MRAM-based security for data storage systems

US 8,909,942 B1
Filed: 03/30/2012
Issued: 12/09/2014
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A data storage system, comprising:

a non-volatile memory array;

a magnetoresistive random access memory (MRAM) module configured to store key data, the MRAM module configured to store the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field configured to be applied in response to a vendor specific command received from a host system, the key data configured to be;

accessible when the non-bias magnetic field is not applied to the MRAM module, andrendered inaccessible when the non-bias magnetic field is applied to the MRAM module,wherein the MRAM module remains stationary relative to the data storage system during application of the non-bias magnetic field, andwherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value; and

data protector circuitry configured to;

use the key data stored in the MRAM module to encrypt data received from the host system for storage in the memory array; and

use the key data stored in the MRAM module to decrypt encrypted data read from the memory array,wherein application of the non-bias magnetic field

     1) disables the ability of the data protector circuitry to decrypt encrypted data stored in the memory array,

     2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and

     3) renders the key data stored in the MRAM module inaccessible even after the data storage system has failed.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data storage system includes a mechanism that can be activated to inhibit access to stored data. In one embodiment, access to stored data can be prevented without having to erase or modify such data. An encryption key, or data used to generate the encryption key, is stored in an MRAM module integrated within the data storage system. The data storage system uses the encryption key to encrypt data received from a host system, and to decrypt the encrypted data when it is subsequently read by a host system. To render the stored data inaccessible, an operator (or an automated process) can expose the MRAM module to a magnetic field of sufficient strength to erase key data therefrom.

Citations

17 Claims

1. A data storage system, comprising:
- a non-volatile memory array;
  
  a magnetoresistive random access memory (MRAM) module configured to store key data, the MRAM module configured to store the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field configured to be applied in response to a vendor specific command received from a host system, the key data configured to be;
  
  accessible when the non-bias magnetic field is not applied to the MRAM module, andrendered inaccessible when the non-bias magnetic field is applied to the MRAM module,wherein the MRAM module remains stationary relative to the data storage system during application of the non-bias magnetic field, andwherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value; and
  
  data protector circuitry configured to;
  
  use the key data stored in the MRAM module to encrypt data received from the host system for storage in the memory array; and
  
  use the key data stored in the MRAM module to decrypt encrypted data read from the memory array,wherein application of the non-bias magnetic field
  
       1) disables the ability of the data protector circuitry to decrypt encrypted data stored in the memory array,
  
       2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and
  
       3) renders the key data stored in the MRAM module inaccessible even after the data storage system has failed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The data storage system of claim 1, further comprising a magnetic field generator configured to, when powered, generate the non-bias magnetic field configured to render inaccessible data stored in the MRAM module.
  - 3. The data storage system of claim 1, wherein the memory array comprises solid-state memory.
  - 4. The data storage system of claim 1, wherein the data storage system comprises one of:
    - a solid-state drive or a hybrid hard drive.
  - 5. The data storage system of claim 1, wherein the key data comprises a key used to encrypt and decrypt data.
  - 6. The data storage system of claim 1, wherein the data protector circuitry is further configured to generate a key based at least in part on the key data, the key used to encrypt and decrypt data.
  - 7. The data storage system of claim 1, wherein the data protector circuitry is configured to encrypt the data and decrypt the encrypted data without sharing the key data with the host system.

8. A method of securely storing data in a data storage system, the method comprising:
- accessing key data stored in a magnetoresistive random access memory (MRAM) module, the MRAM module storing the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible the key data, the non-bias magnetic field applied in response to a vendor specific command received from a host system;
  
  generating a key based at least in part on the key data;
  
  encrypting data received from the host system using the generated key;
  
  storing the encrypted data in a non-volatile memory array;
  
  decrypting the encrypted data stored in the memory array using the key; and
  
  providing the decrypted data to the host system, wherein the key is required to decrypt the encrypted data stored in the memory array,wherein exposing the MRAM module to the non-bias magnetic field
  
       1) disables the functionality of decrypting the encrypted data stored in the memory array,
  
       2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and
  
       3) renders the key data inaccessible even after the data storage system has failed,wherein the MRAM module remains stationary relative to the data storage system during application of the non-bias magnetic field,wherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value, andwherein the method is performed under the control of a controller.
- View Dependent Claims (9, 14)
- - 9. The method of claim 8, further comprising encrypting data and decrypting the encrypted data without sharing the key with the host system.
  - 14. The data storage system of claim 9, wherein the controller is configured to encrypt the data and decrypt the encrypted data without sharing the key with the host system.

10. A data storage system comprising:
- a non-volatile memory array configured to store data communicated by a host system;
  
  a magnetoresistive random access memory (MRAM) module configured to store key data, wherein the MRAM module is configured to store the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field configured to be applied in response to a vendor specific command received from the host system, the key data configured to be;
  
  accessible when the non-bias magnetic field is not applied to the MRAM module, andrendered inaccessible when the non-bias magnetic field is applied to the MRAM module,wherein the MRAM module remains stationary with respect to the data storage system during application of the non-bias magnetic field, andwherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value; and
  
  a controller configured to;
  
  generate a key based at least in part on the key data stored in the MRAM module;
  
  in response to receiving a write command from the host system comprising data, encrypt the data using the key and store the encrypted data in the memory array;
  
  in response to receiving a read command from the host system to retrieve the data, decrypt the encrypted data using the key and provide the decrypted data to the host system,wherein the key is required to decrypt the encrypted data stored in the memory array, andwherein application of the non-bias magnetic field
  
       1) disables the ability of the controller to decrypt the encrypted data stored in the memory array,
  
       2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and
  
       3) renders the key data stored in the MRAM module inaccessible even after the data storage system has failed.
- View Dependent Claims (11, 12, 13)
- - 11. The data storage system of claim 10, wherein the controller is further configured to:
    - in response to receiving the vendor specific command from the host system, render inaccessible the key data stored in the MRAM module, thereby preventing decryption of the encrypted data stored in the memory array.
  - 12. The data storage system of claim 10, further comprising an anti-tampering label configured to indicate whether the data storage system was tampered with.
  - 13. The data storage system of claim 12, wherein the anti-tampering label is configured to be affixed to at least a part of the MRAM module in order to indicate whether the MRAM module or an interface between the MRAM module and the controller were tampered with.

15. A method of securely storing data in a data storage system, the method comprising:
- accessing key data stored in a magnetoresistive random access (MRAM) module, the MRAM module storing the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field applied in response to a vendor specific command received from a host system;
  
  in response to determining that the key data is not successfully accessed, generating a replacement key data and storing the replacement key data in the MRAM module;
  
  generating a key based on the key data or the replacement key data; and
  
  using the key, encrypting data for storing in a non-volatile memory array and decrypting data retrieved from the memory array,wherein application of the non-bias magnetic field
  
       1) disables the functionality of decrypting data stored in the memory array,
  
       2) prevents access to data stored in the memory array without erasing any of data stored in the memory array,
  
       3) renders the key data or replacement key data stored in the MRAM module inaccessible even when the data storage system has become nonfunctional,wherein the MRAM module remains stationary with respect to the data storage system during application of the non-bias magnetic field,wherein when the data storage system has failed, the replacement key data is generated by computing an error correction code and an authentication value, andwherein the method is performed under the control of a controller.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein accessing the value stored in the MRAM module is performed during start-up of the data storage system.
  - 17. The method of claim 15, further comprising encrypting data and decrypting the encrypted data without sharing the key with the host system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
Latifi, Afshin, Jones, Justin, Obukhov, Dmitry S.
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Lynch, Sharon

Application Number

US13/436,327
Time in Patent Office

984 Days
Field of Search

380/277, 713/193
US Class Current

713/193
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/60   Protecting data

G06F 21/78   to assure secure storage of...

G06F 2212/2024   Rewritable memory not requi...

G06F 2221/2143   Clearing memory, e.g. to pr...

G11C 11/1695   Protection circuits or methods

MRAM-based security for data storage systems

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

MRAM-based security for data storage systems

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links