Encryption key generation in encrypted storage devices
First Claim
Patent Images
1. A method of operation of a storage device comprising:
- receiving, from an input device, inputs for defining a personal identification number (PIN);
obtaining a value of a cyclic counter after each input for defining the PIN;
storing the obtained value to an event history in a memory after each input;
receiving, from the input device, additional inputs for a confirmation PIN;
retrieving the value of the cyclic counter after each additional input for the confirmation PIN;
storing the retrieved value to the event history in the memory after each additional input;
defining an encryption key based on a random number generator seeded with a value based on the event history;
comparing the defined PIN to the confirmation PIN;
determining that the defined PIN is validated when the confirmation PIN matches the defined PIN;
enabling access to the storage device when the defined PIN is validated;
encrypting data at the storage device using the encryption key; and
storing the encrypted data in the storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of generating an encryption key in a self-encrypting mass storage device that includes using a manual input device as input for a micro-controller that contains a cyclic counter. An input device event triggers the micro-controller to read the current state of the cyclic counter. An accumulation of cyclic counter values is used as a source of entropy to seed a deterministic random number generator. The output of the deterministic random number generator is used as an encryption key for encryption/decryption processes within the mass storage device.
41 Citations
18 Claims
-
1. A method of operation of a storage device comprising:
-
receiving, from an input device, inputs for defining a personal identification number (PIN); obtaining a value of a cyclic counter after each input for defining the PIN; storing the obtained value to an event history in a memory after each input; receiving, from the input device, additional inputs for a confirmation PIN; retrieving the value of the cyclic counter after each additional input for the confirmation PIN; storing the retrieved value to the event history in the memory after each additional input; defining an encryption key based on a random number generator seeded with a value based on the event history; comparing the defined PIN to the confirmation PIN; determining that the defined PIN is validated when the confirmation PIN matches the defined PIN; enabling access to the storage device when the defined PIN is validated; encrypting data at the storage device using the encryption key; and storing the encrypted data in the storage device. - View Dependent Claims (2, 3, 4, 13)
-
-
5. A storage device comprising:
-
an input device for receiving inputs for defining a personal identification number (PIN) and additional inputs for a confirmation PIN; a cyclic counter; a memory for storing an event history; a microcontroller for; obtaining a value of the cyclic counter after each input for defining the PIN; storing the obtained value of the cyclic counter to the event history after each input for defining the PIN; retrieving the value of the cyclic counter after each additional input for the confirmation PIN; storing the retrieved value of the cyclic counter to the event history; comparing the defined PIN to the confirmation PIN; determining that the defined PIN is validated when the confirmation PIN matches the defined PIN; and enabling access to the storage device when the defined PIN is validated; a random number generator for defining an encryption key, the random number generator being seeded based on the event history after a size of the event history is at least a size of a seed for the random number generator; and an encryption/decryption engine for encrypting data at the storage device using the encryption key and for storing the encrypted data in the storage device. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
14. A non-transitory machine-readable storage medium including instructions that, when executed by a machine, cause the machine to perform operations comprising:
-
receiving, from an input device, inputs for defining a personal identification number (PIN); obtaining a value of a cyclic counter after each input for defining the PIN; storing the obtained value to an event history in a memory after each input; receiving, from the input device, additional inputs for a confirmation PIN; retrieving the value of the cyclic counter after each additional input for the confirmation PIN; storing the retrieved value to the event history in the memory after each additional input; defining an encryption key based on a random number generator seeded with a value based on the event history; comparing the defined PIN to the confirmation PIN; determining that the defined PIN is validated when the defined PIN matches the confirmation PIN; enabling access to the storage device when the defined PIN is validated; encrypting data at the storage device using the encryption key; and storing the encrypted data in the storage device. - View Dependent Claims (15, 16, 17, 18)
-
Specification