`INVENTORS:
`
`FILE HISTORY
`US 6,088,802
`
`6,088,802
`Bialick, William P.
`Sutherland, Mark J.
`Dolphin Peterson, Janet L.
`Rowland, Thomas K.
`Skeba, Kirk W.
`Housley, Russell D.
`
`TITLE:
`
`Peripheral device with integrated
`security functionality
`
`APPLICATION
`NO:
`FILED:
`ISSUED:
`
`US1 997869305A
`
`04 JUN 1997
`11 JUL 2000
`
`COMPILED:
`
`03 OCT 2016
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 1 of 175
`
`
`
`l2Hi608880.1
`
`PATENT DATE
`JUL 1 1 lO!
`
`I PATENT
`NUMBER
`
`~~ILNUMBER
`
`FILING DATE
`/;'
`'
`
`t'
`
`,
`
`CLASS
`C," ' s"
`
`7t-3
`
`SUBCLASS
`
`I.
`
`Z,0V
`
`i
`
`GROUP ART UNIT
`EXAMINER
`. i:;i:I a\
`
`til
`
`.
`.
`
`.
`
`..
`
`.
`
`... ..
`
`... .
`
`...
`
`..
`
`I ll
`
`["W" A
`
`.1
`
`11%: T.
`"--I'0; N, I
`i
`
`C...
`
`BEST COPY
`
`I ~2II
`
`I
`
`! i/A
`
`ii I
`
`l: 1
`
`~''iI
`
`1j
`
`Foreign priority claimed
`85 USO 119 condllions met
`IldndAckrowldged
`
`0 yet
`[I
`
`0" 0
`V
`-.....
`
`AS
`FILED
`
`STATE OR SHEETS TOTAL
`COUNTRY DRWGS. CLAIMS
`
`INDEP.
`CLAIMS
`
`FILING FEE
`RECEIVED
`
`iiV I
`
`I; \;
`
`I':A ~ v
`
`.....
`
`...
`
`ATTORNEYS
`DOCKETNO
`
`h
`
`'..
`
`U.S. DEPT. OF COMM./ PAT & TM-PTO-436L (Rev.12-94)
`
`PARTS OF APPLICATION
`FILED SEPARATELY
`,........
`Ill ...
`NOTICE OF ALLOWANCE MAILED
`
`,
`
`Assistant Examiner "
`
`,YV
`
`HUA
`PRIMARY EXAMINER
`
`q
`~ Jq-~
`
`ISSUE FEE
`Date Paid.
`Amount Due
`~~- I~&~y
`
`!
`
`lil
`
`Label
`Area
`
`_
`
`' ,
`I
`.9 /
`'.am
`e
`"AII
`-
`I AppU~c , ns xaminer
`CLAIMS ALLOWED
`Total Claims
`Print Caim
`
`"
`
`1 1 1 '
`
`DRAWING
`Sheets Drwg. Figs. Drwg,
`
`ISU7
`I ~~BATCH ,,,A
`~Primary Examiner 1 NUMBER
`/,|().
`U
`PREPARED FOR ISSUEx
`i
`
`Print Fig.
`
`(
`
`/
`
`WARNING; The information disclosed herein may be restricted. Unauthorized disclosure
`e prohibited
`by the United States Code Title 35, Sections 122, 181 and 368. Poe
`ion outside the U.S.
`Patent & Trademark Office is restricted to authorized employees
`contractors only.
`
`Form PTO0436A
`(Rev. 8/92)
`
`i'tli)
`
`f\ -4:
`
`[SSUE FEE EN M~A
`
`Formal Drawings (Jhot
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 2 of 175
`
`
`
`6,088,802
`
`PERIPHERAL DEVICE WITH INTEGRATED SECURITY
`FUNCTIONALITY
`
`Transaction History
`
`Transaction Description
`Date
`06-04-1997 Workflow - Drawings Finished
`06-04-1997 Workflow - Drawings Matched with File at Contractor
`06-04-1997 Workflow - Drawings Received at Contractor
`Initial Exam Team nn
`07-14-1997
`IFW Scan & PACR Auto Security Review
`08-07-1997
`11-04-1997 Notice Mailed--Application Incomplete--Filing Date Assigned
`03-05-1998 Application Is Now Complete
`03-12-1998 Application Dispatched from OIPE
`03-12-1998 Application Dispatched from OIPE
`04-07-1998 Case Docketed to Examiner in GAU
`Information Disclosure Statement (IDS) Filed
`08-15-1998
`Information Disclosure Statement (IDS) Filed
`08-15-1998
`Information Disclosure Statement (IDS) Filed
`10-08-1998
`Information Disclosure Statement (IDS) Filed
`10-08-1998
`11-23-1998 Non-Final Rejection
`12-11-1998 Mail Non-Final Rejection
`03-15-1999 Response after Non-Final Action
`Supplemental Response
`03-18-1999
`03-25-1999 Date Forwarded to Examiner
`Information Disclosure Statement (IDS) Filed
`03-30-1999
`Information Disclosure Statement (IDS) Filed
`03-30-1999
`04-01-1999 Date Forwarded to Examiner
`06-07-1999 Mail Notice of Allowance
`06-07-1999 Notice of Allowance Data Verification Completed
`06-23-1999 Workflow - Drawings Received at Contractor
`06-24-1999 Workflow - Drawings Sent to Contractor
`09-13-1999 Workflow - Incoming Correspondence - Finish
`09-13-1999 Workflow - Incoming Correspondence - Begin
`Information Disclosure Statement (IDS) Filed
`09-13-1999
`Information Disclosure Statement (IDS) Filed
`09-13-1999
`09-13-1999 UnMatched Papers in Pubs
`09-13-1999 UnMatched Papers in Pubs
`Issue Fee Payment Verified
`09-14-1999
`12-16-1999 Mail Miscellaneous Communication to Applicant
`12-16-1999 Miscellaneous Communication to Applicant - No Action Count
`01-04-2000 Workflow - File Sent to Contractor
`05-26-2000 Workflow - Complete WF Records for Drawings
`05-28-2000 Application Is Considered Ready for Issue
`Issue Notification Mailed
`06-23-2000
`07-11-2000 Recordation of Patent Grant Mailed
`06-25-2008 Correspondence Address Change
`01-12-2012 ENTITY STATUS SET TO UNDISCOUNTED (INITIAL DEFAULT SETTING
`OR STATUS CHANGE)
`03-02-2015 Change in Power of Attorney (May Include Associate POA)
`03-02-2015 Correspondence Address Change
`File Marked Found
`09-29-2016
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 3 of 175
`
`
`
`PATENT APPLIUCATION
`WI
`III! IINDIUUB
`II Whit .INITIALS_________________
`111
`
`APPROVED FOR O''SE.'
`
`Date
`Entered
`or
`Countea
`
`CONTENTS
`
`1.
`
`-
`
`/
`-'A
`
`.7.
`
`9. 4 :
`
`d~lr-
`
`______12.
`
`Date
`Received
`orMailed
`
`,
`
`/
`~1 /
`
`(0
`
`~
`
`~
`
`1/
`
`9*'
`
`3e6" ,???.
`
`13.
`
`14.
`
`15.
`
`16.
`
`17.
`
`18.
`
`19.
`
`20.
`
`21.
`
`22.
`
`23.
`
`24.
`25.
`
`26.
`27.
`
`28.
`
`29.
`
`30.
`
`31.
`
`32.
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 4 of 175
`
`
`
`5-.---.-
`
`1-
`
`7)
`
`2~
`
`0
`
`PATENT NUMBER
`
`,Q
`
`4PPLICATI;
`
`ERIAL NUMSER
`
`APPUCAN S NAME (PLEASE PRINT)
`
`) ORIGINAL CLASSIFICATION
`SUBCLASS
`
`CLA$S
`
`7/3
`
`.'
`
`CLASS
`" 71.6
`
`___,_______,_
`
`CROSS REFERENCE(S)
`SUBCLASS
`(ONE SUBCLASS PER BLOCK)
`
`IF REISSUE. ORIGINAL PATENT NUMBER
`
`INTERNATIONAL CLASSIFICATION
`
`lii
`TI
`
`PTO 270
`(RE V. 5-.1)
`
`ASSISTANT EXAMINER (PLEASE STAMP' OR PRINT FULL NAME)
`GROUP
`7ART
`.ANRPLS
`UNIT
`MR
`-IR (PLEASE STA M P OR PRINT FULL NAME)
`V
`"RIMAY
`S/L
`UF
`.S
`M
`
`M
`
`ISSUE CLASSIFICATION SLIP
`
`U.S. DEPARTMENT OF COMMW
`PATENT AND TRADEMARK
`
`Liaim{
`
`d~b.L
`
`fl~t~
`
`Date
`
`nod
`)ns met
`
`dedged "
`
`APPLIC
`%RATEL
`
`ALLOY
`
`ISSUE I
`
`Lab
`Arei
`
`,FJ 4 1V1 =
`IL. !. '
`
`23.+
`
`39
`
`,,-
`-
`
`-
`
`-
`
`, ,
`
`,Z-,42
`3
`
`1-Z
`I
`
`'. /6
`
`4 6
`47
`48
`
`34
`35
`36 5 3
`
`38
`
`40
`41
`
`'46
`47
`48
`49
`
`"
`
`."
`=..
`
`'
`
`J
`
`.0
`
`51
`52
`53
`54
`55
`56
`157
`59 "
`
`61
`
`62
`63
`64
`165
`66
`67
`68
`69
`70
`71
`72
`73
`74
`75
`76
`77
`78
`79
`80
`8182
`!83
`84
`65
`86
`
`SYMBOLS
`Rejected
`......................
`...
`............ AlloWed
`(Through numberal) Canceled
`-
`RestrIcled
`+ ..............................
`N ..............
`Non-elected
`I .................................
`Interference
`A ................................. Appeal
`0 ...............
`Objected
`
`__
`
`871
`
`91
`92
`93
`194
`90
`95
`96
`97
`98
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 5 of 175
`
`
`
`POSITION
`CLASSIFIER
`
`EXAMINER
`TYPIST
`VERIFIER
`CORPS CORR.
`SPEC. HAND
`FILE MAINT. "...
`DRAFTING
`
`ID NO.
`
`DATE
`
`?
`
`"i f x
`
`,
`
`.
`, JiLL
`
`'-/
`
`..........
`"_7v oI-,""
`" /',F7 d
`
`jkftL
`
`_
`
`____,
`
`INDEX OF CLAIMS
`
`Claim',
`
`Date"
`
`Claim
`
`Date
`
`r,
`
`-
`
`0 5
`
`2
`53
`54
`55
`
`57
`58
`59
`60
`61
`62
`63
`64
`65
`66
`67
`
`70
`71
`72
`73
`74
`75
`76
`77
`78
`
`80
`181
`
`85
`
`87,
`881
`
`90
`91
`92
`93
`94
`
`96
`
`97
`98o
`
`ir
`
`1
`
`led
`ns met a
`'Wged "
`
`%PPLIC
`kRATEi
`
`ALLOI
`
`ISSUE
`
`_L" 4 V/-
`
`I
`
`15. + .' '
`
`16
`
`J- .
`
`..
`
`kK t
`
`22 o. ',
`
`3
`
`-,
`:
`
`10 376
`
`,9 ! 39
`XZ7 40
`101 41
`43
`344
`
`S46
`
`47
`
`49
`
`SYMBOLS
`
`.................................... Rejected
`" ............ Allowed
`..........
`(Throuah nurbetral) Canceled
`.
`+ .................... RestrIcted
`N ............................ N on-elecled
`.Interference
`I .................................
`A ................. Appeal
`0 ................................. Objected
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 6 of 175
`
`
`
`. I
`
`V
`
`SEARCH NOTES
`
`Date
`
`Exmr.
`Exmr.
`
`#P3
`
`SEARCHED
`
`Class
`
`Sub.
`
`Date
`
`Exmr.
`
`ii
`i7'o b
`
`/'~o 4',5/
`(
`(ji/~~~(
`
`4)/I
`
`/
`
`/
`
`- ,
`
`-Z
`
`20/
`
`L
`a/ t~
`
`-
`
`7 7
`
`/3'
`
`INTERFERENCE SEARCHED
`Class
`Sub.
`Date
`Exmr.
`
`71:3-U o
`
`6/zr 7
`
`zo6 -
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 7 of 175
`
`
`
`United States Patent [19]
`Bialick et al.
`
`[II] Patent Number:
`[45] Date of Patent:
`
`6,088,802
`Jul. 11, 2000
`
`[54] PERIPHERAL DEVICE WITH INTEGRATED
`SECURITY FUNCTIONALITY
`
`[75]
`
`inventors: William P. Bialick, Clarksville, Md.;
`Mark J. Sutherland, Milpitas, Calif.;
`Janet L. Dolphin-Peterson, Belvedere,
`Calif.; Thomas K. Rowland, Los
`Gatos, Calif.; Kirk W. Skeba, Fremont,
`Calif.; Russell D. Housley, lerndon,
`Va.
`
`[73] Asosignee: Spyrus, Inc., Santa Clara, Calif.
`
`38012.5
`
`5,878,142
`
`5,828,832 10/1998 Holden et at......... 395/187.01
`3/1999 Caputo et al.
`............
`FOREIGN PATENT DOCUMENTS
`WO 82/03286
`9/1982 WIPO.
`WO 97/29416
`8/1997 WIPO.
`011IER PUBLICATIONS
`U.S. application No. 08/869,120, Bialick et al., filed Jun. 4,
`1997, pending.
`Primary Examiner-ly V. IlIua
`Attorney, Agent, or Finn-David R. Graham
`
`[21] Appl. No.: 08/869,305
`
`[57]
`
`ABSTRACT
`
`[22] Filed:
`Jun. 4, 1997
`Int. C ..... . . . . . . . . . . . . . . . . . . G06K 14/67
`[51]
`.... 713/200; 713/201; 713/202
`[52] U.S. Ci. .......
`[58] Field of Search ...........
`395/188.01, 187.01,
`395/186; 380/4, 25, 49; 7131200, 201, 202
`
`Refernces Cited
`
`U.S. PAIENT DOCUMENTS
`
`4,709,136
`4,910.776
`5, t91.61 t
`5,282,247
`5,297,206
`5,442.704
`5,457.590
`5,473,692
`5,491,827
`5,524,134
`5,537,544
`5,546.463
`5,548721
`5,610,981
`5.630174
`5,640,302
`5,694,335
`5.742,683
`51770,849
`5,790,674
`
`11/1987
`3/1990
`3/1993
`1/1994
`3/1994
`8/1995
`10/1995
`12/1995
`2/1996
`6/1996
`7/1996
`8/1996
`8/ 1996
`3/1997
`5/1997
`6/1997
`12/1997
`4/1998
`6/1998
`8/1998
`
`2/379
`...............
`Watanabe
`380/25
`..............
`Dyke .....
`380/2-5
`....................
`tang
`McLean et al.
`..............
`380/4
`380/.3
`Orion
`...................
`Holtey ...
`................
`380/23
`................ 360/133
`Barr
`et al
`380/25
`Davis ...................
`395/800-
`Holtey .....
`Gustafson e at............
`379/58
`395/188.01
`Morisawa et at.........
`Caputo et at .. _.......
`... 380/25
`...........
`Denslow ..
`395/187.01
`Mooney et at .............
`380/25
`Stone, III et at
`395/883
`............
`361/687
`.................
`Kikinis
`Hollenherg
`..............
`364/514
`Lee et al _
`.....
`......... 380/23
`Novis et at .. __......
`.... 235/492
`Houvener et al.......
`..... 380/23
`
`The invention enables a peripheral device to communicate
`with a host computing device to enable one or more security
`operations to be performed by the peripheral device on data
`stored within the host computing device, data provided from
`the host computing device to the peripheral device (which
`can then be, for example, stored in the peripheral device or
`transmitted to yet another device), or data retrieved by the
`host computing device from the peripheral device (e.g., data
`that has been stored in the peripheral device, transmitted to
`the peripheral device from another device or input to the
`peripheral device by a person). In particular, the peripheral
`device can be adapted to enable, in a single integral periph-
`eral device, performance of one or more security operations
`on data, and a defined interaction with a host computing
`device that has not previously been integrated with security
`operations in a single integral device- Me defined interac-
`tions can provide a variety of types of functionality (e.g.,
`data storage, data communication, data input and output,
`user identification). The peripheral device can also be imple-
`mented sn that the security operations are performed in-line,
`iye.,
`the security operations are performed between
`the
`communication of data to or from the host computing device
`and the performance of the defined interaction. Moreover,
`the peripheral device can be implemented so that the secu-
`rity functionality of the peripheral device is transparent to
`the host computing device.
`
`39 Claims, 9 Drawing Sheets
`
`603b
`
`.47 60
`607
`609
`
`08 60
`608 60
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 8 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet I of 9
`
`690889802
`
`/ o100
`
`/ 200
`
`101a
`
`FIG. 1
`(PRIOR ART)
`
`FIG. 2
`(PRIOR ART)
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 9 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 2 of 9
`
`690889802
`
`300j
`
`Host
`Computing
`Device
`
`Peripheral
`Device
`
`302
`
`ity
`
`302a
`
`301
`
`303
`
`FIG. 3A
`
`FIG. 3B
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 10 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 3 of 9
`
`690889802
`
`Security
`Host
`Interface 41--W Functionality
`
`41--
`
`Target
`Functionality
`
`400
`
`403
`
`401
`
`402
`
`404
`
`-1
`
`FIG. 4
`
`500
`Pr
`
`User connects peripheral device
`to host computing device.
`
`Host computing device detects presence
`of peripheral device.
`
`1
`
`501
`
`502
`
`503 -H
`
`Peripheral device establishes its identity.
`
`504
`
`Host computing device identifies peripheral device.
`
`505
`
`User interacts with host computing device
`to begin using peripheral device.
`
`FIG. 5
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 11 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 4 of 9
`
`690889802
`
`(0
`
`6 r
`
`I
`
`I
`
`I
`
`II
`
`I
`
`I
`
`I
`I..
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 12 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 5 of 9
`
`690889802
`
`P--
`
`LL.
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 13 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 6 of 9
`
`6,088,802
`
`I
`
`N-
`
`00
`
`U
`
`U
`
`CCO
`cu
`
`C
`
`N,,
`LL
`6
`
`?
`
`CIS
`
`02
`
`e'J
`
`.2
`
`C o -
`
`0)
`
`CO
`-
`
`A0
`4
`
`Z-.4
`
`N-
`
`IC
`
`U
`
`I IZ
`1I?
`
`K
`
`ca
`C
`
`05 0
`
`ca
`.9 ca-
`C
`
`CU
`cc
`
`U)
`
`co
`
`73CO
`05LC
`cctso
`
`1I
`
`CD
`o
`
`00
`
`cc
`
`= C
`
`-O
`
`5
`
`i..a
`
`cc 0 o
`
`c :
`
`ca
`
`0
`w-
`
`C::0-
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 14 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 7 of 9
`
`6,088,802
`
`00
`
`6 l
`
`L
`
`t CD
`
`-a))
`
`0- >
`
`0
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 15 of 175
`
`
`
`U.S. Patent
`
`JuL 11, 2000
`
`Sheet 8 of 9
`
`6,088,802
`
`H,
`In
`
`I
`I
`
`I
`I
`
`S-
`
`)hic
`
`806
`
`'"-808
`
`FIG. 9A
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 16 of 175
`
`
`
`U.S. Patent
`
`Jul. 11, 2000
`
`Sheet 9 of 9
`
`6,088,802
`
`LL
`
`-nhIIIIzoI
`'tilliowi
`NZtii
`
`1a2
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 17 of 175
`
`
`
`6,088,802
`
`1
`PERIPHERAL DEVICE WITH INTEGRATED
`SECURITY FUNCTIONALITY
`
`CROSS-REFERENCE TO RELAFI.ED
`APPLICAFION
`This application is related
`to the commonly owned,
`co-pending United States patent Application entitled
`"Modular Security Device," by William P. Bialick, Mark J.
`Sutherland, Janet L. Dolphin-Peterson, Thomas K.
`Rowland, Kirk W. Skeba and Russell D. ilousley, filed on
`the same date as the present application and havingAttomey
`Docket No. SPY-003, the disclosure of which is incorpo-
`rated by reference herein.
`
`BACKGROUND OF TIL INVENTION
`1. Field of the Invention
`This invention relates to a peripheral, often portable,
`device (as well as the methods employed by such a periph-
`eral device, and systems including such a peripheral device
`and a host computing device with which the peripheral
`device communicates) that can communicate with a host
`computing device to enable one or more security operations
`to be performed by the peripheral device on data stored
`within the host computing device, data provided from the
`host computing device to the peripheral device, or data
`retrieved by the host computing device from the peripheral
`device.
`2. Related Art
`Computing capability is becoming increasingly portable.
`In particular, there are more and more portable peripheral
`devices that are adapted for communication with a host
`computing device (e.g., desktop computer, notebook com-
`puter or personal digital assistant) to enable particular func-
`tionality to be achieved. These portable peripheral devices
`can take a variety of physical forms (e.g., PCMCIA cards,
`smart cards, CD-ROMs) and can perform an assortment of
`functions (e.g., storage, communications and cryptography).
`However, while portable computing affords a number of
`advantages, it has a significant disadvantage
`in that the
`computational environment (including the portable periph-
`eral devices, the host computing devices in which they are
`used, and any other computational devices that communi-
`cate with those devices) is more susceptible to security
`breaches, i.e., unauthorized access to, or modification of,
`programs and/or data resident within the environment.
`Consequently, cryptographic devices and methods have
`been developed for use with such computational environ-
`ments (as well as other computational environments) to
`enable increased
`levels of environment security to be
`obtained.
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 1,
`a system 100 includes a host computing device 101 and a
`portable device 102. The host computing device 101 and
`portable device 102 are adapted to enable communication
`between the devices 101 and 102. The host computing
`device 101 includes a security mechanism 101a (which can
`be embodied by appropriately configured hardware, soft-
`ware and/or firmware, such as, for example, a general
`purpose microprocessor operating in accordance with
`instructions of one or more computer programs stored in a
`data storage device such as a hard disk) which can be
`directed to perform one or more cryptographic operations.
`In the system 100, if it is desired to provide secured data
`from the host computing device 101 to the portable device
`
`102, the host computing device 101 causes the security
`mechanism 101a
`to perform appropriate cryptographic
`operations on data before the data is transferred
`to the
`portable device 102. Similarly, the host computing device
`5 101 can receive secured data from the portable device 102
`and perform appropriate cryptographic operations on the
`data to convert the data into a form that enables the data to
`be accessed and/or modified by a person who is authorized
`to do so.
`A significant deficiency of the system 100 is that the
`security mechanism l01a is itself typically not adequately
`secure. It is commonly accepted that
`the components
`(including hardware, software and/or firmware) of most host
`computing devices are inherently insecure. This is because
`the system design of host computing devices is, typically,
`intentionally made open so that components made by dif-
`ferent manufacturers can work together seamlessly. Thus, an
`unauthorized person may obtain knowledge of the operation
`of the security mechanism 101a (e.g., identify a crypto-
`,2c graphic key), thereby enabling that person to gain access to,
`and/or modify, the (thought to be secured) data.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device. In FIG. 2,
`'75 a system 200 includes a host computing device 201, a
`portable device 202 and a security device 203. The host
`computing device 201, the portable device 202 and security
`device 203 are adapted to enable communication between
`the devices 201 and 202, and between the devices 201 and
`30 203. The security device 203 includes appropriately config-
`ured hardware, software and/or firmware which can be
`directed to perform one or more cryplographic operations.
`In the system 200, if it is desired to provide secured data
`from the host computing device 201 to the portable device
`3 202, the host computing device 201 first causes data to be
`transferred to the security device 203, where appropriate
`cryptographic operations are performed on the data. The
`secured data is then transferred back to the host computing
`device 201, which, in turn, transfers the secured data to the
`40 portable device 202. Similarly, the host computing device
`201 can receive secured data from the portable device 202
`by, upon receipt of secured data, transferring the secured
`data to the security device 203, which performs appropriate
`cryptographic operations on the data to convert the data into
`45 a form that enables the data to be accessed and/or modified
`by a person who is authorized to do so, then transfers the
`unsecured data back to the host computing device 201.
`The system 200 can overcome the problem with the
`system 100 identified above. The security device 203 can be
`50 constructed so that the cryptographic functionality of the
`device 203 can itself be made secure. (Such a security device
`is often referred to as a security "token.") An unauthorized
`person can therefore be prevented (or, at least, significantly
`deterred) from obtaining knowledge of the operation of the
`55 security device 203, thereby preventing (or significantly
`deterring) that person from gaining access to, and/or
`modifying, the secured data.
`Ilowever, the system 200 may still not always ensure
`adequately secured data. In particular, unsecured data may
`6o be provided by the host computing device 201
`to the
`portable device 202 if the host computing device 201-
`whether through inadvertent error or deliberate attack by a
`user of the host computing device 201, or through malfunc-
`tion of the host computing device 201-fails to first transfer
`65 data to the security device 203 for appropriate cryptographic
`treatment before providing the data to the portable device
`202.
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 18 of 175
`
`
`
`6,088,802
`
`the need to modify aspects of the operation of the host
`computing device (e.g., device drivers of the host computing
`device), making implementation and use of a data security
`system including the modular device simpler and easier.
`5 Thus, the possibility that a user will use the system incor-
`rectly (e.g., fail to apply security operations to an interaction
`with the host computing device, or apply the security
`operations incorrectly or incompletely) is reduced. Making
`the security operations transparent can also enhance the
`10 security of those operations.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`3
`Additionally, the system 200 requires the use of two
`separate peripheral devices (portable device 202 and secu-
`rity device 203) to enable the host computing device 201 to
`exchange secured data with the portable device 202. For
`several reasons, this may be inconvenient. First, both
`devices 202 and 203 may not be available at the time that it
`is desired to perform a secure data exchange (e.g., one may
`have been forgotten or misplaced). Second, even if both
`devices 202 and 203 are available, it may not be possible to
`connect both devices 202 and 203 at the same time to the
`host computing device 201, making use of the devices 202
`and 203 cumbersome and increasing the likelihood that
`unsecured data is provided by the host computing device
`201 to the portable device 202.
`
`SUMMARY OF THE INVENTION
`A peripheral device according to the invention can be
`used to communicate with a host computing device to enable
`one or more security operations to be performed by the
`peripheral device on data stored within the host computing
`device, data provided from the host computing device to the
`peripheral device (which can then be, for example, stored in
`the peripheral device or transmitted to yet another device) or
`data retrieved by the host computing device from the periph-
`eral device (e.g., data that has been stored in the peripheral
`device, transmitted to the peripheral device from another
`device or input to the peripheral device by a person). In
`particular, the peripheral device can be adapted to enable, in
`a single integral peripheral device, performance o one or
`more security operations on data, and a defined interaction
`with a host computing device that has not previously been
`integrated with security operations in a single integral
`device. The defined interactions can provide a variety of
`types of functionality (e.g., data storage, data
`communication, data input and output, user identification),
`as described further below. The peripheral device can be
`implemented so that the peripheral device can be operated in
`any one of multiple user-selectable modes: a security func-
`tionality only mode, a target functionality mode, and a
`combined security and
`target functionality mode. The
`peripheral device can also be implemented so that
`the
`security operations are performed in-line, i.e., the security
`operations are performed between the communication of
`data to or from the host computing device and the perfor-
`mance of the defined interaction. Moreover, the peripheral
`device can be implemented so that the security functionality
`of the peripheral device is transparent to the host computing
`device.
`A peripheral device according to the invention can advan-
`tageously enable application of security operations to a wide
`variety of interactions with a host computing device. In
`particular, a peripheral device according to the invention can
`accomplish this without necessity
`to use two peripheral
`devices: one that performs the security operations and one
`that performs the defined interaction. This can, for example,
`minimize the possibility that the device adapted to perform
`the defined interaction will be used with the host computing
`system without proper application of security operations to
`that interaction. Moreover, the provision of in-line security
`in a peripheral device according to the invention enables a
`more secure exchange of data between a host computing
`device and the peripheral device, overcoming the problems
`identified above in previous systems for performing security
`operations on data exchanged between such devices.
`Additionally, implementing a modular device according to
`the invention so that the performance of security operations
`by the modular device is transparent can reduce or eliminate
`
`2O
`
`FIG. 1 is a block diagram of a prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 2 is a block diagram of another prior art system for
`enabling a host computing device to provide secured data to,
`and retrieve secured data from, a portable device.
`FIG. 3A is a block diagram of a system according to the
`invention.
`FIG. 3B is a perspective view of a physical implementa-
`tion of the system of FIG. 3A according to one embodiment
`of the invention.
`'5 FIG. 4 is a block diagram of a peripheral device according
`to an embodiment of the invention.
`FIG. 5 is a flow chart of a method, according to an
`embodiment of the invention, for initiating use of a system
`30 according to the invention.
`FIG. 6 is a block diagram of a system, according to an
`embodiment of the invention, illustrating operation of the
`system during a method according to the invention as in
`FIG. 5.
`FIGS. 7A and 7B is a flow chart of a method, according
`to an embodiment of the invention, for using a peripheral
`device according to the invention.
`FIG. 8 is a block diagram of a peripheral device according
`to another embodiment of the invention.
`FIG. 9A is a block diagram illustrating the flow of data
`through the interface control device of FIG. 8.
`FIG. 9B is a block diagram of a particular embodiment of
`an interface control device for use in a peripheral device
`45 according to the invention.
`
`35
`
`40
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`so
`
`FIG. 3A is a block diagram of a system 300 according to
`the invention. The system 300 includes a host computing
`device 301 and a peripheral device 302 that communicate
`via a communications interface 303. Herein, "peripheral
`device" can refer to any device that operates outside of a
`host computing device and that is connected to the host
`55 computing device. The peripheral device 302 includes a
`security mechanism 3 02 a that enables security operations
`(examples of which are described in more detail below) to
`be performed on data that is stored within the host comput-
`that is transmitted from the host
`ing device 301, data
`60 computing device 301 to the peripheral device 302, or data
`that is transmitted from the peripheral device to the host
`computing device 301. As explained in more detail below,
`the peripheral device 302 also provides additional function-
`ality (referred to herein as "'target functionality") to the
`65 system 300, such as, for example, the capability to store data
`in a solid-state disk storage device, the capability to enable
`communications from the host computing device 301 to
`
`WESTERN DIGITAL CORPORATION, EXHIBIT 1003
`Page 19 of 175
`
`
`
`6,088,802
`
`5
`another device, the capability to accept biometric input to
`enable user authentication to the host computing device 301,
`and the capability to receive and read a smart card inserted
`into the peripheral device 302.
`Generally, the communications interface 303 can be any
`embodied by any of a variety of communication interfaces,
`such as a wireless communications interface, a PCMCIA
`interface, a smart card interface, a serial interface (such as an
`RS-232 interface), a parallel interface, a SCSI interface or an
`IDE interface. Each embodiment of the communications
`interface 303 includes hardware present in each of the host
`computing device 301 and peripheral device 302 that oper-
`ates in accordance with a communications protocol (which
`can be embodied, for example, by software stored in a
`memory device and/or firmware that is present in the host
`computing device 301 and/or peripheral device 302) appro-
`priate for that type of communications interface, as known
`to those skilled in the art. Each embodiment of the commu-
`nications interface 303 also includes mechanisms to enable
`physical engagement, if any, between the host computing
`device 301 and peripheral device 302.
`Generally, the security mechanism 302a can be config-
`ured to perform any electronic data security operation
`(herein, referred
`to simply as "security operation")
`including, for example, operations that provide one or more
`of the basic cryptographic functions, such as maintenance of
`data confidentiality, verification of data integrity, user
`authentication and user non-repudiation. Particular security
`operations that can be implemented in a peripheral device
`according to the invention are described in more detail
`below.
`The security mechanism 302a can be, for example,
`embodied as a security token. Herein, 'security token" refers
`to a device that performs security operations and
`that
`includes one or more mechanisms (such as, for example, use
`of a hardware random number generator and/or protected
`memory) to provide security for the content of those opera-
`tions.
`FIG. 3B is a perspective view of a physical implementa-
`tion of the system 300 of FIG. 3A, according
`to one
`embodiment of the invention. In FIG. 3B, the peripheral
`device 302 is embodied as a card 312 that can be inserted
`into a corresponding slot 313 formed in a portable computer
`311 that, in FIG. 3B, embodies the host computing device
`301. Often a peripheral device according to the invention is
`a portable device, such as the card 312 shown in FIG. 31.
`Herein, -portable device" can refer generally to any device
`that is capable of being easily carried by hand.
`FIG. 4 is a block diagram of a peripheral device 400
`according to an embodiment of the invention. The peripheral
`device 400 includes security functionality 401, target func-
`tionality 402 and a host interface 403 that are formed
`together as part of a single physical device. For example, the
`security functionality 401 and target functionality 402 can
`be enclosed in a single, card-like housing (designated in
`FIG. 4 by the numeral 404) conforming to a PCMCIA card
`or smart card standard.
`The peripheral device 400 can have a number of advan-
`tageous characteristics. The peripheral device 400 can be
`implemented in a manner that enables the security opera-
`tions of the security functionality 401 to be performed in a
`manner that is transparent to a host computing device (and,
`depending upon the particular implementation of the periph-
`eral device 400, to a user of a system including the periph-
`eral device 400) of a system according to the invention, so
`that the host computing device (and, perhaps, user) is aware
`
`10
`
`only of the presence of the
`target functionality 402.
`Additionally, the peripheral device 400 can be implemented
`so that security operations are performed "in-line," i.e., the
`security operations are performed between the communica-
`5 tion of data to or from the host computing device and the
`performance of the target functionality provided by the
`peripheral device. Further, the peripheral device 400 enables
`a wide variety of secure target functionality to be easily
`provided to a host computing device.
`FIG. 5 is a flow chart of a method 500, according to an
`embodiment of the invention, for initiating use of a system
`according to the invention. The method 500 enables an
`aspect of the invention in which the presence of security
`functionality as part of a peripheral device is not detected by
`I a host computing device, thus making the security function-
`ality transparent to the host computing device and, depend-
`ing upon the particular manner in which the security func-
`tionality is implemented, to a user of the system.
`FIG. 6 is a block diagram of a system 600, according to
`,jo an embodiment of the invention, illustrating operation of the
`system 600 during a method according to the invention such
`as the method 500 of FIG. 5. The system 600 includes a host
`computing device 601 and a peripheral device 602. The host
`computing device 601 includes a display device 603a (e.g.,
`cs a conventional computer display monitor) and user input
`device 603b (e.g., a keyboard, mouse, trackball, joystick or
`other appropriate device), referred to collectively hereinafter
`as user interface device 603. The host computing device 601
`also includes, mounted