SECURED STORAGE AND DISTRIBUTION OF DIGITAL DATA

FIELD OF THE INVENTION

The present invention relates to secured data storage and Digital Rights management (DRM) and in particular to an unique technology for secured storage and distribution of digital data by computing systems which can function only in connectivity with at least a specialized composite device whereby, the computing systems are allowed or debarred from access and application of said data by appropriate authentication by the said device. To be precise, the composite device is adapted to authenticate requests/commands from the computing systems for accessing/applying the secured data, stored in the composite device.

BACKGROUND OF THE INVENTION

In the present world, the largest threats to software vendors and other data vendors are the duplication and illegal use of their products. In network machines they were able to control the illegal usage some certain level, but in standalone machines they are failing to control the illegal usage of their products.

The range of data/contents threatened by attackers is huge (E.g. design tools, program tools, databases and so on). Secure distribution of software/data is increasingly important for IT product vendors. Companies invest huge amount of money, labour and time to develop their products and illegal usage of these IT products, result in immense loss in business.

Conventional methods and techniques used for protecting unauthorized usage of data involve application of password, product key and other related techniques. However, it has been observed that, IT criminals often gain access to such data, easily duplicate it and use it illegally by deciphering means, to break through such conventional methods and techniques for data protection. This is because conventional data security techniques often only authenticate with fixed parameter and permit to proceed and all these values are in plain text format. By applying these password, product key and so on, the product can be applied in many machines at a time without having restriction. So, illegal usage remains un suppressed.

The US Publication patent No: 6128741 for "Compact transparent Dongle device" disclose a device that is plugged to the I/O port of the computer. The application requests the device for authentication key. If the key is valid then, the application is run. However, this system has certain limitations. The software/data has to distribute in other media like CD, Floppy etc. Now some vendors use API to communicate with dongle and authenticate their product. This API's are often altered by hackers and without dongle, these software products are used in many PC's.

The US Publication patent No: 5586260 for "Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms" discloses a method for keeping a centralized server and all the client machines are authenticated from this server. This technology is quiet good but network hackers monitor and copy the authentication parameters and reproduce it in other machines. The main disadvantage of this technology is that it cannot be applied in standalone machines.

The US Publication patent No: 7721115 are for "USB secure storage apparatus and method". It discloses one USB device comprising two interfaces, MSC and HID. MSC divided into two areas, Public and secure. Public area is available to everyone and placed one. application to communicate with HID interface.

This application asks for password. If the correct password is entered, the secured area is made available. All secured information is stored in this partition. Unfortunately, this technology is also having disadvantages. Once the secure area is made available, anyone can copy confidential data or applications from secured partition, and the copied data can be used without the help of this device in any machine.

Accordingly, there was a long felt need to design a system and method for secured usage and distribution of digital data which is in general sacrosanct in all respects so far as data security/IT product security is concerned and in particular, overcomes the disadvantages in the field as discussed hereinbefore.

All through out the specification including the claims, the words "IT criminals", "software/data", "application", "digital", "interface", "routine", "storage memory", "Human Interface Device", "Mass Storage Class", "Real Time Clock", "Command operated switch", "Computer system", "Digital Rights Management(DRM)" are to be interpreted in the broadest sense of the respective terms and includes all similar items in the field known by other terms, as may be clear to persons skilled in the art. Restriction/limitation, if any, referred to in the specification, is solely by way of example and understanding the present invention.

OBJECTS OF THE INVENTION

It is the principal object of the present invention to provide a composite device for secured storage and distribution of digital data in a sacrosanct manner so that chances of unauthorized or illegal usage of said data is substantially reduced/nullified.

It is another object of the present invention to provide a composite device operatively connectable to at least an end computing system, the said device having an electronic mechanism for controlling software/data in the device itself, whereby unauthorized or illegal usage of the same is substantially reduced/nullified.

It is another object of the present invention to provide a composite device operatively connectable to at least an end computing system having an electronic or electromechanical system, to execute the software/data from the same device and automated authentication in the same device without allowing user to do unauthorized or illegal activities on the software/data.

It is a further object of the present invention to provide a composite device which can be adapted on networked as well as standalone computers.

It is a further object of the present invention to provide a composite device which can be adapted on networked as well as standalone computers which is user friendly and involves automated authentication without the requirement for user interaction.

It is a further object of the present invention to provide a composite device which can be adapted on networked as well as standalone computers which ensures availability of distribution media and Digital Rights Management (DRM) in one device whereby usage of content can be monitored in any machine.

It is yet another object of the present invention to provide a composite device which can be adapted on networked as well as standalone computers which is adapted to apply time based authentication for evaluation of software.

It is yet another object of the present invention to provide a composite device which can be adapted on networked as well as standalone computers and facilitates hardware write protects enable/disable according to data vendors wish.

It is a further object of the present invention to provide a composite device which can be adapted on networked as well as standalone computers and facilitates definition of authentication parameters by application vendors according to their format and wish.

It is a further object of the present invention to provide a networking system having online connectivity with at least a composite device having stored therein secured data, for preventing unauthorized or illegal usage of said data.

It is a further object of the present invention to provide a networking system including a plurality of composite devices having stored therein secured data in connectivity to a plurality of end computing systems, so that chances of unauthorized or illegal usage of said data is substantially reduced/nullified.

It is another object of the present invention to provide a method for secured storage and distribution of digital data, so that chances of unauthorized or illegal usage of said data is substantially reduced/nullified.

It is a further object of the present invention to provide an effective distribution media to release valuable data contents to end user to use such valuable contents by suppressing the end computing system's illegal usage techniques.

It is a further object of the present invention to provide a technology which in general substantially reduces/ nullifies the drawbacks of the technology known in the art of secured storage and distribution of digital data.

How the foregoing objects are achieved and the other aspects of the present invention will be clear from the following description which is purely by way of understanding and not by way of any sort of limitation.

SUMMARY OF THE INVENTION

Accordingly, the present invention provides a composite device for secured storage and distribution of digital data, said device being adapted to be operatively connected to at least an end computing system, said device including at least one first interface and at least one second interface operatively connected to each other and to at least a storage memory of said second interface having stored therein valuable software/ data those are to be protected from unauthorized/ illegal usage, said first interface being adapted to authenticate any request for accessing said data by said computing system and to debar any unauthorized request to access said data by said computing system.

In accordance with preferred embodiments of the composite device of the present invention:

-said first interface comprises a USB Human Interface Device (HID) interface routine and said second interface comprises a USB mass storage class (MSC) interface routine.

-said USB HID interface routine is provided with a HID class memory and said MSC interface routine is provided with a MSC memory for storing secured data, said HID class memory being operatively connected to a command operated switch for making said MSC memory write/ delete protection enable/ disable thereby, preventing data deletion, virus activity, data alteration or other illegal operation to said MSC memory.

-said USB HID interface is adapted to be active constantly, in the event of said device being connected to said end-computing system.

-said USB HID interface is adapted to receive commands/ request from said end computing system and to undertake automated authentication of such commands/ request by virtue of said HID class memory, said authentication parameters being pre-defined as desired.

-said USB HID interface is adapted to receive commands/ request from said end computing system and to undertake time based authentication of such commands/request by virtue of a real time based clock (RTC), operatively connected to said USB HID interface.

-said HID memory is of flexible format as defined by application vendor and said MSC memory is in a unique format.

-said HID memory is adapted to be invisible or to be unavailable to public.

The present invention also provides a networking system having at least an end computing system operatively connected to at least a device for secured storage and distribution of digital data, said device including at least one first interface and at least one second interface operatively connected to each other and to a storage memory of said second interface having stored therein valuable software/ data those are to be protected from unauthorized/ illegal usage, said first interface being adapted to authenticate any request for accessing said data by said computing system and to debar any unauthorized request to access said data by said computing system ,said end computing system being adapted to detect said first interface and said second interface in said device, said computing system being adapted to run an application by at least a public mounted drive provided therein, said application being communicable to said device by said first interface, in the event of which said first interface is adapted to authenticate the parameters of said application with defined parameters in said device, for allowance or rejection of request/ commands in said application for accessing/using/distribution of said secured data in said storage memory, said networking system being further adapted to terminate said application in absence of connectivity with said device.

The present invention also provides a method for secured storage and distribution of digital data including:

-connecting at least a composite device to at least an end computing system, said device including at least one first interface and at least one second interface operatively connected to each other and to a storage memory of said second interface having stored therein valuable software/ data that are to be protected from unauthorized/ illegal usage, said end computing system being adapted to detect said first interface and said second interface in said device and being adapted to run an application by at least a public mounted drive provided therein,

- executing HID communication application by said public drive,

- communicating said executed application through said first interface of said device,

- comparing of parameters defined in said application with those of said device by said first interface in the manner such as herein described,

- launching the protected software/ data in said storage memory in the event of positive authentication or

- debarring the application from accessing protected software/ data in said storage memory in the event of failure in the process of said authentication.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWING

The nature and scope of the present invention will be better understood from the accompanying drawing of a preferred embodiment, which is purely by way of understanding and illustration and not by way of any sort of limitation. In the accompanying drawing:

Figure 1 illustrates the composite device in accordance with the present invention in connectivity with an end computing system for secured storage, usage and distribution of digital data.

DETAILED DESCRIPTION OF THE INVENTION

The following describes some preferred embodiments of the present invention for the sake of understanding the present invention and not by way of any sort of limitation.

As stated under the heading "Background of the Invention", conventional methods and techniques used for protecting unauthorized usage of data, are witnessing some disadvantages or the other. The present invention is aimed at providing a sacrosanct technology for the same, so that the drawbacks encountered hitherto in the art are substantially reduced/ nullified.

The technical challenges the present data security technology is facing are briefly, the authentication parameters are mainly plain text, threaten from hackers, large resources required, technically skilled people required to install and configure and can not control, monitor or protect the software/data in standalone machines from illegal usage.

The present invention is aimed at a composite device and its application method for providing data and it's Digital Rights Management (DRM) in a single device with cost effective method using two USB interfaces. This composite device and method protects data/ contents from illegal/unauthorized use by combination of hardware and software authentication mechanism in it.

Particularly the present invention provides an electronic media and mechanism for delivering contents/data and its DRM to the end machine of the user in a much-secured way, without allowing unauthorized or illegal usage.

More particularly, the present invention provides an electronic or electromechanical system to allow the usage of the valuable software or Data securely, wherein the illegal usage techniques such as product key or password hacking, hard drive imaging and other malpractices are debarred/nullified. Once the valuable data contents are fed into the device and its authentication parameters are defined, the authentication parameters and methods can not be copied in any manner, that would later be functional on any other computer system without this device; instead they can use the valuable data contents in any computer with the presence of this device.

The combination of automated software and hardware method is used to authenticate the genuine content. This authentication will happen periodically.

So, while using the content, if the device gets unplugged or becomes unavailable, the method terminates the content execution.

The present invention also provides an effective distribution media to release valuable data contents to end user to use such valuable contents by suppressing the end computing system's illegal usage techniques.

This invention gives both passive and active protection for the contents. Passive protection is designed to prevent physical access to the information within the apparatus. Active protection will render the data contents unusable if the passive protection fails.

It gives hardware as well as software protection for valuable data contents within the gadget from write/delete/edit. So no one can corrupt the content inside the gadget from any OS/machine, and the gadget will not be a virus/illegal program carrier. It ensures total protection for the content regardless of its access mode and file types.

As illustrated in the accompanying figure 1, the networking system in accordance with the present invention, includes at least a composite device (200), disposed in USB communication (201) with an associated computing system USB communication (106).

This composite device (200) contains composite device firmware (204) which acts as USB HUB and two interface routines and functions in it.

The two interfaces are USB HID interface routine (202) and USB mass storage class interface routine (203). Memory is provided for MSC class (205) to store files/data. HID class memory (206) is provided for keeping product information.

Computer independent Real Time Clock (RTC) (207) is provided for time based authentication/application. Command operated switch (208) and its mechanism (209) are provided for making MSC memory (205) write/delete protection enable/disable.

The other part of the networking system according to the present invention includes at least an end computing section. As illustrated in the accompanying figure 1, the end computing section (100) contains two USB interfaces, one generic USB HID class interface (105) and one generic USB Mass storage class interface (104). There are also provided file system (103) and mounted drive (102) for data operation to MSC memory (205). One HID communication application (101) executes from mounted drive (102) to directly communicate through HID interface (105) to HID controlled slave devices namely USB HID class memory (206), Real Time Clock(RTC)(207), command operated switch(208) and its mechanism (209).

Electromechanical authentication is the major element that gives the main part of the security offered by this device. This element receives the authentication parameters and methods from HID communication application (101) and automatically converts into a unique secured format inside the device and authenticates with defined parameters and methods inside the gadget and periodically responds to the application (101) in a secured manner.

In the MSC memory (205) of the device (200) are placed valuable software/data that are to be protected from unauthorized/illegal usage. This also stores the required security logical software for the device. All the data within this will be in a unique format. Hardware Data storage security is also ensured for system integrity purposes to prevent damage to data, for example caused by a computer virus, other damaging or parasitic code or user mistake.

The composite security device (200) is interfaced with end computing machine/OS (100), via USB. The USB hardware section of device (201) and end computing machine (106) takes care of all the required USB communication and its protocol. In end computing machine/OS (100) HID class interface driver (105) and MSC interface driver (104) directly connects with USB hardware (106). HID driver (105) receives commands/requests from HID communication application (101) and sends it to the HID interface routine (202) of the composite device firmware (204) through USB hardware section, USB host stack and Hardware (106) and USB Device stack and Hardware (201).

This secure composite device (200) includes intelligent firmware (202) in it, which remains constantly active when the device is connected to the end computing system. This routine makes and breaks connection to HID slave devices (206), (207), (208) by sending commands or request. This firmware prevents the end computing/operating system to access the slave devices (206), (207), (208) from unauthorized/illegal functions.

When the user connects the device to end computing unit, the OS of the end computing unit detects the two interfaces. One interface is in USB HID class (105) and second interface is in USB Mass storage class (104). MSC interface mounts one public drive (102) for file operation and large memory is provided (205) for MSC interface inside the gadget. MSC memory (205) content is visible in public mounted drive (102). The HID communication application (101) is executed from this public drive (102). Once the HID communication application (101) is executed it communicates through HID interface (105) and the device does automated authentication with electromechanical mechanism in it, and if succeeded the protected software/data is launched. Now these authentication parameters and methods provided by the application are compared with the parameters and methods stored in the mentioned device. The authentication parameters are defined by application vendors according to their format and wish. If the software/data copy to one fake device/local memory and execute without the presence of the genuine composite device, authentication fails and data can not be used.

Once application launches the software/data, the application keeps monitoring the presence of the composite device (200) and keeps communicating to HID interface routine (202) of the device. If the device is unplugged the execution of software/data is terminated by control application (101).

Hence, only the authorized/legal person can use the data content and no one can access to DRM by any means if it goes to unauthorized hands. The DRM is purely secured with electromechanical technology.

All data contents are stored within the present invention gadget in a unique secured format which will be secured by using any of the encryption algorithms, Hardware locking system and so on.

In the above context it is hereby clarified, that simply by way of example and for understanding the present invention and not by way of any limitation, the networking system according to the present invention has been defined with reference to at least a composite device in connectivity with at least an end computing system. It should be understood to persons skilled in the art that, the present invention is equally applicable to networking systems having a plurality of such composite devices in connectivity with a plurality of such end computing systems and all such networking systems are equally effective in achieving the objects of the present invention.

ADVANTAGES OF THE INVENTION

The present invention a secured logistical system and a method for secured distribution of digital data through any manner, applying the system are effective in protecting Data from unauthorized/illegal usage.

1. The present invention prevents unauthorized/illegal usage of Data.

2. The system can be adapted on networked and standalone computers.

3. This system can be integrated into a WAN & LAN for network application.

4. The license management in this system is machine and OS independent.

5. Only genuine product will work with this system. So data vendors can increase their revenue.

6. In this system no user interaction required for authentication. Authentication automated. So it is user friendly.

7. This system can replace dongle or other kind of security.

8. No way to hack product authentication parameters, because the combination of hardware and software method is used.

9. Distribution media and DRM are available in one device. So the usage of content can monitor in any machine.

10. This device supports USB genuine drivers of most OS.

11. Time based authentication can be applied for evaluation software.

12. The storage media of this device can make hardware write protects enable/disable according to data vendors wish.

13. If the media is write protect nobody can delete/edit content from any computer/OS.

14. The authentication parameter can be defined by application vendors according to their format and wish.

15. The present invention ensures cost-effectiveness as well, as compared to the previous technologies known in the art, particularly having regard to the simplified constructional features involved.

The technical advancements and economic significance as stated hereinbefore and defined hereinafter in the appended claims, were hitherto not known and not conceivable to persons skilled in the art, from knowledge of existing technology in this field.

The present invention has been described with reference to some drawings and preferred embodiments, purely for the sake of understanding and not by way of any limitation and the present invention includes all legitimate developments within the scope of what has been described hereinbefore and claimed in the appended claims.

We Claim:

1. A composite device for secured storage and distribution of digital data, said device being adapted to be operatively connected to at least an end computing system, said device including at least one first interface and at least one second interface operatively connected to each other and to at least a storage memory of said second interface having stored therein valuable software/ data those are to be protected from unauthorized/ illegal usage, said first interface being adapted to authenticate any request for accessing said data by said computing system and to debar any unauthorized request to access said data by said computing system.

2. The composite as claimed in claim 1, wherein said first interface comprises a USB Human Interface Device (HID) interface routine and said second interface comprises a USB mass storage class (MSC) interface routine.

3. The composite device as claimed in claim 2, wherein said USB HID interface routine is provided with a HID class memory and said MSC interface routine is provided with a MSC memory for storing secured data, said HID class memory being operatively connected to a command operated switch for making said MSC memory write/ delete protection enable/ disable thereby, preventing data deletion, virus activity, data alteration or other illegal operation to said MSC memory.

4. The composite device as claimed in claims 3, wherein said USB HID interface is adapted to be active constantly, in the event of said device being connected to said end-computing system.

5. The composite device as claimed in claims 3 and 4, wherein said USB HID interface is adapted to receive commands/ request from said end computing system and to undertake automated authentication of such commands/ request by virtue of said HID class memory, said authentication parameters being pre-defined as desired.

6. The composite device as claimed in claims 3 and 4, wherein said USB HID interface is adapted to receive commands/ request from said end computing system and to undertake time based authentication of such commands/request by virtue of a real time based clock (RTC), operatively connected to said USB HID interface.

7. The composite device as claimed in claims 2 and 5, wherein said HID memory is of flexible format as defined by application vendor and said MSC memory is in a unique format.

8. The composite device as claimed in claim7, wherein said HID memory is adapted to be invisible or to be unavailable to public.

9. A networking system having at least an end computing system operatively connected to at least a device for secured storage and distribution of digital data, said device including at least one first interface and at least one second interface operatively connected to each other and to a storage memory of said second interface having stored therein valuable software/ data those are to be protected from unauthorized/ illegal usage, said first interface being adapted to authenticate any request for accessing said data by said computing system and to debar any unauthorized request to access said data by said computing system ,said end computing system being adapted to detect said first interface and said second interface in said device, said computing system being adapted to run an application by at least a public mounted drive provided therein, said application being communicable to said device by said first interface, in the event of which said first interface is adapted to authenticate the parameters of said application with defined parameters in said device, for allowance or rejection of request/ commands in said application for accessing/using/distribution of said secured data in said storage memory, said networking system being further adapted to terminate said application in absence of connectivity with said device.

10. A method for secured storage and distribution of digital data including: -connecting at least a composite device to at least an end computing system,

- said device including at least one first interface and at least one second interface operatively connected to each other and to a storage memory of said second interface having stored therein valuable software/ data that are to be protected from unauthorized/ illegal usage, said end computing system being adapted to detect said first interface and said second interface in said device and being adapted to run an application by at least a public mounted drive provided therein,
- executing HID communication application by said public drive,

- communicating said executed application through said first interface of said device,

- comparing of parameters defined in said application with those of said device by said first interface in the manner such as herein described,

- launching the protected software/ data in said storage memory in the event of positive authentication or,

- debarring the application from accessing protected software/ data in said storage memory in the event of failure in the process of said authentication.

11. A composite device for secured storage and distribution of digital data substantially as herein described, particularly with reference to the accompanying drawing.

12. A networking system, comprising a plurality of composite devices operatively connected to each other, each composite device being in connectivity to an end computer system substantially as herein described, particularly with reference to the accompanying drawings.

13. A method for secured storage and distribution of digital data substantially as herein described, particularly with reference to the accompanying drawings.