Mark J Gurkowski

Address:

8972 Sage Vly Rd, Longmont, CO 80503

Phone:

3034170421

VIN:

JHMCP26818C038623

Make:

HONDA

Model:

ACCORD

Year:

2008

US Patent:

7549044, Jun 16, 2009

Filed:

Oct 28, 2003

Appl. No.:

10/696077

Inventors:

Lane W. Lee - Boulder CO, US
Randal C. Hines - Boulder CO, US
Mark J. Gurkowski - Longmont CO, US
David L. Blankenbeckler - Longmont CO, US

Assignee:

DPHI Acquisitions, Inc. - Longmont CO

International Classification:

H04L 9/00

US Classification:

713167, 726 26, 726 27, 726 29, 726 31, 726 33, 713193, 380201

Abstract:

A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.

US Patent:

8001387, Aug 16, 2011

Filed:

Apr 19, 2006

Appl. No.:

11/407467

Inventors:

Lane W. Lee - Boulder CO, US
Mark J. Gurkowski - Longmont CO, US
David H. Davies - Boulder CO, US

Assignee:

DPHI, Inc. - Longmont CO

International Classification:

G06F 21/00
G06F 7/04
G06F 12/00
G06F 12/14
G06F 13/00

US Classification:

713186, 713165, 726 18, 726 33, 380 45

Abstract:

In one embodiment, a storage device with biometric access includes: a biometric scanner adapted to scan a biological feature of a user to provide a corresponding extracted biometric template; and a storage engine adapted to retrieve an encrypted biometric template from a storage medium and to retrieve a corresponding encrypted content key from the storage medium. The storage engine generates a first key and combines the first key with a media identifier from the storage medium to provide a content key. Using the content key, the storage engine decrypts the retrieved encrypted biometric template. If the extracted biometric template matches the retrieved biometric template, the storage engine grants a user access to content on the storage medium.

US Patent:

8010790, Aug 30, 2011

Filed:

Sep 10, 2008

Appl. No.:

12/207684

Inventors:

Lane W. Lee - Boulder CO, US
Randal C. Hines - Boulder CO, US
Mark J. Gurkowski - Longmont CO, US
David L. Blankenbeckler - Longmont CO, US

Assignee:

DPHI, Inc. - Longmont CO

International Classification:

H04L 9/00

US Classification:

713167, 713193, 726 26, 726 27, 726 28, 726 29, 726 31, 726 33, 380201, 380202, 380203, 380204, 380264

Abstract:

A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.

US Patent:

8307217, Nov 6, 2012

Filed:

Feb 5, 2008

Appl. No.:

12/025777

Inventors:

Lane W. Lee - Boulder CO, US
Mark J. Gurkowski - Longmont CO, US
Randal Hines - Boulder CO, US

International Classification:

G06F 12/14
H04L 9/08

US Classification:

713193, 380281

Abstract:

In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key.

US Patent:

8479013, Jul 2, 2013

Filed:

Jan 16, 2009

Appl. No.:

12/355680

Inventors:

James Finlayson - Eugene OR, US
Reena B. Gordon - Los Angeles CA, US
Mark Gurkowski - Longmont CO, US
Lane Lee - Boulder CO, US

Assignee:

Photonic Data Security, LLC - Torrance CA

International Classification:

G06F 21/00

US Classification:

713186, 713193, 726 26, 726 27, 726 28, 726 29, 726 30

Abstract:

A portable data transport device that provides security to data stored therein, and is configured to communicate data with a host computer for securing and transporting data. The portable data transport device includes a first processor and a biometric identification system. Upon successful biometric identification of an enrolled user, the first processor permits mounting of the data transport device to a host computer. However, prior to the commencement of read/write operations, cross-checking of stored identification codes of components of the portable data transport device occurs, including the use of a hash function. If any identifier does not match, no read/write data operations are permitted. The portable data transport device includes a file security program that includes a DLL encryption/decryption program having a self-check feature. Upon self check, if any changes were made to the encryption/decryption program, no read/write operations are permitted.

US Patent:

20030169733, Sep 11, 2003

Filed:

Nov 6, 2002

Appl. No.:

10/290066

Inventors:

Mark Gurkowski - Longmont CO, US
Stan Keeler - Longmont CO, US
Lane Lee - Lafayette CO, US

International Classification:

H04Q011/00

US Classification:

370/382000

Abstract:

An interface protocol for transmitting variable-sized packets between a host system and a storage device. The protocol supports a plurality of signals for transmitting data between the host system and the storage device. One or more address signals indicate whether the packet includes command, data, or status information. An enable signal indicates when the packets may be transmitted to and from the storage device. Read and write strobe signals are also included to allow the host to request data from and transmit data to the storage device. The protocol includes an extensible command set which includes a function code, one or more interrupt requests, and signals to indicate when the storage device is busy, when the storage device is ready to transfer data, when the storage device is ready to receive bytes from a command packet, when the storage device is ready to receive or transmit a data block, and when the storage device is ready to transmit status bytes.

US Patent:

20170070345, Mar 9, 2017

Filed:

Nov 5, 2012

Appl. No.:

13/669273

Inventors:

- San Jose CA, US
Mark J. Gurkowski - Longmont CO, US
Randal Hines - Boulder CO, US

International Classification:

G06F 21/24

Abstract:

In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key.