Securing information relating to data compression and encryption in a storage device

US 10,095,635 B2
Filed: 03/29/2016
Issued: 10/09/2018
Est. Priority Date: 03/29/2016
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

receiving input data from a host into a buffer memory;

applying data compression to the input data to provide compressed data;

encrypting the compressed data using an encryption key to generate encrypted data;

storing the encrypted data in a first location of a main memory of a data storage device;

generating and storing, in a second access controlled location of the main memory, a system parameter value associated with the storage of the encrypted data, the system parameter value being a parameter value of a data storage system that includes the main memory and a controller circuit that performs the encrypting and storing, the system parameter value encrypted prior to storage thereof in the second access controlled location of the main memory;

establishing a trusted relationship to authenticate the host responsive to a request for the system parameter value, the trusted relationship established using a challenge value; and

transferring, from the data storage device to the host, the system parameter value from the second access controlled location of the main memory responsive to the established trusted relationship.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method for data security in a data storage environment. In some embodiments, input data from a host is received into a buffer memory. Data compression is applied to the input data to provide compressed data. Encryption is applied to the compressed data to generate encrypted data, and the encrypted data are stored in a main memory of a data storage device. A system parameter value associated with the storage of the encrypted data is generated and stored in a memory, such as the main memory of the storage device. The system parameter value may include information relating to the compression of the data. A trusted relationship is established to authenticate the host responsive to a request for the updated system parameter value. The system parameter value is transferred to the host responsive to the established trusted relationship.

35 Citations

View as Search Results

18 Claims

1. A computer implemented method comprising:
- receiving input data from a host into a buffer memory;
  
  applying data compression to the input data to provide compressed data;
  
  encrypting the compressed data using an encryption key to generate encrypted data;
  
  storing the encrypted data in a first location of a main memory of a data storage device;
  
  generating and storing, in a second access controlled location of the main memory, a system parameter value associated with the storage of the encrypted data, the system parameter value being a parameter value of a data storage system that includes the main memory and a controller circuit that performs the encrypting and storing, the system parameter value encrypted prior to storage thereof in the second access controlled location of the main memory;
  
  establishing a trusted relationship to authenticate the host responsive to a request for the system parameter value, the trusted relationship established using a challenge value; and
  
  transferring, from the data storage device to the host, the system parameter value from the second access controlled location of the main memory responsive to the established trusted relationship.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the system parameter value indicates available free space of the main memory after storing the encrypted data.
  - 3. The method of claim 1, wherein the data compression is lossy data compression.
  - 4. The method of claim 1, wherein the system parameter value is stored to the main memory of the data storage device and associated with the encrypted data.
  - 5. The method of claim 1, wherein the system parameter value indicates a compression parameter associated with the compression of the input data.
  - 6. The method of claim 5, wherein the compression parameter indicates a size of the compressed data.
  - 7. The method of claim 1, further comprising generating metadata linking logical addressing to physical addressing associated with the storage of the encrypted data and storing the metadata in the second access controlled location of the main memory of the data storage device.
  - 8. The method of claim 1, wherein receiving input data comprises receiving multiple blocks of input data, wherein applying data compression comprises individually compressing each of the multiple blocks, the method further comprising concatenating the multiple compressed blocks into a fixed sized data packet, and wherein encrypting comprises encrypting the concatenated fixed size data packet.
  - 9. The method of claim 1, wherein the data storage device is characterized as a solid state drive (SSD).
  - 10. The method of claim 1, wherein the data storage device is characterized as a hard disc drive (HDD).

11. A data storage device comprising:
- a non-volatile main memory; and
  
  a controller circuit configured to receive input data from a host into a buffer memory, apply data compression to the input data to provide compressed data, encrypt the compressed data using an encryption key to generate encrypted data, store the encrypted data in a first location of the main memory, generate and store in a second access controlled location of the main memory a system parameter value associated with the storage of the encrypted data, establish a trusted relationship to authenticate the host responsive to a request for the system parameter value, and transfer the updated system parameter value from the second access controlled location of the main memory to the host responsive to the established trusted relationship, the system parameter value being a parameter value of the data storage device, the system parameter value indicating a compression parameter associated with the compression of the input data, the system parameter value encrypted by the controller circuit prior to storage thereof in the second access controlled location of the main memory, the trusted relationship established using a challenge value.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The data storage device of claim 11, wherein the controller circuit is further configured to encrypt the system parameter value.
  - 13. The data storage device of claim 11, characterized as a solid state drive (SSD).
  - 14. The data storage device of claim 11, characterized as a hard disc drive (HDD).
  - 15. The data storage device of claim 11, characterized as a hybrid data storage device (HDSD) so that the non-volatile main memory comprises both rotatable magnetic recording media and solid-state semiconductor memory.
  - 16. The data storage device of claim 11, wherein the controller circuit is further configured to receive multiple blocks of input data, to apply data compression individually to each of the multiple blocks and to concatenate the multiple compressed blocks into a fixed sized data packet, and to encrypt the compressed data by encrypting the fixed size data packet.

17. An apparatus comprising:
- a plurality of data storage devices arranged to form a multi-device memory space; and
  
  a controller circuit configured to transfer data between the memory space and a host device by applying data compression to input data received from the host to provide compressed data, encrypting the compressed data using an encryption key to generate encrypted data, storing the encrypted data in a first location of a main memory, and generating and storing in a second access controlled location of the main memory a system parameter value associated with the storage of the encrypted data, the controller circuit further configured to, responsive to a request from the host for the system parameter value, establish a trusted relationship with the host and to transfer the system parameter value from the second access controlled location of the main memory to the host responsive to the established trusted relationship, the controller circuit encrypting the system parameter value prior to storage thereof in the second access controlled location of the main memory, the trusted relationship established using a challenge value.
- View Dependent Claims (18)
- - 18. The apparatus of claim 17, wherein the system parameter value relates to the application of data compression to the input data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Abbas, Syed Yasir, Kella, Jeetandra, Anderson, William Erik
Primary Examiner(s)
Shepperd, Eric W

Application Number

US15/084,222
Publication Number

US 20170286319A1
Time in Patent Office

924 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/44   Program or device authentic...

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/80   in storage media based on m...

G06F 2212/1052   Security improvement

G06F 2212/401   Compressed data

G06F 2212/402   Encrypted data

G06F 3/0623   in relation to content

G06F 3/0659   Command handling arrangemen...

G06F 3/0676   Magnetic disk device

G06F 3/0679   Non-volatile semiconductor ...

G06F 3/068   Hybrid storage device

Securing information relating to data compression and encryption in a storage device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Securing information relating to data compression and encryption in a storage device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links