throbber
PATENT:
`INVENTORS:
`
`FILE HISTORY
`US 6,088,802
`
`6,088,802
`Bialick, William P.
`Sutherland, Mark J.
`Dolphin Peterson, Janet L.
`Rowland, Thomas K.
`Skeba, Kirk W.
`Housley, Russell D.
`
`TITLE:
`
`Peripheral device with integrated
`security functionality
`
`APPLICATION
`NO:
`FILED:
`ISSUED:
`
`US1 997869305A
`
`04 JUN 1997
`11 JUL 2000
`
`COMPILED:
`
`03 OCT 2016
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 1 of 175
`
`

`

`l2Hi608880.1
`
`PATENT DATE
`JUL 1 1 lO!
`
`I PATENT
`NUMBER
`
`~~ILNUMBER
`
`FILING DATE
`/;'
`'
`
`t'
`
`,
`
`CLASS
`C," ' s"
`
`7t-3
`
`SUBCLASS
`
`I.
`
`Z,0V
`
`i
`
`GROUP ART UNIT
`EXAMINER
`. i:;i:I a\
`
`til
`
`.
`.
`
`.
`
`..
`
`.
`
`... ..
`
`... .
`
`...
`
`..
`
`I ll
`
`["W" A
`
`.1
`
`11%: T.
`"--I'0; N, I
`i
`
`C...
`
`BEST COPY
`
`I ~2II
`
`I
`
`! i/A
`
`ii I
`
`l: 1
`
`~''iI
`
`1j
`
`Foreign priority claimed
`85 USO 119 condllions met
`IldndAckrowldged
`
`0 yet
`[I
`
`0" 0
`V
`-.....
`
`AS
`FILED
`
`STATE OR SHEETS TOTAL
`COUNTRY DRWGS. CLAIMS
`
`INDEP.
`CLAIMS
`
`FILING FEE
`RECEIVED
`
`iiV I
`
`I; \;
`
`I':A ~ v
`
`.....
`
`...
`
`ATTORNEYS
`DOCKETNO
`
`h
`
`'..
`
`U.S. DEPT. OF COMM./ PAT & TM-PTO-436L (Rev.12-94)
`
`PARTS OF APPLICATION
`FILED SEPARATELY
`,........
`Ill ...
`NOTICE OF ALLOWANCE MAILED
`
`,
`
`Assistant Examiner "
`
`,YV
`
`HUA
`PRIMARY EXAMINER
`
`q
`~ Jq-~
`
`ISSUE FEE
`Date Paid.
`Amount Due
`~~- I~&~y
`
`!
`
`lil
`
`Label
`Area
`
`_
`
`' ,
`I
`.9 /
`'.am
`e
`"AII
`-
`I AppU~c , ns xaminer
`CLAIMS ALLOWED
`Total Claims
`Print Caim
`
`"
`
`1 1 1 '
`
`DRAWING
`Sheets Drwg. Figs. Drwg,
`
`ISU7
`I ~~BATCH ,,,A
`~Primary Examiner 1 NUMBER
`/,|().
`U
`PREPARED FOR ISSUEx
`i
`
`Print Fig.
`
`(
`
`/
`
`WARNING; The information disclosed herein may be restricted. Unauthorized disclosure
`e prohibited
`by the United States Code Title 35, Sections 122, 181 and 368. Poe
`ion outside the U.S.
`Patent & Trademark Office is restricted to authorized employees
`contractors only.
`
`Form PTO0436A
`(Rev. 8/92)
`
`i'tli)
`
`f\ -4:
`
`[SSUE FEE EN M~A
`
`Formal Drawings (Jhot
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 2 of 175
`
`

`

`6,088,802
`
`PERIPHERAL DEVICE WITH INTEGRATED SECURITY
`FUNCTIONALITY
`
`Transaction History
`
`Transaction Description
`Date
`06-04-1997 Workflow - Drawings Finished
`06-04-1997 Workflow - Drawings Matched with File at Contractor
`06-04-1997 Workflow - Drawings Received at Contractor
`Initial Exam Team nn
`07-14-1997
`IFW Scan & PACR Auto Security Review
`08-07-1997
`11-04-1997 Notice Mailed--Application Incomplete--Filing Date Assigned
`03-05-1998 Application Is Now Complete
`03-12-1998 Application Dispatched from OIPE
`03-12-1998 Application Dispatched from OIPE
`04-07-1998 Case Docketed to Examiner in GAU
`Information Disclosure Statement (IDS) Filed
`08-15-1998
`Information Disclosure Statement (IDS) Filed
`08-15-1998
`Information Disclosure Statement (IDS) Filed
`10-08-1998
`Information Disclosure Statement (IDS) Filed
`10-08-1998
`11-23-1998 Non-Final Rejection
`12-11-1998 Mail Non-Final Rejection
`03-15-1999 Response after Non-Final Action
`Supplemental Response
`03-18-1999
`03-25-1999 Date Forwarded to Examiner
`Information Disclosure Statement (IDS) Filed
`03-30-1999
`Information Disclosure Statement (IDS) Filed
`03-30-1999
`04-01-1999 Date Forwarded to Examiner
`06-07-1999 Mail Notice of Allowance
`06-07-1999 Notice of Allowance Data Verification Completed
`06-23-1999 Workflow - Drawings Received at Contractor
`06-24-1999 Workflow - Drawings Sent to Contractor
`09-13-1999 Workflow - Incoming Correspondence - Finish
`09-13-1999 Workflow - Incoming Correspondence - Begin
`Information Disclosure Statement (IDS) Filed
`09-13-1999
`Information Disclosure Statement (IDS) Filed
`09-13-1999
`09-13-1999 UnMatched Papers in Pubs
`09-13-1999 UnMatched Papers in Pubs
`Issue Fee Payment Verified
`09-14-1999
`12-16-1999 Mail Miscellaneous Communication to Applicant
`12-16-1999 Miscellaneous Communication to Applicant - No Action Count
`01-04-2000 Workflow - File Sent to Contractor
`05-26-2000 Workflow - Complete WF Records for Drawings
`05-28-2000 Application Is Considered Ready for Issue
`Issue Notification Mailed
`06-23-2000
`07-11-2000 Recordation of Patent Grant Mailed
`06-25-2008 Correspondence Address Change
`01-12-2012 ENTITY STATUS SET TO UNDISCOUNTED (INITIAL DEFAULT SETTING
`OR STATUS CHANGE)
`03-02-2015 Change in Power of Attorney (May Include Associate POA)
`03-02-2015 Correspondence Address Change
`File Marked Found
`09-29-2016
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 3 of 175
`
`

`

`PATENT APPLIUCATION
`WI
`III! IINDIUUB
`II Whit .INITIALS_________________
`111
`
`APPROVED FOR O''SE.'
`
`Date
`Entered
`or
`Countea
`
`CONTENTS
`
`1.
`
`-
`
`/
`-'A
`
`.7.
`
`9. 4 :
`
`d~lr-
`
`______12.
`
`Date
`Received
`orMailed
`
`,
`
`/
`~1 /
`
`(0
`
`~
`
`~
`
`1/
`
`9*'
`
`3e6" ,???.
`
`13.
`
`14.
`
`15.
`
`16.
`
`17.
`
`18.
`
`19.
`
`20.
`
`21.
`
`22.
`
`23.
`
`24.
`25.
`
`26.
`27.
`
`28.
`
`29.
`
`30.
`
`31.
`
`32.
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 4 of 175
`
`

`

`5-.---.-
`
`1-
`
`7)
`
`2~
`
`0
`
`PATENT NUMBER
`
`,Q
`
`4PPLICATI;
`
`ERIAL NUMSER
`
`APPUCAN S NAME (PLEASE PRINT)
`
`) ORIGINAL CLASSIFICATION
`SUBCLASS
`
`CLA$S
`
`7/3
`
`.'
`
`CLASS
`" 71.6
`
`___,_______,_
`
`CROSS REFERENCE(S)
`SUBCLASS
`(ONE SUBCLASS PER BLOCK)
`
`IF REISSUE. ORIGINAL PATENT NUMBER
`
`INTERNATIONAL CLASSIFICATION
`
`lii
`TI
`
`PTO 270
`(RE V. 5-.1)
`
`ASSISTANT EXAMINER (PLEASE STAMP' OR PRINT FULL NAME)
`GROUP
`7ART
`.ANRPLS
`UNIT
`MR
`-IR (PLEASE STA M P OR PRINT FULL NAME)
`V
`"RIMAY
`S/L
`UF
`.S
`M
`
`M
`
`ISSUE CLASSIFICATION SLIP
`
`U.S. DEPARTMENT OF COMMW
`PATENT AND TRADEMARK
`
`Liaim{
`
`d~b.L
`
`fl~t~
`
`Date
`
`nod
`)ns met
`
`dedged "
`
`APPLIC
`%RATEL
`
`ALLOY
`
`ISSUE I
`
`Lab
`Arei
`
`,FJ 4 1V1 =
`IL. !. '
`
`23.+
`
`39
`
`,,-
`-
`
`-
`
`-
`
`, ,
`
`,Z-,42
`3
`
`1-Z
`I
`
`'. /6
`
`4 6
`47
`48
`
`34
`35
`36 5 3
`
`38
`
`40
`41
`
`'46
`47
`48
`49
`
`"
`
`."
`=..
`
`'
`
`J
`
`.0
`
`51
`52
`53
`54
`55
`56
`157
`59 "
`
`61
`
`62
`63
`64
`165
`66
`67
`68
`69
`70
`71
`72
`73
`74
`75
`76
`77
`78
`79
`80
`8182
`!83
`84
`65
`86
`
`SYMBOLS
`Rejected
`......................
`...
`............ AlloWed
`(Through numberal) Canceled
`-
`RestrIcled
`+ ..............................
`N ..............
`Non-elected
`I .................................
`Interference
`A ................................. Appeal
`0 ...............
`Objected
`
`__
`
`871
`
`91
`92
`93
`194
`90
`95
`96
`97
`98
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 5 of 175
`
`

`

`POSITION
`CLASSIFIER
`
`EXAMINER
`TYPIST
`VERIFIER
`CORPS CORR.
`SPEC. HAND
`FILE MAINT. "...
`DRAFTING
`
`ID NO.
`
`DATE
`
`?
`
`"i f x
`
`,
`
`.
`, JiLL
`
`'-/
`
`..........
`"_7v oI-,""
`" /',F7 d
`
`jkftL
`
`_
`
`____,
`
`INDEX OF CLAIMS
`
`Claim',
`
`Date"
`
`Claim
`
`Date
`
`r,
`
`-
`
`0 5
`
`2
`53
`54
`55
`
`57
`58
`59
`60
`61
`62
`63
`64
`65
`66
`67
`
`70
`71
`72
`73
`74
`75
`76
`77
`78
`
`80
`181
`
`85
`
`87,
`881
`
`90
`91
`92
`93
`94
`
`96
`
`97
`98o
`
`ir
`
`1
`
`led
`ns met a
`'Wged "
`
`%PPLIC
`kRATEi
`
`ALLOI
`
`ISSUE
`
`_L" 4 V/-
`
`I
`
`15. + .' '
`
`16
`
`J- .
`
`..
`
`kK t
`
`22 o. ',
`
`3
`
`-,
`:
`
`10 376
`
`,9 ! 39
`XZ7 40
`101 41
`43
`344
`
`S46
`
`47
`
`49
`
`SYMBOLS
`
`.................................... Rejected
`" ............ Allowed
`..........
`(Throuah nurbetral) Canceled
`.
`+ .................... RestrIcted
`N ............................ N on-elecled
`.Interference
`I .................................
`A ................. Appeal
`0 ................................. Objected
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 6 of 175
`
`

`

`. I
`
`V
`
`SEARCH NOTES
`
`Date
`
`Exmr.
`Exmr.
`
`#P3
`
`SEARCHED
`
`Class
`
`Sub.
`
`Date
`
`Exmr.
`
`ii
`i7'o b
`
`/'~o 4',5/
`(
`(ji/~~~(
`
`4)/I
`
`/
`
`/
`
`- ,
`
`-Z
`
`20/
`
`L
`a/ t~
`
`-
`
`7 7
`
`/3'
`
`INTERFERENCE SEARCHED
`Class
`Sub.
`Date
`Exmr.
`
`71:3-U o
`
`6/zr 7
`
`zo6 -
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 7 of 175
`
`

`

`United States Patent [19]
`Bialick et al.
`
`[II] Patent Number:
`[45] Date of Patent:
`
`6,088,802
`Jul. 11, 2000
`
`[54] PERIPHERAL DEVICE WITH INTEGRATED
`SECURITY FUNCTIONALITY
`
`[75]
`
`inventors: William P. Bialick, Clarksville, Md.;
`Mark J. Sutherland, Milpitas, Calif.;
`Janet L. Dolphin-Peterson, Belvedere,
`Calif.; Thomas K. Rowland, Los
`Gatos, Calif.; Kirk W. Skeba, Fremont,
`Calif.; Russell D. Housley, lerndon,
`Va.
`
`[73] Asosignee: Spyrus, Inc., Santa Clara, Calif.
`
`38012.5
`
`5,878,142
`
`5,828,832 10/1998 Holden et at......... 395/187.01
`3/1999 Caputo et al.
`............
`FOREIGN PATENT DOCUMENTS
`WO 82/03286
`9/1982 WIPO.
`WO 97/29416
`8/1997 WIPO.
`011IER PUBLICATIONS
`U.S. application No. 08/869,120, Bialick et al., filed Jun. 4,
`1997, pending.
`Primary Examiner-ly V. IlIua
`Attorney, Agent, or Finn-David R. Graham
`
`[21] Appl. No.: 08/869,305
`
`[57]
`
`ABSTRACT
`
`[22] Filed:
`Jun. 4, 1997
`Int. C ..... . . . . . . . . . . . . . . . . . . G06K 14/67
`[51]
`.... 713/200; 713/201; 713/202
`[52] U.S. Ci. .......
`[58] Field of Search ...........
`395/188.01, 187.01,
`395/186; 380/4, 25, 49; 7131200, 201, 202
`
`Refernces Cited
`
`U.S. PAIENT DOCUMENTS
`
`4,709,136
`4,910.776
`5, t91.61 t
`5,282,247
`5,297,206
`5,442.704
`5,457.590
`5,473,692
`5,491,827
`5,524,134
`5,537,544
`5,546.463
`5,548721
`5,610,981
`5.630174
`5,640,302
`5,694,335
`5.742,683
`51770,849
`5,790,674
`
`11/1987
`3/1990
`3/1993
`1/1994
`3/1994
`8/1995
`10/1995
`12/1995
`2/1996
`6/1996
`7/1996
`8/1996
`8/ 1996
`3/1997
`5/1997
`6/1997
`12/1997
`4/1998
`6/1998
`8/1998
`
`2/379
`...............
`Watanabe
`380/25
`..............
`Dyke .....
`380/2-5
`....................
`tang
`McLean et al.
`..............
`380/4
`380/.3
`Orion
`...................
`Holtey ...
`................
`380/23
`................ 360/133
`Barr
`et al
`380/25
`Davis ...................
`395/800-
`Holtey .....
`Gustafson e at............
`379/58
`395/188.01
`Morisawa et at.........
`Caputo et at .. _.......
`... 380/25
`...........
`Denslow ..
`395/187.01
`Mooney et at .............
`380/25
`Stone, III et at
`395/883
`............
`361/687
`.................
`Kikinis
`Hollenherg
`..............
`364/514
`Lee et al _
`.....
`......... 380/23
`Novis et at .. __......
`.... 235/492
`Houvener et al.......
`..... 380/23
`
`The invention enables a peripheral device to communicate
`with a host computing device to enable one or more security
`operations to be performed by the peripheral device on data
`stored within the host computing device, data provided from
`the host computing device to the peripheral device (which
`can then be, for example, stored in the peripheral device or
`transmitted to yet another device), or data retrieved by the
`host computing device from the peripheral device (e.g., data
`that has been stored in the peripheral device, transmitted to
`the peripheral device from another device or input to the
`peripheral device by a person). In particular, the peripheral
`device can be adapted to enable, in a single integral periph-
`eral device, performance of one or more security operations
`on data, and a defined interaction with a host computing
`device that has not previously been integrated with security
`operations in a single integral device- Me defined interac-
`tions can provide a variety of types of functionality (e.g.,
`data storage, data communication, data input and output,
`user identification). The peripheral device can also be imple-
`mented sn that the security operations are performed in-line,
`iye.,
`the security operations are performed between
`the
`communication of data to or from the host computing device
`and the performance of the defined interaction. Moreover,
`the peripheral device can be implemented so that the secu-
`rity functionality of the peripheral device is transparent to
`the host computing device.
`
`39 Claims, 9 Drawing Sheets
`
`603b
`
`.47 60
`607
`609
`
`08 60
`608 60
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 8 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet I of 9
`
`690889802
`
`/ o100
`
`/ 200
`
`101a
`
`FIG. 1
`(PRIOR ART)
`
`FIG. 2
`(PRIOR ART)
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 9 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 2 of 9
`
`690889802
`
`300j
`
`Host
`Computing
`Device
`
`Peripheral
`Device
`
`302
`
`ity
`
`302a
`
`301
`
`303
`
`FIG. 3A
`
`FIG. 3B
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 10 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 3 of 9
`
`690889802
`
`Security
`Host
`Interface 41--W Functionality
`
`41--
`
`Target
`Functionality
`
`400
`
`403
`
`401
`
`402
`
`404
`
`-1
`
`FIG. 4
`
`500
`Pr
`
`User connects peripheral device
`to host computing device.
`
`Host computing device detects presence
`of peripheral device.
`
`1
`
`501
`
`502
`
`503 -H
`
`Peripheral device establishes its identity.
`
`504
`
`Host computing device identifies peripheral device.
`
`505
`
`User interacts with host computing device
`to begin using peripheral device.
`
`FIG. 5
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 11 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 4 of 9
`
`690889802
`
`(0
`
`6 r
`
`I
`
`I
`
`I
`
`II
`
`I
`
`I
`
`I
`I..
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 12 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 5 of 9
`
`690889802
`
`P--
`
`LL.
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 13 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 6 of 9
`
`6,088,802
`
`I
`
`N-
`
`00
`
`U
`
`U
`
`CCO
`cu
`
`C
`
`N,,
`LL
`6
`
`?
`
`CIS
`
`02
`
`e'J
`
`.2
`
`C o -
`
`0)
`
`CO
`-
`
`A0
`4
`
`Z-.4
`
`N-
`
`IC
`
`U
`
`I IZ
`1I?
`
`K
`
`ca
`C
`
`05 0
`
`ca
`.9 ca-
`C
`
`CU
`cc
`
`U)
`
`co
`
`73CO
`05LC
`cctso
`
`1I
`
`CD
`o
`
`00
`
`cc
`
`= C
`
`-O
`
`5
`
`i..a
`
`cc 0 o
`
`c :
`
`ca
`
`0
`w-
`
`C::0-
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 14 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 7 of 9
`
`6,088,802
`
`00
`
`6 l
`
`L
`
`t CD
`
`-a))
`
`0- >
`
`0
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 15 of 175
`
`

`

`U.S. Patent
`
`JuL 11, 2000
`
`Sheet 8 of 9
`
`6,088,802
`
`H,
`In
`
`I
`I
`
`I
`I
`
`S-
`
`)hic
`
`806
`
`'"-808
`
`FIG. 9A
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 16 of 175
`
`

`

`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 9 of 9
`
`6,088,802
`
`LL
`
`-nhIIIIzoI
`'tilliowi
`NZtii
`
`1a2
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 17 of 175
`
`

`

`6,088,802
`
`1
`PERIPHERAL DEVICE WITH INTEGRATED
`SECURITY FUNCTIONALITY
`
`CROSS-REFERENCE TO RELAFI.ED
`APPLICAFION
`This application is related
`to the commonly owned,
`co-pending United States patent Application entitled
`"Modular Security Device," by William P. Bialick, Mark J.
`Sutherland, Janet L. Dolphin-Peterson, Thomas K.
`Rowland, Kirk W. Skeba and Russell D. ilousley, filed on
`the same date as the present application and havingAttomey
`Docket No. SPY-003, the disclosure of which is incorpo-
`rated by reference herein.
`
`BACKGROUND OF TIL INVENTION
`1. Field of the Invention
`This invention relates to a peripheral, often portable,
`device (as well as the methods employed by such a periph-
`eral device, and systems including such a peripheral device
`and a host computing device with which the peripheral
`device communicates) that can communicate with a host
`computing device to enable one or more security operations
`to be performed by the peripheral device on data stored
`within the host computing device, data provided from the
`host computing device to the peripheral device, or data
`retrieved by the host computing device from the peripheral
`device.
`2. Related Art
`Computing capability is becoming increasingly portable.
`In particular, there are more and more portable peripheral
`devices that are adapted for communication with a host
`computing device (e.g., desktop computer, notebook com-
`puter or personal digital assistant) to enable particular func-
`tionality to be achieved. These portable peripheral devices
`can take a variety of physical forms (e.g., PCMCIA cards,
`smart cards, CD-ROMs) and can perform an assortment of
`functions (e.g., storage, communications and cryptography).
`However, while portable computing affords a number of
`advantages, it has a significant disadvantage
`in that the
`computational environment (including the portable periph-
`eral devices, the host computing devices in which they are
`used, and any other computational devices that communi-
`cate with those devices) is more susceptible to security
`breaches, i.e., unauthorized access to, or modification of,
`programs and/or data resident within the environment.
`Consequently, cryptographic devices and methods have
`been developed for use with such computational environ-
`ments (as well as other computational environments) to
`enable increased
`levels of environment security to be
`obtained.
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 1,
`a system 100 includes a host computing device 101 and a
`portable device 102. The host computing device 101 and
`portable device 102 are adapted to enable communication
`between the devices 101 and 102. The host computing
`device 101 includes a security mechanism 101a (which can
`be embodied by appropriately configured hardware, soft-
`ware and/or firmware, such as, for example, a general
`purpose microprocessor operating in accordance with
`instructions of one or more computer programs stored in a
`data storage device such as a hard disk) which can be
`directed to perform one or more cryptographic operations.
`In the system 100, if it is desired to provide secured data
`from the host computing device 101 to the portable device
`
`102, the host computing device 101 causes the security
`mechanism 101a
`to perform appropriate cryptographic
`operations on data before the data is transferred
`to the
`portable device 102. Similarly, the host computing device
`5 101 can receive secured data from the portable device 102
`and perform appropriate cryptographic operations on the
`data to convert the data into a form that enables the data to
`be accessed and/or modified by a person who is authorized
`to do so.
`A significant deficiency of the system 100 is that the
`security mechanism l01a is itself typically not adequately
`secure. It is commonly accepted that
`the components
`(including hardware, software and/or firmware) of most host
`computing devices are inherently insecure. This is because
`the system design of host computing devices is, typically,
`intentionally made open so that components made by dif-
`ferent manufacturers can work together seamlessly. Thus, an
`unauthorized person may obtain knowledge of the operation
`of the security mechanism 101a (e.g., identify a crypto-
`,2c graphic key), thereby enabling that person to gain access to,
`and/or modify, the (thought to be secured) data.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 2,
`'75 a system 200 includes a host computing device 201, a
`portable device 202 and a security device 203. The host
`computing device 201, the portable device 202 and security
`device 203 are adapted to enable communication between
`the devices 201 and 202, and between the devices 201 and
`30 203. The security device 203 includes appropriately config-
`ured hardware, software and/or firmware which can be
`directed to perform one or more cryplographic operations.
`In the system 200, if it is desired to provide secured data
`from the host computing device 201 to the portable device
`3 202, the host computing device 201 first causes data to be
`transferred to the security device 203, where appropriate
`cryptographic operations are performed on the data. The
`secured data is then transferred back to the host computing
`device 201, which, in turn, transfers the secured data to the
`40 portable device 202. Similarly, the host computing device
`201 can receive secured data from the portable device 202
`by, upon receipt of secured data, transferring the secured
`data to the security device 203, which performs appropriate
`cryptographic operations on the data to convert the data into
`45 a form that enables the data to be accessed and/or modified
`by a person who is authorized to do so, then transfers the
`unsecured data back to the host computing device 201.
`The system 200 can overcome the problem with the
`system 100 identified above. The security device 203 can be
`50 constructed so that the cryptographic functionality of the
`device 203 can itself be made secure. (Such a security device
`is often referred to as a security "token.") An unauthorized
`person can therefore be prevented (or, at least, significantly
`deterred) from obtaining knowledge of the operation of the
`55 security device 203, thereby preventing (or significantly
`deterring) that person from gaining access to, and/or
`modifying, the secured data.
`Ilowever, the system 200 may still not always ensure
`adequately secured data. In particular, unsecured data may
`6o be provided by the host computing device 201
`to the
`portable device 202 if the host computing device 201-
`whether through inadvertent error or deliberate attack by a
`user of the host computing device 201, or through malfunc-
`tion of the host computing device 201-fails to first transfer
`65 data to the security device 203 for appropriate cryptographic
`treatment before providing the data to the portable device
`202.
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 18 of 175
`
`

`

`6,088,802
`
`the need to modify aspects of the operation of the host
`computing device (e.g., device drivers of the host computing
`device), making implementation and use of a data security
`system including the modular device simpler and easier.
`5 Thus, the possibility that a user will use the system incor-
`rectly (e.g., fail to apply security operations to an interaction
`with the host computing device, or apply the security
`operations incorrectly or incompletely) is reduced. Making
`the security operations transparent can also enhance the
`10 security of those operations.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`3
`Additionally, the system 200 requires the use of two
`separate peripheral devices (portable device 202 and secu-
`rity device 203) to enable the host computing device 201 to
`exchange secured data with the portable device 202. For
`several reasons, this may be inconvenient. First, both
`devices 202 and 203 may not be available at the time that it
`is desired to perform a secure data exchange (e.g., one may
`have been forgotten or misplaced). Second, even if both
`devices 202 and 203 are available, it may not be possible to
`connect both devices 202 and 203 at the same time to the
`host computing device 201, making use of the devices 202
`and 203 cumbersome and increasing the likelihood that
`unsecured data is provided by the host computing device
`201 to the portable device 202.
`
`SUMMARY OF THE INVENTION
`A peripheral device according to the invention can be
`used to communicate with a host computing device to enable
`one or more security operations to be performed by the
`peripheral device on data stored within the host computing
`device, data provided from the host computing device to the
`peripheral device (which can then be, for example, stored in
`the peripheral device or transmitted to yet another device) or
`data retrieved by the host computing device from the periph-
`eral device (e.g., data that has been stored in the peripheral
`device, transmitted to the peripheral device from another
`device or input to the peripheral device by a person). In
`particular, the peripheral device can be adapted to enable, in
`a single integral peripheral device, performance o one or
`more security operations on data, and a defined interaction
`with a host computing device that has not previously been
`integrated with security operations in a single integral
`device. The defined interactions can provide a variety of
`types of functionality (e.g., data storage, data
`communication, data input and output, user identification),
`as described further below. The peripheral device can be
`implemented so that the peripheral device can be operated in
`any one of multiple user-selectable modes: a security func-
`tionality only mode, a target functionality mode, and a
`combined security and
`target functionality mode. The
`peripheral device can also be implemented so that
`the
`security operations are performed in-line, i.e., the security
`operations are performed between the communication of
`data to or from the host computing device and the perfor-
`mance of the defined interaction. Moreover, the peripheral
`device can be implemented so that the security functionality
`of the peripheral device is transparent to the host computing
`device.
`A peripheral device according to the invention can advan-
`tageously enable application of security operations to a wide
`variety of interactions with a host computing device. In
`particular, a peripheral device according to the invention can
`accomplish this without necessity
`to use two peripheral
`devices: one that performs the security operations and one
`that performs the defined interaction. This can, for example,
`minimize the possibility that the device adapted to perform
`the defined interaction will be used with the host computing
`system without proper application of security operations to
`that interaction. Moreover, the provision of in-line security
`in a peripheral device according to the invention enables a
`more secure exchange of data between a host computing
`device and the peripheral device, overcoming the problems
`identified above in previous systems for performing security
`operations on data exchanged between such devices.
`Additionally, implementing a modular device according to
`the invention so that the performance of security operations
`by the modular device is transparent can reduce or eliminate
`
`2O
`
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 3A is a block diagram of a system according to the
`invention.
`FIG. 3B is a perspective view of a physical implementa-
`tion of the system of FIG. 3A according to one embodiment
`of the invention.
`'5 FIG. 4 is a block diagram of a peripheral device according
`to an embodiment of the invention.
`FIG. 5 is a flow chart of a method, according to an
`embodiment of the invention, for initiating use of a system
`30 according to the invention.
`FIG. 6 is a block diagram of a system, according to an
`embodiment of the invention, illustrating operation of the
`system during a method according to the invention as in
`FIG. 5.
`FIGS. 7A and 7B is a flow chart of a method, according
`to an embodiment of the invention, for using a peripheral
`device according to the invention.
`FIG. 8 is a block diagram of a peripheral device according
`to another embodiment of the invention.
`FIG. 9A is a block diagram illustrating the flow of data
`through the interface control device of FIG. 8.
`FIG. 9B is a block diagram of a particular embodiment of
`an interface control device for use in a peripheral device
`45 according to the invention.
`
`35
`
`40
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`so
`
`FIG. 3A is a block diagram of a system 300 according to
`the invention. The system 300 includes a host computing
`device 301 and a peripheral device 302 that communicate
`via a communications interface 303. Herein, "peripheral
`device" can refer to any device that operates outside of a
`host computing device and that is connected to the host
`55 computing device. The peripheral device 302 includes a
`security mechanism 3 02 a that enables security operations
`(examples of which are described in more detail below) to
`be performed on data that is stored within the host comput-
`that is transmitted from the host
`ing device 301, data
`60 computing device 301 to the peripheral device 302, or data
`that is transmitted from the peripheral device to the host
`computing device 301. As explained in more detail below,
`the peripheral device 302 also provides additional function-
`ality (referred to herein as "'target functionality") to the
`65 system 300, such as, for example, the capability to store data
`in a solid-state disk storage device, the capability to enable
`communications from the host computing device 301 to
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 19 of 175
`
`

`

`6,088,802
`
`5
`another device, the capability to accept biometric input to
`enable user authentication to the host computing device 301,
`and the capability to receive and read a smart card inserted
`into the peripheral device 302.
`Generally, the communications interface 303 can be any
`embodied by any of a variety of communication interfaces,
`such as a wireless communications interface, a PCMCIA
`interface, a smart card interface, a serial interface (such as an
`RS-232 interface), a parallel interface, a SCSI interface or an
`IDE interface. Each embodiment of the communications
`interface 303 includes hardware present in each of the host
`computing device 301 and peripheral device 302 that oper-
`ates in accordance with a communications protocol (which
`can be embodied, for example, by software stored in a
`memory device and/or firmware that is present in the host
`computing device 301 and/or peripheral device 302) appro-
`priate for that type of communications interface, as known
`to those skilled in the art. Each embodiment of the commu-
`nications interface 303 also includes mechanisms to enable
`physical engagement, if any, between the host computing
`device 301 and peripheral device 302.
`Generally, the security mechanism 302a can be config-
`ured to perform any electronic data security operation
`(herein, referred
`to simply as "security operation")
`including, for example, operations that provide one or more
`of the basic cryptographic functions, such as maintenance of
`data confidentiality, verification of data integrity, user
`authentication and user non-repudiation. Particular security
`operations that can be implemented in a peripheral device
`according to the invention are described in more detail
`below.
`The security mechanism 302a can be, for example,
`embodied as a security token. Herein, 'security token" refers
`to a device that performs security operations and
`that
`includes one or more mechanisms (such as, for example, use
`of a hardware random number generator and/or protected
`memory) to provide security for the content of those opera-
`tions.
`FIG. 3B is a perspective view of a physical implementa-
`tion of the system 300 of FIG. 3A, according
`to one
`embodiment of the invention. In FIG. 3B, the peripheral
`device 302 is embodied as a card 312 that can be inserted
`into a corresponding slot 313 formed in a portable computer
`311 that, in FIG. 3B, embodies the host computing device
`301. Often a peripheral device according to the invention is
`a portable device, such as the card 312 shown in FIG. 31.
`Herein, -portable device" can refer generally to any device
`that is capable of being easily carried by hand.
`FIG. 4 is a block diagram of a peripheral device 400
`according to an embodiment of the invention. The peripheral
`device 400 includes security functionality 401, target func-
`tionality 402 and a host interface 403 that are formed
`together as part of a single physical device. For example, the
`security functionality 401 and target functionality 402 can
`be enclosed in a single, card-like housing (designated in
`FIG. 4 by the numeral 404) conforming to a PCMCIA card
`or smart card standard.
`The peripheral device 400 can have a number of advan-
`tageous characteristics. The peripheral device 400 can be
`implemented in a manner that enables the security opera-
`tions of the security functionality 401 to be performed in a
`manner that is transparent to a host computing device (and,
`depending upon the particular implementation of the periph-
`eral device 400, to a user of a system including the periph-
`eral device 400) of a system according to the invention, so
`that the host computing device (and, perhaps, user) is aware
`
`10
`
`only of the presence of the
`target functionality 402.
`Additionally, the peripheral device 400 can be implemented
`so that security operations are performed "in-line," i.e., the
`security operations are performed between the communica-
`5 tion of data to or from the host computing device and the
`performance of the target functionality provided by the
`peripheral device. Further, the peripheral device 400 enables
`a wide variety of secure target functionality to be easily
`provided to a host computing device.
`FIG. 5 is a flow chart of a method 500, according to an
`embodiment of the invention, for initiating use of a system
`according to the invention. The method 500 enables an
`aspect of the invention in which the presence of security
`functionality as part of a peripheral device is not detected by
`I a host computing device, thus making the security function-
`ality transparent to the host computing device and, depend-
`ing upon the particular manner in which the security func-
`tionality is implemented, to a user of the system.
`FIG. 6 is a block diagram of a system 600, according to
`,jo an embodiment of the invention, illustrating operation of the
`system 600 during a method according to the invention such
`as the method 500 of FIG. 5. The system 600 includes a host
`computing device 601 and a peripheral device 602. The host
`computing device 601 includes a display device 603a (e.g.,
`cs a conventional computer display monitor) and user input
`device 603b (e.g., a keyboard, mouse, trackball, joystick or
`other appropriate device), referred to collectively hereinafter
`as user interface device 603. The host computing device 601
`also includes, mounted

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket