Protecting stored data from traffic analysis
First Claim
Patent Images
1. A method of processing data internal to a computing device comprising:
- determining, at a data storage controller, a specific portion of data to modify based on a request from a host computer to store data associated with a specific logical block address;
in response to determining the specific portion is to be modified, retrieving, via the data storage controller, encrypted selected data from a disc data storage medium, the encrypted selected data including the specific portion and another portion of data that is not associated with the request, where the specific portion and the another portion are both located in a same track of the disc data storage medium;
decrypting, via the data storage controller, the encrypted selected data to reveal the specific portion and the another portion;
modifying, via the data storage controller, the specific portion to produce a changed portion, while not modifying the another portion;
encrypting, via the data storage controller, the changed portion and the another portion to produce encrypted changed selected data; and
storing the encrypted changed selected data to the disc data storage medium.
5 Assignments
0 Petitions
Accused Products
Abstract
A method including: reading a portion of stored data from a storage medium, decrypting the portion of stored data, then if changes are requested, making the changes to the portion of stored data to produce changed data, encrypting the changed data, and writing the encrypted changed data to the storage medium. An apparatus that performs the method is also included.
15 Citations
16 Claims
-
1. A method of processing data internal to a computing device comprising:
-
determining, at a data storage controller, a specific portion of data to modify based on a request from a host computer to store data associated with a specific logical block address; in response to determining the specific portion is to be modified, retrieving, via the data storage controller, encrypted selected data from a disc data storage medium, the encrypted selected data including the specific portion and another portion of data that is not associated with the request, where the specific portion and the another portion are both located in a same track of the disc data storage medium; decrypting, via the data storage controller, the encrypted selected data to reveal the specific portion and the another portion; modifying, via the data storage controller, the specific portion to produce a changed portion, while not modifying the another portion; encrypting, via the data storage controller, the changed portion and the another portion to produce encrypted changed selected data; and storing the encrypted changed selected data to the disc data storage medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device comprising:
a computer processor configured to; process a request from a host to store data associated with a specific logical block address; retrieve selected data, including first data associated with the specific logical block address and second data not associated with the specific logical block address, from a storage medium in response to an indication to change the first data but not the second data, the first data and the second data both including host data having different corresponding logical block addresses, decrypt the selected data via a cryptographic module, make changes to the first data to produce changed data, encrypt, via the cryptographic module, the changed data and the second data to produce encrypted changed selected data, and store the encrypted changed selected data to the storage medium. - View Dependent Claims (12, 13, 14, 15)
-
16. A method of decryption and encryption performed internal to a computing device comprising:
-
process a request to change specific data associated with a specific logical block address of a data storage device; based on the request to change the specific data, retrieving a first data portion mapped to the specific logical block address, and retrieving a second data portion not mapped to the specific logical block address and having a different logical block address than the first data portion; decrypting data including the first data portion and the second data portion; changing the first data portion to produce a changed first data portion; not changing the second data portion; encrypting together the changed first data portion and the second data portion that is unchanged to produce encrypted changed data; and storing the encrypted changed data to the data storage device.
-
Specification