Storage device deleting encryption key, method of operating the same, and method of operating electronic device including the same
US-2024086336-A1 · Mar 14, 2024 · US
Secure storage of full disk encryption keys
US9235532B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9235532-B2 |
| Application number | US-201113153311-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 3, 2011 |
| Priority date | Jun 3, 2011 |
| Publication date | Jan 12, 2016 |
| Grant date | Jan 12, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Data is securely stored on a storage device by encoding a data block into multiple encoded blocks, any number of which can be recombined to recover the data block. The encoded blocks are stored at known logical locations corresponding to physical locations on a storage device that change over time. When the data needs to be destroyed, at least one of the encoded blocks is overwritten with arbitrary data. In one aspect, the encoded blocks include at least one random block that is used to encode the data block. In another aspect, the known logical locations are stored in metadata.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: generating, by a processor, a plurality of random blocks of a pre-determined size for each data block to be encoded, the pre-determined size based on an allocation unit of a storage device; encoding, by the processor, a first data block into a single encoded data block of the pre-determined size using the plurality of generated random blocks, the single encoded data block generated by performing a mathematical operation on the first data block and each generated random block, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block; storing the single encoded data block and each generated random block separately at different known logical locations, wherein a physical location on the storage device that corresponds to a known logical location changes over time; and overwriting at least one of the stored generated random blocks with arbitrary data. 2. The method of claim 1 , wherein the encoding comprises: performing a multipart function with redundancy on the first data block, wherein the mathematical operation is one part of the multipart function. 3. The method of claim 1 , wherein the overwriting comprises: generating a number of arbitrary data blocks, the number of arbitrary data blocks calculated by subtracting a number of blocks in the subset of generated random blocks from a number of blocks in the plurality of generated random blocks plus one. 4. The method of claim 1 further comprising: saving the known logical locations in metadata. 5. The method of claim 1 , wherein the first data block comprises an encryption key to encrypt the storage device. 6. A non-transitory machine-readable storage medium embodied with machine-executable instructions, which when executed by a processor in a machine, cause the processor to perform a method comprising: generating a plurality of random blocks of a pre-determined size for each data block to be encoded, the pre-determined size based on an allocation unit of a storage device; encoding a first data block into a single encoded data block of the pre-determined size using the plurality of generated random blocks, the single encoded data block generated by performing a mathematical operation on the first data block and each generated random block, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block; storing the single encoded data block and each generated random block separately at different known logical locations, wherein a physical location on the storage device that corresponds to a known logical location changes over time; and overwriting at least one of the stored generated random blocks with arbitrary data. 7. The non-transitory machine-readable storage medium of claim 6 , wherein the encoding comprises: performing a multipart function with redundancy on the first data block, wherein the mathematical operation is one part of the multipart function. 8. The non-transitory machine-readable storage medium of claim 6 , wherein the overwriting comprises: generating a number of arbitrary data blocks, the number of arbitrary data blocks calculated by subtracting a number of blocks in the subset of the generated random blocks from a number of blocks in the plurality of generated random blocks plus one. 9. The non-transitory machine-readable storage medium of claim 6 , further comprising: saving the known logical locations in metadata. 10. The non-transitory machine-readable storage medium of claim 6 , wherein the first data block comprises an encryption key to encrypt the storage device. 11. A system comprising: a processor coupled to a memory through a bus; a storage device coupled to the processor through the bus; and a secure storage process executed from the storage device by the processor to cause the processor to generate a plurality of random blocks of a pre-determined size for each data block to be encoded, the pre-determined size based on an allocation unit of the storage device, encode a first data block into a single encoded data block of the pre-determined size using the plurality of generated random blocks, the single encoded data block generated by the processor performing a mathematical operation on the first data block and each generated random block, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block; store the single encoded data block and each generated random block separately at different known logical locations, wherein a physical location on the storage device that corresponds to a known logical location changes over time; and overwrite at least one of the generated random blocks with arbitrary data. 12. The system of claim 11 , wherein the secure storage process causes the processor to perform a multipart function with redundancy on the first data block to encode the first data block, wherein the mathematical operation is one part of the multipart function. 13. The system of claim 11 , wherein the secure storage process causes the processor to generate a number of arbitrary data blocks, the number of arbitrary data blocks calculated by subtracting a number of blocks in the subset of generated random blocks from a number of blocks in the plurality of generated random blocks plus one. 14. The system of claim 11 , wherein the secure storage process further causes the processor to save the known logical locations in metadata. 15. The system of claim 11 , wherein the first data block comprises an encryption key to encrypt the storage device. 16. A method comprising: overwriting, by a processor, at least one of a plurality of generated random blocks on a storage device with arbitrary data, the generated random blocks corresponding to a data block and having a pre-determined size based on an allocation unit of the storage device, wherein a single encoded data block having the pre-determined size and previously generated by performing a mathematical operation on a first data block and each generated random block is also stored on the storage device, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block, and wherein the single encoded data block and each generated random block is stored separately at a different known logical location, each known logical location corresponding to a physical location on the storage device that changes over time. 17. A non-transitory machine-readable storage medium embodied with machine-executable instructions, which when executed by a processor in a machine, cause the processor to perform a method comprising: overwriting at least one of a plurality of generated random blocks on a storage device with arbitrary data, the generated random blocks corresponding to a data block and having a pre-determined size based on an allocation unit of the storage device, wherein a single encoded data block having the pre-determined size and previously generated by performing a mathematical operation on a first data block and each generated random block is also store on the storage device, wherein the single encoded data block and at least a subset of the generated random blocks are recombined to recover the first data block, and wherein the single encoded data block and each generated random block is stored separately at a different known logical location, each known logical location corresponding to a physical loca
Assignees
Inventors
Classifications
Providing cryptographic facilities or services · CPC title
File encryption · CPC title
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
- G06F12/1408Primary
by using cryptography (for digital transmission H04L9/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9235532B2 cover?
- Data is securely stored on a storage device by encoding a data block into multiple encoded blocks, any number of which can be recombined to recover the data block. The encoded blocks are stored at known logical locations corresponding to physical locations on a storage device that change over time. When the data needs to be destroyed, at least one of the encoded blocks is overwritten with arbit…
- Who is the assignee on this patent?
- Callas Jonathan D, Reece Russell D, Apple Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1408. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).