Abstract: A digital content kiosk and methods for use therewith are disclosed. Various embodiments are disclosed relating to exemplary memory devices, memory architectures, and programming techniques that can be used with a digital content kiosk, exemplary mechanical and electrical components of a digital content kiosk, exemplary security aspects of a digital content kiosk, and exemplary uses of a digital content kiosk. Other embodiments are disclosed, and each of these embodiments can be used alone or in combination with one another.

Abstract: A portable digital content device and methods for use therewith are disclosed. In one embodiment, a portable digital content device and method are disclosed for tracking usage activity to support digital asset management in a mobile environment. In another embodiment, an offline/disconnected advertisement inventory management and advertisement decision system and method are disclosed. While these systems and methods can be used with any suitable portable digital content device, an exemplary portable digital content device is disclosed, which can be used for purposes in addition to or instead of implementing the usage activity tracking and advertisement decision system functions. Any of the embodiments described herein can be used alone or in combination.

Abstract: A memory device for using time from a trusted host device is disclosed. In one embodiment, a memory device comprises a memory array and circuitry operative to provide a security system operative to authenticate an entity running on a host device, a time module that keeps track of time, and an application operative to perform a time-based operation, wherein the application is further operative to use time from the host device instead of time from the time module to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A method for using time from a trusted host device is disclosed. In one embodiment, an application on a memory device receives a request to perform a time-based operation from an entity authenticated by the memory device, wherein the entity is running on a host device. The application selects time from the host device instead of time from a time module on the memory device to perform the time-based operation and uses the time from the host device to perform the time-based operation. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A method for improving accuracy of a time estimate from a memory device is disclosed. In one embodiment, a memory device receives a time stamp and measures active time with respect to the received time stamp. The memory device determines accuracy of previously-measured active time and generates a time estimate using the measured active time, the accuracy of previously-measured active time, and the received time stamp. In another embodiment, measured active time is adjusted, with or without generating a time estimate. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A method for improving accuracy of a time estimate used to authenticate an entity to a memory device is disclosed. In one embodiment, a memory device receives a request to authenticate an entity. Before attempting to authenticate the entity, the memory device determines if a new time stamp is needed. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to authenticate the entity using a time estimate based on the new time stamp. In another embodiment, the memory device comprises a plurality of different time stamp update policies (TUPs) that specify when a new time stamp is needed, and the determination of whether a new time stamp is needed is based on a TUP associated with the entity. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A memory device with circuitry for improving accuracy of a time estimate used to authenticate an entity is disclosed. In one embodiment, a memory device receives a request to authenticate an entity. Before attempting to authenticate the entity, the memory device determines if a new time stamp is needed. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to authenticate the entity using a time estimate based on the new time stamp. In another embodiment, the memory device comprises a plurality of different time stamp update policies (TUPs) that specify when a new time stamp is needed, and the determination of whether a new time stamp is needed is based on a TUP associated with the entity. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: A memory device with circuitry for improving accuracy of a time estimate used in digital rights management (DRM) license validation is disclosed. In one embodiment, a memory device receives a request to validate a DRM license stored on the memory device, wherein the DRM license is associated with a time stamp update policy (TUP) that specifies when a new time stamp is needed. Before attempting to validate the DRM license, the memory device determines if a new time stamp is needed based on the TUP associated with the DRM license. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to validate the DRM license using a time estimate based on the new time stamp. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination.

Abstract: At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object.

Abstract: A memory storing public and confidential information is removably connected to a host device. General information on data stored in memory devices is accessible to the host device without authentication. Only a portion of confidential information stored in the memory device is accessible through the host device to an authenticated entity, where the entity has access rights to such portion. The entity is not able to access other portions of confidential information to which it has no rights. The public and confidential information is stored in a non-volatile storage medium, and a controller controls the supply of information. Preferably, the non-volatile storage medium and the controller are enclosed in a housing.

Abstract: A memory storing public and confidential information is removably connected to a host device. General information on data stored in memory devices is accessible to the host device without authentication. Only a portion of confidential information stored in the memory device is accessible through the host device to an authenticated entity, where the entity has access rights to such portion. The entity is not able to access other portions of confidential information to which it has no rights. The public and confidential information is stored in a non-volatile storage medium, and a controller controls the supply of information. Preferably, the non-volatile storage medium and the controller are enclosed in a housing.

Abstract: Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device.

Abstract: At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object.

Abstract: Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

Abstract: Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.

Abstract: Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

Abstract: A secure memory card with encryption capabilities comprises various life cycle states that allow for testing of the hardware and software of the card in certain of the states. The testing mechanisms are disabled in certain other of the states thus closing potential back doors to secure data and cryptographic keys. Controlled availability and generation of the keys required for encryption and decryption of data is such that even if back doors are accessed that previously encrypted data is impossible to decrypt and thus worthless even if a back door is found and maliciously pried open.

Abstract: The present invention presents techniques for transmitting application specific instruction between a host and a memory card. The commands for the application specific protocol are embedded along with a signature in the data portion of a transmission protocol that is used to communicate between the host the memory card. This allows for the transmission of application specific commands that lack a corresponding command in the transmission protocol to still be transmitted in that protocol. The method can be implemented on the host side either at the device driver level or the file level. In order to implement a read command in the application specific protocol, a write command in the first protocol with an embedded read command is first sent to a logical address, followed by a second read command to the same logical address.