System and method for enhanced security of storage devices

US 9,921,978 B1
Filed: 11/07/2014
Issued: 03/20/2018
Est. Priority Date: 11/08/2013
Status: Active Grant

First Claim

Patent Images

1. A computerized method comprising:

transmitting, by a storage device, a first message to a data processing device, the first message comprises information generated internally within the storage device, wherein the information generated internally within the storage device is based on a random number generated by a random number generator residing in the storage device and a first keying material, the first keying material being either a key or information generated based on the key;

receiving, by the storage device, a second message in response to the first message, the second message comprises information generated using at least a portion of the information generated internally within the storage device;

recovering information from the second message by the storage device, the information from the second message comprises information generated using at least a portion of the information generated internally within the storage device;

comparing, by the storage device, the information recovered from the second message with at least the portion of the information generated internally within the storage device, wherein the storage device authenticates the data processing device upon determining that the information recovered from the second message compares to at least the portion of the information generated internally within the storage device; and

altering, by the storage device, an operating state of the storage device from a locked state to an unlocked state when the information recovered from the second message compares with at least the portion of the information generated internally within the storage device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage device features a processor and a random number generation which are communicatively coupled to a memory. The memory comprises an access control logic that is configured to (i) transmit a first message that comprises information associated with a random number generated by the random number generator and a first keying material, (ii) receive a second message in response to the first message, the second message comprises information generated using at least the random number, (iii) recover information from the second message, the recovered information comprises information generated using at least pre-stored keying material and a return value being based on the random number, (iv) compare the return value from the recovered information with the random number, and (v) alter an operating state of the storage device from a locked state to an unlocked state upon the return value matching the random number, the unlocked state allows one or more devices to control storage device including accessing stored content within the storage device.

Citations

19 Claims

1. A computerized method comprising:
- transmitting, by a storage device, a first message to a data processing device, the first message comprises information generated internally within the storage device, wherein the information generated internally within the storage device is based on a random number generated by a random number generator residing in the storage device and a first keying material, the first keying material being either a key or information generated based on the key;
  
  receiving, by the storage device, a second message in response to the first message, the second message comprises information generated using at least a portion of the information generated internally within the storage device;
  
  recovering information from the second message by the storage device, the information from the second message comprises information generated using at least a portion of the information generated internally within the storage device;
  
  comparing, by the storage device, the information recovered from the second message with at least the portion of the information generated internally within the storage device, wherein the storage device authenticates the data processing device upon determining that the information recovered from the second message compares to at least the portion of the information generated internally within the storage device; and
  
  altering, by the storage device, an operating state of the storage device from a locked state to an unlocked state when the information recovered from the second message compares with at least the portion of the information generated internally within the storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 19)
- - 2. The computerized method of claim 1, wherein the information is a result produced from operations conducted on the random number and the first keying material in accordance with a first function.
  - 3. The computerized method of claim 2, wherein the first function is an Exclusive OR (XOR) function.
  - 4. The computerized method of claim 2, wherein the information associated with the second message is based on a return value that is equivalent to the random number generated by the random number generator and a second keying material that is equivalent to the first keying material and is recovered from a prestored cryptographic key encrypted in accordance with a second function by conducting an inverse of the second function on the prestored cryptographic key, the second keying material being either a key or information generated based on the key.
  - 5. The computerized method of claim 4, wherein the information associated with the second message is obfuscated prior to receipt using a third function.
  - 6. The computerized method of claim 5, wherein the third function is different than the first function.
  - 7. The computerized method of claim 6, wherein the third function is a logical function that includes a Shift function.
  - 8. The computerized method of claim 5, wherein the recovering of the return value and the second keying material comprises conducting an inverse of the third function.
  - 9. The computerized method of claim 8, wherein the comparing the information recovered from the second message with at least the portion of the information generated internally within the storage device comprises comparing the return value to the random number and the information recovered from the second message compares at least to the portion of the information generated internally within the storage device when the return value compares to the random number.
  - 10. The computerized method of claim 1, wherein the storage device, when placed in the unlocked state, allows one or more devices to control the storage device including accessing stored content within the storage device.
  - 11. The computerized method of claim 1, wherein the storage device is a hardware drive.
  - 19. The computerized method of claim 11, wherein the hardware drive corresponds to either a physical disk drive or a flash drive.

12. A storage device, comprising:
- a processor;
  
  a random number generator; and
  
  a memory in communication with the processor and the random number generator, the memory comprises an access control logic that is communicatively coupled to the random number generator, the access control logic being configured, upon execution by the processor, to (i) transmit a first message that comprises information generated based on a random number generated by the random number generator and a first keying material being either a key or information generated based on the key, (ii) receive a second message in response to the first message, the second message comprises information generated based, at least in part, on at least the random number, (iii) recover information from the second message, the recovered information comprises information generated using at least pre-stored keying material and a return value being based on the random number, (iv) compare the return value from the recovered information with the random number to determine whether a first device providing the second message is authorized to access stored content within the storage device, and (v) alter an operating state of the storage device from a locked state to an unlocked state upon the return value matching the random number, the unlocked state allows the first device of one or more devices to access the stored content within the storage device while the locked state precludes a device of the one or more devices that is unauthorized from accessing the stored content.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The storage device of claim 12, wherein the information associated with the random number and the first keying material includes a result produced from operations conducted on the random number and the first keying material in accordance with a first function.
  - 14. The storage device of claim 13, wherein the first function is an Exclusive OR (XOR) function.
  - 15. The storage device of claim 13, wherein the information from the second message is based on a return value that is equivalent to the random number and a second keying material that is equivalent to the first keying material and is recovered from a pre-stored cryptographic key encrypted in accordance with a second function that is different than the first function.
  - 16. The storage device of claim 15, wherein the information associated with the second message is further obfuscated based on a third function.
  - 17. The storage device of claim 16, wherein the third function is a logical function that includes a Shift function.
  - 18. The storage device of claim 15, wherein the access control logic to compare the return value from the recovered information with the random number and the information recovered from the second message and determines a comparison when the return value compares to the random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
FireEye, Inc. (Alphabet Inc.)
Inventors
Chan, Eric, Ismael, Osman Abdoul, Snyder, Gregory J.
Primary Examiner(s)
Dolly, Kendall

Application Number

US14/536,498
Time in Patent Office

1,229 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/78   to assure secure storage of...

G06F 2221/2103   Challenge-response

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0647   Migration mechanisms

System and method for enhanced security of storage devices

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enhanced security of storage devices

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links