Secure storage of full disk encryption keys
First Claim
Patent Images
1. A method comprising:
- generating, by a processor, a plurality of random blocks of a pre-determined size for each data block to be encoded, the pre-determined size based on an allocation unit of a storage device;
encoding, by the processor, a first data block into a single encoded data block of the pre-determined size using the plurality of generated random blocks, the single encoded data block generated by performing a mathematical operation on the first data block and each generated random block, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block;
storing the single encoded data block and each generated random block separately at different known logical locations, wherein a physical location on the storage device that corresponds to a known logical location changes over time; and
overwriting at least one of the stored generated random blocks with arbitrary data.
1 Assignment
0 Petitions
Accused Products
Abstract
Data is securely stored on a storage device by encoding a data block into multiple encoded blocks, any number of which can be recombined to recover the data block. The encoded blocks are stored at known logical locations corresponding to physical locations on a storage device that change over time. When the data needs to be destroyed, at least one of the encoded blocks is overwritten with arbitrary data. In one aspect, the encoded blocks include at least one random block that is used to encode the data block. In another aspect, the known logical locations are stored in metadata.
41 Citations
18 Claims
-
1. A method comprising:
-
generating, by a processor, a plurality of random blocks of a pre-determined size for each data block to be encoded, the pre-determined size based on an allocation unit of a storage device; encoding, by the processor, a first data block into a single encoded data block of the pre-determined size using the plurality of generated random blocks, the single encoded data block generated by performing a mathematical operation on the first data block and each generated random block, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block; storing the single encoded data block and each generated random block separately at different known logical locations, wherein a physical location on the storage device that corresponds to a known logical location changes over time; and overwriting at least one of the stored generated random blocks with arbitrary data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory machine-readable storage medium embodied with machine-executable instructions, which when executed by a processor in a machine, cause the processor to perform a method comprising:
-
generating a plurality of random blocks of a pre-determined size for each data block to be encoded, the pre-determined size based on an allocation unit of a storage device; encoding a first data block into a single encoded data block of the pre-determined size using the plurality of generated random blocks, the single encoded data block generated by performing a mathematical operation on the first data block and each generated random block, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block; storing the single encoded data block and each generated random block separately at different known logical locations, wherein a physical location on the storage device that corresponds to a known logical location changes over time; and overwriting at least one of the stored generated random blocks with arbitrary data. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
-
a processor coupled to a memory through a bus; a storage device coupled to the processor through the bus; and a secure storage process executed from the storage device by the processor to cause the processor to generate a plurality of random blocks of a pre-determined size for each data block to be encoded, the pre-determined size based on an allocation unit of the storage device, encode a first data block into a single encoded data block of the pre-determined size using the plurality of generated random blocks, the single encoded data block generated by the processor performing a mathematical operation on the first data block and each generated random block, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block; store the single encoded data block and each generated random block separately at different known logical locations, wherein a physical location on the storage device that corresponds to a known logical location changes over time; and overwrite at least one of the generated random blocks with arbitrary data. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method comprising:
overwriting, by a processor, at least one of a plurality of generated random blocks on a storage device with arbitrary data, the generated random blocks corresponding to a data block and having a pre-determined size based on an allocation unit of the storage device, wherein a single encoded data block having the pre-determined size and previously generated by performing a mathematical operation on a first data block and each generated random block is also stored on the storage device, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block, and wherein the single encoded data block and each generated random block is stored separately at a different known logical location, each known logical location corresponding to a physical location on the storage device that changes over time.
-
17. A non-transitory machine-readable storage medium embodied with machine-executable instructions, which when executed by a processor in a machine, cause the processor to perform a method comprising:
overwriting at least one of a plurality of generated random blocks on a storage device with arbitrary data, the generated random blocks corresponding to a data block and having a pre-determined size based on an allocation unit of the storage device, wherein a single encoded data block having the pre-determined size and previously generated by performing a mathematical operation on a first data block and each generated random block is also store on the storage device, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block, and wherein the single encoded data block and each generated random block is stored separately at a different known logical location, each known logical location corresponding to a physical location on the storage device that changes over time.
-
18. A system comprising:
-
a processor coupled to a memory through a bus; a storage device coupled to the processor through the bus; and an overwrite process executed from the memory by the processor to cause the processor to overwrite at least one of a plurality of generated random blocks on the storage device with arbitrary data, the generated random blocks corresponding to a data block and having a pre-determined size based on an allocation unit of the storage device, wherein a single encoded data block having the pre-determined size and previously generated by performing a mathematical operation on a first data block and each of the generated random blocks is also stored on the storage device, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the data block, and wherein the single encoded data block and each of the generated random blocks is stored separately at a different known logical location, each known logical location corresponding to a physical location on the storage device that changes over time.
-
Specification