Encryption key generation in encrypted storage devices

US 9,690,952 B2
Filed: 06/24/2015
Issued: 06/27/2017
Est. Priority Date: 12/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method of operation of a storage device comprising:

receiving, from an input device, inputs for defining a personal identification number (PIN);

obtaining a value of a cyclic counter after each input for defining the PIN;

storing the obtained value to an event history in a memory after each input;

receiving, from the input device, additional inputs for a confirmation PIN;

retrieving the value of the cyclic counter after each additional input for the confirmation PIN;

storing the retrieved value to the event history in the memory after each additional input;

defining an encryption key based on a random number generator seeded with a value based on the event history;

comparing the defined PIN to the confirmation PIN;

determining that the defined PIN is validated when the confirmation PIN matches the defined PIN;

enabling access to the storage device when the defined PIN is validated;

encrypting data at the storage device using the encryption key; and

storing the encrypted data in the storage device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of generating an encryption key in a self-encrypting mass storage device that includes using a manual input device as input for a micro-controller that contains a cyclic counter. An input device event triggers the micro-controller to read the current state of the cyclic counter. An accumulation of cyclic counter values is used as a source of entropy to seed a deterministic random number generator. The output of the deterministic random number generator is used as an encryption key for encryption/decryption processes within the mass storage device.

41 Citations

18 Claims

1. A method of operation of a storage device comprising:
- receiving, from an input device, inputs for defining a personal identification number (PIN);
  
  obtaining a value of a cyclic counter after each input for defining the PIN;
  
  storing the obtained value to an event history in a memory after each input;
  
  receiving, from the input device, additional inputs for a confirmation PIN;
  
  retrieving the value of the cyclic counter after each additional input for the confirmation PIN;
  
  storing the retrieved value to the event history in the memory after each additional input;
  
  defining an encryption key based on a random number generator seeded with a value based on the event history;
  
  comparing the defined PIN to the confirmation PIN;
  
  determining that the defined PIN is validated when the confirmation PIN matches the defined PIN;
  
  enabling access to the storage device when the defined PIN is validated;
  
  encrypting data at the storage device using the encryption key; and
  
  storing the encrypted data in the storage device.
- View Dependent Claims (2, 3, 4, 13)
- - 2. The method as claimed in claim 1, further comprising:
    - decrypting the encrypted data, with an encryption/decryption engine, using the encryption key; and
      
      sending decrypted data through a communication channel to a host computer.
  - 3. The method as claimed in claim 1, further comprising:
    - sending encrypted data from the storage media to an encryption/decryption engine.
  - 4. The method as claimed in claim 1, wherein a size of the cyclic counter is in a range of 2-16 bits, wherein a size of the random seed is equal to the size of the cyclic counter times a number of events in the event history.
  - 13. The method as claimed in claim 1, further comprising:
    - provisioning the storage device after defining the encryption key.

5. A storage device comprising:
- an input device for receiving inputs for defining a personal identification number (PIN) and additional inputs for a confirmation PIN;
  
  a cyclic counter;
  
  a memory for storing an event history;
  
  a microcontroller for;
  
  obtaining a value of the cyclic counter after each input for defining the PIN;
  
  storing the obtained value of the cyclic counter to the event history after each input for defining the PIN;
  
  retrieving the value of the cyclic counter after each additional input for the confirmation PIN;
  
  storing the retrieved value of the cyclic counter to the event history;
  
  comparing the defined PIN to the confirmation PIN;
  
  determining that the defined PIN is validated when the confirmation PIN matches the defined PIN; and
  
  enabling access to the storage device when the defined PIN is validated;
  
  a random number generator for defining an encryption key, the random number generator being seeded based on the event history after a size of the event history is at least a size of a seed for the random number generator; and
  
  an encryption/decryption engine for encrypting data at the storage device using the encryption key and for storing the encrypted data in the storage device.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The storage device as claimed in claim 5, further comprising a vibration sensor.
  - 7. The storage device as claimed in claim 5, wherein the encryption/decryption engine is for decrypting data with the encryption key.
  - 8. The storage device as claimed in claim 5, wherein the microcontroller is for determining if the event history is equal to or exceeds a predetermined number.
  - 9. The storage device as claimed in claim 5, wherein the microcontroller is for provisioning the storage device after defining the encryption key.
  - 10. The storage device as claimed in claim 9, further comprising:
    - a communication channel for sending decrypted data to a host computer.
  - 11. The storage device as claimed in claim 9, wherein the storage device further comprises:
    - storage media for storing the encrypted data.
  - 12. The storage device as claimed in claim 9, wherein a size of the cyclic counter is in a range of 2-16 bits, wherein a size of the random seed is equal to the size of the cyclic counter times a number of events in the event history.

14. A non-transitory machine-readable storage medium including instructions that, when executed by a machine, cause the machine to perform operations comprising:
- receiving, from an input device, inputs for defining a personal identification number (PIN);
  
  obtaining a value of a cyclic counter after each input for defining the PIN;
  
  storing the obtained value to an event history in a memory after each input;
  
  receiving, from the input device, additional inputs for a confirmation PIN;
  
  retrieving the value of the cyclic counter after each additional input for the confirmation PIN;
  
  storing the retrieved value to the event history in the memory after each additional input;
  
  defining an encryption key based on a random number generator seeded with a value based on the event history;
  
  comparing the defined PIN to the confirmation PIN;
  
  determining that the defined PIN is validated when the defined PIN matches the confirmation PIN;
  
  enabling access to the storage device when the defined PIN is validated;
  
  encrypting data at the storage device using the encryption key; and
  
  storing the encrypted data in the storage device.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The machine-readable storage medium as recited in claim 14, wherein the machine further performs operations comprising:
    - decrypting the encrypted data, with an encryption/decryption engine, using the encryption key; and
      
      sending the decrypted data through a communication channel to a host computer.
  - 16. The machine-readable storage medium as recited in claim 14, wherein the machine further performs operations comprising:
    - sending encrypted data from storage media to an encryption/decryption engine.
  - 17. The machine-readable storage medium as recited in claim 14, wherein a size of the cyclic counter is in a range of 2-16 bits, wherein a size of the random seed is equal to the size of the cyclic counter times a number of events in the event history.
  - 18. The machine-readable storage medium as recited in claim 14, wherein the machine further performs operations comprising:
    - provisioning the storage device after defining the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ClevX LLC
Original Assignee
ClevX LLC
Inventors
Johnson, Simon B.
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US14/749,627
Publication Number

US 20150371061A1
Time in Patent Office

734 Days
Field of Search

713189
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/72   in cryptographic circuits

G06F 21/80   in storage media based on m...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 9/08   Key distribution or managem...

Encryption key generation in encrypted storage devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Encryption key generation in encrypted storage devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others