SAVING ENCRYPTION KEYS IN ONE-TIME PROGRAMMABLE MEMORY

US 20110087898A1
Filed: 04/27/2010
Published: 04/14/2011
Est. Priority Date: 10/09/2009
Status: Active Grant

First Claim

Patent Images

1. A method of providing encryption/decryption of data transferred between a media controller and a storage device, wherein the media controller providing said encryption/decryption based on a root key (RK), the method comprising:

providing storage in a one-time programmable (OTP) memory as a plurality of un-burned slots to store data, the OTP memory initially provided without the RK;

generating, with a random number generator, the RK;

performing, with a control module, the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK;

wherein, if the control module validates the burned RK;

employing the burned RK as the RK by the media controller to provide said encryption/decryption;

otherwise;

burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described embodiments provide encryption/decryption of data transferred between a media controller and a storage device. The media controller provides encryption/decryption based on a root key (RK). Storage in a one-time programmable (OTP) memory is provided as a plurality of un-burned slots. The OTP memory is initially provided without the RK, which is generated with a random number generator. A control module performs the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK. If the control module validates the burned RK, the burned RK is employed by the media controller. Otherwise, one or more subsequent slots of the OTP memory are burned with the RK until the control module validates the corresponding burned RK.

108 Citations

View as Search Results

19 Claims

1. A method of providing encryption/decryption of data transferred between a media controller and a storage device, wherein the media controller providing said encryption/decryption based on a root key (RK), the method comprising:
- providing storage in a one-time programmable (OTP) memory as a plurality of un-burned slots to store data, the OTP memory initially provided without the RK;
  
  generating, with a random number generator, the RK;
  
  performing, with a control module, the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK;
  
  wherein, if the control module validates the burned RK;
  
  employing the burned RK as the RK by the media controller to provide said encryption/decryption;
  
  otherwise;
  
  burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The invention of claim 1, further comprising:
    - burning a checksum (cbRK) of the burned RK to the corresponding slot of OTP memory.
  - 3. The invention of claim 1, further comprising:
    - if the control module validates the burned RK;
      
      employing the burned RK as the RK by the media controller to provide said encryption/decryption;
      
      otherwise;
      
      burning one or more subsequent slots with the RK and validating each corresponding bRK until either i) the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption, or ii) all slots of the OTP memory are used.
  - 4. The invention of claim 2, further comprising:
    - comparing, by a comparator, the checksum of the burned RK (cbRK) and a value, read from the OTP memory, of the checksum of the burned RK (rcbRK);
      
      wherein, if the cbRK and the rcbRK are substantially equal;
      
      employing the burned RK as the RK by the media controller to provide said encryption/decryption;
      
      otherwise;
      
      burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption.
  - 5. The invention of claim 1, wherein the comparison of the RK and the burned RK (bRK) is based on a maximum threshold of changed bits.
  - 6. The invention of claim 5, wherein a number of changed bits between RK and the bRK is determined by an exclusive-or (XOR) operation.

7. A machine-readable storage medium, having encoded thereon program code, wherein, when the program code is executed by a machine, the machine implements a method of providing encryption/decryption of data transferred between a media controller and a storage device, wherein the media controller providing said encryption/decryption based on a root key (RK), the method comprising:
- providing storage in a one-time programmable (OTP) memory as a plurality of un-burned slots to store data, the OTP memory initially provided without the RK;
  
  generating, with a random number generator, the RK;
  
  performing, with a control module, the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK;
  
  wherein, if the control module validates the burned RK;
  
  employing the burned RK as the RK by the media controller to provide said encryption/decryption;
  
  otherwise;
  
  burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The invention of claim 7, further comprising:
    - burning a checksum (cbRK) of the burned RK to the corresponding slot of OTP memory.
  - 9. The invention of claim 7, further comprising:
    - if the control module validates the burned RK;
      
      employing the burned RK as the RK by the media controller to provide said encryption/decryption;
      
      otherwise;
      
      burning one or more subsequent slots with the RK and validating each corresponding bRK until either i) the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption, or ii) all slots of the OTP memory are used.
  - 10. The invention of claim 8, further comprising:
    - comparing, by a comparator, the checksum of the burned RK (cbRK) and a value, read from the OTP memory, of the checksum of the burned RK (rcbRK);
      
      wherein, if the cbRK and the rcbRK are substantially equal;
      
      employing the burned RK as the RK by the media controller to provide said encryption/decryption;
      
      otherwise;
      
      burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption.
  - 11. The invention of claim 7, wherein the comparison of the RK and the burned RK (bRK) is based on a maximum threshold of changed bits.
  - 12. The invention of claim 11, wherein a number of changed bits between RK and the bRK is determined by an exclusive-or (XOR) operation.

13. Apparatus comprising a media controller configured to provide encryption/decryption of data transferred between the media controller and a storage device, wherein the media controller provides said encryption/decryption based on a root key (RK), the apparatus comprising:
- a one-time programmable (OTP) memory having a plurality of un-burned slots to store data, wherein the OTP memory is initially provided without the RK;
  
  a random number generator configured to generate the RK;
  
  a control module configured to i) burn the RK to an initial slot of the OTP memory, and ii) validate the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK,wherein, if the control module validates the burned RK;
  
  the burned RK is employed as the RK by the media controller to provide said encryption/decryption;
  
  otherwise;
  
  the control module is configured to burn one or more subsequent slots with the RK and validate each corresponding bRK until the control module validates the corresponding burned RK, the burned RK employed as the RK by the media controller to provide said encryption/decryption.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The invention of claim 13, wherein the control module is adapted to burn a checksum (cbRK) of the burned RK to the corresponding slot of OTP memory.
  - 15. The invention of claim 13, wherein the control module is configured to burn one or more subsequent slots with the RK and validate each corresponding bRK until either i) the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption, or ii) all slots of the OTP memory are used.
  - 16. The invention of claim 13, wherein the comparator is adapted to compare a checksum of the burned RK (cbRK) and a value, read from the OTP memory, of the checksum of the burned RK (rcbRK), whereinif the cbRK and the rcbRK are substantially equal, the burned RK is employed as the RK by the media controller to provide said encryption/decryption;
    - otherwise;
      
      one or more subsequent slots are burned with the RK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption.
  - 17. The invention of claim 13, wherein the comparison of the RK and the burned RK (bRK) is based on a maximum threshold of changed bits.
  - 18. The invention of claim 13, wherein a number of changed bits between RK and the bRK is determined by an exclusive-or (XOR) operation.
  - 19. The invention of claim 13, wherein the apparatus is implemented in a monolithic integrated circuit chip.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
LSI Corporation (Broadcom, Inc.)
Inventors
Williams, Jeffrey L.

Granted Patent

US 8,286,004 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/31   User authentication

G06F 21/78   to assure secure storage of...

H04L 2209/12   Details relating to cryptog...

H04L 9/0866   involving user or device id...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

SAVING ENCRYPTION KEYS IN ONE-TIME PROGRAMMABLE MEMORY

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

SAVING ENCRYPTION KEYS IN ONE-TIME PROGRAMMABLE MEMORY

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others