory is a read only memory.
8. The data storage device according to any of the preceding claims, further comprising a second data storage memory connected to the data interface circuit, the second data storage memory or the data interface circuit having an enable input for setting the second data storage memory in an enabled or disabled state, the access controller comprising an enable output connected to the enable input and being arranged for setting the second data storage memory from the disabled to the enabled state when the access controller has established that the detected time sequence equals the reference time sequence.
9. The data storage device according to any of the preceding claims , wherein the bootable software application comprises program instructions for reading from the second data storage memory operating settings for the bootable software application.
10. The data storage device according to claim 8 or 9, wherein the enable output comprises a read enable output and a write enable output, the access controller being arranged to enable a writing in the second data storage memory before enabling a reading from the second data storage memory.
11. The data storage device according to any of the preceding claims, wherein the data interface circuit comprises a Universal Serial Bus interface circuit.
12. A computer device comprising a data storage device according to any of claims 1 - 11 , the data storage memory of the data storage device being loaded with a bootable software application, the computer device being bootable from the data storage memory.
13. A method of securely booting of a computer device, the method comprising:
- executing a bootable software application from a data storage device, the data storage device being connected to the computer device by a data interface circuit, the data interface circuit comprising a monitoring signal output and being arranged for providing, at the monitoring signal output, a monitoring signal indicating a presence of data communication via the data interface circuit,
- detecting a time sequence of memory access to the data storage device by detecting a time sequence of the monitoring signal provided at the monitoring signal output,
- comparing the detected time sequence of the monitoring signal with a reference time sequence, and
- providing a warning signal to signal if the detected time sequence deviates from the reference time sequence.
14. The method according to claim 13, further comprising:
- deriving a reference time sequence from the time sequence, and
- storing the reference time sequence data in an access controller memory.
15. The method according to claim 14, further comprising setting an access status of the access controller memory to read only after having stored the reference time sequence data in the access controller memory.
16. The method of any of claims 13 - 15, further comprising enabling a data reading from a second data storage memory of the data storage device in case the detected time sequence substantially equals the reference time sequence and reading, by the bootable software application, the operating settings for operation of the bootable software application from the second data storage memory.
17. A method of remote access by a computer device to a server, comprising:
- booting the computer device in accordance with the method according to any of claims 13 - 16, whereby the bootable software application comprises a remote access software application, and
- remotely accessing the server by the remote access software application executed by the computer device.
PCT/NL2014/050147 2013-03-12 2014-03-12 Data storage device and computer system comprising such data storage device WO2014142659A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL2010437A NL2010437C2 (en) 2013-03-12 2013-03-12 Data storage device and computer system comprising such data storage device.
NL2010437 2013-03-12

Publications (1)

Publication Number Publication Date
WO2014142659A1 true WO2014142659A1 (en) 2014-09-18

Family

ID=48184440

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NL2014/050147 WO2014142659A1 (en) 2013-03-12 2014-03-12 Data storage device and computer system comprising such data storage device

Country Status (2)

Country Link
NL (1) NL2010437C2 (en)
WO (1) WO2014142659A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016139090A1 (en) * 2015-03-05 2016-09-09 Siemens Ag Österreich Monitoring the starting operation of an integrated circuit
CN109687875A (en) * 2018-11-20 2019-04-26 成都四方伟业软件股份有限公司 A kind of time series data processing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091522A1 (en) * 2001-06-29 2005-04-28 Hearn Michael A. Security system and method for computers
US20100088759A1 (en) * 2008-10-03 2010-04-08 Microsoft Corporation Device-side inline pattern matching and policy enforcement
US20120066765A1 (en) * 2010-09-10 2012-03-15 O'brien John System and method for improving security using intelligent base storage
US20120246729A1 (en) * 2011-03-24 2012-09-27 Samsung Electronics Co., Ltd. Data storage devices including integrated anti-virus circuits and method of operating the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050091522A1 (en) * 2001-06-29 2005-04-28 Hearn Michael A. Security system and method for computers
US20100088759A1 (en) * 2008-10-03 2010-04-08 Microsoft Corporation Device-side inline pattern matching and policy enforcement
US20120066765A1 (en) * 2010-09-10 2012-03-15 O'brien John System and method for improving security using intelligent base storage
US20120246729A1 (en) * 2011-03-24 2012-09-27 Samsung Electronics Co., Ltd. Data storage devices including integrated anti-virus circuits and method of operating the same

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016139090A1 (en) * 2015-03-05 2016-09-09 Siemens Ag Österreich Monitoring the starting operation of an integrated circuit
AT517154A3 (en) * 2015-03-05 2018-05-15 Siemens Ag Oesterreich Monitoring the startup process of an integrated circuit
AT517154B1 (en) * 2015-03-05 2018-07-15 Siemens Ag Oesterreich Monitoring the startup process of an integrated circuit
CN109687875A (en) * 2018-11-20 2019-04-26 成都四方伟业软件股份有限公司 A kind of time series data processing method

Also Published As

Publication number Publication date
NL2010437C2 (en) 2014-09-15

Similar Documents

Publication Publication Date Title
EP2989579B1 (en) Redundant system boot code in a secondary non-volatile memory
CN109815698B (en) Method and non-transitory machine-readable storage medium for performing security actions
CN103718165B (en) BIOS flash memory attack protection and notice
US11995182B2 (en) Baseboard management controller to perform security action based on digital signature comparison in response to trigger
US20090288161A1 (en) Method for establishing a trusted running environment in the computer
KR100929870B1 (en) How to keep BIOS security of computer system
EP3188065A1 (en) Secure intelligent terminal device and information processing method
EP2989547B1 (en) Repairing compromised system data in a non-volatile memory
TWI499911B (en) Methods and systems to selectively scrub a system memory
US20180114024A1 (en) Firmware verification through data ports
EP3485416B1 (en) Bios security
US9262631B2 (en) Embedded device and control method thereof
EP3627368A1 (en) Auxiliary memory having independent recovery area, and device applied with same
CN111158767A (en) BMC-based server secure starting method and device
CN107563198B (en) Host virus prevention and control system and method for industrial control system
NL2010437C2 (en) Data storage device and computer system comprising such data storage device.
US10742412B2 (en) Separate cryptographic keys for multiple modes
US10445534B2 (en) Selective storage device wiping system and method
JP2020201787A (en) Information processing terminal and management system
TWI791244B (en) Monitor system booting security device and method thereof
US9483641B2 (en) Method and device for the performance of a function by a microcircuit
CN114003876B (en) Method, device, electronic equipment and medium for accessing BIOS password
US20230019987A1 (en) Method for secure executing of a security related process
CN107451495B (en) Method, device and chip for protecting stored data
CN117725629A (en) Control method and device for read-write operation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14714408

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14714408

Country of ref document: EP

Kind code of ref document: A1