NAMESPACE ENCRYPTION IN NON-VOLATILE MEMORY DEVICES

US 20190146931A1
Filed: 11/16/2017
Published: 05/16/2019
Est. Priority Date: 11/16/2017
Status: Active Grant

First Claim

Patent Images

1. A computer storage device, comprising:

a host interface;

a controller;

non-volatile storage media; and

firmware containing instructions which, when executed by the controller, instruct the controller to at least;

limit a crypto key to be used in data access requests made in a first namespace allocated on the non-volatile storage media of the computer storage device;

store data in the first namespace in an encrypted form corresponding to the crypto key;

free a portion of the non-volatile storage media from the first namespace, the portion storing the data; and

make the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer storage device having a host interface, a controller, non-volatile storage media, and firmware. The firmware instructs the controller to: limit a crypto key to be used in data access requests made in a first namespace allocated on the non-volatile storage media of the computer storage device; store data in the first namespace in an encrypted form that is to be decrypted using the crypto key; free a portion of the non-volatile storage media from the first namespace, the portion storing the data; and make the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.

Citations

20 Claims

1. A computer storage device, comprising:
- a host interface;
  
  a controller;
  
  non-volatile storage media; and
  
  firmware containing instructions which, when executed by the controller, instruct the controller to at least;
  
  limit a crypto key to be used in data access requests made in a first namespace allocated on the non-volatile storage media of the computer storage device;
  
  store data in the first namespace in an encrypted form corresponding to the crypto key;
  
  free a portion of the non-volatile storage media from the first namespace, the portion storing the data; and
  
  make the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer storage device of claim 1, further comprising:
    - a plurality of registers each storing a crypto key and configured to be limited with data access in only one namespace.
  - 3. The computer storage device of claim 1, further comprising:
    - a crypto engine coupled to the registers to perform decryption using the crypto key for data access made in the first name space.
  - 4. The computer storage device of claim 3, wherein the crypto key is generated by the crypto engine in response to a command to allocate the first namespace on the non-volatile storage media.
  - 5. The computer storage device of claim 4, wherein the crypto key is deleted from the computer storage device to perform a cryptographic erasure of data stored in the first namespace in response to a command to delete the namespace.
  - 6. The computer storage device of claim 3, wherein the crypto key is received for the first namespace in connection with a command to allocate the first namespace on the non-volatile storage media.
  - 7. The computer storage device of claim 3, wherein the crypto engine implements symmetric encryption using the crypto key.
  - 8. The computer storage device of claim 3, wherein the crypto key is a public key for non-symmetric encryption and is received from a host for encryption of data stored in the first namespace.
  - 9. The computer storage device of claim 3, wherein the crypto key is a first key of a key pair for non-symmetric encryption of data stored in the first namespace;
    - and a second key of the key pair of is provided for decryption of data retrieved from the first namespace.
  - 10. The computer storage device of claim 3, wherein the crypto engine generates the key pair in response to creation of the first namespace on the non-volatile storage media.
  - 11. The computer storage device of claim 1, wherein the instructions are further configured to instruct the controller to:
    - store a namespace map mapping blocks of logical addresses defined in the first namespace to blocks of logical addresses defined, independent of namespace, on a capacity of the non-volatile storage media;
      
      wherein the crypto key is limited to be used with the namespace map in accessing the non-volatile storage media.
  - 12. The computer storage device of claim 1, wherein the portion of the non-volatile storage media storing the data is freed from the first namespace in response to a command to reduce a size of the first namespace.
  - 13. The computer storage device of claim 1, wherein the portion of the non-volatile storage media storing the data is freed in response to an adjustment in the namespace map.
  - 14. The computer storage device of claim 13, wherein before the adjustment:
    - the portion of the non-volatile storage media is identified by a first subset of the logical addresses defined, independent of namespace, on the capacity of the non-volatile storage media; and
      
      the namespace map maps a subset of the logical addresses defined in the first namespace to the first subset of the logical addresses defined on the capacity of the non-volatile storage media.
  - 15. The computer storage device of claim 14, wherein after the adjustment, the subset of the logical addresses previously defined in the first namespace is no longer defined in the first namespace.
  - 16. The computer storage device of claim 14, wherein after the adjustment, the namespace map maps the subset of the logical addresses defined in the first namespace to a second subset of the logical addresses defined, independent of namespace, on the capacity of the non-volatile storage media.
  - 17. The computer storage device of claim 16, wherein a portion of the non-volatile storage media identified by the second subset of the logical addresses defined on the capacity of the non-volatile storage media is different from the portion of the non-volatile storage media identified by the first subset of the logical addresses defined on the capacity of the non-volatile storage media.

18. A method implemented in a computer storage device, the method comprising:
- limiting a crypto key to be used in data access requests made in a first namespace allocated on a non-volatile storage media of the computer storage device;
  
  storing data in the first namespace in an encrypted form corresponding to the crypto key;
  
  freeing a portion of the non-volatile storage media from the first namespace, the portion storing the data; and
  
  making the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.
- View Dependent Claims (19)
- - 19. The method of claim 18, wherein the freeing is in response to a command to reducing a size of the first namespace.

20. A non-transitory computer storage medium storing instructions which, when executed by a controller of a computer storage device, cause the controller to perform a method, the method comprising:
- limiting a crypto key to be used in data access requests made in a first namespace allocated on a non-volatile storage media of the computer storage device;
  
  storing data in the first namespace in an encrypted form corresponding to the crypto key;
  
  freeing a portion of the non-volatile storage media from the first namespace, the portion storing the data; and
  
  making the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Frolikov, Alex

Granted Patent

US 11,580,034 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/0246   in block erasable memory, e...

G06F 12/1408   by using cryptography for d...

G06F 12/1441   for a range

G06F 2212/1044   Space efficiency improvement

G06F 2212/1052   Security improvement

G06F 2212/7201   Logical to physical mapping...

G06F 2212/7202   Allocation control and poli...

G06F 2212/7204   Capacity control, e.g. part...

G06F 3/0605   by facilitating the interac...

G06F 3/0608   Saving storage space on sto...

G06F 3/0631   by allocating resources to ...

G06F 3/0644   Management of space entitie...

G06F 3/0679   Non-volatile semiconductor ...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

NAMESPACE ENCRYPTION IN NON-VOLATILE MEMORY DEVICES

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NAMESPACE ENCRYPTION IN NON-VOLATILE MEMORY DEVICES

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links