Securely exposing an accelerator to privileged system components
US-10762244-B2 · Sep 1, 2020 · US
System and method for providing security protection for FPGA based solid state drives
US12242612B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12242612-B2 |
| Application number | US-202318217808-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 3, 2023 |
| Priority date | Sep 20, 2018 |
| Publication date | Mar 4, 2025 |
| Grant date | Mar 4, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
According to some example embodiments, a method for providing security to a storage device includes receiving, by the storage device, a public key via a network; sending, by the storage device, the received public key and a proposed configuration corresponding to the storage device to a security manager that resides in a control plane of the network; determining, by the security manager, whether the public key received from the storage device matches a private key available to the security manager; downloading, by the security manager, the proposed configuration to the storage device; determining, by the security manager, if the proposed configuration is successfully downloaded to the storage device; operating the storage device according to the downloaded configuration; and granting, by the security manager, a request to lease the storage device operating in the downloaded configuration for a time interval.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: determining, by a controller, a validity of an encrypted key received at the controller; receiving, at the controller, an encrypted image to generate a received encrypted image based on the controller determining that the encrypted key received at the controller is valid; receiving, at a storage device connected to the controller, an assigned key to decrypt the received encrypted image; decrypting, by the storage device, the received encrypted image stored in the storage device with the assigned key, accessing, by the controller, data stored at the storage device; transferring, by the controller, the data stored at the storage device to a server; encrypting the data and storing the encrypted data to one or more flash memories of the storage device by the controller; and decrypting, by the controller, the encrypted data. 2. The method of claim 1 , wherein the validity of the encrypted key is determined based on a private key that is available to the controller, and wherein the encrypted key, the encrypted image, and the assigned key are received at the controller via a network. 3. The method of claim 2 , wherein the controller stores the received encrypted image to the storage device based on determining that the received encrypted image is authorized to be stored to the storage device connected to the controller. 4. The method of claim 3 , wherein the determining at the controller that the received encrypted image is authorized to be stored to the storage device comprises: receiving, by the controller from the server, a command to download and activate the received encrypted image to the storage device connected to the controller. 5. The method of claim 4 , wherein the determining at the controller that the received encrypted image is authorized to be downloaded to the storage device further comprises: verifying that a proposed storage device configuration corresponding to the received encrypted image matches an allowable configuration of the storage device. 6. The method of claim 5 , wherein the determining at the controller that the received encrypted image is authorized to be downloaded to the storage device further comprises: verifying that the received encrypted image from the server is valid by using a table available to the controller to determine that the proposed storage device configuration matches with the allowable configuration of the storage device. 7. The method of claim 6 , wherein the table is a processing element configuration table available to the controller. 8. The method of claim 6 , further comprising: downloading, by the controller, processing element data to the storage device to update existing security protocols of the storage device. 9. The method of claim 2 , wherein the received encrypted image is saved at one or more flash memories of the storage device. 10. The method of claim 9 , wherein the decrypting the received encrypted image comprises: retrieving, by the storage device, the received encrypted image from the one or more flash memories of the storage device. 11. The method of claim 1 , wherein the storage device is a solid state drive (SSD) with a processing element, and the controller is a baseband management controller (BMC). 12. A method comprising: receiving, at a controller, an encrypted image to generate a received encrypted image; storing, by the controller, the received encrypted image to a storage device connected to the controller; decrypting, by the storage device, the received encrypted image with an assigned key received by the storage device, accessing, by the controller, data stored at the storage device; transferring, by the controller, the data stored at the storage device to a server; encrypting the data and storing the encrypted data to one or more flash memories of the storage device by the controller; decrypting, by the controller, the encrypted data, and determining, by the controller, a validity of an encrypted key received at the controller based on a private key that is available to the controller, wherein: the encrypted image is received at the controller based on the controller determining that the encrypted key received at the controller is valid; the received encrypted image is saved at the one or more flash memories of the storage device; and the decrypting the received encrypted image comprises retrieving, by the storage device, the received encrypted image from the one or more flash memories of the storage device. 13. The method of claim 12 , wherein the encrypted key, the encrypted image, and the assigned key are received at the controller via a network, and wherein the controller stores the received encrypted image to the storage device based on determining that the received encrypted image is authorized to be stored to the storage device connected to the controller. 14. The method of claim 13 , wherein the determining at the controller that the received encrypted image is authorized to be stored to the storage device comprises: receiving, by the controller from the server, a command to download and activate the received encrypted image to the storage device connected to the controller; and verifying that a proposed storage device configuration corresponding to the received encrypted image matches an allowable configuration of the storage device. 15. The method of claim 14 , wherein the determining at the controller that the received encrypted image is authorized to be downloaded to the storage device further comprises: verifying that the received encrypted image from the server is valid by using a table available to the controller to determine that the proposed storage device configuration matches with the allowable configuration of the storage device, wherein the table is a processing element configuration table available to the controller; and downloading, by the controller, processing element data to the storage device to update existing security protocols of the storage device. 16. The method of claim 12 , wherein the storage device is a solid state drive (SSD) with a processing element and the controller is a baseband management controller (BMC). 17. A method comprising: receiving, at a controller, an encrypted image and generating a received encrypted image; verifying, by the controller, that a storage device configuration corresponding to the received encrypted image matches an allowable configuration of a storage device connected to the controller; determining, by the controller, that the received encrypted image is authorized to be stored to the storage device; storing, by the controller, the received encrypted image to the storage device; decrypting, by the storage device, the received encrypted image with an assigned key received at the controller; receiving, at the controller, an encrypted key to generate a received encrypted key; determining, by the controller, that the received encrypted key is valid by using a private key available to the controller; receiving, by the controller, a command to download and activate the encrypted image to the storage device connected to the controller; saving the received encrypted image at one or more flash memories of the storage device; accessing, by the controller, data stored at the storage device; transferring, by the controller, the data stored at the storage device to a server; encrypting the data and storing the encrypted data to the one or more flash memories of the storage device by the controller; and decrypting, by the controller, the
Assignees
Inventors
Classifications
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
involving the movement of software or configuration parameters (network booting or remote initial program loading [RIPL] G06F9/4416) · CPC title
when the policy decisions are valid for a limited amount of time · CPC title
the condition being updates or upgrades of network functionality · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12242612B2 cover?
- According to some example embodiments, a method for providing security to a storage device includes receiving, by the storage device, a public key via a network; sending, by the storage device, the received public key and a proposed configuration corresponding to the storage device to a security manager that resides in a control plane of the network; determining, by the security manager, whethe…
- Who is the assignee on this patent?
- Samsung Electronics Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/572. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).