公开(公告)号：US09489542B2

公开(公告)日：2016-11-08

申请号：US14539683

申请日：2014-11-12

Applicant: Seagate Technology LLC

Inventor： Mike Miller ,  Manuel A. Offenberg ,  Sumanth Jannyavula Venkata

IPC: G06F21/80 ,  G06F21/72 ,  H04L9/08

CPC classification number: G06F21/80 ,  G06F21/72 ,  H04L9/085 ,  H04L9/0897 ,  H04L9/3242

Abstract: Apparatus and method for data security in a multi-device data storage enclosure. In some embodiments, the storage enclosure has a housing with opposing first and second ends. A plurality of active elements are disposed within the housing including an array of data storage devices, a control board, and an interconnection arrangement which mechanically and electrically interconnects the plurality of storage devices with the control board. A control circuit encrypts user data stored on a selected data storage device using a cryptographic encryption function and an associated cryptographic key. The key is partitioned into a plurality of portions, with each portion stored in a different one of the active elements.

Abstract translation: 多设备数据存储机柜中数据安全的装置和方法。 在一些实施例中，存储外壳具有具有相对的第一和第二端的外壳。 多个有源元件设置在壳体内，包括一组数据存储装置，控制板和互连装置，其将多个存储装置与控制板机械地和电气地互连。 控制电路使用密码加密功能和相关联的加密密钥对存储在所选择的数据存储设备上的用户数据进行加密。 键被分割成多个部分，每个部分存储在不同的一个有源元件中。

公开(公告)号：US09443111B2

公开(公告)日：2016-09-13

申请号：US14194290

申请日：2014-02-28

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Monty A. Forehand ,  Christopher J. DeMattio ,  KianBeng Lim

IPC: G06F21/78 ,  G06F21/62

CPC classification number: G06F21/78 ,  G06F21/6218 ,  G06F2221/0748

Abstract: Apparatus and method for data security through the use of an encrypted keystore data structure. In accordance with some embodiments, first and second sets of input data are respectively encrypted using first and second encryption keys to form corresponding first and second encrypted data sets. The first and second encryption keys are combined to form a string. A hidden key stored within a system on chip (SOC) is used to encrypt the string to form an encrypted keystore data structure, and the first and second encrypted data sets and the encrypted keystore data structure are stored in a memory.

Abstract translation: 通过使用加密密钥库数据结构的数据安全的装置和方法。 根据一些实施例，使用第一和第二加密密钥分别加密第一和第二组输入数据，以形成对应的第一和第二加密数据集。 第一和第二加密密钥被组合形成一个字符串。 使用存储在片上系统（SOC）中的隐藏密钥来加密字符串以形成加密的密钥库数据结构，并且将第一和第二加密数据集和加密的密钥库数据结构存储在存储器中。

公开(公告)号：US20150127930A1

公开(公告)日：2015-05-07

申请号：US14073034

申请日：2013-11-06

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Anthony R. Duran ,  Graham D. Ferris ,  Monty A. Forehand

IPC: G06F21/57

CPC classification number: G06F21/572 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2105

Abstract: Apparatus and method for performing authentication processing during device initialization. In accordance with some embodiments, a data storage device has a main memory which stores user data from a host, and a controller with initialization programming stored in a boot memory. The initialization programming is executed by the controller to transition the data storage device from an inactive state to a normal operational mode. During a bootstrap mode, the controller generates a first authentication token, receives a second authentication token responsive to the first authentication token, and authorizes use of new system programming responsive to the second authentication token. The new system programming is stored in a local memory of the data storage device and executed by the controller during the normal operational mode.

Abstract translation: 在设备初始化期间执行认证处理的装置和方法。 根据一些实施例，数据存储设备具有存储来自主机的用户数据的主存储器和存储在引导存储器中的初始化程序的控制器。 由控制器执行初始化编程，以将数据存储设备从非活动状态转换到正常操作模式。 在引导模式期间，控制器生成第一认证令牌，响应于第一认证令牌接收第二认证令牌，并且响应于第二认证令牌授权使用新的系统编程。 新的系统编程存储在数据存储设备的本地存储器中，并且在正常操作模式期间由控制器执行。