Cascaded Data Encryption Dependent on Attributes of Physical Memory

US 20120278635A1
Filed: 04/29/2011
Published: 11/01/2012
Est. Priority Date: 04/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

encrypting input data in relation to a first auxiliary data value to provide first level ciphertext;

subsequently encrypting the first level ciphertext in relation to a second auxiliary data value associated with a selected physical location in a memory to provide second level ciphertext; and

storing the second level ciphertext to said selected physical location in the memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.

Citations

20 Claims

1. A method comprising:
- encrypting input data in relation to a first auxiliary data value to provide first level ciphertext;
  
  subsequently encrypting the first level ciphertext in relation to a second auxiliary data value associated with a selected physical location in a memory to provide second level ciphertext; and
  
  storing the second level ciphertext to said selected physical location in the memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising migrating the data to a second selected physical location in the memory by steps comprising:
    - decrypting the second level ciphertext in relation to the second auxiliary data value to recover the first level ciphertext from the selected memory location;
      
      subsequently encrypting the first level ciphertext using a third auxiliary data value associated with the second memory location in said memory to provide third level ciphertext; and
      
      storing the third ciphertext in the second selected physical location while the second level ciphertext remains in the selected physical location.
  - 3. The method of claim 1, in which the second auxiliary data value comprises a physical block address (PBA) of the selected physical location in memory.
  - 4. The method of claim 1, in which the second auxiliary data value comprises an accumulated write count indicative of a total number of write events associated with the selected physical location.
  - 5. The method of claim 1, in which the first auxiliary data value comprises a logical block address (LBA) associated with the input data.
  - 6. The method of claim 1, in which the subsequently encrypting step comprises counter (CTR) mode encryption which uses a seed count value that includes physical address information associated with the selected physical location.
  - 7. The method of claim 1, in which the encrypting and subsequently encrypting steps utilize a mixing layer between the respective encryption steps.
  - 8. The method of claim 1, in which the memory comprises a flash memory array of flash memory cells.
  - 9. The method of claim 1, in which the memory comprises a disc memory.
  - 10. The method of claim 1, in which the memory comprises an array of spin-torque transfer random access memory (STRAM) cells.
  - 11. The method of claim 1, in which the memory comprises an array of resistive random access memory (RRAM) cells.

12. A method comprising sequential steps of:
- applying multi-level encryption to input data in relation to a first auxiliary data value associated with a first physical address in a memory to generate a first set of ciphertext;
  
  storing the first set of ciphertext to said first physical address;
  
  decrypting the first set of ciphertext using the first auxiliary value to provide partially decrypted ciphertext;
  
  re-encrypting the decrypted ciphertext in relation to a different, second auxiliary data value associated with a different, second physical address in the memory to generate a second set of ciphertext; and
  
  writing the second set of ciphertext to the second physical address responsive to the first set of ciphertext remaining stored in the first physical address.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, in which the multi-level encryption of the applying step comprises applying a first level of encryption using a logical block address (LBA) value associated with the input data, and then applying a second level of encryption using a physical block address (PBA) value associated with the first physical address.
  - 14. The method of claim 12, in which the first physical address comprises a first page of memory in a flash memory array, and the second physical address comprises a second page of memory in the flash memory array.
  - 15. The method of claim 12, in which the first physical address is disposed within a first erasure block of a flash memory array, and the second physical address is disposed within a different, second erasure block of said array.
  - 16. The method of claim 12, in which the decrypting, re-encrypting and writing steps are carried out responsive to a garbage collection operation in which the first physical address is prepared for an erasure operation.

17. An apparatus comprising a non-volatile memory and a controller adapted to, responsive to receipt of input user data from a host device, apply multi-level encryption to said input user data in relation to a first auxiliary data value associated with a first physical location in the memory to generate a first set of ciphertext, and to direct storage of the first set of ciphertext to said first physical location.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, in which the controller is further adapted to decrypt the first set of ciphertext using the first auxiliary data value to provide partially decrypted ciphertext, re-encrypt the decrypted ciphertext in relation to a different, second auxiliary data value associated with a different, second physical location in the memory to generate a second set of ciphertext, and to direct storage of the second set of ciphertext to the second physical location while the first set of ciphertext remains stored in the first physical location.
  - 19. The apparatus of claim 17, in which the first auxiliary data value comprises at least a selected one of a physical block address (PBA) of the first physical location or a write count value indicative of a total number of write events carried out to the first physical location.
  - 20. The apparatus of claim 17, characterized as a flash memory data storage device, the first physical location comprising a selected page of memory in a flash memory array of said device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Hars, Laszlo, Matthews, Donald P. Jr.

Granted Patent

US 8,862,902 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 12/0246   in block erasable memory, e...

G06F 12/14   Protection against unauthor...

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

G06F 2212/7201   Logical to physical mapping...

G06F 2221/2107   File encryption

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0894   Escrow, recovery or storing...

Cascaded Data Encryption Dependent on Attributes of Physical Memory

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cascaded Data Encryption Dependent on Attributes of Physical Memory

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links