MRAM-based security for data storage systems
First Claim
Patent Images
1. A data storage system, comprising:
- a non-volatile memory array;
a magnetoresistive random access memory (MRAM) module configured to store key data, the MRAM module configured to store the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field configured to be applied in response to a vendor specific command received from a host system, the key data configured to be;
accessible when the non-bias magnetic field is not applied to the MRAM module, andrendered inaccessible when the non-bias magnetic field is applied to the MRAM module,wherein the MRAM module remains stationary relative to the data storage system during application of the non-bias magnetic field, andwherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value; and
data protector circuitry configured to;
use the key data stored in the MRAM module to encrypt data received from the host system for storage in the memory array; and
use the key data stored in the MRAM module to decrypt encrypted data read from the memory array,wherein application of the non-bias magnetic field
1) disables the ability of the data protector circuitry to decrypt encrypted data stored in the memory array,
2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and
3) renders the key data stored in the MRAM module inaccessible even after the data storage system has failed.
10 Assignments
0 Petitions
Accused Products
Abstract
A secure data storage system includes a mechanism that can be activated to inhibit access to stored data. In one embodiment, access to stored data can be prevented without having to erase or modify such data. An encryption key, or data used to generate the encryption key, is stored in an MRAM module integrated within the data storage system. The data storage system uses the encryption key to encrypt data received from a host system, and to decrypt the encrypted data when it is subsequently read by a host system. To render the stored data inaccessible, an operator (or an automated process) can expose the MRAM module to a magnetic field of sufficient strength to erase key data therefrom.
-
Citations
17 Claims
-
1. A data storage system, comprising:
-
a non-volatile memory array; a magnetoresistive random access memory (MRAM) module configured to store key data, the MRAM module configured to store the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field configured to be applied in response to a vendor specific command received from a host system, the key data configured to be; accessible when the non-bias magnetic field is not applied to the MRAM module, and rendered inaccessible when the non-bias magnetic field is applied to the MRAM module, wherein the MRAM module remains stationary relative to the data storage system during application of the non-bias magnetic field, and wherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value; and data protector circuitry configured to; use the key data stored in the MRAM module to encrypt data received from the host system for storage in the memory array; and use the key data stored in the MRAM module to decrypt encrypted data read from the memory array, wherein application of the non-bias magnetic field
1) disables the ability of the data protector circuitry to decrypt encrypted data stored in the memory array,
2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and
3) renders the key data stored in the MRAM module inaccessible even after the data storage system has failed. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of securely storing data in a data storage system, the method comprising:
-
accessing key data stored in a magnetoresistive random access memory (MRAM) module, the MRAM module storing the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible the key data, the non-bias magnetic field applied in response to a vendor specific command received from a host system; generating a key based at least in part on the key data; encrypting data received from the host system using the generated key; storing the encrypted data in a non-volatile memory array; decrypting the encrypted data stored in the memory array using the key; and providing the decrypted data to the host system, wherein the key is required to decrypt the encrypted data stored in the memory array, wherein exposing the MRAM module to the non-bias magnetic field
1) disables the functionality of decrypting the encrypted data stored in the memory array,
2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and
3) renders the key data inaccessible even after the data storage system has failed,wherein the MRAM module remains stationary relative to the data storage system during application of the non-bias magnetic field, wherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value, and wherein the method is performed under the control of a controller. - View Dependent Claims (9, 14)
-
-
10. A data storage system comprising:
-
a non-volatile memory array configured to store data communicated by a host system; a magnetoresistive random access memory (MRAM) module configured to store key data, wherein the MRAM module is configured to store the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field configured to be applied in response to a vendor specific command received from the host system, the key data configured to be; accessible when the non-bias magnetic field is not applied to the MRAM module, and rendered inaccessible when the non-bias magnetic field is applied to the MRAM module, wherein the MRAM module remains stationary with respect to the data storage system during application of the non-bias magnetic field, and wherein when the data storage system has failed, replacement key data is generated by computing an error correction code and an authentication value; and a controller configured to; generate a key based at least in part on the key data stored in the MRAM module; in response to receiving a write command from the host system comprising data, encrypt the data using the key and store the encrypted data in the memory array; in response to receiving a read command from the host system to retrieve the data, decrypt the encrypted data using the key and provide the decrypted data to the host system, wherein the key is required to decrypt the encrypted data stored in the memory array, and wherein application of the non-bias magnetic field
1) disables the ability of the controller to decrypt the encrypted data stored in the memory array,
2) prevents access to data stored in the memory array without erasing any of data stored in the memory array, and
3) renders the key data stored in the MRAM module inaccessible even after the data storage system has failed. - View Dependent Claims (11, 12, 13)
-
-
15. A method of securely storing data in a data storage system, the method comprising:
-
accessing key data stored in a magnetoresistive random access (MRAM) module, the MRAM module storing the key data without application of a bias magnetic field and not physically enclosed in a shielding configured to shield the MRAM module from a non-bias magnetic field that renders inaccessible data stored in the MRAM module, the non-bias magnetic field applied in response to a vendor specific command received from a host system; in response to determining that the key data is not successfully accessed, generating a replacement key data and storing the replacement key data in the MRAM module; generating a key based on the key data or the replacement key data; and using the key, encrypting data for storing in a non-volatile memory array and decrypting data retrieved from the memory array, wherein application of the non-bias magnetic field
1) disables the functionality of decrypting data stored in the memory array,
2) prevents access to data stored in the memory array without erasing any of data stored in the memory array,
3) renders the key data or replacement key data stored in the MRAM module inaccessible even when the data storage system has become nonfunctional,wherein the MRAM module remains stationary with respect to the data storage system during application of the non-bias magnetic field, wherein when the data storage system has failed, the replacement key data is generated by computing an error correction code and an authentication value, and wherein the method is performed under the control of a controller. - View Dependent Claims (16, 17)
-
Specification