Cascaded data encryption dependent on attributes of physical memory

US 8,862,902 B2
Filed: 04/29/2011
Issued: 10/14/2014
Est. Priority Date: 04/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving input data to be secured in a non-volatile memory against unauthorized access by an attacker;

encrypting the input data in relation to a first auxiliary data value to provide first level ciphertext, the first auxiliary data value comprising a logical block address (LBA) value associated with the input data;

subsequently encrypting the first level ciphertext in relation to a second auxiliary data value associated with a selected physical location in the non-volatile memory to provide second level ciphertext, the second auxiliary data value comprising a physical block address (PBA) of the selected physical location in the non-volatile memory;

storing the second level ciphertext to said selected physical location in the non-volatile memory to secure the input data from said unauthorized access by an attacker; and

subsequently migrating the secured input data from the selected physical location to a second selected physical location in the non-volatile memory by partially decrypting the second level ciphertext to recover the first level ciphertext from the selected physical location without recovering the corresponding input data in an unencrypted form, re-encrypting the recovered first level ciphertext using a third auxiliary data value associated with the second selected physical location to provide third level ciphertext, and storing the third level ciphertext in the second selected physical location while the second level ciphertext remains stored in the selected physical location in the non-volatile memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.

59 Citations

View as Search Results

15 Claims

1. A method comprising:
- receiving input data to be secured in a non-volatile memory against unauthorized access by an attacker;
  
  encrypting the input data in relation to a first auxiliary data value to provide first level ciphertext, the first auxiliary data value comprising a logical block address (LBA) value associated with the input data;
  
  subsequently encrypting the first level ciphertext in relation to a second auxiliary data value associated with a selected physical location in the non-volatile memory to provide second level ciphertext, the second auxiliary data value comprising a physical block address (PBA) of the selected physical location in the non-volatile memory;
  
  storing the second level ciphertext to said selected physical location in the non-volatile memory to secure the input data from said unauthorized access by an attacker; and
  
  subsequently migrating the secured input data from the selected physical location to a second selected physical location in the non-volatile memory by partially decrypting the second level ciphertext to recover the first level ciphertext from the selected physical location without recovering the corresponding input data in an unencrypted form, re-encrypting the recovered first level ciphertext using a third auxiliary data value associated with the second selected physical location to provide third level ciphertext, and storing the third level ciphertext in the second selected physical location while the second level ciphertext remains stored in the selected physical location in the non-volatile memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising a subsequent step of erasing the selected physical location to remove the second level ciphertext stored therein.
  - 3. The method of claim 1, in which the subsequently encrypting step comprises counter (CTR) mode encryption which uses a seed count value that includes physical address information associated with the selected physical location in the non-volatile memory.
  - 4. The method of claim 1, in which the encrypting and subsequently encrypting steps utilize a mixing layer between the respective encryption steps.
  - 5. The method of claim 1, in which the non-volatile memory comprises a flash memory array of flash memory cells.
  - 6. The method of claim 1, in which the non-volatile memory comprises a selected one of a disc memory, an array of spin-torque transfer random access memory (STRAM) cells, or an array of resistive random access memory (RRAM) cells.
  - 7. The method of claim 1, in which the non-volatile memory forms a portion of a data storage device comprising a data storage controller, the input data and the first auxiliary data value are both supplied by a host device in communication with the data storage device, and the data storage controller generates the second auxiliary value independently of the first auxiliary value.
  - 8. The method of claim 1, further comprising:
    - dividing the non-volatile memory into a plurality of bands each comprising a plurality of available physical locations for the storage of encrypted data;
      
      assigning a unique second auxiliary data value to each of the plurality of bands;
      
      identifying the second auxiliary data value assigned to the band which includes the selected physical location; and
      
      using the identified second auxiliary data value to subsequently encrypt the first level ciphertext to provide the second level ciphertext.

9. A method comprising sequential steps of:
- receiving from a host device input data to be secured in a non-volatile memory against unauthorized access by an attacker, the input data presented as unencrypted plaintext;
  
  applying multi-level encryption to the input data in relation to a first auxiliary data value associated with a first physical address in the non-volatile memory to generate a first set of ciphertext, wherein the multi-level encryption comprises applying a first level of encryption using a logical block address (LBA) value associated with the input data and then applying a second level of encryption using a physical block address (PBA) value associated with the first physical address in the non-volatile memory;
  
  storing the first set of ciphertext to said first physical address in the non-volatile memory to secure the input data from said unauthorized access by an attacker;
  
  decrypting the first set of ciphertext using the first auxiliary value to provide partially decrypted ciphertext that remains encrypted by at least one level of said multi-level encryption;
  
  re-encrypting the partially decrypted ciphertext in relation to a different, second auxiliary data value associated with a different, second physical address in the non-volatile memory to generate a second set of ciphertext; and
  
  writing the second set of ciphertext to the second physical address in the non-volatile memory responsive to the first set of ciphertext remaining stored in the first physical address in the non-volatile memory to secure the second set of ciphertext from unauthorized access by an attacker, wherein the input data is not decrypted into the presented unencrypted plaintext until a request for the input data is subsequently received from the host device.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, in which the first physical address in the non-volatile memory comprises a first page in a flash memory array, and the second physical address in the non-volatile memory comprises a second page in the flash memory array.
  - 11. The method of claim 9, in which the first physical address in the non-volatile memory is disposed within a first erasure block of a flash memory array, and the second physical address in the non-volatile memory is disposed within a different, second erasure block of the flash memory array.
  - 12. The method of claim 9, in which the decrypting, re-encrypting and writing steps are carried out responsive to a garbage collection operation in which the first physical address in the non-volatile memory is prepared for an erasure operation.

13. An apparatus comprising a non-volatile memory and a controller adapted to, responsive to receipt of input user data from a host device in the form of unencrypted plaintext for secure storage in the non-volatile memory against unauthorized access by an attacker, apply a first level encryption to said input user data in relation to a first auxiliary data value provided by the host device to generate first set of ciphertext, to apply a second level encryption to the first set of ciphertext in relation to a second auxiliary data value associated with a first physical location in the non-volatile memory to generate a second set of ciphertext as double-encrypted data, and to direct storage of the second set of ciphertext to said first physical location in the non-volatile memory, wherein the first auxiliary data value comprises a logical block address (LBA) value associated with the input data and the second auxiliary data value comprises a physical block address (PBA) value associated with the first physical location in the non-volatile memory, wherein the controller is further adapted to subsequently perform a migration operation to store encrypted data corresponding to the input user data to a different, second location by decrypting the second set of ciphertext using the second auxiliary data value to provide the first set of ciphertext, re-encrypting the decrypted first set of ciphertext in relation to a different, third auxiliary data value associated with a different, second physical location in the non-volatile memory to generate a third set of ciphertext, and to direct storage of the third set of ciphertext to the second physical location in the non-volatile memory, wherein the received unencrypted plaintext is not recovered during the generation and storage of the third set of ciphertext.
- View Dependent Claims (14, 15)
- - 14. The apparatus of claim 13, in which the second set of ciphertext remains stored in the first physical location in the non-volatile memory, and the controller subsequently directs an erasure operation upon the first physical location to remove the second set of ciphertext therefrom.
  - 15. The apparatus of claim 13, characterized as a flash memory data storage device, the first physical location in the non-volatile memory comprising a selected page in a flash memory array of the flash memory data storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Hars, Laszlo, Matthews, Donald P. Jr.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
GIDDINS, NELSON S

Application Number

US13/098,027
Publication Number

US 20120278635A1
Time in Patent Office

1,264 Days
Field of Search

713/193, 713/190
US Class Current

713/193
CPC Class Codes

G06F 12/0246   in block erasable memory, e...

G06F 12/14   Protection against unauthor...

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

G06F 2212/7201   Logical to physical mapping...

G06F 2221/2107   File encryption

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0894   Escrow, recovery or storing...

Cascaded data encryption dependent on attributes of physical memory

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Cascaded data encryption dependent on attributes of physical memory

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links