公开(公告)号：WO2007008540A3

公开(公告)日：2007-04-05

申请号：PCT/US2006026241

申请日：2006-07-05

Applicant: SANDISK CORP ,  GONZALEZ CARLOS J ,  FERCHAU JOERG ,  JAGOND-COULOMB FABRICE

Inventor： GONZALEZ CARLOS J ,  FERCHAU JOERG ,  JAGOND-COULOMB FABRICE

IPC: G06F21/34 ,  G06F21/41 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/34 ,  G06F21/41 ,  G06F2221/2115 ,  H04L63/0838 ,  H04L63/0853 ,  H04L2463/082

Abstract: A portable mass storage device for use in two factor authentication systems and methods. A secure portable mass storage device protects content from being freely copied with security mechanisms and firmware. The security functionality also protects confidential user credentials and passwords, as well as algorithms and seeds needed for two factor authentication or asymmetric authentication methods. A client application residing in the mass storage device acts as both a password manager and an authentication manager that seamlessly performs the authentication procedures in the background while signing a user into various institutions of his choosing. A very high level of security is integrated into a mass storage device the user has for purposes other than two factor authentication, and the convenience of highly secure password management also comes in a convenient pocket sized package easy for the user to transport. This facilitates the acceptance of two factor authentication, and increases security for a wide variety of online transactions.

Abstract translation: 用于双因素认证系统和方法的便携式大容量存储设备。 安全的便携式大容量存储设备可保护内容免受安全机制和固件的自由复制。 安全功能还可以保护机密用户凭证和密码，以及双因素身份验证或非对称身份验证方法所需的算法和种子。 驻留在大容量存储设备中的客户端应用程序充当密码管理器和认证管理器，其在后台无缝地执行认证过程，同时将用户签入他选择的各种机构。 用户拥有非常高级别的安全性，除了双重身份验证以外，还可以集成到大容量存储设备中，并且高度安全的密码管理的便利性也包含在便于用户运输的袖珍型便携包中。 这有助于接受双因素认证，并增加了各种在线交易的安全性。

公开(公告)号：WO2006069274A2

公开(公告)日：2006-06-29

申请号：PCT/US2005/046689

申请日：2005-12-21

Applicant: SANDISK CORPORATION ,  JAGOND-COULOMB, Fabrice ,  HOLTZMAN, Michael ,  QAWAMI, Bahman ,  BARZILAI, Ron

Inventor： JAGOND-COULOMB, Fabrice ,  HOLTZMAN, Michael ,  QAWAMI, Bahman ,  BARZILAI, Ron

IPC: G06F21/62 ,  G06F21/78

CPC classification number: G06F21/6209 ,  G06F21/6218 ,  G06F21/78

Abstract: In some mobile storage devices, content protection is afforded by dividing the memory into separate areas where access to protected areas requires prior authentication. While such feature does provide some protection, it does not protect against a user who obtained a password by illicit means. Thus, another aspect of the invention is based on the recognition that a mechanism or structure may be provided to divide a memory into partitions and so that at least some data in the partitions can be encrypted with a key, so that in addition to authentication that is required for accessing some of the partitions, access to one or more keys may be required to decrypt the encrypted data in such partitions. In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.

Abstract translation: 在某些移动存储设备中，内容保护是通过将内存分成单独的区域来提供的，其中访问保护区需要事先验证。 尽管此功能确实提供了一些保护，但它不能防止以非法手段获取密码的用户。 因此，本发明的另一方面基于这样的认识，即可以提供一种机制或结构来将存储器划分成分区，并且使得分区中的至少一些数据可以用密钥加密，使得除了认证 是访问某些分区所必需的，则可能需要访问一个或多个密钥来解密这些分区中的加密数据。 在某些应用程序中，用户可以更方便地使用一个应用程序登录存储器系统，然后可以使用不同的应用程序访问受保护的内容，而无需再次登录。 在这种情况下，用户希望以这种方式访问​​的所有内容可以与第一账户相关联，使得所有这样的内容可以经由不同的应用（例如音乐播放器，电子邮件，蜂窝通信等）被访问，而无需 多次登录。 然后，可以使用不同的一组认证信息登录以访问与第一账户不同的账户中的受保护内容，即使在不同账户是针对同一用户或实体的情况下。

公开(公告)号：WO2007030760A8

公开(公告)日：2008-07-31

申请号：PCT/US2006035155

申请日：2006-09-07

Applicant: SANDISK CORP ,  QAWAMI BAHMAN ,  JAGOND-COULOMB FABRICE ,  SABET-SHARGHI FARSHID ,  HOLTZMAN MICHAEL ,  CAILLON PASCAL ,  DWYER PATRICIA ,  MCAVOY PAUL ,  VARGAS PEDRO ,  YUAN PO ,  CHANG ROBERT C

Inventor： QAWAMI BAHMAN ,  JAGOND-COULOMB FABRICE ,  SABET-SHARGHI FARSHID ,  HOLTZMAN MICHAEL ,  CAILLON PASCAL ,  DWYER PATRICIA ,  MCAVOY PAUL ,  VARGAS PEDRO ,  YUAN PO ,  CHANG ROBERT C

IPC: G06F21/10

CPC classification number: G06F21/10 ,  G06F21/105 ,  G11B20/00086 ,  G11B20/0021 ,  G11B20/0071 ,  G11B20/00724 ,  G11B20/00731 ,  G11B20/00797 ,  G11B20/00862 ,  G11B20/00985 ,  G11B2220/61

公开(公告)号：WO2007030760A2

公开(公告)日：2007-03-15

申请号：PCT/US2006/035155

申请日：2006-09-07

Applicant: SANDISK CORPORATION ,  QAWAMI, Bahman ,  JAGOND-COULOMB, Fabrice ,  SABET-SHARGHI, Farshid ,  HOLTZMAN, Michael ,  CAILLON, Pascal ,  DWYER, Patricia ,  MCAVOY, Paul ,  VARGAS, Pedro ,  YUAN, Po ,  CHANG, Robert, C.

Inventor： QAWAMI, Bahman ,  JAGOND-COULOMB, Fabrice ,  SABET-SHARGHI, Farshid ,  HOLTZMAN, Michael ,  CAILLON, Pascal ,  DWYER, Patricia ,  MCAVOY, Paul ,  VARGAS, Pedro ,  YUAN, Po ,  CHANG, Robert, C.

IPC: G06F21/00

CPC classification number: G06F21/10 ,  G06F21/105 ,  G11B20/00086 ,  G11B20/0021 ,  G11B20/0071 ,  G11B20/00724 ,  G11B20/00731 ,  G11B20/00797 ,  G11B20/00862 ,  G11B20/00985 ,  G11B2220/61

Abstract: The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner.

Abstract translation: 存储设备包含控制结构，其允许以内容所有者或参与分发的服务提供者所设想的方式安全地分发媒体内容。 各种不同的途径可用于使用这样的存储器设备来分发媒体内容，例如设备包含以下一个或多个：缩减的预览媒体内容，加密的未删节的媒体内容，预付费内容，管理访问的权限和/或规则 到这样的内容。 存储设备具有一种控制结构，其使得服务提供商（也可以是内容所有者）为最终用户和终端向服务提供商注册的媒体内容分发创建安全环境，并且获得对该内容的访问 由服务提供商控制的方式。 可以以安全和有效的方式生成并加载要加载的各种组件（例如，预先预览的媒体内容，加密的未删节的媒体内容，预付费内容，管理对这些内容的访问的权限和/或规则）。

公开(公告)号：WO2007008540A2

公开(公告)日：2007-01-18

申请号：PCT/US2006/026241

申请日：2006-07-05

Applicant: SANDISK CORPORATION ,  GONZALEZ, Carlos J. ,  FERCHAU, Joerg ,  JAGOND-COULOMB, Fabrice

Inventor： GONZALEZ, Carlos J. ,  FERCHAU, Joerg ,  JAGOND-COULOMB, Fabrice

IPC: G06F21/20 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/34 ,  G06F21/41 ,  G06F2221/2115 ,  H04L63/0838 ,  H04L63/0853 ,  H04L2463/082

Abstract: A portable mass storage device for use in two factor authentication systems and methods. A secure portable mass storage device protects content from being freely copied with security mechanisms and firmware. The security functionality also protects confidential user credentials and passwords, as well as algorithms and seeds needed for two factor authentication or asymmetric authentication methods. A client application residing in the mass storage device acts as both a password manager and an authentication manager that seamlessly performs the authentication procedures in the background while signing a user into various institutions of his choosing. A very high level of security is integrated into a mass storage device the user has for purposes other than two factor authentication, and the convenience of highly secure password management also comes in a convenient pocket sized package easy for the user to transport. This facilitates the acceptance of two factor authentication, and increases security for a wide variety of online transactions.

Abstract translation: 一种用于双因素认证系统和方法的便携式大容量存储设备。 安全的便携式大容量存储设备保护内容不被安全机制和固件自由复制。 安全功能还保护机密用户凭据和密码，以及双因素身份验证或非对称身份验证方法所需的算法和种子。 驻留在大容量存储设备中的客户端应用程序既作为密码管理器又可以在将用户签入他所选择的各个机构时在背景中无缝地执行认证过程两者。 非常高级别的安全性被集成到用户对于除了两个因素身份验证之外的目的的大容量存储设备中，并且高度安全的密码管理的便利性还具有便于口袋大小的包装，便于用户运输。 这有助于双因素认证的接受，并增加了各种在线交易的安全性。

公开(公告)号：WO2006069274A3

公开(公告)日：2006-10-26

申请号：PCT/US2005046689

申请日：2005-12-21

Applicant: SANDISK CORP ,  JAGOND-COULOMB FABRICE ,  HOLTZMAN MICHAEL ,  QAWAMI BAHMAN ,  BARZILAI RON

Inventor： JAGOND-COULOMB FABRICE ,  HOLTZMAN MICHAEL ,  QAWAMI BAHMAN ,  BARZILAI RON

IPC: G06F21/62 ,  G06F21/78

CPC classification number: G06F21/6209 ,  G06F21/6218 ,  G06F21/78

Abstract: In some mobile storage devices, content protection is afforded by dividing the memory into separate areas where access to protected areas requires prior authentication. While such feature does provide some protection, it does not protect against a user who obtained a password by illicit means. Thus, another aspect of the invention is based on the recognition that a mechanism or structure may be provided to divide a memory into partitions and so that at least some data in the partitions can be encrypted with a key, so that in addition to authentication that is required for accessing some of the partitions, access to one or more keys may be required to decrypt the encrypted data in such partitions. In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.

Abstract translation: 在一些移动存储设备中，通过将存储器划分成对保护区的访问需要事先认证的单独区域来提供内容保护。 虽然这样的功能确实提供了一些保护，但是它不能防止以非法手段获得密码的用户。 因此，本发明的另一方面基于这样的认识：可以提供机制或结构来将存储器划分成分区，并且使得可以用密钥对分区中的至少一些数据进行加密，使得除了认证 是访问某些分区所必需的，可能需要访问一个或多个密钥来对这些分区中的加密数据进行解密。 在某些应用中，用户可以使用一个应用程序登录存储系统更方便，然后可以使用不同的应用程序来访问受保护的内容，而无需再次登录。 在这种情况下，用户希望以这种方式访问​​的所有内容可以与第一帐户相关联，使得可以通过不同的应用（例如，音乐播放器，电子邮件，蜂窝通信等）来访问所有这样的内容，而没有 多次登录。 然后可以使用一组不同的身份验证信息来登录访问与第一帐户不同的帐户的受保护内容，即使不同帐户是针对同一用户或实体的。