Encryption key destruction for secure data erasure
US-8938624-B2 · Jan 20, 2015 · US
Using encryption keys to manage data retention
US10133681B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10133681-B2 |
| Application number | US-201615217863-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 22, 2016 |
| Priority date | Jul 22, 2016 |
| Publication date | Nov 20, 2018 |
| Grant date | Nov 20, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for using encryption keys to manage data retention are described. In one embodiment, the systems and methods may include receiving data such as user data from a host of the storage drive, encrypting the data using an encryption key, writing the encrypted data to the storage drive, and retaining the encrypted data on the storage drive based at least in part on a validity of the encryption key.
First claim
Opening claim text (preview).
What is claimed is: 1. A storage system comprising: a storage drive; and a controller to: encrypt data using an encryption key; assign an encryption identifier to the encryption key, the encryption key being programmed in the controller, wherein the controller is a hardware controller; store the encryption identifier in a mapping table, the mapping table mapping a logical block address (LBA) of the encrypted data with a physical location on the storage drive; write the encrypted data to the storage drive; retain the encrypted data on the storage drive based at least in part on a validity of the encryption key; scan the mapping table for entries containing a link to an expired encryption key; determine the encryption key is expired based at least in part on the scanning; and make storage space associated with the encrypted data available for storage of data different from the encrypted data after determining the encryption key is expired. 2. The storage system of claim 1 , comprising the controller to: receive the data from a host of the storage drive, the data including user data. 3. The storage system of claim 1 , comprising the controller to: store the encryption identifier of the encryption key in metadata associated with the encrypted data; and identify an expiration policy of the encryption key. 4. The storage system of claim 1 , comprising the controller to: receive a command to read the encrypted data from the storage drive. 5. The storage system of claim 4 , comprising the controller to: acquire the encryption identifier associated with the encrypted data. 6. The storage system of claim 5 , comprising the controller to: verify a validity of the encryption key based at least in part on acquiring the encryption identifier. 7. The storage system of claim 6 , comprising the controller to: upon determining the encryption key is valid, decrypt the encrypted data using the encryption key; and transfer the decrypted data to the host. 8. The storage system of claim 6 , comprising the controller to: upon determining the encryption key is invalid, remove the LBA of the encrypted data from the mapping table; and discard the encrypted data from the storage drive. 9. An apparatus comprising: a controller to: encrypt data using an encryption key; assign an encryption identifier to the encryption key, the encryption key being programmed in the controller, wherein the controller is a hardware controller; store the encryption identifier in a mapping table, the mapping table mapping a logical block address (LBA) of the encrypted data with a physical location on the storage drive; write the encrypted data to the apparatus; retain the encrypted data on the apparatus based at least in part on a validity of the encryption key; scan the mapping table for entries containing a link to an expired encryption key; determine the encryption key is expired based at least in part on the scanning; and make storage space associated with the encrypted data available for storage of data different from the encrypted data after determining the encryption key is expired. 10. The apparatus of claim 9 , comprising the controller to: receive the data from a host of the apparatus, the data including user data. 11. The apparatus of claim 9 , comprising the controller to: store the encryption identifier of the encryption key in metadata associated with the encrypted data; and identify an expiration policy of the encryption key. 12. The apparatus of claim 9 , comprising the controller to: receive a command to read the encrypted data from the storage drive. 13. The apparatus of claim 12 , comprising the controller to: acquire the encryption identifier associated with the encrypted data. 14. The apparatus of claim 13 , comprising the controller to: verify a validity of the encryption key based at least in part on acquiring the encryption identifier. 15. A method comprising: receiving data from a host of a storage drive, the data including user data; encrypting the data using an encryption key; assigning an encryption identifier to the encryption key, the encryption key being programmed in a hardware controller of the storage drive; storing the encryption identifier in a mapping table, the mapping table mapping a logical block address (LBA) of the encrypted data with a physical location on the storage drive; writing the encrypted data to the storage drive; retaining the encrypted data on the storage drive based at least in part on a validity of the encryption key; scanning the mapping table for entries containing a link to an expired encryption key; determining the encryption key is expired based at least in part on the scanning; and making storage space associated with the encrypted data available for storage of data different from the encrypted data after determining the encryption key is expired. 16. The method of claim 15 , comprising: storing the encryption identifier of the encryption key in metadata associated with the encrypted data; and identifying an expiration policy of the encryption key.
Assignees
Inventors
Classifications
- G06F12/1408Primary
by using cryptography (for digital transmission H04L9/00) · CPC title
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
Security improvement · CPC title
- H04L9/088Primary
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
involving additional devices, e.g. trusted platform module [TPM], smartcard or USB · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10133681B2 cover?
- Systems and methods for using encryption keys to manage data retention are described. In one embodiment, the systems and methods may include receiving data such as user data from a host of the storage drive, encrypting the data using an encryption key, writing the encrypted data to the storage drive, and retaining the encrypted data on the storage drive based at least in part on a validity of t…
- Who is the assignee on this patent?
- Seagate Technology Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1408. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).