Protecting stored data from traffic analysis

US 9,324,361 B2
Filed: 08/14/2007
Issued: 04/26/2016
Est. Priority Date: 08/14/2007
Status: Active Grant

First Claim

Patent Images

1. A method of processing data internal to a computing device comprising:

determining, at a data storage controller, a specific portion of data to modify based on a request from a host computer to store data associated with a specific logical block address;

in response to determining the specific portion is to be modified, retrieving, via the data storage controller, encrypted selected data from a disc data storage medium, the encrypted selected data including the specific portion and another portion of data that is not associated with the request, where the specific portion and the another portion are both located in a same track of the disc data storage medium;

decrypting, via the data storage controller, the encrypted selected data to reveal the specific portion and the another portion;

modifying, via the data storage controller, the specific portion to produce a changed portion, while not modifying the another portion;

encrypting, via the data storage controller, the changed portion and the another portion to produce encrypted changed selected data; and

storing the encrypted changed selected data to the disc data storage medium.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method including: reading a portion of stored data from a storage medium, decrypting the portion of stored data, then if changes are requested, making the changes to the portion of stored data to produce changed data, encrypting the changed data, and writing the encrypted changed data to the storage medium. An apparatus that performs the method is also included.

15 Citations

View as Search Results

16 Claims

1. A method of processing data internal to a computing device comprising:
- determining, at a data storage controller, a specific portion of data to modify based on a request from a host computer to store data associated with a specific logical block address;
  
  in response to determining the specific portion is to be modified, retrieving, via the data storage controller, encrypted selected data from a disc data storage medium, the encrypted selected data including the specific portion and another portion of data that is not associated with the request, where the specific portion and the another portion are both located in a same track of the disc data storage medium;
  
  decrypting, via the data storage controller, the encrypted selected data to reveal the specific portion and the another portion;
  
  modifying, via the data storage controller, the specific portion to produce a changed portion, while not modifying the another portion;
  
  encrypting, via the data storage controller, the changed portion and the another portion to produce encrypted changed selected data; and
  
  storing the encrypted changed selected data to the disc data storage medium.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the encrypted selected data comprises an integer number of sectors of data from the same track.
  - 3. The method of claim 1, wherein the encrypted selected data includes a whole track of data from the same track of the disc data storage medium.
  - 4. The method of claim 1, wherein encrypting the changed portion and the another portion includes performing wide block encryption.
  - 5. The method of claim 1 wherein the specific portion includes the data associated with the specific logical block address and the another portion does not include the data associated with the specific logical block address.
  - 6. The method of claim 5 further comprising randomly selecting the another portion from a multitude of available data portions of the same track.
  - 7. The method of claim 6, further comprising:
    - writing the encrypted changed selected data to the storage medium includes selecting a different physical location to store the encrypted changed selected data that is not a same physical location that the encrypted selected data was stored.
  - 8. The method of claim 7 further comprising encrypting the changed portion and the another portion using a different encryption key than the encrypted selected data was encrypted with.
  - 9. The method of claim 8 wherein the encryption is performed by a data storage device such that the encryption is transparent to the host computer.
  - 10. The method of claim 8 wherein the encryption is performed by the host computer.

11. A device comprising:
- a computer processor configured to;
  
  process a request from a host to store data associated with a specific logical block address;
  
  retrieve selected data, including first data associated with the specific logical block address and second data not associated with the specific logical block address, from a storage medium in response to an indication to change the first data but not the second data, the first data and the second data both including host data having different corresponding logical block addresses,decrypt the selected data via a cryptographic module,make changes to the first data to produce changed data,encrypt, via the cryptographic module, the changed data and the second data to produce encrypted changed selected data, andstore the encrypted changed selected data to the storage medium.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The device of claim 11 further comprising the storage medium communicatively coupled to the computer processor to allow retrieving of data from the storage medium and storing of data to the storage medium.
  - 13. The device of claim 11 wherein the changes correspond to the request to store data associated with the specific logical block address and the first data includes the data associated with the specific logical block address and the second data does not include the data associated with the specific logical block address.
  - 14. The device of claim 11 wherein the computer processor is further adapted to select a different physical location of a data storage medium to store the encrypted changed selected data, where the different physical location is not a same physical location that the selected data was previously stored at.
  - 15. The device of claim 11 wherein the computer processor is further adapted to produce the encrypted changed selected data using a different encryption key than the selected data was encrypted with.

16. A method of decryption and encryption performed internal to a computing device comprising:
- process a request to change specific data associated with a specific logical block address of a data storage device;
  
  based on the request to change the specific data, retrieving a first data portion mapped to the specific logical block address, and retrieving a second data portion not mapped to the specific logical block address and having a different logical block address than the first data portion;
  
  decrypting data including the first data portion and the second data portion;
  
  changing the first data portion to produce a changed first data portion;
  
  not changing the second data portion;
  
  encrypting together the changed first data portion and the second data portion that is unchanged to produce encrypted changed data; and
  
  storing the encrypted changed data to the data storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Hars, Laszlo
Primary Examiner(s)
Reza, Mohammad W
Assistant Examiner(s)
NGUYEN, TRONG H

Application Number

US11/838,425
Publication Number

US 20090048976A1
Time in Patent Office

3,178 Days
Field of Search

713189-194, 726 22- 33
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/14   against software analysis o...

G11B 20/00086   Circuits for prevention of ...

Protecting stored data from traffic analysis

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting stored data from traffic analysis

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links