Systems and methods to provide secure storage

US 10,091,213 B2
Filed: 08/05/2015
Issued: 10/02/2018
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. A tangible computer readable storage medium comprising computer readable instructions which, when executed, cause a processor of a storage device to at least:

receive a data integrity check command to perform a data integrity check from a remote agent via a secure tunnel;

responsive to the data integrity check command;

access a first data at the storage device;

identify a modification to the first data stored on the storage device by comparing the first data to second data on the storage device, the first data including at least one of trusted data and a hash of the trusted data, and the second data including at least one of untrusted data and a hash of the untrusted data; and

send results of the data comparison to the remote agent via the secure tunnel in response to the data integrity command sent from the remote agent.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

23 Citations

20 Claims

1. A tangible computer readable storage medium comprising computer readable instructions which, when executed, cause a processor of a storage device to at least:
- receive a data integrity check command to perform a data integrity check from a remote agent via a secure tunnel;
  
  responsive to the data integrity check command;
  
  access a first data at the storage device;
  
  identify a modification to the first data stored on the storage device by comparing the first data to second data on the storage device, the first data including at least one of trusted data and a hash of the trusted data, and the second data including at least one of untrusted data and a hash of the untrusted data; and
  
  send results of the data comparison to the remote agent via the secure tunnel in response to the data integrity command sent from the remote agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The storage medium as defined in claim 1, wherein the agent is on a host platform of the storage device or on a platform remote to the host platform.
  - 3. The storage medium as defined in claim 1, wherein the instructions further cause the processor to expose an application programming interface;
    - the application programming interface to receive a request from the agent, the request including a trusted signature.
  - 4. The storage medium as defined in claim 1, wherein the processor is part of a system-on-a-chip in the storage device.
  - 5. The storage medium as defined in claim 1, wherein the data integrity check command includes at least one of a file system identification, a file name identification, a command to generate a hash of a file stored on the storage device, or a command to compare a first hash value to a second hash value.
  - 6. The storage medium as defined in claim 1, further including instructions to cause the processor to determine whether a result of the comparison is representative of a presence of malware.
  - 7. The storage medium as defined in claim 1, further including instructions to cause the processor to transfer a result of the comparison from the storage device to the agent via the secure tunnel.
  - 8. The storage medium as defined in claim 1, wherein the second data is stored at the storage device.
  - 9. The storage medium as defined in claim 8, wherein the first data is stored in a secure storage area on the storage device.

10. A storage device, comprising:
- a secure storage area;
  
  a second storage area; and
  
  a processor, the processor responsive to a data integrity check command to perform a data integrity check to;
  
  identify a modification to a first data stored in the second storage area by comparing second data stored in the secure storage area to the first data, the data integrity check command received from a remote agent via a secure tunnel; and
  
  send results of the data comparison to the remote agent via the secure tunnel in response to the data integrity check command.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The storage device as defined in claim 10, wherein the second data includes a hash of trusted data stored in the secure storage area.
  - 12. The storage device as defined in claim 11, wherein the first data includes a hash of untrusted data.
  - 13. The storage device as defined in claim 10, wherein the processor is to compare a difference between the first data and the second data to a malware definition to determine whether malware is present.
  - 14. The storage device as defined in claim 10, wherein the first data is stored on the storage device, but not in the secure storage area.
  - 15. The storage device as defined in claim 10, wherein the secure tunnel is to prevent software executing in an operating system from modifying data stored in the secure storage area.
  - 16. The storage device as defined in claim 10, wherein the processor is to transfer a result of the comparison from the storage device to the agent via the secure tunnel.

17. A method, comprising:
- receiving a data integrity check command to perform a data integrity check from a remote agent via a secure tunnel;
  
  responsive to the data integrity check command received from a remote agent via a secure tunnel;
  
  accessing, with a processor, a first data at a storage device; and
  
  identifying, with the processor, a modification to the first data stored on the storage device by comparing the first data to second data on the storage device, the data integrity command sent from an agent to the storage device via the secure tunnel between the storage device and the remote agent, the first data including at least one of trusted data and a hash of the trusted data, and the second data including at least one of untrusted data and a hash of the untrusted data; and
  
  sending results of the data comparison to the remote agent via the secure tunnel.
- View Dependent Claims (18, 19, 20)
- - 18. The method as defined in claim 17, wherein the processor is part of a system-on-a-chip in the storage device.
  - 19. The method as defined in claim 17, wherein the data integrity check command includes at least one of a file system identification, a file name identification, a command to generate a hash of a file stored on the storage device, or a command to compare a first hash value to a second hash value.
  - 20. The method as defined in claim 17, further including determining, with the processor, whether a result of the comparison is representative of a presence of malware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SK Hynix NAND Product Solutions Corporation (SK Hynix Inc.)
Original Assignee
Intel Corporation
Inventors
Triantafillou, Nicholas D., Saxena, Paritosh, Thadikaran, Paul J., Durham, David Michael
Primary Examiner(s)
Lwin, Maung T

Application Number

US14/818,654
Publication Number

US 20150341371A1
Time in Patent Office

1,154 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/57   Certifying or maintaining t...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 63/14   for detecting or protecting...

Systems and methods to provide secure storage

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to provide secure storage

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links