[0001] The present disclosure relates to the field of secure access to computer systems, in particular to a method for accessing to a data storage peripheral device from an electronic host device and a secured peripheral device.

BACKGROUND

[0002] Many electronic systems, for example the computer systems and the systems with human to machine interface (such as personal computer, smart TV, printers, video projectors, speakers, ...), have a number of ports for connecting various types of peripheral devices to interface with users, connect to other computer systems, and / or store data. The integrity of these computer systems may be lost by the physical connection to the ports of these systems of devices hosting malicious data.

[0003] This may be the case in particular with USB (Universal Serial Bus) electronic devices.

Indeed, USB ports are "multifunctional" universal ports in the sense that they can accept a whole range of devices of different types, such as network interfaces, USB memory-type storage devices, keyboards, mice, web cams, etc.

[0004] This universal character of these ports, while advantageous from the point of view of the flexibility in terms of connection and of the supported functions offered by such an interface, proves to be problematic in an environment where security becomes an essential factor because it allows the connection of malicious peripherals on USB ports, for instance peripherals executing malicious programs or even peripherals with malicious microprocessors executing malicious programs.

[OOOS] More specifically, on a sensitive computer system having USB ports connected to such a malicious peripheral device, a malicious (or negligent) user, using such a malicious peripheral device connected to a USB port of said sensitive computer system, can take (or lose) control, install viruses or record sensitive data from this sensitive computer system.

[0006] For example, a malicious peripheral device may be a modified Webcam (usually identified by Class 06h in USB Protocol) configured to send to the computer system a substitute identifier (Class 05B identifying a keyboard in USB protocol). As a consequence, the computer system will accept to load any software (such as drivers, software) that would be necessary to understand input strings from a keyboard, a command line, a computer program, etc. Unfortunately, even in situations as described herein where the sensitive computer system would also be provided with an antivirus software, this antivirus software would not detect anything, since for instance the sensitive computer system would not be able to detect whether the communication was established with a keyboard or with a malicious device.

[0007] It is not possible to simply ban the use of these universal ports, because these ports are necessary for the use of certain essential peripherals, such as mice or keyboards. [0008] To address this problem, which is sometimes referred to as a“Bad USB” attack, solutions have been proposed.

[0009] For example, patent application EP2659419A1 discloses a device for controlling access to a computer system, the device comprising at least one multifunction port configured to be connected to different categories of peripherals and an access interface configured to be connected to the computer system, access management tools connected between the multifunction port and the access interface; the access management tools being physically configured to authorize the access of the interface by means of a peripheral device connected to the multifunction port only if the device belongs to a device category that is specifically and permanently associated with the multifunction port to which it is connected. The use of such device is advantageous in that only data stored on a peripheral that belongs to a predetermined category of peripherals may be read and imported to the computer system. For example, the sole authorized category may be that of the mass storage devices that do not send any command.

[0010] The EP2659419A 1 disclosed device is implemented as a cumbersome electronic card intended to be used as an interface between a computer system and universal peripherals in fixed installation. Therefore this solution is not suitable for the protection needs of users in a mobility situation (laptops, travel, etc.).

[0011] Also, the EP2659419A 1 system’s access management tools act as an access control filter on the communication channel between the computer system and the device connected to the multifunction port. However a cyber attacker may still succeed in transmitting malicious data through this communication channel and / or to replace a piece of original hardware / firmware by a malicious hardware / firmware in order to emulate a fake authorized device and then modify the behavior of the access control filter.

[0012] Thus, there is a need for a method and devices allowing improving the security of an electronic host device, be it fixed or mobile and with or without telecommunication capability, when accessing to a data storage peripheral device (e.g. USB data storage devices) connected to the electronic host device.

SUMMARY

[0013] According to a first aspect, the present description relates to a secured peripheral device, comprising: a first communication interface configured to be connected to an electronic host device; a second communication interface configured to be connected to a data storage peripheral device configured to store one or more data files; a first microcontroller configured to receive from the electronic host device through the first communication interface a read command according to a first communication protocol, wherein the read command comprises instructions for performing a copy of one or more selected data files from the data storage peripheral device to the electronic host device; a second microcontroller configured to communicate with the first microcontroller using a second communication protocol distinct from the first communication protocol. The first microcontroller is configured to translate the read command into a translated read command according to the second communication protocol and to forward the translated read command to the second microcontroller. The second microcontroller is configured to translate the translated read command into a second translated read command according to the first communication protocol and to forward the second translated read command to the data storage peripheral device through the second communication interface.

[0014] According to a second aspect, the present description relates to a secured peripheral device, comprising: a first communication interface configured to be connected to an electronic host device; a second communication interface configured to be connected to a data storage peripheral device configured to store one or more data files; a first microcontroller configured to receive from the electronic host device through the first communication interface a write command according to a first communication protocol, wherein the write command comprises instructions for performing a copy of one or more selected data files from the electronic host device to the data storage peripheral device; a second microcontroller configured to communicate with the first microcontroller using a second communication protocol distinct from the first communication protocol. The first microcontroller is configured to translate the write command into a translated write command according to the second communication protocol and to forward the translated write command to the second microcontroller. The second microcontroller is configured to translate the translated write command into a second translated write command according to the first communication protocol and to forward the second translated write command to the data storage peripheral device through the second communication interface.

[0015] According to a third aspect, the present description relates to a method for accessing to a data storage peripheral device from an electronic host device. The method is intended to be performed by a secured peripheral device connected through a first communication interface to the electronic host device and connected through a second communication interface to the data storage peripheral device. The secured peripheral device comprises a first microcontroller and a second microcontroller. The method comprises receiving, by the first microcontroller, from the electronic host device through the first communication interface a read command according to a first communication protocol, wherein the read command comprises instructions for performing a copy of one or more selected data files from the data storage peripheral device to the electronic host device; translating, by the first microcontroller, the read command into a translated read command according to a second communication protocol distinct from the first communication protocol; forwarding, by the first microcontroller, the translated read command to the second microcontroller; translating, by the second microcontroller, the translated read command into a second translated read command according to the first communication protocol; and forwarding, by the second microcontroller, the second translated read command to the data storage peripheral device through the second communication interface.

[0016] According to a third aspect, the present description relates to a method for accessing to a data storage peripheral device from an electronic host device. The method is intended to be performed by a secured peripheral device connected through a first communication interface to the electronic host device and connected through a second communication interface to the data storage peripheral device. The secured peripheral device comprises a first microcontroller and a second microcontroller. The method comprises receiving, by the first microcontroller, from the electronic host device through the first communication interface a write command according to a first communication protocol, wherein the write command comprises instructions for performing a copy of one or more selected data files from the electronic host device to the data storage peripheral device; translating, by the first microcontroller, the write command into a translated write command according to a second communication protocol distinct from the first communication protocol; forwarding, by the first microcontroller, the translated write command to the second microcontroller; translating, by the second microcontroller, the translated write command into a second translated write command according to the first communication protocol; and forwarding, by the second microcontroller, the second translated write command to the data storage peripheral device through the second communication interface for implementing said copy of one or more memory blocks.

[0017] Other aspects of the invention will be apparent from the following detailed description and the appended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

[0018] Other advantages and characteristics of the disclosed devices and methods will become apparent from reading the description, illustrated by the following figures, where:

FIG.1 shows a computer system in accordance with one or more embodiments;

FIG. 2A shows a secured peripheral device SPD in accordance with one or more embodiments; FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments; FIG. 3A shows a flow chart of a method for configuring a secured peripheral device in accordance with one or more embodiments;

FIG. 3B shows a flow chart of a method for controlling the integrity of a secured peripheral device in accordance with one or more embodiments;

FIG. 3C shows a flow chart of a method for implementing a challenge-response authentication process in accordance with one or more embodiments;

FIG. 4A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments;

FIG. 4B shows a flow chart of a method for deleting one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments; FIG. 4C shows a flow chart of a method for creating one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments;

FIG. 5A shows a flow chart of a method for reading data stored on a data storage peripheral device from an electronic host device through a secured peripheral device in accordance with one or more embodiments;

FIG. 5B shows a flow chart of a method for writing data from an electronic host device to a data storage peripheral device through a secured peripheral device in accordance with one or more embodiments;

FIG. 6A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments;

FIG. 6B shows a flow chart of a method for performing an operation on one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments;

FIG. 7A-7C show flow charts of a method for copying data from a data storage peripheral device to a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments;

{0019] In the FIGS., identical elements are indicated by the same references. The embodiments disclosed herein by reference to the figures, can be implemented independently of any other embodiments and several embodiments can be combined in various ways.

DETAILED DESCRIPTION

[0020] The present disclosure is described below with reference to functions, engines, block diagrams and flowchart illustrations of the methods, systems, and computer programs according to one or more exemplary embodiments.

[0021] Disclosed are methods and devices allowing improving the security of an electronic host device, be it fixed or mobile and with or without telecommunication capability, when using peripheral devices (e.g. USB data storage devices) connected to the electronic host device.

[0022] Discloses are method and devices allowing improving the security and / or user- friendliness, ergonomics of the access to an external data storage electronic device, e.g. for copying and performing data exchanges from and / or to an external data storage electronic device and without involving any additional third-party device.

[0023] FIG. 1 illustrates schematically an example computer system 100 in which the various technologies and techniques described herein may be implemented.

[0024] As shown in FIG. 1 , the computer system 100 includes an electronic control device ECD, an electronic host device EHD, a secured peripheral device SPD, a data storage peripheral device DPD and a remote authentication server RAS. The electronic control device ECD, the electronic host device EHD, the secured peripheral and / or the data storage peripheral device DPD device SPD may be used by a user Ul .

[0025 J The remote authentication server RAS may be implemented as a single hardware device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments. The remote authentication server RAS may also be implemented within a cloud computing environment.

[0026] The electronic control device ECD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments. The electronic control device ECD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.

[0027] The electronic host device EHD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments. The electronic host device EHD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.

[0028] The data storage peripheral device DPD may be implemented as a single hardware device.

The data storage peripheral device DPD may be a USB device. For example, the data storage peripheral device DPD may be in the form of data storage key, a USB memory, a USB key, USB stick, USB drive, etc. The data storage peripheral device DPD may be a third-party storage device whose security / integrity can not be verified by the user Ul .

[0029] The secured peripheral device SPD may be implemented as a single hardware device. The secured peripheral device SPD may be a USB device. For example, the secured peripheral device SPD may be in the form of a data storage key, a USB memory, a USB key, USB stick, USB drive, etc. In one or more embodiments, the secured peripheral device SPD is a self-powered peripheral device, comprising for example a battery or other energy source, and may be used without being connected to any host device.

[0030] In one or more embodiments, the secured peripheral device SPD is configured to provide protection against“BadUSB” security failure, both as a self-protection and a protection against third-party devices, like the data storage peripheral device DPD.

[0031] The secured peripheral device SPD is a device that provides its own security functions, including integrity check and authentication, and whose data access functionalities, communication functionalities and capacities are controlled and managed by the software application on the electronic control device ECD. In one or more embodiments, the communication functions through the multifunction communication interfaces is dependent on the success of an authentication of the secured peripheral device. The authentication of the secured peripheral device may be part of or be performed after a pairing process between the electronic control device ECD and the secured peripheral device SPD.

[0032] A data access function may correspond to one or more data access operations such as reading data blocks, writing data blocks, mounting a file system, obtaining descriptive data of a file system or one or more data files or data container, amending access right(s) of data files, etc. Descriptive data may include any attribute of a data file or data container, including a file name, file extension, access rights, size of data file, keywords, editing date, creation date, etc.

[0033] In one or more embodiments, the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only in the presence and / or proximity (e.g. presence in the wireless detection zone) of the electronic control device ECD with which the secured peripheral device is paired. In one or more embodiments, the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only as long as the communication link L3 is operatively active and is configured to interrupt any communication through the multifunction communication interfaces when the communication link L3 is interrupted.

[0034] In one or more embodiments, the secured peripheral device SPD is configured to communicate with the electronic host device EHD through a communication link LI . The communication link LI may be a USB (Universal Serial Bus) link. For example, a USB port (e.g. a male USB port) of the secured peripheral device SPD may be directly connected to a USB port (e.g. a female USB port) of the electronic host device EHD. Alternately, a USB cable may be used to connect the secured peripheral device SPD to the electronic host device EHD. Any other communication link may be used, for example a wired or wireless communication link. A wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc. A wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link LI is a USB communication link.

[0035] In one or more embodiments, the data storage peripheral device DPD is configured to communicate with the secured peripheral device SPD through a communication link L2. The communication link L2 may be a USB (Universal Serial Bus) communication link. For example, a USB port (e.g. a male USB port) of the data storage peripheral device DPD may be directly connected to a USB port (e.g. a female USB port) of the secured peripheral device SPD. For example, a USB cable may be used to connect the secured peripheral device SPD to the secured peripheral device SPD. Any other communication link may be used, for example a wired or wireless communication link. A wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc. A wireless communication link may be based on communication protocol such as Bluetooth ®, Wifi, Lift, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link L2 is a USB communication link.

[0036] The electronic control device ECD is configured to communicate with the secured peripheral device SPD through a wired or wireless communication link L3. In one or more embodiments, the communication link is a bi-directional communication link. In one or more embodiments, the communication link L3 is a Bluetooth ® communication link. Any other communication link may be used. A wired communication link may be compliant with a communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc. A wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link L3 is wireless communication link, compliant for example with Bluetooth ®.

[0037] The electronic control device ECD is configured to communicate with the remote authentication server through a communication link L4. In one or more embodiments, the communication link L4 is implemented through a telecommunication network. The telecommunication network may be any data transmission network, for example a wired (coaxial cable, fiber, twisted pair, DSL cable, etc.) or wireless (radio, infrared, cellular, microwave, etc.) network, a local area network (LAN), internet area network (IAN), metropolitan area network (MAN) or wide area network (WAN) such as the Internet, a public or private network, a virtual private network (VPN), a telecommunication network with data transmission capabilities, a single radio cell with a single connection point like a Wifi or Bluetooth ® cell, etc.

[0038] FIG. 2A, shows a secured peripheral device SPD in accordance with one or more embodiments. As shown in FIG. 2A, the secured peripheral device SPD comprises a flash memory MEM, a communication interface BT1 , one or more multifunction communication interfaces USB 1 , USB2, one or more microcontrollers MC 1 , MC2, and a power supply 210 (e.g. a battery).

[0039] In one or more embodiments, the flash memory MEM is configured to store ciphered firmware update 221, a default data partition 222. In one or more embodiments, the flash memory MEM is configured to store a plurality 223 of data containers PI , P2, P3. In one or more embodiments, the data containers PI, P2, P3 are user data containers. A user data container is a data container suitable for storing user data (e.g. data files generated by a software used by a user). The user data may be private or professional data and a data container may be dedicated to professional data storage only or to private data storage only. In one or more embodiments, a data container is data partition. In one or more embodiments, a data container is an archive file for archiving data files, and may be compressed or not. In one or more embodiments, a data container is a file folder of a file system.

[0040] In one or more embodiments, the communication interface BT1 includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the communication interface BT1.

[0041] In one or more embodiments, the communication interface BT 1 is configured to communicate through the wireless communication link L3 with the electronic control device ECD. In one or more embodiments, the communication protocol used by the communication interface BT1 implements pairing process with each electronic device such that a communication through the wireless communication link L3 is enabled only is the pairing process is successful. As discussed above, the communication link L3 may be a wired or wireless communication link and the communication interface BT1 is communication interface suitable for communicating through communication link L3 and compliant with the associated communication protocol. For example, the communication interface BT1 is a Bluetooth ® interface.

[0042] In one or more embodiments, the multifunction communication interface USB 1

(respectively USB2) includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the multifunction communication interface USB 1 (respectively USB2).

[0043] In One or more embodiments, the first multifunction communication interface USB 1 is configured to be connected to an electronic host device electronic host device EHD through the communication link LI . In one or more embodiments, the second multifunction communication interface USB2 is configured to be connected to a data storage peripheral device DPD through the communication link L2.

[0044] In one or more embodiments, the multifunction communication interfaces USB 1 or USB2 is a USB (Universal Serial Bus) communication interface. For example, the multifunction communication interface USB 1 includes a male USB connector and the multifunction communication interface USB2 includes a female USB connector. As discussed above, the communication link LI (respectively L2) may be a wired or wireless communication link and the multifunction communication interface USB1 (respectively USB2) is communication interface suitable for communicating through communication link LI (respectively L2) and compliant with the associated communication protocol.

[0045] In one or more embodiments, the microcontroller MCI (respectively MC2) includes hardware (e.g. circuitry, optical and / or electronic components, etc), is configured (e.g. programmed) by means of firmware and / or software instructions and is configured to implement the functions described herein for the microcontroller MCI (respectively MC2).

[0046] In one or more embodiments, the microcontroller MC I and / or the microcontroller MC2 is (are) configured to access to the Flash memory MEM and to the one or more data containers PI, P2, P3 stored therein.

[0047] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement security management functions in order to secure and control the communication and the data access to / from the secured peripheral device SPD through the one or more multifunction communication interfaces USB1, USB2. The security management functions may include authentication functions, communication control functions, encryption functions, filtering functions, etc. in one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 includes an embedded cryptographic unit configured to implement ciphering / deciphering functions, thus enabling accelerated execution of these ciphering / deciphering functions.

[0048] In one or more embodiments, the microcontroller MC I and / or the microcontroller MC2 is (are) configured to implement the security management functions under the control of the electronic control device ECD, e.g. under the control of a specific software application, also referred to therein as the security control application APP, executed by the electronic control device ECD.

[0049] In one or more embodiments, the microcontroller MC 1 and / or the microcontroller MC2 is (are) configured to receive (respectively send) messages (respectively to) the security control application APP of the electronic control device ECD through the wireless communication link L3. In one or more embodiments, the messages are ciphered by the emitting entity and deciphered by the receiving entity and the microcontroller(s) MC 1 , MC2 share(s) one or more encryption keys with the security control application APP. The messages may include information and / or instructions for instructing the icrocontroller(s) MCI , MC2 to perform one or more operations. The messages may encryption keys, data, parameters and / or other information.

[0050] In one or more embodiments, the one or more multifunction communication interfaces

USB1 , USB2 are configured to be connected to an external electronic device (e.g. the data storage peripheral device DPD or electronic host device EHD). In one or more embodiments, the microcontroller MC 1 and / or the microcontroller MC2 is (are) configured to implement, under the control of the security control application APP, communication functions and / or data access functions through the one or more multifunction communication interfaces USB 1 , USB2 to / from the secured peripheral device SPD. The microcontroller MCI and / or the microcontroller MC2 is (are) configured for example to wait for predetermined control messages before performing any data container access function or communication function through the first and second multifunction communication interfaces USB1 , USB2. This means that as long as the software application APP has not sent a predetermined control message to trigger a corresponding communication operation or data access operation, the microcontrollers MCI, MC2 do not perform the corresponding communication operation or data access operation. For example, as long as the software application APP has not sent a predetermined control message, the microcontrollers MCI , MC2 do not access to a file system of a data storage peripheral device DPD connected to the second multifunction communication interfaces USB2 and the microcontrollers MC 1 , MC2 are not responsive to requests according to the USB protocol received through the first multifunction communication interfaces USB 1. The control messages are sent by the software application APP to the secured peripheral device SPD and comprise instructions for instructing the secured peripheral device SPD (i.e. the microcontroller(s) MC I , MC2) to perform one or more operations in accordance with the instructions.

[0051] In one or more embodiments, the microcontroller(s) MC 1 , MC2 is (are) configured to receive, from the software application APP through the wireless communication link L3, one or more control messages. The control messages comprise instructions to instruct the secured peripheral device SPD to perform one or more operations (e.g. communication operations or data access operations) through the one or more communication interfaces USB I , USB2. In one or more embodiments, the microcontroller(s) MCI , MC2 is (are) configured to send, to the software application APP through the wireless communication link (L3), at least one response message (e.g. feedback message, information message, status message, etc.) in response to the control message, for example a message regarding the requested operation (e.g. regarding the completion or a result of the operation). Examples of operations performed under the control of the software application APP are described for example by reference to FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C.

[0052] In one or more embodiments, the control messages are sent by the software application

APP only once the pairing process is completed and only in case of a success of the challenge-response authentication process. Due to the challenge-response authentication process, the integrity of the secured peripheral device SPD can be verified, and a protection against reading and modification of the firmw are of the electronic card is achieved. This prevent the firmware of the secured peripheral device SPD from being replaced by a“BadUSB firmware”. This also prevent hackers from replacing the hardware of secured peripheral device SPD.

[0053] In one or more embodiments, the microcontroller MC I and / or the microcontroller MC2 is (are) responsive to messages from the software application APP to control the transition from a connected state, in which the communications through the first and / or second multifunction communication interfaces USB 1 , USB2 are operative (authorized), to a locked state, in which the communications through the multifunction communication interfaces USB 1 , USB2 are not operative (forbidden or blocked) or conversely from the locked state to the connected state.

[0054] In one or more embodiment, performing a data access operation comprises a data access operation on one or more data containers of the secured peripheral device SPD. In one or more embodiments, a list of data containers is built by the secured peripheral device SPD (by one or the microcontroller(s) MCI , MC2) and sent to the software application APP through the wireless communication link L3. A user of the software application APP may then select a data container on which the data access operation has to be performed.

[0055] In one or more embodiment, performing a data access operation comprises opening a selected data container of the secured peripheral device SPD. If the selected data container is a ciphered container PI , performing a data access operation on the selected data container comprises receiving from the software application APP through the wireless communication link L3 a control message including an encryption key KPl associated with the selected ciphered container P 1 , extracting the encryption key K.P 1 from the control message; deciphering the ciphered container using the extracted encryption key and providing descriptive data (e.g. file names and attributes) of the content of data container to the software application APP through the wireless communication link L3. Further aspects and embodiments are described by reference to FIG. 6A.

[0056] Once a data container is opened, one or more data files may be copied to (respectively from) the data container from (or respectively to) an external electronic device (electronic host device EHD or data storage peripheral device DPD) connected to one of the multifunction communication interfaces USB1 , USB2. In one or more embodiments, a list of data files is built by the secured peripheral device SPD (by one or the icrocontroller(s) MCI , MC2) and sent to the software application APP through the wireless communication link L3. A user of the software application APP may then select a one or more data file which have to be copied. Further aspects and embodiments are described by reference to FIG. 6B.

[0057] In one or more embodiment, performing a data access operation comprises providing access to one or more data containers PI , P2, P3 of the secured peripheral device SPD through at least one of the multifunction communication interfaces USB1 , UBS2 from the electronic host device EHD and / or copying one or more data files from one or more data containers PI , P2, P3 to the electronic host device EHD. Providing access to one or more data containers PI , P2, P3 may comprise mounting a file system for the one or more data containers PI , P2, P3 and sending descriptive data of the mounted first file system to the electronic host device EHD through the first communication interface USB1. Further aspects and embodiments are described by reference to FIGS. 4A-4C.

[0058] In one or more embodiment, performing a data access operation comprises accessing to the data storage peripheral device DPD through the second communication interface USB2 from the secured peripheral device SPD and / or copying one or more data files from the external data storage peripheral device DPD to at least one data container PI , P2, P3 of the secured peripheral device SPD. In one or more embodiment, performing a data access operation comprises mounting a file system to get access to data files stored in the data storage peripheral device DPD through the third communication interface USB2 from the secured peripheral device SPD. Further aspects and embodiments are described by reference to FIGS. 7A-7C.

[0059] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is configured to implement, through the wireless communication link L3, the electronic control device ECD and the communication link L4, a challenge-response authentication process between the secured peripheral device SPD and the remote authentication server RAS.

[0060] In one or more embodiments, the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement data encryption functions using one or more encryption keys.

[0061] In one or more embodiments, the microcontroller MC 1 and / or the microcontroller MC2 is (are) configured to receive and send data through the first multifunction communication interface USB1 (or respectively USB2) in accordance with a first communication protocol. The first communication protocol may be the USB protocol.

[0062] In one or more embodiments, the microcontroller MCI (respectively MC2) is configured to receive / send data from / to the other microcontroller MC2 (respectively MC I) in accordance with a second communication protocol, distinct from the first communication protocol. The second communication protocol may be the SPI (Serial Peripheral Interface) protocol or any other serial wired communication protocol like I2C, RS232, TTL, etc.

[0063] In one or more embodiments, the microcontroller MC 1 (respectively MC2) is configured to implement a protocol translation from the first communication protocol to the second communication protocol and from the second communication protocol to the first communication protocol. The protocol translation is implemented by the microcontroller MCI (respectively MC2) from the first communication protocol to the second communication protocol for messages received through the multifunction communication interfaces USB 1 (respectively USB2) and to be sent to the other microcontroller MC2 (respectively MC 1 ). The protocol translation is implemented by the microcontroller MC 1 (respectively MC2) from the second communication protocol to the first communication protocol for messages received from the other microcontroller MC2 (respectively MC I ) and to be sent to the multifunction communication interfaces USB 1 (respectively USB2).

[0064] In one or more embodiments, the first multifunction communication interface USB 1 is connected to the electronic host device EHD and the second multifunction communication interface USB1 is connected to the data storage peripheral device DPD.

[0065] The secured peripheral device SPD may then be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the external data storage peripheral device DPD to the electronic host device EHD. The first microcontroller MC I may be configured to receive from the electronic host device EHD through the first communication interface USB 1 a read command according to a first communication protocol, wherein the read command comprises instructions for performing a copy of the one or more selected data files from the data storage peripheral device DPD to the electronic host device EHD. The first microcontroller MC I may be configured to translate the read command into a translated read command according to the second communication protocol and to forward the translated read command to the second microcontroller MC2. The second microcontroller MC2 may be configured to translate the translated read command into a second translated read command according to the first communication protocol and to forward the second translated read command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5A.

[0066] Symmetrically, the secured peripheral device SPD may be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the electronic host device EHD to the external data storage peripheral device DPD. The first microcontroller MC I may be configured to receive from the electronic host device EHD through the first communication interface USB 1 a write command according to a first communication protocol, wherein the write command comprising instructions for performing a copy of one or more selected data files from the electronic host device EHD to the data storage peripheral device DPD. The first microcontroller MC 1 may be configured to translate the write command into a translated write command according to the second communication protocol and to forward the translated write command to the second microcontroller MC2. The second microcontroller MC2 may be configured to translate the translated write command into a second translated write command according to the first communication protocol and to forward the second translated write command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5B.

(00671 The copy of data files from the electronic host device EHD to the external data storage peripheral device DPD or vice versa implies copy of one or more memory blocks. In one or more embodiments, the microcontroller MC2 is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, the predetermined operations comprising a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the data storage peripheral device DPD and a copy of one or more memory blocks from the data storage peripheral device DPD to the secured peripheral device SPD. The microcontroller MC2 is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.

[0068] Symmetrically, the first microcontroller MCI is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, and the predetermined operations include only a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the electronic host device EHD and a copy of one or more memory blocks from the electronic host device EHD to the secured peripheral device SPD. The first microcontroller MCI is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.

[0069] For example, when the multifunction communication interface USB1 (respectively

USB2) is a USB interface, only data packets from / to peripheral devices belonging to the peripheral category“USB mass storage class” may be copied. For other peripheral categories, the microcontroller MCI (respectively MC2) is simply not responsive as it is not programmed to perform any action.

[0070] By design, the microcontroller MCI or MC2 may thus only communicate with storage devices and which provides a barrier essential hardware since there is no library or driver to interpret any other data. This barrier is safer than a software barrier that would allow certain types of devices to have access to certain functions.

[0071] FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments. As shown in FIG. 2B, the electronic control device ECD comprises one or more processors 240, memory 241 , a wireless communication interface 244, other associated hardware such as input/output interfaces 242 (e.g. device interfaces such as USB interfaces, network interfaces) and a user interface 243 (incorporating for example one or more user input/output devices, e.g., a keyboard, a pointing device, a display screen, etc) to interact with a user U1.

[0072] The memory 241 of the electronic control device ECD may include a random-access memory (RAM), cache memory, non-volatile memory, backup memory (e.g., programmable or flash memories), read-only memories, secured storage (e.g. keystore) or any combination thereof. Each processor 240 of the electronic control device ECD may be any suitable microprocessor, microcontroller, integrated circuit, or central processor (CPU) including at least one hardware-based processor or processing core.

[0073] In one or more embodiments, the memory 241 of the electronic control device ECD may contain computer program instructions which, when executed by the processor 240, cause the electronic control device ECD to perform one or more method described herein for a electronic control device ECD.

[0074] The processor 240 may be configured to access to the memory 241 for storing, reading and/or loading computer program instructions or software code that, when executed by a processor, causes the processor to perform one or more method steps described herein for the software application APP and / or the electronic control device ECD. The processor 240 may be configured to use the memory 241 when executing the steps of a method described herein for the software application APP and / or the electronic control device ECD, for example for loading computer program instructions and for storing data generated during the execution of the computer program instructions.

[0075] In one or more embodiments, the electronic control device ECD is configured to execute computer program instructions of a software application APP (also referred to as“security control application APP”) that, when executed by the processor of the electronic control device ECD, causes the processor to perform one or more method steps described herein for the electronic control device ECD. The software application APP is configured to communicate with a remote authentication server RAS via the communication link L4 and to communicate with the secured peripheral device SPD through the wireless communication link L3.

[0076] In one or more embodiments, the electronic control device ECD comprises a secure storage tool SS for storing encryption keys. For example, a key storage tool SS that is configured to provide access to the stored encryption keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc) may be used.

[0077] In one or more embodiments, one or more data containers PI, P2, P3 of the data containers

223 stored in the memory MEM of the secured peripheral device SPD are ciphered. In one or more embodiments, the software application APP is configured to store an associated encryption key KP1 , KJP2, KP3 for each ciphered data container PI , P2, P3. The associated encryption key KP1 , KP2, KP3 is intended to be used by the secured peripheral device SPD to decipher the corresponding data container PI , P2, P3 and / or the data files stored in the corresponding data container P I , P2, P3. In one or more embodiments, the encryption keys KP1, KP2, KP3 are stored in the secure storage tool SS and retrieved from the secure storage tool SS by the software application APP. In one or more embodiments, each of the encryption keys KP1 , KP2, KP3 are stored in the secure storage tool SS in association with an identifier allocated by the secured peripheral device SPD to the corresponding the data container P 1 , P2, P3.

[0078] FIG. 3A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD, a factory configuration tool PRG and a remote authentication server RAS according to any embodiment described herein

[0079] FIG. 3A shows a method for configuring a secured peripheral device SPD in accordance with one or more embodiments. A factory configuration tool PRG (not represented) is configured to communicate through the debugging interfaces of the microcontrollers and to generate data and/or instructions to be stored on the secured peripheral device SPD.

[0080] In Step 300, a bootloader is generated for the secured peripheral device SPD. The bootloader is configured to load the firmware of the hardware components of the secured peripheral device SPD. In one or more embodiments, the bootloader includes a device authentication key KA. In one or more embodiments, the bootloader includes a firmware encryption key KF. In one or more embodiments, the bootloader includes an initial pairing code PN. In one or more embodiments, the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN are stored in a ciphered storage memory space of one of the microcontrollers MC 1 , MC2.

[0081] In Step 301 , a firmware is generated at factory stage for the secured peripheral device

SPD. In one or more embodiments, the firmware is not ciphered and not signed. In one or more embodiments, the firmware of the secured peripheral device SPD includes a firmware for each microcontroller MCI , MC2, a firmware for each multifunction communication interface USB1, USB2 and a firmware for the communication interface BT1.

[0082] In Step 302, the bootloader generated in step 300 and the firmware generated in step 301 are injected into a flash memory MEM of the secured peripheral device SPD. The injection may be performed using any appropriate configuration tool, for example through a SWD (Serial Wire Debug) / UART (Universal Asynchronous Receiver/Transmitter) connection.

[0083] In Step 303, an acknowledgement is received by the factory configuration tool PRG for confirming the safe receipt of the firmware and bootloader data in the flash memory MEM.

[0084] In Step 304, a test process is implemented to check the firmware and bootloader data stored in the flash memory MEM.

[008S] In Step 305, upon success of the test process performed in step 304, the debugging interfaces of the microcontrollers MCI, MC2 are disabled. As a consequence, the update of the firmware of the secured peripheral device SPD will only be possible by using the bootloader. In addition, the extraction of the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN will not be possible through the debugging interfaces. In one or more embodiments, a secure update of the firmware may be implemented during which a ciphered firmware update of one or more hardware components is received through a communication interface (e.g. the communication interface BT1 ) of the secured peripheral device SPD and the firmware update is deciphered using the firmware encryption key KF.

[0086] In Step 306, the device authentication key K A and firmware encryption key KF are sent to the remote authentication server RAS together with one or more identifiers SN 1 , SN2, SN3. In one or more embodiments, each identifier SN 1 , SN2, SN3 is an identifier of a hardware component of the secured peripheral device SPD. For example, an identifier SN1, SN2, SN3 may be a serial number of one of the microcontroller MCI, MC2, a serial number of the multifunction communication interface USB 1 , USB2, a serial number of the communication interface BT1 , a serial number of the memory MEM of the secured peripheral device secured peripheral device SPD. In one or more embodiments, one single identifier SN is used which is generated by combining two or more identifiers SN1 , SN2, SN3 of hardware components of the secured peripheral device SPD.

[0087] In Step 306, the device authentication key KA, the firmware encryption key KF and the identifiers SN 1 , SN2, SN3 are stored in association in a database by the remote authentication server RAS. The device authentication key KA, the firmware encryption key KF and the one or more identifiers SN I, SN2, SN3 are thus shared by the remote authentication server RAS and the secured peripheral device SPD.

[0088] FIG. 3B represents a flowchart of a "method according to an example implementation.

While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD and an electronic control device ECD according to any embodiment described herein.

[0089] FIG.3B shows a method for controlling the integrity of a secured peripheral device SPD in accordance with one or more embodiments. In one or more embodiments, a pairing process is implemented between the secured peripheral device SPD and the electronic control device ECD in steps 310-312. In one or more embodiments, a challenge response process is implemented between the secured peripheral device SPD and the remote authentication server RAS in steps 314-317. In one or more embodiments, the challenge response process is implemented after successful completion of the pairing process. For the first execution of steps 310-317, the secured peripheral device SPD is assumed to be not connected to the electronic host device EHD.

[0090] In one or more embodiment, the first microcontroller MCI is configured (e.g. programmed) to implement, on secured peripheral device SPD side, the challenge-response authentication process with the remote authentication server RAS. For example, the firmware of the first microcontroller MCI may include a security management unit configured to implement the challenge-response authentication process with the remote authentication server RAS.

[0091] In the example described by reference to FIG. 3B, the wireless communication interface

244 of the electronic host device EHD and the communication interface BT1 are assumed to be Bluetooth ® interfaces. The pairing process may be for example a secure pairing process under Bluetooth Low Energy 4.2.

[0092] In Step 310, the software application APP is started on the electronic control device ECD.

The software application APP triggers a search for Bluetooth ® devices in the detection zone of the Wireless communication interface 244 of the electronic control device ECD.

[0093] In Step 31 1 , assuming the secured peripheral device SPD is in the detection zone of the

Wireless communication interface 244, the secured peripheral device SPD is detected. A user interface of the software application APP is presented to the user U 1 to allow him to enter a pairing code of the detected secured peripheral device SPD. This pairing code may for example be printed on a sticker and / or on a packaging associated with the secured peripheral device SPD or provided to the user with the secured peripheral device SPD in any other manner, for example by electronic mail, by paper mail, by SMS (Short Message Service), by displaying the pairing code on a LCD screen, etc. If a secure pairing process under Bluetooth Low Energy 4.2 is used, the pairing code may be a passkey with 6 digits. The pairing code inputted by the user is then sent to the secured peripheral device SPD.

[0094] In Step 312, the pairing code received from the electronic control device ECD is compared to the initial pairing code PN stored in Step 300 in the secured peripheral device SPD. In case of match, the pairing process successfully completes, authorizing those two devices to communicate with each other through the Bluetooth ® link L3. In one or more embodiments, the steps 314-317 described below are implemented only if the pairing process is successfully completed. In case of failure of the pairing process, steps 310-312 have to be executed again before the challenge-response 313-317 is implemented.

[0095] In one or more embodiments, once the first pairing process has been successfully performed by using the initial pairing code PN stored in Step 300 in the secured peripheral device SPD, any next pairing process (next execution of the pairing process in steps 310-312) will be based on a pairing code randomly generated by the secured peripheral device SPD (e.g. in case that the electronic control device ECD has been lost or renewed, or if the user U1 deletes the pairing parameters from the electronic control device ECD or if there are too many unsuccessful pairing attempts).

[0096] The pairing process based on a random pairing code may be performed as follows. In one or more embodiments, the secured peripheral device SPD generates a random pairing code, inserts the random pairing code in a data file, stores the data file in the memory MEM on a default data partition 222 (see FIG. 2A) which is mounted by default and is accessible through the communication interface UBS l or UBS2 upon connection of the secured peripheral device SPD to the electronic host device electronic host device EHD. The data stored in other data containers (for example in the data containers PI, P2, P3 (223)) of the memory MEM, outside this data partition 222, mounted by default are however not accessible at this stage. The content of the data file may then be viewed by the user U1 by connecting the secured peripheral device SPD to the electronic host device EHD and then the random pairing code is provided by the user U1 to the software application APP which sends (step 31 1 ) the received random pairing code to the secured peripheral device SPD for verification (step 312).

[0097} The embodiments with the pairing code randomly generated by the secured peripheral device SPD may also be used following the detection of a suspicious activity. In one or more embodiments, in case of suspicious activity, steps 310-312 have to be executed again before the challenge- response 313-317 is implemented.

[0098] In one or more embodiments, once the pairing process has been successfully performed, the communication between the software application and the secured peripheral device SPD is authorized and steps 313-317 are performed. If the pairing process is not successful, the steps 313-317 are not executed and a new pairing process has to be implemented by executing again steps 310-312.

[0099J In Step 313, a communication link L4 between the remote authentication server RAS and the software application APP of the electronic control device ECD is established. In one or more embodiments, the data sent through the communication link L4 are ciphered.

[00100] In Step 314, the communication between the software application and the secured peripheral device SPD is started and secured. In one or more embodiment, the software application APP sends a message M314 to the secured peripheral device SPD including a key encryption key KK to be used for ciphering encryption keys. In one or more embodiments, an asymmetric ciphering scheme is used (e.g. RSA, Rivest-Shamir-Adleman ciphering) and a pair of keys is generated by the software application APP, the pair of keys comprising a public key KKPUB and a private key KKPRI suitable for asymmetric ciphering. In one or more embodiments, the message M314 includes only the public key KK= KK _P U _B but not the private key KKPRI.

[00101] In Step 315, a challenge response authentication process between the secured peripheral device SPD and the remote authentication server RAS is implemented through the software application APP and the communication links L4 and L3. During the challenge response authentication process, the software application APP is configured to relay messages between the secured peripheral device SPD and the remote authentication server RAS. The challenge response authentication process may be implemented as described below by reference to FIG. 3C.

[00102] In Step 316, the software application APP receives from the remote authentication server RAS a message M316 indicative of the success or failure of the challenge-response authentication process.

[00103] In one or more embodiments, in Step 317, in case of success, an information message is displayed on a user interface of the software application to inform a user that the pairing and authentication are successful. In one or more embodiments, in case of failure, an information message is displayed on a user interface of the software application APP to inform the user U1 that the secured peripheral device SPD seems to be corrupted and / or cannot be used.

[00104] In one or more embodiments, in case of failure of the challenge-response authentication process, the wireless communication link L3 with the secured peripheral device SPD is terminated by the software application APP, the key encryption key KK received in step 314 by the software application APP is deleted and the received pairing code is also deleted. This will prevent the software application APP communicating (e.g. for sending / receiving commands) with the secured peripheral device SPD and force the pairing process and challenge-response authentication process to be started again: Steps 310-317 will have to be executed again.

[00105] In one or more embodiments, the secured peripheral device SPD (e.g. at least one of the microcontrollers MC I, MC2) is configured to wait for a predetermined control message (e. g. M331 , step 331 , see FIG. 4A or M61 1 , step 61 1, see FIG. 6A) from the software application APP through the wireless communication link L3 before starting providing access to one or more data container PI, P2, P3 and / or before starting receiving / sending data through the one or more communication interfaces USB 1, USB2 and / or before performing a corresponding communication operation / data access operation as described herein. In one or more embodiments, the predetermined control message is received by the secured peripheral device SPD only after a success of the challenge-response authentication process and in case of failure of the challenge-response authentication process, the predetermined control message is not send in order to prevent any communication through the first multifunction communication interface USB1, USB2 of the secured peripheral device SPD. In one or more embodiments, the predetermined control message is sent by the software application APP only in response to an action of a user on a user interface of the software application APP to allow an access to data containers of the secured peripheral device SPD.

[00106] In one or more embodiments, the software application APP is configured to determine whether one or more additional conditions are met before sending one or more predetermined control message to trigger one or more communication operations and / or data access operations through the communication interfaces USB1 , USB2 (e.g. through the communication links LI , L2 - only if these one or more additional conditions are met. An additional condition may be that an explicit authorization is given by the user U1 of the electronic control device ECD on a user interface of the software application APP. An additional condition may be that the communication through the wireless communication link L3 with software application APP is operatively active (not interrupted, defective, deactivated or otherwise not operative). An additional condition may be that the secured peripheral device SPD is currently in the detection zone of the Wireless communication interface 244 of the electronic control device ECD. An additional condition may be that the secured peripheral device SPD is currently paired (the pairing process is successfully completed) through the Wireless communication interface 244 with the electronic control device ECD. An additional condition may be that the secured peripheral device SPD is not in the detection zone of the Wireless communication interface 244 of the electronic control device but has left this detection zone less than one hour, one day or any other predefined time period ago, assuming that this predefined time period have been configured by the user on the user interface of the software application APP during an operatively active connection with between the electronic control device ECD and the secured peripheral device SPD. Any logical combination of these example additional conditions may be used.

[00107] In one or more embodiments, if all the additional conditions are met, the software application APP executed on the electronic control device ECD may be configured to send to the secured peripheral device SPD a control message to trigger a communication operation / data access operation through the communication interfaces USB 1 , USB2 and / or an Operation to access to one or more data containers. The control message may be sent in response to an action performed by the user U1 of the electronic control device ECD on a user interface of the software application APP.

[00108] In one or more embodiments, if one of the additional condition is not met the software application APP is configured to send a lock to the secured peripheral device SPD through the wireless communication link L3 and the microcontroller(s) MCI / MC2 is (are) configured to interrupt a pending communication operation or pending data access operation upon receipt of a lock command from the software application APP. The lock command may be sent in response to an action performed by the user Ul of the electronic control device ECD on a user interface of the software application APP.

[00109] In one or more embodiments, the microcontroller(s) MCI , MC2 is (are) configured to interrupt each pending operation (communication operation and / or data access operation) performed through the one or more communication interfaces USB1 , USB2 after a time period upon detection of an interruption of the communication with the software application APP through the wireless communication link (L3). In one embodiment, the microcontroller(s) MC I , MC2 is (are) configured to receive, from the software application APP through the communication link L3, a configuration message that sets a duration for this time period.

[00110] FIG. 3C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD, an electronic control device ECD and a remote authentication server RAS according to any embodiment described herein.

[00111] FIG. 3C shows a method for implementing a challenge-response authentication process between a secured peripheral device SPD and a remote authentication server RAS in accordance with one or more embodiments. The challenge-response authentication process is used to control the integrity of at least one hardware component of the secured peripheral device SPD. In one or more embodiments, the challenge-response authentication process is implemented through the wireless communication link L3 and the software application APP of the electronic control device ECD.

[00112] In one or more embodiments, the challenge-response authentication process is based one or more identifiers SN1 , SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD and a device authentication key KA shared by the secured peripheral device SPD and the remote authentication server RAS.

[00113] In Step 320, the software application APP of the electronic control device ECD sends a message M320 to the secured peripheral device SPD to request one or more identifiers SN1 , SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD.

[00114] In Step 321 , the secured peripheral device SPD sends a response message M321 to the message M320 received in step 320. The response message M321 includes one or more identifiers SN1 , SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD. For example, the response includes three identifiers SN1 , SN2, SN3: a serial number SN 1 of the microcontroller MC I, a serial number SN2 of the microcontroller MC2 and a serial number SN3 of the memory MEM of the secured peripheral device secured peripheral device SPD.

[00115] In Step 322, the software application APP transmits the received identifiers SN1, SN2, SN3 to the remote authentication server RAS and obtains from the remote authentication server RAS a token TK. In one or more embodiments, the token TK is a digital key randomly generated by the remote authentication server RAS.

[00116] In Step 323, the software application APP sends to the secured peripheral device SPD a message M323. The message M323 includes the token received in step 322.

[00117] In Step 324, the secured peripheral device SPD generates a ciphered token TKc by ciphering the received token TK using the device authentication key A as an encryption key.

[00118] In Step 325, the secured peripheral device SPD sends to the software application APP a message M325 including the ciphered token TKc generated in step 324.

[00119] In one or more embodiments, the secured peripheral device SPD generates in Step 325 one or more encryption keys KC 1, KC2 for ciphering messages (data packets, control messages, response messages, etc.) to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3. In one or more embodiments, a symmetric ciphering scheme (e.g. AES ciphering, Advance Encryption Standard) is used. In one or more embodiments, a symmetric ciphering scheme with block ciphering operating mode is used (e.g. Galois/Counter Mode, GCM). In one or more embodiments, the message M325 of step 325 includes the one or more generated encryption keys KC1, KC2. When a GCM mode is used, an initialization vector I VI , IV2 is generated for each encryption key KC 1 , KC2 and is also included in the message M325 of step 325.

[00120] In one or more embodiments, each encryption key KC1 , KC2 is ciphered using the public key KKPUB received from the software application APP before transmission of the encryption key KC 1 , KC2 to the software application APP and deciphered from the software application APP using the private key KKpRi corresponding to the public key KKPUB.

[00121] The secured peripheral device SPD and the software application can now communicate in a secure manner using ciphered messages. For example, all the messages / messages sent between the software application APP and the secured peripheral device SPD after the execution of step 325, including the steps 315-317 (see FIG. 3 A) and all steps of the methods described by reference to FIGS. 3C, FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C, will be ciphered and deciphered using the one or more encryption keys KC1 , KC2. [00122] In a first variant, a single encryption key KC1 suitable for symmetric ciphering is generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3. The encryption key KC1 is intended to be used by the secured peripheral device SPD (respectively by the software application APP) to cipher messages to be transmitted via the wireless communication link L3 from the secured peripheral device SPD (respectively from the software application APP) to the software application APP (respectively to the secured peripheral device SPD) and to decipher ciphered messages received via the wireless communication link L3 by the secured peripheral device SPD (respectively by the software application APP) from the software application APP (respectively from the secured peripheral device SPD). If a GCM mode is used, an initialization vector I VI is generated for the encryption key KC 1.

[00123] In a second variant, two encryption keys KC1, KC2 suitable for symmetric ciphering are generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3. The first encryption key KC 1 is intended to be used by the secured peripheral device SPD to cipher messages to be transmitted through the wireless communication link L3 from the secured peripheral device SPD to the software application APP through the wireless communication link L3 and to decipher ciphered messages received through the wireless communication link L3 by the secured peripheral device SPD from the software application APP. The second encryption key KC2 is intended to be used by the software application APP to cipher messages to be transmitted via the wireless communication link L3 from the software application APP to the secured peripheral device SPD and to decipher ciphered messages received via the wireless communication link L3 by the software application APP from the secured peripheral device SPD. When a GCM mode is used, an initialization vector 1 VI, IV2 is generated for each encryption key KC 1, KC2.

[00124] In Step 326, the ciphered token received in step 325 is transmitted by the software application APP to the remote authentication server RAS. In one embodiment, however, the encryption keys KC 1 , C2 and / or initialization vectors are not transmitted to the remote authentication server RAS but securely stored in the electronic control device ECD, for example in the secure storage tool SS. Any secure storage system may be used, for example a key storage system that is configured to provide access to the stored keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc.). In another embodiment, the encryption keys KC1 , KC2 and / or initialization vectors are not stored and the Step 325 is executed every time the electronic control device ECD starts a communication with the secured peripheral device SPD.

[00125] In Step 327, the remote authentication server RAS decipher the ciphered token received in step 326. In one or more embodiments, the ciphering scheme is a symmetric ciphering scheme and the remote authentication server RAS deciphers the ciphered token using the shared device authentication key KA stored in association with the one or more identifiers received in step 322. The deciphered token is compared with the token sent in step 322. In case of equality, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a success of the challenge-response authentication process. If the deciphered token is different from the token sent in step 322, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a failure of the challenge-response authentication process.

[00126] FIG. 4A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or ail of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI , MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein. The steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC 1 ) through the communication link L3.

[00127] FIG. 4A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic host device EHD using an electronic control device ECD in accordance with one or more embodiments. The multifunction communication interfaces USB1 , USB2 are assumed to be USB interfaces. The electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.

[00128] In one or more embodiments, the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key P1, KP2, KP3 associated with the data container PI , P2, P3. In one or more embodiments, the method for providing access to a data container is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1 , KC2.

[00129] In step 330, a user interface of the software application APP is presented to the user U1. A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user U1 to allow him to select one or more data container to be opened.

[00130] In one or more embodiments, the list of data containers is built by the secured peripheral device SPD and sent to the software application APP. The list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container. The identification may be a name, for example“private”,“company 1”,“company2”.

[00131] In one or more embodiments, the user U1 selects one or more data container. For example, it is assumed that the user U1 selects a first data container P I .

[00132] In step 331 , the software application APP sends a control message M331 to the secured peripheral device SPD to request the opening of the selected first data container PI . The message M331 may include an identifier of the selected first data container PI . The message M331 may include a start address and an end address of the data container. The message M331 may include the encryption key KP1 associated with the data container PI . The identifier may be the name of the data container or a corresponding logical identifier allocated to the selected first data container PI by the secured peripheral device secured peripheral device SPD. The message M331 is an example of a predetermined control message sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container PI .

[00133] In one or more embodiments, when the selected first data container PI is ciphered, the software application APP provides in step 33 1 to the secured peripheral device SPD an associated encryption key K.P1 to be used by the secured peripheral device SPD to decipher the selected first data container PI and / or the data files stored in the selected first data container PI . In one or more embodiments, the encryption key P1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container PI and retrieved by the software application APP. In one or more embodiments, the control message M331 includes the encryption key KP1.

[00134] In step 332, the secured peripheral device SPD checks whether the selected first data container PI exists in the memory MEM of the secured peripheral device SPD and deciphers the identified data container PI using the received encryption key KP1. If the selected first data container PI does not exist, an error message is sent by the secured peripheral device SPD to the software application APP. In case wrong start and / or end addresses of the data container have been received by the secured peripheral device SPD, the secured peripheral device SPD will not be able to read / interpret the deciphered data of the data container due to deciphering errors. Once the data container has been deciphered, the secured peripheral device SPD extracts descriptive data of the content of the data container: file names, file sizes, folder names, etc. If the selected data container exists and no deciphering error is detected, step 333 is executed.

[00135] In step 333, the secured peripheral device SPD mounts a file system for the selected first data container PI and sent descriptive data of the mounted file system to the electronic host device EHD through the communication link LI to provide access to the data files stored in the selected data container from the electronic host device EHD. In one or more embodiments, the descriptive data of content of the data container are sent to the software application APP through the communication link L3. In one or more embodiments, if the selected first data container PI is ciphered, the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container PI and / or the data files stored in the selected first data container P I before mounting the file system.

[00136] In step 334, in case of success of the mounting operation of step 333, the data container is now opened and may be accessed. For example, the data files stored in the selected first data contained may be viewed and accessed from the electronic host device EHD. Further, in case of failure of the mounting operation, an error message M334 is sent by the secured peripheral device SPD to the software application APP.

[00137] In one or more embodiments, a LED of the secured peripheral device SPD may be switched on to provide feedback to the user U1 regarding the success or failure of the opening of the data container. For example, in case of success of the opening a LED of the secured peripheral device SPD may be switch on to provide feedback to the user U1.

[00138] In step 335, in case of success of the mounting operation of step 333, a message M335 is sent by the secured peripheral device SPD to the software application APP to indicate that the selected first data container PI has been successfully mounted and may be accessed to from the electronic host device EHD and / or from the electronic control device ECD. In one or more embodiments, a list of data files stored in the selected first data container PI is sent to the software application APP.

[00139] In step 336, upon receipt of the message M335, the software application APP displays an information message M336 to inform the user U1 of the success of the opening of the selected first data container PI . The first data container PI is now opened, i.e. the content of this data container may be accessed to. In one or more embodiments, a list of data files and / or file folders stored in the selected first data container PI is displayed on a user interface of the software application APP.

[00140] In one or more embodiments, once a data container has been opened, the user interface of the software application APP is configured to allow the user U1 to trigger the execution of one or more operations on the opened first data container PI and / or the content of the opened first data container PI

(i.e. on the data files and / or file folders stored in the opened first data container PI). The triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc. The triggered operation may be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc. In one or more embodiments, a control message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the mounted file system according to a result of the specified operation and provides feedback to the software application APP. Feedback on the result of the specified operation may then be provided to the user U1 through a user interface of the software application APP. The feedback may include updated information on the content of the opened first data container PI .

[00141] In one or more embodiments, once a data container has been opened, the user interface of the software application APP is configured to provide feedback to the user U1 on the operations performed on the mounted file system from the electronic host device EHD. For example, if data files are added to the opened data contained, the added data files are shown in the user interface of the software application APP. [00142] Further examples of operations on a data container are described by reference to FIGS. 4B and 4C.

[00143] FIG. 4B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC 1 , MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein. The steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC I) through the communication link L3.

[00144] FIG. 4B shows a method for deleting one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments. The multifunction communication interfaces USB 1 is assumed to be USB interfaces. The electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.

[00145] In one or more embodiments, the method for deleting one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for deleting a data container is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1 , KP2, P3 associated with the data container PI , P2, P3. In one or more embodiments, the method for deleting one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys K.C1 , KC2.

[00146] In Step 340, a user interface of the software application APP is presented to the user U1. A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user U 1 to allow him to select one or more data containers to be deleted. The user U1 performs an action on the user interface of the software application APP to request deletion of one or more selected data containers of the secured peripheral device secured peripheral device SPD. For example, the user U1 select a second data container P2.

[00147] In Step 341 , the software application APP is configured to display an information message to invite the user U1 to perform a back-up of the data stored in the selected data containers. The selected second data container P2 is assumed to be opened, for example according to the method for providing access to a data container described by reference to FIG. 4A. According to step 333 previously described by reference to FIG. 4A, a file system for the selected second data container P2 has been mounted to provide access to the data files stored in the selected second data container P2 from the electronic host device EHD.

[00148] In Step 342, the user U1 may perform a back-up of the data stored in the selected second data container P2, for example by copying all data files and / or file folders from the secured peripheral device SPD to the electronic host device EHD.

[00149] In Step 343, the software application APP is configured to display an information message to invite the user U1 to perform an action to confirm completion of the back-up.

[00150] In Step 344, upon receipt of the confirmation of the user U1 , the software application APP is configured to send a message M344 to the secured peripheral device SPD to request the deletion of the selected second data container P2.

[00151] In Step 345, the software application APP is configured to display an information message to inform the user U1 of that the deletion process is in progress.

[00152] In Step 346, upon receipt of the message M344, the secured peripheral device SPD is configured to unmount the file system mounted for the selected second data container P2 and to delete the selected second data container P2. The access to the selected second data container P2 is no more possible from the electronic host device EHD.

[00153] In Step 347, all associated data (e.g. partition table, file indexes, memory blocks and / or randomly written blocks, encryption keys, etc.) stored in the memory MEM of secured peripheral device SPD are deleted to avoid any further recovery.

[00154] In Step 348, the secured peripheral device SPD is configured to send a message M348 to inform the software application of the completion of the deletion. In one or more embodiments, the secured peripheral device SPD is configured to send to the software application APP the identifier(s) of the deleted data container(s). In one or more embodiments, the software application APP is configured to delete the encryption key KP2 associated with the deleted data container(s). In one or more embodiments, the software application APP is configured to display an information message to inform the user U1 of the completion of the deletion process.

[00155] FIG. 4C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein. The steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI ) through the communication link L3.

[00156] FIG. 4C shows a method for creating one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments. The multifunction communication interfaces USB 1 is assumed to be USB interfaces. The electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.

[001571 In one or more embodiments, the method for creating one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for creating a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1 , KP2, KP3 associated with the data container PI , P2, P3. In one or more embodiments, the method for creating one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1 , KC2 (see FIG. 3C).

[00158] In Step 350, the software application APP is configured to allow the user U1 to create one or more data container. A user interface of the software application APP may for example be presented to the user Ul . A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD may be presented to the user Ul . The user Ul performs an action on the user interface of the software application APP to request creation of one or more data containers in the secured peripheral device secured peripheral device SPD.

[00159] In Step 351 , the software application APP is configured to receive input data from the user Ul specifying a new data container P3 to be created. The input data may include an identification (e.g. a name) and / or parameters (e.g. size of the container) of the data container P3 to be created.

[00160] In Step 352, the software application APP is configured to send a message M352 to the secured peripheral device SPD to request the creation of a new data container P3. The message M352 may include the identification and / or the parameters (e.g. address of the start and stop memory blocks) of the data container to be created.

[00161] In Step 353, upon receipt of the message M352, the secured peripheral device SPD is configured to create a new data container P3. In one or more embodiments, the new data container is created in accordance with the received identification and / or the parameters. In one or more embodiments, if the new data container P3 has to be ciphered, the secured peripheral device SPD is configured to generate an encryption key KP3 associated to the new data container P3. In one or more embodiments, the secured peripheral device SPD is configured to mount a file system for the new data container P3 and to send descriptive data of the mounted file system to the electronic host device EHD in order to provide access to the new data container P3 from the electronic host device EHD.

[00162] In Step 354, the secured peripheral device SPD is configured to send a message M354 to inform the software application APP of the completion of the creation of the new data container P3. In one or more embodiments, the secured peripheral device SPD is configured to send to the software application APP the encryption key KP3 associated to the new data container.

[00163] In Step 355, the software application APP is configured to inform the user U1 of the creation of the new data container P3. In one or more embodiments, the software application APP is configured to store the encryption key KP3 associated to the new data container P3. In one or more embodiments, the software application APP is configured to store the associated encryption key KP3 in the secure storage tool SS.

[00164] In one or more embodiments, the electronic host device EHD is connected to the first multifunction communication interface USB ] (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD is connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD. A first communication protocol (e.g. USB protocol) is used for the communication through the first and second multifunction communication interfaces USB 1 , USB2). In one or more embodiments, a second communication protocol (e.g. SPI protocol), distinct from the first communication protocol, is used by the two microcontrollers MCI, MC2 of the secured peripheral device SPD to communicate with each other.

[00165] Data access operations may then be performed to copy one or more data files from the data storage peripheral device DPD to the electronic host device EHD or from the electronic host device EHD to the data storage peripheral device DPD through the two microcontrollers MC l , MC2.

[00166] In one or more embodiments, the architecture of secured peripheral device SPD prohibits direct transfers from USB female port to male USB port or vice versa. In one or more embodiments, a protocol break (e.g. a translation of protocol from the first communication protocol to the second communication protocol or vice-versa) is implemented by the two microcontrollers MC I , MC2 of the secured peripheral device SPD for processing commands and transmitting data from the data storage peripheral device DPD to the electronic host device EHD or, respectively, from the electronic host device EHD to the data storage peripheral device DPD.

[00167] In one or more embodiments, the protocol translation performed by the two microcontrollers MCI , MC2 does not alter the content of the initial message sent, but only convert the format of the initial message to another format complying with a second communication protocol. In one or more embodiments, the two microcontrollers MCI, MC2 are configured to apply the protocol conversion only to predefined USB messages that enable to implement data block copy through a USB connection. Thus a hardware barrier is implemented by the two microcontrollers MC I, MC2 preventing malicious messages / commands to be transmitted and processed by the data storage peripheral device DPD or the electronic host device EHD. In one or more embodiments, the transmitted data may additionally be filtered by the electronic host device EHD by means of an antivirus program before being sent to the secured peripheral device SPD or upon receipt from the secured peripheral device SPD.

[00168] In one or more embodiments, the data files stored in the data storage peripheral device DPD are accessible to the second microcontroller MC2 through a first file system. The second microcontroller MC2 is configured to transmit to the first microcontroller MC I the descriptive data of the first file system by means of the SP1 protocol. The first microcontroller MCI is configured to generate on the basis of the descriptive data a second file system imaging the first file system and to provide to the electronic host device EHD access to the storage space and data files of the data storage peripheral device DPD through the second file system.

(00169] In one or more embodiments, the microcontrollers MC I and MC2 are configured to implement only read and write operations on memory blocks using Ihe first and second file systems. Example embodiments will be presented below by reference to FIGS. 5A and 5B.

[00170] FIG. 5A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC I , MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC I ) through the communication link L3.

(00171] FIG. 5A shows a method for reading data stored on a data storage peripheral device DPD from an electronic host device EHD in accordance with one or more embodiments. The multifunction communication interfaces USB1 , USB2 are assumed to be USB interfaces. The electronic host device EHD is assumed to be connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.

[00172] The steps of the method for reading data stored on a data storage peripheral device are performed respectively by the software application APP of the electronic control device ECD and by the microcontrollers MCI and MC2 as indicated below. The steps are performed under control of the software application APP that communicate by means of messages with the microcontroller MCI through the communication link L3.

[00173] In one or more embodiments, the method for reading data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC 1 , KC2 (see FIG. 3C).

[00174] Steps 360-365 may be performed for each reading operation. A reading operation may concern user data (e.g. one or more data files) to be read and transferred from the data storage peripheral device DPD to the electronic host device EHD.

[00175] In Step 360, the electronic host device EHD initiates the reading operation by sending a first USB message M360 including a reading command to the microcontroller MC I through the first multifunction communication interface USB 1 in accordance with the USB protocol. Parameters of the reading command may include an address of a buffer to which the user data have to be transferred and the identification of the documents to be read.

[00176] In Step 361 , the microcontroller MCI initiates a SP1 communication with the microcontroller MC2. In the communication in accordance with the SPI protocol, a master/slave relationships is defined in which the microcontroller MC I is the master and the microcontroller MC2 is the slave. The microcontroller MCI converts (protocol translation) the first USB message M360 into a SPI message M361 including the reading command and transmits the SPI message M361 to the microcontroller MC2.

[00177] In Step 362, the microcontroller MC2 receives the SPI message M361 and converts (protocol translation) the SPI message into a second USB message M362 including the reading command and transmits the second USB message M362 to the data storage peripheral device DPD.

[00178] In Step 363, the microcontroller MC2 sends a confirmation message M363 to the microcontroller MCI to confirm the transmission of the second USB message M362.

[00179] In Step 364, the microcontroller MCI terminates the SPI communication with the microcontroller MC2.

[00180] In Step 365, the data storage peripheral device DPD executes the reading command and inserts the read user data into the specified buffer.

[00181] In Step 366, the data storage peripheral device DPD sends a first USB response message M366 to inform the microcontroller MC2 of the completion of the insertion of the read user data into the specified buffer.

[00182] In Step 367, the microcontroller MC2 initiates another SPI communication with the microcontroller MCI . In accordance with the SPI protocol, the microcontroller MC2 is the master and the microcontroller MC I is the slave for this SPI communication. The microcontroller MC2 converts (protocol translation) the first USB response message M366 into a SPI response message M367 and transmits the SPI response message M367 to the microcontroller MCI . The microcontroller MC2 terminates the SPI communication with the microcontroller MCI .

[00183] In Step 368, the microcontroller MCI converts (protocol translation) the SPI response message M367 into a second USB response message M368 and transmits the second USB response M368 message to the electronic host device EHD.

[00184] In Step 369, the electronic host device EHD accesses to the specified buffer and extract the read user data from the specified buffer.

[00185] FIG. 5B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI , MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI ) through the communication link L3.

[00186] FIG. 5B shows a method for writing data from an electronic host device EHD to a data storage peripheral device DPD in accordance with one or more embodiments. The electronic host device EHD is assumed to be connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.

[00187] In one or more embodiments, the method for writing data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1 , C2 (see FIG. 3C).

[00188] Steps 370-377 may be performed for each writing operation. A writing operation may concern user data (e.g. one or more data files) to be written and transferred from the electronic host device EHD to the data storage peripheral device DPD.

[00189] In Step 370, the electronic host device EHD initiates the writing operation by sending through the communication link L3 a first USB message M370 including a writing command to the microcontroller MC I through the first multifunction communication interface USB 1 in accordance with the USB protocol. Parameters of the writing command may include an address of a buffer from which the user data have to be transferred and the identification of the documents to be written.

[00190] In Step 371 , the microcontroller MC I initiates a SPI communication with the microcontroller MC2 in which the microcontroller MCI is the master and the microcontroller MC2 is the slave. The microcontroller MCI converts (protocol translation) the first USB message M370 into a SPI message M371 including the writing command and transmits the SPI message M371 to the microcontroller MC2.

[00191] In Step 372, the microcontroller MC2 receives the SPI message M371 and converts (protocol translation) the writing ISP command into a second USB message M372 including the writing command and transmits the second USB message M372 to the data storage peripheral device DPD.

[00192] In Step 373, the data storage peripheral device DPD executes the writing command. The execution may include extracting the user data from the specified buffer to copy them in the internal memory of the data storage peripheral device DPD and then writing the user data to the permanent memory of the data storage peripheral device DPD.

[00193] In Step 374, the data storage peripheral device DPD sends a first USB response message M374 to inform the microcontroller MC2 of the completion of the transfer of the user data.

[00194] In Step 375, the microcontroller MC2 converts (protocol translation) the first USB response message M374 into a SP1 response message M375 and transmits the SPI response message M375 to the microcontroller MCI . The microcontroller MC2 terminates the SPI communication with the microcontroller MC 1.

[00195] In Step 376, the microcontroller MCI converts (protocol translation) the SPI response message M375 into a second USB response message M376 and transmits the second USB response message M376 to the electronic host device EHD.

[00196] In Step 377, the electronic host device EHD terminates the writing operation.

[00197] FIG. 6A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI , MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the microcontroller MCI through the communication link L3.

[00198] FIG. 6A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments. In one or more embodiments, the method for providing access to a data container is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1 , KC2 (see FIG. 3C). The method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.

[00199] In one or more embodiments, the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1 , KP2, KP3 associated with the data container(s) PI , P2, P3 to be accessed.

[00200] In step 610, a user interface of the software application APP is presented to the user U1. A list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user U1 to allow him to select one or more data container to be opened and accessed.

[00201] In one or more embodiments, the list of data containers is built by the secured peripheral device SPD and sent to the software application APP. The list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container. The identification may be a name, for example“private”,“company 1”,“company 2”.

[00202] In one or more embodiments, the user U1 selects one or more data container to be opened. For example, it is assumed that the user U 1 selects a first data container PI .

[00203] In step 61 1 , the software application APP sends a control message M61 1 to the secured peripheral device SPD to request the opening of the selected first data container PI . The message M61 1 may include an identifier of the selected first data container PI . The control message M61 1 may include a start address and an end address of the data container. The control message M61 1 may include the encryption key KP1 associated with the data container P I . The control message M61 1 is an example of a predetermined control message to be sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container PI .

[00204] In one or more embodiments, when the selected first data container PI is ciphered, the software application APP provides in step 61 1 to the secured peripheral device SPD an associated encryption key KP1 to be used by the secured peripheral device SPD to decipher the selected first data container PI and / or the data files stored in the selected first data container PI . In one or more embodiments, the encryption key KP1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container PI and retrieved by the software application APP. In one or more embodiments, the control message M61 1 includes the encryption key P 1.

[00205] In step 612, the secured peripheral device SPD checks whether the selected first data container P 1 exists in the memory MEM of the secured peripheral device SPD. If the selected first data container PI does not exist, an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening operation.

[00206] In one or more embodiments, if the selected first data container PI is ciphered, the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container PI and / or the data files stored in the selected first data container PI . In case wrong start and / or end addresses of the data container have been received by the secured peripheral device SPD, the secured peripheral device SPD will not be able to read / interpret the deciphered data in the data container due to deciphering errors. In case of deciphering errors, an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening process. Otherwise, in case of success of the opening of the data container, a response message is sent in step 612 to the software application APP to indicate a success of the opening operation and step 613 is executed.

[002071 In one or more embodiments, a led of the secured peripheral device SPD may be switched on / off to provide feedback to the user U1 regarding the success or failure of the opening operation. For example, in case of success of opening operation, a led of the secured peripheral device SPD may be switched on to provide feedback to the user U1.

[00208] In step 613, the software application APP sends a control message to the secured peripheral device SPD to request descriptive data of the opened data container.

[00209] In step 614, the secured peripheral device SPD extracts from the deciphered data container descriptive data of the content of the data container: e.g. file names, file sizes, folder names, etc. The descriptive data of content of the data container are sent to the software application APP through the communication link L3.

[00210] In step 615, upon receipt of the descriptive data, the software application APP displays an information message to inform the user U1 of the success of the opening of the selected first data container PI . The first data container PI is now opened, i.e. the content of this data container may be accessed to. In one or more embodiments, a list of data files and / or one or more file folders stored in the selected first data container PI is displayed on a user interface of the software application APP. For example, a list of data files stored in the root folder of the data container is displayed.

[00211] In one or more embodiments, once a data container has been opened, the user interface of the software application APP is configured to allow the user U1 to trigger the execution of one or more operations on the opened first data container PI and / or the content of the opened first data container PI (i.e. on the data files and / or file folders stored in the opened first data container PI ). The triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc. The triggered operation may also be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc. A message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the deciphered data container according to a result of the specified operation and provides feedback to the software application APP. Feedback on the result of the specified operation may then be provided to the user U1 through a user interface of the software application APP. The feedback may include updated information on the content of the opened first data container PI.

[00212] Further examples of operations performed on a data container are described by reference to FIG. 6B.

[00213] FIG. 6B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI , MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC I ) through the communication link L3.

[00214] FIG. 6B shows a method for performing an operation on one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments. In one or more embodiments, the method for performing an operation on one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1 , KC2 (see FIG. 3C). The method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.

[00215] In one or more embodiments, the method for performing an operation on one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for performing an operation on one or more data containers is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1 , KP2, KP3 associated with the data container PI , P2, P3 and the data container has been opened using for example the method steps 610-612 described by reference to FIG. 6A.

[00216] In step 620, a user interface of the software application APP is presented to the user U1. The content of one or more data containers in the memory MEM of the secured peripheral device SPD is presented to the user U1 to allow him to trigger one or more operations to perform on this content. The user U1 performs a predefined action on the user interface of the software application APP to trigger the execution of the one or more operations. For example, the operation is the opening of the folder of the data container, a change in the access rights (read / write rights) on one or more data files, a deletion of a data file, a deletion of a data folder, a copy of one or more selected data files, etc.

[00217] In step 621 , the software application APP sends a control message M620 to trigger the execution of the one or more operations.

[00218] In step 622, the secured peripheral device SPD executes the one or more operations specified by the control message M620.

[00219] In step 623, the secured peripheral device SPD is configured to send a message to inform the software application APP of the completion of the one or more operations. In one or more embodiments, the user interface of the software application APP is updated to show the result of the one or more operations. For example, an updated list of data files stored in one or more folders of the data container is displayed.

[00220] The secured peripheral device SPD may be used as a self-powered peripheral device SPD that integrates all hardware and software modules to provide a standalone solution, compact and ergonomic to manage the interface between the electronic control device and the external data storage device. Thus, the electronic control device ECD (e.g. a smartphone, laptop, personal data assistant, or any portable device) itself is not impacted by the transfer of the data files which remain in the secured environment of the self-powered peripheral device used as an intermediate storage device.

[00221] The use of the electronic control device ECD to control the access operations (e.g. including viewing the data files, controlling the transfer of data files, managing the access rights to the data files, etc.) is advantageous from a user point of view because it is possible to present various, long and complex types of information on the electronic control device ECD. In one or more embodiments, the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more first control messages comprising first instructions for instructing the self-powered peripheral device SPD to access to a file system of the data storage peripheral device DPD. The first control messages are received after completion of the pairing process and / or the challenge- response authentication process. In response, the secured peripheral device SPD may provide, to the software application APP through the wireless communication link L3, a response message including descriptive data of the file system. In one or more embodiments, the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more second control messages comprising reading instructions for instructing the self-powered peripheral device SPD to perform a copy of one or more selected data files from the external data storage peripheral device DPD to the self-powered peripheral device SPD. In response, the secured peripheral device SPD may send, to the software application APP through the wireless communication link L3, at least one feedback message on the completion of the requested copy. Further details and embodiments are described below by reference to FIGS. 7A-7C.

[00222] The secured peripheral device SPD remains as easy to use as any USB dongle which is a major asset for users who need to share information quickly and in all circumstances. The control of operations by a smartphone is for example a common and user-friendly solution adapted to the daily use and private / professional practices of many users (e.g. banking management, smart objects management,).

[00223] FIG. 7A-7C represent a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel. The method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI , MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and a data storage peripheral device DPD according to any embodiment described therein. The steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI ) through the communication link L3.

[00224] FIG. 7A-7C shows a method for copying data stored on a data storage peripheral device DPD to a secured peripheral device SPD in accordance with one or more embodiments. The multifunction communication interfaces USB2 are assumed here to be USB interfaces. The data storage peripheral device DPD is assumed to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD. The secured peripheral device SPD being a secured peripheral device, the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.

[00225] In one or more embodiments, the method for copying data is performed only if the pairing process and / or the challenge response authentication process were successfully completed (see FIGS. 3B and 3C).

[00226] In one or more embodiments, the method for copying data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1 , KC2 (see FIG. 3C). .

[00227] Referring to FIG. 7A, in Step 710, the secured peripheral device SPD detects the data storage peripheral device DPD and reads the file system of the data storage peripheral device DPD as master device.

[00228] In Step 711 , the secured peripheral device SPD sends a message to the software application APP to inform the software application APP of the detection performed in step 710. In Step 712, the software application APP informs the user U1 that a data storage peripheral device DPD is connected. In Step 713, the software application APP is configured to provide a user interface to allow the user U1 to authorize access to the data storage peripheral device DPD. Once authorization has been received from the user U 1 , the file system of the data storage peripheral device DPD can be mounted.

[00229] In Step 714, the software application APP sends a control message M714 to the secured peripheral device SPD. The control message M714 comprises instructions for instructing the secured peripheral device SPD to access to a file system of the external data storage electronic device DPD, e.g. to request the mounting of the file system of the data storage peripheral device DPD. The secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD upon receipt the control message M714.

[0Q23Q] In Step 715, upon receipt of the control message M714, the secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD. The file system of the data storage peripheral device DPD is mounted by the secured peripheral device SPD.

[00231] In Step 716, the software application APP sends a message to the secured peripheral device SPD to request the status of the mounting operation. In Step 717, once the mounting is completed, the secured peripheral device SPD sends a response message to indicate that the mounting is successful.

[00232] In Step 718, the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the file syste (e.g. of its content, including descriptive data one or more data files and / or file folders) of the data storage peripheral device DPD. In Step 719, the secured peripheral device SPD sends a response message including descriptive data of the file system (e.g. of the content, including descriptive data of one or more data files and / or file folders) of the data storage peripheral device DPD, e.g. the content of a current folder (e.g. the root folder) of the data storage peripheral device DPD.

[00233] In Step 720, the software application APP provides a user interface showing the content of the data storage peripheral device DPD, e.g. a list of one or more data files and / or one or more data folders. Steps 730-736 may be executed after step 720: see FIG. 7B.

[00234] Referring to FIG. 7B, in Step 730, the software application APP is configured to allow the user Ul to navigate in the file system of the data storage peripheral device DPD, e. g. to change the current folder.

[00235] In Step 731, the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the content of the current folder. In Step 732, the secured peripheral device SPD gets the descriptive data of the content of the current folder from the data storage peripheral device DPD using the mounted file system. In Step 733, the secured peripheral device SPD sends a response message including the requested descriptive data.

[00236] In Step 734, the software application APP displays a user interface showing the content of the current folder, e.g. a list of one or more data files stored in the current folder. After the execution of step 734, Steps 730-734 may be repeated. In Step 735, the software application APP displays a user interface to allow the user Ul to select one or more data files to be copied to the secured peripheral device SPD. One or more data files are selected.

[00237] In Step 736, the software application APP stores in a memory an identification of the data files selected in step 735. After the execution of step 736, Steps 730-736 may be repeated to select other or further data files. Steps 740-747 may be executed after step 736: see FIG. 7C.

[00238] Referring to FIG. 7C, in Step 740, the software application APP displays a user interface to allow the user Ul to request the transfer of the selected data files to a destination folder of a destination data container of the secured peripheral device SPD. The software application APP receives a user input to trigger the transfer. In one or more embodiments, only an opened data container may be selected as a destination data container. The data container may be opened using for example the method steps 610- 612 described by reference to FIG. 6A.

[00239] In Step 741 , the software application APP displays a user interface to allow the user Ul to specify a destination data container of the secured peripheral device SPD. In Step 742, the software application APP receives user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD. In Step 743, the software application APP checks whether the selected data files already exist in the destination data container and / or destination folder, and in case of a positive answer the software application APP displays a user interface to allow the user Ul to decide whether to proceed or not. The software application APP receives user input to cancel or confirm the copy of the selected data files and proceeds accordingly. In case of confirmation, steps 744 is executed, otherwise steps 730-734 or 735-736 may be repeated.

[00240] In Step 744, the software application APP sends to the secured peripheral device SPD a control message M744 to trigger the copy of the selected data files in the destination data container and / or destination folder. The control message M744 comprises reading instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files from the external data storage electronic device DPD to a data container of the secured peripheral device SPD. When the data container is ciphered, the control message M744 comprises the encryption key KP1 , KP2, KP3 associated with the destination data container PI , P2, P3 to which the copied data have to be stored.

[00241] In Step 745, the secured peripheral device SPD performs the requested copy of the selected data files and stores them in the destination data container and / or destination folder. In Step 746, the secured peripheral device SPD sends to the software application APP at least one feedback message on the completion of the requested copy, for example to confirm the completion of the copy.

[00242] In Step 747, the software application APP may display an information message to inform the user of the completion of the copy. After the execution of step 747, steps 730-734 or 735-736 may be repeated.

[00243] The method described by reference to FIGS. 7A-7C may be transposed to the copy of one or more data files from a data container of the secured peripheral device SPD to the data storage electronic device DPD. The first microcontroller MCI may be programmed by means of firmware instructions to perform the described steps. The first microcontroller MC 1 may access to a data container PI , P2, P3 of the secured peripheral device SPD and provide, to the software application APP through the wireless communication link L3, descriptive data of the content of the data container (see for example steps 620- 621 described above). The first microcontroller MC l may then receive, from the software application APP through the wireless communication link L3, a control message comprising writing instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files of the data container of the secured peripheral device SPD to the external data storage electronic device DPD, perform the requested copy to the external data storage electronic device DPD and provide, to the software application APP through the wireless communication link L3, feedback on the completion of the requested copy to the external data storage electronic device DPD (see for example steps 744-747 described above). The software application APP may display a user interface to allow the user UI to specify a source data container of the secured peripheral device SPD and receive user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD.

[00244] Each described function, engine, block of the block diagrams and flowchart illustrations may be implemented in hardware, software, firmware, middleware, microcode, or any suitable combination thereof. If implemented in software, the functions, engines, blocks of the block diagrams and/or flowchart illustrations can be implemented by computer program instructions or software code, which may be stored or transmitted over a computer-readable medium, or loaded onto a genera! purpose computer, special purpose computer or other programmable data processing apparatus to produce a machine, such that the computer program instructions or software code which execute on the computer or other programmable data processing apparatus, create the means for implementing the functions described herein.

[00245] Embodiments of computer-readable media includes, but are not limited to, both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. Specifically, software instructions or computer readable program code to perform embodiments described herein may be stored, temporarily or permanently, in whole or in part, on a non-transitory computer readable medium of a local or remote storage device including one of more storage media.

[00246] As used herein, a computer storage medium may be any physical media that can be read, written or more generally accessed by a computer. Examples of computer storage media include, but are not limited to, a flash drive or other flash memory devices (e.g. memory keys, memory sticks, key drive), CD-ROM or other optical storage, DVD, magnetic disk storage or other magnetic storage devices, solid state memory, memory chip, RAM, ROM, EEPROM, smart cards, a relational database management system (RDBMS), a traditional database, or any other suitable medium from that can be used to carry or store program code in the form of instructions or data structures which can be read by a computer processor. Also, various forms of computer-readable medium may be used to transmit or carry instructions to a computer, including a router, gateway, server, or other transmission device, wired (coaxial cable, fiber, twisted pair, DSL cable) or wireless (infrared, radio, cellular, microwave). The instructions may include code from any computer-programming language, including, but not limited to, assembly, C, C++, Basic, SQL, MySQL, HTML, PHP, Python, Java, Javascript, etc.