Trustworthy timestamps on data storage devices

US 20120110343A1
Filed: 10/29/2010
Published: 05/03/2012
Est. Priority Date: 10/29/2010
Status: Abandoned Application

First Claim

Patent Images

1. A data storage device comprising:

a nonvolatile memory in which a secure key is pre-recorded, the secure key being unreadable outside of the data storage device;

means for performing a write operation in response to receiving a write command from a host device, the write command specifying data and an address;

means for generating a timestamp for the write operation;

a hash code generator for generating a hash code using the secure key and using at least the data and timestamp as input; and

means for recording the timestamp and hash code as metadata associated with the data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure timestamps created by a data storage device are described. Metadata timestamp is created for each recorded unit of data (such as a sector) The HDD performs the time-stamping in a secure manner. The timestamp is made secure by performing a secure operation (i.e. one that can only be performed by the HDD) using the data and timestamp. The secure operation uses a secure key that is built-in to the storage device and is not readable outside of the device. In some embodiments the secure operation is encryption using the secure key. In other embodiments the secure operation is a hash code function (such as a Hash-based Message Authentication Code (HMAC) function) that uses the secure key to generate a hash code using at least the recorded data and the timestamp as input. The hash code is then included in the metadata that is recorded for the data unit.

23 Citations

View as Search Results

17 Claims

1. A data storage device comprising:
- a nonvolatile memory in which a secure key is pre-recorded, the secure key being unreadable outside of the data storage device;
  
  means for performing a write operation in response to receiving a write command from a host device, the write command specifying data and an address;
  
  means for generating a timestamp for the write operation;
  
  a hash code generator for generating a hash code using the secure key and using at least the data and timestamp as input; and
  
  means for recording the timestamp and hash code as metadata associated with the data.
- View Dependent Claims (2, 3, 4)
- - 2. The data storage device of claim 1 wherein the hash code generator also uses the address in generating the hash code.
  - 3. The data storage device of claim 1 further comprising:
    - means for performing a verification operation in response to receiving a verification command from a host device, the verification command specifying an address;
      
      the verification operation including reading the data, timestamp and hash code;
      
      calculating a new hash code for the data, timestamp and reporting successful verification if the new hash code equals the hash code read from storage.
  - 4. The data storage device of claim 1 wherein the timestamp is a POSIX timestamp and the data storage device further comprises:
    - a power-on hours (POH) to POSIX time table containing an original entry recording a time of manufacture of the device; and
      
      means for rejecting any POSIX time from a host that is earlier than the time of manufacture of the device.

5. A method of operation a data storage device comprising:
- recording secure key in a nonvolatile memory location in the data storage device, the location being inaccessible to being read outside of the data storage device; and
  
  performing a write operation in response to receiving a write command from a host device, the write command specifying data and an address, the write operation including;
  
  generating a timestamp for the write operation;
  
  generating a hash code using the secure key and using at least the data and timestamp as input; and
  
  recording the timestamp and hash code as metadata associated with the data.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5 wherein generating the hash code further comprises using the address in generating the hash code.
  - 7. The method of claim 5 further comprising:
    - performing a verification operation in response to receiving a verification command from the host device, the verification command specifying an address;
      
      the verification operation including reading the data, timestamp and hash code from storage;
      
      calculating a new hash code for the data, timestamp and reporting successful verification if the new hash code equals the hash code read from storage.
  - 8. The method of claim 5 wherein the timestamp is a POSIX timestamp and generating the timestamp for the write operation further comprises using a table that maps power-on hours to a POSIX time.
  - 9. The method of claim 8 wherein the table contains an entry recording a time of manufacture of the device that is used as an earliest allowed POSIX time.

10. A data storage device comprising:
- a nonvolatile memory in which a secure key is pre-recorded, the secure key being unreadable outside of the data storage device;
  
  means for performing a write operation in response to receiving a write command from a host device, the write command specifying data and an address;
  
  means for generating a timestamp for the write operation;
  
  an encryption function for encrypting the data and timestamp using the secure key producing an encrypted record; and
  
  means for recording the encrypted record at the address.
- View Dependent Claims (11, 12)
- - 11. The data storage device of claim 10 further comprising:
    - means for performing a verification operation in response to receiving a verification command from a host device, the verification command specifying the address;
      
      the verification operation including reading encrypted record at the address, decrypting the encrypted record using the secure key to retrieve the data and timestamp and reporting successful verification if no errors are detected.
  - 12. The data storage device of claim 10 wherein the timestamp is a POSIX timestamp and the data storage device further comprises:
    - a power-on hours (POH) to POSIX time table containing an original entry recording a time of manufacture of the device; and
      
      means for rejecting any POSIX time from a host that is earlier than the time of manufacture of the device.

13. A method of operation a data storage device comprising:
- recording secure key in a nonvolatile memory location in the data storage device, the location being inaccessible to being read outside of the data storage device; and
  
  performing a write operation in response to receiving a write command from a host device, the write command specifying data and an address, the write operation including;
  
  generating a timestamp for the write operation;
  
  encrypting the data and timestamp using the secure key to produce an encrypted record; and
  
  recording the encrypted record at the address.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13 further comprising:
    - performing a verification operation in response to receiving a verification command from the host device, the verification command specifying an address;
      
      the verification operation including reading the encrypted record at the address, decrypting the encrypted record using the secure key to retrieve the data and timestamp and reporting successful verification if no errors are detected.
  - 15. The method of claim 14 wherein the data storage device is a RAID storage system that divides data among a set of sectors on multiple disk drives with some sectors in the set containing only parity data and performing a verification operation further comprising omitting the sectors in the set containing only parity data.
  - 16. The method of claim 13 wherein the timestamp is a POSIX timestamp and generating the timestamp for the write operation further comprises using a table that maps power-on hours to a POSIX time.
  - 17. The method of claim 16 wherein the table contains an entry recording a time of manufacture of the device that is used as an earliest allowed POSIX time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HGST Netherlands B.V. (Western Digital Corporation)
Original Assignee
HGST Netherlands B.V. (Western Digital Corporation)
Inventors
Bandic, Zvonimir Z., Guyot, Cyril, Tsai, Timothy Kohchih

Application Number

US12/925,807
Publication Number

US 20120110343A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/80   in storage media based on m...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2151   Time stamp

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3242   involving keyed hash functi...

H04L 9/3297   involving time stamps, e.g....

Trustworthy timestamps on data storage devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Trustworthy timestamps on data storage devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others