Secure erasure of data from a non-volatile memory

US 8,909,888 B2
Filed: 04/29/2011
Issued: 12/09/2014
Est. Priority Date: 04/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying an extended data set comprising multiple copies of data having a common logical address stored in different physical addresses within the memory, the multiple copies comprising a most current copy of the data and at least one stale copy of the data;

determining a total accumulated size of the extended data set indicative of an accumulated total number of data bits in the multiple copies of the data stored in each of the different physical addresses within the memory;

comparing the overall size of the extended data set to a predetermined threshold; and

sanitizing at least a portion of the extended data set from the memory in relation to the overall size of the data set so that other previously stored data in the memory are retained in the memory, wherein a first type of sanitizing operation is performed responsive to the overall size of the extended data set exceeding the predetermined threshold and a different, second type of sanitizing operation is performed responsive to the overall size not exceeding the predetermined threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for securely erasing data from a non-volatile memory, such as but not limited to a flash memory array. In accordance with various embodiments, an extended data set to be sanitized from the memory is identified. The extended data set includes multiple copies of data having a common logical address and different physical addresses within the memory. The extended data set is sanitized in relation to a characterization of the data set. The data sanitizing operation results in the extended data set being purged from the memory and other previously stored data in the memory being retained.

25 Citations

View as Search Results

23 Claims

1. A method comprising:
- identifying an extended data set comprising multiple copies of data having a common logical address stored in different physical addresses within the memory, the multiple copies comprising a most current copy of the data and at least one stale copy of the data;
  
  determining a total accumulated size of the extended data set indicative of an accumulated total number of data bits in the multiple copies of the data stored in each of the different physical addresses within the memory;
  
  comparing the overall size of the extended data set to a predetermined threshold; and
  
  sanitizing at least a portion of the extended data set from the memory in relation to the overall size of the data set so that other previously stored data in the memory are retained in the memory, wherein a first type of sanitizing operation is performed responsive to the overall size of the extended data set exceeding the predetermined threshold and a different, second type of sanitizing operation is performed responsive to the overall size not exceeding the predetermined threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the memory is arranged as a plurality of erasure blocks, the first type of sanitizing operation comprises performing a garbage collection operation upon all of the erasure blocks in the memory, and the second type of sanitizing operation comprises a selected one of overwriting data onto the at least a portion of the extended data set or destroying at least one encryption key associated with the at least a portion of the extended data set.
  - 3. The method of claim 1, wherein the entire extended data set, including the most current copy of the data, is permanently removed from the memory and not returned thereto as a result of the sanitizing step.
  - 4. The method of claim 1, further comprising comparing the total accumulated size of the extended data set to a second selected threshold lower than the selected threshold, and performing a different, third type of sanitizing operation upon the data set responsive to the total accumulated size being below the second selected threshold.
  - 5. The method of claim 1, in which the second type of sanitizing operation comprises destroying an encryption key used to encrypt at least a portion of the extended data set prior to storage thereof in the memory.
  - 6. The method of claim 1, in which the second type of sanitizing operation comprises performing a garbage collection operation upon at least one erasure block of the memory, the garbage collection operation comprising an erasure of the at least one erasure block.
  - 7. The method of claim 1, in which the second type of sanitizing operation comprises overwriting memory cells in the memory which store data bits of the extended data set.
  - 8. The method of claim 1, in which the sanitizing operation removes at least one older copy of data in the extended data set from the memory and retains, in the memory, the most current copy of data in the extended data set and a predetermined plural number of older copies of data in the extended data set.
  - 9. The method of claim 1, in which the extended data set includes a first copy of data in a first garbage collection unit (GCU) of the memory and a second copy of the data in a different, second GCU of the memory, and the identifying step comprises referencing respective GCU sequence values stored in the first and second GCUs to identify the extended data set.
  - 10. The method of claim 1, in which the first and second types of sanitizing are each characterized as a non-destructive purge of the extended data set so that the physical memory locations in which the extended data set were stored can be subsequently used to store new data.
  - 11. The method of claim 1, in which at least a selected one of the first or second types of sanitizing operations is characterized as a destructive purge of the extended data set so that at least some of the physical memory locations in which the extended data set were stored are damaged so as to be incapable of subsequently storing new data.

12. An apparatus comprising:
- a non-volatile memory which stores an extended data set comprising multiple copies of data having a common logical address and different physical addresses within the memory, the multiple copies comprising a most current version of the data and at least one stale version of the data; and
  
  a controller adapted to determine an overall size of the extended data set, to compare the overall size to a predetermined threshold, and to sanitize the extended data set from the memory responsive to said determined overall size exceeding the predetermined threshold so that the entire extended data set is non-destructively and permanently purged from the memory and other data in the memory are retained, wherein the overall size of the extended data set is indicative of an accumulated total number of data bits in the multiple copies of the data stored in each of the different physical addresses within the memory;
  
  in which the controller performs a first type of sanitizing operation upon the extended data set responsive to a first overall size of the extended data set exceeding the predetermined threshold and performs a different, second type of sanitizing operation responsive to a different, second overall size of the extended data set less than the predetermined threshold.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus of claim 12, in which the most current version of the data is stored in a first physical location of the memory and the at least one stale version of the data is stored in a different, second physical location of the memory.
  - 14. The apparatus of claim 12, further comprising a monitor circuit coupled to the controller which generates an internal trigger to commence the sanitizing operation upon the extended data set.
  - 15. The apparatus of claim 14, in which the monitor circuit generates the internal trigger responsive to the number of said multiple copies of the data reaching a predetermined threshold.
  - 16. The apparatus of claim 12, in which the memory is arranged as a plurality of garbage collection units (GCU) each allocated and erased as a unit, each GCU storing a GCU sequence value indicative of an allocation order of the GCUs, the controller referencing the GCU sequence values to identify the physical locations of the multiple copies of the data forming the extended data set.
  - 17. The apparatus of claim 12, in which the different first and second sanitizing operations are each selected from a group comprising a garbage collection operation upon the entire memory, a garbage collection operation limited to a portion of the memory, a destruction of an encryption key used to encrypt at least a portion of the extended data set, a data overwrite operation so that at least one data bit of the extended data set is overwritten, or a data overwrite/erasure cycle.

18. A storage device comprising a non-volatile memory, a monitor circuit, and a controller adapted to, responsive to a trigger signal generated by the monitor circuit, sanitize an extended data set from the non-volatile memory responsive to an overall size of the data set, the data set comprising multiple copies of host data sharing a common logical address and having different physical addresses within the memory, said multiple copies comprising a most current version of the data and a plurality of older, stale versions of the data, said sanitizing operable to purge the extended data set from the memory so that the most current version of the data and the plurality of older, stale versions of the data are permanently removed from the memory while retaining other host data in the memory, wherein the overall size of the extended data set is indicative of an accumulated total number of data bits in the multiple copies of the data stored in each of the different physical addresses within the memory;
- in which the controller applies a first data sanitizing operation to the memory responsive to the overall size exceeding a predetermined threshold, the controller applying a different, second data sanitizing operation to the memory responsive to the overall size not exceeding the predetermined threshold.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The storage device of claim 18, in which the monitor circuit generates the trigger signal responsive to said multiple copies of the data reaching a predetermined threshold.
  - 20. The storage device of claim 18, in which the sanitizing operation carried out by the controller is characterized as a non-destructive purge of the extended data set so that the physical memory locations in which the extended data set were stored can be subsequently used to store new data.
  - 21. The storage device of claim 18, in which the sanitizing operation is characterized as a destructive purge of the extended data set so that at least some of the physical memory locations in which the extended data set were stored are damaged so as to be incapable of subsequently storing new data.
  - 22. The storage device of claim 18, in which the controller is further adapted to perform a search operation upon the memory to identify physical locations of said multiple copies.
  - 23. The storage device of claim 18, characterized as a flash memory array having a total number of erasure blocks, and wherein the controller sanitizes the memory by performing a garbage collection operation upon each of the total number of erasure blocks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Goss, Ryan James, Seekins, David Scott, Haines, Jonathan W., Feldman, Timothy R.
Primary Examiner(s)
Li, Aimee
Assistant Examiner(s)
RANKIN, CANDICE A

Application Number

US13/098,093
Publication Number

US 20120278564A1
Time in Patent Office

1,320 Days
Field of Search

None
US Class Current

711/166
CPC Class Codes

G06F 12/00 Accessing, addressing or al...

G06F 12/0253 Garbage collection, i.e. re...

Secure erasure of data from a non-volatile memory

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure erasure of data from a non-volatile memory

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links