`
`.
`
`9
`/
`fat
`
`j2bh 9wo Fb}
`
`_.
`PATENT
`a ——2)
`Imation Corp.
`
`Docket No
`=P PO Box 64898
`
`
`
`10179US01
`——— «
`St. Paul, Minnesota 55164-0898
`
`
`
`651/704-5516
`~~ =.
`2 SS?
`———
`Transmittal of Patent Application - Rule 1.53(b)
`
`
`
`
`
`—
`Assistant Commissioner for Patents
`=>S= a
`
`
`
`Box: Patent Application
`
`
`Washington, D.C. 20231
`
`
`
`Inventor(s):
`
`Title:
`
`
`
`
`
`
`
`
`
`
`
`Jeffrey A. Morgan, C. Thomas Jennings, Larold L. Olson, Luiz S.
`Pires, and Daniel P. Stubbs
`
`
`
`
`COMPUTING ENVIRONMENT HAVING SECURE STORAGE DEVICE
`
`
`
`
`
`Enclosed is the above-mentioned new patent application.
`
`
`
`
`
`
`Informal drawings.
`
`—] Enclosed is an executed declaration or oath.
`
`
`
`
`
`
`
`EX] Enclosed are an application assignmentto Imation Corp. and a completed
`
`
`
`
`
`
`
`
`
`
`Assignment Recordation Cover Sheet.
`
`
`
`(0 Enclosedis
`
`
`
`
`
`
`
`
`
`
`The fee for filing the application is computed as follows:
`
`It includes 5 sheets of
`
`
`
`
`
`(1)
`For
`
`
`
`
`
`Claims “s Filed
`Numa. Extra
`
`
`
`(4)
`Rate
`
`A
`iat
`
`5 =
`=
`a
`> =s
`= =
`=s
`(MN
`12/
`
`jc675Us.09/46
`
`
`
`
`
`Total amount due >
`
`
`
`
`
`
`
`|
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Please charge to Deposit Account 09-0069 any fees under 37 CFR 1.16 and 1.17
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`which maybe required to file and during the entire pendencyofthis application. This
`
`
`
`
`
`
`
`
`
`
`
`
`
`authorization includes the fee for any extension of time under 37 CFR 1.136(a) that
`
`
`
`
`
`
`
`
`
`
`
`
`may be necessary. To the extent any such extension should become necessary it is
`
`
`
`
`
`
`
`
`hereby requested. A duplicate for fee processing is enclosed.
`
`
`
`
`Enclosed is a return receipt postcard
`Telephone Number
`Registration Number
`
`
`651/704-3604
`
`
`
`
`
`Print Name
`
`Eric D. Levinson
`
`
`
`
`
`
`Certificate of Express Mailing
`
`
`
`
`
`
`
`
`
`
`
`
`
`Pursuant to 37 CFR 1.10 | certify that this application is being deposited on the date
`
`
`
`
`
`
`
`
`
`
`
`
`indicated below with the United States Postal Service “Express Mail Post Office to
`
`
`
`
`
`
`
`
`
`Addressee” service addressed to: Assistant Commissioner for Patents, Washington, D.C.
`20231.
`
`
`
`Express Mail Mailing Label No. ‘GnatureofPayof Perso Mal plication
`
`
`
`
`
`
`
`EL328557004US
`Decembe, IiS, 19 i
`‘
`stor —, Daccy
`
`Date of Deposit
`,
`Printed Nameof Person Mailing Application
`
`
`gq a
`
`
`
`
`
`Form gq \e\nipcirmstApp Trans-1-a5 Original dot Rev 12/01/97
`>if
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 1 of 170
`
`Unified Patents Exhibit 1003
`
`
`(8)
`Number Filed
`Basic Fee
`
`$760.
`
`
`-20 =
`Total
`Claims
`
`
`Independent
`Claims
`Additional fee forfiling one or more multiple dependent claims
`
`
`
`
`
`
`
`
`
`
`Page 1 of 170
`
`Unified Patents Exhibit 1003
`
`
`
`
`
`
`PATENT DOCKETNO.10179US01
`
`
`
`
`
`
`COMPUTING ENVIRONMENT HAVING SECURE STORAGE DEVICE
`
`
`Technical Field
`
`This invention relates generally to the field of data storage devices, and more
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`particularly to a computer that automatically operates in a full-access data storage
`
`
`
`
`
`
`
`
`
`
`
`mode when the computer senses the use of a secure storage device.
`
`10
`
`Background
`
`
`
`
`
`
`
`
`
`
`There are many challenges to creating a highly secure computing environment
`
`
`
`
`
`
`
`including preventing eavesdroppers from accessing private communications,
`
`
`
`
`
`
`
`
`
`
`
`
`preventing vandals from tampering with information while in transit from sender to
`
`
`
`
`
`
`
`
`
`
`receiver, authenticating users logging into a network, verifying a network serveris
`
`15
`
`
`
`
`
`
`
`
`
`
`
`
`indeed the serverit professes to be and safeguarding confidential documents from
`
`
`unauthorized individuals.
`
`
`
`
`
`
`
`
`
`
`
`Oneof the greatest challenges, however, is preventing the authorized user
`
`
`
`
`
`
`
`
`
`
`
`from using sensitive data in an unauthorized manner. For example, with
`
`conventional security measuresit is very difficult to prevent an authorized user from
`
`
`
`
`
`
`
`
`
`
`
`
`
`20
`
`
`
`
`
`
`
`
`
`
`
`appropriating sensitive data by simply copying the sensitive data to a removable
`
`
`
`
`
`
`
`
`
`
`
`
`
`storage device such as floppy diskette. For these reasons, and for other reasons
`
`stated below which will become apparent to those skilled in the art upon reading and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`understanding the present specification, there is a need in the art for an improved
`
`mechanism for preventing the appropriation of sensitive data.
`
`
`
`
`
`
`
`
`25
`
`Summary
`
`
`
`
`
`
`
`
`
`
`According to the invention, the above-mentioned problemsare addressed by
`
`
`
`
`
`
`
`
`
`
`
`a secure computing environment in which a computer automatically operates in a
`
`
`
`
`
`
`
`
`
`
`
`
`
`secure “full-access” data storage mode when the computerdetects the presence of a
`
`
`
`
`
`Page 2 of 170
`
`
`
`Page 2 of 170
`
`
`
`
`
`secure removable storage device. If the computer senses 2 non-secure removable
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`storage device then the computer automatically operates in a ”restricted-access”
`
`mode.
`
`
`
`
`
`
`
`
`
`
`In the secure full-access mode, storage management software uses a
`
`cryptographic key to encrypt and decrypt the data stream between the computer and
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the removable storage device. Depending upontheselected security level, the
`
`cryptographic key is generated by a combination of the following: (1) device-specific
`
`
`
`
`
`
`
`
`
`
`
`information derived of the removable storage device, (2) manufacturing information
`
`
`
`
`
`
`
`
`
`
`that has been etched onto the storage device, (3) drive-specific information, such as
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`
`
`
`
`
`
`
`
`
`
`drive calibration parameters, retrieved from the storage drive, and (4) user-specific
`
`information such as a password or biometric information such as input received from
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a fingerprint scan orretina scan.
`
`
`
`
`
`
`
`
`
`
`
`
`In addition, the present invention facilitates the use of a secure storage device
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`as a secure “access card” by whichthe user gains accessto sensitive data of the
`
`15
`
`
`
`
`
`
`
`
`
`
`
`
`organization. Morespecifically, the user is permitted to access sensitive data stored
`
`on other local storage devices, or on remote computers within the organization, only
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`whenthe computeris operatingin full-access data storage mode.
`
`
`
`
`
`
`
`
`
`
`In the restricted-access mode, however, the computer operates the storage
`
`drive as a read-only drive such that the user can read data from the removable
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`20
`
`storage device but cannot write data to the drive. Alternatively, the user can access
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`only non-sensitive data within the organization and maybe allowed to write the non-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`sensitive data to the removable storage device in an unencrypted format.
`
`
`
`
`
`Brief Description of the Drawings
`
`25
`
`
`
`
`
`
`
`
`
`
`
`
`Figure 1 is a block diagram of a computer that automatically operates in a
`
`
`
`
`
`
`
`
`
`
`secure data storage mode whena secure storage deviceis detected;
`
`
`
`
`
`
`
`
`
`
`
`
`
`Figure 2 is a flow chart illustrating one embodiment of a method by which a
`
`
`
`
`
`
`
`
`
`
`
`software application executing on the computer of Figure 1 determines whether to
`
`configure the computer to operate in full-access mode on restricted-access mode;
`
`
`
`
`
`
`
`
`
`
`
`Page 3 of 170
`
`
`
`
`
`
`
`
`
`Page 3 of 170
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Figures 3A and 3Billustrate one embodiment in which the storage device of
`
`
`
`
`
`
`
`
`
`
`Figure 1 is an LS-120 SuperDisk™ diskette from Imation Corporation; and
`
`Figure4 illustrates a layout for storing data on a disc-shaped magnetic
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`medium within the Imation SuperDisk.
`
`
`Detailed Description
`
`
`
`
`
`
`
`
`
`
`
`The following sections describe in detail how the present invention addresses
`
`
`
`
`
`
`
`
`
`
`
`the problemsoutlined above. In the following detailed description, references are
`
`
`
`
`
`
`
`
`
`
`
`
`madeto the accompanying drawings thatillustrate specific embodiments in which the
`
`10
`
`
`
`
`invention may be practiced.
`
`
`
`System Level Overview
`
`
`
`
`
`
`
`
`
`
`Figure 1 illustrates a block diagram of a computer 100 that automatically
`
`
`
`
`
`
`
`
`
`
`
`
`
`Operates in a secure data storage mode when the computer 100 senses that storage
`
`15
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device 151 is a secure storage device. As shownin Figure 1, the computer 100
`includes a processor 112 that in one embodiment belongs to the PENTIUM® family
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`of microprocessors manufactured by the Intel Corporation of Santa Clara, California.
`
`
`
`
`
`
`
`
`
`
`
`
`However, it should be understood that the invention can be implemented on
`computers based upon other microprocessors, such as the MIPS® family of
`
`
`
`
`
`
`
`
`
`
`microprocessorsfrom the Silicon Graphics Corporation, the POWERPC®family of
`
`
`
`
`
`
`
`
`
`
`20
`
`
`
`
`
`
`
`
`
`
`
`microprocessors from both the Motorola Corporation and the IBM Corporation, the
`PRECISION ARCHITECTURE”family of microprocessors from the Hewlett-
`
`
`
`
`
`
`
`Packard Company, the SPARC®family of microprocessors from the Sun
`
`
`
`
`
`
`
`
`
`Microsystems Corporation, or the ALPHA® family of microprocessorsfrom the
`
`
`
`
`
`
`
`
`
`
`25
`
`Compaq Computer Corporation. Computer 100 represents any server, personal
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`computer, laptop or even a battery-powered, pocket-sized, mobile computer known
`
`
`
`as a hand-held PC.
`
`
`
`
`
`
`
`
`
`
`Computer 100 includes system memory 113 (including read only memory
`
`
`
`
`
`
`
`
`
`
`
`
`
`(ROM) 114 and random access memory (RAM) 115), which is connected to the
`
`
`
`
`Page 4 of 170
`
`
`
`Page 4 of 170
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`processor 112 by a system data/address bus 116. ROM 114 represents any device
`
`that is primarily read-only including electrically erasable programmable read-only
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`memory (EEPROM),flash memory, etc. RAM 115 represents any random access
`
`
`
`
`
`
`
`
`memory such as Synchronous Dynamic Random Access Memory.
`
`Within the computer 100, input/output bus 118 is connected to the data/address
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`bus 116 via bus controller 119.
`
`
`
`
`
`
`input/output bus 118 is
`
`
`
`
`
`In one embodiment,
`
`
`
`
`
`
`
`
`
`
`
`
`implemented as a standard Peripheral Component Interconnect (PCI) bus. The bus
`
`controller 119 examines all signals from the processor 112 to route the signals to the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`appropriate bus. Signals between the processor 112 and the system memory 113 are
`
`10
`
`merely passed through the bus controller 119. However, signals from the processor 112
`
`
`
`
`
`
`
`
`
`
`
`
`
`intended for devices other than system memory 113 are routed onto the input/output bus
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`118. Video display 124 or other kind of display is connected to the input/output bus
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`118 via a video adapter 125.
`
`Various storage drives are connected to the input/output bus 118 including hard
`
`
`
`
`
`
`
`
`
`
`
`
`15
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`disk drive 120 and one or more removable media drives 12] that are used to access one
`
`
`
`
`
`
`
`
`
`
`or more removable storage devices 151. Each storage device 151 represents a
`
`
`
`
`
`
`
`
`
`
`
`
`removable device having a storage medium for holding digital information such as a
`
`
`
`
`
`
`
`
`
`floppy diskette, a magneto-optical storage device, an optical disk, a SuperDisk™
`
`diskette, a Zip™disk, a Jazz™disk, a tape cartridge, etc. Each removable media drive
`
`
`
`
`
`
`
`
`
`
`
`
`20
`
`
`
`
`
`
`
`
`
`
`
`
`121 represents a device suitable for servicing access requests for storage device 151
`
`
`
`
`
`
`
`
`
`
`such as a floppy drive, a magneto-optical drive, a CD-ROM drive, a SuperDisk™drive,
`
`
`
`
`
`
`
`
`
`
`
`a removable-cartridge drive such as a Zip™drive, or even a tape drive.
`
`
`
`
`
`
`
`
`
`
`
`
`
`A user enters commands and information into the computer 100 by using a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`keyboard 40 and/or pointing device, such as a mouse 42, which are connected to bus
`
`25
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`118 via input/output ports 128. Other types of pointing devices (not shown in Figure 1)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`include track pads, track bails, joy sticks, data gloves, head trackers, and other devices
`
`
`
`
`
`
`
`
`
`suitable for positioning a cursor on the video display 124.
`
`
`
`
`
`
`
`
`
`
`
`
`
`Software applications 136 and data are typically stored via one of the storage
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`devices, which mayinclude the hard disk 120 or storage devices 151, and are copied to
`
`Page 5 of 170
`
`
`
`Page 5 of 170
`
`
`
`RAM 115 for execution.
`
`
`
`
`
`
`In one embodiment, however, software applications 136 are
`
`
`
`
`
`
`
`
`stored in ROM 114 andare copied to RAM 115 for execution or are executed directly
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`from ROM 114.
`In general, the operating system 135 executes software applications 136 and
`
`
`
`
`
`
`
`
`
`
`
`carries out instructions issued by the user. For example, when the user wants to load
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a software application 136, the operating system 135 interprets the instruction and
`
`
`
`
`
`
`
`
`
`
`
`causes the processor 112 to load software application 136 into RAM 115 from either
`
`
`
`
`
`
`
`
`
`
`
`
`
`the hard disk 120 or a storage device 151. Once software application 136 is loaded into
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`it can be used by the processor 112. In case of large software
`the RAM 115,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`applications 136, processor 112 loads various portions of program modules into RAM
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`
`
`115 as needed.
`
`The Basic Input/Output System (BIOS) 117 for the computer 100 is stored in
`
`
`
`
`
`
`
`
`
`
`
`
`
`ROM 114 andis loaded into RAM 115 upon booting. Those skilled in the art will
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`recognize that
`the BIOS 117 is a set of basic executable routines that have
`conventionally helped to transfer information between the computing resources within
`
`
`
`
`
`
`
`
`
`
`15
`
`the computer 100. Operating system 135 or other software applications 136 use these
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`low-level service routines.
`In one embodiment, computer 100 includesa registry (not shown) whichis a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`system database that holds configuration information for computer 100. For
`example, Windows® 95 and Windows” NT by Microsoft maintain the registry in two
`
`
`
`
`
`
`
`
`
`
`
`
`
`20
`
`
`
`
`
`
`
`
`
`
`hidden files, called USER.DAT and SYSTEM.DAT,located on a permanent storage
`
`device such as an internal disk.
`
`
`
`
`
`
`Accordingto the invention, computer 100 automatically operatesin a full-
`
`
`
`
`
`
`
`
`
`
`access data storage mode only when the computer 100 detects a secure removable
`
`
`
`
`
`
`
`
`
`
`
`
`25
`
`storage device 151 present within any one of the removable media drives 121. In the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`secure full-access mode, storage management software uses a cryptographic key to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`encrypt and decrypt the data stream between the computer and the removable
`storage device. Depending uponthe selected security level, the cryptographic key is
`
`
`
`
`
`
`
`
`
`
`
`
`generated by combining one or more ofthe following:
`
`
`
`
`
`
`
`
`
`
`
`(1) device-specific security
`
`
`
`
`
`
`
`Page6 of 170
`
`Page 6 of 170
`
`
`
`information derived from the unique formatinformation of the removable storage
`
`
`
`
`
`
`
`
`
`
`device, (2) manufacturing information that has been etched onto the storage device,
`
`
`
`
`
`
`
`
`
`
`
`
`(3) drive-specific information, such as drive calibration parameters, retrieved from
`
`
`
`
`
`
`
`
`
`the storage drive, and (4) user-specific information such as a password or biometric
`
`
`
`
`
`
`
`
`
`
`
`
`information.
`
`In order to automatically detect whether a storage device 151 is a secure
`
`
`
`
`
`
`
`
`
`
`
`device, computer 100 determines whether device-specific security information was
`
`
`
`
`
`
`
`
`written to storage device 151. In one embodiment, the device-specific security
`
`
`
`
`
`
`
`
`
`
`
`informationis a function of the low-level format information and, therefore, uniquely
`
`
`
`
`
`
`
`
`
`
`
`10
`
`identifies the underlying media of storage device 151. For example, in one
`
`
`
`
`
`
`
`
`
`
`
`
`embodimentthe device-specific security information is a hash of the addresses of the
`
`
`
`
`
`
`
`
`
`
`
`bad sectors for storage device 151. Becauseit is a function of the physical
`
`
`
`
`
`
`
`
`
`
`
`
`characteristics of the actual storage medium within storage device 151, the format
`
`
`
`
`
`
`
`
`
`
`
`
`information is inherently unique to each storage device 151. In other words, the
`
`
`
`
`
`
`
`
`
`
`
`
`
`15
`
`addresses of the bad sectors change from device to device.
`
`
`
`
`
`
`
`
`
`
`The device-specific security information can be combined with other security
`
`
`
`
`
`
`
`
`
`
`informationin order to increase the level of security of computer 100. For example,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`in another embodiment, the device specific security information can be combined
`
`
`
`
`
`
`
`
`
`
`
`with information that was etched into the storage device 151 via a laser during
`
`
`
`
`
`
`
`
`
`
`
`
`
`20
`
`manufacturing. In yet another embodiment, drive-specific information, such as
`
`
`
`
`
`
`
`
`
`internal calibration parameters, for one or more of the removable media drives 12]
`
`
`
`
`
`
`
`
`
`
`
`
`
`can be used to generate the key. As described below, computer 100 automatically
`
`
`
`
`
`
`
`
`
`
`
`
`operates in a full-access data storage mode upon detecting the device-specific
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`security information on storage device 151. If the device-specific security
`
`25
`
`information is not detected, then computer 100 operates in a restricted access data
`
`
`
`
`
`
`
`
`
`
`
`
`
`storage mode.
`
`
`
`
`
`
`
`
`Methodsof an Exemplary Embodiment of the Invention
`
`In the previoussection, a system level overview of various embodiments of
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page7 of 170
`
`Page 7 of 170
`
`
`
`
`
`
`
`the invention was described. In this section, the particular methods performed by the
`
`
`
`
`
`
`
`
`
`
`
`
`exemplary embodiments are described by reference to a flowchart. The methodsto
`
`
`
`
`
`
`
`
`
`
`be performed by the embodiments constitute computer programs madeup of
`
`
`
`
`
`
`
`
`
`
`
`computer-executable instructions.
`
`Figure 2 is a flow chart illustrating method 200illustrating in more detail how
`
`
`
`
`
`
`
`
`
`
`
`
`computer 100 detects the device-specific security information on storage device 151
`
`
`
`
`
`
`
`
`
`and automatically operates in a full-access data storage mode. Method 200is
`
`
`
`
`
`
`
`
`
`
`
`described in reference to one or more software applications 136 executing on
`
`
`
`
`
`
`
`
`
`
`
`computer 100, referred to hereafter as the storage manager. The storage manager
`
`
`
`
`
`
`
`
`
`
`
`may comprise one or more software applications, device drivers, dynamically-linked
`
`
`
`
`
`
`
`
`library (DLL) oranysuitable combination thereof that managesthe data storage
`
`
`
`
`
`
`
`
`
`
`
`devices of computer 100, including removable media drive 121 andinternal hard disk
`
`
`
`
`
`
`
`
`
`
`
`
`120.
`In one embodiment, the storage manager performs method 200 anytime a
`
`
`
`
`
`
`
`
`
`
`
`
`
`status changeis detected for storage device 151, such as when storage device 15] is
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`15
`
`inserted into removable media drive 121. In another embodiment, the storage
`
`
`
`
`
`
`
`
`
`
`
`manager performs method 200at the request of a user.
`
`
`
`
`
`
`
`
`Method 200is described in reference to a high secure environment in which a
`
`
`
`
`
`
`
`
`
`
`
`
`cryptographic key is generated by combiningall of the following: (1) device-specific
`
`
`
`
`
`
`
`
`
`
`
`information ofthe removable storage device, (2) manufacturing information that has
`
`
`
`
`
`
`
`
`
`
`
`20
`
`been etched onto the storage device, (3) drive-specific information, such as drive
`
`
`
`
`
`
`
`
`
`
`
`
`calibration parameters, retrieved from the storage drive, and (4) user-specific
`
`
`
`
`
`
`
`
`
`information such as a password or biometric information.
`In other embodiments,
`
`
`
`
`
`
`
`
`
`however, variouslevels of security can be achieved by generating the key from a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`subset of the aboveinputs.
`In block 204,the storage manager detects whether storage device 151 is a
`
`
`
`
`
`
`
`
`
`
`
`
`
`25
`
`“secure” removable device by attempting to read any device-specific security
`
`
`
`
`
`
`
`
`
`information from storage device 151. In one embodiment, the device-specific
`
`
`
`
`
`
`
`
`
`security information is a function of the low-level format information and,therefore,
`
`
`
`
`
`
`
`
`
`
`
`uniquely identifies the underlying media of storage device 151. The storage manager
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 8 of 170
`
`Page 8 of 170
`
`
`
`proceeds to block 206 whenit successfully detects and reads device-specific security
`
`
`
`
`
`
`
`
`
`
`information. If the device-specific security informationis not successfully read, then
`
`
`
`
`
`
`
`
`
`the storage manager proceeds to block 216 and operates computer 100 ina
`
`
`
`
`
`
`
`
`
`
`
`
`restricted-access data storage mode asdescribed in detail below.
`
`
`
`
`
`
`
`
`In block 206, the storage managerretrieves drive-specific security
`
`
`
`
`
`
`
`
`information that is specific to removable media drive 121 such asa serial number or
`
`
`
`
`
`
`
`
`
`
`
`
`
`calibration parameters, from a non-volatile memory within removable media drive
`
`
`
`
`
`
`
`121. Typical calibration parametersthat are suitable for generating the cryptographic
`
`
`
`
`
`
`
`
`
`key includes configuration parameters for read and write circuitry internal to
`
`
`
`
`
`
`
`
`
`
`removable media drive 121, tracking parameters, read channelboost, frequency
`
`
`
`
`
`
`
`
`
`cutoff values, read threshold values, alignment values, optical alignment correction
`
`
`
`
`
`
`
`
`parameters and analogto digital conversion calibrations. Because these calibration
`
`
`
`
`
`
`
`
`parametersare uniqueto each drive, they are well suited for generating a
`
`
`
`
`
`
`
`
`
`
`
`
`cryptographic key thatis drive-specific. In one embodiment, the drive-specific
`
`
`
`
`
`
`
`
`
`information is a hash of the above parametersandis stored in non-volatile memory
`
`
`
`
`
`
`
`
`
`
`
`
`within removable media drive 121. If the storage manageris unableto retrieve the
`
`
`
`
`
`
`
`
`
`
`
`
`
`drive-specific information, the storage manager proceedsto block 216 and operates
`
`
`
`
`
`
`
`
`
`
`computer 100 in a restricted-access data storage mode.
`
`
`
`
`
`
`In block 208, the storage managerretrieves user-specific security information
`
`
`
`
`
`
`
`
`
`from the computeruser by, for example, prompting the user for a password, or
`20
`
`
`
`
`
`
`
`
`
`
`
`
`performingaretina orfingerprint scan. If for some reason the storage manager is
`
`
`
`
`
`
`
`
`
`
`
`
`unable to retrieve the user-specific information from the current user, then the
`
`
`
`
`
`
`
`
`
`
`
`
`storage managerproceeds to block 216 and operates computer 100in a restricted-
`
`
`
`
`
`
`
`
`
`
`15
`
`
`
`
`
`
`
`
`5
`
`10
`
`25
`
`access data storage mode.
`
`
`
`In block 210, the storage manager retrieves manufacturing information that
`
`
`
`
`
`
`
`
`
`was physically etched on storage device 151 during the manufacturing process. For
`
`
`
`
`
`
`
`
`
`
`example, in one embodimenta laser etches a uniqueserial number, run numberor a
`
`
`
`
`
`
`
`
`
`
`
`
`date stamp on the storage device during manufacturing.
`In another embodiment,
`
`
`
`
`
`
`
`
`
`
`however, storage device 151 contains a computerchip for electronically storing a
`
`
`
`
`
`
`
`
`
`
`
`Page 9 of 170
`
`Page 9 of 170
`
`
`
`
`
`uniqueidentifier. If the storage manageris unable to read the manufacturing-specific
`
`
`
`
`
`
`
`
`
`
`
`security information, then the storage manager proceeds to block 216 and operates
`
`
`
`
`
`
`
`
`
`
`
`
`computer 100 in a restricted-access data storage mode.
`
`
`
`
`
`
`In block 212,the storage manager generates a cryptographic key by
`
`
`
`
`
`
`
`
`
`combining the information, or a portion thereof, that was retrieved in blocks 206
`
`
`
`
`
`
`
`
`
`
`
`through 210. For example, by using the device-specific information retrieved in
`
`
`
`
`
`
`
`
`
`block 206 and the manufacturing information retrieved in block 210, a highly-secure
`
`
`
`
`
`
`
`
`
`
`device-specific cryptographic key can be generated suchthat the data stored on
`
`
`
`
`
`
`
`
`
`
`
`storage device 151 is unreadable if copied to other removable media. Similarly, by
`
`
`
`
`
`
`
`
`
`
`
`incorporating the drive-specific information and the user-specific information in the
`
`
`
`
`
`
`
`
`
`generation ofthe key, a highly secure computing system is achieved in which data
`
`
`
`
`
`
`
`
`
`
`
`
`can only be stored on the original storage device from the original storage drive by
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`the authorized user.
`
`
`In one embodiment, in order to generate the cryptographickey, the storage
`
`
`
`
`
`
`
`
`
`
`
`
`
`manager combines, such as by concatenating,all or variousportions ofthe
`
`
`
`
`
`
`
`
`information that wasretrieved in blocks 206 through 210 and submits the result to a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`conventional cryptographic hashing algorithm. For example, the drive-specific
`
`
`
`
`
`
`
`information, the manufacturing information, the user information and the storage
`
`
`
`
`
`
`
`
`
`device-specific information can be combinedand used as input to the cryptographic
`
`
`
`
`
`
`
`
`
`
`
`algorithm. All data written to or read from storage device 151 is encrypted and
`
`
`
`
`
`
`
`
`
`
`
`
`
`decrypted, respectively, via the cryptographic key, thereby providing a very high
`
`
`
`
`
`
`
`
`
`level of security. Thus, in order to access the data on storage device 151, storage
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`device 151 must be anoriginal, secure storage device and mustbe inserted by the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`15
`
`20
`
`original user into storage device 151 that was originally used to write the data. If
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`portionsofall of these inputs are used, then the data on storage device 151,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`25
`
`therefore, cannot be accessed via any other drive, either on computer 100 or any
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`other computeror via any other user.
`
`Method 200 has been described including blocks 204 through 216. In one
`
`
`
`
`
`
`
`
`
`
`
`
`embodiment, the storage manager repeats blocks 204 through 216 when a status
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 10 of 170
`
`Page 10 of 170
`
`
`
`
`
`
`
`
`changeis detected for storage device 151, such as when storage device 151 is
`
`
`
`
`
`
`
`
`
`
`
`
`
`removed from removable media drive 121 and a new storage device 151 is inserted.
`
`
`
`
`
`
`
`
`
`
`
`
`Asdescribed above, upon the completion of method 200, computer 100 operates in a
`
`
`
`
`
`
`
`
`
`
`
`
`
`full-access mode ora restricted-access mode as determined by whether the storage
`
`
`
`
`
`
`
`
`
`
`managercan successfully retrieve security information from storage device 151,
`
`
`
`
`
`
`
`
`removable mediadrive 121, and the user. Thefollowing sections describe the full-
`
`
`
`
`
`
`
`
`
`
`
`
`
`access and restricted-access operating modes.
`
`
`
`
`
`10
`
`Full-Access and Limited-Access Data Storage Modes ofOperation
`
`
`
`
`
`
`
`When computer 100 is operatingin a full-access mode, all data read from
`
`
`
`
`
`
`
`
`
`
`
`storage device 151 is decrypted according to the key generated by the above process.
`
`
`
`
`
`
`
`
`
`
`
`
`Similarly, all data written to storage device 151 is encrypted using the key. This
`
`
`
`
`
`
`
`
`
`
`
`
`
`ensures that any data written to a removable storage device 151 is safely encrypted
`
`
`
`
`
`
`
`
`
`
`
`
`and cannotbe duplicated.
`
`
`
`In addition, in full-access mode, computer 100 allowsthe user to accesslocal
`
`
`
`
`
`
`
`
`
`
`
`
`
`15
`
`area network 51 and remote computer 49. In this manner, the present invention
`
`
`
`
`
`
`
`
`
`
`
`allows storage device 151 to be used as an “access card” by which the user gains
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`access to sensitive data of the organization. In addition, data stored on other storage
`
`
`
`
`
`
`
`devices, such as internal hard disk 120, tape cartridges, read/write optical discs, etc.,
`
`
`
`
`
`
`
`
`
`
`
`
`
`20
`
`may actually be encrypted using the unique key generated from the unique format
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`information of key disk 151.
`In this fashion, a user must have a secure storage
`
`device 151 in orderto access the data stored on these devices. In this manner, an
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`organization can require thatall authorized users have a secure storage device 151 in
`
`
`
`
`
`
`
`
`
`
`
`
`order to access data stored within the organization and to store data on any
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`25
`
`removable media. This data, if copied to another removable media, would be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`unreadable according to the present invention.
`
`
`
`
`
`
`
`
`
`
`Forultra-secure environments, a cryptographic key can be generated from a
`
`combination of the unique format informationof a plurality of storage media. For
`
`
`
`
`
`
`
`
`
`
`
`
`example, in one embodiment, data stored on storage device 151 and hard disk 120
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`Page 11 of 170
`
`Page 11 of 170
`
`
`
`
`
`
`
`
`may be encrypted using a key derived from the unique formatinformation ofstorage
`
`
`
`
`
`
`
`
`
`
`device 151 and from the unique formatinformationof hard disk 120. A
`
`
`
`
`
`
`
`
`
`
`
`
`cryptographic key is generated by applying one or more cryptographic algorithms to
`
`
`
`
`
`
`
`
`
`
`
`the combination. Because the key is generated from unique information from both
`
`
`
`
`
`
`
`
`
`
`
`storage device 151 and hard disk 120, the user must have storage device 151 in order
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`to access any data stored on hard disk 120.
`
`
`
`
`
`
`
`
`In restricted-access mode, the storage manager configures removable-media
`
`
`
`
`
`
`
`drive 121 as a read-only drive such that the user can read data from the removable
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`storage device but cannot write data to the drive. In addition, the user is prevented
`
`
`
`
`
`
`
`
`
`
`
`
`
`from accessing non-sensitive data within the organization. For high-security
`
`
`
`
`
`
`
`
`
`environments, the storage manager prevents both read and write access to storage
`
`
`
`
`
`
`
`
`
`
`
`
`device 151 when computer 100 is operating in restricted-access mode.
`
`
`
`
`
`
`
`
`
`In one embodiment, computer 100 is configured to operate in restricted-
`
`
`
`
`
`
`
`
`
`
`access mode upon power-up until removable storage device 151 is verified as secure.
`
`
`
`
`
`
`
`
`
`
`
`Here, removable media drives 121 default to read-only operation until otherwise
`
`
`
`
`
`
`
`
`
`
`configured via the storage manager. Assuch, the present invention provides a secure
`
`
`
`
`
`
`
`
`
`
`
`computing environment even whentheuser tries to bootdirectly from oneof the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`removable storage devices 151. During boot process, the storage manager attempts
`to verify that at least one ofthe storage devices 151 contain device-specific security
`
`
`
`
`
`
`
`
`
`
`
`
`
`information as described above. The storage manager operates computer 100in
`
`
`
`
`
`
`
`
`
`
`
`restricted-access mode by default until the storage manager has successfully
`
`
`
`
`
`
`
`
`
`
`initialized and verified storage devices 151. Upon verification, the storage manager
`
`
`
`
`
`
`
`
`
`
`configures computer 100 to operate in a full-access data storage modeandinstructs
`
`
`
`
`
`
`
`
`
`
`
`removable media drives 121 to allow write access to storage devices 151. Onreset,
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`15
`
`20
`
`25
`
`power-up, or even upon removal of one of the storage devices 151, removable media
`
`
`
`
`
`
`
`
`
`
`
`
`
`drives 121 automatically return to the restricted-access mode. In addition, the
`
`
`
`
`
`
`
`
`
`
`storage manager can detect whenthe user seeksto install a new removable media
`
`
`
`
`
`
`
`
`
`
`
`
`
`drive to the system and mayinhibit the drive from being accessed.
`
`
`
`
`
`
`
`
`
`
`
`
`11
`
`Page 12 of 170
`
`Page 12 of 170
`
`
`
`An Exemplary Secure Storage Device
`
`
`
`
`Figures 3A and 3Billustrate one embodiment of storage device 151 and how
`
`