William P. Bialick, Clarksville, Md.;
`
`
`
`[75]Inventors:
`
`
`
`Mark J. Sutherland, Milpitas, Calif.;
`WO 82/03286 9/1982 WIPO .
`WO 97/29416 8/1997 WIPO .
`
`
`Janet L. Dolphin-Peterson, Belvedere,
`
`
`Calif.; Thomas K. Rowland, Los
`
`
`
`Gatos, Calif.; Kirk W. Skeba, Fremont,
`
`
`
`Calif.; Russell D. Housley, Herndon,
`
`
`1997, pending.
`Va.
`
`
`
`
`
`I IIIII IIIIIIII Ill lllll lllll lllll lllll lllll lllll lllll lllll 111111111111111111
`US006088802A
`[11] Patent Number:
`6,088,802
`
`United States Patent
`[19J
`[45]Date of Patent:
`Jul. 11, 2000
`
`Bialick et al.
`
`[54]PERIPHERAL DEVICE WITH INTEGRATED
`
`SECURITY FUNCTIONALITY
`
`5,828,832 10/1998 Holden et al. ..................... 395/187.01
`
`
`
`
`5,878,142 3/1999 Caputo et al. ............................ 380/25
`
`FOREIGN PATENT DOCUMENTS
`
`OTHER PUBLICATIONS
`
`U.S. application No. 08/869,120, Bialick et al., filed Jun. 4,
`
`Primary Examiner�y V. Hua
`
`
`
`Spyrus, Inc., Santa Clara, Calif.
`[73]Assignee:
`
`Attorney, Agent, or Firm-David R. Graham
`
`[21] Appl. No.: 08/869,305
`
`[57]
`
`ABSTRACT
`
`Filed: Jun. 4, 1997
`[22]
`
`[56]
`
`
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`The invention enables a peripheral device to communicate
`
`
`
`
`
`
`
`with a host computing device to enable one or more security
`
`Int. Cl.7 ..................................................... G06K 14/67
`[51]
`
`
`
`
`operations to be performed by the peripheral device on data
`
`
`
`U.S. Cl. ........................... 713/200; 713/201; 713/202
`[52]
`
`
`
`
`
`stored within the host computing device, data provided from
`
`
`
`Field of Search ......................... 395/188.01, 187.01,
`[58]
`
`
`
`
`the host computing device to the peripheral device (which
`
`
`
`395/186; 380/4, 25, 49; 713/200, 201, 202
`
`
`
`
`
`can then be, for example, stored in the peripheral device or
`
`
`
`
`
`
`transmitted to yet another device), or data retrieved by the
`
`
`
`
`
`host computing device from the peripheral device (e.g., data
`
`
`
`that has been stored in the peripheral device, transmitted to
`
`
`the peripheral device from another device or input to the
`
`
`11/1987 Watanabe ................................ 235/379
`4,709,136
`
`
`
`
`peripheral device by a person). In particular, the peripheral
`
`3/1990 Dyke ......................................... 380/25
`4,910,776
`
`
`
`
`device can be adapted to enable, in a single integral periph
`
`3/1993 Lang ......................................... 380/25
`5,191,611
`
`
`
`eral device, performance of one or more security operations
`
`
`1/1994 McLean et al. ............................ 380/4
`5,282,247
`
`
`on data, and a defined interaction with a host computing
`
`3/1994 Orton ........................................ 380/30
`5,297,206
`
`
`
`device that has not previously been integrated with security
`
`
`8/1995 Holtey ... ... ... ... .... ... ... ... ... ... .... ... . 380/23
`5,442,704
`
`
`operations in a single integral device. The defined interac
`
`
`10/1995 Barrett et al. ........................... 360/133
`5,457,590
`
`
`
`tions can provide a variety of types of functionality ( e.g.,
`12/1995 Davis . ... ... ... ... .... ... ... ... ... ... .... ... . 380/25
`5,473,692
`
`
`
`data storage, data communication, data input and output,
`
`2/1996 Holtey ... ... ... ... .... ... ... ... ... ... .... .. 395 /800
`5,491,827
`
`
`6/1996 Gustafson et al. ........................ 379/58
`5,524,134
`
`
`
`user identification). The peripheral device can also be imple
`
`
`
`7/1996 Morisawa et al. ................. 395/188.01
`5,537,544
`
`
`
`
`mented so that the security operations are performed in-line,
`
`
`8/1996 Caputo et al. ............................ 380/25
`5,546,463
`
`
`
`
`i.e., the security operations are performed between the
`8/1996 Denslow ............................ 395/187.01
`5,548,721
`
`
`
`communication of data to or from the host computing device
`
`3/1997 Mooney et al. .......................... 380/25
`5,610,981
`
`and the performance of the defined interaction. Moreover,
`
`
`5 /1997 Stone, III et al. . ... ... .... ... ... ... .. 395 /883
`5,630,174
`
`
`
`the peripheral device can be implemented so that the secu
`
`
`6/1997 Kikinis .................................... 361/687
`5,640,302
`
`
`
`
`rity functionality of the peripheral device is transparent to
`
`
`12/1997 Hollenberg .. ... .... ... ... ... ... ... .... .. 364/514
`5,694,335
`the host computing device.
`
`
`
`
`
`4/1998 Lee et al. ... .... ... ... ... ... .... ... ... ... .. 380/23
`5,742,683
`
`
`6/1998 Novis et al. ............................ 235/492
`5,770,849
`
`
`39 Claims, 9 Drawing Sheets
`
`8/1998 Houvener et al. ... ... ... ... .... ... ... .. 380/23
`5,790,674
`
`605 606a 606b 606 604
`
`614
`
`603a
`
`µP
`
`D
`
`--,
`I
`
`I 611
`I
`I
`I
`I 615_.J��-�--...........,
`I
`
`603b
`
`I
`I
`-�-
`609 608 601
`607
`
`602
`
`613
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 1 of 21
`
`
`
`
`
`[75]Inventors:
`
`
`
`Mark J. Sutherland, Milpitas, Calif.;
`WO 82/03286 9/1982 WIPO .
`WO 97/29416 8/1997 WIPO .
`
`
`Janet L. Dolphin-Peterson, Belvedere,
`
`
`Calif.; Thomas K. Rowland, Los
`
`
`
`Gatos, Calif.; Kirk W. Skeba, Fremont,
`
`
`
`Calif.; Russell D. Housley, Herndon,
`
`
`1997, pending.
`Va.
`
`
`
`
`
`I IIIII IIIIIIII Ill lllll lllll lllll lllll lllll lllll lllll lllll 111111111111111111
`US006088802A
`[11] Patent Number:
`6,088,802
`
`United States Patent
`[19J
`[45]Date of Patent:
`Jul. 11, 2000
`
`Bialick et al.
`
`[54]PERIPHERAL DEVICE WITH INTEGRATED
`
`SECURITY FUNCTIONALITY
`
`5,828,832 10/1998 Holden et al. ..................... 395/187.01
`
`
`
`
`5,878,142 3/1999 Caputo et al. ............................ 380/25
`
`FOREIGN PATENT DOCUMENTS
`
`OTHER PUBLICATIONS
`
`U.S. application No. 08/869,120, Bialick et al., filed Jun. 4,
`
`Primary Examiner�y V. Hua
`
`
`
`Spyrus, Inc., Santa Clara, Calif.
`[73]Assignee:
`
`Attorney, Agent, or Firm-David R. Graham
`
`[21] Appl. No.: 08/869,305
`
`[57]
`
`ABSTRACT
`
`Filed: Jun. 4, 1997
`[22]
`
`[56]
`
`
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`The invention enables a peripheral device to communicate
`
`
`
`
`
`
`
`with a host computing device to enable one or more security
`
`Int. Cl.7 ..................................................... G06K 14/67
`[51]
`
`
`
`
`operations to be performed by the peripheral device on data
`
`
`
`U.S. Cl. ........................... 713/200; 713/201; 713/202
`[52]
`
`
`
`
`
`stored within the host computing device, data provided from
`
`
`
`Field of Search ......................... 395/188.01, 187.01,
`[58]
`
`
`
`
`the host computing device to the peripheral device (which
`
`
`
`395/186; 380/4, 25, 49; 713/200, 201, 202
`
`
`
`
`
`can then be, for example, stored in the peripheral device or
`
`
`
`
`
`
`transmitted to yet another device), or data retrieved by the
`
`
`
`
`
`host computing device from the peripheral device (e.g., data
`
`
`
`that has been stored in the peripheral device, transmitted to
`
`
`the peripheral device from another device or input to the
`
`
`11/1987 Watanabe ................................ 235/379
`4,709,136
`
`
`
`
`peripheral device by a person). In particular, the peripheral
`
`3/1990 Dyke ......................................... 380/25
`4,910,776
`
`
`
`
`device can be adapted to enable, in a single integral periph
`
`3/1993 Lang ......................................... 380/25
`5,191,611
`
`
`
`eral device, performance of one or more security operations
`
`
`1/1994 McLean et al. ............................ 380/4
`5,282,247
`
`
`on data, and a defined interaction with a host computing
`
`3/1994 Orton ........................................ 380/30
`5,297,206
`
`
`
`device that has not previously been integrated with security
`
`
`8/1995 Holtey ... ... ... ... .... ... ... ... ... ... .... ... . 380/23
`5,442,704
`
`
`operations in a single integral device. The defined interac
`
`
`10/1995 Barrett et al. ........................... 360/133
`5,457,590
`
`
`
`tions can provide a variety of types of functionality ( e.g.,
`12/1995 Davis . ... ... ... ... .... ... ... ... ... ... .... ... . 380/25
`5,473,692
`
`
`
`data storage, data communication, data input and output,
`
`2/1996 Holtey ... ... ... ... .... ... ... ... ... ... .... .. 395 /800
`5,491,827
`
`
`6/1996 Gustafson et al. ........................ 379/58
`5,524,134
`
`
`
`user identification). The peripheral device can also be imple
`
`
`
`7/1996 Morisawa et al. ................. 395/188.01
`5,537,544
`
`
`
`
`mented so that the security operations are performed in-line,
`
`
`8/1996 Caputo et al. ............................ 380/25
`5,546,463
`
`
`
`
`i.e., the security operations are performed between the
`8/1996 Denslow ............................ 395/187.01
`5,548,721
`
`
`
`communication of data to or from the host computing device
`
`3/1997 Mooney et al. .......................... 380/25
`5,610,981
`
`and the performance of the defined interaction. Moreover,
`
`
`5 /1997 Stone, III et al. . ... ... .... ... ... ... .. 395 /883
`5,630,174
`
`
`
`the peripheral device can be implemented so that the secu
`
`
`6/1997 Kikinis .................................... 361/687
`5,640,302
`
`
`
`
`rity functionality of the peripheral device is transparent to
`
`
`12/1997 Hollenberg .. ... .... ... ... ... ... ... .... .. 364/514
`5,694,335
`the host computing device.
`
`
`
`
`
`4/1998 Lee et al. ... .... ... ... ... ... .... ... ... ... .. 380/23
`5,742,683
`
`
`6/1998 Novis et al. ............................ 235/492
`5,770,849
`
`
`39 Claims, 9 Drawing Sheets
`
`8/1998 Houvener et al. ... ... ... ... .... ... ... .. 380/23
`5,790,674
`
`605 606a 606b 606 604
`
`614
`
`603a
`
`µP
`
`D
`
`--,
`I
`
`I 611
`I
`I
`I
`I 615_.J��-�--...........,
`I
`
`603b
`
`I
`I
`-�-
`609 608 601
`607
`
`602
`
`613
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 1 of 21
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 1 of 9
`
`6,088,802
`
`Host
`Computing
`Device
`
`101a , / H Security I 101
`
`Portable
`Device
`
`-
`-
`
`-
`-
`
`102
`
`/100
`
`FIG. 1
`(PRIOR ART)
`
`/200
`
`Host
`Computing
`Device
`
`-
`-
`
`.....
`-
`
`201
`
`Security
`Device
`
`Portable
`Device
`
`-
`-
`
`..._
`-
`
`203
`
`202
`
`FIG. 2
`(PRIOR ART)
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 2 of 21
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 2 of 9
`
`6,088,802
`
`300
`j
`
`Host
`Computing
`Device
`
`-
`
`)
`303
`
`301
`
`-
`
`~
`
`Peripheral
`Device
`I Security I 302
`
`\
`302a
`
`FIG. 3A
`
`FIG. 3B
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 3 of 21
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 3 of 9
`
`6,088,802
`
`/400
`
`Security
`Host
`Interface - - Functionality
`- -
`
`-
`
`Target
`- Functionality
`
`~
`
`403
`
`401
`
`402
`
`404
`
`FIG. 4
`
`500
`
`J
`
`501 --
`
`502
`
`Peripheral device establishes its identity.
`
`User connects peripheral device
`to host computing device.
`+
`-
`Host computing device detects presence
`of peripheral device .
`•
`503 -
`•
`504 -- Host computing device identifies peripheral device.
`+
`User interacts with host computing device
`to begin using peripheral device.
`
`505 --
`
`FIG. 5
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 4 of 21
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 4 of 9
`
`6,088,802
`
`'q"'
`,--
`co
`
`..c
`N
`
`N
`C) co
`
`•
`
`c.o
`(!) -LL
`
`v
`C) co
`
`..c
`co
`C) co
`co
`co
`0 co
`
`LO
`0 co
`
`,--
`LO
`,--
`,--
`co
`co
`------
`
`r -
`I
`
`~g
`I
`
`CX)
`
`C) co
`
`0)
`
`0 co
`
`r-,..
`0 co
`
`a..
`::t
`
`co
`Ct)
`0 co
`
`r
`
`,,
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`I
`I
`
`...J
`
`I
`I
`I
`I
`I
`I
`I
`I
`I I
`I_ -
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 5 of 21
`
`
`
`00 = N
`.... = 00
`
`....
`00
`
`0--,
`
`\C
`0 ....,
`Ul
`~ ....
`'JJ. =(cid:173)~
`
`C
`C
`C
`N
`"'"" ~
`"'""
`~ = :-
`
`~ = .....
`~ .....
`~
`•
`r:JJ.
`d •
`
`I
`
`Only
`~ , Target
`
`Security
`
`Only
`
`No
`
`No
`
`No
`
`/700
`
`FIG. 7A
`
`Request host to execute security device driver.
`
`701
`
`FIG. 78
`
`FIG. 7A
`
`FIG. 7
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 6 of 21
`
`
`
`00 = N
`.... = 00
`
`....
`00
`
`0--,
`
`\C
`0 ....,
`~ ....
`'JJ. =(cid:173)~
`
`O'I
`
`~
`
`C
`C
`C
`N
`"'"" ~
`"'""
`~
`
`~ = .....
`~ .....
`~
`•
`r:JJ.
`d •
`
`FIG. 78
`
`END
`
`718
`
`No
`
`Yes
`
`Execute transaction.
`
`for this transaction.
`target functionality
`regarding use of
`Input all instructions
`
`712
`
`708
`
`Execute transaction. , ..... 1-------'
`
`for this transaction.
`target functionality
`regarding use of
`Input all instructions
`
`for this transaction.
`target functionality
`regarding use of
`Input all instructions
`
`707
`
`710
`
`714
`
`711
`
`for a transaction.
`security functionality
`regarding use of
`Input all instructions
`
`for a transaction.
`security functionality
`regarding use of
`Input all instructions
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 7 of 21
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 7 of 9
`
`6,088,802
`
`"'1"
`0
`co
`;
`
`~
`<(
`a:
`
`Ct)
`0
`co
`l
`...c
`ca -
`en
`I
`
`::>
`a..
`(.)
`
`,--
`C) co
`\
`
`rl 1lrt>
`--(.)
`..... a:
`
`...._
`
`I.{)
`
`0 co '-
`
`/'
`C) co
`
`C)
`
`r-
`/&5
`
`-E
`~ en
`Q) · -
`...C C
`c... ctS
`
`·- ...c - (.)
`
`Q) Q)
`
`a..~
`
`en
`~ .E
`
`ctS
`(.)
`0 -
`
`<(
`(!)
`a...
`LL
`
`N
`co
`--- 0
`
`en
`::>
`ca
`<(
`
`~~ (.)
`a...
`
`CX)
`•
`
`-LL
`
`<( c -·- (.)
`C...~LL
`co
`:::::::
`co(.) a...
`
`O>
`_ca>
`............ (.)
`en => ·(cid:173)
`o C...>
`IE a.>
`oO
`(.)
`
`\
`co
`0 co
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 8 of 21
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 8 of 9
`
`6,088,802
`
`r---------,
`I
`I Cryptographic
`I
`I
`Processing
`I • Device
`I -
`Interface
`. -
`I •
`I
`I
`
`I
`I
`I
`I
`
`I'-
`
`808
`
`Host
`Interface
`
`_/
`
`806
`
`-
`
`~ I
`
`1---. i,.....---- I
`
`802
`
`I
`
`Target
`Functionality
`Interface
`
`I'--- 807
`
`FIG. 9A
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 9 of 21
`
`
`
`00 = N
`.... = 00
`
`....
`00
`
`0--,
`
`\C
`0 ....,
`\C
`~ ....
`'JJ. =(cid:173)~
`
`~
`
`C
`C
`C
`N
`"'"" ~
`"'""
`~
`
`~ = .....
`~ .....
`~
`•
`r:JJ.
`d •
`
`R
`E
`:
`T
`N
`I
`I
`~
`I
`I
`S
`I
`S
`I
`E
`1 C
`
`I
`
`I
`
`I
`I C
`~
`:
`
`I COMPACT FLASH 11 COMPACT FLASH I CARD ENABLE
`
`'12
`,,
`
`LCLADDRESSI
`
`,, LOCAL DATA
`
`LOCAL CONTROL
`
`I '16
`
`DCDR
`
`DATA BUFFER
`
`r-i 1/0 CONTROL
`
`'16
`'18,,
`:
`
`,,
`
`CNTLR
`STATE
`
`_
`
`DATA
`
`ADDRESS
`
`CNTR
`SECTOR -
`FLASH
`
`COMPACT
`
`1/0 CNTROL
`
`E •
`
`FIG. 9B
`
`911
`
`910
`
`REGISTERS ~
`Ill
`CONFIG
`LJ ---l------l----~--1---1
`
`~
`
`COMPACT FLASH INTERFACE
`
`~
`
`--7-----------~
`I
`I
`I
`
`1 S
`~ I/O
`I
`P
`I
`I
`0
`I
`I
`T
`I
`I
`P
`I
`y
`I
`I R
`r----------------------------------------C
`
`I
`
`16
`I
`I
`I
`BUF EN
`I
`I 18 BUFFER
`f-b:":-ADDA
`I
`I
`I
`
`BUFFER
`
`PCMCIA
`
`PCMCIA
`
`E
`C ~ DATA
`A
`F
`R
`E
`~
`I
`A
`I
`C
`~ I 8 CNTLR
`PCMCIA
`
`,... DETECTOR
`COMMAND
`
`REGISTER
`RDY/BSY
`
`I
`
`I
`
`RDY/BSY
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 10 of 21
`
`
`
`6,088,802
`
`1
`PERIPHERAL DEVICE WITH INTEGRATED
`SECURITY FUNCTIONALITY
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`This application is related to the commonly owned,
`co-pending United States patent Application entitled
`"Modular Security Device," by William P. Bialick, Mark J.
`Sutherland, Janet L. Dolphin-Peterson, Thomas K.
`Rowland, Kirk W. Skeba and Russell D. Housley, filed on
`the same date as the present application and having Attorney
`Docket No. SPY-003, the disclosure of which is incorpo(cid:173)
`rated by reference herein.
`
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`This invention relates to a peripheral, often portable,
`device (as well as the methods employed by such a periph(cid:173)
`eral device, and systems including such a peripheral device
`and a host computing device with which the peripheral
`device communicates) that can communicate with a host
`computing device to enable one or more security operations
`to be performed by the peripheral device on data stored
`within the host computing device, data provided from the
`host computing device to the peripheral device, or data
`retrieved by the host computing device from the peripheral
`device.
`2. Related Art
`Computing capability is becoming increasingly portable.
`In particular, there are more and more portable peripheral
`devices that are adapted for communication with a host
`computing device (e.g., desktop computer, notebook com(cid:173)
`puter or personal digital assistant) to enable particular func(cid:173)
`tionality to be achieved. These portable peripheral devices
`can take a variety of physical forms (e.g., PCMCIA cards,
`smart cards, CD-ROMs) and can perform an assortment of
`functions (e.g., storage, communications and cryptography).
`However, while portable computing affords a number of
`advantages, it has a significant disadvantage in that the
`computational environment (including the portable periph(cid:173)
`eral devices, the host computing devices in which they are
`used, and any other computational devices that communi(cid:173)
`cate with those devices) is more susceptible to security
`breaches, i.e., unauthorized access to, or modification of,
`programs and/or data resident within the environment.
`Consequently, cryptographic devices and methods have
`been developed for use with such computational environ(cid:173)
`ments (as well as other computational environments) to
`enable increased levels of environment security to be
`obtained.
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 1,
`a system 100 includes a host computing device 101 and a
`portable device 102. The host computing device 101 and
`portable device 102 are adapted to enable communication
`between the devices 101 and 102. The host computing
`device 101 includes a security mechanism 101a (which can
`be embodied by appropriately configured hardware, soft(cid:173)
`ware and/or firmware, such as, for example, a general
`purpose microprocessor operating in accordance with
`instructions of one or more computer programs stored in a
`data storage device such as a hard disk) which can be
`directed to perform one or more cryptographic operations.
`In the system 100, if it is desired to provide secured data
`from the host computing device 101 to the portable device
`
`2
`102, the host computing device 101 causes the security
`mechanism 101a to perform appropriate cryptographic
`operations on data before the data is transferred to the
`portable device 102. Similarly, the host computing device
`5 101 can receive secured data from the portable device 102
`and perform appropriate cryptographic operations on the
`data to convert the data into a form that enables the data to
`be accessed and/or modified by a person who is authorized
`to do so.
`10 A significant deficiency of the system 100 is that the
`security mechanism 101a is itself typically not adequately
`secure. It is commonly accepted that the components
`(including hardware, software and/or firmware) of most host
`computing devices are inherently insecure. This is because
`15 the system design of host computing devices is, typically,
`intentionally made open so that components made by dif(cid:173)
`ferent manufacturers can work together seamlessly. Thus, an
`unauthorized person may obtain knowledge of the operation
`of the security mechanism 101a (e.g., identify a crypto-
`20 graphic key), thereby enabling that person to gain access to,
`and/or modify, the (thought to be secured) data.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 2,
`25 a system 200 includes a host computing device 201, a
`portable device 202 and a security device 203. The host
`computing device 201, the portable device 202 and security
`device 203 are adapted to enable communication between
`the devices 201 and 202, and between the devices 201 and
`30 203. The security device 203 includes appropriately config(cid:173)
`ured hardware, software and/or firmware which can be
`directed to perform one or more cryptographic operations.
`In the system 200, if it is desired to provide secured data
`from the host computing device 201 to the portable device
`35 202, the host computing device 201 first causes data to be
`transferred to the security device 203, where appropriate
`cryptographic operations are performed on the data. The
`secured data is then transferred back to the host computing
`device 201, which, in turn, transfers the secured data to the
`40 portable device 202. Similarly, the host computing device
`201 can receive secured data from the portable device 202
`by, upon receipt of secured data, transferring the secured
`data to the security device 203, which performs appropriate
`cryptographic operations on the data to convert the data into
`45 a form that enables the data to be accessed and/or modified
`by a person who is authorized to do so, then transfers the
`unsecured data back to the host computing device 201.
`The system 200 can overcome the problem with the
`system 100 identified above. The security device 203 can be
`50 constructed so that the cryptographic functionality of the
`device 203 can itself be made secure. (Such a security device
`is often referred to as a security "token.") An unauthorized
`person can therefore be prevented ( or, at least, significantly
`deterred) from obtaining knowledge of the operation of the
`55 security device 203, thereby preventing ( or significantly
`deterring) that person from gaining access to, and/or
`modifying, the secured data.
`However, the system 200 may still not always ensure
`adequately secured data. In particular, unsecured data may
`60 be provided by the host computing device 201 to the
`portable device 202 if the host computing device 201-
`whether through inadvertent error or deliberate attack by a
`user of the host computing device 201, or through malfunc(cid:173)
`tion of the host computing device 201-fails to first transfer
`65 data to the security device 203 for appropriate cryptographic
`treatment before providing the data to the portable device
`202.
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 11 of 21
`
`
`
`3
`Additionally, the system 200 requires the use of two
`separate peripheral devices (portable device 202 and secu(cid:173)
`rity device 203) to enable the host computing device 201 to
`exchange secured data with the portable device 202. For
`several reasons, this may be inconvenient. First, both
`devices 202 and 203 may not be available at the time that it
`is desired to perform a secure data exchange (e.g., one may
`have been forgotten or misplaced). Second, even if both
`devices 202 and 203 are available, it may not be possible to
`connect both devices 202 and 203 at the same time to the
`host computing device 201, making use of the devices 202
`and 203 cumbersome and increasing the likelihood that
`unsecured data is provided by the host computing device
`201 to the portable device 202.
`
`15
`
`SUMMARY OF THE INVENTION
`A peripheral device according to the invention can be
`used to communicate with a host computing device to enable
`one or more security operations to be performed by the
`peripheral device on data stored within the host computing 20
`device, data provided from the host computing device to the
`peripheral device (which can then be, for example, stored in
`the peripheral device or transmitted to yet another device) or
`data retrieved by the host computing device from the periph(cid:173)
`eral device ( e.g., data that has been stored in the peripheral 25
`device, transmitted to the peripheral device from another
`device or input to the peripheral device by a person). In
`particular, the peripheral device can be adapted to enable, in
`a single integral peripheral device, performance of one or
`more security operations on data, and a defined interaction 30
`with a host computing device that has not previously been
`integrated with security operations in a single integral
`device. The defined interactions can provide a variety of
`types of functionality (e.g., data storage, data
`communication, data input and output, user identification), 35
`as described further below. The peripheral device can be
`implemented so that the peripheral device can be operated in
`any one of multiple user-selectable modes: a security func(cid:173)
`tionality only mode, a target functionality mode, and a
`combined security and target functionality mode. The 40
`peripheral device can also be implemented so that the
`security operations are performed in-line, i.e., the security
`operations are performed between the communication of
`data to or from the host computing device and the perfor(cid:173)
`mance of the defined interaction. Moreover, the peripheral
`device can be implemented so that the security functionality
`of the peripheral device is transparent to the host computing
`device.
`A peripheral device according to the invention can advan(cid:173)
`tageously enable application of security operations to a wide 50
`variety of interactions with a host computing device. In
`particular, a peripheral device according to the invention can
`accomplish this without necessity to use two peripheral
`devices: one that performs the security operations and one
`that performs the defined interaction. This can, for example, 55
`minimize the possibility that the device adapted to perform
`the defined interaction will be used with the host computing
`system without proper application of security operations to
`that interaction. Moreover, the provision of in-line security
`in a peripheral device according to the invention enables a 60
`more secure exchange of data between a host computing
`device and the peripheral device, overcoming the problems
`identified above in previous systems for performing security
`operations on data exchanged between such devices.
`Additionally, implementing a modular device according to 65
`the invention so that the performance of security operations
`by the modular device is transparent can reduce or eliminate
`
`45
`
`6,088,802
`
`4
`the need to modify aspects of the operation of the host
`computing device ( e.g., device drivers of the host computing
`device), making implementation and use of a data security
`system including the modular device simpler and easier.
`5 Thus, the possibility that a user will use the system incor(cid:173)
`rectly ( e.g., fail to apply security operations to an interaction
`with the host computing device, or apply the security
`operations incorrectly or incompletely) is reduced. Making
`the security operations transparent can also enhance the
`10 security of those operations.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 3A is a block diagram of a system according to the
`invention.
`FIG. 3B is a perspective view of a physical implementa(cid:173)
`tion of the system of FIG. 3A according to one embodiment
`of the invention.
`FIG. 4 is a block diagram of a peripheral device according
`to an embodiment of the invention.
`FIG. 5 is a flow chart of a method, according to an
`embodiment of the invention, for initiating use of a system
`according to the invention.
`FIG. 6 is a block diagram of a system, according to an
`embodiment of the invention, illustrating operation of the
`system during a method according to the invention as in
`FIG. 5.
`FIGS. 7A and 7B is a flow chart of a method, according
`to an embodiment of the invention, for using a peripheral
`device according to the invention.
`FIG. 8 is a block diagram of a peripheral device according
`to another embodiment of the invention.
`FIG. 9A is a block diagram illustrating the flow of data
`through the interface control device of FIG. 8.
`FIG. 9B is a block diagram of a particular embodiment of
`an interface control device for use in a peripheral device
`according to the invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`FIG. 3A is a block diagram of a system 300 according to
`the invention. The system 300 includes a host computing
`device 301 and a peripheral device 302 that communicate
`via a communications interface 303. Herein, "peripheral
`device" can refer to any device that operates outside of a
`host computing device and that is connected to the host
`computing device. The peripheral device 302 includes a
`security mechanism 302a that enables security operations
`(examples of which are described in more detail below) to
`be performed on data that is stored within the host comput(cid:173)
`ing device 301, data that is transmitted from the host
`computing device 301 to the peripheral device 302, or data
`that is transmitted from the peripheral device to the host
`computing device 301. As explained in more detail below,
`the peripheral device 302 also provides additional function(cid:173)
`ality (referred to herein as "target functionality") to the
`system 300, such as, for example, the capability to store data
`in a solid-state disk storage device, the capability to enable
`communications from the host computing device 301 to
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 12 of 21
`
`
`
`6,088,802
`
`5
`
`5
`another device, the capability to accept biometric input to
`enable user authentication to the host computing device 301,
`and the capability to receive and read a smart card inserted
`into the peripheral device 302.
`Generally, the communications interface 303 can be any
`embodied by any of a variety of communication interfaces,
`such as a wireless communications interface, a PCMCIA
`interface, a smart card interface, a serial interface (such as an
`RS-232 interface), a parallel interface, a SCSI interface or an
`IDE interface. Each embodiment of the communications 10
`interface 303 includes hardware present in each of the host
`computing device 301 and peripheral device 302 that oper(cid:173)
`ates in accordance with a communications protocol (which
`can be embodied, for example, by software stored in a
`memory device and/or firmware that is present in the host
`computing device 301 and/or peripheral device 302) appro(cid:173)
`priate for that type of communications interface, as known
`to those skilled in the art. Each embodiment of the commu(cid:173)
`nications interface 303 also includes mechanisms to enable
`physical engagement, if any, between the host computing 20
`device 301 and peripheral device 302.
`Generally, the security mechanism 302a can be config(cid:173)
`ured to perform any electronic data security operation
`(herein, referred to simply as "security operation")
`including, for example, operations that provide one or more
`of the basic cryptographic functions, such as maintenance of
`data confidentiality, verification of data integrity, user
`authentication and user non-repudiation. Particular security
`operations that can be implemented in a peripheral device
`according to the invention are described in more detail
`below.
`The security mechanism 302a can be, for example,
`embodied as a security token. Herein, "security token" refers
`to a device that performs security operations and that
`includes one or more mechanisms (such as, for example, use
`of a hardware random number generator and/or protected
`memory) to provide security for the content of those opera(cid:173)
`tions.
`FIG. 3B is a perspective view of a physical implementa- 40
`tion of the system 300 of FIG. 3A, according to one
`embodiment of the invention. In FIG. 3B, the peripheral
`device 302 is embodied as a card 312 that can be inserted
`into a corresponding slot 313 formed in a portable computer
`311 that, in FIG. 3B, embodies the host computing device 45
`301. Often a peripheral device according to the invention is
`a portable device, such as the card 312 shown in FIG. 3B.
`Herein, "portable device" can refer generally to any device
`that is capable of being easily carried by hand.
`FIG. 4 is a block diagram of a peripheral device 400 50
`according to an embodiment of the invention. The peripheral
`device 400 includes security functionality 401, target func(cid:173)
`tionality 402 and a host interface 403 that are formed
`together as part of a single physical device. For example, the
`security functionality 401 and target functionality 402 can 55
`be enclosed in a single, card-like housing (designated in
`FIG. 4 by the numeral 404) conforming to a PCM CIA card
`or smart card standard.
`The peripheral device 400 can have a number of advan(cid:173)
`tageous characteristics. The peripheral device 400 can be 60
`implemented in a manner that enables the security opera(cid:173)
`tions of the security functionality 401 to be performed in a
`manner that is transparent to a host computing device ( and,
`depending upon the particular implementation of the periph(cid:173)
`eral device 400, to a user of a system including the periph- 65
`eral device 400) of a system according to the invention, so
`that the host computing device (and, perhaps, user) is aware
`
`6
`only of the presence of the target functionality 402.
`Additionally, the peripheral device 400 can be implemented
`so that security operations are performed "in-line," i.e., the
`security operations are performed between the communica-
`tion of data to or from the host computing device and the
`performance of the target functionality provided by the
`peripheral device. Further, the peripheral device 400 enables
`a wide variety of secure target functionality to be easily
`provided to a host computing device.
`FIG. 5 is a flow chart of a method 500, according to an
`embodiment of the invention, for initiating use of a system
`according to the invention. The method 500 enables an
`aspect of the invention in which the presence of security
`functionality as part of a peripheral device is not detected by
`15 a host computing device, thus making the security function(cid:173)
`ality transparent to the host computing device and, depend(cid:173)
`ing upon the particular manner in which the security func(cid:173)
`tionality is implemented, to a user of the system.
`FIG. 6 is a block diagram of a system 600, according to
`an embodiment of the invention, illustrating operation of the
`system 600 during a method according to the invention such
`as the method 500 of FIG. 5. The system 600 includes a host
`computing device 601 and a peripheral device 602. The host
`computing device 601 includes a display device 603a (e.g.,
`25 a conventional computer display monitor) and user input
`device 603b (e.g., a keyboard, mouse, trackball, joystick or
`other appropriate device), referred to collectively hereinafter
`as user interface device 603. The host computing device 601
`also includes, mounted within a housing 604, a processing
`30 device 605, a memory device 606, an input/output (1/0)
`device 607 for enabling communication with the user inter(cid:173)
`face device 603, and an input/output (1/0) device 608 for
`enabling communication with peripheral device 602. The
`devices 605, 606, 607 and 608 can each be implemented by
`35 conventional such devices and can communicate with each
`other via a conventional computer bus 609, as is well known
`and understood. The peripheral device 602 includes security
`functionality 611, a memory device 612, an input/output
`(1/0) device 613 for enabling communication with the host
`computing device 601 and target functionality 614. The
`security functionality 611, memory device 612, 1/0 device
`613 and target functionality 614 can each be implemented by
`conventional devices and can communicate with each other
`via a conventional computer bus 615, as is well known and
`understood. The host computing device 601 and the periph(cid:173)
`eral device 602 are shown in simplified form in FIG. 6 to
`facilitate clarity in illustration of this aspect of the invention;
`as described in more detail below and as understood by those
`skilled in the art, the host computing device 601 and the
`peripheral device 602 can-and typically will-include
`other devices not shown in FIG. 6.
`Returning to FIG. 5, use of a system according to the
`invention begins when, as shown by step 501, a user of the
`system connects a peripheral device according to the inven(cid:173)
`tion to a host computing device. Such connection can occur
`in any manner that enables the peripheral device to com(cid:173)
`municate with the host computing device. Frequently, this
`will occur as a result of a physical connection of the
`peripheral device to the host computing device. (In general,
`such physical connection can occur either before or after the
`host computing device begins operating; however, in the
`former case, subsequent steps of the method 500-with the
`exception of, depending upon the implementation of the
`peripheral device, the step 503----cannot be performed until
`the host computing device begins operating.) For example,
`the peripheral device can be embodied in a card or disk ( e.g.,
`a card conforming to a PCM CIA form factor as established
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1001
`Page 13 of 21
`
`
`
`6,088,802
`
`7
`by the appropriate standard) that is inserted into a corre(cid:173)
`sponding socket formed in the host computing device. Or,
`the peripheral device can be embodied in a housing from
`which a cord extends, a plug of the cord being inserted into
`a mating receptacle formed in the host computing device. 5
`However, such physical connection need not necessarily
`occur; the peripheral device can also be connected to the
`host computing device by any type of wireless communi(cid:173)
`cation for which the host computing device contains an
`appropriate interface.
`Once connection between the peripheral device and the
`host computing device is made, the host computing device
`detects the presence of the perip
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
