Method and Systems for Integrity Checking a Set of Signed Data Sections

US 20150169901A1
Filed: 12/12/2013
Published: 06/18/2015
Est. Priority Date: 12/12/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing an integrity check for a set of data sections, the method comprising:

storing common data for a first set of data sections in one of a plurality of data sections of the first set; and

for each of the plurality of data sections in the first set;

generating a digital signature based both on the data for that section and on the common data for the first set, even if the common data for the first set is stored in another section; and

storing the digital signature in that section.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and systems for integrity checking a set of signed data sections are disclosed. In one embodiment, for each of a plurality of data sections, a digital signature is generated based both on the data for that section and on common data for a set of data sections, even if the common data is stored in another section. The digital signature is stored in that section. For each section, a digital signature is generated based both on the data for that section and on the common data. The generated digital signature is compared with the stored digital signature in that section, and the integrity of the set is verified if the generated digital signature matches the stored digital signature for each section in the set.

Citations

75 Claims

1. A method for providing an integrity check for a set of data sections, the method comprising:
- storing common data for a first set of data sections in one of a plurality of data sections of the first set; and
  
  for each of the plurality of data sections in the first set;
  
  generating a digital signature based both on the data for that section and on the common data for the first set, even if the common data for the first set is stored in another section; and
  
  storing the digital signature in that section.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the common data is stored in a pre-determined location in the one of the plurality of data sections.
  - 3. The method of claim 1, wherein the common data is stored in only one of the plurality of data sections.
  - 4. The method of claim 1, wherein the common data is stored in more than one of the plurality of data sections.
  - 5. The method of claim 1, wherein each of the data sections has the same size.
  - 6. The method of claim 1, wherein the data section that stores the common data for the first set is of a larger size than the other data sections.
  - 7. The method of claim 1, wherein the common data for the first set is associated with the data in the plurality of data sections.
  - 8. The method of claim 7, wherein the common data for the first set is a time of creation of the plurality of data sections.
  - 9. The method of claim 1, wherein the common data for the first set is independent of the data of the plurality of data sections.
  - 10. The method of claim 9, wherein the common data is a random number.
  - 11. The method of claim 1, wherein the common data is common to the first set but not to a second set of data sections.
  - 12. The method of claim 1, wherein the method is performed in a host device, and wherein the method further comprises providing the first set of data sections to a storage module in communication with the host device.
  - 13. The method of claim 12, wherein the first set of data sections comprises firmware for the storage module.
  - 14. The method of claim 12 further comprising providing the storage module with computer-readable program code to generate a digital signature.
  - 15. The method of claim 12, wherein the digital signature is generated using a key that is shared between the host device and storage module.
  - 16. The method of claim 12, wherein the storage module is embedded in the host device.
  - 17. The method of claim 12, wherein the storage module is removably connected to the host device.
  - 18. The method of claim 1, wherein the method is performed in a computing device in a network.
  - 19. The method of claim 1, wherein the digital signature is generated using a hash-based message authentication code (HMAC).

20. A computing device comprising:
- a memory storing a plurality of data sections belonging to a first set; and
  
  a controller in communication with the memory, the controller configured to;
  
  store common data for the first set in one of the plurality of data sections; and
  
  for each of the plurality of data sections in the first set;
  
  generate a digital signature based both on the data for that section and on the common data for the first set, even if the common data for the first set is stored in another section; and
  
  store the digital signature in that section.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 21. The computing device of claim 20, wherein the common data is stored in a pre-determined location in the one of the plurality of data sections.
  - 22. The computing device of claim 20, wherein the common data is stored in only one of the plurality of data sections.
  - 23. The computing device of claim 20, wherein the common data is stored in more than one of the plurality of data sections.
  - 24. The computing device of claim 20, wherein each of the data sections has the same size.
  - 25. The computing device of claim 20, wherein the data section that stores the common data for the first set is of a larger size than the other data sections.
  - 26. The computing device of claim 20, wherein the common data for the first set is associated with the data in the plurality of data sections.
  - 27. The computing device of claim 26, wherein the common data for the first set is a time of creation of the plurality of data sections.
  - 28. The computing device of claim 20, wherein the common data for the first set is independent of the data of the plurality of data sections.
  - 29. The computing device of claim 28, wherein the common data is a random number.
  - 30. The computing device of claim 20, wherein the common data is common to the first set but not to the second set of data sections.
  - 31. The computing device of claim 20, wherein the computing device is a host device, and wherein the controller is further configured to provide the first set of data sections to a storage module in communication with the host device.
  - 32. The computing device of claim 31, wherein the first set of data sections comprises firmware for the storage module.
  - 33. The computing device of claim 31, wherein the controller is further configured to provide the storage module with computer-readable program code to generate a digital signature.
  - 34. The computing device of claim 31, wherein the digital signature is generated using a key that is shared between the host device and storage module.
  - 35. The computing device of claim 31, wherein the storage module is embedded in the host device.
  - 36. The computing device of claim 31, wherein the storage module is removably connected to the host device.
  - 37. The computing device of claim 20, wherein the computing device is located in a network.
  - 38. The computing device of claim 20, wherein the digital signature is generated using a hash-based message authentication code (HMAC).

39. A method for integrity checking a set of signed data sections, the method comprising:
- reading common data for a first set of data sections from one of a plurality of data sections, wherein each of the data sections stores a digital signature for that section; and
  
  for each of the plurality of data sections;
  
  generating a digital signature based both on the data for that section and on the common data for the first set, even if the common data for the first set is stored in another section; and
  
  comparing the generated digital signature with the stored digital signature in that section;
  
  wherein integrity of the first set is verified if the generated digital signature matches the stored digital signature for each section.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 40. The method of claim 39, wherein the common data is stored in a pre-determined location in the one of the plurality of data sections.
  - 41. The method of claim 39, wherein the common data is stored in only one of the plurality of data sections.
  - 42. The method of claim 39, wherein the common data is stored in more than one of the plurality of data sections.
  - 43. The method of claim 39, wherein each of the data sections has the same size.
  - 44. The method of claim 39, wherein the data section that stores the common data for the first set is of a larger size than the other data sections.
  - 45. The method of claim 39, wherein the common data for the first set is associated with the data in the plurality of data sections.
  - 46. The method of claim 45, wherein the common data for the first set is a time of creation of the plurality of data sections.
  - 47. The method of claim 39, wherein the common data for the first set is independent of the data of the plurality of data sections.
  - 48. The method of claim 47, wherein the common data is a random number.
  - 49. The method of claim 39, wherein the method is performed in a storage module, and wherein the method further comprises receiving the first set of data sections from a host device in communication with the storage module.
  - 50. The method of claim 49, wherein the host device stores a second set of data sections, and wherein the common data is common to the first set but not to the second set.
  - 51. The method of claim 49, wherein the first set of data sections comprises firmware for the storage module.
  - 52. The method of claim 49, wherein the storage module receives computer-readable program code from the host device to generate a digital signature.
  - 53. The method of claim 49, wherein the digital signature is generated using a key that is shared between the host device and storage module.
  - 54. The method of claim 49, wherein the storage module is embedded in the host device.
  - 55. The method of claim 49, wherein the storage module is removably connected to the host device.
  - 56. The method of claim 39, wherein the method is performed in a computing device in a network.
  - 57. The method of claim 39, wherein the digital signature is generated using a hash-based message authentication code (HMAC).

58. A storage module comprising:
- a memory storing a plurality of data sections of a first set, wherein each of the sections stores a digital signature for that section;
  
  a controller in communication with the memory, the controller configured to;
  
  read common data for the first set from one of the plurality of data sections; and
  
  for each of the plurality of data sections;
  
  generate a digital signature based both on the data for that section and on the common data for the first set, even if the common data for the first set is stored in another section; and
  
  compare the generated digital signature with the stored digital signature in that section;
  
  wherein integrity of the first set is verified if the generated digital signature matches the stored digital signature for each section.
- View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
- - 59. The storage module of claim 58, wherein the common data is stored in a pre-determined location in the one of the plurality of data sections.
  - 60. The storage module of claim 58, wherein the common data is stored in only one of the plurality of data sections.
  - 61. The storage module of claim 58, wherein the common data is stored in more than one of the plurality of data sections.
  - 62. The storage module of claim 58, wherein each of the data sections has the same size.
  - 63. The storage module of claim 58, wherein the data section that stores the common data for the first set is of a larger size than the other data sections.
  - 64. The storage module of claim 58, wherein the common data for the first set is associated with the data in the plurality of data sections.
  - 65. The storage module of claim 64, wherein the common data for the first set is a time of creation of the plurality of data sections.
  - 66. The storage module of claim 58, wherein the common data for the first set is independent of the data of the plurality of data sections.
  - 67. The storage module of claim 66, wherein the common data is a random number.
  - 68. The storage module of claim 58, wherein the first set of data sections is received from a host device.
  - 69. The storage module of claim 68, wherein the host device stores a second set of data sections, and wherein the common data is common to the first set but not to the second set.
  - 70. The storage module of claim 68, wherein the first set of data sections comprises firmware for the storage module.
  - 71. The storage module of claim 68, wherein the storage module receives computer-readable program code from the host device to generate a digital signature.
  - 72. The storage module of claim 68, wherein the digital signature is generated using a key that is shared between the host device and storage module.
  - 73. The storage module of claim 68, wherein the storage module is embedded in the host device.
  - 74. The storage module of claim 68, wherein the storage module is removably connected to the host device.
  - 75. The storage module of claim 58, wherein the digital signature is generated using a hash-based message authentication code (HMAC).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Karouby, Steve

Application Number

US14/104,834
Publication Number

US 20150169901A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/152   using file content signatur...

G06F 16/215   Improving data quality; Dat...

G06F 21/64   Protecting data integrity, ...

Method and Systems for Integrity Checking a Set of Signed Data Sections

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Systems for Integrity Checking a Set of Signed Data Sections

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links