Saving encryption keys in one-time programmable memory
First Claim
1. A method of providing encryption/decryption of data transferred between a media controller and a storage device, wherein the media controller providing said encryption/decryption based on a root key (RK), the method comprising:
- providing storage in a one-time programmable (OTP) memory as a plurality of un-burned slots to store data, the OTP memory initially provided without the RK;
generating, with a random number generator, the RK;
performing, with a control module, the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK;
wherein, when the control module validates the burned RK;
employing the burned RK as the RK by the media controller to provide said encryption/decryption;
otherwise;
burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption;
wherein the comparison of the RK and the burned RK (bRK) is based on a maximum threshold of changed bits; and
wherein a number of changed bits between RK and the bRK is determined by an exclusive-or (XOR) operation.
10 Assignments
0 Petitions
Accused Products
Abstract
Described embodiments provide encryption/decryption of data transferred between a media controller and a storage device. The media controller provides encryption/decryption based on a root key (RK). Storage in a one-time programmable (OTP) memory is provided as a plurality of un-burned slots. The OTP memory is initially provided without the RK, which is generated with a random number generator. A control module performs the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK. If the control module validates the burned RK, the burned RK is employed by the media controller. Otherwise, one or more subsequent slots of the OTP memory are burned with the RK until the control module validates the corresponding burned RK.
-
Citations
13 Claims
-
1. A method of providing encryption/decryption of data transferred between a media controller and a storage device, wherein the media controller providing said encryption/decryption based on a root key (RK), the method comprising:
-
providing storage in a one-time programmable (OTP) memory as a plurality of un-burned slots to store data, the OTP memory initially provided without the RK; generating, with a random number generator, the RK; performing, with a control module, the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK; wherein, when the control module validates the burned RK; employing the burned RK as the RK by the media controller to provide said encryption/decryption; otherwise; burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption; wherein the comparison of the RK and the burned RK (bRK) is based on a maximum threshold of changed bits; and wherein a number of changed bits between RK and the bRK is determined by an exclusive-or (XOR) operation. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory machine-readable storage medium, having encoded thereon program code, wherein, when the program code is executed by a machine, the machine implements a method of providing encryption/decryption of data transferred between a media controller and a storage device, wherein the media controller providing said encryption/decryption based on a root key (RK), the method comprising:
-
providing storage in a one-time programmable (OTP) memory as a plurality of un-burned slots to store data, the OTP memory initially provided without the RK; generating, with a random number generator, the RK; performing, with a control module, the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK; wherein, when the control module validates the burned RK; employing the burned RK as the RK by the media controller to provide said encryption/decryption; otherwise; burning one or more subsequent slots with the RK and validating each corresponding bRK until the control module validates the corresponding burned RK, and then employing the burned RK as the RK by the media controller to provide said encryption/decryption; wherein the comparison of the RK and the burned RK (bRK) is based on a maximum threshold of changed bits; and wherein a number of changed bits between RK and the bRK is determined by an exclusive-or (XOR) operation. - View Dependent Claims (6, 7, 8)
-
-
9. An apparatus comprising a media controller configured to provide encryption/decryption of data transferred between the media controller and a storage device, wherein the media controller provides said encryption/decryption based on a root key (RK), the apparatus comprising:
-
a one-time programmable (OTP) memory having a plurality of un-burned slots to store data, wherein the OTP memory is initially provided without the RK; a random number generator configured to generate the RK; a control module configured to i) burn the RK to an initial slot of the OTP memory, and ii) validate the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK, wherein, when the control module validates the burned RK; the burned RK is employed as the RK by the media controller to provide said encryption/decryption; otherwise; the control module is configured to burn one or more subsequent slots with the RK and validate each corresponding bRK until the control module validates the corresponding burned RK, the burned RK employed as the RK by the media controller to provide said encryption/decryption;
wherein the comparison of the RK and the burned RK (bRK) is based on a maximum threshold of changed bits; and
wherein a number of changed bits between RK and the bRK is determined by an exclusive-or (XOR) operation. - View Dependent Claims (10, 11, 12, 13)
-
Specification