公开(公告)号：US20240069798A1

公开(公告)日：2024-02-29

申请号：US18237552

申请日：2023-08-24

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Jon D. Trantham ,  Hemant Mane ,  Kristofer Carlson Conklin ,  Steven Williams

IPC: G06F3/06

CPC classification number: G06F3/0658 ,  G06F3/0644 ,  G06F3/062 ,  G06F3/0683

Abstract: A system for use in an aerospace environment includes an array of storage drives each comprising a non-radiation-hardened drive controller, a non-radiation-hardened, non-volatile, storage medium, and a non-radiation-hardened volatile memory. The system includes a radiation-tolerant storage controller coupled to the array. The storage controller provides failure-resistant data redundancy among the storage drives of the array. The system includes a bus host that accesses the array via the storage controller. The storage controller implements security logic and a root-of-trust that provides to the bus host verification of authenticity of the radiation tolerant storage controller and the storage drives.

公开(公告)号：US20160132699A1

公开(公告)日：2016-05-12

申请号：US14539683

申请日：2014-11-12

Applicant: Seagate Technology LLC

Inventor： Mike Miller ,  Manuel A. Offenberg ,  Sumanth Jannyavula Venkata

IPC: G06F21/80 ,  H04L9/08 ,  G06F21/72

CPC classification number: G06F21/80 ,  G06F21/72 ,  H04L9/085 ,  H04L9/0897 ,  H04L9/3242

Abstract: Apparatus and method for data security in a multi-device data storage enclosure. In some embodiments, the storage enclosure has a housing with opposing first and second ends. A plurality of active elements are disposed within the housing including an array of data storage devices, a control board, and an interconnection arrangement which mechanically and electrically interconnects the plurality of storage devices with the control board. A control circuit encrypts user data stored on a selected data storage device using a cryptographic encryption function and an associated cryptographic key. The key is partitioned into a plurality of portions, with each portion stored in a different one of the active elements.

Abstract translation: 多设备数据存储机柜中数据安全的装置和方法。 在一些实施例中，存储外壳具有具有相对的第一和第二端的外壳。 多个有源元件设置在壳体内，包括一组数据存储装置，控制板和互连装置，其将多个存储装置与控制板机械地和电气地互连。 控制电路使用密码加密功能和相关联的加密密钥对存储在所选择的数据存储设备上的用户数据进行加密。 键被分割成多个部分，每个部分存储在不同的一个有源元件中。

公开(公告)号：US20160124716A1

公开(公告)日：2016-05-05

申请号：US14528683

申请日：2014-10-30

Applicant: Seagate Technology LLC

Inventor： Sumanth Jannyavula Venkata ,  Manuel A. Offenberg ,  Williaim Erik Anderson

IPC: G06F7/58

CPC classification number: G06F7/588 ,  G06F7/58

Abstract: Apparatus and method for generating random numbers. In accordance with some embodiments, a first multi-bit string of entropy values is derived from a first entropy source having a first trust level and a different, second multi-bit string of entropy values is derived from a second entropy source having a different, second trust level. The first and second multi-bit strings of entropy values are combined in relation to the associated first and second trust levels to generate a multi-bit random number. The multi-bit random number is used as an input to a cryptographic function.

Abstract translation: 用于产生随机数的装置和方法。 根据一些实施例，从具有第一信任级别的第一熵源导出熵值的第一多比特串，并且从具有不同的第二熵源的第二熵源导出熵值的不同的第二多比特串， 第二信任级别。 熵值的第一和第二多位串相关于相关联的第一和第二信任级组合以产生多位随机数。 多位随机数被用作加密函数的输入。

公开(公告)号：US20160013944A1

公开(公告)日：2016-01-14

申请号：US14088896

申请日：2013-11-25

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Monty Forehand

IPC: H04L9/32 ,  G06F21/60

CPC classification number: H04L9/3247 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2143

Abstract: Systems and methods are disclosed for performing data sanitization at a data storage device (DSD). In an embodiment, a controller may direct a memory device to sanitize data by securely erasing the data, generate an attestation confirming that the data was successfully sanitized, and sign the attestation using an authentication key to create a signed attestation. In another embodiment, a circuit may direct a memory device to sanitize data based on the data sanitization instruction, generate a sanitization confirmation indicating that the data was successfully sanitized, and provide the sanitization confirmation including a first thumbprint and a second thumbprint to another device. Generating the sanitization confirmation may include processing a first storage encryption key to produce the first thumbprint, directing the memory device to obliterate the first storage encryption key, and processing a second storage encryption key to produce the second thumbprint.

Abstract translation: 公开了用于在数据存储设备（DSD）处执行数据清理的系统和方法。 在一个实施例中，控制器可以通过安全地擦除数据来指示存储设备对数据进行消毒，生成确认数据被成功消毒的证明，并且使用验证密钥签名证明以创建签名认证。 在另一个实施例中，电路可以指引存储器设备基于数据消毒指令对数据进行消毒，产生指示数据被成功消毒的消毒确认，并且将包括第一指纹和第二指纹的消毒确认提供给另一设备。 产生消毒确认可以包括处理第一存储加密密钥以产生第一指纹，指示存储器设备擦除第一存储加密密钥，以及处理第二存储加密密钥以产生第二指纹。

公开(公告)号：US09535676B1

公开(公告)日：2017-01-03

申请号：US14245895

申请日：2014-04-04

Applicant: Seagate Technology LLC

Inventor： Monty A Forehand ,  Manuel A. Offenberg ,  Anthony R Duran ,  Nino Wicaksono ,  David R Kaiser

IPC: G06F9/445 ,  G06F21/44

CPC classification number: G06F8/61 ,  G06F21/44 ,  G06F21/629

Abstract: The present disclosure relates to remote feature activation. In an embodiment, a device may be manufactured having firmware configured to implement multiple unique features on the device. Features may be enabled and disabled on the device later or at a remote location. Enabled features may allow the device to perform corresponding functions, and disabled features may not allow the device to perform corresponding functions. Remote feature activation may include exchanging security information between an activation entity and the device.

Abstract translation: 本公开涉及远程特征激活。 在一个实施例中，可以制造具有被配置为在设备上实现多个独特特征的固件的设备。 功能可能会在设备之后或远程位置启用和禁用。 启用的功能可能允许设备执行相应的功能，并且禁用的功能可能不允许设备执行相应的功能。 远程特征激活可以包括在激活实体和设备之间交换安全信息。

公开(公告)号：US20160140334A1

公开(公告)日：2016-05-19

申请号：US14540784

申请日：2014-11-13

Applicant: Seagate Technology LLC

Inventor： Monty A. Forehand ,  Manuel A. Offenberg ,  Christopher J. DeMattio

IPC: G06F21/44

CPC classification number: G06F21/44 ,  G06F21/80 ,  G06F2221/2103 ,  G06F2221/2107 ,  H04L9/0643 ,  H04L63/0853

Abstract: Apparatus and method for controlling access to protected functionality of a data storage device. In some embodiments, a plurality of identification (ID) values associated with a data storage device are combined to form a combined ID value. The combined ID value is cryptographically processed using a secret symmetric encryption key in combination with a hash function or a key derivation function to generate a unique device credential for the data storage device. The unique device credential is used as an input to a selected cryptographic function to control access to a protected function of the data storage device.

Abstract translation: 用于控制对数据存储设备的受保护功能的访问的装置和方法。 在一些实施例中，与数据存储设备相关联的多个识别（ID）值被组合以形成组合的ID值。 组合的ID值使用秘密对称加密密钥与散列函数或密钥导出函数组合进行加密处理，以生成用于数据存储设备的唯一设备凭证。 独特的设备凭证被用作所选密码功能的输入，以控制对数据存储设备的保护功能的访问。

公开(公告)号：US20150248568A1

公开(公告)日：2015-09-03

申请号：US14194290

申请日：2014-02-28

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Monty A. Forehand ,  Christopher J. DeMattio ,  KianBeng Lim

IPC: G06F21/78 ,  G06F21/62

CPC classification number: G06F21/78 ,  G06F21/6218 ,  G06F2221/0748

Abstract: Apparatus and method for data security through the use of an encrypted keystore data structure. In accordance with some embodiments, first and second sets of input data are respectively encrypted using first and second encryption keys to form corresponding first and second encrypted data sets. The first and second encryption keys are combined to form a string. A hidden key stored within a system on chip (SOC) is used to encrypt the string to form an encrypted keystore data structure, and the first and second encrypted data sets and the encrypted keystore data structure are stored in a memory.

Abstract translation: 通过使用加密密钥库数据结构的数据安全的装置和方法。 根据一些实施例，使用第一和第二加密密钥分别加密第一和第二组输入数据，以形成对应的第一和第二加密数据集。 第一和第二加密密钥被组合形成一个字符串。 使用存储在片上系统（SOC）中的隐藏密钥来加密字符串以形成加密的密钥库数据结构，并且将第一和第二加密数据集和加密的密钥库数据结构存储在存储器中。

公开(公告)号：US09716594B2

公开(公告)日：2017-07-25

申请号：US14176040

申请日：2014-02-07

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Monty Forehand

IPC: H04L9/32 ,  G06F21/64 ,  G06F21/60

CPC classification number: H04L9/3247 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2143

Abstract: Systems and methods are disclosed for performing data sanitization at a data storage device (DSD). In an embodiment, an apparatus may comprise a controller configured to receive a data sanitization command from a host, perform a data sanitization operation to securely erase data from a memory, produce an attestation including information related to the data sanitization operation, and sign the attestation to produce a signed attestation. In another embodiment, a memory device may store instructions that cause a processor to perform a method comprising performing a data sanitization operation to securely erase data from a data storage medium, generating an attestation including information related to the data sanitization operation, and digitally signing the attestation using an authentication key.

公开(公告)号：US09569176B2

公开(公告)日：2017-02-14

申请号：US14528683

申请日：2014-10-30

Applicant: Seagate Technology LLC

Inventor： Sumanth Jannyavula Venkata ,  Manuel A. Offenberg ,  William Erik Anderson

IPC: G06F7/58

CPC classification number: G06F7/588 ,  G06F7/58

Abstract: Apparatus and method for generating random numbers. In accordance with some embodiments, a first multi-bit string of entropy values is derived from a first entropy source having a first trust level and a different, second multi-bit string of entropy values is derived from a second entropy source having a different, second trust level. The first and second multi-bit strings of entropy values are combined in relation to the associated first and second trust levels to generate a multi-bit random number. The multi-bit random number is used as an input to a cryptographic function.

Abstract translation: 用于产生随机数的装置和方法。 根据一些实施例，从具有第一信任级别的第一熵源导出熵值的第一多比特串，并且从具有不同的第二熵源的第二熵源导出熵值的不同的第二多比特串， 第二信任级别。 熵值的第一和第二多位串相关于相关联的第一和第二信任级组合以产生多位随机数。 多位随机数被用作加密函数的输入。

公开(公告)号：US09489508B2

公开(公告)日：2016-11-08

申请号：US14540784

申请日：2014-11-13

Applicant: Seagate Technology LLC

Inventor： Monty A. Forehand ,  Manuel A. Offenberg ,  Christopher J. DeMattio

IPC: G06F21/44 ,  G06F21/80 ,  H04L29/06 ,  H04L9/06

CPC classification number: G06F21/44 ,  G06F21/80 ,  G06F2221/2103 ,  G06F2221/2107 ,  H04L9/0643 ,  H04L63/0853

Abstract: Apparatus and method for controlling access to protected functionality of a data storage device. In some embodiments, a plurality of identification (ID) values associated with a data storage device are combined to form a combined ID value. The combined ID value is cryptographically processed using a secret symmetric encryption key in combination with a hash function or a key derivation function to generate a unique device credential for the data storage device. The unique device credential is used as an input to a selected cryptographic function to control access to a protected function of the data storage device.

Abstract translation: 用于控制对数据存储设备的受保护功能的访问的装置和方法。 在一些实施例中，与数据存储设备相关联的多个识别（ID）值被组合以形成组合的ID值。 组合的ID值使用秘密对称加密密钥与散列函数或密钥导出函数组合进行加密处理，以生成用于数据存储设备的唯一设备凭证。 独特的设备凭证被用作所选密码功能的输入，以控制对数据存储设备的保护功能的访问。