Method and apparatus for overwriting an encryption key of a media drive
First Claim
Patent Images
1. A method comprising:
- detecting a power event of a media drive, the media drive securely storing encrypted data, the encrypted data decryptable using one or more plain-text keys stored in a one-time-programmable (OTP) memory of the media drive;
activating, responsive to the detection of the power event of the media drive, a periodic counter, the periodic counter configured to cause, responsive to reaching a predetermined value that corresponds with a particular amount of time, the one or more plain-text keys stored in the OTP memory to be overwritten effective to zeroize the one or more plain-text keys; and
deactivating, responsive to an indication that the media drive is secure and before the predetermined value is reached, the periodic counter to prevent the one or more plain-text keys stored in the OTP memory from being zeroized effective to enable access to the one or more plain-text keys for decrypting the encrypted data after the particular amount of time has elapsed.
4 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure describes apparatuses and techniques for fail-safe key zeroization. In some aspects a periodic counter is activated that is configured to indicate an amount of time that content of a one-time-programmable (OTP) memory is accessible and overwriting of the content of the OTP is caused when the periodic counter reaches a predetermined value effective to zeroize the content. In other aspects a periodic counter is started in response to a power event and one or more encryption keys stored in OTP memory are zeroized if an indication of media drive security is not received within a predetermined amount of time.
-
Citations
18 Claims
-
1. A method comprising:
-
detecting a power event of a media drive, the media drive securely storing encrypted data, the encrypted data decryptable using one or more plain-text keys stored in a one-time-programmable (OTP) memory of the media drive; activating, responsive to the detection of the power event of the media drive, a periodic counter, the periodic counter configured to cause, responsive to reaching a predetermined value that corresponds with a particular amount of time, the one or more plain-text keys stored in the OTP memory to be overwritten effective to zeroize the one or more plain-text keys; and deactivating, responsive to an indication that the media drive is secure and before the predetermined value is reached, the periodic counter to prevent the one or more plain-text keys stored in the OTP memory from being zeroized effective to enable access to the one or more plain-text keys for decrypting the encrypted data after the particular amount of time has elapsed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A media drive comprising:
-
storage media comprising a computer-readable storage device; a media drive controller configured to access encrypted data in storage media, the media drive controller comprising; an encryption engine configured to encrypt data written to, and decrypt data read from, the storage media using one or more plain-text keys, the one or more plain-text keys used each time the encrypted data in the storage media is accessed, a one-time-programmable (OTP) memory to store the one or more plain-text keys for the encryption engine, and a key zeroizer configured to; activate, in response to a power event of the media drive, a periodic counter configured to zeroize the one or more plain-text keys after an amount of time elapses, and deactivate, in response to receiving an indication of media drive security prior to the counter reaching a predetermined value, the periodic counter to prevent the one or more plain-text keys stored in the OTP memory from being zeroized effective to enable continued access of the encrypted data of the media drive after the amount of time elapses. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system-on-chip (SoC) comprising:
-
a first communication interface for transmitting data to, and receiving data from, a host device; a second communication interface for writing encrypted data to, and reading encrypted data from, encrypted storage media; an encryption engine to encrypt the data written to the encrypted storage media and decrypt the data read from the encrypted storage media; a one-time-programmable (OTP) memory storing encryption keys used by the encryption engine for encrypting or decrypting the respective data, the encryption keys stored by the OTP memory and used when the encrypted storage media is accessed; and a key zeroizer configured to; activate a periodic counter in response to a power event within an operational environment of the SoC, the periodic counter configured to cause, responsive to reaching a predetermined value, the encryption keys stored in the OTP memory to be overwritten effective to zeroize the encryption keys; and deactivate, in response to receiving an indication that the operational environment of SoC is secure prior to the periodic counter reaching the predetermined value, the periodic counter to prevent the encryption keys stored in the OTP memory from being overwritten effective to enable continued access to the encrypted storage media. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification