SECURING A FLASH MEMORY BLOCK IN A SECURE DEVICE SYSTEM AND METHOD
First Claim
Patent Images
1. A method comprising:
- encrypting data;
storing the encrypted data in a flash memory block of a flash memory device;
generating a cryptographic message authentication code (MAC) covering the data and informational variables, wherein the informational variables are generated by or accessible to the operating system software, wherein at least some of the variables are not stored on the flash devicestoring the MAC in the flash memory block;
retrieving the encrypted data and the MAC from the flash memory block;
performing a validation check on the retrieved data using the MAC;
rejecting the retrieved data if the retrieved data fails the validation check;
if the retrieved data passes the validation check;
accepting the retrieved data;
decrypting the retrieved data.
4 Assignments
0 Petitions
Accused Products
Abstract
A technique for securing a flash memory block in a secure device system involves cryptographic techniques including the generation of a Message Authentication Code (MAC). The MAC may be generated each time a file is saved to one or more data blocks of a flash memory device and stored with the file'"'"'s metadata and to each of the data blocks. A technique for reading and storing versioned files may be employed when applications utilize versioning.
-
Citations
23 Claims
-
1. A method comprising:
-
encrypting data; storing the encrypted data in a flash memory block of a flash memory device; generating a cryptographic message authentication code (MAC) covering the data and informational variables, wherein the informational variables are generated by or accessible to the operating system software, wherein at least some of the variables are not stored on the flash device storing the MAC in the flash memory block; retrieving the encrypted data and the MAC from the flash memory block; performing a validation check on the retrieved data using the MAC; rejecting the retrieved data if the retrieved data fails the validation check; if the retrieved data passes the validation check; accepting the retrieved data; decrypting the retrieved data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a flash memory device including at least one flash memory block; a flash memory device driver embodied in a computer-readable medium; a security kernel embodied in a computer-readable medium; wherein, in operation, the security kernel generates a MAC using a plurality of variables accessible to operating system software and the flash memory device driver facilitates sending the MAC to the flash memory device for storage in the flash memory block, and wherein, in operation, the flash memory device driver facilitates receiving the MAC from the flash memory block and the security kernel performs a validation check using the MAC. - View Dependent Claims (9, 10, 11)
-
-
12. A method comprising:
-
reading a file version number associated with a versionable file; storing file data in one or more flash memory blocks of a flash memory device; updating a copy of a global version number on the flash memory device, wherein the global version number is associated with all versioned files stored, at least in part, on the flash memory device; updating the global version number in non-volatile memory of a secure kernel; generating a MAC, to protect the global version number, using a plurality of variables accessible to operating system software; storing the MAC in the one or more flash memory blocks of the flash memory device; storing a copy of the updated global version number in the one or more flash memory blocks of the flash memory device; storing the global version number in non-volatile memory of the security kernel. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method comprising,
reading a first global version number stored in non-volatile memory of a security kernel; -
reading a second global version number stored in a header of a flash memory device, wherein the flash memory device includes a plurality of flash memory blocks; verifying the first global version number against the second global version number; reading a first MAC stored in the header of the flash memory device; generating a second MAC; verifying the second MAC with the first MAC; reading a file version number of a versioned file having data stored in a flash memory block of the plurality of flash memory blocks from the header of the flash memory; reading a third MAC stored in the flash memory block; generating a fourth MAC using a key stored in non-volatile memory of the security kernel and the file version number as parameters; verifying the fourth MAC with the third MAC; receiving data associated with the versioned file.
-
Specification