Encryption key shredding to protect non-persistent data

US 10,142,304 B2
Filed: 08/23/2016
Issued: 11/27/2018
Est. Priority Date: 08/23/2016
Status: Active Grant

First Claim

Patent Images

1. A storage system comprising:

a storage drive; and

a controller to;

power on the storage drive;

identify an encryption key on the storage drive created upon powering on the storage drive;

encrypt data in a cache of the storage drive using the encryption key;

power off the storage drive; and

delete the encryption key upon powering off the storage drive.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.

18 Citations

View as Search Results

20 Claims

1. A storage system comprising:
- a storage drive; and
  
  a controller to;
  
  power on the storage drive;
  
  identify an encryption key on the storage drive created upon powering on the storage drive;
  
  encrypt data in a cache of the storage drive using the encryption key;
  
  power off the storage drive; and
  
  delete the encryption key upon powering off the storage drive.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The storage system of claim 1, comprising the controller to:
    - receive the encryption key from a host of the storage drive, the host creating the encryption key upon powering on the storage drive and sending the encryption key to the storage drive.
  - 3. The storage system of claim 1, comprising the controller to:
    - create the encryption key on the storage drive, the storage drive being configured via the host to create the encryption key upon powering on the storage drive.
  - 4. The storage system of claim 1, comprising the controller to:
    - delete the encryption key upon resetting the storage drive, the resetting of the storage drive including at least one of power cycling the storage drive, reinitializing firmware on the storage drive, and reinitializing a software process on the storage drive.
  - 5. The storage system of claim 1, comprising the controller to:
    - initiate a first process on the storage drive cache; and
      
      create a first process encryption key upon initiating the first process on the storage drive cache.
  - 6. The storage system of claim 5, comprising the controller to:
    - initiate a second process on the storage drive cache;
      
      create a second process encryption key; and
      
      delete the first process encryption key upon initiating the second process.
  - 7. The storage system of claim 6, at least one of the first process and the second process including a process initialized by the host, the process initialized by the host including the host writing data to the storage drive cache.
  - 8. The storage system of claim 1, comprising the controller to:
    - designate a time of expiration for an expiring encryption key associated with data saved to the storage drive cache.
  - 9. The storage system of claim 8, comprising the controller to:
    - identify a lapsing of the expiration time; and
      
      delete the expiring encryption key upon identifying the lapsing of the expiration time.
  - 10. The storage system of claim 1, the storage drive including at least one of a solid state drive and a hard disk drive.

11. An apparatus comprising:
- a controller to;
  
  power on an apparatus;
  
  identify an encryption key on the apparatus created upon powering on the apparatus;
  
  encrypt data in a cache of the apparatus using the encryption key;
  
  power off the apparatus; and
  
  delete the encryption key upon powering off the apparatus.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The apparatus of claim 11, comprising the controller to:
    - receive the encryption key from a host of the apparatus, the host creating the encryption key upon powering on the apparatus and sending the encryption key to the apparatus.
  - 13. The apparatus of claim 11, comprising the controller to:
    - create the encryption key on the apparatus, the apparatus being configured via the host to create the encryption key upon powering on the apparatus.
  - 14. The apparatus of claim 11, comprising the controller to:
    - delete the encryption key upon resetting the apparatus, the resetting of the apparatus including at least one of power cycling the apparatus, reinitializing firmware on the apparatus, and reinitializing a software process on the apparatus.
  - 15. The apparatus of claim 11, comprising the controller to:
    - initiate a first process on the apparatus cache; and
      
      create a first process encryption key upon initiating the first process on the apparatus cache.
  - 16. The apparatus of claim 15, comprising the controller to:
    - initiate a second process on the apparatus cache;
      
      create a second process encryption key; and
      
      delete the first process encryption key upon initiating the second process.
  - 17. The apparatus of claim 16, at least one of the first process and the second process including a process initialized by the host, the process initialized by the host including the host writing data to the apparatus cache.
  - 18. The apparatus of claim 11, comprising the controller to:
    - designate a time of expiration for an expiring encryption key associated with data saved to the apparatus cache;
      
      identify a lapsing of the expiration time; and
      
      delete the expiring encryption key upon identifying the lapsing of the expiration time.

19. A method comprising:
- powering on a storage drive, the storage drive including at least one of a solid state drive and a hard disk drive;
  
  identifying an encryption key on the storage drive created upon powering on the storage drive;
  
  encrypting data in a cache of the storage drive using the encryption key;
  
  powering off the storage drive; and
  
  deleting the encryption key upon powering off the storage drive.
- View Dependent Claims (20)
- - 20. The method of claim 19, comprising:
    - receiving the encryption key from a host of the storage drive, the host creating the encryption key upon powering on the storage drive and sending the encryption key to the storage drive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Secatch, Stacey, Conklin, Kristofer C., Simonson, Dana L., Moss, Robert W.
Primary Examiner(s)
Smithers, Matthew

Application Number

US15/245,051
Publication Number

US 20180063102A1
Time in Patent Office

826 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/24   Resetting means

G06F 1/3287   by switching off individual...

G06F 12/0802   Addressing of a memory leve...

G06F 12/1408   by using cryptography for d...

G06F 2212/1052   Security improvement

G06F 2212/205   Hybrid memory, e.g. using b...

G06F 2212/402   Encrypted data

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/068   using time-dependent keys, ...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

Encryption key shredding to protect non-persistent data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Encryption key shredding to protect non-persistent data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others