`
`. 24 _
`
`to the invention is that the peripheral device can be
`
`implemented so that any of a variety of types of target
`functionality can be included as part of the peripheral
`device.
`.In particular. as described in more detail below,
`
`the peripheral device includes an interface control device
`
`which enables and manages communications between and among
`the host computing device. a cryptographic processing
`device that is part of the peripheral device. and target
`functionality that is also part of the peripheral device.
`
`The interface control device can be adapted to provide an
`
`appropriate interface for each type of target functionality.
`Thus.
`in general. any desired target functionality can be
`used with a peripheral device according to the invention.
`long as the target functionality is implemented so as to
`enable communication with an interface of the type presented.
`
`so
`
`Those skilled in the art of data communications can readily
`-
`understand how to implement such communication with target
`cm Iss. 8, Mae-l 94f)
`functionality in view of the detailed descript on belowtof an
`embodiment of a peripheral device according to the invention,
`and.
`in particular. an interface control device of such a
`peripheral device.
`
`target functionality of a peripheral device
`For example.
`according to the invention can be embodied as a memory device
`adapted to enable non~volatile storage of data.
`In general.
`any such memory device can he used to embody such target
`functionality. more particularly. a solid-state disk storage
`device {e.g.. NAN flash memory device) can advantageously be
`used.
`Illustratively. a memory device that can be used to
`
`10
`
`15
`
`20
`
`25
`
`fififiUQB"SUE&933fl p
`
`30
`
`embody target functionality in a peripheral device according
`to the invention can he a compact flash memory device. such
`
`other solid-state disk
`as an ATA format flash disk_drive.
`storage devices. such as SdSI disks and IDE disks can be
`used.
`The construction and operation of memory devices in
`general, as Well as those identified particularly above. is
`well understood by those skilled in that art.
`so that.
`
`35
`
`Toshiba_Apricorn 1003-0053
`Toshiba_Apricorn 1003-0053
`|PR201801067
`IPR2018-01067
`
`
`
`-25-
`
`together with an understanding of the required communication
`
`capability between the target functionality and the interface
`control device. a memory device for use with the invention
`
`adapted to enable communication between the host computing
`device and a remote device.
`In general, any such
`
`A peripheral device
`can be easily constructed and operated.
`according to the invention that includes a memory device that
`embodies the target functionality can be used.
`for example.
`to securely store data in a manner that enables a user of the
`data to easily carry the data with them wherever they go.
`Target functionality of a peripheral device according to
`the invention can also be embodied as a communications device
`
`place of work and a computing device at the person‘s home.
`
`
`
`£51135!!!"SHEfiQBBfl
`
`communications device can be used to embody target
`functionality.
`A communications device that can be used to
`embody target functionality in a peripheral device according
`to the invention can include.
`for example, a data
`communications modem (such as.
`for example, a conventional
`telephone line modem, an ISBN modem. a cable modem. or a
`wireless modem) or a LAN transceiver {either wired or
`
`for example,
`in the latter case. operating in.
`wireless and,
`the infrared or radiofrequency spectrum}.
`The construction
`and operation of communication devices in general. as well as
`thoae identified particularly above.
`is well understood by
`those skilled in that art. so that.
`together with an
`understanding of the required communication capability
`
`between the target functionality and the interface control
`
`device. a communication device for use with the invention can
`be easily constructed and operated.
`A peripheral device
`according to the invention that includes a communications
`device that embodies target functionality can be used.
`for
`example.
`to encrypt electronic mail before transmission to an
`
`addressee. Or, such a peripheral device can be used.
`example.
`to encrypt data files that a person wishes to
`securely transter between a computing device at the person's
`
`for
`
`Toshiba_Apricorn 1003-0054
`Toshiba_Apricorn 1003-0054
`|PR201801067
`IPR2018-01067
`
`
`
`-26-
`
`Target functionality of a peripheral device according to
`the invention can also be embodied as a biometric device.
`
`which is defined herein as any device that is adapted to
`
`receive input data regarding a physical characteristic of a
`person based upon a physical interaction of the person with
`
`In general. any such biometric device can be
`the device.
`used to embody target functionality. Biometric devices that
`can be used in a peripheral device according to the invention
`
`for example. a fingerprint scanning device.
`can include.
`retinal scanning device or a faceprint scanning device.
`
`a
`
`In addition to conventional computational devices for
`
`storing and/or manipulating digital data. a biometric device
`includes a sensor for sensing the physical characteristic.
`and an analog~to-digital converter to transform the analog
`
`data representing the sensed characteristic into digital
`
`data.
`
`For example, a fingerprint scanning device includes a
`
`the sensor
`sensor upon which a person can place a finger.
`sensing the fingerprint of the finger,
`the content of the
`
`sensed fingerprint being converted into digital data by the
`device. Similarly. a retinal scanning device includes a
`
`the
`
`For example. fingerprint
`
`sensor which can be placed proximate to a person's eye,
`sensor sensing characteristics of the eye such as blood
`vessel pattern or iris pattern.
`the device translating the
`The
`content of the sensed characteristics into digital data.
`construction and operation of biometric devices in general.
`as well as those identified particularly above. is well
`understood by those skilled in that art.
`so that.
`together
`
`
`
`.L'Eu'hflgfl'50563338
`
`with an understanding of the required communication
`capability between the target functionality and the interface
`control device. a biometric device for use with the invention
`
`can be easily constructed and operated. Fingerprint scanning
`devices and retinal scanning devices that can readily be
`modified for use with the invention.
`i.e.
`to communicate with
`an interface control devica according to the invention, are
`
`known to those skilled in that art.
`
`Toshiba_Apricorn 1003-0055
`Toshiba_Apricorn 1003-0055
`|PR201801067
`IPR2018-01067
`
`
`
`-27-
`
`scanning devices such as those available from Identix
`
`Incorporated of Sunnyvale, California can be used in a
`fingerprint scanning device for use with the invention.
`A peripheral device according to the invention that
`
`includes a biometric device that embodies the target
`functionality can be used.
`for example.
`to enable user
`
`with the capability to detect the presence of an input to the
`
`A biometric device can be used in different ways with a
`system according to the invention, depending upon the
`capabilities of the biometric device. Using known apparatus
`and methods. a "smart” biometric device can be implemented
`
`
`
`alfi'hflgfi'SBEEBBBD
`
`authentication to a host computing device before allowing
`access to particular data stored on the host computing
`device.
`Such user authentication can be accomplished by
`using a biometric device to obtain biometric data from a user
`
`and comparing the biometric data to an appropriate library of
`
`biometric data representing a predetermined group of people
`{e.g., authorized users}.
`The library of data can be stored
`
`in-a memory device of the peripheral device.
`when a peripheral device including a fingerprint
`scanning device is embodied as a card adapted tO'be inserted
`
`into a slot of a host computing device [e.g.. a slot
`conforming to a PCMCIA standard), it may be useful to make
`the peripheral device relatively long,
`so that a portion of
`the card on which the sensor is positioned can extend from
`
`the slot of the host computing device.
`
`thereby enabling
`
`fingerprints to be scanned while the peripheral device is
`inserted in the host computing device. Similarly.
`for a
`fingerprint scanning device. retinal scanning device or
`
`faceprint scanning device. it may be desirable to form the
`device so that the sensor is connected to the remainder of
`
`thus
`the device via an appropriate communication line,
`providing some range of movement of the sensor while the
`
`peripheral device is inserted in the host computing device.
`thereby facilitating use of the device.
`
`Toshiba_Apricorn 1003-0056
`Toshiba_Apricorn 1003-0056
`|PR201801067
`IPR2018-01067
`
`
`
`
`
`-28-
`
`sensor. and. upon such detection.
`
`initiate acquisition of the
`
`biometric data and performance by the peripheral device of
`the appropriate data comparison.
`Such a biometric device can
`
`be used to perform user authentication as in step 704 of the
`
`the biometric deVice may be
`method 700 above. Alternatively,
`"stupid“ and require that a user initiate the data
`
`5
`
`Such a biometric
`acquisition and authentication process.
`device can be used to perform user authentication in a
`
`10
`
`peripheral device that allows operation without entry of a
`proper access code. as in steps 714 and 715 of the
`method 700.
`
`Target functionality of a peripheral device according to
`
`15
`
`20
`
`the invention can be alsoiembodied as a smart card reader
`for
`device adapted to communicate with a smart card, such as.
`example. a smart card compliant with the ISO 7816 standard.
`Such a device can be implemented by adapting a conventional
`
`the construction and ggfration f which is
`smart card reader.
`well known to those skilled in that arow
`
`communications interface that enables the smart card reader
`to communicate with the interface control device.
`A
`
`peripheral device according to the invention that includes a
`
`smart card reader device can be used to provide security
`features to a smart.card reader. or add to existing security
`
`25
`
`features of a smart card reader.
`It is to be understood that the examples given above are
`
`merely illustrative. not exhaustive. of the_ways in which a
`peripheral device according to the invention can be used.
`Many more possibilities exist.
`
`FIG. 8 is a block diagram of a peripheral device 800
`according to another embodiment of the invention.
`The
`
`30
`
`peripheral device 800 includes a cryptographic processing
`device 801. an interface control device 802. a first memory
`device 803. a second memory device 804, a real-time
`clock 805. a host computing device input/output (I/o)
`35 interface 806 and target functionality 807.
`
`Toshiba_Apricorn 1003-0057
`Toshiba_Apricorn 1003-0057
`|PR201801067
`IPR2018-01067
`
`D A
`El:
`63
`m
`
`ab
`
`i
`{‘3
`
`M D9
`
`'1
`1:1
`
`aa
`
`ll
`H
`
`
`
`
`
`-29-
`
`The host computing device I/O interface 806 enables
`communications between the peripheral device 800 and a host
`
`computing device.
`
`The electrical and mechanical
`
`characteristics of the I/D interface 806. as well as the
`
`protocol used to enable communication via the interface 30%
`are established in any manner that conforms to the industry
`standard specifications for an interface of that type.
`For
`example. a peripheral device according to the invention can
`be adapted for insertion into a PCMCIA slot of a host
`
`the
`In such a peripheral device.
`computing device.
`electrical and mechanical characteristics and communications
`protocol for the host computing device I/O interface 806 are
`
`established in conformance with the appropriate PCMCIA
`standards.
`I
`
`The cryptographic processing device 801 can be adapted
`
`the cryptographic
`to perform security operations. Generally,
`processing device 801 can be embodied by any processor
`capable of performing the cryptographic operations desired to
`
`In one embodiment
`be prOVidEd by the peripheral device 800.
`of the peripheral device 800,
`the cryptographic processing
`device 801 is a special purpose embedded processor. embodied
`on a single integrated chip and designated as MYK-BZ (and
`also referred to by the name Capstone). which includes an
`
`10
`
`15
`
`20
`
`25
`
`ARMSTH processor core and-several special purpose
`cryptographic procesSing elements that have been developed by
`
`IThe construction and operation of
`the Department of Defense.
`the Capstone chip is known by those skilled in the art of
`cryptographic processing.
`The first memory device 303 can be a non-volatile data
`storage device which can be used to store computer programs
`and persistent data.
`The first memory device 803 can be
`implemented by any appropriate such device {of which there
`are many conventional. readily available incarnations). such
`as.
`for example. a conventional flash memory device.
`
`The second memory device 804 can be a volatile data
`
`30
`
`35
`
`ififlDBU'EDEfiBBBfl
`
`Toshiba_Apricorn 1003-0058
`Toshiba_Apricorn 1003-0058
`|PR201801067
`IPR2018-01067
`
`
`
`
`
`-30-
`
`éfihflgfl'fiflfifigflflfl
`
`storage device that can also be a rapidly accessible data
`
`storage device in which frequently used data and program
`instructions can be stored during operation of the peripheral
`device 800.
`The second memory device 804 can also be
`
`implemented by any appropriate such device (of which there
`are many conventional. readily available embodiments}. such
`as, for example. a conventional random access memory (RAM)
`device.
`
`The real-time clook 805 enables the creation of time
`
`stamps. which can be used in a number of security operations.
`Advantageously.
`the time stamps created by the real-time
`clock 805 are more secure than thoee that could otherwise he
`
`produced by the relatively insecure clock of a host computing
`device.
`The real-time clock 805 includes a conventional
`
`battery backup device that maintains power to the real-time
`
`clock 805 when the peripheral device 800 is not in use (i.e..
`when power is not supplied to the peripheral device 800). so
`
`that the correct time is continuously preserved within the
`peripheral device 8005
`The real-time cloak 805 (including
`battery backup} can be embodied by any conventional such
`device. such as the D51302 clock available from Dallas
`Semiconductor of Dallas. Texas.
`
`the interface control
`In the peripheral deVice 800,
`device 802 mediates the interaction between the host
`computing device.
`the target functionality 307 and the
`cryptographic processing device 801.
`In one embodiment of
`the peripheral device 800.
`the interface control device 302
`
`that
`is a conventional fieldvprogrammable gate array (FPGA)
`is programmed to perform the functions that it is desired to
`
`implement with the interface control device 802. as described
`in more detail below.
`The interface control device 802.
`under control of the cryptographic processing device 801. can
`be adapted to enable the peripheral device 800 to assume the
`identity of the target functionality 80?. as discussed above.
`The interface control device 802 also enables the in-line
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Toshiba_Apricorn 1003-0059
`Toshiba_Apricorn 1003-0059
`|PR201801067
`IPR2018-01067
`
`
`
`Those skilled in the art will readily
`
`direction. When the target functionality 80? is not present
`or is not being used. data transferred from the host
`computing device. after being presented to the cryptographic
`processing device interface 803 and being processed by the
`cryptographic processing device 801.
`is caused to be
`transferred back to the host computing device I/O interface
`806 (and.
`from there.
`to the host computing device) by the
`interface control device 802.
`
`-31..
`
`cryptography aspect of the invention, since the interface
`control device 802 controls the flow of data between the host
`
`computing device and the target functionality 80?.
`FIG,
`9A is a b10ck diagram illustrating the flow of data
`through the interface control device 802 of FIG. 8. Data
`
`transferred from a host computing device enters the
`
`through the
`9A}
`peripheral device 800 (not demarcated in FIG.
`host computing device I/D interface 306.
`The interface
`
`control device 802 presents the data to a cryptographic
`processing device interface 808 (not shown in FIG. 8).
`
`Depending on the configuration of the interface control
`
`device 802, as determined by operation of the peripheral
`
`device driver and/or by settings established during the
`manufacture of the peripheral device 800.
`the data may or may
`not be processed by the cryptographic processing device 801
`
`in some cases, necessarily), as
`(FIG. 8). Typically (or,
`discussed in more detail above, cryptographic processing will
`
`The interface control device 802 then causes the data
`occur.
`to be transferred to the target functionality 807. Data
`
`being transferred from the target functionality EDT to the
`host computing device follows a similar path in the reverse
`
`éfihflfifl'SflEfififlflfl
`
`FIG. 93 is a blook diagram of a particular embodiment of
`an interface control device 910 for use in a peripheral
`device according to the invention. As shown in FIG. 9B,
`
`the
`
`host computing device commdnicates via a PCMCIA interface and
`the target functionality is embodied by a compact flash
`memory device.
`
`Toshiba_Apricorn 1003-0060
`Toshiba_Apricorn 1003-0060
`|PR201801067
`IPR2018-01067
`
`
`
`
`
`-32-
`
`appreciate how the interface control device 910 can be
`
`modified for use with other host computing device interfaces
`and/or target functionalities.
`
`The interface control device 910 includes sets of
`
`The data stored in the
`configuration registers 911.
`configuration registers 911 establish operating
`characteristics of the interface control device:
`
`in
`
`10
`
`15
`
`the content of the configuration registers
`particular.
`enables the interface control device to present to the host
`
`computing device a desired identification of the peripheral
`device. and determines whether data passing through the
`
`peripheral device must be subjected to security operations.
`A set of configuration registers is maintained for the
`
`host computing device I/o interface,
`
`the cryptographic
`
`processing device interface. and the target functionality
`_interface.
`In particular.
`the content of the host computing
`device I/O interface configuration registers is such that the
`
`interaction of the hoet computing device with the peripheral
`device is the same as if the security functionality were not
`present
`(unless the data security system.is operating in
`
`20
`
`The content of the target
`security functionality only mode}.
`functionality interface registers reflects the presence of
`the security functionality.
`The cryptographic processing
`device interface registers bridge the gap between the other
`two sets of registers.
`
`25
`
`The remainder of the functional blocks of the interface
`control device 910 shown in FIG. QB perform functions and
`
`operate in a manner that can readily be understood by those
`skilled in the art from the designation and interconnection
`of those blocks in FIG. QB.
`
`30
`
`In general.
`
`the security functionality of a peripheral
`
`device according to the invention can be configured to
`perform any cryptographic operation. as well as other,
`related mathematical operations.
`A configuration of the
`
`35 security functionality that enables a particular
`
`
`
`EiErhfl‘JU"SUEEI'EEEBU
`
`'"1’\
`
`Toshiba_Apricorn 1003-0061
`Toshiba_Apricorn 1003-0061
`|PR201801067
`IPR2018-01067
`
`
`
`-33-
`
`cryptographic or mathematical operation can be produced,
`example. by using appropriate existing cryptographic
`Software. application-specific hardware. or combination of
`
`for
`
`the two. as known by those skilled in the art of producing
`cryptographic devices.
`Following is a description or
`exemplary cryptographic an mathematical operations that can
`
`be implemented as part orig-security functionality of a
`peripheral device according to the invention. These
`cryptographic and mathematical operations are well-known and
`
`can readily be implemented in a peripheral device according
`to the invention by a person of skill in the art of
`cryptography.
`.
`
`EDEEBE’ED
`
`A peripheral device according to the invention can also
`30 implement one or more key wrapping operations for both
`symmetric and asymmetric keys.
`A key wrapping operation can
`ensure that plaintext keys are not accessible external to the
`peripheral device. Any key wrapping operation can be
`implemented.
`A peripheral device according to the invention can also
`
`aflfihflgfl'
`
`For example. a peripheral device according to the
`
`invention can implement one or more cryptographic.key
`exohange operations. Any key exchange operation can be
`
`the Department of Defense
`for example,
`implemented. such as.
`Standard.
`the RSA.
`the Diffie-Hellman. and the X9.42 {ANSI
`Banking Standard) key exchange algorithms.
`A peripheral device according to the invention can also
`implement one or more hash operations. Any hash operation
`
`can be implemented. such as.
`(SHA—l}.
`the Message Digest 2
`{RSA) algorithms.
`A peripheral device according to the invention can also
`
`the FIPS lBD-l
`for example.
`(RSA). and the Message Digest 5
`
`25 implement one or more digital signature operations. Any
`digital signature operation can be implemented. such as, for
`
`the F193 186 {DEA - 512. 1024} and the RSA Signature
`example.
`(512. 768. 1024. 2048] algorithms.
`
`Toshiba_Apricorn 1003-0062
`Toshiba_Apricorn 1003-0062
`|PR201801067
`IPR2018-01067
`
`
`
`
`
`-34-
`
`implement one or more symmetric encryption operations. Any
`symmetric encryption operation can be implemented, such as,
`for example,
`the FIPS 155 (implemented completely in
`hardware}.
`the DES (including BDES. EDE3. CBC and ECB},
`RC-2 and the RC-4 algorithms.
`
`the
`
`A peripheral device according to the invention can also
`
`implement one or more asymmetric (public key} encryption
`operations. While asymmetric encryption operations underlie
`the key exchange operations described above. asymmetric key
`
`operations can also be used independently in a peripheral
`device according to the invention for bulk encryption. Any
`
`asymmetric encryption operation can be implemented. such as.
`for example.
`the RSA and Diffie-Hellman algorithms.
`
`A peripheral device according to the invention can also
`implement one or more exponentiation operations, which are
`required in many cryptographic operations. Any
`exponentiation operation can be implemented. Since
`peripheeee exponentiation requires a significant amount of
`processing time relative to other mathematical operations. it
`can be desirable to implement an exponentiation operation in-
`
`In one_embodiment of a peripheral deviCe
`dedicated hardware.
`according to the invention,_the security functionality of the
`peripheral device includes a full 1024 bit exponentiator
`implemented in hardware.
`
`Various embodiments of the invention have been
`described.
`The descriptions are intended to be illustrative,
`not limitative.
`Thus. it will be apparent
`to one skilled in
`the art that certain modifications may be made to the
`
`10
`
`15
`
`20
`
`25
`
`invention as described above without departing from the scope
`30 of the claims set out below.
`
`refined-susseeen a
`
`Toshiba_Apricorn 1003-0063
`Toshiba_Apricorn 1003-0063
`|PR201801067
`IPR2018-01067
`
`
`
`we claim:
`1.
`A peripheral device. compri
`
`ng:
`
`d
`
`tion between the
`ans:
`
`ion with a host
`
`10
`
`nnecting the security means
`e target means to the host computing device in
`se to an instruction from the host computing
`
`
`data:
`
`
`
`fififlflgfl'SUEEISQHU
`
`”‘1
`
`20
`
`25
`
`5
`
`2.
`
`arget means comprises means for non-volatilely
`
`
`A peripheral device as in Claim 1. wher'
`n the
`oring data.
`
`
`A peripheral device as in Claim 1. w erein the
`3.
`target means comprises means for enabling co unication
`between the host computing device and a rem e device.
`
`
`1. wherein the
`
`target means comprises a bigmetric devi e.
`
`A peripheral device as in Clai
`
`4.
`
`aim 1. wherein the
`A peripheral device as in
`5.
`target means comprises means for co unicating with a smart
`card.
`
`
`
`in Claim 1. further
`A peripheral device a
`6.
`
`comprising means for mediatin communication of data between
`
`the host computing device an the target means so that the
`communicated data must firs
`pass through the security means.
`
`7.
`
`A peripheral de ice as in Claim 1. further
`
`
`
`
`
`Toshiba_Apricorn 1003-0064
`Toshiba_Apricorn 1003-0064
`|PR201801067
`IPR2018-01067
`
`
`
`
`
`-36-
`
`comprising means for providing to a host mputing device,
`response to a request from the host c puting device for
`information regarding the type of
`e peripheral device,
`
`in
`
`information regarding the fun
`
`ion of the means for enabling
`
`
`ft
`A peripheral device. comprising:
`security means for enabling one or more security
`Operations to he performed on data:
`target means for enabling a defined interaction
`
`10
`
`15
`
`with a host computing device;
`means for enabling communication between the
`
`security means and the target means:
`means for enabling communication with a boat
`computing device; and
`
`means for mediating communication of data between
`the nest computing device and the target means so that
`
`the communicated data must first pass through the
`security means.
`
`19
`
`if
`A peripheral device as in Claim fifi wherein the
`f.
`20 target means comprises means for non-volatilely storing data.
`
`
`
`renosn-E-DEE‘IEBBU
`
`If
`15
`A peripheral device as in Claim . wherein the
`Ildi
`target means comprises means for enabling communication
`between the host computing device and a remote device.
`I
`
`1‘?
`
`I
`..
`A peripheral device as in Claim Bi wherein the
`pi.
`25 target means comprises a biometric device.
`
`I!
`62%
`A peripheral device as in Claim £1 wherein the
`ll.
`target means comprises means for communicating with a smart
`card.
`
`13.
`
`A peripheral dev ce as in Claim 8, further
`
`flf
`
`Toshiba_Apricorn 1003-0065
`Toshiba_Apricorn 1003-0065
`|PR201801067
`IPR2018-01067
`
`
`
`-37_
`
`comprising means for providing to a host Computing
`reaponse to a request from the host computing de
`
`information regarding the type of the peripher
`information regarding the function of the me
`
`e for enabling
`
`5 a-defined interaction with a host computing device.
`
`/_
`
`14.
`
`A peripheral device. comprisin
`security means for enabling
`operations to be performed on d
`target means for enabli
`
`30 card.
`
`a?
`3?
`A peripheral device as in Claim }4, wherein the
`Jar.
`target means comprises a biometric device.
`Q#
`3
`.
`.
`36'.
`A peripheral device as in Claim )4. wherein the
`target means comprises means for communicating with a smart
`
`/
`
`H
`
`e or more security
`
`a:
`a defined interaction
`
`remueu‘soeeeeeo
`
`with a host computing aevi
`means for enabling ommunication between the
`security means and th target means:
`
`means for enab ng communication with a.host
`
`at
`.
`25
`A peripheral device as in Claim }(, wherein the
`)6.
`target means comprises means for non-volatilely storing data.
`
`M
`A peripheral device as in Claim 14: wherein the
`Sggfi
`target means comprises means for enabling communication
`25 between the host computing device and a remote device.
`
`Toshiba_Apricorn 1003-0066
`Toshiba_Apricorn 1003-0066
`|PR201801067
`IPR2018-01067
`
`
`
`
`
`19.
`
`A peripheral device. compr
`
`ing:
`
`/
`
`ng one or more security
`security means for ens
`operations to be perfor
`d on data:
`a solid-state
`means for en
`
`IdeVice for storing data:
`'cation between the
`
`'sk store
`ling co
`
`security means
`and
`
`nd the so '
`
`state disk storage device;
`
`means
`
`or enabling communication with a host
`
`
`
`A peripheral device
`20.
`solid-state disk stor
`disk drive.
`
`
`
`
`n claim 1. wherein the
`
`evice comprises an ATA format flash
`
`21.
`
`A peripheral device. compr
`
`ing:
`
`,//
`
`on between the
`
`security means
`ommunication means: and
`
`means f
`enabling communication with a host
`
`
`
`m 21, wherein the
`A peripheral device as in
`22.
`ireless communication means c
`ises a wireless modem.
`
`
`
`A periph
`23.
`wireless commu
`cation
`
`
`
`
`device as in Claim 21. wherein the
`means comprises a wireless LAN
`
`
`
`24.
`
`A peripheral
`
`deVice. comp
`
`
`
`Toshiba_Apricorn 1003-0067
`Toshiba_Apricorn 1003-0067
`|PR201801067
`IPR2018-01067
`
`fifihflflfl'fiflfififiaflfl
`
`4;;
`
`20
`
`537
`
`25
`
`30
`
`
`
`
`
`-39-
`
`a person based
`regarding a physical characteristic 0
`upon a physical interaction of t
`person with the
`peripheral device;
`
`betWeen the
`evice: and
`
`
`means for enabling
`
`biometr
`security means and t
`
`ling communication with a host
`
`means for en
`
`
`
`
`
`A peripheral device as in C1 m 24, wherein the
`
`25.
`
`dis
`
`10
`
`iometric device comprises a tinge
`
`
`
`int scanning device.
`
`26.
`A peripheral devi
`
`biometric device compris
`a retinal scanning device.
`
`as in Claim 24. wherein the
`
`éfihUBB'SUEBQBBU
`
`15
`
`20
`
`25
`
`30
`
`2?.
`
`A peripheral device. compr
`security means for enabli
`
`
`
`ing:
`one or more security
`operations to be performed on ata:
`ith a smart card:
`means for communicating
`
`unication between the
`means for enabling co
`
`security means and the sm
`t card communication means:
`and
`
`
`means for enabling communication with a host
`computing device.
`
`
`
`28.
`
`A data security system. co
`a host computi g device '
`
`
`
`le communication with
`
`device interfaces
`
`another device:
`
`device
`co prising:
`a periphera
`
`enabling one or more
`secur ty mean
`
`security perations to be performed on data;
`tar et means for enabling a defined
`interac ion with a host computing device;
`m ans for enabling communication between the
`secur ty means and the target means;
`
`dapted t
`
`
`
`
`
`
`
`
`Toshiba_Apricorn 1003-0068
`Toshiba_Apricorn 1003-0068
`|PR201801067
`IPR2018-01067
`
`
`
`-40-
`
`means for enabling co
`computing device: and
`
`cation with a host
`
`ing the security
`y con
`means for oper
`means and/or th
`arget means to the host computing
`device in r
`nse to an instruction from the host
`
`3d»
`28’.
`
`A data security system. comprising:
`a host computing device including one or more
`
`device interfaces adapted to enable communication with
`another device:
`
`“BBB“SDEESBBU
`
`means or enabling communication between the
`
`a peripheral device. comprising:
`security means for enabling one or more
`security operations to be performed on data:
`target means for enabling a defined
`interaction with a host computing device; and
`means for enabling communication between the
`security means and the target means:
`means for enabling communication with a host
`computing device: and
`means for mediating communication of data
`
`between the host computing device and the target
`means so that the communicated data must first pass
`through the security means.
`
`'A£Q:&I
`zséi
`
`0.
`
`A data security system, compris ng:
`a host computing device incl
`ing one or more
`device interfaces adapted to en
`la communication with
`another device:
`
`a peripheral device.
`security means or enabling one or more
`security operatic s to be performed on data:
`target me
`s for enabling a defined
`
`interaction
`
`th a host computing device: and
`
`Toshiba_Apricorn 1003-0069
`Toshiba_Apricorn 1003-0069
`|PR201801067
`IPR2018-01067
`
`
`
`SUEIEIEEBU security means and the target m ns;
`
`ed for
`For use in a peripheral device ada
`32.
`’0 ommunication with a host computing devi
`. performance of
`'one or more security operations on d
`. and interaction with
`a host computing device in a defi
`d way. a method comprising
`25 the steps of:
`
`means for enabling Comm.
`computing device; and
`
`cation with a host
`
`a host computing
`means for providing t
`equest from the host
`I device.
`in response to a
`computing device for
`formation regarding the type
`of the peripheral de
`ce.
`information regarding the
`function of the me
`3 for enabling a defined
`
`33’
`For use in a peripheral device adapted for
`.2f.
`communication with a host computing device. performance of
`one or more security operations on data. and interaction with
`
`a host computing device in a defined way.
`the steps of:
`
`a method comprising
`
`receiving a request from a host computing device
`for information regarding the type of the peripheral
`device: and
`
`in response
`providing to the host computing device.
`to the request.
`information regarding the type of the
`defined interaction.
`
`effi'hfl'iifl'
`
`6?
`
`receiving an ins uction from a host computing
`ration of the peripheral device; and
`curity Operations and/or the defined
`response to the instruction from the host
`
`performng
`interaction ‘
`Computing
`
`Toshiba_Apricorn 1003-0070
`Toshiba_Apricorn 1003-0070
`|PR201801067
`IPR2018-01067
`
`
`
`
`
`. 42 _
`
`RIPHE
`
`T
`NT
`EV E WIT
`William P. Bialick
`Mark J. Sutherland
`
`RIT F
`
`T
`
`A ITY
`
`Janet L. Dolphin-Peterson
`Thomas K. Rowland
`
`Kirk w. skeba
`
`Russell D. Housley
`
`TRA T
`
`10
`
`15
`
`EHEIEIR
`
`péfififlgfl'fiflEflSaw,
`
`M D
`
`P9
`
`25
`
`30
`
`The invention enables a peripheral device to communicate
`
`with a host computing device to enable one or more security
`operations to be performed by the peripheral device on data
`
`stored within the host computing device. data provided from
`the host computing device to the peripheral device (which can
`then be,
`for example. stored in the peripheral device or
`
`transmitted to yet another device]. or data retrieved by the
`
`host computing device from the peripheral device (e.g.. data
`that has been stored in the peripheral device’s? transmitted
`to the peripheral device from another devi
`.
`In
`
`the peripheral