WO2019130041A1 - Method for controlling access to a data storage peripheral device - Google Patents

Method for controlling access to a data storage peripheral device Download PDF

Info

Publication number
WO2019130041A1
WO2019130041A1 PCT/IB2017/001785 IB2017001785W WO2019130041A1 WO 2019130041 A1 WO2019130041 A1 WO 2019130041A1 IB 2017001785 W IB2017001785 W IB 2017001785W WO 2019130041 A1 WO2019130041 A1 WO 2019130041A1
Authority
WO
WIPO (PCT)
Prior art keywords
peripheral device
spd
self
communication link
software application
Prior art date
Application number
PCT/IB2017/001785
Other languages
French (fr)
Inventor
Benoit Berthe
Original Assignee
Vandelay
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vandelay filed Critical Vandelay
Priority to PCT/IB2017/001785 priority Critical patent/WO2019130041A1/en
Publication of WO2019130041A1 publication Critical patent/WO2019130041A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present disclosure relates to the field of secure data access control of a computer system, in particular to a method for controlling access to an external data storage peripheral device by 5 means of a self-powered peripheral device and an electronic control device.
  • USB ports for connecting various types of peripheral devices to interface with users, connect to other computer systems, transfer and / or store data.
  • USB Universal Serial Bus
  • USB ports may be used for connecting electronic devices.
  • USB ports are "multifunctional" universal ports in the sense that they can accept a whole range of devices of different types, such as network interfaces, USB memory- type storage devices, keyboards, mice, web cams, etc.
  • Patent document US2006/0206631 A1 discloses a system configured to copy data between two USB devices without the need for a computer.
  • the solution is well suited for the duplication of data without selection of specific files by a user, the system being devoid of screen or system allowing a human machine interaction.
  • the user feedback is displayed on an LCD display but is limited to messages of success / errors when copying.
  • Patent document US2010/0248775A1 discloses a system configured to allow access to data stored on a data storage peripheral device (e.g. a USB key) from a smartphone.
  • a data storage peripheral device e.g. a USB key
  • the system is advantageous from a user point of view because it is possible to view files, or add files directly from a user interface of the smartphone.
  • This system requires the presence of a compatible physical USB communication port to be able to perform the data exchange between the smartphone and the USB key.
  • USB connection being wired, this system implies having the smartphone and USB key connected and close.
  • the data files are copied to the smartphone that will then be used to transport and share the data files.
  • this system has a major drawback. It is for example often not desirable to use a smartphone to display a presentation or deliver data files. This may for example involve connecting the smartphone to a video projector or computer in the first case leaving this sensitive object and all its content unattended.
  • USB third-party devices configured to achieve and control the data file exchanges, wherein the third-party device has at least two USB physical communication ports for connecting respectively a source peripheral storage device and a destination peripheral storage device.
  • Such USB third-party devices have however usually limited user interfaces and the connection of an additional display screen, usually provided by an unsecure third-party device, is necessary for viewing the content of the source peripheral storage device and / or the destination peripheral storage device and controlling the data file exchanges.
  • the present description relates to a self-powered peripheral device.
  • the self-powered peripheral device comprises : a first communication interface configured to be connected to an external data storage peripheral device; a second communication interface configured to establish a bi-directional communication with a software application executed by an electronic control device through a wireless communication link and to implement a pairing process between the self- powered peripheral device and the electronic control device through the wireless communication link; at least one first microcontroller.
  • the first microcontroller is programmed by means of firmware instructions - to: receive, from the software application through the wireless communication link, at least one first control message comprising first instructions for instructing the self-powered peripheral device to access to a file system of the external data storage peripheral device, wherein the at least one first message is received after completion of the pairing process; access to the file system upon receipt of the at least one first control message; provide, to the software application through the wireless communication link, descriptive data of the file system through the wireless communication link; receive, from the software application through the wireless communication link, at least one second control message comprising reading instructions for instructing the self-powered peripheral device to perform a copy of one or more selected data files from the external data storage peripheral device to the self-powered peripheral device; perform the copy to the self-powered peripheral device; and send, to the software application through the wireless communication link, at least one feedback message on the completion of the copy.
  • the present description relates to an electronic control device.
  • the electronic control device comprises: a wireless communication interface configured to implement through a wireless communication link a pairing process between a self-powered peripheral device and the electronic control device, wherein the self-powered peripheral device comprises a first communication interface configured to be connected to an external data storage peripheral device; at least one processor configured to execute a software application.
  • the software application is configured to communicate with the self-powered peripheral device through the wireless communication link; send, to the self-powered peripheral device through the wireless communication link, at least one first control message comprising first instructions for instructing the self-powered peripheral device to access to a file system of said external data storage peripheral device, wherein said at least one first control message is received after completion of the pairing process, receive, from the self-powered peripheral device through said wireless communication link, descriptive data of said file system through the wireless communication link; send, to the self-powered peripheral device through said wireless communication link, at least one second control message comprising reading instructions for instructing the self-powered peripheral device to perform a copy one or more selected data files from the external data storage peripheral device to the self-powered peripheral device; receive, from the self-powered peripheral device through said wireless communication link, at least one feedback message on the completion of said copy.
  • the present description relates to a method for controlling access to an external data storage peripheral device connected through a first communication interface to a self-powered peripheral device.
  • the method is intended to be performed by the self-powered peripheral device.
  • the method comprises: establishing a communication through a wireless communication link with a software application executed by an electronic control device; implementing a pairing process between the self-powered peripheral device and the electronic control device through the wireless communication link; receiving, from the software application through the wireless communication link, at least one first message comprising first instructions for instructing the self-powered peripheral device to access to a file system of said external data storage peripheral device, wherein the predetermined control messages are received after completion of the pairing process; accessing to said file system upon receipt of said at least one first message; providing, to the software application through said wireless communication link, descriptive data of said file system through the wireless communication link; receiving, from the software application through said wireless communication link, at least one second message comprising reading instructions for instructing self-powered peripheral device to perform a copy of one or more selected data files from
  • the present description relates to a method for controlling access to an external data storage peripheral device connected through a first communication interface to a self-powered peripheral device.
  • the method is intended to be performed by a software application executed by an electronic control device.
  • the method comprises: establishing a communication with a self-powered peripheral device through a wireless communication link; implementing through said wireless communication link a pairing process between the self-powered peripheral device and the electronic control device; sending, to the self-powered peripheral device through the wireless communication link, at least one first message comprising first instructions for instructing the self- powered peripheral device to access to a file system of said external data storage peripheral device, wherein the predetermined control messages are received after completion of the pairing process; receiving, from the self-powered peripheral device through said wireless communication link, descriptive data of said file system through the wireless communication link; sending, to the self-powered peripheral device through said wireless communication link, at least one second message comprising reading instructions for instructing the self-powered peripheral device to perform a copy one or more selected data files from the external data storage peripheral device to the self-powered peripheral device; receiving, from the self-powered peripheral device through said wireless communication link, at least one feedback message on the completion of said copy.
  • FIG.l shows a computer system in accordance with one or more embodiments
  • FIG. 2A shows a secured peripheral device SPD in accordance with one or more embodiments
  • FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments
  • FIG. 3A shows a flow chart of a method for configuring a secured peripheral device in accordance _ with one or more embodiments
  • FIG. 3B shows a flow chart of a method for controlling the integrity of a secured peripheral device in accordance with one or more embodiments
  • FIG. 3C shows a flow chart of a method for implementing a challenge-response authentication process in accordance with one or more embodiments
  • FIG. 4A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments
  • FIG. 4B shows a flow chart of a method for deleting one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments
  • FIG. 4C shows a flow chart of a method for creating one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments
  • FIG. 5 A shows a flow chart of a method for reading data stored on a data storage peripheral device from an electronic host device through a secured peripheral device in accordance with one or more embodiments
  • FIG. 5B shows a flow chart of a method for writing data from an electronic host device to a data storage peripheral device through a secured peripheral device in accordance with one or more embodiments
  • FIG. 6A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments
  • FIG. 6B shows a flow chart of a method for performing an operation on one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments
  • FIG. 7A-7C show flow charts of a method for copying data from a data storage peripheral device to a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments;
  • peripheral devices e.g. USB data storage devices
  • FIG. 1 illustrates schematically an example computer system 100 in which the various technologies and techniques described herein may be implemented.
  • the computer system 100 includes an electronic control device ECD, an electronic host device EHD, a secured peripheral device SPD, a data storage peripheral device DPD and a remote authentication server RAS.
  • the electronic control device ECD, the electronic host device EHD, the secured peripheral and / or the data storage peripheral device DPD device SPD may be used by a user Ul.
  • the remote authentication server RAS may be implemented as a single hardware device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments.
  • the remote authentication server RAS may also be implemented within a cloud computing environment.
  • the electronic control device ECD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments.
  • the electronic control device ECD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.
  • the electronic host device EHD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments.
  • the electronic host device EHD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.
  • the data storage peripheral device DPD may be implemented as a single hardware device.
  • the data storage peripheral device DPD may be a USB device.
  • the data storage peripheral device DPD may be in the form of data storage key, a USB memory, a USB key, USB stick, USB drive, etc.
  • the data storage peripheral device DPD may be a third-party storage device whose security / integrity can not be verified by the user Ul.
  • the secured peripheral device SPD may be implemented as a single hardware device.
  • the - secured peripheral device SPD may be a USB device.
  • the secured peripheral device SPD may be in the form of a data storage key, a USB memory, a USB key, USB stick, USB drive, etc.
  • the secured peripheral device SPD is a self-powered peripheral device, comprising for example a battery or other energy source, and may be used without being connected to any host device.
  • the secured peripheral device SPD is configured to provide protection against“BadUSB” security failure, both as a self-protection and a protection against third-party devices, like the data storage peripheral device DPD.
  • the secured peripheral device SPD is a device that provides its own security functions, including integrity check and authentication, and whose data access functionalities, communication functionalities and capacities are controlled and managed by the software application on the electronic control device ECD.
  • the communication functions through the multifunction communication interfaces is dependent on the success of an authentication of the secured peripheral device.
  • the authentication of the secured peripheral device may be part of or be performed after a pairing process between the electronic control device ECD and the secured peripheral device SPD.
  • a data access function may correspond to one or more data access operations such as reading data blocks, writing data blocks, mounting a file system, obtaining descriptive data of a file system or one or more data files or data container, amending access right(s) of data files, etc.
  • Descriptive data may include any attribute of a data file or data container, including a file name, file extension, access rights, size of data file, keywords, editing date, creation date, etc.
  • the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only in the presence and / or proximity (e.g. presence in the wireless detection zone) of the electronic control device ECD with which the secured peripheral device is paired. In one or more embodiments, the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only as long as the communication link L3 is operatively active and is configured to interrupt any communication through the multifunction communication interfaces when the communication link L3 is interrupted.
  • the secured peripheral device SPD is configured to communicate with the electronic host device EHD through a communication link Ll.
  • the communication link Ll may be a USB (Universal Serial Bus) link.
  • a USB port e.g. a male USB port
  • a USB cable may be used to connect the secured peripheral device SPD to the electronic host device EHD.
  • Any other communication link may be used, for example a wired or wireless communication link.
  • a wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc.
  • a wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc.
  • communication link Ll is a USB communication link.
  • the data storage peripheral device DPD is configured to communicate with the secured peripheral device SPD through a communication link L2.
  • the communication link L2 may be a USB (Universal Serial Bus) communication link.
  • a USB port e.g. a male USB port
  • a USB port e.g. a female USB port
  • a USB cable may be used to connect the secured peripheral device SPD to the secured peripheral device SPD.
  • Any other communication link may be used, for example a wired or wireless communication link.
  • a wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc.
  • a wireless communication link may be based on communication protocol such as Bluetooth ®, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc.
  • communication link L2 is a USB communication link.
  • the electronic control device ECD is configured to communicate with the secured peripheral device SPD through a wired or wireless communication link L3.
  • the communication link is a bi-directional communication link.
  • the communication link L3 is a Bluetooth ® communication link. Any other communication link may be used.
  • a wired communication link may be compliant with a communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc.
  • a wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link L3 is wireless communication link, compliant for example with Bluetooth ®.
  • the electronic control device ECD is configured to communicate with the remote authentication server through a communication link L4.
  • the communication link L4 is implemented through a telecommunication network.
  • the telecommunication network may be any data transmission network, for example a wired (coaxial cable, fiber, twisted pair, DSL cable, etc.) or wireless (radio, infrared, cellular, microwave, etc.) network, a local area network (LAN), internet area network (IAN), metropolitan area network (MAN) or wide area network (WAN) such as the Internet, a public or private network, a virtual private network (VPN), a telecommunication network with data transmission capabilities, a single radio cell with a single connection point like a Wifi or Bluetooth ® cell, etc.'
  • FIG. 2A shows a secured peripheral device SPD in accordance with one or more embodiments.
  • the secured peripheral device SPD comprises a flash memory MEM, a communication interface BT1, one or more multifunction communication interfaces USB1, USB2, one or more microcontrollers MCI, MC2, and a power supply 210 (e.g. a battery).
  • the flash memory MEM is configured to store ciphered firmware update 221, a default data partition 222.
  • the flash memory MEM is configured to store a plurality 223 of data containers PI, P2, P3.
  • the data - containers PI, P2, P3 are user data containers.
  • a user data container is a data container suitable for storing user data (e.g. data files generated by a software used by a user). The user data may be private or professional data and a data container may be dedicated to professional data storage only or to private data storage only.
  • a data container is data partition.
  • a data container is an archive file for archiving data files, and may be compressed or not.
  • a data container is a file folder of a file system.
  • the communication interface BT1 includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the communication interface BT1.
  • hardware e.g. one or more communication ports, circuitry, optical and / or electronic components, etc
  • firmware and / or software or any combination thereof is configured to implement the communication functions described herein for the communication interface BT1.
  • the communication interface BT1 is configured to communicate through the wireless communication link L3 with the electronic control device ECD.
  • the communication protocol used by the communication interface BT1 implements pairing process with each electronic device such that a communication through the wireless communication link L3 is enabled only is the pairing process is successful.
  • the communication link L3 may be a wired or wireless communication link and the communication interface BT1 is communication interface suitable for communicating through communication link L3 and compliant with the associated communication protocol.
  • the communication interface BT1 is a Bluetooth ® interface.
  • the multifunction communication interface USB1 USB1
  • USB2 includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the multifunction communication interface USB 1 (respectively USB2).
  • the first multifunction communication interface USB1 is configured to be connected to an electronic host device electronic host device EHD through the communication link L 1.
  • the second multifunction communication interface is configured to be connected to an electronic host device electronic host device EHD through the communication link L 1.
  • USB2 is configured to be connected to a data storage peripheral device DPD through the communication link L2.
  • the multifunction communication interfaces USB 1 or USB2 is a USB (Universal Serial Bus) communication interface.
  • the multifunction communication interface USB1 includes a male USB connector and the multifunction communication interface USB2 includes a female USB connector.
  • the communication link Ll (respectively L2) may be a wired or wireless communication link and the multifunction communication interface USB1 (respectively USB2) is communication interface suitable for communicating through communication link Ll (respectively L2) and compliant with the associated communication protocol.
  • the microcontroller MCI (respectively MC2) includes hardware (e.g. circuitry, optical and / or electronic components, etc), is configured (e.g. programmed) by means of firmware and / or software instructions and is configured to implement the functions described herein for the microcontroller MCI (respectively MC2).
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to access to the Flash memory MEM and to the one or more data containers PI, P2, P3 stored therein.
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement security management functions in order to secure and control the communication and the data access to / from the secured peripheral device SPD through the one or more multifunction communication interfaces USB1, USB2.
  • the security management functions may include authentication functions, communication control functions, encryption functions, filtering functions, etc.
  • the microcontroller MCI and / or the microcontroller MC2 includes an embedded cryptographic unit configured to implement ciphering / deciphering functions, thus enabling accelerated execution of these ciphering / deciphering functions.
  • the microcontroller MC1 and / or the microcontroller MC2 is (are) configured to implement the security management functions under the control of the electronic control device ECD, e.g. under the control of a specific software application, also referred to therein as the security control application APP, executed by the electronic control device ECD.
  • the security control application APP a specific software application
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to receive (respectively send) messages (respectively to) the security control application APP of the electronic control device ECD through the wireless communication link L3.
  • the messages are ciphered by the emitting entity and deciphered by the receiving entity and the microcontroller(s) MC 1 , MC2 share(s) one or more encryption keys with the security control application APP.
  • the messages may include information and / or instructions for instructing the microcontroller(s) MCI, MC2 to perform one or more operations.
  • the messages may encryption keys, data, parameters and / or other information.
  • the one or more multifunction communication interfaces are configured to communicate
  • USB1, USB2 are configured to be connected to an external electronic device (e.g. the data storage peripheral device DPD or electronic host device EHD).
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement, under the control of the security control application APP, communication functions and / or data access functions through the one or more multifunction communication interfaces USB1, USB2 to / from the secured peripheral device SPD.
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured for example to wait for predetermined control messages before performing any data container access function or communication function through the first and second multifunction communication interfaces USB1, USB2.
  • the microcontrollers MCI, MC2 do not ⁇ perform the corresponding communication operation or data access operation.
  • the microcontrollers MCI, MC2 do not access to a file system of a data storage peripheral device DPD connected to the second multifunction communication interfaces USB2 and the microcontrollers MCI, MC2 are not responsive to requests according to the USB protocol received through the first multifunction communication interfaces USB1.
  • the control messages are sent by the software application APP to the secured peripheral device SPD and comprise instructions for instructing the secured peripheral device SPD (i.e. the microcontroller(s) MCI, MC2) to perform one or more operations in accordance with the instructions.
  • the microcontroller(s) MCI, MC2 is (are) configured to receive, from the software application APP through the wireless communication link L3, one or more control messages.
  • the control messages comprise instructions to instruct the secured peripheral device SPD to perform one or more operations (e.g. communication operations or data access operations) through the one or more communication interfaces USB1, USB2.
  • the microcontroller(s) MCI, MC2 is (are) configured to send, to the software application APP through the wireless communication link (L3), at least one response message (e.g. feedback message, information message, status message, etc.) in response to the control message, for example a message regarding the requested operation (e.g. regarding the completion or a result of the operation). Examples of operations performed under the control of the software application APP are described for example by reference to FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C.
  • control messages are sent by the software application
  • the microcontroller MCI and / or the microcontroller MC2 is (are) responsive to messages from the software application APP to control the transition from a connected state, in which the communications through the first and / or second multifunction communication interfaces USB1, USB2 are operative (authorized), to a locked state, in which the communications through the multifunction communication interfaces USB1, USB2 are not operative (forbidden or blocked) or conversely from the locked state to the connected state.
  • performing a data access operation comprises a data access operation on one or more data containers of the secured peripheral device SPD.
  • a list of data containers is built by the secured peripheral device SPD (by one or the microcontroller(s) MCI, MC2) and sent to the software application APP through the wireless communication link L3. A user of the software application APP may then select a data container on which the data access operation has to be performed.
  • performing a data access operation comprises opening a selected data container of the secured peripheral device SPD. If the selected data container is a ciphered container PI, performing a data access operation on the selected data container comprises receiving from the software application APP through the wireless communication link L3 a control message including an encryption key KP1 associated with the selected ciphered container PI , extracting the encryption key KP1 from the control message; deciphering the ciphered container using the extracted encryption key and providing descriptive data (e.g. file names and attributes) of the content of data container to the software application APP through the wireless communication link L3. Further aspects and embodiments are described by reference to FIG. 6A.
  • one or more data files may be copied to (respectively from) the data container from (or respectively to) an external electronic device (electronic host device EHD or data storage peripheral device DPD) connected to one of the multifunction communication interfaces USB1, USB2.
  • an external electronic device electronic host device EHD or data storage peripheral device DPD
  • a list of data files is built by the secured peripheral device SPD (by one or the microcontroller(s) MCI, MC2) and sent to the software application APP through the wireless communication link L3.
  • a user of the software application APP may then select a one or more data file which have to be copied. Further aspects and embodiments are described by reference to FIG. 6B.
  • performing a data access operation comprises providing access to one or more data containers Pl, P2, P3 of the secured peripheral device SPD through at least one of the multifunction communication interfaces USB1, UBS2 from the electronic host device EHD and / or copying one or more data files from one or more data containers Pl, P2, P3 to the electronic host device EHD.
  • Providing access to one or more data containers PI, P2, P3 may comprise mounting a file system for the one or more data containers PI, P2, P3 and sending descriptive data of the mounted first file system to the electronic host device EHD through the first communication interface USB1. Further aspects and embodiments are described by reference to FIGS. 4A-4C.
  • performing a data access operation comprises accessing to the data storage peripheral device DPD through the second communication interface USB2 from the secured peripheral device SPD and / or copying one or more data files from the external data storage peripheral device DPD to at least one data container Pl, P2, P3 of the secured peripheral device SPD.
  • performing a data access operation comprises mounting a file system to get access to data files stored in the data storage peripheral device DPD through the third communication interface USB2 from the secured peripheral device SPD. Further aspects and embodiments are described by reference to FIGS. 7A-7C.
  • the microcontroller MC1 and / or the microcontroller MC2 is configured to implement, through the wireless communication link L3, the electronic control device ECD and the communication link L4, a challenge-response authentication process between the secured peripheral device SPD and the remote authentication server RAS.
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement data encryption functions using one or more encryption keys.
  • the microcontroller MC1 and / or the microcontroller MC2 is (are) configured to receive and send data through the first multifunction communication interface USB 1 (or respectively USB2) in accordance with a first communication protocol.
  • the first communication protocol may be the USB protocol.
  • the microcontroller MC1 (respectively MC2) is configured to receive / send data from / to the other microcontroller MC2 (respectively MCI) in accordance with a second communication protocol, distinct from the first communication protocol.
  • the second communication protocol may be the SPI (Serial Peripheral Interface) protocol or any other serial wired communication protocol like I2C, RS232, TTL, etc.
  • the microcontroller MC1 (respectively MC2) is configured to implement a protocol translation from the first communication protocol to the second communication protocol and from the second communication protocol to the first communication protocol.
  • the protocol translation is implemented by the microcontroller MC1 (respectively MC2) from the first communication protocol to the second communication protocol for messages received through the multifunction communication interfaces USB1 (respectively USB2) and to be sent to the other microcontroller MC2 (respectively MC1).
  • the protocol translation is implemented by the microcontroller MC1 (respectively MC2) from the second communication protocol to the first communication protocol for messages received from the other microcontroller MC2 (respectively MCI) and to be sent to the multifunction communication interfaces USB1 (respectively USB2).
  • the first multifunction communication interface USB1 is connected to the electronic host device EHD and the second multifunction communication interface USB 1 is connected to the data storage peripheral device DPD.
  • the secured peripheral device SPD may then be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the external data storage peripheral device DPD to the electronic host device EHD.
  • the first microcontroller MCI may be configured to receive from the electronic host device EHD through the first communication interface USB 1 a read command according to a first communication protocol, wherein the read command comprises instructions for performing a copy of the one or more selected data files from the data storage peripheral device DPD to the electronic host device EHD.
  • the first microcontroller MCI may be configured to translate the read command into a translated read command according to the second communication protocol and to forward the translated read command to the second microcontroller MC2.
  • the second microcontroller MC2 may be configured to translate the translated read command into a second translated read command according to the first communication protocol and to forward the second translated read command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5A.
  • the secured peripheral device SPD may be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the electronic host device EHD to the external data storage peripheral device DPD.
  • the first microcontroller MCI may be configured to receive from the electronic host device EHD through the first communication interface USB1 a write command according to a first communication protocol, wherein the write command comprising instructions for performing a copy of one or more selected data files from the electronic host device EHD to the data storage peripheral device DPD.
  • the first microcontroller MCI may be configured to translate the write command into a translated write command according to the second communication protocol and to forward the translated write command to the second microcontroller MC2.
  • the second microcontroller MC2 may be configured to translate the translated write command into a second translated write command according to the first communication protocol and to forward the second translated write command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5B.
  • the microcontroller MC2 is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, the predetermined operations comprising a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the data storage peripheral device DPD and a copy of one or more memory blocks from the data storage peripheral device DPD to the secured peripheral device SPD.
  • the microcontroller MC2 is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.
  • the first microcontroller MC1 is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, and the predetermined operations include only a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the electronic host device EHD and a copy of one or more memory blocks from the electronic host device EHD to the secured peripheral device SPD.
  • the first microcontroller MCI is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.
  • USB2 is a USB interface, only data packets from / to peripheral devices belonging to the peripheral category“USB mass storage class” may be copied.
  • the microcontroller MCI (respectively MC2) is simply not responsive as it is not programmed to perform any action.
  • the microcontroller MC1 or MC2 may thus only communicate with storage devices and which provides a barrier essential hardware since there is no library or driver to interpret any other data. This barrier is safer than a software barrier that would allow certain types of devices to have access to certain functions.
  • FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments.
  • the electronic control device ECD comprises one or more processors 240, memory 241, a wireless communication interface 244, other associated hardware such as input/output interfaces 242 (e.g. device interfaces such as USB interfaces, network interfaces) and a user interface 243 (incorporating for example one or more user input/output devices, e.g., a keyboard, a pointing device, a display screen, etc) to interact with a user U1.
  • processors 240 e.g. device interfaces such as USB interfaces, network interfaces
  • user interface 243 incorporating for example one or more user input/output devices, e.g., a keyboard, a pointing device, a display screen, etc
  • the memory 241 of the electronic control device ECD may include a random-access memory (RAM), cache memory, non-volatile memory, backup memory (e.g., programmable or flash memories), read-only memories, secured storage (e.g. keystore) or any combination thereof.
  • Each processor 240 of the electronic control device ECD may be any suitable microprocessor, microcontroller, integrated circuit, or central processor (CPU) including at least one hardware-based processor or processing core.
  • the memory 241 of the electronic control device ECD may contain computer program instructions which, when executed by the processor 240, cause the electronic control device ECD to perform one or more method described herein for a electronic control device ECD.
  • the processor 240 may be configured to access to the memory 241 for storing, reading and/or loading computer program instructions or software code that, when executed by a processor, causes the processor to perform one or more method steps described herein for the software application APP and / or the electronic control device ECD.
  • the processor 240 may be configured to use the memory 241 when executing the steps of a method described herein for the software application APP and / or the electronic control device ECD, for example for loading computer program instructions and for storing data generated during the execution of the computer program instructions.
  • the electronic control device ECD is configured to execute computer program instructions of a software application APP (also referred to as“security control application APP”) that, when executed by the processor of the electronic control device ECD, causes the processor to perform one or more method steps described herein for the electronic control device ECD.
  • the software application APP is configured to communicate with a remote authentication server RAS via the communication link L4 and to communicate with the secured peripheral device SPD through the wireless communication link L3.
  • the electronic control device ECD comprises a secure storage tool SS for storing encryption keys.
  • a key storage tool SS that is configured to provide access to the stored encryption keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc) may be used.
  • one or more data containers Pl, P2, P3 of the data containers are provided.
  • the software application APP is configured to store an associated encryption key KP1, KP2, KP3 for each ciphered data container PI, P2, P3.
  • the associated encryption key KP1, KP2, KP3 is intended to be used by the secured peripheral device SPD to decipher the corresponding data container PI , P2, P3 and / or the data files stored in the corresponding data container PI, P2, P3.
  • the encryption keys KP1, KP2, KP3 are stored in the secure storage tool SS and retrieved from the secure storage tool SS by the software application APP.
  • each of the encryption keys KP 1 , KP2, KP3 are stored in the secure storage tool SS in association with an identifier allocated by the secured peripheral device SPD to the corresponding the data container Pl, P2, P3.
  • FIG. 3A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD, a factory configuration tool PRG and a remote authentication server RAS according to any embodiment described herein
  • FIG. 3A shows a method for configuring a secured peripheral device SPD in accordance with one or more embodiments.
  • a factory configuration tool PRG (not represented) is configured to communicate through the debugging interfaces of the microcontrollers and to generate data and/or instructions to be stored on the secured peripheral device SPD.
  • a bootloader is generated for the secured peripheral device SPD.
  • the bootloader is configured to load the firmware of the hardware components of the secured peripheral device SPD.
  • the bootloader includes a device authentication key KA.
  • the bootloader includes a firmware encryption key KF.
  • the bootloader includes an initial pairing code PN.
  • the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN are stored in a ciphered storage memory space of one of the microcontrollers MCI, MC2.
  • Step 301 a firmware is generated at factory stage for the secured peripheral device
  • the firmware is not ciphered and not signed.
  • the firmware of the secured peripheral device SPD includes a firmware for each microcontroller MCI, MC2, a firmware for each multifunction communication interface USB1, USB2 and a firmware for the communication interface BT1.
  • Step 302 the bootloader generated in step 300 and the firmware generated in step 301 are injected into a flash memory MEM of the secured peripheral device SPD.
  • the injection may be performed using any appropriate configuration tool, for example through a SWD (Serial Wire Debug) / UART (Universal Asynchronous Receiver/Transmitter) connection.
  • SWD Serial Wire Debug
  • UART Universal Asynchronous Receiver/Transmitter
  • Step 303 an acknowledgement is received by the factory configuration tool PRG for confirming the safe receipt of the firmware and bootloader data in the flash memory MEM.
  • Step 304 a test process is implemented to check the firmware and bootloader data stored in the flash memory MEM.
  • Step 305 upon success of the test process performed in step 304, the debugging interfaces of the microcontrollers MCI, MC2 are disabled. As a consequence, the update of the firmware of the secured peripheral device SPD will only be possible by using the bootloader. In addition, the extraction of the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN will not be possible through the debugging interfaces.
  • a secure update of the firmware may be implemented during which a ciphered firmware update of one or more hardware components is received through a communication interface (e.g. the communication interface BT1) of the secured peripheral device SPD and the firmware update is deciphered using the firmware encryption key KF .
  • each identifier SN 1 , SN2, SN3 is an identifier of a hardware component of the secured peripheral device SPD.
  • an identifier SN1, SN2, SN3 may be a serial number of one of the microcontroller MCI, MC2, a serial number of the multifunction communication interface USB1, USB2, a serial number of the communication interface BT1, a serial number of the memory MEM of the secured peripheral device secured peripheral device SPD.
  • one single identifier SN is used which is generated by combining two or more identifiers SN1, SN2, SN3 of hardware components of the secured peripheral device SPD.
  • Step 306 the device authentication key KA, the firmware encryption key KF and the identifiers SN1, SN2, SN3 are stored in association in a database by the remote authentication server RAS.
  • the device authentication key KA, the firmware encryption key KF and the one or more identifiers SN1, SN2, SN3 are thus shared by the remote authentication server RAS and the secured peripheral device SPD.
  • FIG. 3B represents a flowchart of a method according to an example implementation.
  • FIG.3B shows a method for controlling the integrity of a secured peripheral device SPD in accordance with one or more embodiments.
  • a pairing process is implemented between the secured peripheral device SPD and the electronic control device ECD in steps 310-312.
  • a challenge response process is implemented between the secured peripheral device SPD and the remote authentication server RAS in steps 314-317.
  • the challenge response process is implemented after successful completion of the pairing process. For the first execution of steps 310-317, the secured peripheral device SPD is assumed to be not connected to the electronic host device EHD.
  • the first microcontroller MCI is configured (e.g. programmed) to implement, on secured peripheral device SPD side, the challenge-response authentication process with the remote authentication server RAS.
  • the firmware of the first microcontroller MCI may include a security management unit configured to implement the challenge-response authentication process with the remote authentication server RAS.
  • the wireless communication interface [0086] In the example described by reference to FIG. 3B, the wireless communication interface
  • the pairing process may be for example a secure pairing process under Bluetooth Low Energy 4.2.
  • Step 310 the software application APP is started on the electronic control device ECD.
  • the software application APP triggers a search for Bluetooth ® devices in the detection zone of the Wireless communication interface 244 of the electronic control device ECD.
  • Step 311 assuming the secured peripheral device SPD is in the detection zone of the
  • Wireless communication interface 244, the secured peripheral device SPD is detected.
  • a user interface of the software application APP is presented to the user U1 to allow him to enter a pairing code of the detected secured peripheral device SPD.
  • This pairing code may for example be printed on a sticker and / or on a packaging associated with the secured peripheral device SPD or provided to the user with the secured peripheral device SPD in any other manner, for example hy electronic mail, by paper mail, by SMS (Short Message Service), by displaying the pairing code on a LCD screen, etc. If a secure pairing process under Bluetooth Low Energy 4.2 is used, the pairing code may be a passkey with 6 digits. The pairing code inputted by the user is then sent to the secured peripheral device SPD.
  • Step 312 the pairing code received from the electronic control device ECD is compared to the initial pairing code PN stored in Step 300 in the secured peripheral device SPD. In case of match, the pairing process successfully completes, authorizing those two devices to communicate with each other through the Bluetooth ® link L3.
  • the steps 314-317 described below are implemented only if the pairing process is successfully completed. In case of failure of the pairing process, steps 310-312 have to be executed again before the challenge-response 313-317 is implemented.
  • any next pairing process (next execution of the pairing process in steps 310-312) will be based on a pairing code randomly generated by the secured peripheral device SPD (e.g. in case that the electronic control device ECD has been lost or renewed, or if the user Ul deletes the pairing parameters from the electronic control device ECD or if there are too many unsuccessful pairing attempts).
  • the pairing process based on a random pairing code may be performed as follows.
  • the secured peripheral device SPD generates a random pairing code, inserts the random pairing code in a data file, stores the data file in the memory MEM on a default data partition 222 (see FIG. 2A) which is mounted by default and is accessible through the communication interface UBS1 or UBS2 upon connection of the secured peripheral device SPD to the electronic host device electronic host device EHD.
  • the data stored in other data containers (for example in the data containers PI, P2, P3 (223)) of the memory MEM, outside this data partition 222, mounted by default are however not accessible at this stage.
  • the content of the data file may then be viewed by the user Ul by connecting the secured peripheral device SPD to the electronic host device EHD and then the random pairing code is provided by the user Ul to the software application APP which sends (step 311) the received random pairing code to the secured peripheral device SPD for verification (step 312).
  • the embodiments with the pairing code randomly generated by the secured peripheral device SPD may also be used following the detection of a suspicious activity.
  • steps 310-312 have to be executed again before the challenge- response 313-317 is implemented.
  • the pairing process once the pairing process has been successfully performed, the communication between the software application and the secured peripheral device SPD is authorized and steps 313-317 are performed. If the pairing process is not successful, the steps 313-317 are not executed and a new pairing process has to be implemented by executing again steps 310-312.
  • Step 313 a communication link L4 between the remote authentication server RAS and the software application APP of the electronic control device ECD is established.
  • the data sent through the communication link L4 are ciphered.
  • Step 314 the communication between the software application and the secured peripheral device SPD is started and secured.
  • the software application APP sends a message M314 to the secured peripheral device SPD including a key encryption key KK to be used for ciphering encryption keys.
  • an asymmetric ciphering scheme is used (e.g. RSA, Rivest-Shamir-Adleman ciphering) and a pair of keys is generated by the software application APP, the pair of keys comprising a public key KK PUB and a private key KK PRI suitable for asymmetric ciphering.
  • Step 315 a challenge response authentication process between the secured peripheral device SPD and the remote authentication server RAS is implemented through the software application APP and the communication links L4 and L3.
  • the software application APP is configured to relay messages between the secured peripheral device SPD and the remote authentication server RAS.
  • the challenge response authentication process may be implemented as described below by reference to FIG. 3C.
  • Step 316 the software application APP receives from the remote authentication server
  • RAS a message M316 indicative of the success or failure of the challenge-response authentication process.
  • Step 317 in case of success, an information message is displayed on a user interface of the software application to inform a user that the pairing and authentication are successful. In one or more embodiments, in case of failure, an information message is displayed on a user interface of the software application APP to inform the user U1 that the secured peripheral device SPD seems to be corrupted and / or cannot be used.
  • the wireless communication link L3 with the secured peripheral device SPD is terminated by the software application APP, the key encryption key KK received in step 314 by the software application APP is deleted and the received pairing code is also deleted.
  • the software application APP communicating (e.g. for sending / receiving commands) with the secured peripheral device SPD and force the pairing process and challenge-response authentication process to be started again: Steps 310-317 will have to be executed again.
  • the secured peripheral device SPD (e.g. at least one of the microcontrollers MCI, MC2) is configured to wait for a predetermined control message (e.g. M331, step 331, see FIG. 4A or M61 1, step 611, see FIG. 6A) from the software application APP through the wireless communication link L3 before starting providing access to one or more data container PI, P2, P3 and / or before starting receiving / sending data through the one or more communication interfaces USB1, USB2 and / or before performing a corresponding communication operation / data access operation as described herein.
  • a predetermined control message e.g. M331, step 331, see FIG. 4A or M61 1, step 611, see FIG. 6A
  • the predetermined control message is received by the secured peripheral device SPD only after a success of the challenge-response authentication process and in case of failure of the challenge-response authentication process, the predetermined control message is not send in order to prevent any communication through the first multifunction communication interface USB1, USB2 of the secured peripheral device SPD.
  • the predetermined control message is sent by the software application APP only in response to an action of a user on a user interface of the software application APP to allow an access to data containers of the secured peripheral device SPD.
  • the software application APP is configured to determine whether one or more additional conditions are met before sending one or more predetermined control message to trigger one or more communication operations and / or data access operations through the communication interfaces USB1, USB2 (e.g. through the communication links Ll, L2 - only if these one or more additional conditions are met.
  • An additional condition may be that an explicit authorization is given by the user Ul of the electronic control device ECD on a user interface of the software application APP.
  • An additional condition may be that the communication through the wireless communication link L3 with software application APP is operatively active (not interrupted, defective, deactivated or otherwise not operative).
  • An additional condition may be that the secured peripheral device SPD is currently in the detection zone of the Wireless communication interface 244 of the electronic control device ECD.
  • An additional condition may be that the secured peripheral device SPD is currently paired (the pairing process is successfully completed) through the Wireless communication interface 244 with the electronic control device ECD.
  • An additional condition may be that the secured peripheral device SPD is not in the detection zone of the Wireless communication interface 244 of the electronic control device but has left this detection zone less than one hour, one day or any other predefined time period ago, assinning that this predefined time period have been configured by the user on the user interface of the software application APP during an operatively active connection with between the electronic control device ECD and the secured peripheral device SPD. Any logical combination of these example additional conditions may be used.
  • the software application APP executed on the electronic control device ECD may be configured to send to the secured peripheral device SPD a control message to trigger a communication operation / data access operation through the communication interfaces USB1, USB2 and / or an operation to access to one or more data containers.
  • the control message may be sent in response to an action performed by the user Ul of the electronic control device ECD on a user interface of the software application APP.
  • the software application APP is configured to send a lock to the secured peripheral device SPD through the wireless communication link L3 and the microcontroller(s) MCI / MC2 is (are) configured to interrupt a pending communication operation or pending data access operation upon receipt of a lock command from the software application APP.
  • the lock command may be sent in response to an action performed by the user U1 of the electronic control device ECD on a user interface of the software application APP.
  • the microcontroller(s) MCI, MC2 is (are) configured to interrupt each pending operation (communication operation and / or data access operation) performed through the one or more communication interfaces USB1, USB2 after a time period upon detection of an interruption of the communication with the software application APP through the wireless communication link (L3).
  • the microcontroller(s) MC1, MC2 is (are) configured to receive, from the software application APP through the communication link L3, a configuration message that sets a duration for this time period.
  • FIG. 3C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD, an electronic control device ECD and a remote authentication server RAS according to any embodiment described herein.
  • FIG. 3C shows a method for implementing a challenge-response authentication process between a secured peripheral device SPD and a remote authentication server RAS in accordance with one or more embodiments.
  • the challenge-response authentication process is used to control the integrity of at least one hardware component of the secured peripheral device SPD.
  • the challenge-response authentication process is implemented through the wireless communication link L3 and the software application APP of the electronic control device ECD.
  • the challenge-response authentication process is based one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD and a device authentication key KA shared by the secured peripheral device SPD and the remote authentication server RAS.
  • Step 320 the software application APP of the electronic control device ECD sends a message M320 to the secured peripheral device SPD to request one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD.
  • the secured peripheral device SPD sends a response message M321 to the message M320 received in step 320.
  • the response message M321 includes one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD.
  • the response includes three identifiers SN1, SN2, SN3: a serial number SN1 of the microcontroller MCI, a serial number SN2 of the microcontroller MC2 and a serial number SN3 of the memory MEM of the secured peripheral device secured peripheral device SPD.
  • Step 322 the software application APP transmits the received identifiers SN1, SN2, SN3 to the remote authentication server RAS and obtains from the remote authentication server RAS a token TK.
  • the token TK is a digital key randomly generated by the remote authentication server RAS.
  • Step 323 the software application APP sends to the secured peripheral device SPD a message M323.
  • the message M323 includes the token received in step 322.
  • Step 324 the secured peripheral device SPD generates a ciphered token TKc by ciphering the received token TK using the device authentication key KA as an encryption key.
  • Step 325 the secured peripheral device SPD sends to the software application APP a message M325 including the ciphered token TKc generated in step 324.
  • the secured peripheral device SPD generates in Step 325 one or more encryption keys KC1, KC2 for ciphering messages (data packets, control messages, response messages, etc.) to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3.
  • a symmetric ciphering scheme e.g. AES ciphering, Advance Encryption Standard
  • a symmetric ciphering scheme with block ciphering operating mode is used (e.g. Galois/Counter Mode, GCM).
  • the message M325 of step 325 includes the one or more generated encryption keys KC1, KC2.
  • an initialization vector I VI, IV2 is generated for each encryption key KC1, KC2 and is also included in the message M325 of step 325.
  • each encryption key KC1, KC2 is ciphered using the public key KKPUB received from the software application APP before transmission of the encryption key KC1, KC2 to the software application APP and deciphered from the software application APP using the private key KKPRI corresponding to the public key KKPUB-
  • the secured peripheral device SPD and the software application can now communicate in a secure manner using ciphered messages.
  • all the messages / messages sent between the software application APP and the secured peripheral device SPD after the execution of step 325 including the steps 315-317 (see FIG. 3A) and all steps of the methods described by reference to FIGS. 3C, FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C, will be ciphered and deciphered using the one or more encryption keys KC1, KC2.
  • a single encryption key KC1 suitable for symmetric ciphering is generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3.
  • the encryption key KC1 is intended to be used by the secured peripheral device SPD (respectively by the software application APP) to cipher messages to be transmitted via the wireless communication link L3 from the secured peripheral device SPD (respectively from the software application APP) to the software application APP (respectively to the secured peripheral device SPD) and to decipher ciphered messages received via the wireless communication link L3 by the secured peripheral device SPD (respectively by the software application APP) from the software application APP (respectively from the secured peripheral device SPD).
  • an initialization vector IV1 is generated for the encryption key KC1.
  • two encryption keys KC1, KC2 suitable for symmetric ciphering are generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3.
  • the first encryption key KC1 is intended to be used by the secured peripheral device SPD to cipher messages to be transmitted through the wireless communication link L3 from the secured peripheral device SPD to the software application APP through the wireless communication link L3 and to decipher ciphered messages received through the wireless communication link L3 by the secured peripheral device SPD from the software application APP.
  • the second encryption key KC2 is intended to be used by the software application APP to cipher messages to be transmitted via the wireless communication link L3 from the software application APP to the secured peripheral device SPD and to decipher ciphered messages received via the wireless communication link L3 by the software application APP from the secured peripheral device SPD.
  • an initialization vector I VI, IV2 is generated for each encryption key KC1, KC2.
  • Step 326 the ciphered token received in step 325 is transmitted by the software application APP to the remote authentication server RAS.
  • the encryption keys KC1, KC2 and / or initialization vectors are not transmitted to the remote authentication server RAS but securely stored in the electronic control device ECD, for example in the secure storage tool SS.
  • Any secure storage system may be used, for example a key storage system that is configured to provide access to the stored keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc.).
  • the encryption keys KC1, KC2 and / or initialization vectors are not stored and the Step 325 is executed every time the electronic control device ECD starts a communication with the secured peripheral device SPD.
  • Step 327 the remote authentication server RAS decipher the ciphered token received in step 326.
  • the ciphering scheme is a symmetric ciphering scheme and the remote authentication server RAS deciphers the ciphered token using the shared device authentication key KA stored in association with the one or more identifiers received in step 322.
  • the deciphered token is compared with the token sent in step 322. In case of equality, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a success of the challenge-response authentication process. If the deciphered token is different from the token sent in step 322, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a failure of the challenge-response authentication process.
  • FIG. 4A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein.
  • the steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC1) through the communication link L3.
  • FIG. 4A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic host device EHD using an electronic control device ECD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB1, USB2 are assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD.
  • the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container Pl, P2, P3. In one or more embodiments, the method for providing access to a data container is ' performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2.
  • step 330 a user interface of the software application APP is presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data container to be opened.
  • the list of data containers is built by the secured peripheral device SPD and sent to the software application APP.
  • the list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container.
  • the identification may be a name, for example“private”,“company 1”,“company2”.
  • the user Ul selects one or more data container. For example, it is assumed that the user Ul selects a first data container PI .
  • the software application APP sends a control message M331 to the secured peripheral device SPD to request the opening of the selected first data container PI.
  • the message M331 may include an identifier of the selected first data container PI.
  • the message M331 may include a start address and an end address of the data container.
  • the message M331 may include the encryption key KP1 associated with the data container PI.
  • the identifier may be the name of the data container or a corresponding logical identifier allocated to the selected first data container Pl by the secured peripheral device secured peripheral device SPD.
  • the message M331 is an example of a predetermined control message sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container Pl.
  • the software application APP when the selected first data container PI is ciphered, provides in step 331 to the secured peripheral device SPD an associated encryption key KP1 to be used by the secured peripheral device SPD to decipher the selected first data container PI and / or the data files stored in the selected first data container PI.
  • the encryption key KP1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container Pl and retrieved by the software application APP.
  • the control message M331 includes the encryption key KP1.
  • step 332 the secured peripheral device SPD checks whether the selected first data container Pl exists in the memory MEM of the secured peripheral device SPD and deciphers the identified data container Pl using the received encryption key KP1. If the selected first data container Pl does not exist, an error message is sent by the secured peripheral device SPD to the software application APP. In case wrong start and / or end addresses of the data container have been received by the secured peripheral device SPD, the secured peripheral device SPD will not be able to read / interpret the deciphered data of the data container due to deciphering errors. Once the data container has been deciphered, the secured peripheral device SPD extracts descriptive data of the content of the data container: file names, file sizes, folder names, etc. If the selected data container exists and no deciphering error is detected, step 333 is executed.
  • the secured peripheral device SPD mounts a file system for the selected first data container Pl and sent descriptive data of the mounted file system to the electronic host device EHD through the communication link LI to provide access to the data files stored in the selected data container from the electronic host device EHD.
  • the descriptive data of content of the data container are sent to the software application APP through the communication link L3.
  • the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl before mounting the file system.
  • step 334 in case of success of the mounting operation of step 333, the data container is now opened and may be accessed. For example, the data files stored in the selected first data contained may be viewed and accessed from the electronic host device EHD. Further, in case of failure of the mounting operation, an error message M334 is sent by the secured peripheral device SPD to the software application APP.
  • a LED of the secured peripheral device SPD may be switched on to provide feedback to the user U1 regarding the success or failure of the opening of the data container. For example, in case of success of the opening a LED of the secured peripheral device SPD may be switch on to provide feedback to the user U1.
  • step 335 in case of success of the mounting operation of step 333, a message M335 is sent by the secured peripheral device SPD to the software application APP to indicate that the selected first data container PI has been successfully mounted and may be accessed to from the electronic host device EHD and / or from the electronic control device ECD.
  • a list of data files stored in the selected first data container Pl is sent to the software application APP.
  • step 336 upon receipt of the message M335, the software application APP displays an information message M336 to inform the user Ul of the success of the opening of the selected first data container Pl .
  • the first data container Pl is now opened, i.e. the content of this data container may be accessed to.
  • a list of data files and / or file folders stored in the selected first data container Pl is displayed on a user interface of the software application APP.
  • the user interface of the software application APP is configured to allow the user Ul to trigger the execution of one or more operations on the opened first data container Pl and / or the content of the opened first data container Pl (i.e. on the data files and / or file folders stored in the opened first data container Pl).
  • the triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc.
  • the triggered operation may be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc.
  • a control message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the mounted file system according to a result of the specified operation and provides feedback to the software application APP. Feedback on the result of the specified operation may then be provided to the user Ul through a user interface of the software application APP.
  • the feedback may include updated information on the content of the opened first data container Pl.
  • the user interface of the software application APP is configured to provide feedback to the user Ul on the operations performed on the mounted file system from the electronic host device EHD. For example, if data files are added to the opened data contained, the added data files are shown in the user interface of the software application APP.
  • FIG. 4B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein.
  • the steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
  • FIG. 4B shows a method for deleting one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB 1 is assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.
  • the method for deleting one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for deleting a data container is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container PI , P2, P3. In one or more embodiments, the method for deleting one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2.
  • Step 340 a user interface of the software application APP is presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data containers to be deleted.
  • the user Ul performs an action on the user interface of the software application APP to request deletion of one or more selected data containers of the secured peripheral device secured peripheral device SPD. For example, the user Ul select a second data container P2.
  • Step 341 the software application APP is configured to display an information message to invite the user Ul to perform a back-up of the data stored in the selected data containers.
  • the selected second data container P2 is assumed to be opened, for example according to the method for providing access to a data container described by reference to FIG. 4A.
  • a file system for the selected second data container P2 has been mounted to provide access to the data files stored in the selected second data container P2 from the electronic host device EHD.
  • Step 342 the user Ul may perform a back-up of the data stored in the selected second data container P2, for example by copying all data files and / or file folders from the secured peripheral device SPD to the electronic host device EHD.
  • Step 343 the software application APP is configured to display an information message to invite the user Ul to perform an action to confirm completion of the back-up.
  • Step 344 upon receipt of the confirmation of the user Ul, the software application APP is configured to send a message M344 to the secured peripheral device SPD to request the deletion of the selected second data container P2.
  • Step 345 the software application APP is configured to display an information message to inform the user Ul of that the deletion process is in progress.
  • Step 346 upon receipt of the message M344, the secured peripheral device SPD is configured to unmount the file system mounted for the selected second data container P2 and to delete the selected second data container P2.
  • the access to the selected second data container P2 is no more possible from the electronic host device EHD.
  • Step 347 all associated data (e.g. partition table, file indexes, memory blocks and / or randomly written blocks, encryption keys, etc.) stored in the memory MEM of secured peripheral device SPD are deleted to avoid any further recovery.
  • associated data e.g. partition table, file indexes, memory blocks and / or randomly written blocks, encryption keys, etc.
  • the secured peripheral device SPD is configured to send a message M348 to inform the software application of the completion of the deletion.
  • the secured peripheral device SPD is configured to send to the software application APP the identifier(s) of the deleted data container(s).
  • the software application APP is configured to delete the encryption key KP2 associated with the deleted data container(s).
  • the software application APP is configured to display an information message to inform the user Ul of the completion of the deletion process.
  • FIG. 4C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein.
  • the steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
  • FIG. 4C shows a method for creating one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB1 is assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.
  • the method for creating one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for creating a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container PI, P2, P3. In one or more embodiments, the method for creating one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC 1 , KC2 (see FIG. 3C).
  • the software application APP is configured to allow the user U1 to create one or more data container.
  • a user interface of the software application APP may for example be presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD may be presented to the user Ul .
  • the user Ul performs an action on the user interface of the software application APP to request creation of one or more data containers in the secured peripheral device secured peripheral device SPD.
  • the software application APP is configured to receive input data from the user Ul specifying a new data container P3 to be created.
  • the input data may include an identification (e.g. a name) and / or parameters (e.g. size of the container) of the data container P3 to be created.
  • Step 352 the software application APP is configured to send a message M352 to the secured peripheral device SPD to request the creation of a new data container P3.
  • the message M352 may include the identification and / or the parameters (e.g. address of the start and stop memory blocks) of the data container to be created.
  • the secured peripheral device SPD is configured to create a new data container P3.
  • the new data container is created in accordance with the received identification and / or the parameters.
  • the secured peripheral device SPD is configured to generate an encryption key KP3 associated to the new data container P3.
  • the secured peripheral device SPD is configured to mount a file system for the new data container P3 and to send descriptive data of the mounted file system to the electronic host device EHD in order to provide access to the new data container P3 from the electronic host device EHD.
  • the secured peripheral device SPD is configured to send a message M354 to inform the software application APP of the completion of the creation of the new data container P3.
  • the secured peripheral device SPD is configured to send to the software application APP the encryption key KP3 associated to the new data container.
  • Step 355 the software application APP is configured to inform the user Ul of the creation of the new data container P3.
  • the software application APP is configured to store the encryption key KP3 associated to the new data container P3.
  • the software application APP is configured to store the associated encryption key KP3 in the secure storage tool SS.
  • the electronic host device EHD is connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD is connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • a first communication protocol e.g. USB protocol
  • a second communication protocol e.g. SPI protocol
  • SPI protocol serial protocol protocol
  • Data access operations may then be performed to copy one or more data files from the data storage peripheral device DPD to the electronic host device EHD or from the electronic host device EHD to the data storage peripheral device DPD through the two microcontrollers MC1, MC2.
  • the architecture of secured peripheral device SPD prohibits direct transfers from USB female port to male USB port or vice versa.
  • a protocol break e.g. a translation of protocol from the first communication protocol to the second communication protocol or vice-versa
  • the two microcontrollers MCI, MC2 of the secured peripheral device SPD for processing commands and transmitting data from the data storage peripheral device DPD to the electronic host device EHD or, respectively, from the electronic host device EHD to the data storage peripheral device DPD.
  • the protocol translation performed by the two microcontrollers MCI, MC2 does not alter the content of the initial message sent, but only convert the format of the initial message to another format complying with a second communication protocol.
  • the two microcontrollers MCI, MC2 are configured to apply the protocol conversion only to predefined USB messages that enable to implement data block copy through a USB connection.
  • a hardware barrier is implemented by the two microcontrollers MCI, MC2 preventing malicious messages / commands to be transmitted and processed by the data storage peripheral device DPD or the electronic host device EHD.
  • the transmitted data may additionally be filtered by the electronic host device EHD by means of an antivirus program before being sent to the secured peripheral device SPD or upon receipt from the secured peripheral device SPD.
  • the data files stored in the data storage peripheral device DPD are accessible to the second microcontroller MC2 through a first file system.
  • the second microcontroller MC2 is configured to transmit to the first microcontroller MCI the descriptive data of the first file system by means of the SPI protocol.
  • the first microcontroller MCI is configured to generate on the basis of the descriptive data a second file system imaging the first file system and to provide to the electronic host device EHD access to the storage space and data files of the data storage peripheral device DPD through the second file system.
  • the microcontrollers MCI and MC2 are configured to implement only read and write operations on memory blocks using the first and second file systems. Example embodiments will be presented below by reference to FIGS. 5A and 5B.
  • FIG. 5A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC1) through the communication link L3.
  • FIG. 5A shows a method for reading data stored on a data storage peripheral device DPD from an electronic host device EHD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB 1 , USB2 are assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • USB 1 e.g. male USB port
  • USB2 e.g. female USB port
  • the steps of the method for reading data stored on a data storage peripheral device are performed respectively by the software application APP of the electronic control device ECD and by the microcontrollers MC 1 and MC2 as indicated below.
  • the steps are performed under control of the software application APP that communicate by means of messages with the microcontroller MCI through the communication link L3.
  • the method for reading data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • Steps 360-365 may be performed for each reading operation.
  • a reading operation may concern user data (e.g. one or more data files) to be read and transferred from the data storage peripheral device DPD to the electronic host device EHD.
  • user data e.g. one or more data files
  • Step 360 the electronic host device EHD initiates the reading operation by sending a first USB message M360 including a reading command to the microcontroller MCI through the first multifunction communication interface USB 1 in accordance with the USB protocol.
  • Parameters of the reading command may include an address of a buffer to which the user data have to be transferred and the identification of the documents to be read.
  • Step 361 the microcontroller MC1 initiates a SPI communication with the microcontroller MC2.
  • a master/slave relationships is defined in which the microcontroller MC1 is the master and the microcontroller MC2 is the slave.
  • the microcontroller MCI converts (protocol translation) the first USB message M360 into a SPI message M361 including the reading command and transmits the SPI message M361 to the microcontroller MC2.
  • Step 362 the microcontroller MC2 receives the SPI message M361 and converts (protocol translation) the SPI message into a second USB message M362 including the reading command and transmits the second USB message M362 to the data storage peripheral device DPD.
  • Step 363 the microcontroller MC2 sends a confirmation message M363 to the microcontroller MC1 to confirm the transmission of the second USB message M362.
  • Step 364 the microcontroller MCI terminates the SPI communication with the microcontroller MC2.
  • Step 365 the data storage peripheral device DPD executes the reading command and inserts the read user data into the specified buffer.
  • Step 366 the data storage peripheral device DPD sends a first USB response message M366 to inform the microcontroller MC2 of the completion of the insertion of the read user data into the specified buffer.
  • Step 367 the microcontroller MC2 initiates another SPI communication with the microcontroller MC 1.
  • the microcontroller MC2 is the master and the ' microcontroller MCI is the slave for this SPI communication.
  • the microcontroller MC2 converts (protocol translation) the first USB response message M366 into a SPI response message M367 and. transmits the SPI response message M367 to the microcontroller MCI.
  • the microcontroller MC2 terminates the SPI communication with the microcontroller MC1.
  • Step 368 the microcontroller MCI converts (protocol translation) the SPI response message M367 into a second USB response message M368 and transmits the second USB response M368 message to the electronic host device EHD.
  • Step 369 the electronic host device EHD accesses to the specified buffer and extract the read user data from the specified buffer.
  • FIG. 5B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein.
  • SPD secured peripheral device SPD
  • ECD electronice.g. by the software application APP of the electronic control device ECD
  • DPD data storage peripheral device
  • EHD electronic host device
  • FIG. 5B shows a method for writing data from an electronic host device EHD to a data storage peripheral device DPD in accordance with one or more embodiments.
  • the electronic host device EHD is assumed to be connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • USB 1 e.g. male USB port
  • USB2 e.g. female USB port
  • the method for writing data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • Steps 370-377 may be performed for each writing operation.
  • a writing operation may concern user data (e.g. one or more data files) to be written and transferred from the electronic host device EHD to the data storage peripheral device DPD.
  • user data e.g. one or more data files
  • Step 370 the electronic host device EHD initiates the writing operation by sending through the communication link L3 a first USB message M370 including a writing command to the microcontroller MCI through the first multifunction communication interface USB1 in accordance with the USB protocol.
  • Parameters of the writing command may include an address of a buffer from which the user data have to be transferred and the identification of the documents to be written.
  • Step 371 the microcontroller MCI initiates a SPI communication with the microcontroller MC2 in which the microcontroller MCI is the master and the microcontroller MC2 is the slave.
  • the microcontroller MC1 converts (protocol translation) the first USB message M370 into a SPI message M371 including the writing command and transmits the SPI message M371 to the microcontroller MC2.
  • Step 372 the microcontroller MC2 receives the SPI message M371 and converts (protocol translation) the writing ISP command into a second USB message M372 including the writing command and transmits the second USB message M372 to the data storage peripheral device DPD.
  • the data storage peripheral device DPD executes the writing command.
  • the execution may include extracting the user data from the specified buffer to copy them in the internal memory of the data storage peripheral device DPD and then writing the user data to the permanent memory of the data storage peripheral device DPD.
  • Step 374 the data storage peripheral device DPD sends a first USB response message M374 to inform the microcontroller MC2 of the completion of the transfer of the user data.
  • Step 375 the microcontroller MC2 converts (protocol translation) the first USB response message M374 into a SPI response message M375 and transmits the SPI response message M375 to the microcontroller MCI.
  • the microcontroller MC2 terminates the SPI communication with the microcontroller MC 1.
  • Step 376 the microcontroller MC1 converts (protocol translation) the SPI response message M375 into a second USB response message M376 and transmits the second USB response message M376 to the electronic host device EHD.
  • Step 377 the electronic host device EHD terminates the writing operation.
  • FIG. 6A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the microcontroller MCI through the communication link L3.
  • FIG. 6A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments.
  • the method for providing access to a data container is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EFID and may be performed without using any electronic host device EHD.
  • the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container(s) PI, P2, P3 to be accessed.
  • step 610 a user interface of the software application APP is presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data container to be opened and accessed.
  • the list of data containers is built by the secured peripheral device SPD and sent to the software application APP.
  • the list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container.
  • the identification may be a name, for example“private”,“company 1”,“company2”.
  • the user Ul selects one or more data container to be opened. For example, it is assumed that the user U1 selects a first data container Pl.
  • the software application APP sends a control message M611 to the secured peripheral device SPD to request the opening of the selected first data container PI.
  • the message M611 may include an identifier of the selected first data container PI.
  • the control message M61 1 may include a start address and an end address of the data container.
  • the control message M611 may include the encryption key KP1 associated with the data container PI.
  • the control message M611 is an example of a predetermined control message to be sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container PI.
  • the software application APP when the selected first data container Pl is ciphered, provides in step 611 to the secured peripheral device SPD an associated encryption key KP1 to be used by the secured peripheral device SPD to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl.
  • the encryption key KP1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container Pl and retrieved by the software application APP.
  • the control message M611 includes the encryption key KP1.
  • step 612 the secured peripheral device SPD checks whether the selected first data container Pl exists in the memory MEM of the secured peripheral device SPD. If the selected first data container Pl does not exist, an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening operation.
  • the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl.
  • the secured peripheral device SPD will not be able to read / interpret the deciphered data in the data container due to deciphering errors.
  • an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening process. Otherwise, in case of success of the opening of the data container, a response message is sent in step 612 to the software application APP to indicate a success of the opening operation and step 613 is executed.
  • a led of the secured peripheral device SPD may be switched on / off to provide feedback to the user U1 regarding the success or failure of the opening operation. For example, in case of success of opening operation, a led of the secured peripheral device SPD may be switched on to provide feedback to the user U1.
  • step 613 the software application APP sends a control message to the secured peripheral device SPD to request descriptive data of the opened data container.
  • the secured peripheral device SPD extracts from the deciphered data container descriptive data of the content of the data container: e.g. file names, file sizes, folder names, etc.
  • the descriptive data of content of the data container are sent to the software application APP through the communication link L3.
  • step 615 upon receipt of the descriptive data, the software application APP displays an information message to inform the user Ul of the success of the opening of the selected first data container PI .
  • the first data container Pl is now opened, i.e. the content of this data container may be accessed to.
  • a list of data files and / or one or more file folders stored in the selected first data container Pl is displayed on a user interface of the software application APP. For example, a list of data files stored in the root folder of the data container is displayed.
  • the user interface of the software application APP is configured to allow the user Ul to trigger the execution of one or more operations on the opened first data container Pl and / or the content of the opened first data container Pl (i.e. on the data files and / or file folders stored in the opened first data container Pl).
  • the triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc.
  • the triggered operation may also be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc.
  • a message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the deciphered data container according to a result of the specified operation and provides feedback to the software application APP. Feedback on the result of the specified operation may then be provided to the user Ul through a user interface of the software application APP.
  • the feedback may include updated information on the content of the opened first data container Pl .
  • FIG. 6B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
  • FIG. 6B shows a method for performing an operation on one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments.
  • the method for performing an operation on one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.
  • the method for performing an operation on one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for performing an operation on one or more data containers is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container Pl, P2, P3 and the data container has been opened using for example the method steps 610-612 described by reference to FIG. 6 A.
  • a user interface of the software application APP is presented to the user Ul.
  • the content of one or more data containers in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to trigger one or more operations to perform on this content.
  • the user Ul performs a predefined action on the user interface of the software application APP to trigger the execution of the one or more operations.
  • the operation is the opening of the folder of the data container, a change in the access rights (read / write rights) on one or more data files, a deletion of a data file, a deletion of a data folder, a copy of one or more selected data files, etc.
  • step 621 the software application APP sends a control message M620 to trigger the execution of the one or more operations.
  • step 622 the secured peripheral device SPD executes the one or more operations specified by the control message M620.
  • the secured peripheral device SPD is configured to send a message to inform the software application APP of the completion of the one or more operations.
  • the user interface of the software application APP is updated to show the result of the one or more operations. For example, an updated list of data files stored in one or more folders of the data container is displayed.
  • the secured peripheral device SPD may be used as a self-powered peripheral device SPD that integrates all hardware and software modules to provide a standalone solution, compact and ergonomic to manage the interface between the electronic control device and the external data storage device.
  • the electronic control device ECD e.g. a smartphone, laptop, personal data assistant, or any portable device
  • the electronic control device ECD itself is not impacted by the transfer of the data files which remain in the secured environment of the self-powered peripheral device used as an intermediate storage device.
  • the use of the electronic control device ECD to control the access operations is advantageous from a user point of view because it is possible to present various, long and complex types of information on the electronic control device ECD.
  • the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more first control messages comprising first instructions for instructing the self-powered peripheral device SPD to access to a file system of the data storage peripheral device DPD.
  • the first control messages are received after completion of the pairing process and / or the challenge- response authentication process.
  • the secured peripheral device SPD may provide, to the software application APP through the wireless communication link L3, a response message including descriptive data of the file system.
  • the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more second control messages comprising reading instructions for instructing the self-powered peripheral device SPD to perform a copy of one or more selected data files from the external data storage peripheral device DPD to the self-powered peripheral device SPD.
  • the secured peripheral device SPD may send, to the software application APP through the wireless communication link L3, at least one feedback message on the completion of the requested copy. Further details and embodiments are described below by reference to FIGS. 7A-7C.
  • the secured peripheral device SPD remains as easy to use as any USB dongle which is a major asset for users who need to share information quickly and in all circumstances.
  • the control of operations by a smartphone is for example a common and user-friendly solution adapted to the daily use and private / professional practices of many users (e.g. banking management, smart objects management,).
  • FIG. 7A-7C represent a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and a data storage peripheral device DPD according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
  • FIG. 7A-7C shows a method for copying data stored on a data storage peripheral device DPD to a secured peripheral device SPD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB2 are assumed here to be USB interfaces.
  • the data storage peripheral device DPD is assumed to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • the secured peripheral device SPD being a secured peripheral device, the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.
  • the method for copying data is performed only if the pairing process and / or the challenge response authentication process were successfully completed (see FIGS. 3B and 3C).
  • the method for copying data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C). .
  • the secured peripheral device SPD detects the data storage peripheral device DPD and reads the file system of the data storage peripheral device DPD as master device.
  • Step 711 the secured peripheral device SPD sends a message to the software application APP to inform the software application APP of the detection performed in step 710.
  • the software application APP informs the user U1 that a data storage peripheral device DPD is connected.
  • the software application APP is configured to provide a user interface to allow the user U1 to authorize access to the data storage peripheral device DPD. Once authorization has been received from the user Ul, the file system of the data storage peripheral device DPD can be mounted.
  • Step 714 the software application APP sends a control message M714 to the secured peripheral device SPD.
  • the control message M714 comprises instructions for instructing the secured peripheral device SPD to access to a file system of the external data storage electronic device DPD, e.g. to request the mounting of the file system of the data storage peripheral device DPD.
  • the secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD upon receipt the control message M714.
  • Step 715 upon receipt of the control message M714, the secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD.
  • the file system of the data storage peripheral device DPD is mounted by the secured peripheral device SPD.
  • Step 716 the software application APP sends a message to the secured peripheral device SPD to request the status of the mounting operation.
  • the secured peripheral device SPD sends a response message to indicate that the mounting is successful.
  • Step 718 the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the file system (e.g. of its content, including descriptive data one or more data files and / or file folders) of the data storage peripheral device DPD.
  • the secured peripheral device SPD sends a response message including descriptive data of the file system (e.g. of the content, including descriptive data of one or more data files and / or file folders) of the data storage peripheral device DPD, e.g. the content of a current folder (e.g. the root folder) of the data storage peripheral device DPD.
  • Step 720 the software application APP provides a user interface showing the content of the data storage peripheral device DPD, e.g. a list of one or more data files and / or one or more data folders. Steps 730-736 may be executed after step 720: see FIG. 7B. [00229] Referring to FIG. 7B, in Step 730, the software application APP is configured to allow the user Ul to navigate in the file system of the data storage peripheral device DPD, e. g. to change the current folder.
  • Step 731 the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the content of the current folder.
  • the secured peripheral device SPD gets the descriptive data of the content of the current folder from the data storage peripheral device DPD using the mounted file system.
  • the secured peripheral device SPD sends a response message including the requested descriptive data.
  • Step 734 the software application APP displays a user interface showing the content of the current folder, e.g. a list of one or more data files stored in the current folder. After the execution of step 734, Steps 730-734 may be repeated. In Step 735, the software application APP displays a user interface to allow the user Ul to select one or more data files to be copied to the secured peripheral device SPD. One or more data files are selected.
  • Step 736 the software application APP stores in a memory an identification of the data files selected in step 735.
  • Steps 730-736 may be repeated to select other or further data files.
  • Steps 740-747 may be executed after step 736: see FIG. 7C.
  • Step 740 the software application APP displays a user interface to allow the user Ul to request the transfer of the selected data files to a destination folder of a destination data container of the secured peripheral device SPD.
  • the software application APP receives a user input to trigger the transfer.
  • only an opened data container may be selected as a destination data container.
  • the data container may be opened using for example the method steps 610- 612 described by reference to FIG. 6A.
  • Step 741 the software application APP displays a user interface to allow the user Ul to specify a destination data container of the secured peripheral device SPD.
  • Step 742 the software application APP receives user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD.
  • Step 743 the software application APP checks whether the selected data files already exist in the destination data container and / or destination folder, and in case of a positive answer the software application APP displays a user interface to allow the user Ul to decide whether to proceed or not.
  • the software application APP receives user input to cancel or confirm the copy of the selected data files and proceeds accordingly. In case of confirmation, steps 744 is executed, otherwise steps 730-734 or 735-736 may be repeated.
  • Step 744 the software application APP sends to the secured peripheral device SPD a control message M744 to trigger the copy of the selected data files in the destination data container and / or destination folder.
  • the control message M744 comprises reading instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files from the external data storage electronic device DPD to a data container of the secured peripheral device SPD.
  • the control message M744 comprises the encryption key KP1, KP2, KP3 associated with the destination data container PI, P2, P3 to which the copied data have to be stored.
  • Step 745 the secured peripheral device SPD performs the requested copy of the selected data files and stores them in the destination data container and / or destination folder.
  • Step 746 the secured peripheral device SPD sends to the software application APP at least one feedback message on the completion of the requested copy, for example to confirm the completion of the copy.
  • Step 747 the software application APP may display an information message to inform the user of the completion of the copy. After the execution of step 747, steps 730-734 or 735-736 may be repeated.
  • the method described by reference to FIGS. 7A-7C may be transposed to the copy of one or more data files from a data container of the secured peripheral device SPD to the data storage electronic device DPD.
  • the first microcontroller MCI may be programmed by means of firmware instructions to perform the described steps.
  • the first microcontroller MCI may access to a data container Pl, P2, P3 of the secured peripheral device SPD and provide, to the software application APP through the wireless communication link L3, descriptive data of the content of the data container (see for example steps 620- 621 described above).
  • the first microcontroller MCI may then receive, from the software application APP through the wireless communication link L3, a control message comprising writing instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files of the data container of the secured peripheral device SPD to the external data storage electronic device DPD, perform the requested copy to the external data storage electronic device DPD and provide, to the software application APP through the wireless communication link L3, feedback on the completion of the requested copy to the external data storage electronic device DPD (see for example steps 744-747 described above).
  • the software application APP may display a user interface to allow the user U1 to specify a source data container of the secured peripheral device SPD and receive user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD.
  • Each described function, engine, block of the block diagrams and flowchart illustrations may be implemented in hardware, software, firmware, middleware, microcode, or any suitable combination thereof. If implemented in software, the functions, engines, blocks of the block diagrams and/or flowchart illustrations can be implemented by computer program instructions or software code, which may be stored or transmitted over a computer-readable medium, or loaded onto a general purpose computer, special purpose computer or other programmable data processing apparatus to produce a machine, such that the computer program instructions or software code which execute on the computer or other programmable data processing apparatus, create the means for implementing the functions described herein.
  • Embodiments of computer-readable media includes, but are not limited to, both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • software instructions or computer readable program code to perform embodiments described herein may be stored, temporarily or permanently, in whole or in part, on a non-transitory computer readable medium of a local or remote storage device including one or more storage media.
  • a computer storage medium may be any physical media that can be read, written or more generally accessed by a computer.
  • Examples of computer storage media include, but are not limited to, a flash drive or other flash memory devices (e.g. memory keys, memory sticks, key drive), CD-ROM or other optical storage, DVD, magnetic disk storage or other magnetic storage devices, solid state memory, memory chip, RAM, ROM, EEPROM, smart cards, a relational database management system (RDBMS), a traditional database, or any other suitable medium from that can be used to carry or store program code in the form of instructions or data structures which can be read by a computer processor.
  • flash drive or other flash memory devices e.g. memory keys, memory sticks, key drive
  • CD-ROM or other optical storage DVD
  • magnetic disk storage or other magnetic storage devices solid state memory
  • solid state memory memory chip
  • RAM random access memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • smart cards e.g., electrically erasable
  • various forms of computer-readable medium may be used to transmit or carry instructions to a computer, including a router, gateway, server, or other transmission device, wired (coaxial cable, fiber, twisted pair, DSL cable) or wireless (infrared, radio, cellular, microwave).
  • the instructions may include code from any computer-programming language, including, but not limited to, assembly, C, C++, Basic, SQL, MySQL, HTML, PHP, Python, Java, Javascript, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Systems (AREA)

Abstract

A self-powered peripheral device comprises : a first communication interface (USB2) configured to be connected to an external data storage peripheral device (DPD); a second communication interface (BT1) configured to establish a communication with a software application executed by an electronic control device (ECD) through a wireless communication link (L3) and to implement a pairing process between the self-powered peripheral device (SPD) and the electronic control device (ECD) through the wireless communication link (L3); a first microcontroller (MCI). The first microcontroller is programmed to receive, from the software application, a first control message comprising first instructions to access to a file system of the external data storage peripheral device; access to the file system upon receipt of the a first control message; provide, to the software application descriptive data of the file system.

Description

TECHNICAL FIELD
[0001] The present disclosure relates to the field of secure data access control of a computer system, in particular to a method for controlling access to an external data storage peripheral device by 5 means of a self-powered peripheral device and an electronic control device.
BACKGROUND
[0002] Many electronic systems, for example the computer systems and the systems with human to machine interface (such as personal computer, smart TV, printers, video projectors, speakers, ...), have
10 a number of ports for connecting various types of peripheral devices to interface with users, connect to other computer systems, transfer and / or store data. In particular USB (Universal Serial Bus) ports may be used for connecting electronic devices. USB ports are "multifunctional" universal ports in the sense that they can accept a whole range of devices of different types, such as network interfaces, USB memory- type storage devices, keyboards, mice, web cams, etc.
15 [0003] Patent document US2006/0206631 A1 discloses a system configured to copy data between two USB devices without the need for a computer. The solution is well suited for the duplication of data without selection of specific files by a user, the system being devoid of screen or system allowing a human machine interaction. The user feedback is displayed on an LCD display but is limited to messages of success / errors when copying.
-20 [0004] Patent document US2010/0248775A1 discloses a system configured to allow access to data stored on a data storage peripheral device (e.g. a USB key) from a smartphone. The system is advantageous from a user point of view because it is possible to view files, or add files directly from a user interface of the smartphone. This system requires the presence of a compatible physical USB communication port to be able to perform the data exchange between the smartphone and the USB key.
25 The USB connection being wired, this system implies having the smartphone and USB key connected and close.
[0005] However, the system disclosed in US2010/0248775A1 raises security and ergonomic problems in the user's mobility situation. For example, there is no possibility to check the content of the USB key and the data files stored thereon before accessing or copying the data files to the smartphone.
30 Further the data files are copied to the smartphone that will then be used to transport and share the data files. At a time when the protection of personal and professional data is becoming a major issue, this system has a major drawback. It is for example often not desirable to use a smartphone to display a presentation or deliver data files. This may for example involve connecting the smartphone to a video projector or computer in the first case leaving this sensitive object and all its content unattended.
35 [0006] Other systems involve a third-party device configured to achieve and control the data file exchanges, wherein the third-party device has at least two USB physical communication ports for connecting respectively a source peripheral storage device and a destination peripheral storage device. i Such USB third-party devices have however usually limited user interfaces and the connection of an additional display screen, usually provided by an unsecure third-party device, is necessary for viewing the content of the source peripheral storage device and / or the destination peripheral storage device and controlling the data file exchanges.
[0007] Thus, there is a need for a method and devices allowing improving the security and / or user-friendliness, ergonomics of the access to an external data storage peripheral device, e.g. for copying and performing data exchanges from and / or to an external data storage peripheral device and without involving any additional third-party device.
SUMMARY
[0008] According to a first aspect, the present description relates to a self-powered peripheral device. The self-powered peripheral device comprises : a first communication interface configured to be connected to an external data storage peripheral device; a second communication interface configured to establish a bi-directional communication with a software application executed by an electronic control device through a wireless communication link and to implement a pairing process between the self- powered peripheral device and the electronic control device through the wireless communication link; at least one first microcontroller. The first microcontroller is programmed by means of firmware instructions - to: receive, from the software application through the wireless communication link, at least one first control message comprising first instructions for instructing the self-powered peripheral device to access to a file system of the external data storage peripheral device, wherein the at least one first message is received after completion of the pairing process; access to the file system upon receipt of the at least one first control message; provide, to the software application through the wireless communication link, descriptive data of the file system through the wireless communication link; receive, from the software application through the wireless communication link, at least one second control message comprising reading instructions for instructing the self-powered peripheral device to perform a copy of one or more selected data files from the external data storage peripheral device to the self-powered peripheral device; perform the copy to the self-powered peripheral device; and send, to the software application through the wireless communication link, at least one feedback message on the completion of the copy.
[0009] According to a second aspect, the present description relates to an electronic control device. The electronic control device comprises: a wireless communication interface configured to implement through a wireless communication link a pairing process between a self-powered peripheral device and the electronic control device, wherein the self-powered peripheral device comprises a first communication interface configured to be connected to an external data storage peripheral device; at least one processor configured to execute a software application. The software application is configured to communicate with the self-powered peripheral device through the wireless communication link; send, to the self-powered peripheral device through the wireless communication link, at least one first control message comprising first instructions for instructing the self-powered peripheral device to access to a file system of said external data storage peripheral device, wherein said at least one first control message is received after completion of the pairing process, receive, from the self-powered peripheral device through said wireless communication link, descriptive data of said file system through the wireless communication link; send, to the self-powered peripheral device through said wireless communication link, at least one second control message comprising reading instructions for instructing the self-powered peripheral device to perform a copy one or more selected data files from the external data storage peripheral device to the self-powered peripheral device; receive, from the self-powered peripheral device through said wireless communication link, at least one feedback message on the completion of said copy.
[0010] According to a third aspect, the present description relates to a method for controlling access to an external data storage peripheral device connected through a first communication interface to a self-powered peripheral device. The method is intended to be performed by the self-powered peripheral device. The method comprises: establishing a communication through a wireless communication link with a software application executed by an electronic control device; implementing a pairing process between the self-powered peripheral device and the electronic control device through the wireless communication link; receiving, from the software application through the wireless communication link, at least one first message comprising first instructions for instructing the self-powered peripheral device to access to a file system of said external data storage peripheral device, wherein the predetermined control messages are received after completion of the pairing process; accessing to said file system upon receipt of said at least one first message; providing, to the software application through said wireless communication link, descriptive data of said file system through the wireless communication link; receiving, from the software application through said wireless communication link, at least one second message comprising reading instructions for instructing self-powered peripheral device to perform a copy of one or more selected data files from the external data storage peripheral device to the self-powered peripheral device; performing said copy to the self-powered peripheral device ; and sending, to the software application through said wireless communication link, a feedback message on the completion of said copy of one or more selected data files.
[0011] According to a fourth aspect, the present description relates to a method for controlling access to an external data storage peripheral device connected through a first communication interface to a self-powered peripheral device. The method is intended to be performed by a software application executed by an electronic control device. The method comprises: establishing a communication with a self-powered peripheral device through a wireless communication link; implementing through said wireless communication link a pairing process between the self-powered peripheral device and the electronic control device; sending, to the self-powered peripheral device through the wireless communication link, at least one first message comprising first instructions for instructing the self- powered peripheral device to access to a file system of said external data storage peripheral device, wherein the predetermined control messages are received after completion of the pairing process; receiving, from the self-powered peripheral device through said wireless communication link, descriptive data of said file system through the wireless communication link; sending, to the self-powered peripheral device through said wireless communication link, at least one second message comprising reading instructions for instructing the self-powered peripheral device to perform a copy one or more selected data files from the external data storage peripheral device to the self-powered peripheral device; receiving, from the self-powered peripheral device through said wireless communication link, at least one feedback message on the completion of said copy.
[0012] Other aspects of the invention will be apparent from the following detailed description and the appended claims.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] Other advantages and characteristics of the disclosed devices and methods will become apparent from reading the description, illustrated by the following figures, where:
FIG.l shows a computer system in accordance with one or more embodiments;
FIG. 2A shows a secured peripheral device SPD in accordance with one or more embodiments; FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments; FIG. 3A shows a flow chart of a method for configuring a secured peripheral device in accordance _ with one or more embodiments;
FIG. 3B shows a flow chart of a method for controlling the integrity of a secured peripheral device in accordance with one or more embodiments;
FIG. 3C shows a flow chart of a method for implementing a challenge-response authentication process in accordance with one or more embodiments;
FIG. 4A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments;
FIG. 4B shows a flow chart of a method for deleting one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments;
FIG. 4C shows a flow chart of a method for creating one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments;
FIG. 5 A shows a flow chart of a method for reading data stored on a data storage peripheral device from an electronic host device through a secured peripheral device in accordance with one or more embodiments;
FIG. 5B shows a flow chart of a method for writing data from an electronic host device to a data storage peripheral device through a secured peripheral device in accordance with one or more embodiments;
FIG. 6A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments;
FIG. 6B shows a flow chart of a method for performing an operation on one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments;
FIG. 7A-7C show flow charts of a method for copying data from a data storage peripheral device to a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments;
[0014] In the FIGS., identical elements are indicated by the same references. The embodiments disclosed herein by reference to the figures, can be implemented independently of any other embodiments and several embodiments can be combined in various ways.
DETAILED DESCRIPTION
[0015] The present disclosure is described below with reference to functions, engines, block diagrams and flowchart illustrations of the methods, systems, and computer programs according to one or more exemplary embodiments.
[0016] Disclosed are methods and devices allowing improving the security of an electronic host device, be it fixed or mobile and with or without telecommunication capability, when using peripheral devices (e.g. USB data storage devices) connected to the electronic host device.
[0017] Discloses are method and devices allowing improving the security and / or user- friendliness, ergonomics of the access to an external data storage electronic device, e.g. for copying and performing data exchanges from and / or to an external data storage electronic device and without involving any additional third-party device.
[0018] FIG. 1 illustrates schematically an example computer system 100 in which the various technologies and techniques described herein may be implemented.
[0019] As shown in FIG. 1, the computer system 100 includes an electronic control device ECD, an electronic host device EHD, a secured peripheral device SPD, a data storage peripheral device DPD and a remote authentication server RAS. The electronic control device ECD, the electronic host device EHD, the secured peripheral and / or the data storage peripheral device DPD device SPD may be used by a user Ul.
[0020] The remote authentication server RAS may be implemented as a single hardware device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments. The remote authentication server RAS may also be implemented within a cloud computing environment. [0021] The electronic control device ECD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments. The electronic control device ECD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.
[0022] The electronic host device EHD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments. The electronic host device EHD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.
[0023] The data storage peripheral device DPD may be implemented as a single hardware device.
The data storage peripheral device DPD may be a USB device. For example, the data storage peripheral device DPD may be in the form of data storage key, a USB memory, a USB key, USB stick, USB drive, etc. The data storage peripheral device DPD may be a third-party storage device whose security / integrity can not be verified by the user Ul.
[0024] The secured peripheral device SPD may be implemented as a single hardware device. The - secured peripheral device SPD may be a USB device. For example, the secured peripheral device SPD may be in the form of a data storage key, a USB memory, a USB key, USB stick, USB drive, etc. In one or more embodiments, the secured peripheral device SPD is a self-powered peripheral device, comprising for example a battery or other energy source, and may be used without being connected to any host device.
[0025] In one or more embodiments, the secured peripheral device SPD is configured to provide protection against“BadUSB” security failure, both as a self-protection and a protection against third-party devices, like the data storage peripheral device DPD.
[0026] The secured peripheral device SPD is a device that provides its own security functions, including integrity check and authentication, and whose data access functionalities, communication functionalities and capacities are controlled and managed by the software application on the electronic control device ECD. In one or more embodiments, the communication functions through the multifunction communication interfaces is dependent on the success of an authentication of the secured peripheral device. The authentication of the secured peripheral device may be part of or be performed after a pairing process between the electronic control device ECD and the secured peripheral device SPD.
[0027] A data access function may correspond to one or more data access operations such as reading data blocks, writing data blocks, mounting a file system, obtaining descriptive data of a file system or one or more data files or data container, amending access right(s) of data files, etc. Descriptive data may include any attribute of a data file or data container, including a file name, file extension, access rights, size of data file, keywords, editing date, creation date, etc.
[0028] In one or more embodiments, the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only in the presence and / or proximity (e.g. presence in the wireless detection zone) of the electronic control device ECD with which the secured peripheral device is paired. In one or more embodiments, the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only as long as the communication link L3 is operatively active and is configured to interrupt any communication through the multifunction communication interfaces when the communication link L3 is interrupted.
[0029] In one or more embodiments, the secured peripheral device SPD is configured to communicate with the electronic host device EHD through a communication link Ll. The communication link Ll may be a USB (Universal Serial Bus) link. For example, a USB port (e.g. a male USB port) of the secured peripheral device SPD may be directly connected to a USB port (e.g. a female USB port) of the electronic host device EHD. Alternately, a USB cable may be used to connect the secured peripheral device SPD to the electronic host device EHD. Any other communication link may be used, for example a wired or wireless communication link. A wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc. A wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link Ll is a USB communication link.
[0030] In one or more embodiments, the data storage peripheral device DPD is configured to communicate with the secured peripheral device SPD through a communication link L2. The communication link L2 may be a USB (Universal Serial Bus) communication link. For example, a USB port (e.g. a male USB port) of the data storage peripheral device DPD may be directly connected to a USB port (e.g. a female USB port) of the secured peripheral device SPD. For example, a USB cable may be used to connect the secured peripheral device SPD to the secured peripheral device SPD. Any other communication link may be used, for example a wired or wireless communication link. A wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc. A wireless communication link may be based on communication protocol such as Bluetooth ®, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link L2 is a USB communication link.
[0031] The electronic control device ECD is configured to communicate with the secured peripheral device SPD through a wired or wireless communication link L3. In one or more embodiments, the communication link is a bi-directional communication link. In one or more embodiments, the communication link L3 is a Bluetooth ® communication link. Any other communication link may be used. A wired communication link may be compliant with a communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc. A wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link L3 is wireless communication link, compliant for example with Bluetooth ®.
[0032] The electronic control device ECD is configured to communicate with the remote authentication server through a communication link L4. In one or more embodiments, the communication link L4 is implemented through a telecommunication network. The telecommunication network may be any data transmission network, for example a wired (coaxial cable, fiber, twisted pair, DSL cable, etc.) or wireless (radio, infrared, cellular, microwave, etc.) network, a local area network (LAN), internet area network (IAN), metropolitan area network (MAN) or wide area network (WAN) such as the Internet, a public or private network, a virtual private network (VPN), a telecommunication network with data transmission capabilities, a single radio cell with a single connection point like a Wifi or Bluetooth ® cell, etc.'
[0033] FIG. 2A, shows a secured peripheral device SPD in accordance with one or more embodiments. As shown in FIG. 2A, the secured peripheral device SPD comprises a flash memory MEM, a communication interface BT1, one or more multifunction communication interfaces USB1, USB2, one or more microcontrollers MCI, MC2, and a power supply 210 (e.g. a battery).
[0034] In one or more embodiments, the flash memory MEM is configured to store ciphered firmware update 221, a default data partition 222. In one or more embodiments, the flash memory MEM is configured to store a plurality 223 of data containers PI, P2, P3. In one or more embodiments, the data - containers PI, P2, P3 are user data containers. A user data container is a data container suitable for storing user data (e.g. data files generated by a software used by a user). The user data may be private or professional data and a data container may be dedicated to professional data storage only or to private data storage only. In one or more embodiments, a data container is data partition. In one or more embodiments, a data container is an archive file for archiving data files, and may be compressed or not. In one or more embodiments, a data container is a file folder of a file system.
[0035] In one or more embodiments, the communication interface BT1 includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the communication interface BT1.
[0036] In one or more embodiments, the communication interface BT1 is configured to communicate through the wireless communication link L3 with the electronic control device ECD. In one or more embodiments, the communication protocol used by the communication interface BT1 implements pairing process with each electronic device such that a communication through the wireless communication link L3 is enabled only is the pairing process is successful. As discussed above, the communication link L3 may be a wired or wireless communication link and the communication interface BT1 is communication interface suitable for communicating through communication link L3 and compliant with the associated communication protocol. For example, the communication interface BT1 is a Bluetooth ® interface.
[0037] In one or more embodiments, the multifunction communication interface USB1
(respectively USB2) includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the multifunction communication interface USB 1 (respectively USB2).
[0038] In one or more embodiments, the first multifunction communication interface USB1 is configured to be connected to an electronic host device electronic host device EHD through the communication link L 1. In one or more embodiments, the second multifunction communication interface
USB2 is configured to be connected to a data storage peripheral device DPD through the communication link L2.
[0039] In one or more embodiments, the multifunction communication interfaces USB 1 or USB2 is a USB (Universal Serial Bus) communication interface. For example, the multifunction communication interface USB1 includes a male USB connector and the multifunction communication interface USB2 includes a female USB connector. As discussed above, the communication link Ll (respectively L2) may be a wired or wireless communication link and the multifunction communication interface USB1 (respectively USB2) is communication interface suitable for communicating through communication link Ll (respectively L2) and compliant with the associated communication protocol.
[0040] In one or more embodiments, the microcontroller MCI (respectively MC2) includes hardware (e.g. circuitry, optical and / or electronic components, etc), is configured (e.g. programmed) by means of firmware and / or software instructions and is configured to implement the functions described herein for the microcontroller MCI (respectively MC2).
[0041] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) configured to access to the Flash memory MEM and to the one or more data containers PI, P2, P3 stored therein.
[0042] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement security management functions in order to secure and control the communication and the data access to / from the secured peripheral device SPD through the one or more multifunction communication interfaces USB1, USB2. The security management functions may include authentication functions, communication control functions, encryption functions, filtering functions, etc. In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 includes an embedded cryptographic unit configured to implement ciphering / deciphering functions, thus enabling accelerated execution of these ciphering / deciphering functions.
[0043] In one or more embodiments, the microcontroller MC1 and / or the microcontroller MC2 is (are) configured to implement the security management functions under the control of the electronic control device ECD, e.g. under the control of a specific software application, also referred to therein as the security control application APP, executed by the electronic control device ECD.
[0044] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) configured to receive (respectively send) messages (respectively to) the security control application APP of the electronic control device ECD through the wireless communication link L3. In one or more embodiments, the messages are ciphered by the emitting entity and deciphered by the receiving entity and the microcontroller(s) MC 1 , MC2 share(s) one or more encryption keys with the security control application APP. The messages may include information and / or instructions for instructing the microcontroller(s) MCI, MC2 to perform one or more operations. The messages may encryption keys, data, parameters and / or other information.
[0045] In one or more embodiments, the one or more multifunction communication interfaces
USB1, USB2 are configured to be connected to an external electronic device (e.g. the data storage peripheral device DPD or electronic host device EHD). In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement, under the control of the security control application APP, communication functions and / or data access functions through the one or more multifunction communication interfaces USB1, USB2 to / from the secured peripheral device SPD. The microcontroller MCI and / or the microcontroller MC2 is (are) configured for example to wait for predetermined control messages before performing any data container access function or communication function through the first and second multifunction communication interfaces USB1, USB2. This means that as long as the software application APP has not sent a predetermined control message to trigger a corresponding communication operation or data access operation, the microcontrollers MCI, MC2 do not ^ perform the corresponding communication operation or data access operation. For example, as long as the software application APP has not sent a predetermined control message, the microcontrollers MCI, MC2 do not access to a file system of a data storage peripheral device DPD connected to the second multifunction communication interfaces USB2 and the microcontrollers MCI, MC2 are not responsive to requests according to the USB protocol received through the first multifunction communication interfaces USB1. The control messages are sent by the software application APP to the secured peripheral device SPD and comprise instructions for instructing the secured peripheral device SPD (i.e. the microcontroller(s) MCI, MC2) to perform one or more operations in accordance with the instructions.
[0046] In one or more embodiments, the microcontroller(s) MCI, MC2 is (are) configured to receive, from the software application APP through the wireless communication link L3, one or more control messages. The control messages comprise instructions to instruct the secured peripheral device SPD to perform one or more operations (e.g. communication operations or data access operations) through the one or more communication interfaces USB1, USB2. In one or more embodiments, the microcontroller(s) MCI, MC2 is (are) configured to send, to the software application APP through the wireless communication link (L3), at least one response message (e.g. feedback message, information message, status message, etc.) in response to the control message, for example a message regarding the requested operation (e.g. regarding the completion or a result of the operation). Examples of operations performed under the control of the software application APP are described for example by reference to FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C.
[0047] In one or more embodiments, the control messages are sent by the software application
APP only once the pairing process is completed and only in case of a success of the challenge-response authentication process. Due to the challenge-response authentication process, the integrity of the secured peripheral device SPD can be verified, and a protection against reading and modification of the firmware of the electronic card is achieved. This prevent the firmware of the secured peripheral device SPD from being replaced by a“BadUSB firmware”. This also prevent hackers from replacing the hardware of secured peripheral device SPD.
[0048] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) responsive to messages from the software application APP to control the transition from a connected state, in which the communications through the first and / or second multifunction communication interfaces USB1, USB2 are operative (authorized), to a locked state, in which the communications through the multifunction communication interfaces USB1, USB2 are not operative (forbidden or blocked) or conversely from the locked state to the connected state.
[0049] In one or more embodiment, performing a data access operation comprises a data access operation on one or more data containers of the secured peripheral device SPD. In one or more embodiments, a list of data containers is built by the secured peripheral device SPD (by one or the microcontroller(s) MCI, MC2) and sent to the software application APP through the wireless communication link L3. A user of the software application APP may then select a data container on which the data access operation has to be performed.
[0050] In one or more embodiment, performing a data access operation comprises opening a selected data container of the secured peripheral device SPD. If the selected data container is a ciphered container PI, performing a data access operation on the selected data container comprises receiving from the software application APP through the wireless communication link L3 a control message including an encryption key KP1 associated with the selected ciphered container PI , extracting the encryption key KP1 from the control message; deciphering the ciphered container using the extracted encryption key and providing descriptive data (e.g. file names and attributes) of the content of data container to the software application APP through the wireless communication link L3. Further aspects and embodiments are described by reference to FIG. 6A.
[0051] Once a data container is opened, one or more data files may be copied to (respectively from) the data container from (or respectively to) an external electronic device (electronic host device EHD or data storage peripheral device DPD) connected to one of the multifunction communication interfaces USB1, USB2. In one or more embodiments, a list of data files is built by the secured peripheral device SPD (by one or the microcontroller(s) MCI, MC2) and sent to the software application APP through the wireless communication link L3. A user of the software application APP may then select a one or more data file which have to be copied. Further aspects and embodiments are described by reference to FIG. 6B.
[0052] In one or more embodiment, performing a data access operation comprises providing access to one or more data containers Pl, P2, P3 of the secured peripheral device SPD through at least one of the multifunction communication interfaces USB1, UBS2 from the electronic host device EHD and / or copying one or more data files from one or more data containers Pl, P2, P3 to the electronic host device EHD. Providing access to one or more data containers PI, P2, P3 may comprise mounting a file system for the one or more data containers PI, P2, P3 and sending descriptive data of the mounted first file system to the electronic host device EHD through the first communication interface USB1. Further aspects and embodiments are described by reference to FIGS. 4A-4C.
[0053] In one or more embodiment, performing a data access operation comprises accessing to the data storage peripheral device DPD through the second communication interface USB2 from the secured peripheral device SPD and / or copying one or more data files from the external data storage peripheral device DPD to at least one data container Pl, P2, P3 of the secured peripheral device SPD. In one or more embodiment, performing a data access operation comprises mounting a file system to get access to data files stored in the data storage peripheral device DPD through the third communication interface USB2 from the secured peripheral device SPD. Further aspects and embodiments are described by reference to FIGS. 7A-7C.
[0054] In one or more embodiments, the microcontroller MC1 and / or the microcontroller MC2 is configured to implement, through the wireless communication link L3, the electronic control device ECD and the communication link L4, a challenge-response authentication process between the secured peripheral device SPD and the remote authentication server RAS.
[0055] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement data encryption functions using one or more encryption keys.
[0056] In one or more embodiments, the microcontroller MC1 and / or the microcontroller MC2 is (are) configured to receive and send data through the first multifunction communication interface USB 1 (or respectively USB2) in accordance with a first communication protocol. The first communication protocol may be the USB protocol.
[0057] In one or more embodiments, the microcontroller MC1 (respectively MC2) is configured to receive / send data from / to the other microcontroller MC2 (respectively MCI) in accordance with a second communication protocol, distinct from the first communication protocol. The second communication protocol may be the SPI (Serial Peripheral Interface) protocol or any other serial wired communication protocol like I2C, RS232, TTL, etc.
[0058] In one or more embodiments, the microcontroller MC1 (respectively MC2) is configured to implement a protocol translation from the first communication protocol to the second communication protocol and from the second communication protocol to the first communication protocol. The protocol translation is implemented by the microcontroller MC1 (respectively MC2) from the first communication protocol to the second communication protocol for messages received through the multifunction communication interfaces USB1 (respectively USB2) and to be sent to the other microcontroller MC2 (respectively MC1). The protocol translation is implemented by the microcontroller MC1 (respectively MC2) from the second communication protocol to the first communication protocol for messages received from the other microcontroller MC2 (respectively MCI) and to be sent to the multifunction communication interfaces USB1 (respectively USB2).
[0059] In one or more embodiments, the first multifunction communication interface USB1 is connected to the electronic host device EHD and the second multifunction communication interface USB 1 is connected to the data storage peripheral device DPD.
[0060] The secured peripheral device SPD may then be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the external data storage peripheral device DPD to the electronic host device EHD. The first microcontroller MCI may be configured to receive from the electronic host device EHD through the first communication interface USB 1 a read command according to a first communication protocol, wherein the read command comprises instructions for performing a copy of the one or more selected data files from the data storage peripheral device DPD to the electronic host device EHD. The first microcontroller MCI may be configured to translate the read command into a translated read command according to the second communication protocol and to forward the translated read command to the second microcontroller MC2. The second microcontroller MC2 may be configured to translate the translated read command into a second translated read command according to the first communication protocol and to forward the second translated read command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5A.
[0061] Symmetrically, the secured peripheral device SPD may be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the electronic host device EHD to the external data storage peripheral device DPD. The first microcontroller MCI may be configured to receive from the electronic host device EHD through the first communication interface USB1 a write command according to a first communication protocol, wherein the write command comprising instructions for performing a copy of one or more selected data files from the electronic host device EHD to the data storage peripheral device DPD. The first microcontroller MCI may be configured to translate the write command into a translated write command according to the second communication protocol and to forward the translated write command to the second microcontroller MC2. The second microcontroller MC2 may be configured to translate the translated write command into a second translated write command according to the first communication protocol and to forward the second translated write command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5B.
[0062] The copy of data files from the electronic host device EHD to the external data storage peripheral device DPD or vice versa implies copy of one or more memory blocks. In one or more embodiments, the microcontroller MC2 is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, the predetermined operations comprising a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the data storage peripheral device DPD and a copy of one or more memory blocks from the data storage peripheral device DPD to the secured peripheral device SPD. The microcontroller MC2 is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.
[0063] Symmetrically, the first microcontroller MC1 is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, and the predetermined operations include only a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the electronic host device EHD and a copy of one or more memory blocks from the electronic host device EHD to the secured peripheral device SPD. The first microcontroller MCI is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.
[0064] For example, when the multifunction communication interface USB1 (respectively
USB2) is a USB interface, only data packets from / to peripheral devices belonging to the peripheral category“USB mass storage class” may be copied. For other peripheral categories, the microcontroller MCI (respectively MC2) is simply not responsive as it is not programmed to perform any action.
[0065] By design, the microcontroller MC1 or MC2 may thus only communicate with storage devices and which provides a barrier essential hardware since there is no library or driver to interpret any other data. This barrier is safer than a software barrier that would allow certain types of devices to have access to certain functions.
[0066] FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments. As shown in FIG. 2B, the electronic control device ECD comprises one or more processors 240, memory 241, a wireless communication interface 244, other associated hardware such as input/output interfaces 242 (e.g. device interfaces such as USB interfaces, network interfaces) and a user interface 243 (incorporating for example one or more user input/output devices, e.g., a keyboard, a pointing device, a display screen, etc) to interact with a user U1.
[0067] The memory 241 of the electronic control device ECD may include a random-access memory (RAM), cache memory, non-volatile memory, backup memory (e.g., programmable or flash memories), read-only memories, secured storage (e.g. keystore) or any combination thereof. Each processor 240 of the electronic control device ECD may be any suitable microprocessor, microcontroller, integrated circuit, or central processor (CPU) including at least one hardware-based processor or processing core. [0068] In one or more embodiments, the memory 241 of the electronic control device ECD may contain computer program instructions which, when executed by the processor 240, cause the electronic control device ECD to perform one or more method described herein for a electronic control device ECD.
[0069] The processor 240 may be configured to access to the memory 241 for storing, reading and/or loading computer program instructions or software code that, when executed by a processor, causes the processor to perform one or more method steps described herein for the software application APP and / or the electronic control device ECD. The processor 240 may be configured to use the memory 241 when executing the steps of a method described herein for the software application APP and / or the electronic control device ECD, for example for loading computer program instructions and for storing data generated during the execution of the computer program instructions.
[0070] In one or more embodiments, the electronic control device ECD is configured to execute computer program instructions of a software application APP (also referred to as“security control application APP”) that, when executed by the processor of the electronic control device ECD, causes the processor to perform one or more method steps described herein for the electronic control device ECD. The software application APP is configured to communicate with a remote authentication server RAS via the communication link L4 and to communicate with the secured peripheral device SPD through the wireless communication link L3.
[0071] In one or more embodiments, the electronic control device ECD comprises a secure storage tool SS for storing encryption keys. For example, a key storage tool SS that is configured to provide access to the stored encryption keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc) may be used.
[0072] In one or more embodiments, one or more data containers Pl, P2, P3 of the data containers
223 stored in the memory MEM of the secured peripheral device SPD are ciphered. In one or more embodiments, the software application APP is configured to store an associated encryption key KP1, KP2, KP3 for each ciphered data container PI, P2, P3. The associated encryption key KP1, KP2, KP3 is intended to be used by the secured peripheral device SPD to decipher the corresponding data container PI , P2, P3 and / or the data files stored in the corresponding data container PI, P2, P3. In one or more embodiments, the encryption keys KP1, KP2, KP3 are stored in the secure storage tool SS and retrieved from the secure storage tool SS by the software application APP. In one or more embodiments, each of the encryption keys KP 1 , KP2, KP3 are stored in the secure storage tool SS in association with an identifier allocated by the secured peripheral device SPD to the corresponding the data container Pl, P2, P3.
[0073] FIG. 3A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD, a factory configuration tool PRG and a remote authentication server RAS according to any embodiment described herein
[0074] FIG. 3A shows a method for configuring a secured peripheral device SPD in accordance with one or more embodiments. A factory configuration tool PRG (not represented) is configured to communicate through the debugging interfaces of the microcontrollers and to generate data and/or instructions to be stored on the secured peripheral device SPD.
[0075] In Step 300, a bootloader is generated for the secured peripheral device SPD. The bootloader is configured to load the firmware of the hardware components of the secured peripheral device SPD. In one or more embodiments, the bootloader includes a device authentication key KA. In one or more embodiments, the bootloader includes a firmware encryption key KF. In one or more embodiments, the bootloader includes an initial pairing code PN. In one or more embodiments, the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN are stored in a ciphered storage memory space of one of the microcontrollers MCI, MC2.
[0076] In Step 301, a firmware is generated at factory stage for the secured peripheral device
SPD. In one or more embodiments, the firmware is not ciphered and not signed. In one or more embodiments, the firmware of the secured peripheral device SPD includes a firmware for each microcontroller MCI, MC2, a firmware for each multifunction communication interface USB1, USB2 and a firmware for the communication interface BT1.
[0077] In Step 302, the bootloader generated in step 300 and the firmware generated in step 301 are injected into a flash memory MEM of the secured peripheral device SPD. The injection may be performed using any appropriate configuration tool, for example through a SWD (Serial Wire Debug) / UART (Universal Asynchronous Receiver/Transmitter) connection.
[0078] In Step 303, an acknowledgement is received by the factory configuration tool PRG for confirming the safe receipt of the firmware and bootloader data in the flash memory MEM.
[0079] In Step 304, a test process is implemented to check the firmware and bootloader data stored in the flash memory MEM.
[0080] In Step 305, upon success of the test process performed in step 304, the debugging interfaces of the microcontrollers MCI, MC2 are disabled. As a consequence, the update of the firmware of the secured peripheral device SPD will only be possible by using the bootloader. In addition, the extraction of the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN will not be possible through the debugging interfaces. In one or more embodiments, a secure update of the firmware may be implemented during which a ciphered firmware update of one or more hardware components is received through a communication interface (e.g. the communication interface BT1) of the secured peripheral device SPD and the firmware update is deciphered using the firmware encryption key KF .
[0081] In Step 306, the device authentication key KA and firmware encryption key KF are sent to the remote authentication server RAS together with one or more identifiers SN1, SN2, SN3. In one or more embodiments, each identifier SN 1 , SN2, SN3 is an identifier of a hardware component of the secured peripheral device SPD. For example, an identifier SN1, SN2, SN3 may be a serial number of one of the microcontroller MCI, MC2, a serial number of the multifunction communication interface USB1, USB2, a serial number of the communication interface BT1, a serial number of the memory MEM of the secured peripheral device secured peripheral device SPD. In one or more embodiments, one single identifier SN is used which is generated by combining two or more identifiers SN1, SN2, SN3 of hardware components of the secured peripheral device SPD.
[0082] In Step 306, the device authentication key KA, the firmware encryption key KF and the identifiers SN1, SN2, SN3 are stored in association in a database by the remote authentication server RAS. The device authentication key KA, the firmware encryption key KF and the one or more identifiers SN1, SN2, SN3 are thus shared by the remote authentication server RAS and the secured peripheral device SPD.
[0083] FIG. 3B represents a flowchart of a method according to an example implementation.
While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD and an electronic control device ECD according to any embodiment described herein.
[0084] FIG.3B shows a method for controlling the integrity of a secured peripheral device SPD in accordance with one or more embodiments. In one or more embodiments, a pairing process is implemented between the secured peripheral device SPD and the electronic control device ECD in steps 310-312. In one or more embodiments, a challenge response process is implemented between the secured peripheral device SPD and the remote authentication server RAS in steps 314-317. In one or more embodiments, the challenge response process is implemented after successful completion of the pairing process. For the first execution of steps 310-317, the secured peripheral device SPD is assumed to be not connected to the electronic host device EHD.
[0085] In one or more embodiment, the first microcontroller MCI is configured (e.g. programmed) to implement, on secured peripheral device SPD side, the challenge-response authentication process with the remote authentication server RAS. For example, the firmware of the first microcontroller MCI may include a security management unit configured to implement the challenge-response authentication process with the remote authentication server RAS.
[0086] In the example described by reference to FIG. 3B, the wireless communication interface
244 of the electronic host device EHD and the communication interface BT1 are assumed to be Bluetooth ® interfaces. The pairing process may be for example a secure pairing process under Bluetooth Low Energy 4.2.
[0087] In Step 310, the software application APP is started on the electronic control device ECD.
The software application APP triggers a search for Bluetooth ® devices in the detection zone of the Wireless communication interface 244 of the electronic control device ECD. [0088] In Step 311, assuming the secured peripheral device SPD is in the detection zone of the
Wireless communication interface 244, the secured peripheral device SPD is detected. A user interface of the software application APP is presented to the user U1 to allow him to enter a pairing code of the detected secured peripheral device SPD. This pairing code may for example be printed on a sticker and / or on a packaging associated with the secured peripheral device SPD or provided to the user with the secured peripheral device SPD in any other manner, for example hy electronic mail, by paper mail, by SMS (Short Message Service), by displaying the pairing code on a LCD screen, etc. If a secure pairing process under Bluetooth Low Energy 4.2 is used, the pairing code may be a passkey with 6 digits. The pairing code inputted by the user is then sent to the secured peripheral device SPD.
[0089] In Step 312, the pairing code received from the electronic control device ECD is compared to the initial pairing code PN stored in Step 300 in the secured peripheral device SPD. In case of match, the pairing process successfully completes, authorizing those two devices to communicate with each other through the Bluetooth ® link L3. In one or more embodiments, the steps 314-317 described below are implemented only if the pairing process is successfully completed. In case of failure of the pairing process, steps 310-312 have to be executed again before the challenge-response 313-317 is implemented.
[0090] In one or more embodiments, once the first pairing process has been successfully performed by using the initial pairing code PN stored in Step 300 in the secured peripheral device SPD, any next pairing process (next execution of the pairing process in steps 310-312) will be based on a pairing code randomly generated by the secured peripheral device SPD (e.g. in case that the electronic control device ECD has been lost or renewed, or if the user Ul deletes the pairing parameters from the electronic control device ECD or if there are too many unsuccessful pairing attempts).
[0091] The pairing process based on a random pairing code may be performed as follows. In one or more embodiments, the secured peripheral device SPD generates a random pairing code, inserts the random pairing code in a data file, stores the data file in the memory MEM on a default data partition 222 (see FIG. 2A) which is mounted by default and is accessible through the communication interface UBS1 or UBS2 upon connection of the secured peripheral device SPD to the electronic host device electronic host device EHD. The data stored in other data containers (for example in the data containers PI, P2, P3 (223)) of the memory MEM, outside this data partition 222, mounted by default are however not accessible at this stage. The content of the data file may then be viewed by the user Ul by connecting the secured peripheral device SPD to the electronic host device EHD and then the random pairing code is provided by the user Ul to the software application APP which sends (step 311) the received random pairing code to the secured peripheral device SPD for verification (step 312).
[0092] The embodiments with the pairing code randomly generated by the secured peripheral device SPD may also be used following the detection of a suspicious activity. In one or more embodiments, in case of suspicious activity, steps 310-312 have to be executed again before the challenge- response 313-317 is implemented.
[0093] In one or more embodiments, once the pairing process has been successfully performed, the communication between the software application and the secured peripheral device SPD is authorized and steps 313-317 are performed. If the pairing process is not successful, the steps 313-317 are not executed and a new pairing process has to be implemented by executing again steps 310-312.
[0094] In Step 313, a communication link L4 between the remote authentication server RAS and the software application APP of the electronic control device ECD is established. In one or more embodiments, the data sent through the communication link L4 are ciphered.
[0095] In Step 314, the communication between the software application and the secured peripheral device SPD is started and secured. In one or more embodiment, the software application APP sends a message M314 to the secured peripheral device SPD including a key encryption key KK to be used for ciphering encryption keys. In one or more embodiments, an asymmetric ciphering scheme is used (e.g. RSA, Rivest-Shamir-Adleman ciphering) and a pair of keys is generated by the software application APP, the pair of keys comprising a public key KKPUB and a private key KKPRI suitable for asymmetric ciphering. In one or more embodiments, the message M314 includes only the public key KK= KKPUB but not the private key KKPRI.
[0096] In Step 315, a challenge response authentication process between the secured peripheral device SPD and the remote authentication server RAS is implemented through the software application APP and the communication links L4 and L3. During the challenge response authentication process, the software application APP is configured to relay messages between the secured peripheral device SPD and the remote authentication server RAS. The challenge response authentication process may be implemented as described below by reference to FIG. 3C.
[0097] In Step 316, the software application APP receives from the remote authentication server
RAS a message M316 indicative of the success or failure of the challenge-response authentication process.
[0098] In one or more embodiments, in Step 317, in case of success, an information message is displayed on a user interface of the software application to inform a user that the pairing and authentication are successful. In one or more embodiments, in case of failure, an information message is displayed on a user interface of the software application APP to inform the user U1 that the secured peripheral device SPD seems to be corrupted and / or cannot be used.
[0099] In one or more embodiments, in case of failure of the challenge-response authentication process, the wireless communication link L3 with the secured peripheral device SPD is terminated by the software application APP, the key encryption key KK received in step 314 by the software application APP is deleted and the received pairing code is also deleted. This will prevent the software application APP communicating (e.g. for sending / receiving commands) with the secured peripheral device SPD and force the pairing process and challenge-response authentication process to be started again: Steps 310-317 will have to be executed again.
[00100] In one or more embodiments, the secured peripheral device SPD (e.g. at least one of the microcontrollers MCI, MC2) is configured to wait for a predetermined control message (e.g. M331, step 331, see FIG. 4A or M61 1, step 611, see FIG. 6A) from the software application APP through the wireless communication link L3 before starting providing access to one or more data container PI, P2, P3 and / or before starting receiving / sending data through the one or more communication interfaces USB1, USB2 and / or before performing a corresponding communication operation / data access operation as described herein. In one or more embodiments, the predetermined control message is received by the secured peripheral device SPD only after a success of the challenge-response authentication process and in case of failure of the challenge-response authentication process, the predetermined control message is not send in order to prevent any communication through the first multifunction communication interface USB1, USB2 of the secured peripheral device SPD. In one or more embodiments, the predetermined control message is sent by the software application APP only in response to an action of a user on a user interface of the software application APP to allow an access to data containers of the secured peripheral device SPD.
[00101] In one or more embodiments, the software application APP is configured to determine whether one or more additional conditions are met before sending one or more predetermined control message to trigger one or more communication operations and / or data access operations through the communication interfaces USB1, USB2 (e.g. through the communication links Ll, L2 - only if these one or more additional conditions are met. An additional condition may be that an explicit authorization is given by the user Ul of the electronic control device ECD on a user interface of the software application APP. An additional condition may be that the communication through the wireless communication link L3 with software application APP is operatively active (not interrupted, defective, deactivated or otherwise not operative). An additional condition may be that the secured peripheral device SPD is currently in the detection zone of the Wireless communication interface 244 of the electronic control device ECD. An additional condition may be that the secured peripheral device SPD is currently paired (the pairing process is successfully completed) through the Wireless communication interface 244 with the electronic control device ECD. An additional condition may be that the secured peripheral device SPD is not in the detection zone of the Wireless communication interface 244 of the electronic control device but has left this detection zone less than one hour, one day or any other predefined time period ago, assinning that this predefined time period have been configured by the user on the user interface of the software application APP during an operatively active connection with between the electronic control device ECD and the secured peripheral device SPD. Any logical combination of these example additional conditions may be used.
[00102] In one or more embodiments, if all the additional conditions are met, the software application APP executed on the electronic control device ECD may be configured to send to the secured peripheral device SPD a control message to trigger a communication operation / data access operation through the communication interfaces USB1, USB2 and / or an operation to access to one or more data containers. The control message may be sent in response to an action performed by the user Ul of the electronic control device ECD on a user interface of the software application APP.
[00103] In one or more embodiments, if one of the additional condition is not met the software application APP is configured to send a lock to the secured peripheral device SPD through the wireless communication link L3 and the microcontroller(s) MCI / MC2 is (are) configured to interrupt a pending communication operation or pending data access operation upon receipt of a lock command from the software application APP. The lock command may be sent in response to an action performed by the user U1 of the electronic control device ECD on a user interface of the software application APP.
[00104] In one or more embodiments, the microcontroller(s) MCI, MC2 is (are) configured to interrupt each pending operation (communication operation and / or data access operation) performed through the one or more communication interfaces USB1, USB2 after a time period upon detection of an interruption of the communication with the software application APP through the wireless communication link (L3). In one embodiment, the microcontroller(s) MC1, MC2 is (are) configured to receive, from the software application APP through the communication link L3, a configuration message that sets a duration for this time period.
[00105] FIG. 3C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD, an electronic control device ECD and a remote authentication server RAS according to any embodiment described herein.
[00106] FIG. 3C shows a method for implementing a challenge-response authentication process between a secured peripheral device SPD and a remote authentication server RAS in accordance with one or more embodiments. The challenge-response authentication process is used to control the integrity of at least one hardware component of the secured peripheral device SPD. In one or more embodiments, the challenge-response authentication process is implemented through the wireless communication link L3 and the software application APP of the electronic control device ECD.
[00107] In one or more embodiments, the challenge-response authentication process is based one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD and a device authentication key KA shared by the secured peripheral device SPD and the remote authentication server RAS.
[00108] In Step 320, the software application APP of the electronic control device ECD sends a message M320 to the secured peripheral device SPD to request one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD.
[00109] In Step 321, the secured peripheral device SPD sends a response message M321 to the message M320 received in step 320. The response message M321 includes one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD. For example, the response includes three identifiers SN1, SN2, SN3: a serial number SN1 of the microcontroller MCI, a serial number SN2 of the microcontroller MC2 and a serial number SN3 of the memory MEM of the secured peripheral device secured peripheral device SPD. [00110] In Step 322, the software application APP transmits the received identifiers SN1, SN2, SN3 to the remote authentication server RAS and obtains from the remote authentication server RAS a token TK. In one or more embodiments, the token TK is a digital key randomly generated by the remote authentication server RAS.
[00111] In Step 323, the software application APP sends to the secured peripheral device SPD a message M323. The message M323 includes the token received in step 322.
[00112] In Step 324, the secured peripheral device SPD generates a ciphered token TKc by ciphering the received token TK using the device authentication key KA as an encryption key.
[00113] In Step 325, the secured peripheral device SPD sends to the software application APP a message M325 including the ciphered token TKc generated in step 324.
[00114] In one or more embodiments, the secured peripheral device SPD generates in Step 325 one or more encryption keys KC1, KC2 for ciphering messages (data packets, control messages, response messages, etc.) to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3. In one or more embodiments, a symmetric ciphering scheme (e.g. AES ciphering, Advance Encryption Standard) is used. In one or more embodiments, a symmetric ciphering scheme with block ciphering operating mode is used (e.g. Galois/Counter Mode, GCM). In one or more embodiments, the message M325 of step 325 includes the one or more generated encryption keys KC1, KC2. When a GCM mode is used, an initialization vector I VI, IV2 is generated for each encryption key KC1, KC2 and is also included in the message M325 of step 325.
[00115] In one or more embodiments, each encryption key KC1, KC2 is ciphered using the public key KKPUB received from the software application APP before transmission of the encryption key KC1, KC2 to the software application APP and deciphered from the software application APP using the private key KKPRI corresponding to the public key KKPUB-
[00116] The secured peripheral device SPD and the software application can now communicate in a secure manner using ciphered messages. For example, all the messages / messages sent between the software application APP and the secured peripheral device SPD after the execution of step 325, including the steps 315-317 (see FIG. 3A) and all steps of the methods described by reference to FIGS. 3C, FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C, will be ciphered and deciphered using the one or more encryption keys KC1, KC2.
[00117] In a first variant, a single encryption key KC1 suitable for symmetric ciphering is generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3. The encryption key KC1 is intended to be used by the secured peripheral device SPD (respectively by the software application APP) to cipher messages to be transmitted via the wireless communication link L3 from the secured peripheral device SPD (respectively from the software application APP) to the software application APP (respectively to the secured peripheral device SPD) and to decipher ciphered messages received via the wireless communication link L3 by the secured peripheral device SPD (respectively by the software application APP) from the software application APP (respectively from the secured peripheral device SPD). If a GCM mode is used, an initialization vector IV1 is generated for the encryption key KC1.
[00118] In a second variant, two encryption keys KC1, KC2 suitable for symmetric ciphering are generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3. The first encryption key KC1 is intended to be used by the secured peripheral device SPD to cipher messages to be transmitted through the wireless communication link L3 from the secured peripheral device SPD to the software application APP through the wireless communication link L3 and to decipher ciphered messages received through the wireless communication link L3 by the secured peripheral device SPD from the software application APP. The second encryption key KC2 is intended to be used by the software application APP to cipher messages to be transmitted via the wireless communication link L3 from the software application APP to the secured peripheral device SPD and to decipher ciphered messages received via the wireless communication link L3 by the software application APP from the secured peripheral device SPD. When a GCM mode is used, an initialization vector I VI, IV2 is generated for each encryption key KC1, KC2.
[00119] In Step 326, the ciphered token received in step 325 is transmitted by the software application APP to the remote authentication server RAS. In one embodiment, however, the encryption keys KC1, KC2 and / or initialization vectors are not transmitted to the remote authentication server RAS but securely stored in the electronic control device ECD, for example in the secure storage tool SS. Any secure storage system may be used, for example a key storage system that is configured to provide access to the stored keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc.). In another embodiment, the encryption keys KC1, KC2 and / or initialization vectors are not stored and the Step 325 is executed every time the electronic control device ECD starts a communication with the secured peripheral device SPD.
[00120] In Step 327, the remote authentication server RAS decipher the ciphered token received in step 326. In one or more embodiments, the ciphering scheme is a symmetric ciphering scheme and the remote authentication server RAS deciphers the ciphered token using the shared device authentication key KA stored in association with the one or more identifiers received in step 322. The deciphered token is compared with the token sent in step 322. In case of equality, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a success of the challenge-response authentication process. If the deciphered token is different from the token sent in step 322, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a failure of the challenge-response authentication process.
[00121] FIG. 4A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein. The steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC1) through the communication link L3.
[00122] FIG. 4A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic host device EHD using an electronic control device ECD in accordance with one or more embodiments. The multifunction communication interfaces USB1, USB2 are assumed to be USB interfaces. The electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD.
[00123] In one or more embodiments, the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container Pl, P2, P3. In one or more embodiments, the method for providing access to a data container is' performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2.
[00124] In step 330, a user interface of the software application APP is presented to the user Ul. A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data container to be opened.
[00125] In one or more embodiments, the list of data containers is built by the secured peripheral device SPD and sent to the software application APP. The list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container. The identification may be a name, for example“private”,“company 1”,“company2”.
[00126] In one or more embodiments, the user Ul selects one or more data container. For example, it is assumed that the user Ul selects a first data container PI .
[00127] In step 331, the software application APP sends a control message M331 to the secured peripheral device SPD to request the opening of the selected first data container PI. The message M331 may include an identifier of the selected first data container PI. The message M331 may include a start address and an end address of the data container. The message M331 may include the encryption key KP1 associated with the data container PI. The identifier may be the name of the data container or a corresponding logical identifier allocated to the selected first data container Pl by the secured peripheral device secured peripheral device SPD. The message M331 is an example of a predetermined control message sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container Pl.
[00128] In one or more embodiments, when the selected first data container PI is ciphered, the software application APP provides in step 331 to the secured peripheral device SPD an associated encryption key KP1 to be used by the secured peripheral device SPD to decipher the selected first data container PI and / or the data files stored in the selected first data container PI. In one or more embodiments, the encryption key KP1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container Pl and retrieved by the software application APP. In one or more embodiments, the control message M331 includes the encryption key KP1.
[00129] In step 332, the secured peripheral device SPD checks whether the selected first data container Pl exists in the memory MEM of the secured peripheral device SPD and deciphers the identified data container Pl using the received encryption key KP1. If the selected first data container Pl does not exist, an error message is sent by the secured peripheral device SPD to the software application APP. In case wrong start and / or end addresses of the data container have been received by the secured peripheral device SPD, the secured peripheral device SPD will not be able to read / interpret the deciphered data of the data container due to deciphering errors. Once the data container has been deciphered, the secured peripheral device SPD extracts descriptive data of the content of the data container: file names, file sizes, folder names, etc. If the selected data container exists and no deciphering error is detected, step 333 is executed.
[00130] In step 333, the secured peripheral device SPD mounts a file system for the selected first data container Pl and sent descriptive data of the mounted file system to the electronic host device EHD through the communication link LI to provide access to the data files stored in the selected data container from the electronic host device EHD. In one or more embodiments, the descriptive data of content of the data container are sent to the software application APP through the communication link L3. In one or more embodiments, if the selected first data container Pl is ciphered, the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl before mounting the file system.
[00131] In step 334, in case of success of the mounting operation of step 333, the data container is now opened and may be accessed. For example, the data files stored in the selected first data contained may be viewed and accessed from the electronic host device EHD. Further, in case of failure of the mounting operation, an error message M334 is sent by the secured peripheral device SPD to the software application APP.
[00132] In one or more embodiments, a LED of the secured peripheral device SPD may be switched on to provide feedback to the user U1 regarding the success or failure of the opening of the data container. For example, in case of success of the opening a LED of the secured peripheral device SPD may be switch on to provide feedback to the user U1.
[00133] In step 335, in case of success of the mounting operation of step 333, a message M335 is sent by the secured peripheral device SPD to the software application APP to indicate that the selected first data container PI has been successfully mounted and may be accessed to from the electronic host device EHD and / or from the electronic control device ECD. In one or more embodiments, a list of data files stored in the selected first data container Pl is sent to the software application APP.
[00134] In step 336, upon receipt of the message M335, the software application APP displays an information message M336 to inform the user Ul of the success of the opening of the selected first data container Pl . The first data container Pl is now opened, i.e. the content of this data container may be accessed to. In one or more embodiments, a list of data files and / or file folders stored in the selected first data container Pl is displayed on a user interface of the software application APP.
[00135] In one or more embodiments, once a data container has been opened, the user interface of the software application APP is configured to allow the user Ul to trigger the execution of one or more operations on the opened first data container Pl and / or the content of the opened first data container Pl (i.e. on the data files and / or file folders stored in the opened first data container Pl). The triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc. The triggered operation may be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc. In one or more embodiments, a control message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the mounted file system according to a result of the specified operation and provides feedback to the software application APP. Feedback on the result of the specified operation may then be provided to the user Ul through a user interface of the software application APP. The feedback may include updated information on the content of the opened first data container Pl.
[00136] In one or more embodiments, once a data container has been opened, the user interface of the software application APP is configured to provide feedback to the user Ul on the operations performed on the mounted file system from the electronic host device EHD. For example, if data files are added to the opened data contained, the added data files are shown in the user interface of the software application APP.
[00137] Further examples of operations on a data container are described by reference to FIGS. 4B and 4C.
[00138] FIG. 4B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein. The steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
[00139] FIG. 4B shows a method for deleting one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments. The multifunction communication interfaces USB 1 is assumed to be USB interfaces. The electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.
[00140] In one or more embodiments, the method for deleting one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for deleting a data container is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container PI , P2, P3. In one or more embodiments, the method for deleting one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2.
[00141] In Step 340, a user interface of the software application APP is presented to the user Ul. A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data containers to be deleted. The user Ul performs an action on the user interface of the software application APP to request deletion of one or more selected data containers of the secured peripheral device secured peripheral device SPD. For example, the user Ul select a second data container P2.
[00142] In Step 341 , the software application APP is configured to display an information message to invite the user Ul to perform a back-up of the data stored in the selected data containers. The selected second data container P2 is assumed to be opened, for example according to the method for providing access to a data container described by reference to FIG. 4A. According to step 333 previously described by reference to FIG. 4A, a file system for the selected second data container P2 has been mounted to provide access to the data files stored in the selected second data container P2 from the electronic host device EHD.
[00143] In Step 342, the user Ul may perform a back-up of the data stored in the selected second data container P2, for example by copying all data files and / or file folders from the secured peripheral device SPD to the electronic host device EHD.
[00144] In Step 343, the software application APP is configured to display an information message to invite the user Ul to perform an action to confirm completion of the back-up.
[00145] In Step 344, upon receipt of the confirmation of the user Ul, the software application APP is configured to send a message M344 to the secured peripheral device SPD to request the deletion of the selected second data container P2.
[00146] In Step 345, the software application APP is configured to display an information message to inform the user Ul of that the deletion process is in progress.
[00147] In Step 346, upon receipt of the message M344, the secured peripheral device SPD is configured to unmount the file system mounted for the selected second data container P2 and to delete the selected second data container P2. The access to the selected second data container P2 is no more possible from the electronic host device EHD.
[00148] In Step 347, all associated data (e.g. partition table, file indexes, memory blocks and / or randomly written blocks, encryption keys, etc.) stored in the memory MEM of secured peripheral device SPD are deleted to avoid any further recovery.
[00149] In Step 348, the secured peripheral device SPD is configured to send a message M348 to inform the software application of the completion of the deletion. In one or more embodiments, the secured peripheral device SPD is configured to send to the software application APP the identifier(s) of the deleted data container(s). In one or more embodiments, the software application APP is configured to delete the encryption key KP2 associated with the deleted data container(s). In one or more embodiments, the software application APP is configured to display an information message to inform the user Ul of the completion of the deletion process.
[00150] FIG. 4C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein. The steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
[00151] FIG. 4C shows a method for creating one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments. The multifunction communication interfaces USB1 is assumed to be USB interfaces. The electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.
[00152] In one or more embodiments, the method for creating one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for creating a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container PI, P2, P3. In one or more embodiments, the method for creating one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC 1 , KC2 (see FIG. 3C).
[00153] In Step 350, the software application APP is configured to allow the user U1 to create one or more data container. A user interface of the software application APP may for example be presented to the user Ul. A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD may be presented to the user Ul . The user Ul performs an action on the user interface of the software application APP to request creation of one or more data containers in the secured peripheral device secured peripheral device SPD.
[00154] In Step 351, the software application APP is configured to receive input data from the user Ul specifying a new data container P3 to be created. The input data may include an identification (e.g. a name) and / or parameters (e.g. size of the container) of the data container P3 to be created.
[00155] In Step 352, the software application APP is configured to send a message M352 to the secured peripheral device SPD to request the creation of a new data container P3. The message M352 may include the identification and / or the parameters (e.g. address of the start and stop memory blocks) of the data container to be created.
[00156] In Step 353, upon receipt of the message M352, the secured peripheral device SPD is configured to create a new data container P3. In one or more embodiments, the new data container is created in accordance with the received identification and / or the parameters. In one or more embodiments, if the new data container P3 has to be ciphered, the secured peripheral device SPD is configured to generate an encryption key KP3 associated to the new data container P3. In one or more embodiments, the secured peripheral device SPD is configured to mount a file system for the new data container P3 and to send descriptive data of the mounted file system to the electronic host device EHD in order to provide access to the new data container P3 from the electronic host device EHD.
[00157] In Step 354, the secured peripheral device SPD is configured to send a message M354 to inform the software application APP of the completion of the creation of the new data container P3. In one or more embodiments, the secured peripheral device SPD is configured to send to the software application APP the encryption key KP3 associated to the new data container.
[00158] In Step 355, the software application APP is configured to inform the user Ul of the creation of the new data container P3. In one or more embodiments, the software application APP is configured to store the encryption key KP3 associated to the new data container P3. In one or more embodiments, the software application APP is configured to store the associated encryption key KP3 in the secure storage tool SS.
[00159] In one or more embodiments, the electronic host device EHD is connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD is connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD. A first communication protocol (e.g. USB protocol) is used for the communication through the first and second multifunction communication interfaces USB1, USB2). In one or more embodiments, a second communication protocol (e.g. SPI protocol), distinct from the first communication protocol, is used by the two microcontrollers MC1, MC2 of the secured peripheral device SPD to communicate with each other.
[00160] Data access operations may then be performed to copy one or more data files from the data storage peripheral device DPD to the electronic host device EHD or from the electronic host device EHD to the data storage peripheral device DPD through the two microcontrollers MC1, MC2.
[00161] In one or more embodiments, the architecture of secured peripheral device SPD prohibits direct transfers from USB female port to male USB port or vice versa. In one or more embodiments, a protocol break (e.g. a translation of protocol from the first communication protocol to the second communication protocol or vice-versa) is implemented by the two microcontrollers MCI, MC2 of the secured peripheral device SPD for processing commands and transmitting data from the data storage peripheral device DPD to the electronic host device EHD or, respectively, from the electronic host device EHD to the data storage peripheral device DPD.
[00162] In one or more embodiments, the protocol translation performed by the two microcontrollers MCI, MC2 does not alter the content of the initial message sent, but only convert the format of the initial message to another format complying with a second communication protocol. In one or more embodiments, the two microcontrollers MCI, MC2 are configured to apply the protocol conversion only to predefined USB messages that enable to implement data block copy through a USB connection. Thus a hardware barrier is implemented by the two microcontrollers MCI, MC2 preventing malicious messages / commands to be transmitted and processed by the data storage peripheral device DPD or the electronic host device EHD. In one or more embodiments, the transmitted data may additionally be filtered by the electronic host device EHD by means of an antivirus program before being sent to the secured peripheral device SPD or upon receipt from the secured peripheral device SPD.
[00163] In one or more embodiments, the data files stored in the data storage peripheral device DPD are accessible to the second microcontroller MC2 through a first file system. The second microcontroller MC2 is configured to transmit to the first microcontroller MCI the descriptive data of the first file system by means of the SPI protocol. The first microcontroller MCI is configured to generate on the basis of the descriptive data a second file system imaging the first file system and to provide to the electronic host device EHD access to the storage space and data files of the data storage peripheral device DPD through the second file system.
[00164] In one or more embodiments, the microcontrollers MCI and MC2 are configured to implement only read and write operations on memory blocks using the first and second file systems. Example embodiments will be presented below by reference to FIGS. 5A and 5B.
[00165] FIG. 5A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC1) through the communication link L3.
[00166] FIG. 5A shows a method for reading data stored on a data storage peripheral device DPD from an electronic host device EHD in accordance with one or more embodiments. The multifunction communication interfaces USB 1 , USB2 are assumed to be USB interfaces. The electronic host device EHD is assumed to be connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
[00167] The steps of the method for reading data stored on a data storage peripheral device are performed respectively by the software application APP of the electronic control device ECD and by the microcontrollers MC 1 and MC2 as indicated below. The steps are performed under control of the software application APP that communicate by means of messages with the microcontroller MCI through the communication link L3.
[00168] In one or more embodiments, the method for reading data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
[00169] Steps 360-365 may be performed for each reading operation. A reading operation may concern user data (e.g. one or more data files) to be read and transferred from the data storage peripheral device DPD to the electronic host device EHD.
[00170] In Step 360, the electronic host device EHD initiates the reading operation by sending a first USB message M360 including a reading command to the microcontroller MCI through the first multifunction communication interface USB 1 in accordance with the USB protocol. Parameters of the reading command may include an address of a buffer to which the user data have to be transferred and the identification of the documents to be read.
[00171] In Step 361, the microcontroller MC1 initiates a SPI communication with the microcontroller MC2. In the communication in accordance with the SPI protocol, a master/slave relationships is defined in which the microcontroller MC1 is the master and the microcontroller MC2 is the slave. The microcontroller MCI converts (protocol translation) the first USB message M360 into a SPI message M361 including the reading command and transmits the SPI message M361 to the microcontroller MC2.
[00172] In Step 362, the microcontroller MC2 receives the SPI message M361 and converts (protocol translation) the SPI message into a second USB message M362 including the reading command and transmits the second USB message M362 to the data storage peripheral device DPD.
[00173] In Step 363, the microcontroller MC2 sends a confirmation message M363 to the microcontroller MC1 to confirm the transmission of the second USB message M362.
[00174] In Step 364, the microcontroller MCI terminates the SPI communication with the microcontroller MC2.
[00175] In Step 365, the data storage peripheral device DPD executes the reading command and inserts the read user data into the specified buffer.
[00176] In Step 366, the data storage peripheral device DPD sends a first USB response message M366 to inform the microcontroller MC2 of the completion of the insertion of the read user data into the specified buffer.
[00177] In Step 367, the microcontroller MC2 initiates another SPI communication with the microcontroller MC 1. In accordance with the SPI protocol, the microcontroller MC2 is the master and the ' microcontroller MCI is the slave for this SPI communication. The microcontroller MC2 converts (protocol translation) the first USB response message M366 into a SPI response message M367 and. transmits the SPI response message M367 to the microcontroller MCI. The microcontroller MC2 terminates the SPI communication with the microcontroller MC1.
[00178] In Step 368, the microcontroller MCI converts (protocol translation) the SPI response message M367 into a second USB response message M368 and transmits the second USB response M368 message to the electronic host device EHD.
[00179] In Step 369, the electronic host device EHD accesses to the specified buffer and extract the read user data from the specified buffer.
[00180] FIG. 5B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC1) through the communication link L3. [00181] FIG. 5B shows a method for writing data from an electronic host device EHD to a data storage peripheral device DPD in accordance with one or more embodiments. The electronic host device EHD is assumed to be connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
[00182] In one or more embodiments, the method for writing data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
[00183] Steps 370-377 may be performed for each writing operation. A writing operation may concern user data (e.g. one or more data files) to be written and transferred from the electronic host device EHD to the data storage peripheral device DPD.
[00184] In Step 370, the electronic host device EHD initiates the writing operation by sending through the communication link L3 a first USB message M370 including a writing command to the microcontroller MCI through the first multifunction communication interface USB1 in accordance with the USB protocol. Parameters of the writing command may include an address of a buffer from which the user data have to be transferred and the identification of the documents to be written.
[00185] In Step 371, the microcontroller MCI initiates a SPI communication with the microcontroller MC2 in which the microcontroller MCI is the master and the microcontroller MC2 is the slave. The microcontroller MC1 converts (protocol translation) the first USB message M370 into a SPI message M371 including the writing command and transmits the SPI message M371 to the microcontroller MC2.
[00186] In Step 372, the microcontroller MC2 receives the SPI message M371 and converts (protocol translation) the writing ISP command into a second USB message M372 including the writing command and transmits the second USB message M372 to the data storage peripheral device DPD.
[00187] In Step 373, the data storage peripheral device DPD executes the writing command. The execution may include extracting the user data from the specified buffer to copy them in the internal memory of the data storage peripheral device DPD and then writing the user data to the permanent memory of the data storage peripheral device DPD.
[00188] In Step 374, the data storage peripheral device DPD sends a first USB response message M374 to inform the microcontroller MC2 of the completion of the transfer of the user data.
[00189] In Step 375, the microcontroller MC2 converts (protocol translation) the first USB response message M374 into a SPI response message M375 and transmits the SPI response message M375 to the microcontroller MCI. The microcontroller MC2 terminates the SPI communication with the microcontroller MC 1.
[00190] In Step 376, the microcontroller MC1 converts (protocol translation) the SPI response message M375 into a second USB response message M376 and transmits the second USB response message M376 to the electronic host device EHD.
[00191] In Step 377, the electronic host device EHD terminates the writing operation.
[00192] FIG. 6A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the microcontroller MCI through the communication link L3.
[00193] FIG. 6A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments. In one or more embodiments, the method for providing access to a data container is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C). The method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EFID and may be performed without using any electronic host device EHD.
[00194] In one or more embodiments, the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container(s) PI, P2, P3 to be accessed.
[00195] In step 610, a user interface of the software application APP is presented to the user Ul. A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data container to be opened and accessed.
[00196] In one or more embodiments, the list of data containers is built by the secured peripheral device SPD and sent to the software application APP. The list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container. The identification may be a name, for example“private”,“company 1”,“company2”.
[00197] In one or more embodiments, the user Ul selects one or more data container to be opened. For example, it is assumed that the user U1 selects a first data container Pl.
[00198] In step 611, the software application APP sends a control message M611 to the secured peripheral device SPD to request the opening of the selected first data container PI. The message M611 may include an identifier of the selected first data container PI. The control message M61 1 may include a start address and an end address of the data container. The control message M611 may include the encryption key KP1 associated with the data container PI. The control message M611 is an example of a predetermined control message to be sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container PI.
[00199] In one or more embodiments, when the selected first data container Pl is ciphered, the software application APP provides in step 611 to the secured peripheral device SPD an associated encryption key KP1 to be used by the secured peripheral device SPD to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl. In one or more embodiments, the encryption key KP1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container Pl and retrieved by the software application APP. In one or more embodiments, the control message M611 includes the encryption key KP1.
[00200] In step 612, the secured peripheral device SPD checks whether the selected first data container Pl exists in the memory MEM of the secured peripheral device SPD. If the selected first data container Pl does not exist, an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening operation.
[00201] In one or more embodiments, if the selected first data container Pl is ciphered, the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl. In case wrong start and / or end addresses of the data container have been received by the secured peripheral device SPD, the secured peripheral device SPD will not be able to read / interpret the deciphered data in the data container due to deciphering errors. In case of deciphering errors, an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening process. Otherwise, in case of success of the opening of the data container, a response message is sent in step 612 to the software application APP to indicate a success of the opening operation and step 613 is executed.
[00202] In one or more embodiments, a led of the secured peripheral device SPD may be switched on / off to provide feedback to the user U1 regarding the success or failure of the opening operation. For example, in case of success of opening operation, a led of the secured peripheral device SPD may be switched on to provide feedback to the user U1.
[00203] In step 613, the software application APP sends a control message to the secured peripheral device SPD to request descriptive data of the opened data container.
[00204] In step 614, the secured peripheral device SPD extracts from the deciphered data container descriptive data of the content of the data container: e.g. file names, file sizes, folder names, etc. The descriptive data of content of the data container are sent to the software application APP through the communication link L3.
[00205] In step 615, upon receipt of the descriptive data, the software application APP displays an information message to inform the user Ul of the success of the opening of the selected first data container PI . The first data container Pl is now opened, i.e. the content of this data container may be accessed to. In one or more embodiments, a list of data files and / or one or more file folders stored in the selected first data container Pl is displayed on a user interface of the software application APP. For example, a list of data files stored in the root folder of the data container is displayed.
[00206] In one or more embodiments, once a data container has been opened, the user interface of the software application APP is configured to allow the user Ul to trigger the execution of one or more operations on the opened first data container Pl and / or the content of the opened first data container Pl (i.e. on the data files and / or file folders stored in the opened first data container Pl). The triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc. The triggered operation may also be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc. A message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the deciphered data container according to a result of the specified operation and provides feedback to the software application APP. Feedback on the result of the specified operation may then be provided to the user Ul through a user interface of the software application APP. The feedback may include updated information on the content of the opened first data container Pl .
[00207] Further examples of operations performed on a data container are described by reference to FIG. 6B.
[00208] FIG. 6B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
[00209] FIG. 6B shows a method for performing an operation on one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments. In one or more embodiments, the method for performing an operation on one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C). The method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.
[00210] In one or more embodiments, the method for performing an operation on one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for performing an operation on one or more data containers is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container Pl, P2, P3 and the data container has been opened using for example the method steps 610-612 described by reference to FIG. 6 A.
[00211] In step 620, a user interface of the software application APP is presented to the user Ul. The content of one or more data containers in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to trigger one or more operations to perform on this content. The user Ul performs a predefined action on the user interface of the software application APP to trigger the execution of the one or more operations. For example, the operation is the opening of the folder of the data container, a change in the access rights (read / write rights) on one or more data files, a deletion of a data file, a deletion of a data folder, a copy of one or more selected data files, etc.
[00212] In step 621, the software application APP sends a control message M620 to trigger the execution of the one or more operations.
[00213] In step 622, the secured peripheral device SPD executes the one or more operations specified by the control message M620.
[00214] In step 623, the secured peripheral device SPD is configured to send a message to inform the software application APP of the completion of the one or more operations. In one or more embodiments, the user interface of the software application APP is updated to show the result of the one or more operations. For example, an updated list of data files stored in one or more folders of the data container is displayed.
[00215] The secured peripheral device SPD may be used as a self-powered peripheral device SPD that integrates all hardware and software modules to provide a standalone solution, compact and ergonomic to manage the interface between the electronic control device and the external data storage device. Thus, the electronic control device ECD (e.g. a smartphone, laptop, personal data assistant, or any portable device) itself is not impacted by the transfer of the data files which remain in the secured environment of the self-powered peripheral device used as an intermediate storage device.
[00216] The use of the electronic control device ECD to control the access operations (e.g. including viewing the data files, controlling the transfer of data files, managing the access rights to the data files, etc.) is advantageous from a user point of view because it is possible to present various, long and complex types of information on the electronic control device ECD. In one or more embodiments, the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more first control messages comprising first instructions for instructing the self-powered peripheral device SPD to access to a file system of the data storage peripheral device DPD. The first control messages are received after completion of the pairing process and / or the challenge- response authentication process. In response, the secured peripheral device SPD may provide, to the software application APP through the wireless communication link L3, a response message including descriptive data of the file system. In one or more embodiments, the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more second control messages comprising reading instructions for instructing the self-powered peripheral device SPD to perform a copy of one or more selected data files from the external data storage peripheral device DPD to the self-powered peripheral device SPD. In response, the secured peripheral device SPD may send, to the software application APP through the wireless communication link L3, at least one feedback message on the completion of the requested copy. Further details and embodiments are described below by reference to FIGS. 7A-7C.
[00217] The secured peripheral device SPD remains as easy to use as any USB dongle which is a major asset for users who need to share information quickly and in all circumstances. The control of operations by a smartphone is for example a common and user-friendly solution adapted to the daily use and private / professional practices of many users (e.g. banking management, smart objects management,).
[00218] FIG. 7A-7C represent a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and a data storage peripheral device DPD according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
[00219] FIG. 7A-7C shows a method for copying data stored on a data storage peripheral device DPD to a secured peripheral device SPD in accordance with one or more embodiments. The multifunction communication interfaces USB2 are assumed here to be USB interfaces. The data storage peripheral device DPD is assumed to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD. The secured peripheral device SPD being a secured peripheral device, the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.
[00220] In one or more embodiments, the method for copying data is performed only if the pairing process and / or the challenge response authentication process were successfully completed (see FIGS. 3B and 3C).
[00221] In one or more embodiments, the method for copying data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C). .
[00222] Referring to FIG. 7A, in Step 710, the secured peripheral device SPD detects the data storage peripheral device DPD and reads the file system of the data storage peripheral device DPD as master device.
[00223] In Step 711, the secured peripheral device SPD sends a message to the software application APP to inform the software application APP of the detection performed in step 710. In Step 712, the software application APP informs the user U1 that a data storage peripheral device DPD is connected. In Step 713, the software application APP is configured to provide a user interface to allow the user U1 to authorize access to the data storage peripheral device DPD. Once authorization has been received from the user Ul, the file system of the data storage peripheral device DPD can be mounted.
[00224] In Step 714, the software application APP sends a control message M714 to the secured peripheral device SPD. The control message M714 comprises instructions for instructing the secured peripheral device SPD to access to a file system of the external data storage electronic device DPD, e.g. to request the mounting of the file system of the data storage peripheral device DPD. The secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD upon receipt the control message M714.
[00225] In Step 715, upon receipt of the control message M714, the secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD. The file system of the data storage peripheral device DPD is mounted by the secured peripheral device SPD.
[00226] In Step 716, the software application APP sends a message to the secured peripheral device SPD to request the status of the mounting operation. In Step 717, once the mounting is completed, the secured peripheral device SPD sends a response message to indicate that the mounting is successful.
[00227] In Step 718, the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the file system (e.g. of its content, including descriptive data one or more data files and / or file folders) of the data storage peripheral device DPD. In Step 719, the secured peripheral device SPD sends a response message including descriptive data of the file system (e.g. of the content, including descriptive data of one or more data files and / or file folders) of the data storage peripheral device DPD, e.g. the content of a current folder (e.g. the root folder) of the data storage peripheral device DPD.
[00228] In Step 720, the software application APP provides a user interface showing the content of the data storage peripheral device DPD, e.g. a list of one or more data files and / or one or more data folders. Steps 730-736 may be executed after step 720: see FIG. 7B. [00229] Referring to FIG. 7B, in Step 730, the software application APP is configured to allow the user Ul to navigate in the file system of the data storage peripheral device DPD, e. g. to change the current folder.
[00230] In Step 731, the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the content of the current folder. In Step 732, the secured peripheral device SPD gets the descriptive data of the content of the current folder from the data storage peripheral device DPD using the mounted file system. In Step 733, the secured peripheral device SPD sends a response message including the requested descriptive data.
[00231] In Step 734, the software application APP displays a user interface showing the content of the current folder, e.g. a list of one or more data files stored in the current folder. After the execution of step 734, Steps 730-734 may be repeated. In Step 735, the software application APP displays a user interface to allow the user Ul to select one or more data files to be copied to the secured peripheral device SPD. One or more data files are selected.
[00232] In Step 736, the software application APP stores in a memory an identification of the data files selected in step 735. After the execution of step 736, Steps 730-736 may be repeated to select other or further data files. Steps 740-747 may be executed after step 736: see FIG. 7C.
[00233] Referring to FIG. 7C, in Step 740, the software application APP displays a user interface to allow the user Ul to request the transfer of the selected data files to a destination folder of a destination data container of the secured peripheral device SPD. The software application APP receives a user input to trigger the transfer. In one or more embodiments, only an opened data container may be selected as a destination data container. The data container may be opened using for example the method steps 610- 612 described by reference to FIG. 6A.
[00234] In Step 741, the software application APP displays a user interface to allow the user Ul to specify a destination data container of the secured peripheral device SPD. In Step 742, the software application APP receives user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD. In Step 743, the software application APP checks whether the selected data files already exist in the destination data container and / or destination folder, and in case of a positive answer the software application APP displays a user interface to allow the user Ul to decide whether to proceed or not. The software application APP receives user input to cancel or confirm the copy of the selected data files and proceeds accordingly. In case of confirmation, steps 744 is executed, otherwise steps 730-734 or 735-736 may be repeated.
[00235] In Step 744, the software application APP sends to the secured peripheral device SPD a control message M744 to trigger the copy of the selected data files in the destination data container and / or destination folder. The control message M744 comprises reading instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files from the external data storage electronic device DPD to a data container of the secured peripheral device SPD. When the data container is ciphered, the control message M744 comprises the encryption key KP1, KP2, KP3 associated with the destination data container PI, P2, P3 to which the copied data have to be stored.
[00236] In Step 745, the secured peripheral device SPD performs the requested copy of the selected data files and stores them in the destination data container and / or destination folder. In Step 746, the secured peripheral device SPD sends to the software application APP at least one feedback message on the completion of the requested copy, for example to confirm the completion of the copy.
[00237] In Step 747, the software application APP may display an information message to inform the user of the completion of the copy. After the execution of step 747, steps 730-734 or 735-736 may be repeated.
[00238] The method described by reference to FIGS. 7A-7C may be transposed to the copy of one or more data files from a data container of the secured peripheral device SPD to the data storage electronic device DPD. The first microcontroller MCI may be programmed by means of firmware instructions to perform the described steps. The first microcontroller MCI may access to a data container Pl, P2, P3 of the secured peripheral device SPD and provide, to the software application APP through the wireless communication link L3, descriptive data of the content of the data container (see for example steps 620- 621 described above). The first microcontroller MCI may then receive, from the software application APP through the wireless communication link L3, a control message comprising writing instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files of the data container of the secured peripheral device SPD to the external data storage electronic device DPD, perform the requested copy to the external data storage electronic device DPD and provide, to the software application APP through the wireless communication link L3, feedback on the completion of the requested copy to the external data storage electronic device DPD (see for example steps 744-747 described above). The software application APP may display a user interface to allow the user U1 to specify a source data container of the secured peripheral device SPD and receive user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD.
[00239] Each described function, engine, block of the block diagrams and flowchart illustrations may be implemented in hardware, software, firmware, middleware, microcode, or any suitable combination thereof. If implemented in software, the functions, engines, blocks of the block diagrams and/or flowchart illustrations can be implemented by computer program instructions or software code, which may be stored or transmitted over a computer-readable medium, or loaded onto a general purpose computer, special purpose computer or other programmable data processing apparatus to produce a machine, such that the computer program instructions or software code which execute on the computer or other programmable data processing apparatus, create the means for implementing the functions described herein.
[00240] Embodiments of computer-readable media includes, but are not limited to, both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. Specifically, software instructions or computer readable program code to perform embodiments described herein may be stored, temporarily or permanently, in whole or in part, on a non-transitory computer readable medium of a local or remote storage device including one or more storage media.
[00241] As used herein, a computer storage medium may be any physical media that can be read, written or more generally accessed by a computer. Examples of computer storage media include, but are not limited to, a flash drive or other flash memory devices (e.g. memory keys, memory sticks, key drive), CD-ROM or other optical storage, DVD, magnetic disk storage or other magnetic storage devices, solid state memory, memory chip, RAM, ROM, EEPROM, smart cards, a relational database management system (RDBMS), a traditional database, or any other suitable medium from that can be used to carry or store program code in the form of instructions or data structures which can be read by a computer processor. Also, various forms of computer-readable medium may be used to transmit or carry instructions to a computer, including a router, gateway, server, or other transmission device, wired (coaxial cable, fiber, twisted pair, DSL cable) or wireless (infrared, radio, cellular, microwave). The instructions may include code from any computer-programming language, including, but not limited to, assembly, C, C++, Basic, SQL, MySQL, HTML, PHP, Python, Java, Javascript, etc.

Claims

1. A self-powered peripheral device (SPD), comprising:
a first communication interface (USB2) configured to be connected to an external data storage peripheral device (DPD);
a second communication interface (BT1) configured to establish a bi-directional communication with a software application (APP) executed by an electronic control device (ECD) through a wireless communication link (L3) and to implement a pairing process between the self- powered peripheral device (SPD) and the electronic control device (ECD) through the wireless communication link (L3);
at least one first microcontroller (MC1) programmed by means of firmware instructions to receive (714), from the software application (APP) through the wireless communication link (L3), at least one first control message comprising first instructions for instructing said self-powered peripheral device (SPD) to access to a file system of said external data storage peripheral device (DPD), wherein said at least one first message is received after completion of the pairing process;
access (715) to said file system upon receipt of said at least one first control message; provide (719), to the software application (APP) through said wireless communication link (L3), descriptive data of said file system through the wireless communication link (L3); receive (744), from the software application (APP) through said wireless communication link (L3), at least one second control message comprising reading instructions for instructing said self-powered peripheral device (SPD) to perform a copy of one or more selected data files from the external data storage peripheral device (DPD) to the self-powered peripheral device (SPD);
perform (745) said copy to the self-powered peripheral device (SPD); and send (746), to the software application (APP) through said wireless communication link (L3), at least one feedback message on the completion of said copy.
2. The self-powered peripheral device (SPD) according to claim 1, further comprising a memory for storing one or more user data containers, wherein the reading instructions comprise an identification of a user data container selected among said one or more user data containers, and wherein the said first memory blocks are written to the selected user data container.
3. The self-powered peripheral device (SPD) according to claim 2, wherein said selected user data container is a ciphered container, wherein the reading instructions comprises an encryption key, wherein said at least one first microcontroller (MC 1 ) is configured to
decipher the ciphered container using the extracted encryption key; cipher the decipher container using the encryption key after the completion of said copy operations.
4. The self-powered peripheral device (SPD) according to claim 3, wherein said at least one first microcontroller (MC1) comprises a volatile memory for storing the extracted encryption key and wherein said at least one first microcontroller (MC1) is configured to
receive, from the software application (APP) through the wireless communication link (L3), a lock message;
cipher the decipher container using the encryption key upon receipt of said lock message ; erase the encryption key from the volatile memory.
5. The self-powered peripheral device (SPD) according to any of the preceding claims, wherein said at least one first microcontroller (MC1) is programmed by means of firmware instructions to access to a user data container of the self-powered peripheral device (SPD);
provide, to the software application (APP) through said wireless communication link (L3), descriptive data of the content of said user data container;
receive, from the software application (APP) through said wireless communication link (L3), at least one third control message comprising writing instructions for instructing said self-powered peripheral device (SPD) to perform a copy of one or more selected data files of said user data container from the self-powered peripheral device (SPD) to the external data storage peripheral device (DPD);
perform said copy to the external data storage peripheral device (DPD),
provide, to the software application (APP) through said wireless communication link (L3), feedback on the completion of said copy to the external data storage peripheral device (DPD).
6. The self-powered peripheral device (SPD) according to any of the preceding claims,
wherein the software application (APP) is configured to communicate with a remote authentication server (RAS);
wherein said at least one first microcontroller (MC1) is configured to implement, through the wireless communication link (L3) and the software application (APP), a challenge-response authentication process with the remote authentication server (RAS)
wherein said at least one first control message is received by said at least one first microcontroller (MC1) only after completion and success of the challenge-response authentication process.
7. The self-powered peripheral device (SPD) according to claim 6,
wherein the challenge-response authentication process is used to control the integrity of at least one hardware component of the self-powered peripheral device (SPD); and wherein the challenge-response authentication process is based on at least one identifier (SN) identifying said at least one hardware component and a device authentication key (KA) shared by the self-powered peripheral device (SPD) and the remote authentication server (RAS).
8. The self-powered peripheral device according to any of claims 6 to 7, further comprising a bootloader comprising the device authentication key (KA).
9. The self-powered peripheral device according to any of claims 6 to 8, wherein the challenge- response authentication process implemented by said at least one first microcontroller (MC1) comprises
transmitting, to the software application (APP) through said wireless communication link (L3), at least one identifier identifying at least one hardware component of self-powered peripheral device (SPD);
receiving, from the software application (APP) through said wireless communication link (L3), a token (TK);
generating a ciphered token (TKc) from said token using said device authentication key (KA); transmitting the ciphered token to the software application (APP) through said wireless communication link (L3).
10. The self-powered peripheral device according to claim 9, wherein said at least one first microcontroller (MCI) is further configured to:
receive a public key from the software application (APP) through the wireless communication link (L3);
generate one or more encryption keys (KC1, KC2);
ciphering said one or more encryption keys (KC1, KC2) using said public key to generate one or more encrypted keys;
transmit said one or more encrypted keys together with the ciphered token to the software application (APP) through the wireless communication link (L3);
wherein said at least one first and second control messages are ciphered messages ciphered by the software application (APP) using a first encryption key from said one or more encryption keys (KC1, KC2).
11. The self-powered peripheral device (SPD) according to claim 10, wherein said at least one first microcontroller (MCI) is further configured to cipher said feedback message using a second encryption key among said one or more encryption keys.
12. An electronic control device (ECD), comprising:
a wireless communication interface (BT1) configured to implement through a wireless communication link (L3) a pairing process between a self-powered peripheral device (SPD) and the electronic control device (ECD), wherein the self-powered peripheral device (SPD) comprises a first communication interface (USB2) configured to be connected to an external data storage peripheral device (DPD);
at least one processor configured to execute a software application (APP), wherein the software application (APP) is configured to
communicate with the self-powered peripheral device (SPD) through the wireless communication link (L3);
send, to the self-powered peripheral device (SPD) through the wireless communication link (L3), at least one first control message comprising first instructions for instructing the self-powered peripheral device (SPD) to access to a file system of said external data storage peripheral device (DPD), wherein said at least one first control message is received after completion of the pairing process;
receive, from the self-powered peripheral device (SPD) through said wireless communication link (L3), descriptive data of said file system through the wireless communication link (L3);
send, to the self-powered peripheral device (SPD) through said wireless communication link (L3), at least one second control message comprising reading instructions for instructing the self-powered peripheral device (SPD) to perform a copy one or more selected data files from the external data storage peripheral device (DPD) to the self- powered peripheral device (SPD);
receive, from the self-powered peripheral device (SPD) through said wireless communication link (L3), at least one feedback message on the completion of said copy.
13. The electronic control device (ECD) according to claim 11 , wherein the software application (APP) is further configured to send said at least one first control message in response to an action of a user on a user interface of the software application (APP) to allow said self-powered peripheral device (SPD) to access to said external data storage peripheral device (DPD).
14. The electronic control device (ECD) according to claim 11 or 12, wherein the software application (APP) is further configured to
establish a communication with a remote authentication server (RAS) through a second communication link (L4);
implement a challenge-response authentication process between the self-powered peripheral device (SPD) and the remote authentication server (RAS), wherein the software application (APP) is used as a communication relay between the self-powered peripheral device (SPD) and the remote authentication server (RAS) for the implementation of the challenge-response authentication process;
receive from the remote authentication server (RAS) an information representative of a success or failure of the challenge-response authentication process;
send, in case of success of the challenge-response authentication process, said at least one first control message to the self-powered peripheral device (SPD).
15. The electronic control device (ECD) according to claim 13, wherein the challenge-response authentication process is based on at least one identifier (SN) identifying said at least one hardware component and a device authentication key (KA) shared by the self-powered peripheral device (SPD) and the remote authentication server (RAS), wherein the challenge-response authentication process implemented by the software application (APP) comprises:
receiving through said wireless communication link (L3) from the self-powered peripheral device (SPD) said at least one identifier (SN);
sending through said wireless communication link (L3) said at least one identifier to the remote authentication server (RAS).
receiving through said wireless communication link (L3) a token from the remote authentication server (RAS);
sending through said wireless communication link (L3) the token to the self-powered peripheral device (SPD);
receiving through said wireless communication link (L3) a ciphered token from the self- powered peripheral device (SPD), wherein the ciphered token is generated by ciphering the token using the device authentication key (KA) stored by the self-powered peripheral device (SPD); sending through said wireless communication link (L3) the ciphered token to the remote authentication server (RAS);
wherein the challenge-response authentication process is successful if the token is identical to a deciphered token generated by deciphering the ciphered token using the device authentication key (KA).
16, The electronic control device (ECD) according to claim 14, wherein the software application (APP) is further configured to:
generate a couple of encryption keys, the couple of encryption keys comprising a private key and a public key;
send the public key to the self-powered peripheral device (SPD) through the wireless communication link (L3);
receive together with the ciphered token one or more encrypted keys;
decipher said at least one or more encrypted keys using the private key to generate one or more encryption keys (KC1, KC2);
cipher said at least one first and second message before transmission through the wireless communication link (L3) to the self-powered peripheral device (SPD) using a first encryption key (KC1) among said one or more encryption keys (KC1, KC2).
17. A method for controlling access to an external data storage peripheral device (DPD) connected through a first communication interface (USB2) to a self-powered peripheral device (SPD), wherein the method is intended to be executed by the self-powered peripheral device (SPD) and comprises: establishing a communication through a wireless communication link (L3) with a software application (APP) executed by an electronic control device (ECD);
implementing a pairing process between the self-powered peripheral device (SPD) and the electronic control device (ECD) through the wireless communication link (L3);
receiving, from the software application (APP) through the wireless communication link (L3), at least one first message comprising first instructions for instructing the self-powered peripheral device (SPD) to access to a file system of said external data storage peripheral device (DPD), wherein the predetermined control messages are received after completion of the pairing process;
accessing to said file system upon receipt of said at least one first message;
providing, to the software application (APP) through said wireless communication link (L3), descriptive data of said file system through the wireless communication link (L3);
receiving, from the software application (APP) through said wireless communication link (L3), at least one second message comprising reading instructions for instructing self-powered peripheral device (SPD) to perform a copy of one or more selected data files from the external data . storage peripheral device (DPD) to the self-powered peripheral device (SPD);
performing said copy to the self-powered peripheral device (SPD) ; and
sending, to the software application (APP) through said wireless communication link (L3), a feedback message on the completion of said copy of one or more selected data files.
18. A method according to claim 16, wherein the software application (APP) is configured to communicate with a remote authentication server (RAS), the method further comprising:
implementing, through the wireless communication link (L3) and the software application (APP), a challenge-response authentication process with the remote authentication server (RAS); wherein said trigger message is received only after completion and success of the challenge- response authentication process.
19. A method for controlling access to an external data storage peripheral device (DPD) connected through a first communication interface (USB2) to a self-powered peripheral device (SPD), wherein the method is intended to be performed by a software application (APP) executed by an electronic control device (ECD), the method comprising:
establishing a communication with a self-powered peripheral device (SPD) through a wireless communication link (L3);
implementing through said wireless communication link (L3) a pairing process between the self-powered peripheral device (SPD) and the electronic control device (ECD); sending, to the self-powered peripheral device through the wireless communication link (L3), at least one first message comprising first instructions for instructing the self-powered peripheral device to access to a file system of said external data storage peripheral device (DPD), wherein the predetermined control messages are received after completion of the pairing process;
receiving, from the se}f-powered peripheral device through said wireless communication link (L3), descriptive data of said file system through the wireless communication link (L3);
sending, to the self-powered peripheral device through said wireless communication link (L3), at least one second message comprising reading instructions for instructing the self-powered peripheral device (MCI) to perform a copy one or more selected data files from the external data storage peripheral device (DPD) to the self-powered peripheral device;
receiving, from the self-powered peripheral device through said wireless communication link (L3), at least one feedback message on the completion of said copy.
20. A method according to claim 19, further comprising:
establishing a communication with a remote authentication server (RAS) through a second communication link (L4);
implementing a challenge-response authentication process between the self-powered peripheral device (SPD) and the remote authentication server (RAS), wherein the software application (APP) is used as a communication relay between the self-powered peripheral device (SPD) and the remote authentication server (RAS) for the implementation of the challenge-response authentication process;
receiving from the remote authentication server (RAS) an information representative of a success or failure of the challenge-response authentication process;
sending, in case of success of the challenge-response authentication process, to the self- powered peripheral device (SPD) said predetermined message.
PCT/IB2017/001785 2017-12-29 2017-12-29 Method for controlling access to a data storage peripheral device WO2019130041A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2017/001785 WO2019130041A1 (en) 2017-12-29 2017-12-29 Method for controlling access to a data storage peripheral device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2017/001785 WO2019130041A1 (en) 2017-12-29 2017-12-29 Method for controlling access to a data storage peripheral device

Publications (1)

Publication Number Publication Date
WO2019130041A1 true WO2019130041A1 (en) 2019-07-04

Family

ID=62778945

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2017/001785 WO2019130041A1 (en) 2017-12-29 2017-12-29 Method for controlling access to a data storage peripheral device

Country Status (1)

Country Link
WO (1) WO2019130041A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114385525A (en) * 2021-12-08 2022-04-22 航天信息股份有限公司 Method and system for concurrently accessing USB (universal serial bus) equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206631A1 (en) 2005-03-09 2006-09-14 Chin-Chen Kuo Data duplication method and system used between USB devices
US20100248775A1 (en) 2007-07-09 2010-09-30 Mikkelsen Jeffrey E Mobile phone capable of accessing external storage devices
US20140337558A1 (en) * 2011-05-31 2014-11-13 Architecture Technology Corporation Mediating communication of a universal serial bus device
US20150013021A1 (en) * 2011-11-10 2015-01-08 Christopher Bernard Johnson Mobile Device Peripherals Management System and Multi-Data Stream Technology (MdS)
US20160028713A1 (en) * 2014-07-22 2016-01-28 Beautiful Enterprise Co., Ltd. Universal Serial Bus (USB) Flash Drive Security System And Method
US20170063805A1 (en) * 2015-08-28 2017-03-02 Ncr Corporation Method for transferring a file via a mobile device and mobile device for performing same
US20170149771A1 (en) * 2015-11-25 2017-05-25 Microsoft Technology Licensing, Llc. Automated device discovery of pairing-eligible devices for authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206631A1 (en) 2005-03-09 2006-09-14 Chin-Chen Kuo Data duplication method and system used between USB devices
US20100248775A1 (en) 2007-07-09 2010-09-30 Mikkelsen Jeffrey E Mobile phone capable of accessing external storage devices
US20140337558A1 (en) * 2011-05-31 2014-11-13 Architecture Technology Corporation Mediating communication of a universal serial bus device
US20150013021A1 (en) * 2011-11-10 2015-01-08 Christopher Bernard Johnson Mobile Device Peripherals Management System and Multi-Data Stream Technology (MdS)
US20160028713A1 (en) * 2014-07-22 2016-01-28 Beautiful Enterprise Co., Ltd. Universal Serial Bus (USB) Flash Drive Security System And Method
US20170063805A1 (en) * 2015-08-28 2017-03-02 Ncr Corporation Method for transferring a file via a mobile device and mobile device for performing same
US20170149771A1 (en) * 2015-11-25 2017-05-25 Microsoft Technology Licensing, Llc. Automated device discovery of pairing-eligible devices for authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114385525A (en) * 2021-12-08 2022-04-22 航天信息股份有限公司 Method and system for concurrently accessing USB (universal serial bus) equipment

Similar Documents

Publication Publication Date Title
JP5852265B2 (en) COMPUTER DEVICE, COMPUTER PROGRAM, AND ACCESS Permission Judgment Method
WO2019130042A1 (en) Integrity control of a secured peripheral device
CN100587677C (en) Data processing device and data processing method
TW202232353A (en) Secure storage pass-through device
JP2019220230A (en) Data processing method and data processing device
WO2017156417A1 (en) Systems and methods for data encryption and decryption
TW201407378A (en) Efficient data transfer for cloud storage by centralized management of access tokens
KR101971225B1 (en) Data transmission security system of cloud service and a providing method thereof
TWI424321B (en) Cloud storage system and method
US9515997B1 (en) Inline data encryption
WO2017166362A1 (en) Esim number writing method, security system, esim number server, and terminal
KR102553145B1 (en) A secure element for processing and authenticating a digital key and operation metho thereof
JP5799399B1 (en) Virtual communication system
JP5676145B2 (en) Storage medium, information processing apparatus, and computer program
US20210367780A1 (en) Adapter apparatus and processing method
WO2019130041A1 (en) Method for controlling access to a data storage peripheral device
US20110307708A1 (en) Enabling access to removable hard disk drives
US20200076598A1 (en) Secure Data Management
WO2017137481A1 (en) A removable security device and a method to prevent unauthorized exploitation and control access to files
US10140431B2 (en) File management system and user terminal in file management system
WO2019130040A1 (en) Secured access to a data storage peripheral device from an electronic host device
JP6778033B2 (en) Take-out file simple encryption system and take-out file simple encryption program
US20220216987A1 (en) Device and method for managing shared digital key
JP6162611B2 (en) Communication control server, communication control method, and program
Amarante et al. Exploring USB connection vulnerabilities on Android devices breaches using the Android debug bridge

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17889528

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17889528

Country of ref document: EP

Kind code of ref document: A1