`US006012145A
`
`
`
`
`p15
`6,012,145
`(1) Patent Number:
`United States Patent
`
`
`
`
`
`
`
`
`
`
`
`Mathersetal.
`[45] Date of Patent:
`*Jan. 4, 2000
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[54] SECURITY SYSTEM FOR HARD DISK 5,282,247=1/1994 McLean et al. we censeeee 380/4
`
`
`
`
`
`
`
`....
`12/1994 Parzych etal.
`« 395/725
`DRIVE
`5,375,243
`
`
`
`
`
`
`
`7/1996 Bensimonet abl.
`ceseenseees 380/4
`5,533,125
`vc
`
`
`
`
`
`
`
`
`
`
`
`
`
`7/1996 Larvoire et al.
`...
`.. 395/800
`5,535,409
`
`
`
`
`
`
`8/1996 Fosteret al... 395/650
`5,551,033
`
`
`
`
`
`
`
`Inventors: Stewart Mathers, Ayr; Alec Donald
`Stewart, Fife, both of United Kingdom
`
`
`
`
`
`
`
`
`[75]
`
`
`
`
`
`FOREIGN PATENT DOCUMENTS
`
`
`
`
`
`[73] Assignee: Calluna Technology Limited,
`
`
`
`
`Edinburgh, United Kingdom
`
`
`
`
`
`0 428 528 B1==5/1991 European Pat. Off. .
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[*] Notice:
`This patent issued on a continued pros-
`9 432 333
`European Pat. OM.
`6/1991
`.
`
`
`
`
`
`
`
`
`
`
`
`
`
`ecution application filed under 37 CFR
`90 OU771
`1/1990 WIPO .
`
`
`
`
`
`
`
`
`
`1.53(d), and is subject to the twenty year
`94/11969
`5/1994 WIPO .
`
`
`
`
`
`
`
`
`term provisions of 35 U.S.C.
`patent
`
`
`
`
`
`
`
`154(a)(2).
`08/640,919
`1640,
`
`
`Nov. 14, 1994
`
`
`
`
`
`21] Appl. No.:
`
`
`21
`pple
`
`[22]
`PCYFiled:
`
`
`
`
`
`
`
`
`
`OTHER PUBLICATIONS
`Electronics Ioternational—vol. 55, No. 3, Feb. 1982, New
`
`
`
`
`
`
`
`York, US, pp. 121-125.
`
`
`
`
`
`
`
`
`
`
`[86] PCT No.:
`:
`§ 371 Date:
`
`
`
`§ 102(e) Date:
`
`
`
`
`
`PCT/GB94/02508
`.
`10,
`Jul. 10, 1996
`
`
`
`Jul. 10, 1996
`
`
`
`
`
`
`
`Maxtor Corporation—productliterature—copyright 1993—
`
`
`
`
`
`
`
`
`“PCMCIA Hard Disk Drive Security”.
`
`
`
`
`
`
`
`
`
`
`
`liel, J
`Pri
`Examiner—Robert W. B
`Beausoliel,
`rimary Examiner—Robert
`W.
`Jr.
`
`
`
`
`
`
`
`
`
`Assistant Examiner—Scott T. Baderman
`[87] PCT Pub. No.: WO935/14265
`
`
`
`
`
`
`
`
`
`
`Attorney, Agent, or Firm—Alston & Bird LLP
`PCT Pub. Date: May 26, 1995
`
`
`
`
`
`
`
`
`ABSTRACT
`[57]
`Foreign Application Priority Data
`[30]
`
`
`
`
`
`
`
`
`
`Nov. 13, 1993
`A portable hard disk drive has an electrically erasable
`United Kingdom..................., 9323453
`[GB]
`
`
`
`
`
`
`
`
`
`
`Int. C1.”
`programmable read-only-memory (EEPROM)forstoring a
`G06F 11/00: HO4L 9/00
`[Sl]
`
`
`
`
`
`
`
`
`
`
`
`
`
`U S Cl — .
`[52]
`713/202: T11/164
`first password for allowing a user access to the disk and a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ta na
`random access memory (RAM) for temporarily storing a
`“—
`ee
`i
`
`
`
`
`[58] Field of Seareane 01: 380/4 35 sos°° be.
`password entered bya user. A microprocessoris arranged to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`A 0/200:707 9: 705/1 3: crt 64
`compare the user-entered passed with the password stored in
`
`
`
`
`
`
`
`
`
`
`
`
`
`ee EEE the EEPROMandto generate a signal to allow a user access
`
`
`
`
`
`
`
`
`
`
`
`y
`to the
`if a valid match 1s
`found
`and
`prohibit access
`disk
`to
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`[56] andtoprohibiReferences Cited he disk if lid h is found
`
`
`
`
`
`
`
`
`
`if there is no match.
`
`
`
`
`
`U.S. PATENT DOCUMENTS
`
`
`
`9/1989 Oshimaet al. w...cce. 365/189.01
`
`
`
`
`
`
`
`4,864,542
`
`
`
`
`
`16 Claims, 4 Drawing Sheets
`
`
`
`
`
`
`
`IC7
`
`C4
`
`IC3
`
`
`
`oot f] oa0o a
`O00
`ooo L] gq C99%O
`
` 0 q
`
`oCojdo0a2a
`OU oo
`
`C9
`
`Page 1 of 10
`
`Unified Patents Exhibit 1009
`
`Page 1 of 10
`
`Unified Patents Exhibit 1009
`
`
`
`
`U.S. Patent
`
`
`
`Jan. 4, 2000
`
`
`
`
`
`
`
`6,012,145
`
`
`
`
`
`
`
`
`
`Toro =O
`
`Sheet 1 of 4
`
`
`
`
`°
`
`
`
`
`
`
`
`
`
`Page 2 of 10
`
`Page 2 of 10
`
`
`
`
`U.S. Patent
`
`
`
`Jan. 4, 2000
`
`
`
`
`
`Sheet 2 of 4
`
`
`
`
`
`
`6,012,145
`
`
`
`Pete ene nn ne eee ee ne eee= == -- === ==;
`
`
`
`
`
`
`
`
`
`10
`
`ATA/IDE
`
`
`
`OR PCMCIA
`
`INTERFACE
`
`
`
`
`
`
` FUNCTION
`
`
`
`
`
`
`
`
`PRE-AMPLIFIER
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`RAM
`
`
`
`
`
`
`
`
`
`
`TP]=ELASTOMERIC CONNECTOR
`
`
`
`
`
`/P3—————S—« 68 WAY CONNECTOR
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 3 of 10
`
`
`
`
`
`Page 3 of 10
`
`
`
`
`U.S. Patent
`
`
`
`Jan. 4, 2000
`
`
`
`
`
`Sheet 3 of 4
`
`
`
`
`
`
`6,012,145
`
`
`
`
`
`PASSWORD PROTECTION EXAMPLE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`THE USER REQUIRES TO SET THE HARD DISK INTO NO DATA PROTECTION MODE
`
`
`
`
`
`
`
`
`
`
`THE USER RUNS A PASSWORD PROTECTION UTILITY PROGRAM
`
`
`
`
`
`
`
`
`
`
`THE UTILITY PROGRAM DISPLAYS A MENU OF OPTIONS:
`
`
`
`
`
`
`N - NO DATA PROTECTION
`
`
`
`P - PARTIAL DATA PROTECTION
`
`
`
`
`F - FULL DATA PROTECTION
`
`
`
`
`L - CHANGE LOW-LEVEL PASSWORD
`Manne MASTER-KEY PASSWORD
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`THE USER SELECTS THE NO DATA PROTECTION OPTION ‘N’
`
`
`
`
`
`THE UTILITY DISPLAYS:-
`
`
`
`
`
`
`
`
`NO DATA PROTECTION OPTION SELECTED - ENTER PASSWORD:-
`
`
`
`
`
`THE USER ENTERS THE PASSWORD
`
`
`
`
`
`
`
`
`
`
`
`THE UTILITY EXECUTES THE NO DATA PROTECTION MODE COMMAND
`
`
`
`
`
`
`
`
`
`
`
`THE DRIVE IS NOW IN NO DATA PROTECTION MODE
`
`
`
`
`
`
`
`
`
`
`
`
`THE USER EXITS THE UTILITY BY SELECTING THE QUIT OPTION
`
`
`
`TTHE OTHER COMMANDS ARE EXECUTED IN A SIMILAR FASHION EXCEPT THAT
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CHANGING THE PASSWORDS OPTIONS WOULD PROMPT THE USER FOR BOTH THE
`
`
`
`
`
`OLD AND THE NEW PASSWORDS.
`
`
`
`FIG. 4.
`
`
`
`
`Page 4 of 10
`
`Page 4 of 10
`
`
`
`
`U.S. Patent
`
`
`
`Jan. 4, 2000
`
`
`
`
`
`Sheet 4 of 4
`
`
`
`
`
`
`6,012,145
`
`
`
`
`
`
`
`
`
`PASSWORD PROTECTION HARD DRIVE COMMAND HANDLING SEQUENCE
`
`
`
`
`
`
`
`
`
`THE DRIVE RECEIVES A DATA PROTECTION COMMAND
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`PASSWORD DATA IS SENT TO THE DRIVE
`
`
`
`
`
`
`
`THE MICROPROCESSOR COMPARES EACH OF THE 128
`
`BYTES OF PASSWORD WITH THAT STORED IN THE FLASH ROM
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`PASSWORD
`
`CORRECT?
`
`YES
`
`NO
`
`
`
`
`
`Sit
`
`CHANGE
`
`OMMAND
`
`YES
`
`128 BYTES OF NEW PASSWORD DATAIS SENT TO THE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DRIVE AND IS TEMPORARILY STORED IN RAM
`
`
`
`THE NEW PASSWORDIS WRITTEN TO FLASH ROM
`
`
`
`
`
`
`
`|
`THE WRITE AND READ INHIBIT FLAGS IN ONE OF
`
`
`
`
`
`
`
`
`THE MICROPROCESSOR’S REGISTERS ARE SET
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`THE WRITE AND READ INHIBIT FLAGS HELD IN ONE OF THE
`
`
`
`
`
`
`MICROPROCESSOR’S REGISTERS ARE SET ACCORDING TO
`
`
`
`
`
`THE DATA PROTECTION COMMAND SENT
`
`
`
`
`
`
`
`
`
`
`
`THE DRIVE ENTERS A LOCK UP MODE ONLY
`
`
`
`
`
`
`RECOVERABLE BY A POWER ON RESET
`
`FIG. 3.
`
`
`
`
`Page 5 of 10
`
`Page 5 of 10
`
`
`
`1
`SECURITY SYSTEM FOR HARD DISK
`
`
`
`
`
`DRIVE
`
`
`
`6,012,145
`
`
`
`
`2
`
`
`
`
`
`
`
`
`
`
`passwordis stored), on the disk drive electronics board, so
`
`
`
`
`
`
`
`
`
`
`
`that the main part of the security system is largely contained
`
`
`
`
`
`
`
`
`
`
`
`
`in the portable disk drive itself. In one possible form of the
`invention though the utility software may be formed and
`
`
`
`
`
`
`
`
`
`arranged to read in a computer system identification number
`
`
`
`
`
`
`
`
`(the BIOS Serial No) and use this as a “user input” password
`
`
`
`
`
`
`
`
`
`
`
`to be compared against a stored password so that the drive
`
`
`
`
`
`
`
`
`
`
`
`is “protected” for automatic access only (possibly subject to
`
`
`
`
`
`
`
`
`
`use of a master password) from a particular computer.
`
`
`
`
`
`
`
`
`
`The user may advantageously have the option of setting
`
`
`
`
`
`
`
`
`two or moredifferent levels of security required, such as “no
`
`
`
`
`
`
`
`
`
`
`protection”, “read only” or “full protection”.
`
`
`
`
`
`
`In “no protection” mode the drive password defaults to a
`
`
`
`
`
`
`
`
`
`free access condition. In “read only” mode, files can be read
`
`
`
`
`
`
`
`
`
`
`
`but not altered and new files may not be added to the drive.
`
`
`
`
`
`
`
`
`
`
`
`
`
`In “no access” mode the drive will not allow any access.
`
`
`
`
`
`
`
`
`
`
`
`A Master Passwordis desirably provided whichis stored
`
`
`
`
`
`
`
`
`
`in a different location in the flash memory. This can only be
`
`
`
`
`
`
`
`
`
`
`
`
`used by suitable authorised personnel to over-ride any user
`
`
`
`
`
`
`
`
`
`selected password, for example in the event of a regular
`
`
`
`
`
`
`
`
`
`
`password being forgotten. The Master Password could beset
`
`
`
`
`
`
`
`
`
`during the manufacture of the drive, but more conveniently
`
`
`
`
`
`
`
`
`
`is set by a purchaser of the disk drive.
`
`
`
`
`
`
`
`
`
`The system advantageously has means whichprevent the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`use of special computer programs to decode the password
`
`
`
`
`
`
`
`
`
`
`
`
`and thereby gain access to the protected files so that if an
`
`
`
`
`
`
`
`
`
`illegal passwordis attempted, the drive “hangs” and requires
`
`
`
`
`
`
`
`
`
`a power-on reset before the password can be re-entered.
`
`
`
`
`
`
`
`
`Preferably, said first memory means is a non-volatile
`
`
`
`
`
`
`
`read-only-memory (ROM). Where a volatile memory is
`
`
`
`
`
`
`
`
`
`
`used then the system should of course be provided with
`
`
`
`
`
`
`
`
`
`power supply means or at
`least back-up power supply
`
`
`
`
`
`
`
`
`means, though this is generally less convenient. Preferably,
`
`
`
`
`
`
`
`
`
`said second memory meansis a random access memory.
`
`
`
`
`
`
`Conveniently, said comparison meansis a microprocessor
`
`
`
`
`
`
`
`
`
`
`which is formed and arranged to fetch a code corresponding
`
`
`
`
`
`
`
`
`
`
`
`to said stored password from the first memory, fetch a code
`
`
`
`
`
`
`
`
`corresponding to the “user-entered” password, and store the
`
`
`
`
`
`
`
`
`
`
`codes in first and second registers, and then compare the
`
`
`
`
`
`
`
`
`
`
`
`
`contents of the registers and only if there is a valid match,
`
`
`
`
`
`
`
`
`
`access to the disk drive is permitted. Advantageously the
`
`
`
`
`
`
`
`
`
`microprocessor is further formed and arranged so that if
`
`
`
`
`
`
`
`
`
`
`
`there is no valid match then the drive “hangs” and requires
`
`
`
`
`
`
`
`
`
`a power-on reset before a new passwordis entered.
`
`
`
`
`
`
`
`The first memory (e.g. non-volatile ROM), second
`
`
`
`
`
`
`
`memory (e.g.
`random access memory) and comparison
`
`
`
`
`
`
`
`
`means(e.g. microprocessor) are all conveniently provided in
`
`
`
`
`
`
`
`
`
`
`
`solid state device means on a printed circuit board used for
`
`
`
`
`
`
`
`
`
`
`controlling the disk drive (e.g. a PCMCIATypeIII hard disk
`
`drive).
`
`
`
`
`
`
`
`
`According to a second aspect of the present invention,
`
`
`
`
`
`
`
`
`
`there is provided a methodof controlling access to a portable
`
`
`
`
`
`
`
`hard disk drive comprising the steps of:
`
`
`
`
`
`
`
`
`storing a first password in a first, usually non-volatile
`memory;
`
`
`
`
`
`
`
`
`
`storing a user-entered password in a second memory;
`
`
`
`
`
`
`
`comparing the first password with the user-entered pass-
`
`
`word; and
`
`
`
`
`
`
`
`
`
`
`
`if a valid match is found, allowing the user access to the
`disk drive.
`
`
`
`
`
`
`
`
`
`
`
`Preferably, the method includes the step of allowing the
`
`
`
`
`
`
`
`
`
`
`user selectively to access one of a plurality of different
`
`
`
`
`
`
`
`
`
`protection levels by entering a code corresponding to the
`
`
`
`
`
`
`protection level together with the password.
`
`
`
`
`
`
`
`
`Preferably also, the method includesthe step of altering
`
`
`
`
`
`
`
`
`the passwordstored in the non-volatile memory by entering
`
`
`
`
`
`
`
`
`a code corresponding to a password change, together with
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`10
`
`
`15
`
`
`20
`
`
`25
`
`
`30
`
`
`
`35
`
`
`40
`
`
`45
`
`
`50
`
`
`
`55
`
`
`
`60
`
`
`
`65
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`invention relates to a security system
`The present
`
`
`
`
`
`
`
`
`intended for the protection of information recorded on
`
`
`
`
`
`
`
`
`
`
`miniature portable hard disk drives for use typically in small
`
`
`portable computers.
`
`
`
`
`
`
`
`The advent of the PCMCIAinterface and accompanying
`
`
`
`
`
`
`plug-compatible memory products meansthat truly portable
`
`
`
`
`
`
`
`mass storage devices will soon become commonplace and
`
`
`
`
`
`
`easily interchangeable between computer systems and simi-
`lar devices.
`
`
`
`
`
`
`
`
`
`
`
`
`The need for protection of confidential data files is of
`
`
`
`
`
`
`
`
`
`
`prime importance in these small disk drives as they can
`
`
`
`
`
`
`
`
`
`
`easily be lost or stolen and thus becomeavailable to unau-
`
`
`
`
`
`
`
`
`
`
`thorised users. A method of protection and the protection
`
`
`
`
`
`
`
`
`
`
`
`
`apparatus must exist in the drive itself to ensure that it is
`
`
`
`
`
`
`
`
`secure whereverit is plugged in and run.
`
`
`
`
`
`
`
`
`
`Current methodsoffile protection such as those included
`
`
`
`
`
`
`
`within application software or those using separate utility
`
`
`
`
`
`
`
`
`
`software packages are not particularly suited to portable
`
`
`
`
`
`
`
`
`
`
`devices as they can either be easily decoded by someone
`
`
`
`
`
`
`
`
`
`
`
`
`skilled in the art or form part of the host system memory.
`
`
`
`
`
`
`
`
`
`
`A first object of the present invention is to provide a
`
`
`
`
`
`
`
`
`
`
`
`method of securing the files on a hard disk drive by means
`
`
`
`
`of user password protection.
`
`
`
`
`
`
`
`
`
`
`A second object of the present invention is to provide a
`
`
`
`
`
`
`
`
`
`
`
`system and methodof securingthefiles on a hard disk drive
`
`
`
`
`for “read only” operation.
`
`
`
`
`
`
`
`
`
`
`
`A third object of the present invention is to provide a
`
`
`
`
`
`
`
`
`
`
`
`
`method of securing the files on a hard disk drive such that
`
`
`
`
`“no access” is permitted.
`
`
`
`
`
`
`
`
`
`
`
`A fourth object of the present invention is to provide a
`
`
`
`
`
`
`
`
`
`method of providing a Master Key password for authorised
`
`
`
`
`
`
`
`
`
`
`secondary access in the event that the user passwordis lost.
`
`
`
`
`
`
`
`
`
`
`
`
`A fifth object of the present invention is to provide a
`
`
`
`
`
`
`
`
`methodof protecting the password from discovery by enci-
`
`
`
`phering software programs.
`
`
`
`
`
`
`
`
`
`
`
`Asixth object of the invention is to provide a system and
`
`
`
`
`
`
`
`apparatus to enable the method to be implemented.
`
`
`
`
`
`
`
`
`
`In accordance with the present invention there is pro-
`
`
`
`
`
`
`
`vided a memory and comparison meanswith a specialutility
`
`
`
`
`
`
`
`
`
`
`
`
`program to enable the owneror user of a hard disk drive to
`
`
`
`
`
`
`
`
`
`protect the data files by setting an access password.
`
`
`
`
`
`
`
`
`
`According to a first aspect of the present invention there
`
`
`
`
`
`
`
`
`
`
`is provided a security system for a portable hard disk drive,
`
`
`
`said system comprising:
`
`
`
`
`
`
`
`
`
`first memory meansfor storing a password for allowing a
`user to have access to information on the disk;
`
`
`
`
`
`
`
`
`
`second memory means for storing a user-entered pass-
`
`
`
`
`
`
`
`word; and
`
`
`
`
`
`
`
`
`
`
`comparison means coupled to said first memory means
`
`
`
`
`
`
`
`
`
`and to said second memory means for comparing the
`
`
`
`
`
`
`
`
`stored password with the user-entered password and for
`
`
`
`
`
`
`
`
`
`permitting access to information on the disk if the
`
`
`
`
`
`
`
`
`passwords match and preventing access when there is
`no match.
`
`
`
`
`
`
`
`
`
`
`
`
`The password is conveniently stored in flash or other solid
`
`
`
`
`
`
`
`
`state non-volatile memory on the disk drive electronics
`board and it controls unauthorised access of the drive
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`depending on the level of protection selected. Code used to
`
`
`
`
`
`
`
`
`
`
`
`interact with an utility program which is run on a commuter
`
`
`
`
`
`
`
`
`
`
`
`
`
`in which the disk drive is being used in order to provide a
`
`
`
`
`
`
`reasonably user-friendly interface for entry and/or amend-
`
`
`
`
`
`
`
`
`
`ment of passwords, setting of protection mode etc, is also
`
`
`
`
`
`
`
`
`conveniently stored in flash or other solid state memory
`
`
`
`
`
`
`
`
`
`
`(which may be the same device as that
`in which the
`
`
`
`
`
`Page 6 of 10
`
`Page 6 of 10
`
`
`
`
`6,012,145
`
`
`
`
`
`
`
`
`
`
`
`3
`
`
`
`
`
`
`
`
`
`
`the existing passwordstored in said volatile memory and the
`
`
`
`
`
`
`
`
`
`
`new password to be stored, so that said new password
`
`
`
`
`replaces said existing password.
`
`
`
`
`
`
`Conveniently, said codes correspondingto different levels
`
`
`
`
`
`
`
`
`
`of data protection and said passwords are entered from a
`
`
`
`
`
`
`
`
`
`
`keyboard of a computer in which the disk drive has been
`
`
`
`
`
`
`
`
`
`installed via a software utility run on that computer.
`
`
`
`
`
`
`
`
`According to another aspect of the present
`invention,
`
`
`
`
`
`
`
`
`
`
`
`
`there is provided a circuit board for use with a portable disk
`
`
`
`
`
`
`
`
`
`
`drive for controlling access to information on the disk, said
`circuit board comprising disk drive control means for con-
`
`
`
`
`
`
`
`
`trolling the rotation of the disk and for writing and reading
`
`
`
`
`
`
`
`
`
`
`
`information to and from the disk, first memory means
`
`
`
`
`
`
`
`
`
`disposed on said circuit board for storing first password for
`
`
`
`
`
`
`
`
`
`
`allowing a user access to the disk, second memory means
`
`
`
`
`
`
`
`
`
`
`disposed onthe circuit board for storing a password entered
`
`
`
`
`
`
`
`
`
`
`by a user, comparison means mounted on the circuit board
`and coupledto the first and to the second memory meansfor
`
`
`
`
`
`
`
`
`
`
`comparing the stored first password with the user-entered
`
`
`
`
`
`
`
`
`
`
`
`
`password and for generating an access control signal to
`
`
`
`
`
`
`
`
`allow the user accessto the disk if a valid match is found and
`
`
`
`
`
`
`
`
`
`to prohibit access if there is no match.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`These and other aspects of the invention will become
`
`
`
`
`
`
`
`
`apparent from the following description when taken in
`
`
`
`
`
`
`
`combination with the accompanying drawings in which:
`
`
`
`
`
`
`
`FIGS. 1 and 2 are top and bottom views of a PCB layout
`
`
`
`
`
`
`
`
`
`
`
`
`
`for a PCMCIAtypeIII disk drive;
`
`
`
`
`
`
`
`FIG. 3 is a circuit block diagram representing the elec-
`
`
`
`
`
`
`
`
`
`tronic circuitry shown in FIGS. 1 and 2
`
`
`
`
`
`
`
`
`FIG. 4 is a flowchart of the sequence of operation which
`
`
`
`
`
`
`
`
`
`
`
`takes place when a user requires to set a hard disk into ‘No
`
`
`
`
`
`
`
`
`
`
`
`
`
`Data Protection Model’; and
`
`
`
`
`FIG. 5 is a flowchart of the sequence of operations which
`
`
`
`
`
`
`
`
`
`takes place when the disk drive receives a ‘Data Protection
`
`
`
`
`
`
`
`
`
`Command’.
`
`Referenceis first made to FIGS. 1 and 2 of the drawings
`
`
`
`
`
`
`
`
`
`
`
`
`which depict a printed circuit board generally indicated by
`
`
`
`
`
`
`
`
`
`reference numeral 10 which has a plurality of electronic
`
`
`
`
`
`
`
`
`
`components (IC2-IC9) thereon, as indicated in FIG. 1, and
`
`
`
`
`
`
`
`
`
`which has a central aperture 12 for receiving the protruding
`
`
`
`
`
`
`
`
`
`
`flange of a spindle motor (not shown in the interests of
`
`
`
`
`
`
`
`
`
`
`
`clarity).
`
`The general principles of operation of a PCMCIAdisk
`
`
`
`
`
`
`
`
`
`drive are well known and will not be discussed further, as
`
`
`
`
`
`
`
`
`
`
`
`these are disclosed in applicants’ copending U.K. Applica-
`
`
`
`
`
`
`
`tion No. 9224176.9 and corresponding patent publication
`
`
`
`
`
`
`
`No. WO94/11877. As can be seen from FIGS. 1, 2 and 3, IC5
`
`
`
`
`
`
`
`
`
`
`
`
`is a non-volatile flash EPROM (e.g. ATMEL AT29C512
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(64K bytes) in a 32 pin TSOP package) constituting a first
`
`
`
`
`
`
`
`
`
`
`memory means. A user-defined passwordis stored inIC5. A
`
`
`
`
`
`
`
`
`
`
`software utility is run on the computer for setting the
`
`
`
`
`
`
`
`
`password and subsequent entry and/or editing of the pass-
`
`
`
`
`
`
`
`
`
`
`
`word for access to the drive data. The user’s password is
`
`
`
`
`
`
`
`
`stored in IC7 STATIC RAM (e.g. Sony CXK5827ATM
`
`
`
`
`
`
`
`
`(32K bytes) in a 28 pin TSOP package).
`
`
`
`
`
`
`
`
`
`
`The code for interacting with the software utility is also
`stored in the flash EEPROM ICS andis read into the DSP
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`RAM in the disk drive microprocessor IC4 (preferably a
`
`
`
`
`
`
`
`
`
`
`Zilog 286C95 in 100 pin VQFP package) prior to rewriting
`
`
`
`
`
`
`
`a new password in the DSP RAM.
`As described above there are various levels of data
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`protection which can be implemented with this system. A
`
`
`
`
`
`
`
`
`
`
`vendor unique interface command 82his used to control the
`
`
`
`
`
`
`
`
`
`data protection mechanism in the drive. This is transparent
`
`
`
`
`
`
`
`
`
`
`
`
`to the user: it is not menu driven, and software recognises the
`
`
`
`
`
`
`
`
`
`
`
`input code (a to c) to determine the level of protection
`
`
`
`
`
`
`
`
`
`required. Five different levels of protection are provided as
`
`follows:
`
`
`
`
`
`
`4
`
`
`
`
`
`
`
`
`a) No data protection (write and read access permitted);
`
`
`
`
`
`
`
`
`b) Partial data protection (read access only permitted);
`
`
`
`
`
`
`
`
`c) Full data protection (no data access permitted);
`
`
`
`
`
`d) Low-level password alteration; and
`
`
`
`
`
`e) Master key passwordalteration.
`
`
`
`
`
`
`
`
`
`It will be appreciated that the passwords are entered from
`
`
`
`
`
`
`
`
`
`
`
`the keyboard of a computer in which the disk drive has been
`
`
`
`
`
`
`
`
`installed, via a menu-driven utility. The low-level and mas-
`
`
`
`
`
`
`
`
`
`
`
`
`ter key passwords each consist of a 127 bytes of data (the
`
`
`
`
`
`
`
`
`
`
`128th byte being conveniently used to set a flag indicating
`
`
`
`
`
`
`
`
`
`current access mode whereby this can be “remembered” by
`
`
`
`
`
`
`
`
`
`the system for a subsequent access). The low-level password
`
`
`
`
`
`
`
`
`
`
`
`default is all ‘FFh’s which serves as the only means of
`
`
`
`
`
`
`
`permanently disabling the drive’s Data Protection system.
`
`
`
`
`
`
`
`
`
`
`Master key Password supportis also provided as a meansfor
`
`
`
`
`over-riding the Low-Level Password.
`
`
`
`
`
`
`
`
`
`
`Once a valid Low-Level Password has been set (i.e. at
`
`
`
`
`
`
`
`
`
`
`
`
`
`least one of its 127 bytes is non FFh) the drive will default
`
`
`
`
`
`
`
`
`
`
`on a subsequent power up to Full Data Protection Mode.
`
`
`
`
`
`
`
`
`
`In the preferred embodiment of the invention, as noted
`
`
`
`
`
`
`
`
`
`above, re-powering up is arranged to restore the protection
`
`
`
`
`
`
`
`
`
`
`modelast set. This is particularly useful where for example
`
`
`
`
`
`
`
`
`
`
`
`
`it is desired to provide read-only access to one or more users
`
`
`
`
`
`
`
`
`
`
`
`whoare not passwordholders to allow such users readily to
`
`
`
`
`
`
`
`access data whilst preventing any unauthorized tampering
`
`
`
`
`
`
`
`
`
`with the data—for example, where portable hard disk drives
`
`
`
`
`
`
`
`
`
`
`are used to supply spare part, product and/or pricing data
`
`
`
`
`
`
`
`
`
`
`which requires to be updated more or less frequently,
`to
`
`
`
`
`
`
`
`
`service centres, supermarkets or the like which use comput-
`
`
`
`
`erized files, manufacturers etc.
`
`
`
`
`
`
`The particular protection levels are as follows:
`
`
`
`
`
`a) No Data Protection Mode
`
`
`
`
`
`
`
`
`
`
`This function allows the drive to operate in a mode where
`
`
`
`
`
`
`
`
`
`both Write and Read operations are permissible.
`It
`is
`
`
`
`
`
`
`
`
`executed internally under the control of the microprocessor
`
`
`
`
`
`1C4 via the following sequence:
`
`
`
`Set the Sector Count Register to
`
`
`
`
`
`
`Set the Sector Number Register to
`
`
`
`
`
`Set the Cylinder Low Register to
`
`
`
`
`
`
`Set the Cylinder High Register to
`
`
`
`
`
`
`Set the Drive/Head Register to
`
`
`
`
`
`
`
`
`93h
`
`42h
`
`69h
`
`26h
`
`00h (No data
`
`
`
`protection
`
`function)
`
`82h (Data
`
`
`protection
`
`command)Wait
`
`until the Status Register has Busy (Bit 7) = 0 and DRQ
`
`
`
`
`
`
`
`
`
`
`
`
`(Bit 3) = 1 Password loop:
`
`
`
`
`
`
`
`Set the CommandRegisterto
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Wait until the Drive/Head Register Bits 0-3=Fh
`
`
`
`
`
`
`
`
`
`Set the Sector Count Register with the first (or next)
`
`
`Password byte
`
`
`
`
`
`
`Set the Drive/Head Register to 00h
`
`
`
`
`
`
`
`
`
`
`Repeat Password loop until all 127 bytes of the Password
`have been transferred.
`
`
`
`
`
`
`
`
`
`
`
`
`Wait for the Status Register DRO (Bit3)=0 An Interrupt
`
`
`
`
`
`
`
`
`
`shall also be generated by the drive upon command comple-
`tion.
`
`Read and Write Data access of the drive shall now be
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`permitted. The above is best seen with reference to the
`
`
`
`
`
`
`
`
`
`
`flowchart in FIGS. 4 and 5 of the drawings. Similar flow-
`
`
`
`
`
`
`
`
`
`
`charts are used for protection levels b) and c) and the
`
`
`
`
`
`
`
`
`
`flowchart in FIG. 5 is also applicable to password changing
`as will be described.
`
`
`
`
`
`
`
`
`
`b) Partial Data Protection Mode
`
`
`
`
`
`
`
`
`
`
`This function is implemented in exactly the same way as
`
`
`
`
`
`
`
`
`
`
`
`that of the No Data Protection Mode with the exception of
`
`
`
`
`
`
`
`
`
`10
`
`
`
`15
`
`
`
`20
`
`
`
`
`
`
`
`25
`
`30
`
`35
`
`
`
`40
`
`
`
`45
`
`
`
`50
`
`
`
`55
`
`
`
`60
`
`
`
`65
`
`
`
`Page 7 of 10
`
`Page 7 of 10
`
`
`
`
`6,012,145
`
`
`
`
`
`
`5
`
`
`
`
`
`
`
`
`
`
`the Drive/Head Register being set to 01h priorto setting the
`
`
`Command Register.
`
`
`
`
`
`
`
`
`Once the command is completed, Read Data access only
`
`
`
`
`
`
`
`shall be permitted. Attempts at sending write commands
`shall result in Aborted Command Errors.
`
`
`
`
`
`
`
`
`
`
`
`c) Full Data Protection Mode
`
`
`
`
`
`
`
`
`
`
`This function is implemented in exactly the same way as
`
`
`
`
`
`
`
`
`
`
`
`that of the No Data Protection Mode with the exception of
`
`
`
`
`
`
`
`
`
`
`
`the Drive/Head Register being set to 02h priorto setting the
`
`
`Command Register.
`
`
`
`
`
`
`
`
`
`Once the command is completed, No Data access shall be
`
`
`
`
`
`
`
`permitted. Attempts at sending Write or Read commands
`shall result in Aborted Command Errors.
`
`
`
`
`
`
`
`
`
`
`d) Low-Level Password Alteration
`
`
`
`
`
`
`
`
`The Low-Level Data Protection Password can be changed
`
`
`
`
`
`
`
`
`
`
`by sending the old Low-Level Password along with the new
`
`
`
`
`
`
`one in the following command sequence:
`
`
`
`
`
`
`Set the Sector Count Register to
`
`
`
`
`
`
`Set the Sector Number Register to
`
`
`
`
`
`Set the Cylinder Low Register to
`
`
`
`
`
`
`Set the Cylinder High Register to
`
`
`
`
`
`
`Set the Drive/Head Register to
`
`
`
`
`
`(Password Alteration Function)
`
`
`
`Set the Command Register to
`
`
`
`
`
`(Data Protection Command)
`
`
`
`
`93 h
`
`42h
`
`69h
`
`26h
`
`03h
`
`
`
`
`
`
`
`
`82h
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Wait until the Status Register has Busy (bit 7)=0 and DRQ
`
`
`(bit 3)=1
`
`
`
`Password_loop_1:
`
`
`
`
`
`
`
`Wait until the Drive/Head Register Bits 0-3=Fh
`
`
`
`
`
`
`
`
`
`
`
`Set the Sector Count Register with the first (or next) Old
`
`
`Password byte
`Set the Drive/Head Register to 00h
`
`
`
`
`
`
`Repeat Password_loop_1 until all 128 bytes of the Old
`
`
`
`
`
`
`
`
`
`
`
`Password have beentransferred.
`
`
`
`
`Wait for the Status Register DRQ (bit 3)=0
`
`
`
`
`
`
`
`Password_loop__2:
`
`
`
`Wait until the Drive/Head Register Bits 0-3=Fh
`
`
`
`
`
`
`
`Set the Sector Count Register with the first (or next) New
`
`
`
`
`
`
`
`
`
`
`Password byte
`
`
`Set the Drive/Head Register to 00h
`
`
`
`
`
`
`Repeat Password_loop__2 until all 127 bytes of the Old
`
`
`
`
`
`
`
`
`
`
`
`Password have beentransferred.
`
`
`
`
`Wait until the Sector Count Register=01h.
`
`
`
`
`
`
`An Interrupt shall also be generated by the drive upon
`
`
`
`
`
`
`
`
`
`command completion.
`
`
`e) Master Key Password Alteration
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`The Master Key Protection Password can be changed by
`
`
`
`
`
`
`
`
`
`
`sending the old Master Key Password along with the new
`
`
`
`
`
`
`
`
`
`
`one in a sequenceidentical to that of altering the Low-Level
`
`
`
`
`
`
`
`
`Password with the exception of setting the Drive/Head
`
`
`
`
`
`
`
`
`
`Register to 04h prior to writing the Command Register.
`
`
`
`
`
`
`
`
`
`
`The setting of a new Master Key Password ordinarily has
`
`
`
`
`
`
`
`
`no effect on the existing Low-Level Password. However,
`
`
`
`
`
`
`
`
`knowledge and unplementatin of the Master Key Password
`
`
`
`
`
`
`
`
`
`allows a user to change a Low-Level Password. This pro-
`
`
`
`
`
`
`
`
`
`vides a means for recovering a drive whereby data protec-
`
`
`
`
`
`
`
`
`
`
`tion has been invoked but the password has been forgotten.
`
`
`
`
`
`
`
`
`
`
`The intention of implementing the Master Key optionis for
`
`
`
`
`
`use by restricted personnel only.
`
`
`
`
`
`
`
`
`Any incorrect attempt at executing a Data Protection
`
`
`
`
`
`
`
`
`
`Command Function shall result in the drive being disabled
`
`
`
`
`
`
`
`
`
`where only a power-on reset shall re-enable the interface.
`
`
`
`
`
`
`
`This prevents the use of a systematic ‘Guess-the-Password-
`
`
`
`
`
`
`
`
`Utility’ being used which sends an incrementing password to
`
`
`
`
`
`
`
`the drive until it gets it correct.
`
`
`
`
`
`
`
`
`
`It will be understood that various modifications may be
`made to the invention hereinbefore described without
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 8 of 10
`
`6
`
`
`
`
`
`
`
`
`
`
`departing from the scope of the invention. For example, one
`
`
`
`
`
`
`
`
`
`
`
`or more of the memory chips may be combined with the
`
`
`
`
`
`
`
`
`
`
`microprocessor in a single chip instead of separate chips as
`
`
`
`
`
`
`
`
`
`
`disclosed in the embodiment. The system is applicable to all
`
`
`
`
`
`
`
`
`
`sizes of portable hard disk drive, not necessarily PCMCIA
`
`
`type interfaces.
`
`
`
`
`
`
`
`
`
`
`A principal advantage of the inventionis that the security
`
`
`
`
`
`
`
`
`
`
`
`system is actually presentin the disk drive itself. This means
`
`
`
`
`
`
`
`
`
`
`
`
`that both the hardware and software is present so that if the
`
`
`
`
`
`
`
`
`
`disk drive is moved between different machines, the security
`
`
`
`
`
`
`
`
`
`
`
`system will remain in place. A further advantageis that the
`
`
`
`
`
`
`
`
`
`security system is readily implemented on the disk drive
`
`
`
`
`
`
`
`
`
`
`PCBusing the existing chip already necessary to control the
`
`
`
`
`
`
`
`
`
`
`operation of the disk drive. In addition, the control software
`
`
`
`
`
`
`
`
`is readily loaded into the disk drive circuit.
`
`
`
`
`
`
`
`
`
`
`A further advantageis that variouslevels of protection can
`
`
`
`
`
`
`
`
`
`
`
`be readily set and passwords can be undated to reflect a
`
`
`
`
`variety of changing circumstances.
`We claim:
`
`
`
`
`
`
`
`
`
`
`
`
`1. A security system for a portable hard disk drive, the
`
`
`system comprising:
`
`
`
`
`
`
`
`
`first, non-volatile, memory means (IC5) within the disk
`
`
`
`
`
`
`
`
`drive comprising memoryforstoring a first password;
`
`
`
`
`
`
`
`
`
`second memory means (IC7) within the disk drive for
`
`
`
`
`
`
`
`
`transiently storing a second password which may be
`
`
`
`
`
`
`
`
`
`
`
`entered by a user after powering-up of the disk drive in
`
`
`
`a computer; and
`
`
`
`
`
`
`
`comparison means (IC4) coupled to said first memory
`
`
`
`
`
`
`
`
`means and to said second memory means for compar-
`
`
`
`
`
`
`
`
`ing the stored first password with the second password,
`characterized in that:
`
`
`
`
`
`
`
`
`
`
`
`software utility program meansis provided externally of
`
`
`
`
`
`
`
`
`
`
`
`the disk drive for running on a computer in which the
`
`
`
`
`
`disk drive is used; and
`
`
`
`
`
`
`
`said first, non-volatile, memory means (IC5) within the
`
`
`
`
`
`
`
`disk drive also includes memory for storing software
`
`
`code for:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(a) interacting with the software utility program means so
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`as to enable the disk drive to be set by a user, in a
`
`
`
`
`
`
`
`
`
`
`chosen oneofat least two disk protection modes from
`
`
`
`
`
`
`
`
`
`
`
`which the user may choose, in which the set mode of
`
`
`
`
`
`
`
`
`
`the disk drive is retained after powering off and
`
`
`
`
`
`
`
`
`
`
`
`re-powering up suchthat the drive is usable in the same
`
`
`
`
`
`
`
`
`set mode following re-powering up without having to
`
`
`
`
`
`
`
`
`
`
`
`input a password to the drive, said at least two disk
`
`
`
`
`
`protection modes being selected from:
`
`
`
`
`
`
`
`
`
`
`
`a full data protection mode in which a useris prohibited
`
`
`
`
`
`
`
`
`
`
`from reading data from, and writing data to, a disk
`
`
`
`
`
`meansof the disk drive,
`
`
`
`
`
`
`
`
`
`
`a partial data protection mode in which a user is prohib-
`
`
`
`
`
`
`
`
`
`
`
`ited from writing data to and is permitted only to read
`
`
`
`
`
`
`data from the disk means, and
`
`
`
`
`
`
`
`
`
`
`
`a no data protection mode in which a user is permitted to
`
`
`
`
`
`
`
`
`
`
`read data from, and write data to, the disk means;
`
`
`
`
`
`
`
`
`
`
`provided that one of said at
`least
`two selected disk
`
`
`
`
`
`
`
`
`protection modesis the partial data protection mode;
`and
`
`
`
`
`
`
`
`
`
`
`
`
`
`(b) controlling the disk drive when it has been set in the
`
`
`
`
`
`
`
`
`
`
`
`
`partial data protection modesoasto allow it to be used
`
`
`
`
`
`
`
`
`for reading only, without said software utility program
`
`
`
`
`
`
`
`
`means and without password entry after powering off
`
`
`
`
`
`
`
`and r