News Column

Patent Issued for Method and System of Secured Data Storage and Recovery

July 8, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent by the inventors Su, Jin-Chern (Hsinchu, TW); Chang, Pao-Hsin (Taipei, TW); Jang, Yi-Feng (Taipei County, TW); Tseng, Tien-Chun (Taipei, TW), filed on January 7, 2009, was published online on June 24, 2014, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.

Patent number 8761403 is assigned to EE Solutions, Inc (Hsin Chu, TW).

The following quote was obtained by the news editors from the background information supplied by the inventors: "The present invention generally relates to a method and a system of data storage and recovery, and more particularly, to a method and a system of secured data storage and recovery for a portable storage device.

"Along with the advancement of semiconductor techniques, the capacities of memories have been increased drastically, too. Flash memory is one of the most adaptable memories for portable products (for example, memory cards or U-disks) due to its characteristics such as data non-volatility, low power consumption, small volume, and non-mechanical structure. In recent years, a solid state drive (SSD) which uses a NAND flash memory as its storage medium has been developed. In a SSD, the mechanical structure of a conventional storage device is replaced with the characteristics of a flash memory, in which data is written and erased in unit of blocks so that the access efficiency of the storage device can be greatly improved. Compared to a conventional storage device, a SSD offers lower power consumption, higher vibration proofness, high stability, and high resistance to low temperature, etc.

"Memory cards, U-disks, and SSDs have been broadly used for storing personal data thanks to their small volumes, large capacities, and high portability. However, if such a storage device is lost or stolen, the data stored therein may be misappropriated. To resolve this problem, a secured area is usually disposed in such a storage device and a password is stored in the secured area. When a user connects the storage device to a host, the user has to input a password into the host in order to be authorized to access data stored in the secured area. An authentication program compares the input password with the password stored in the storage device. If the two do not match each other, the host can only access the non-secured portion of the storage device but cannot read the data in the secured area. As a result, the data in the secured area can be protected.

"However, in the password authentication method described above, the password in the storage device has to be read into the host to be compared with the password input by the user. Thus, the password in the storage device may be cracked. In addition, if the user loses the storage device, the data stored therein is also lost. Thereby, data security storage method which can increase data security and provide a secured data recovery mechanism is desired."

In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "Accordingly, the present invention is directed to a secured data storage and recovery method, in which data is encrypted by using a secured key, and the secured key and a user password are crossly encrypted and then stored into a remote device together with the encrypted data, so that the security of data storage is enhanced.

"The present invention is directed to a secured data storage and recovery method, in which an encrypted data is stored into a host together with a key and a user password which are crossly encrypted, so that the encrypted data, the key, and the user password can be recovered back into the storage device when it is necessary.

"The present invention is directed to a secured data storage and recovery method, in which an encrypted data is stored into a storage device together with a key and a user password which are crossly encrypted, so that data in the storage device can be prevented from being misappropriated.

"The present invention is directed to a secured data storage and recovery system, in which a secured key and a user password are crossly encrypted by a controller of a storage device or a host, and then the encrypted secured key and the encrypted user password are transmitted to a remote device together with an encrypted data through the host, so that a secured data storage and recovery function can be accomplished.

"The present invention provides a secured data storage and recovery method, in which data is encrypted by using a controller of a storage device and is then transmitted to a remote device through a host. First, a secured key and an encrypted user password of the storage device are obtained by using the controller. Then, the secured key is encrypted by using the encrypted user password to generate a first private key, and the encrypted user password is encrypted by using the secured key to generate a second private key, and the data to be stored is encrypted by using the secured key. Eventually, the encrypted data, the first private key, and the second private key are transmitted to the remote device for storage through the host.

"According to an embodiment of the present invention, the encrypted user password obtained by the controller is generated by one of the host and the remote device encrypting an original password with a hash function, in which the original password is a default password of the storage device or a password set by a user.

"According to an embodiment of the present invention, the step of obtaining the secured key of the storage device includes obtaining a secured key randomly generated by the host through symmetric encryption by using the host.

"According to an embodiment of the present invention, the step of transmitting the encrypted data, the first private key, and the second private key to the remote device for storage further includes encrypting the encrypted data, the first private key, and the second private key by using a public key.

"According to an embodiment of the present invention, after the step of encrypting the data by using the secured key, the secured data storage and recovery method further includes storing the encrypted data, the first private key, and the second private key into a secured area of the storage device.

"According to an embodiment of the present invention, after the step of storing the encrypted data, the first private key, and the second private key into the secured area of the storage device, the secured data storage and recovery method further includes: receiving a old password and a new password input by a user through the host; encrypting the old password and the new password with a hash function and transmitting the encrypted old password and new password to the controller through the host; reading the first private key and decrypting the first private key by using the encrypted old password to restore the secured key through the controller; reading the second private key and decrypting the second private key by using the secured key to restore the encrypted user password through the controller; determining whether the encrypted old password matches the encrypted user password through the controller; and replacing the encrypted user password with the encrypted new password to encrypt the secured key through the controller if the encrypted old password matches the encrypted user password.

"According to an embodiment of the present invention, the step of replacing the encrypted user password with the encrypted new password to encrypt the secured key includes: encrypting the secured key by using the encrypted new password to generate a new first private key; encrypting the encrypted new password by using the secured key to generate a new second private key; and transmitting the new first private key and the new second private key to the remote device through the host.

"According to an embodiment of the present invention, after the step of generating the new first private key and the new second private key, the secured data storage and recovery method further includes storing the new first private key and the new second private key into the secured area of the storage device.

"According to an embodiment of the present invention, after the step of storing the encrypted data, the first private key, and the second private key into the secured area of the storage device, the secured data storage and recovery method further includes: receiving an input password input by a user through the host; encrypting the input password with a hash function and transmitting the encrypted input password to the controller; reading the first private key and decrypting the first private key by using the encrypted input password to restore the secured key through the controller; reading the second private key and decrypting the second private key by using the secured key to restore the encrypted user password through the controller; determining whether the encrypted input password matches the encrypted user password through the controller; and authorizing the host to access data in the secured area of the storage device or the remote device through the controller if the encrypted input password matches the encrypted user password.

"According to an embodiment of the present invention, the controller reads the first private key and the second private key from the secured area of the storage device or from the remote device.

"According to an embodiment of the present invention, the secured data storage and recovery method further includes encrypting an exclusive device ID of the host with a hash function through the host to obtain an encrypted device ID and transmitting the encrypted device ID to the storage device. Before the step of receiving the input password input by the user through the host, the secured data storage and recovery method further includes: obtaining the encrypted device ID from the storage device; and decrypting the encrypted device ID and comparing the device ID with the device ID of the host through the host or the storage device, and allowing the host to receive the input password input by the user when the device ID matches the device ID of the host.

"According to an embodiment of the present invention, after the step of authorizing the host to access the data in the secured area, the secured data storage and recovery method further includes reading a device file allocation table (FAT) from the secured area of the storage device through the host and decrypting the device FAT by using the secured key through the controller; reading a server FAT from the remote device through the host and decrypting the server FAT by using the secured key through the controller; determining whether the decrypted device FAT matches the decrypted server FAT through the host; and synchronizing data in the remote device and data in the secured area of the storage device through the host if the decrypted device FAT does not match the decrypted server FAT.

"According to an embodiment of the present invention, the step of synchronizing data in the remote device and data in the storage device through the host further includes encrypting the transmitted data by using a public key.

"According to an embodiment of the present invention, the step of synchronizing data in the remote device and data in the storage device through the host includes copying the data in the remote device to the storage device or copying the data in the storage device to the remote device.

"According to an embodiment of the present invention, the step of synchronizing data in the remote device and data in the storage device through the host includes copying the first private key and the second private key to the remote device or to the secured area of the storage device.

"According to an embodiment of the present invention, the secured data storage and recovery method further includes: obtaining a system password of the storage device through the host; encrypting the system password with a hash function and transmitting the encrypted system password to the controller through the host; encrypting the secured key by using the encrypted system password to generate a third private key through the controller; encrypting the encrypted system password by using the secured key to generate a fourth private key through the controller; and storing the third private key and the fourth private key into the secured area of the storage device. The encrypted system password is further used for encrypting the encrypted user password.

"According to an embodiment of the present invention, after the step of storing the third private key and the fourth private key into the secured area of the storage device through the controller, the secured data storage and recovery method further includes receiving an input password input by a user through the host; encrypting the input password with a hash function and transmitting the encrypted input password to the controller through the host; reading the third private key and decrypting the third private key by using the encrypted input password to restore the secured key through the controller; reading the fourth private key and decrypting the fourth private key by using the secured key to restore the encrypted system password through the controller; determining whether the encrypted input password matches the encrypted system password through the controller; and authorizing the host to access data in the secured area if the encrypted input password matches the encrypted system password.

"According to an embodiment of the present invention, the system password includes an ID or a PIN unlock key (PUK) of the storage device.

"The present invention provides a secured data storage and recovery method, in which data is encrypted by using a controller of a storage device, and the encrypted data is stored into a host. First, a secured key and an encrypted user password of the storage device are obtained by using the controller. Then, the secured key is encrypted by using the encrypted user password to generate a first private key, the encrypted user password is encrypted by using the secured key to generate a second private key, and the data to be stored is encrypted by using the secured key. Eventually, the encrypted data, the first private key, and the second private key are stored into the host.

"The present invention provides a secured data storage and recovery method, in which data is encrypted by using a controller of a storage device, and the encrypted data is transmitted to a remote device through a host. First, a secured key and an encrypted user password of the storage device are obtained by using the controller. Then, the secured key is encrypted by using the encrypted user password to generate a first private key, the encrypted user password is encrypted by using the secured key to generate a second private key, and the data to be stored is encrypted by using the secured key. Eventually, the encrypted data, the first private key, and the second private key are stored into a secured area of the storage device.

"The present invention provides a secured data storage and recovery system including a remote device, a host, and a storage device. The host is connected to the remote device via a network, and the host encrypts an original password with a hash function to generate an encrypted user password. The storage device is connected to the host and includes a controller and a storage unit. The controller receives an encrypted user password through the host and obtains a secured key. The controller encrypts the secured key by using the encrypted user password to generate a first private key, encrypts the encrypted user password by using the secured key to generate a second private key, and encrypts data to be stored by using the secured key. The controller transmits the encrypted data, the first private key, and the second private key to the remote device through the host. The storage unit stores the encrypted data, the first private key, and the second private key.

"According to an embodiment of the present invention, the host randomly generates the secured key through symmetric encryption.

"According to an embodiment of the present invention, the step of transmitting the encrypted data, the first private key, and the second private key to the remote device through the host further includes encrypting the encrypted data, the first private key, and the second private key by using a public key.

"According to an embodiment of the present invention, the host further receives an old password and a new password input by a user, encrypts the old password and the new password with a hash function, and transmits the encrypted old password and the encrypted new password to the controller. The controller reads the first private key and decrypts the first private key by using the encrypted old password to restore the secured key, and the controller reads the second private key and decrypts the second private key by using the secured key to restore the encrypted user password. The controller then determines whether the encrypted old password matches the encrypted user password, and the controller replaces the encrypted user password with the encrypted new password to encrypt the secured key when the encrypted old password matches the encrypted user password.

"According to an embodiment of the present invention, the controller encrypts the secured key by using the encrypted new password to generate a new first private key, encrypts the encrypted new password by using the secured key to generate a new second private key, and transmits the new first private key and the new second private key to the remote device through the host. In addition, the controller stores the new first private key and the new second private key into the storage unit.

"According to an embodiment of the present invention, the host further receives an input password input by a user, encrypts the input password with a hash function, and transmits the encrypted input password to the controller. The controller further reads the first private key and decrypts the first private key by using the encrypted input password to restore the secured key, and the controller reads the second private key and decrypts the second private key by using the secured key to restore the encrypted user password. The controller then determines whether the encrypted input password matches the encrypted user password, and the controller authorizes the host to access data in the storage unit of the storage device or data in the remote device when the encrypted input password matches the encrypted user password. The controller reads the first private key and the second private key from the storage unit of the storage device or from the remote device.

"According to an embodiment of the present invention, after being authorized to access data in the storage unit, the host reads a device FAT from the storage unit of the storage device and decrypts the device FAT by using the secured key through the controller, and the host reads a server FAT from the remote device and decrypts the server FAT by using the secured key through the controller. The host then determines whether the decrypted device FAT matches the decrypted server FAT, and the host synchronizes data in the remote device and data in the storage unit of the storage device when the decrypted device FAT does not match the decrypted server FAT.

"According to an embodiment of the present invention, when the host synchronizes data in the remote device and data in the storage device, the host further encrypts the transmitted data by using a public key. In addition, when the host synchronizes data in the remote device and data in the storage device, the host copies data from the remote device to the storage device or copies data from the storage device to the remote device, and the host further copies the first private key and the second private key to the remote device or to the storage unit of the storage device.

"According to an embodiment of the present invention, the host further obtains a system password of the storage device, encrypts the system password with a hash function, and transmits the encrypted system password to the controller. The controller further encrypts the secured key by using the encrypted system password to generate a third private key and encrypts the encrypted system password by using the secured key to generate a fourth private key, and the controller stores the third private key and the fourth private key into the storage unit of the storage device. In addition, the controller further encrypts the encrypted user password by using the encrypted system password. The system password includes an ID or a PUK of the storage device.

"According to an embodiment of the present invention, the controller further reads the third private key and decrypts the third private key by using the encrypted input password to restore the secured key, and reads the fourth private key and decrypts the fourth private key by using the secured key to restore the encrypted system password. The controller then determines whether the encrypted input password matches the encrypted system password, and the controller authorizes the host to access data in the storage unit when the encrypted input password matches the encrypted system password.

"According to an embodiment of the present invention, the storage device is a U-disk, a NAND flash memory, a NOR flash memory, a solid state drive (SSD), or a hard disk drive (HDD).

"According to an embodiment of the present invention, the host is a laptop, a desktop, a personal digital assistant (PDA), or a kernel-based virtual machine (KVM).

"In the present invention, a secured key and a user password are crossly encrypted, and data to be stored is encrypted by using the secured key and is respectively stored into a remote device, a host, and a secured area of a storage device together with the crossly encrypted secured key and user password. When a user is about to update the user password, access data, or recover data, the secured key and user password stored in foregoing devices are decrypted and compared with a password input by the user, and the user is authorized to access the data only when the user passes the authentication. Thereby, the security in data storage and recovery is enhanced."

URL and more information on this patent, see: Su, Jin-Chern; Chang, Pao-Hsin; Jang, Yi-Feng; Tseng, Tien-Chun. Method and System of Secured Data Storage and Recovery. U.S. Patent Number 8761403, filed January 7, 2009, and published online on June 24, 2014. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=8761403.PN.&OS=PN/8761403RS=PN/8761403

Keywords for this news article include: EE Solutions Inc, Information Technology, Information and Data Storage, Information and Data Security, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters