STORAGE DEVICE ASSISTED INLINE ENCRYPTION AND DECRYPTION

US 20140310536A1
Filed: 04/03/2014
Published: 10/16/2014
Est. Priority Date: 04/16/2013
Status: Active Application

First Claim

Patent Images

1. A method operational at a host storage controller to encrypt data during a write operation to a storage device external to the host storage controller, comprising:

obtaining a write command from a requesting host software component to write data to the storage device;

sending the write command to the storage device;

obtaining a parameter associated with the data from the storage device;

generating an encryption key based on the parameter; and

encrypting the data using the encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various features pertain to inline encryption and decryption. In one aspect, inline read/write operations are performed by configuring an off-chip storage device to provide parameters to facilitate inline encryption/decryption of data by a host storage controller of a system-on-a-chip (SoC.) The parameters provided by the storage device to the host storage controller include an identifier that is the same for read and write operations for a particular block of data but differs from one block of data to another. The host storage controller employs the parameters as initial vectors to generate encryption keys for use in encrypting/decrypting data. Exemplary read and write operations of the host storage controller and the off-chip storage device are described herein. Examples are also described wherein the parameters are obtained from host memory rather than from the storage device.

Citations

30 Claims

1. A method operational at a host storage controller to encrypt data during a write operation to a storage device external to the host storage controller, comprising:
- obtaining a write command from a requesting host software component to write data to the storage device;
  
  sending the write command to the storage device;
  
  obtaining a parameter associated with the data from the storage device;
  
  generating an encryption key based on the parameter; and
  
  encrypting the data using the encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising sending the encrypted data to the storage device.
  - 3. The method of claim 1, wherein the parameter associated with the data provides an identifier that is the same for read and write operations for a particular block of data but differs from one block of data to another.
  - 4. The method of claim 3, wherein the parameter associated with the data comprises a logical block address (LBA) for the data to be stored.
  - 5. The method of claim 3, wherein the parameter associated with the data further comprises an indication of a number of blocks in the data.
  - 6. The method of claim 3, wherein the parameter associated with the data is received from the storage device in a ready to transfer (RTT) request data packet.
  - 7. The method of claim 6, wherein the storage device is a universal flash storage (UFS) device and wherein the parameter associated with the data is received in a data packet comprising an RTT UFS protocol information unit (UPIU).
  - 8. The method of claim 1, further comprising maintaining a transfer request list including a transfer request descriptor having a key index associated with an individual write transaction.
  - 9. The method of claim 1, wherein generating the encryption key comprises:
    - generating an initial vector from the parameter obtained from the storage device;
      
      obtaining an initial key; and
      
      generating the encryption key from the initial key and the initial vector.
  - 10. The method of claim 1, wherein the host storage controller is a component of a system-on-a-chip (SoC) and the storage device is an off-chip storage device external to the SoC and wherein the host storage controller performs in-line data encryption of the data for storage in the off-chip storage device.

11. A method operational at a host storage controller to decrypt data during a read operation from a storage device external to the host storage controller, comprising:
- obtaining a read command from a requesting host software component to read data from the storage device;
  
  sending the read command to the storage device;
  
  obtaining encrypted data and a parameter associated with the encrypted data from the storage device;
  
  generating a decryption key based on the parameter; and
  
  decrypting the encrypted data using the decryption key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising providing the decrypted data to the requesting host software component.
  - 13. The method of claim 11, wherein the parameter associated with the data provides an identifier that is the same for read and write operations for a particular block of data but differs from one block of data to another.
  - 14. The method of claim 11, wherein the parameter associated with the encrypted data comprises a logical block address (LBA) for the data to be read.
  - 15. The method of claim 13, wherein the parameter associated with the encrypted data further comprises an indication of a number of blocks in the encrypted data.
  - 16. The method of claim 13, wherein the parameter associated with the encrypted data is received from the storage device in a protocol information unit.
  - 17. The method of claim 16, wherein the storage device is a universal flash storage (UFS) device and wherein the parameter associated with the encrypted data is received in a data packet comprising a UFS protocol information unit (UPIU).
  - 18. The method of claim 15, further comprising maintaining a transfer request list including a transfer request descriptor having a key index associated with an individual read transaction.
  - 19. The method of claim 11, wherein generating the decryption key comprises:
    - generating an initial vector from the parameter obtained from the storage device;
      
      obtaining an initial key; and
      
      generating the decryption key from the initial key and the initial vector.
  - 20. The method of claim 11, wherein the host storage controller is a component of a system-on-a-chip (SoC) and the storage device is an off-chip storage device external to the SoC and wherein the host storage controller performs in-line data decryption of encrypted data received from the off-chip storage device.

21. A device comprising:
- a storage device to store data;
  
  a processing circuit coupled to the storage device, the processing circuit having a host storage controller configured toobtain a write command from a requesting host software component to write data to the storage device;
  
  send the write command to the storage device;
  
  obtain a parameter associated with the data from the storage device;
  
  generate an encryption key based on the parameter; and
  
  encrypt the data using the encryption key.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The device of claim 21, wherein the host storage controller is further configured to send the encrypted data to the storage device.
  - 23. The device of claim 21, wherein the parameter associated with the data provides an identifier that is the same for read and write operations for a particular block of data but differs from one block of data to another.
  - 24. The device of claim 23, wherein the parameter associated with the data further comprises an indication of a number of blocks in the data.
  - 25. The device of claim 21, wherein the host storage controller is a component of a system-on-a-chip (SoC) and the storage device is an off-chip storage device external to the SoC and wherein the host storage controller is configured to perform in-line data encryption of the data for storage in the off-chip storage device.

26. A device comprising:
- a storage device to store data;
  
  a processing circuit coupled to the storage device, the processing circuit having a host storage controller configured toobtain a read command from a requesting host software component to read data from the storage device;
  
  send the read command to the storage device;
  
  obtain encrypted data and a parameter associated with the encrypted data from the storage device;
  
  generate a decryption key based on the parameter; and
  
  decrypt the encrypted data using the decryption key.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The device of claim 26, wherein the host storage controller is further configured to provide the decrypted data to the requesting host software component.
  - 28. The device of claim 26, wherein the parameter associated with the data provides an identifier that is the same for read and write operations for a particular block of data but differs from one block of data to another.
  - 29. The device of claim 28, wherein the parameter associated with the encrypted data further comprises an indication of a number of blocks in the encrypted data.
  - 30. The device of claim 26, wherein the host storage controller is a component of a system-on-a-chip (SoC) and the storage device is an off-chip storage device external to the SoC and wherein the host storage controller is configured to perform in-line data decryption of encrypted data received from the off-chip storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Shacham, Assaf

Application Number

US14/244,742
Publication Number

US 20140310536A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/78   to assure secure storage of...

G06F 2221/2107   File encryption

G06F 3/0623   in relation to content

G06F 3/0658   Controller construction arr...

G06F 3/0679   Non-volatile semiconductor ...

STORAGE DEVICE ASSISTED INLINE ENCRYPTION AND DECRYPTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

STORAGE DEVICE ASSISTED INLINE ENCRYPTION AND DECRYPTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links