WO2002005098A1 - A secure data storage device - Google Patents

A secure data storage device Download PDF

Info

Publication number
WO2002005098A1
WO2002005098A1 PCT/AU2001/000815 AU0100815W WO0205098A1 WO 2002005098 A1 WO2002005098 A1 WO 2002005098A1 AU 0100815 W AU0100815 W AU 0100815W WO 0205098 A1 WO0205098 A1 WO 0205098A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
access
memory
storage device
data
Prior art date
Application number
PCT/AU2001/000815
Other languages
French (fr)
Inventor
Ruben Gonzalez
Original Assignee
Activesky, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Activesky, Inc. filed Critical Activesky, Inc.
Priority to AU2001268850A priority Critical patent/AU2001268850A1/en
Publication of WO2002005098A1 publication Critical patent/WO2002005098A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/22Safety or protection circuits preventing unauthorised or accidental access to memory cells
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the present invention relates to secure storage of data, and in particular to a device for secure data storage for use with electronic devices to provide for secure distribution and rights management of stored data.
  • United States Patent 5,761,609 to Chen, Chung-Shan discloses a limited use circuit in an electronic system that comprises a state machine which controls the operability of the electronic system and determines after boot whether a non-volatile memory device is at its initial data point and then allows the system to operate if it is at its initial data point or causes the electronic system to go down if it is not.
  • the non- volatile memory and an adder may be used to maintain a count of each time the system is turned on..
  • the circuit however is limited in the access control it can provide since it relies merely on a count and nothing more . Unauthorised access can only be prevented after a count is reached, and not before.
  • Figure 1 is a block diagram of a preferred embodiment of a secure digital storage device
  • Figure 2 is block diagram of a preferred embodiment of a secure address logic circuit of the secure digital storage device.
  • Figure 3 is a schematic diagram of a fuse cell of the secure digital storage device.
  • a secure data storage device 1 includes a data storage memory 6 and a secure address logic circuit 4 for controlling access to the storage memory 6. There is one access control circuit 4 in this embodiment, but in other embodiments a plurality of access control circuits could be provided.
  • the storage device 1 may be used to provide data to an electronic device (not shown) by connecting the hardware interface 2 of the storage device 1 to the expansion port of the electronic device.
  • the electronic device could be a handheld digital computer such as a personal data assistant (PDA), a mobile telephone, a game system, or any other kind of digital processing device with standard hardware interface 2, such as an expansion port.
  • PDA personal data assistant
  • the secure data storage device 1 can be used with a variety of electronic devices by providing industry standard interfaces such as the Handspring Springboard interface, the Compact Flash interface, or Sony's Memory Stick interface as the hardware interface 2.
  • the electronic device may communicate with a host computing device, such as a server of service provider.
  • the storage memory 6 is preferably a non-volatile, solid-state, programmable readonly memory (PROM), such as the fuse or anti-fuse memories developed by Actel and Quicklogic.
  • PROM programmable readonly memory
  • the storage memory 6 could also be erasable programmable readonly memory (e.g., flash memory, EPROM, EEPROM), or any kind of device that can store digital data, including mini disk drives.
  • the only practical requirements are small size, high density, rapid access and low cost.
  • Access to the storage memory 6 is controlled by the access control circuit 4, which restricts access to certain memory addresses input from the address bus 3, based on security data supplied from the data bus 5 and data contained in the access control circuit 4.
  • the address bus 3 and the data bus 5 signals are supplied from the connected electronic device to the storage device 1 through the hardware interface 2.
  • the access control circuit 4 is only applied to the address bus 3; however, it could also be used to restrict access to the data bus 5.
  • the decryption engine 8 processes encrypted data from the storage medium 6 and passes the unencrypted result to the data bus 5 of the handheld device via the hardware interface 2.
  • the decryption engine 8 could be a software or hardware implementation of a decryption algorithm such as the DES, RSA, AES, ECC, or other known algorithms, or a general-purpose engine capable of deciphering custom encryption algorithms.
  • the same user supplied key can be used for the decryption as well as the access control.
  • the user supplied key can be obtained for example by purchasing a data storage card that provides the storage memory 6 or device 1 and which contains a device ID or password. This ID or password is then provided to a distributor who supplies the user with the key.
  • an additional user input storage register can be provided for the decryption key.
  • the decryption can be performed in software totally on the host computing device.
  • a unique device ID identification
  • each storage device 1 or 6 is uniquely identified in the form of a hardwired number. This number would be required to be provided in order to receive a decryption key.
  • the key can be provided by a distributor, online or otherwise, without having to pass on the ID from a storage device or card.
  • a plurality of keys could be provided in a pay per view type system, so that for each key paid for, a user would be entitled to one or more plays or views.
  • the key would be passed to the software of the host computer.
  • the key would be stored on the device 1.
  • FIG. 2 illustrates a block diagram of the access control circuit 4.
  • the circuit 4 includes two registers 22 and 24 for storing access keys or passwords. These keys are preferably at least 128 bits long to make the system more secure, however a shorter key would also be allowable.
  • a read-only fixed key register 24 contains a key, which is permanently stored in the non-volatile register by the content provider.
  • a user key register
  • the attempt counter circuit 34 contains a programmable, non- volatile memory, which stores the total number of unsuccessful key match attempts. Access is permanently denied if the number of unsuccessful attempts equals or exceeds a preset number stored in a read-only memory register in the attempt counter circuit 34.
  • the user key register 22 is implemented in volatile memory so that when power is removed (i.e., when the secure storage device 1 is disconnected from the handheld electronic device), the user key is lost.
  • the system uses read only memory 6, it is possible to use the same or overlap the memory address for accessing one or more of the user key register 22, the security control circuit 32 or the fixed key register with memory addresses for the data storage memory 6.
  • a write operation at an overlapped address would access only the registers and circuit that can be written to, and this can be used to distinguish the overlapped or duplicated address spaces.
  • the overlapping with the ROM memory address makes it very difficult to locate the address of the key and therefore enhances the security of the storage device.
  • the access control circuit 4 is also used to limit the number of times that the storage memory 6 can be accessed.
  • a read count register bank 36 contains a number of read-only registers and associated programmable, non-volatile counters.
  • the read-only registers permanently store memory addresses, which map into the storage memory 6, and associated counters record the number of accesses to memory addresses within the ranges defined by the stored addresses. For example, 16 registers could be used to divide the storage memory 6 into 16 regions. Access to a particular address within the storage memory 6 is denied if the address falls within an address range, which has already been accessed a given number of times.
  • the number of accesses allowed by this circuit is determined by presetting the counters to some non-zero value, and access is denied when the counters reach zero.
  • a preset value of 30 for a particular range of memory addresses would allow 30 accesses to that memory region. The same can be achieved by presetting the counters to an integer value P and access denial taking place when the counters attain an integer value Q.
  • a particular range of memory addresses would allow ⁇ P-Q ⁇ accesses to the memory region where ⁇ P-Q ⁇ is the absolute value of the difference between integer P and integer Q.
  • a security control circuit 32 of the access circuit 4 enables or disables each method, based on a (possibly encrypted) security key sent to the circuit and preset, read-only data stored in the circuit by the content provider.
  • a security control circuit 32 of the access circuit 4 enables or disables each method, based on a (possibly encrypted) security key sent to the circuit and preset, read-only data stored in the circuit by the content provider.
  • either one or both of the access methods could be bypassed in certain circumstances, provided that the access limits described above have not been reached.
  • an encrypted user key could be retrieved from a content distributor's online key server, decrypted, sent to the user key register 22 to enable access to the storage memory 6, and then deleted when the access has completed. This would facilitate a pay-per-view type of charging system without requiring a preset limit on the number of accesses to the storage memory 6.
  • the output of the two test circuits 34 and 36 is sent to address gate logic 30 of the circuit 4, which sends the address data to the storage memory 6 if the enabled user key and the access count tests have passed. If the key test is disabled, its output is set to be the same output that is sent when the test succeeds.
  • address gate logic 30 When access is granted by the address gate logic 30, a signal is sent to the read count register bank 36 in order to increment the counter recording the number of accesses to this memory range. However, if the memory count register bank 36 is disabled, the counter is not incremented.
  • the attempt counter circuit 34 and the read count register bank 36 in the access control circuit 4 store data in programmable, non-volatile memory.
  • this memory is advantageously based on fuse or anti-fuse technology.
  • FIG. 3 is a schematic diagram of a fuse cell of the counter circuit 34 and the register bank 36.
  • a non- volatile memory cell may be formed from a single transistor 16 and a fuse element 14 in which the state of the fuse determines the binary value of the memory cell bit.
  • Each cell can have its state changed only once after manufacturing by 'blowing' the cell fuse 14. Blowing a fuse opens the initially closed circuit, whereas blowing an anti-fuse closes the initially open connection.
  • a cell is programmed by applying a relatively high-voltage (e.g., * 15 volts generated by a DC amplifier within the access control circuit 4) across the fuse. The cell is then read in the usual way when selected by the address line 10, sending the cell bit value out on the digit line 12.
  • a relatively high-voltage e.g., * 15 volts generated by a DC amplifier within the access control circuit
  • fuse or anti-fuse memory cells are used for the programmable counters of the access control circuit 4, they would not constitute normal 'counters' as such, since each bit can only be 'written' once and is not erasable.
  • a fuse based 'counter' can only count up to the number of bits within the counter, since bits cannot be cleared once they have been set. For example, a 32-bit counter based on fuse technology could only be changed 32 times, effectively counting, for example, from zero to 31. As will be well understood, after the count is read a cell is blown to change the count.

Abstract

A secure data storage device (1) having data storage memory (6) and an access control circuit (4). The access control circuit (4) maintains an attempt count of invalid access attempts and an access account of valid accesses to the memory (6). The access control circuit (4) disables access to the memory (6) when the attempt count or the access count exceeds a respective predetermined value. The counts are maintained in memory cells with fusible links.

Description

A SECURE DATA STORAGE DEVICE
Field of the Invention
The present invention relates to secure storage of data, and in particular to a device for secure data storage for use with electronic devices to provide for secure distribution and rights management of stored data.
Background of the Invention
Improvements in technology have led to a proliferation of handheld electronic devices such as tiny computers, personal data assistants (PDAs), game systems, MP3 audio players and mobile phones. These devices have limited storage capacities, which restricts their use for applications (e.g., multimedia), which require large amounts of data. Flash memory expansion cards are able to provide additional memory, but they do not provide any security features to inhibit copying of the memory content, nor do they provide any kind of digital rights management. This is particularly relevant to situations where proprietary or copyrighted content is provided on a non-volatile read-only memory device.
United States Patent 5,761,609 to Chen, Chung-Shan discloses a limited use circuit in an electronic system that comprises a state machine which controls the operability of the electronic system and determines after boot whether a non-volatile memory device is at its initial data point and then allows the system to operate if it is at its initial data point or causes the electronic system to go down if it is not. The non- volatile memory and an adder may be used to maintain a count of each time the system is turned on..The circuit however is limited in the access control it can provide since it relies merely on a count and nothing more . Unauthorised access can only be prevented after a count is reached, and not before.
It is desired to provide a secure data storage system, and a means for controlling access to facilitate secure distribution and digital rights management of stored content, or at least provide a useful alternative. Summarv of the Invention
In accordance with the present invention there is provided a data storage device, including: data storage memory; access control means for maintaining an attempt count of invalid access attempts and an access count of valid accesses, to said data storage memory; and means for disabling access to said data storage memory when said attempt count or said access count reaches a respective predetermined integer value.
The present invention also provides a circuit for a digital storage device capable of interfacing with a handheld electronic device, comprising at least one access control circuit, each said access control circuit including two registers for storing access keys, a non-volatile read-only fixed key register containing a first key, which is permanently stored in said register, a user key register for temporarily storing a second key supplied by application software, a key test circuit capable of comparing said first key and said second key, means for denying access to said storage device if said first key and said second key do not match, and an attempt counter circuit capable of recording an unsuccessful attempt to match said first and second keys, said attempt counter circuit including a programmable, non-volatile memory, capable of storing the total number of said unsuccessful key match attempts, means for permanently denying access if said number of unsuccessful attempts equals or exceeds a preset number stored in a read-only memory register in said attempt counter circuit, said user key register being implemented in volatile memory so that when power is removed or when said secure storage device is disconnected from said handheld electronic device, said user key is lost.
The present invention also provides a data storage device, including: data storage memory; and access control means for maintaining an attempt count of invalid access attempts and an access count of valid accesses to said memory, and for disabling access to said memory when said attempt count or said access count exceed a respective predetermined value. The present invention also provides a data storage device including: data storage memory; and an access control circuit for maintaining an attempt count of invalid access attempts, said count being represented by data in memory cells having fusible links, and for disabling access to said memory when the attempt count exceeds a predetermined value.
Brief Description of the Drawings
Preferred embodiments of the present invention are hereinafter described, by way of example only, with reference to the accompanying drawings, wherein:
Figure 1 is a block diagram of a preferred embodiment of a secure digital storage device;
Figure 2 is block diagram of a preferred embodiment of a secure address logic circuit of the secure digital storage device; and
Figure 3 is a schematic diagram of a fuse cell of the secure digital storage device.
Detailed Description of the Preferred Embodiments
Referring to Figure 1, a secure data storage device 1 includes a data storage memory 6 and a secure address logic circuit 4 for controlling access to the storage memory 6. There is one access control circuit 4 in this embodiment, but in other embodiments a plurality of access control circuits could be provided. The storage device 1 may be used to provide data to an electronic device (not shown) by connecting the hardware interface 2 of the storage device 1 to the expansion port of the electronic device. The electronic device could be a handheld digital computer such as a personal data assistant (PDA), a mobile telephone, a game system, or any other kind of digital processing device with standard hardware interface 2, such as an expansion port. The secure data storage device 1 can be used with a variety of electronic devices by providing industry standard interfaces such as the Handspring Springboard interface, the Compact Flash interface, or Sony's Memory Stick interface as the hardware interface 2. The electronic device may communicate with a host computing device, such as a server of service provider. The storage memory 6 is preferably a non-volatile, solid-state, programmable readonly memory (PROM), such as the fuse or anti-fuse memories developed by Actel and Quicklogic. However, the storage memory 6 could also be erasable programmable readonly memory (e.g., flash memory, EPROM, EEPROM), or any kind of device that can store digital data, including mini disk drives. The only practical requirements are small size, high density, rapid access and low cost.
Access to the storage memory 6 is controlled by the access control circuit 4, which restricts access to certain memory addresses input from the address bus 3, based on security data supplied from the data bus 5 and data contained in the access control circuit 4. The address bus 3 and the data bus 5 signals are supplied from the connected electronic device to the storage device 1 through the hardware interface 2. In the present embodiment, the access control circuit 4 is only applied to the address bus 3; however, it could also be used to restrict access to the data bus 5.
Additional security is available by including a decryption engine 8 and storing the digital data in an encrypted form in the storage memory 6. The decryption engine 8 processes encrypted data from the storage medium 6 and passes the unencrypted result to the data bus 5 of the handheld device via the hardware interface 2. The decryption engine 8 could be a software or hardware implementation of a decryption algorithm such as the DES, RSA, AES, ECC, or other known algorithms, or a general-purpose engine capable of deciphering custom encryption algorithms. In this case, the same user supplied key can be used for the decryption as well as the access control. The user supplied key can be obtained for example by purchasing a data storage card that provides the storage memory 6 or device 1 and which contains a device ID or password. This ID or password is then provided to a distributor who supplies the user with the key.
In an alternative embodiment an additional user input storage register can be provided for the decryption key.
In another configuration, the decryption can be performed in software totally on the host computing device. This could serve as a lower cost alternative. In this case again a unique device ID (identification) could be provided which would be accessible to users who purchase a loaded storage device 6 or 1 in the form of a card or the like, and are then able to provide the ID to a distributor online or otherwise, so as to be provided with at least one user key (password). In this distribution model each storage device 1 or 6 is uniquely identified in the form of a hardwired number. This number would be required to be provided in order to receive a decryption key.
Alternately, the key can be provided by a distributor, online or otherwise, without having to pass on the ID from a storage device or card. A plurality of keys could be provided in a pay per view type system, so that for each key paid for, a user would be entitled to one or more plays or views. In such an arrangement using a software cipher, the key would be passed to the software of the host computer. In a hardware cipher arrangement the key would be stored on the device 1.
Figure 2 illustrates a block diagram of the access control circuit 4. The circuit 4 includes two registers 22 and 24 for storing access keys or passwords. These keys are preferably at least 128 bits long to make the system more secure, however a shorter key would also be allowable. A read-only fixed key register 24 contains a key, which is permanently stored in the non-volatile register by the content provider. A user key register
22 temporarily stores a key supplied by application software. A key test circuit 26 compares the two keys. If the keys do not match, then access to the storage memory 6 is denied and an attempt counter circuit 34 records the unsuccessful attempt. The attempt counter circuit 34 contains a programmable, non- volatile memory, which stores the total number of unsuccessful key match attempts. Access is permanently denied if the number of unsuccessful attempts equals or exceeds a preset number stored in a read-only memory register in the attempt counter circuit 34. The user key register 22 is implemented in volatile memory so that when power is removed (i.e., when the secure storage device 1 is disconnected from the handheld electronic device), the user key is lost.
In an alternative embodiment because the system uses read only memory 6, it is possible to use the same or overlap the memory address for accessing one or more of the user key register 22, the security control circuit 32 or the fixed key register with memory addresses for the data storage memory 6. A write operation at an overlapped address would access only the registers and circuit that can be written to, and this can be used to distinguish the overlapped or duplicated address spaces. The overlapping with the ROM memory address makes it very difficult to locate the address of the key and therefore enhances the security of the storage device.
The access control circuit 4 is also used to limit the number of times that the storage memory 6 can be accessed. A read count register bank 36 contains a number of read-only registers and associated programmable, non-volatile counters. The read-only registers permanently store memory addresses, which map into the storage memory 6, and associated counters record the number of accesses to memory addresses within the ranges defined by the stored addresses. For example, 16 registers could be used to divide the storage memory 6 into 16 regions. Access to a particular address within the storage memory 6 is denied if the address falls within an address range, which has already been accessed a given number of times. The number of accesses allowed by this circuit is determined by presetting the counters to some non-zero value, and access is denied when the counters reach zero. A preset value of 30 for a particular range of memory addresses would allow 30 accesses to that memory region. The same can be achieved by presetting the counters to an integer value P and access denial taking place when the counters attain an integer value Q. Thus a particular range of memory addresses would allow {P-Q} accesses to the memory region where {P-Q} is the absolute value of the difference between integer P and integer Q.
The two access methods of key matching and access counting may be used independently or in combination. A security control circuit 32 of the access circuit 4 enables or disables each method, based on a (possibly encrypted) security key sent to the circuit and preset, read-only data stored in the circuit by the content provider. Thus either one or both of the access methods could be bypassed in certain circumstances, provided that the access limits described above have not been reached. In one mode of operation, an encrypted user key could be retrieved from a content distributor's online key server, decrypted, sent to the user key register 22 to enable access to the storage memory 6, and then deleted when the access has completed. This would facilitate a pay-per-view type of charging system without requiring a preset limit on the number of accesses to the storage memory 6. However, once the maximum number of unsuccessful key attempts has been determined as having been reached by the attempt count circuit 34, access to the storage memory 6 is permanently denied, irrespective of whether the key test circuit 26 is enabled or disabled. Similarly, when the read count register bank 36 determines that the number of successful accesses to a region of memory has reached the maximum access count, access to that region of memory is permanently disabled, irrespective of whether the read count register bank 36 is enabled or disabled.
The output of the two test circuits 34 and 36 is sent to address gate logic 30 of the circuit 4, which sends the address data to the storage memory 6 if the enabled user key and the access count tests have passed. If the key test is disabled, its output is set to be the same output that is sent when the test succeeds. When access is granted by the address gate logic 30, a signal is sent to the read count register bank 36 in order to increment the counter recording the number of accesses to this memory range. However, if the memory count register bank 36 is disabled, the counter is not incremented.
The attempt counter circuit 34 and the read count register bank 36 in the access control circuit 4 store data in programmable, non-volatile memory. This could be conventional flash memory or electrically erasable EEPROM. However, this memory is advantageously based on fuse or anti-fuse technology.
Figure 3 is a schematic diagram of a fuse cell of the counter circuit 34 and the register bank 36. As illustrated, a non- volatile memory cell may be formed from a single transistor 16 and a fuse element 14 in which the state of the fuse determines the binary value of the memory cell bit. Each cell can have its state changed only once after manufacturing by 'blowing' the cell fuse 14. Blowing a fuse opens the initially closed circuit, whereas blowing an anti-fuse closes the initially open connection. A cell is programmed by applying a relatively high-voltage (e.g., * 15 volts generated by a DC amplifier within the access control circuit 4) across the fuse. The cell is then read in the usual way when selected by the address line 10, sending the cell bit value out on the digit line 12. If fuse or anti-fuse memory cells are used for the programmable counters of the access control circuit 4, they would not constitute normal 'counters' as such, since each bit can only be 'written' once and is not erasable. A fuse based 'counter' can only count up to the number of bits within the counter, since bits cannot be cleared once they have been set. For example, a 32-bit counter based on fuse technology could only be changed 32 times, effectively counting, for example, from zero to 31. As will be well understood, after the count is read a cell is blown to change the count.
Many modifications will be apparent to those skilled in the art without departing from the scope of the present invention as herein described with reference to the accompanying drawings.

Claims

CLAIMS:
1. A data storage device, including: data storage memory; access control means for maintaining an attempt count of invalid access attempts and an access count of valid accesses, to said data storage memory; and means for disabling access to said data storage memory when said attempt count or said access count reaches a respective predetermined integer value.
2. A data storage device according to claim 1 capable of connecting via an interface to a handheld electronic device such as a handheld digital computer, a personal data assistant (PDA), a game system, a mobile telephone, or any digital processing device with an expansion port.
3. A data storage device according to claim 2 wherein said handheld electronic device is capable of operating with a pay-per-view type of charging system without requiring a preset limit on the number of accesses to said storage memory, and wherein, once said attempt count has reached said respective predetermined value, access to said storage memory is permanently denied.
4. A data storage device according to claim 1 wherein the said predetermined integer value equals one.
5. A data storage device according to claims any one of 1-4 wherein said counts are represented by memory cells incorporating fuse or anti-fuse links.
6. A data storage device according to claim 1 wherein said access control means includes a key access control means, comprising: access control key storage means; user- supplied access key storage means; key test means for processing said access control key and said user-supplied key, and means for denying user access.
7. A data storage device according to claim 1, comprising: a first storage means for storing an access control key; a second storage means for storing a user-supplied access key; and a key test means for processing said access control key and said user-supplied key, and means for denying access to said storage memory if the result of said processing has a predetermined characteristic.
8. A data storage device according to claim 7 wherein said first storage means comprises a non-volatile, read-only memory device, and said second storage means comprises a programmable, volatile memory device.
9. A data storage device according to claim 7 in which said key test means includes an attempt counter circuit, comprising non-volatile storage memory for storing the number of unsuccessful key tests.
10. A data storage device according to claim 6 wherein said access control means includes an access count control circuit, comprising non-volatile, read-only storage means for maintaining a count of the number of times that a memory range has been accessed and a logic circuit for denying access to a memory address if said address falls within said memory range and the count is exceeded for said range.
11. A data storage device according to claim 10 wherein said access control means includes a security control circuit to enable or disable said key access control means and/or said access count control circuit.
12. A circuit for a digital storage device capable of interfacing with a handheld electronic device, comprising at least one access control circuit, each said access control circuit including two registers for storing access keys, a non-volatile read-only fixed key register containing a first key, which is permanently stored in said register, a user key register for temporarily storing a second key supplied by application software, a key test circuit capable of comparing said first key and said second key, means for denying access to said storage device if said first key and said second key do not match, and an attempt counter circuit capable of recording an unsuccessful attempt to match said first and second keys, said attempt counter circuit including a programmable, non-volatile memory, capable of storing the total number of said unsuccessful key match attempts, means for permanently denying access if said number of unsuccessful attempts equals or exceeds a preset number stored in a read-only memory register in said attempt counter circuit, said user key register being implemented in volatile memory so that when power is removed or when said secure storage device is disconnected from said handheld electronic device, said user key is lost.
13. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to claim 12 including means to limit the number of times that said storage memory device can be accessed, comprising a read count register bank containing a plurality of read-only registers with associated programmable, non-volatile counters, said read-only registers corresponding to addresses into said data storage memory, and said associated counters being capable of recording the number of accesses to said memory addresses within the ranges of said stored addresses, , and including means to deny access to a respective address within said storage memory if said address falls within an address range which has been accessed a predetermined number of times.
14. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to claim 12 or 13 wherein said limiting means is determined by presetting the counters to a positive integer value P and said access denial takes place when said counters attain a zero value, and whereby P accesses are allowed to a particular range of memory addresses.
15. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to claim 12 or 13 wherein said limiting means is determined by presetting the counters to an integer value P and said access denial takes place when said counters attain an integer value Q, and whereby {P-Q} accesses are allowed to a particular range of memory addresses.
16. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to any one of claims 12-15 wherein access to the storage memory is controlled by said access control circuit which restricts access to certain memory addresses input from at least one address bus, security data input from at least one data bus, and data contained in said access control circuit, said address bus and said data bus signals being input from said connected electronic device to said storage device through said hardware interface.
17. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to claim 16 wherein each said access control circuit restricts access to both said address bus and to said at least one data bus.
18. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to any one of claims 12-17 including a decryption engine and means for storing digital data in an encrypted form in said storage memory, wherein said decryption engine processes encrypted data from said storage medium and passes the unencrypted result to said data bus of said handheld device via said hardware interface.
19. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to claim 18 wherein said decryption engine comprises a hardware implementation of a symmetric algorithm such as AES or DES, or a public key algorithm such as RSA or ECC or a general purpose engine capable of deciphering custom encryption algorithms.
20. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to any one of claims 18-19 wherein the same user supplied key is used for decryption.
21. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to any one of claims 12-20 wherein both said methods of key matching and access counting may be used independently or in combination, and further including a security control circuit capable of enabling or disabling each of said methods by means of a key test circuit and a read count register bank respectively, based on a security key sent to said circuit and preset read-only data stored in said circuit by a content provider or the like, whereby either one or both of said access methods could be bypassed in certain circumstances, provided the access limits have not been reached.
22. A digital storage device capable of interfacing with a handheld electronic device including a circuit according to any one of claims 12-21 said digital storage device including means to retrieve an encrypted user key from a content provider's online key server, means for decrypting said user key, means to send said user key to said user key register to enable access to said storage memory, and means for deleting said user key when said access has completed.
23. A pay-per-view type of charging system for a handheld electronic device including a circuit in a digital storage device according to any one of claims 13-22 including means to access audio, video, animation, or images in said storage memory without requiring a preset limit on the number of accesses to said storage memory, and wherein, once a maximum number of said unsuccessful key attempts has been attained, access to said storage memory is permanently denied, irrespective of whether said key test circuit is enabled or disabled, and when a number of successful accesses to a region of memory has reached a maximum access count, access to said region of memory is permanently disabled, irrespective of whether said read count register bank is enabled or disabled.
24. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to any one of claims 12-21 including fuse or anti-fuse technology wherein a non-volatile memory cell is formed from a single transistor and a fuse element in which the state of said fuse determines the binary value of said memory cell, and whereby each said cell is capable of having its state changed only once by blowing said cell fuse, wherein said blowing of a fuse opens an initially closed circuit, whereas blowing an anti-fuse closes an initially open connection, and means for programming said cell by applying a relatively high-voltage within said access control circuit across said fuse, further including an address line capable of reading said cell and an output digit line capable of sending the cell bit value out.
25. A digital storage device capable of interfacing with a handheld electronic device according to any one of claims 1-11 including means to retrieve an encrypted user key from a content provider's online key server, means for decrypting said user key, means to send said user key to a user key register to enable access to storage memory, and means for deleting said user key when said access has completed.
26. A digital storage device capable of interfacing with a handheld electronic device according to any one of claims 1-11 including a decryption engine and means for storing digital data in an encrypted form in said storage memory, wherein said decryption engine processes encrypted data from said storage medium and passes the unencrypted result to said data bus of said handheld device via said hardware interface.
27. A digital storage device capable of interfacing with a handheld electronic device according to claim 26 wherein said decryption engine comprises a hardware implementation of a symmetric algorithm such as AES or DES, or a public key algorithm such as RSA or ECC or a general purpose engine capable of deciphering custom encryption algorithms.
28. A digital storage device capable of interfacing with a handheld electronic device according to any one of claims 26-27 wherein the user supplied key is used for the decryption.
29. A digital storage device capable of interfacing with a handheld electronic device according to any one of claims 26-28 including an additional user input storage register for the decryption key.
30. A digital storage device capable of interfacing with a handheld electronic device according to any one of claims 26-29 whereby the decryption is performed in software on a host computing device.
31. A pay-per-view type of charging system for a handheld electronic device including a digital storage device according to any one of claims 1-11 incorporating means to access audio, video, animation, or images in said storage memory without requiring a preset limit on the number of accesses to said storage memory, and wherein, once a maximum number of said unsuccessful key attempts has been attained, access to said storage memory is permanently denied, irrespective of whether a key matching test is enabled or disabled.
32. A pay-per-view type of charging system for a handheld electronic device including a digital storage device according to claim 31 whereby when the number of successful accesses to a region of memory has reached a maximum access count, access to said region of memory is permanently disabled, irrespective of whether a read count register bank is enabled or disabled.
33. A digital storage device capable of interfacing with a handheld electronic device according to claims 26-29 whereby a unique device identification is provided to users to provide the said identification so as to be provided with a user key.
34. A digital storage device capable of interfacing with a handheld electronic device according to claim 33 whereby said device identification is represented by a hardwired data value.
35. A pay-per-view type of charging system for a handheld electronic device including a digital storage device according to claim 23 whereby a unique device identification is provided to users to provide the said identification so as to be provided with a user key.
36. A pay-per-view type of charging system for a handheld electronic device according to claim 35 whereby said device identification is represented by a hardwire data value.
37. A pay-per-view type of charging system for a handheld electronic device according to claim 23 wherein said storage memory is ROM memory and said digital storage device overlaps a memory address for user data with a memory address for data in said data storage ROM memory.
38. A circuit for a digital storage device capable of interfacing with a handheld electronic device, according to any one of claims 12-22, including read only memory in said storage, and overlapping a memory address for key data with a memory address for data in said read only memory.
39. A data storage device according to any one of claims 1-5 including key based access control whereby a key is capable of being downloaded to said device from a host computing device.
40. A data storage device according to any one of claims 1-5 including means to segment the memories into multiple sections each protected by a separate key.
41. A data storage device, including: data storage memory; and access control means for maintaining an attempt count of invalid access attempts and an access count of valid accesses to said memory, and for disabling access to said memory when said attempt count or said access count exceed a respective predetermined value.
42. A data storage device as claimed in claim 41, wherein said counts cannot be reset.
43. A data storage device as claimed in claim 41, wherein said counts are represented by data in memory cells having fusible links.
44. A data storage device as claimed in claim 43, wherein said counts are maintained by blowing at least one of said memory cells.
45. A data storage device as claimed in any one of claims 41 to 44, wherein said access control means includes a key access control circuit, comprising: a first storage means for storing an access control key; a second storage means for storing a user-supplied access key; and a key test circuit for executing a key test by comparing said access control key and said user-supplied key, and for denying access to said storage memory if the result of said key test is negative.
46. A data storage device as claimed in claim 45, wherein said first storage means is a non-volatile, read-only memory device, and said second storage means is a volatile memory device.
47. A data storage device as claimed in claim 46, wherein said key access control circuit includes an attempt counter circuit, comprising: non-volatile storage means for storing said attempt count representing the number of negative key tests; and means for denying access to said storage memory when said number exceeds said predetermined value for said attempt count.
48. A data storage device as claimed in any one of claims 41 to 42, wherein said access control means includes an access count control circuit, comprising: non-volatile, read-only storage means for storing range data representing ranges of memory addresses within said memory; and programmable, non-volatile storage means for maintaining said access count for each of said memory ranges; and a logic circuit for denying access to a memory address for said access count if said address falls within one of said memory ranges and said predetermined value for said access count is exceeded for said one of said ranges.
49. A data storage device as claimed in claim 47, wherein said access control means includes a security control circuit to enable or disable said key access control circuit.
50. A data storage device as claimed in claim 48, wherein said access control means includes a security control circuit to enable or disable said access count control circuit.
51. A pay-per-view type of charging system for a handheld electronic device according to claim 38 wherein said key data is stored in said user key register.
52. A data storage device including: data storage memory; and an access control circuit for maintaining an attempt count of invalid access attempts, said count being represented by data in memory cells having fusible links, and for disabling access to said memory when the attempt count exceeds a predetermined value.
53. A data storage device as claimed in any one of claims 41 to 50 and 52, wherein said device comprises a card unit with an interface, such as an expansion port, for connection to an electronic device.
PCT/AU2001/000815 2000-07-07 2001-07-06 A secure data storage device WO2002005098A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001268850A AU2001268850A1 (en) 2000-07-07 2001-07-06 A secure data storage device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPQ8660 2000-07-07
AUPQ8660A AUPQ866000A0 (en) 2000-07-07 2000-07-07 A secure data storage device

Publications (1)

Publication Number Publication Date
WO2002005098A1 true WO2002005098A1 (en) 2002-01-17

Family

ID=3822724

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2001/000815 WO2002005098A1 (en) 2000-07-07 2001-07-06 A secure data storage device

Country Status (2)

Country Link
AU (1) AUPQ866000A0 (en)
WO (1) WO2002005098A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005001673A1 (en) * 2003-06-30 2005-01-06 Koninklijke Philips Electronics, N.V. Digital self-erasure of key copy-protected storage
WO2005038633A1 (en) 2003-10-16 2005-04-28 Vodafone Holding Gmbh Device and method for securing and monitoring protected data
DE102005058878A1 (en) * 2005-12-09 2007-06-14 Infineon Technologies Ag Data transferring device e.g. universal asynchronous receiver/transmitter, for security-controller chip, has monitoring unit to monitor whether counter values satisfy condition and to output alarm signal if condition is not satisfied
EP1949295A2 (en) * 2005-11-14 2008-07-30 Nds Limited Secure read-write storage device
EP2400423A1 (en) * 2010-06-25 2011-12-28 Canon Kabushiki Kaisha Data processing apparatus and data processing method of data processing apparatus
EP2690577A1 (en) * 2012-07-23 2014-01-29 Getac Technology Corporation Electronic storage device and data protection method thereof
US10311253B2 (en) 2013-08-22 2019-06-04 Siemens Ag Österreich Method for protecting an integrated circuit against unauthorized access
US20230289301A1 (en) * 2019-11-07 2023-09-14 Micron Technology, Inc. Semiconductor device with secure access key and associated methods and systems

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0135422A1 (en) * 1983-08-11 1985-03-27 Societe Civile "A.B.C.D." Programme protection device used by a computer connected to at least one peripheral terminal
EP0256267A2 (en) * 1986-08-12 1988-02-24 Hitachi, Ltd. Microprocessor for retrying data transfer
GB2252692A (en) * 1991-01-24 1992-08-12 Nec Corp Method and system for access to a paging radio receiver
EP0696016A2 (en) * 1994-08-01 1996-02-07 Fujitsu Limited Method for managing security for card type storage medium and a card type storage medium
JPH0844633A (en) * 1994-07-27 1996-02-16 Hitachi Software Eng Co Ltd Illegal use preventing method for data
US5590202A (en) * 1995-01-18 1996-12-31 Zenith Electronics Corporation Countdown system for conditional access module
JPH11238017A (en) * 1998-02-19 1999-08-31 Matsushita Electric Ind Co Ltd Receiver
EP0982693A2 (en) * 1998-08-28 2000-03-01 International Business Machines Corporation Method to identify user-relevant states of the misoperation counter

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0135422A1 (en) * 1983-08-11 1985-03-27 Societe Civile "A.B.C.D." Programme protection device used by a computer connected to at least one peripheral terminal
EP0256267A2 (en) * 1986-08-12 1988-02-24 Hitachi, Ltd. Microprocessor for retrying data transfer
GB2252692A (en) * 1991-01-24 1992-08-12 Nec Corp Method and system for access to a paging radio receiver
JPH0844633A (en) * 1994-07-27 1996-02-16 Hitachi Software Eng Co Ltd Illegal use preventing method for data
EP0696016A2 (en) * 1994-08-01 1996-02-07 Fujitsu Limited Method for managing security for card type storage medium and a card type storage medium
US5590202A (en) * 1995-01-18 1996-12-31 Zenith Electronics Corporation Countdown system for conditional access module
JPH11238017A (en) * 1998-02-19 1999-08-31 Matsushita Electric Ind Co Ltd Receiver
EP0982693A2 (en) * 1998-08-28 2000-03-01 International Business Machines Corporation Method to identify user-relevant states of the misoperation counter

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005001673A1 (en) * 2003-06-30 2005-01-06 Koninklijke Philips Electronics, N.V. Digital self-erasure of key copy-protected storage
CN100418032C (en) * 2003-06-30 2008-09-10 Nxp股份有限公司 Digital self-erasure of key copy-protected storage
WO2005038633A1 (en) 2003-10-16 2005-04-28 Vodafone Holding Gmbh Device and method for securing and monitoring protected data
EP1676191A1 (en) * 2003-10-16 2006-07-05 Vodafone Holding GmbH Device and method for securing and monitoring protected data
US8417963B2 (en) 2005-11-14 2013-04-09 Cisco Technology, Inc. Secure read-write storage device
US8751821B2 (en) 2005-11-14 2014-06-10 Cisco Technology Inc. Secure read-write storage device
EP1949295A2 (en) * 2005-11-14 2008-07-30 Nds Limited Secure read-write storage device
EP1949295A4 (en) * 2005-11-14 2009-12-23 Nds Ltd Secure read-write storage device
EP2631835A1 (en) * 2005-11-14 2013-08-28 Nds Limited Secure read-write storage device
DE102005058878B4 (en) * 2005-12-09 2007-08-09 Infineon Technologies Ag Data transfer device and method for sending data
DE102005058878A1 (en) * 2005-12-09 2007-06-14 Infineon Technologies Ag Data transferring device e.g. universal asynchronous receiver/transmitter, for security-controller chip, has monitoring unit to monitor whether counter values satisfy condition and to output alarm signal if condition is not satisfied
CN102394996A (en) * 2010-06-25 2012-03-28 佳能株式会社 Data processing apparatus and data processing method of data processing apparatus
US8458423B2 (en) 2010-06-25 2013-06-04 Canon Kabushiki Kaisha Data processing apparatus and data processing method of data processing apparatus
EP2400423A1 (en) * 2010-06-25 2011-12-28 Canon Kabushiki Kaisha Data processing apparatus and data processing method of data processing apparatus
CN102394996B (en) * 2010-06-25 2015-07-08 佳能株式会社 Data processing apparatus and data processing method of data processing apparatus
EP2690577A1 (en) * 2012-07-23 2014-01-29 Getac Technology Corporation Electronic storage device and data protection method thereof
US10311253B2 (en) 2013-08-22 2019-06-04 Siemens Ag Österreich Method for protecting an integrated circuit against unauthorized access
US20230289301A1 (en) * 2019-11-07 2023-09-14 Micron Technology, Inc. Semiconductor device with secure access key and associated methods and systems

Also Published As

Publication number Publication date
AUPQ866000A0 (en) 2000-08-03

Similar Documents

Publication Publication Date Title
US7356659B2 (en) Nonvolatile semiconductor memory and method of managing information in information distribution system
US8276185B2 (en) Enhanced security memory access method and architecture
US6457126B1 (en) Storage device, an encrypting/decrypting device and method of accessing a non-volatile memory
US6606707B1 (en) Semiconductor memory card
US5048085A (en) Transaction system security method and apparatus
US5148481A (en) Transaction system security method and apparatus
US7062623B2 (en) Method and device for providing hidden storage in non-volatile memory
JP3774260B2 (en) Memory card security system device and memory card thereof
US20070297606A1 (en) Multiple key security and method for electronic devices
US6182217B1 (en) Electronic data-processing device and system
US8464069B2 (en) Secure data access methods and apparatus
US8347114B2 (en) Method and apparatus for enforcing a predetermined memory mapping
US6996547B1 (en) Method for purchasing items over a non-secure communication channel
EP1684182B1 (en) Enhanced security memory access method and architecture
EP1273996A2 (en) Secure bootloader for securing digital devices
US8612774B2 (en) Secure OTP using external memory
US6636971B1 (en) Method and an apparatus for secure register access in electronic device
JP2003058840A (en) Information protection management program utilizing rfid-loaded computer recording medium
EP1325401A1 (en) System for protecting static and dynamic data against unauthorised manipulation
EP2228988A1 (en) Circuit for restricting data access
US8190920B2 (en) Security features in an electronic device
WO2002005098A1 (en) A secure data storage device
EP1684152A1 (en) Method and architecture for restricting access to a memory device
WO2000016179A1 (en) Method and device of disabling the unauthorised use of a computer
CN112632499A (en) Target device control method, target device control apparatus, security chip, and medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC (EPO FORMS 1205A DATED 26.03.03 AND 16.05.03)

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP