Abstract: A method and system for accessing enhanced functionality on a storage device is disclosed. A hijack command is sent to the storage device that includes an identifier (such as a signature or an address). The storage device determines whether to hijack one or more subsequently commands by analyzing the subsequently commands using the identifier. For example, the storage device may analyze the subsequently received commands to determine whether the signature is in the payload of the subsequently received commands. As another example, the storage device may compare the address in the subsequently received commands with the address in the hijack command to determine whether to hijack the subsequently received commands.

Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.

Abstract: A method and system for refreshing content in a storage device are disclosed. In one embodiment, a content replication system authenticates to each of a plurality of storage devices in parallel without creating a unique secure channel with each respective storage device. After authenticating to each of the plurality of storage devices, the content replication system is permitted to write content to, but not read content from, each of the plurality of storage devices. The content replication system then writes content to each of the plurality of storage devices in parallel.

Abstract: Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.

Abstract: A file attribute, which is called herein “enforcement bit”, is used for each file that is stored in a storage device. If the protection particulars associated with a stored file are allowed to be changed, the enforcement bit is set to a first value, and if the protection particulars or properties are not to be changed, the enforcement bit is set to a second value. When the storage device is connected to a host device, the storage device provides to the host device protection particulars and an enforcement bit, which collectively form a “file protection policy”, for each stored file in response to a file system read command that the host device issues, in order to notify the host device of files in the storage device whose protection particulars are allowed to be changed freely, and of files whose protection particulars are not allowed to be changed by unauthorized users or devices.

Abstract: A file attribute, which is called herein “enforcement bit”, is used for each file that is stored in a storage device. If the protection particulars associated with a stored file are allowed to be changed, the enforcement bit is set to a first value, and if the protection particulars or properties are not to be changed, the enforcement bit is set to a second value. When the storage device is connected to a host device, the storage device provides to the host device protection particulars and an enforcement bit, which collectively form a “file protection policy”, for each stored file in response to a file system read command that the host device issues, in order to notify the host device of files in the storage device whose protection particulars are allowed to be changed freely, and of files whose protection particulars are not allowed to be changed by unauthorized users or devices.

Abstract: The embodiments described herein provide methods for producing products with certificates and keys. In one embodiment, a requesting entity transmits a request for a plurality of certificates and corresponding keys to a certifying entity that generates the certificates and corresponding keys. The request preferably includes information for use by the certifying entity to verify an identity of the requesting entity rather than information to verify unique product identifiers of the respective products. The requesting entity then receives the plurality of certificates and corresponding keys from the certifying entity, preferably in a plurality of organized sets instead of in a single series of certificates. The requesting entity then stores the certificates and corresponding keys in respective products. Each stored certificate is thereafter useable for both identification and authentication of the respective product in which it is stored.

Abstract: Enhanced configuration of security and access control for data in a storage device is disclosed. A request is received to access an addressable memory location in a storage media within the storage device. A set of addressable memory locations with contiguous addresses identified by an address range is associated with first and second characteristics. The first characteristic is applied if the addressable memory location is within the set of addressable memory locations, and an entity is currently authenticated to and authorized to access the set of addressable memory locations. The second characteristic is applied if the addressable memory location is within the set of addressable memory locations, and no entity is currently authenticated to and authorized to access the set of addressable memory locations. The set of addressable memory locations can also be a logical partition, where the first and second characteristics are stored in a logical partition table.

Abstract: Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.

Abstract: A third party facilitates preparation of a backup SSD for backing up a source SSD. Digital data of the source SSD, which includes protected and sensitive data and information, is copied to the backup SSD either by and via the third party or directly from the source SSD but under supervision of the third party. The digital data of the source SSD is copied to the backup SSD under stringent rules and only if each party (i.e., the source SSD, destination SSD, and third party) proves to a counterpart device with which it operates that it is authorized to send to it digital data or to receive therefrom digital data, depending on the device with which that party operates.

Abstract: A method for improving accuracy of a time estimate used in digital rights management (DRM) license validation is disclosed. In one embodiment, a memory device receives a request to validate a DRM license stored on the memory device, wherein the DRM license is associated with a time stamp update policy (TUP) that specifies when a new time stamp is needed. Before attempting to validate the DRM license, the memory device determines if a new time stamp is needed based on the TUP associated with the DRM license. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to validate the DRM license using a time estimate based on the new time stamp. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A method is used by a third party to copy digital data from a source secured storage device to a destination secured storage device, the method including establishing, by the third party, a virtual secure channel between the source SSD and the destination SSD, over which the third party reads digital data, including protected data, from the source SSD and writes the read digital data into the destination SSD after determining that each party satisfies eligibility prerequisites.

Abstract: A third party is configured to establish a virtual secure channel between a source SSD and a destination SSD via which the third party reads protected digital data from the source SSD and writes the protected digital data into the destination SSD after determining that each party satisfies eligibility prerequisites. An SSD is configured to operate as a source SSD, from which protected data can be copied to a destination SSD, and also as a destination SSD, to which protected data of a source SSD can be copied.

Abstract: A counting device includes a set of memory cells, which are configured to store respective bits of a count code. A controller is coupled to the memory cells so as to increment, in response to occurrences of a count input, the count code in the set of the memory cells from an initial value up to a preset bound in each of a plurality of successive iterations, and to shift the bits of the count code that are respectively stored in the memory cells in each of the iterations relative to a preceding iteration.

Abstract: A method for protection of data includes maintaining a control parameter indicative of a current version of the data. The data is partitioned into multiple segments. Respective signatures of the segments are computed, responsively to the control parameter, the segments and respective signatures forming respective signed input segments, which are stored in a memory. After the signed input segments are stored, a signed output segment is fetched from the memory. The signature of the signed output segment is verified responsively to the control parameter, and the data in the signed output segment is processed responsively to verifying the signature.

Abstract: A counting device includes a set of memory cells, which are configured to store respective bits of a count code. A controller is coupled to the memory cells so as to increment, in response to occurrences of a count input, the count code in the set of the memory cells from an initial value up to a preset bound in each of a plurality of successive iterations, and to shift the bits of the count code that are respectively stored in the memory cells in each of the iterations relative to a preceding iteration.

Abstract: A memory device with circuitry for improving accuracy of a time estimate used in digital rights management (DRM) license validation is disclosed. In one embodiment, a memory device receives a request to validate a DRM license stored on the memory device, wherein the DRM license is associated with a time stamp update policy (TUP) that specifies when a new time stamp is needed. Before attempting to validate the DRM license, the memory device determines if a new time stamp is needed based on the TUP associated with the DRM license. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to validate the DRM license using a time estimate based on the new time stamp. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A memory device with circuitry for improving accuracy of a time estimate is disclosed. In one embodiment, a memory device receives a time stamp and measures active time with respect to the received time stamp. The memory device determines accuracy of previously-measured active time and generates a time estimate using the measured active time, the accuracy of previously-measured active time, and the received time stamp. In another embodiment, measured active time is adjusted, with or without generating a time estimate. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A method for improving accuracy of a time estimate used to authenticate an entity to a memory device is disclosed. In one embodiment, a memory device receives a request to authenticate an entity. Before attempting to authenticate the entity, the memory device determines if a new time stamp is needed. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to authenticate the entity using a time estimate based on the new time stamp. In another embodiment, the memory device comprises a plurality of different time stamp update policies (TUPs) that specify when a new time stamp is needed, and the determination of whether a new time stamp is needed is based on a TUP associated with the entity. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.