Cryptographic authentication to control access to storage devices
US-2024333511-A1 · Oct 3, 2024 · US
Data transcription in a data storage device
US9767322B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9767322-B2 |
| Application number | US-201414471997-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 28, 2014 |
| Priority date | Mar 22, 2005 |
| Publication date | Sep 19, 2017 |
| Grant date | Sep 19, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption and re-encryption (transcription) is performed substantially independently of the host computer. In addition, a data storage device, readable by a computer system, for implementing the above method for protecting information is provided.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: (a) receiving, at an interface of a data storage device, a request from a host for data stored at a data storage medium of the data storage device, the interface being employed by the data storage device to communicate with the host, the interface having a physical connector to allow removal of the data storage device from the host, the interface configured to receive data and read and write commands from the host to retrieve and store the data from and to the data storage medium; (b) retrieving, by the data storage device, the data from the data storage medium, the data retrieved in an encrypted form; (c) decrypting, by the data storage device, the data and re-encrypting, by the data storage device, the data within the data storage device to produce re-encrypted data, the decrypting and re-encrypting occurring without exposing the host to any of the data in the clear; and (d) sending, by the data storage device via the interface, the re-encrypted data to the host. 2. The method of claim 1 wherein the decrypting and re-encrypting occur without exposing a user of the host to any of the data in the clear. 3. The method of claim 1 wherein the data storage device is employed as a hardware component by the host, and the host including a processing unit that is a separate hardware component from the data storage device. 4. The method of claim 1 wherein information related to the re-encrypted data is stored in a transcription table in the data storage device. 5. The method of claim 1 further comprising carrying out a user authentication process prior to carrying out steps (c) and (d), the user authentication process being carried out to determine whether or not the re-encrypted data can be provided to a current user of the host computer in an unencrypted form. 6. The method of claim 5 wherein user identification information for the user authentication process is stored in a transcription table. 7. The method of claim 6 wherein the user authentication process is carried out by a one of a basic input/output system, a basic input/output system extension and an operating system, which utilizes the user identification information from the transcription table. 8. The method of claim 1 wherein information related to the re-encrypted data is stored in a transcription table in the data storage device, and the method further comprising carrying out a user authorization process to determine whether the transcription table can be modified by a current user of the host. 9. A storage device controller for a data storage device comprising control circuitry configured to: store data to logical block address (LBAs) of a data storage medium in response to information from a host; receive encrypted data from the data storage medium; decrypt, by the storage device controller, the encrypted data to produce decrypted data; re-encrypt, by the storage device controller, the decrypted data within the data storage device without the host or a user of the host being exposed to any of the encrypted data in an unencrypted form; and send, via an interface of the data storage device, in response to a request from the host, the re-encrypted data to the host, the interface being employed by the storage device controller to communicate with the host, the interface having a physical connector to allow removal of the data storage device from the host, the interface configured to receive data and read and write commands from the host to retrieve and store the data from and to the data storage medium. 10. The storage device controller of claim 9 wherein information related to the re-encrypted data is stored in a transcription table. 11. The storage device controller of claim 9 wherein the controller is further configured to carry out a user authentication process prior to carrying out the receiving of the encrypted data and the decryption, and re-encryption, of the encrypted data, the user authentication process being carried out to determine whether or not the re-encrypted data can be shown to a current user of the host computer in the unencrypted form. 12. The storage device controller of claim 11 wherein user identification information for the user authentication process is stored in a transcription table. 13. The storage device controller of claim 12 wherein the user authentication process is carried out by a basic input/output system in conjunction with the controller, the basic input/out system utilizes the user identification information from the transcription table. 14. The storage device controller of claim 12 wherein the user authentication process is carried out by a basic input/output system extension in conjunction with the controller, the basic input/output system extension utilizes the user identification information from the transcription table. 15. The storage device controller of claim 12 wherein the user authentication process is carried out by an operating system in conjunction with the controller, the operating system utilizes the user identification information from the transcription table. 16. A method comprising: receiving, at an interface of a data storage device, a request from a host computer for data stored at a data storage medium, the interface being employed by the data storage device to communicate with the host, the interface having a physical connector to allow removal of the data storage device from the host, the interface configured to receive data and read and write commands from the host to retrieve and store the data from and to the data storage medium; retrieving, by the data storage device, the data from the data storage medium, the data received in an encrypted form; decrypting, by the data storage device, and re-encrypting, by the data storage device, the data within the data storage device without a processing unit of the host computer being exposed to any of the data in an unencrypted form; and sending, via an interface of the data storage device, the re-encrypted data to the host computer in response to the request. 17. The method of claim 16 further comprising receiving encrypted data from the host; decrypting the encrypted data to generate data in an unencrypted form; encrypting the data in the unencrypted form to generate other encrypted data; and storing the other encrypted data to the data storage medium. 18. The method of claim 16 further comprising: receiving encrypted data from the host; decrypting the encrypted data to generate data in an unencrypted form; encrypting the data in the unencrypted form to generate other encrypted data; storing the other encrypted data to the data storage medium; and the encrypted data received from the host is associated with a first encryption scheme and the other encrypted data is associated with a second encryption scheme.
Assignees
Inventors
Classifications
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
File encryption · CPC title
- G06F21/78Primary
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9767322B2 cover?
- A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption a…
- Who is the assignee on this patent?
- Seagate Technology Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/78. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).