Patent Grant
9665501
Field
The present inventive concept relates to data storage devices and more particularly to self-encrypting data storage devices that support object level encryption.
Related Art
Most known self-encrypting drives (SEDs) associate a range of logical block addresses (LBAs), for example a partition, to an encryption key. The finest possible granularity for which self-encryption can be performed is usually a partition. File-level encryption requires finer granularity and also independence from the LBA address. Further, file-level encryption requires knowledge of the LBAs allocated by file; however the data storage device typically does not have this required information.
While the host has knowledge of the LBAs allocated by file, the host typically cannot perform encryption with performance comparable with built-in hardware accelerators that are present in the storage device.
Aspects and features of the present inventive concept will be more apparent by describing example embodiments with reference to the accompanying drawings, in which:
While certain embodiments of the present inventive concept are described, these embodiments are presented by way of example only, and are not intended to limit the scope of the disclosure. The novel methods and systems described herein may be embodied in a variety of other forms. Furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the disclosure.
Certain example embodiments of the present inventive concept provide file-level encryption (or, more broadly speaking, object-level encryption) with minimal performance impact to the host, and support individualized key selection per input/output (I/O) operation.
Data Storage System Overview
An object-level data storage device that supports self-encrypting drive (SED) functions will be abbreviated as an “object-level SED.” In this disclosure, the term “object-level” refers to a broad scope of objects that may exist within a file system of an operating system (e.g., files, directories, nodes, registries, file sub-parts, I/O commands, etc.).
Each block 116A-116N of the non-volatile solid-state memory array 114 may include a plurality of flash pages (F-pages) 118A-118M. In some example embodiments, each “F-page” is a smallest grouping of memory cells in the non-volatile solid-state memory array 114 that can be programmed in a single operation or as a unit. Alternatively or in addition to the non-volatile solid-state memory array 114, a magnetic rotating media and/or other non-volatile memory such as MRAM and/or phase change memory may be used.
The controller 112 may receive data and/or storage access commands from a storage interface 132 (e.g., a device driver) in a host system 130. Storage access commands communicated by the storage interface 132 may include write and read commands issued by the host system 130. The storage access commands may specify a LBA in the object-level SED 110, and the controller 112 may execute the received storage access commands in the non-volatile solid-state memory array 114. In a hybrid hard drive, data may be stored in a magnetic media storage component (not illustrated) in addition to the non-volatile solid-state memory array 114.
The object-level SED 110 may store data received from the host system 130 so that the object-level SED 110 can act as memory for the host system 130. To facilitate this memory function, the controller 112 may implement a logical interface. The logical interface may present to the host system 130 the memory of the object-level SED 110 as a set of logical addresses (e.g., contiguous address) where data can be stored. The controller 112 may map logical addresses to various physical memory addresses in the non-volatile solid-state memory array 114 and/or other memory module(s).
In one example embodiment, the object-level SED 110 may include an encryption/decryption module 120. In one example embodiment, the encryption/decryption module 120 is configured to perform encryption and/or decryption of data that is stored in at least a portion of the non-volatile solid-state memory array 114. In one example embodiment, the encryption/decryption module 120 is configured to encrypt/decrypt data according to one or more keys selected on a per command basis.
In one example embodiment, the object-level SED 110 may include a logic circuit 126 that generates a statistically unique initialization vector (IV). In one example embodiment, the controller 112 may provide the functions of the encryption/decryption module 120 and/or the logic circuit 126.
Object-Level Encryption
Upon a user login, an operating system (OS) associates a plurality of keys with a user profile. A different plurality of keys may be associated with each user profile.
In an example embodiment, the OS may transfer the keys to the object-level SED 110 for storage in a key cache 122. In another example embodiment, keys may be generated by the object-level SED 110 and stored in a key storage table 124. The OS may transmit information to the object-level SED 110 identifying keys to be loaded from a key storage table 124 to the key cache 122.
The command handling process 200 proceeds as follows according to one embodiment. First, the key selection part 218 of the host I/O command 210 provides a reference to a selector which selects a key. In one example embodiment, the key selection part 218 includes a bit field which references a slot in a key cache 122 in the object-level SED. For example, the bit field may reference a key slot number “2,” which is an index into the key cache 122. In one example embodiment, there may be 1,024 key slots in the key cache. The OS maintains a log that references keys associated with a user profile to the objects the keys were used to encrypt.
The availability of a key selection part 218 within an individual host I/O command 210 permits the association of a particular key to an individual host I/O command. This association allows for each individual object in the host's file system to be associated with its own unique key, and provides host control over the key used for encryption/decryption for each object. Certain example embodiments provide such control to the host and enable the host to take advantage of the hardware accelerated encryption/decryption components in the object-level SED.
Referring again to
The IV 216 is then transmitted to an encryption/decryption module 120 in the object-level SED. The encryption/decryption module 120 takes the IV 216 and plaintext data 220 associated with the command, and encrypts the plaintext data 220 with the selected key 222 from the key cache 122. The resulting encrypted data 224 is then written to storage media, for example, the non-volatile solid-state memory array 114.
In a similar manner, when the host I/O command is a read command, data is read from the media and decryption is performed using the selected key.
In an example embodiment, the components used in key selection, key loading, IV generation, encryption/decryption, etc. are based on automated hardware acceleration.
In response to selection of an object for access (302), the OS verifies user credentials. If the user is authorized to access the object, the OS selects the data encryption key (DEK) and a set of LBAs to read or write. This information is sent to the object-level SED driver (“Driver” in
In an example embodiment, the driver keeps track of used DEKs and usage of the key cache in the object-level SED (refer to
In an example embodiment, the object-level SED implements an application programming interface (API) including a command to load the key. When the key is loaded into the key cache, the driver inserts the key index (slot number) in the I/O command (308). In the example illustrated in
Upon receiving the command, as previously illustrated in
Key Management
In an example embodiment, the object-level SED 404 may provide to a host 402 an API 406 to manage keys, which may include the ability to create keys by an index in the key storage table 410. The API 406 is part of a storage device interface and provides to the host the ability to configure security features of the system.
In an example embodiment, the host does not have knowledge of the key value, but is given the ability to use the key for data transfers.
In an example embodiment, the key storage table 410 may be larger than the key cache 408 to store substantially all keys associated with stored objects. The key storage table 410 may incorporate a portion of the media space otherwise available for user data, for example in the form of hidden partition or internal logical file system (LFS) space. A driver on the host may be provided with the ability to load a key into the key cache 408 using a key management command within the API in preparation for an I/O command.
In another example embodiment, the key storage table 410 may reside in a dedicated memory area on the host 402, and the object-level SED 404 provided access to that dedicated memory area through a memory mapping function that exists within a protocol, for example, but not limited to, the Peripheral Component Interconnect Express (PCIe) protocol.
Escrowed keys may be transferred in an encrypted form according to conventional security requirements, for example, but not limited to, the FIPS-140 requirements. In an example embodiment, the host and the object-level SED may use asymmetric cryptography to exchange public keys or certificates and establish an encrypted communications channel. One of ordinary skill in the art will appreciate that other ways to transfer keys in encrypted form may be used without departing from the scope of the present inventive concept.
In example embodiments in which the object-level SED stores the keys, the key storage may be encrypted or keys may be wrapped.
A file access command containing key information and initialization information is received by the object-level SED (540). The file access command may be, for example, a read or write command. The key information may be an index value indicating a position of a selected key in the key cache. The command is parsed by the object-level SED to obtain the key information and initialization information (550).
A key is selected from the key cache based on the key information (560) and an initialization vector is generated based on the initialization information (570), and the file is encrypted if the access command is a write command or decrypted if the access command is a read command using the selected key and the IV (580).
An initialization vector is generated based on the initialization information (630), and a key is selected based on the received key information (640). The file is encrypted if the access command is a write command or decrypted if the access command is a read command using the selected key and the IV (650).
Key Management Commands
Within the key management API described above, the key management commands may be implemented as vendor-specific commands or use security protocol defined in existing standards. In an example embodiment, the key management command set may include the commands shown in Table 1:
Depending on the implementation, the object-level SED may support the following commands:
Those skilled in the art will appreciate that in some example embodiments, other approaches and methods can be used. For example, the non-volatile solid-state memory array may be implemented using NAND flash memory devices. Other types of solid-state memory devices can alternatively be used, for example, but not limited to, an array of flash integrated circuits, Chalcogenide RAM (C-RAM), Phase Change Memory (PC-RAM or PRAM), Programmable Metallization Cell RAM (PMC-RAM or PMCm), Ovonic Unified Memory (OUM), Resistance RAM (RRAM), NOR memory, EEPROM, Ferroelectric Memory (FeRAM), Magnetoresistive RAM (MRAM), other discrete NVM (non-volatile solid-state memory) chips, or any combination thereof. In one embodiment, the non-volatile solid-state memory array preferably includes multi-level cell (MLC) devices having multi-level cells capable of storing more than a single bit of information, although single-level cell (SLC) memory devices or a combination of SLC and MLC devices may be used. In an example embodiment, the object-level SED may include other memory modules, such as one or more magnetic memory modules.
While certain embodiments of the inventions have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel methods and systems described herein may be embodied in a variety of other forms. Furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the inventions.
The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions. For example, the various components described may be implemented as software and/or firmware on a processor, ASIC/FPGA, or dedicated hardware. For example, those skilled in the art will appreciate that in some embodiments, the actual steps taken in the processes of some embodiments may differ from those shown in the figures.
Depending on the embodiment, certain of the steps described in the example above may be removed, others may be added, and the sequence of steps may be altered and/or performed in parallel. Also, the features and attributes of the specific embodiments disclosed above may be combined in different ways to form additional embodiments, all of which fall within the scope of the present disclosure.
Although the present disclosure provides certain preferred embodiments and applications, other embodiments that are apparent to those of ordinary skill in the art, including embodiments which do not provide all of the features and advantages set forth herein, are also within the scope of this disclosure.
This application claims the benefit of U.S. provisional application No. 61/836,603, filed Jun. 18, 2013, the disclosure of which is hereby incorporated in its entirety by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6856556 | Hajeck | Feb 2005 | B1 |
| 7126857 | Hajeck | Oct 2006 | B2 |
| 7430136 | Merry, Jr. et al. | Sep 2008 | B2 |
| 7447807 | Merry et al. | Nov 2008 | B1 |
| 7502256 | Merry, Jr. et al. | Mar 2009 | B2 |
| 7509441 | Merry et al. | Mar 2009 | B1 |
| 7596643 | Merry, Jr. et al. | Sep 2009 | B2 |
| 7653778 | Merry, Jr. et al. | Jan 2010 | B2 |
| 7685337 | Merry, Jr. et al. | Mar 2010 | B2 |
| 7685338 | Merry, Jr. et al. | Mar 2010 | B2 |
| 7685374 | Diggs et al. | Mar 2010 | B2 |
| 7733712 | Walston et al. | Jun 2010 | B1 |
| 7765373 | Merry et al. | Jul 2010 | B1 |
| 7898855 | Merry, Jr. et al. | Mar 2011 | B2 |
| 7912223 | Osaki | Mar 2011 | B2 |
| 7912991 | Merry et al. | Mar 2011 | B1 |
| 7936603 | Merry, Jr. et al. | May 2011 | B2 |
| 7962792 | Diggs et al. | Jun 2011 | B2 |
| 8078918 | Diggs et al. | Dec 2011 | B2 |
| 8090899 | Syu | Jan 2012 | B1 |
| 8095851 | Diggs et al. | Jan 2012 | B2 |
| 8108692 | Merry et al. | Jan 2012 | B1 |
| 8122185 | Merry, Jr. et al. | Feb 2012 | B2 |
| 8127048 | Merry et al. | Feb 2012 | B1 |
| 8135903 | Kan | Mar 2012 | B1 |
| 8151020 | Merry, Jr. et al. | Apr 2012 | B2 |
| 8161227 | Diggs et al. | Apr 2012 | B1 |
| 8166245 | Diggs et al. | Apr 2012 | B2 |
| 8243525 | Kan | Aug 2012 | B1 |
| 8254172 | Kan | Aug 2012 | B1 |
| 8261012 | Kan | Sep 2012 | B2 |
| 8296625 | Diggs et al. | Oct 2012 | B2 |
| 8312207 | Merry, Jr. et al. | Nov 2012 | B2 |
| 8316176 | Phan et al. | Nov 2012 | B1 |
| 8341339 | Boyle et al. | Dec 2012 | B1 |
| 8375151 | Kan | Feb 2013 | B1 |
| 8392635 | Booth et al. | Mar 2013 | B2 |
| 8397107 | Syu et al. | Mar 2013 | B1 |
| 8407449 | Colon et al. | Mar 2013 | B1 |
| 8423722 | Deforest et al. | Apr 2013 | B1 |
| 8433858 | Diggs et al. | Apr 2013 | B1 |
| 8442235 | Lyakhovitskiy | May 2013 | B2 |
| 8443167 | Fallone et al. | May 2013 | B1 |
| 8447920 | Syu | May 2013 | B1 |
| 8458435 | Rainey, III et al. | Jun 2013 | B1 |
| 8478930 | Syu | Jul 2013 | B1 |
| 8489854 | Colon et al. | Jul 2013 | B1 |
| 8503237 | Horn | Aug 2013 | B1 |
| 8521972 | Boyle et al. | Aug 2013 | B1 |
| 8549236 | Diggs et al. | Oct 2013 | B2 |
| 8583835 | Kan | Nov 2013 | B1 |
| 8601311 | Horn | Dec 2013 | B2 |
| 8601313 | Horn | Dec 2013 | B1 |
| 8612669 | Syu et al. | Dec 2013 | B1 |
| 8612804 | Kang et al. | Dec 2013 | B1 |
| 8615681 | Horn | Dec 2013 | B2 |
| 8638602 | Horn | Jan 2014 | B1 |
| 8639872 | Boyle et al. | Jan 2014 | B1 |
| 8683113 | Abasto et al. | Mar 2014 | B2 |
| 8700834 | Horn et al. | Apr 2014 | B2 |
| 8700950 | Syu | Apr 2014 | B1 |
| 8700951 | Call et al. | Apr 2014 | B1 |
| 8706985 | Boyle et al. | Apr 2014 | B1 |
| 8707104 | Jean | Apr 2014 | B1 |
| 8713066 | Lo et al. | Apr 2014 | B1 |
| 8713357 | Jean et al. | Apr 2014 | B1 |
| 8719531 | Strange et al. | May 2014 | B2 |
| 8724422 | Agness et al. | May 2014 | B1 |
| 8725931 | Kang | May 2014 | B1 |
| 8745277 | Kan | Jun 2014 | B2 |
| 8751728 | Syu et al. | Jun 2014 | B1 |
| 8769190 | Syu et al. | Jul 2014 | B1 |
| 8769232 | Suryabudi et al. | Jul 2014 | B2 |
| 8775720 | Meyer et al. | Jul 2014 | B1 |
| 8782327 | Kang et al. | Jul 2014 | B1 |
| 8788778 | Boyle | Jul 2014 | B1 |
| 8788779 | Horn | Jul 2014 | B1 |
| 8788880 | Gosla et al. | Jul 2014 | B1 |
| 8793429 | Call et al. | Jul 2014 | B1 |
| 20080065905 | Salessi | Mar 2008 | A1 |
| 20080273697 | Greco et al. | Nov 2008 | A1 |
| 20100174849 | Walston et al. | Jul 2010 | A1 |
| 20100217977 | Goodwill | Aug 2010 | A1 |
| 20100229005 | Herman et al. | Sep 2010 | A1 |
| 20100250793 | Syu | Sep 2010 | A1 |
| 20110072276 | Lee | Mar 2011 | A1 |
| 20110087898 | Williams | Apr 2011 | A1 |
| 20110099323 | Syu | Apr 2011 | A1 |
| 20110283049 | Kang et al. | Nov 2011 | A1 |
| 20120159042 | Lott | Jun 2012 | A1 |
| 20120260020 | Suryabudi et al. | Oct 2012 | A1 |
| 20120278531 | Horn | Nov 2012 | A1 |
| 20120284460 | Guda | Nov 2012 | A1 |
| 20120324191 | Strange et al. | Dec 2012 | A1 |
| 20130067242 | Lyakhovitskiy et al. | Mar 2013 | A1 |
| 20130117574 | Jang et al. | May 2013 | A1 |
| 20130132638 | Horn et al. | May 2013 | A1 |
| 20130145106 | Kan | Jun 2013 | A1 |
| 20130227301 | Sarcone | Aug 2013 | A1 |
| 20130290793 | Booth et al. | Oct 2013 | A1 |
| 20140059405 | Syu et al. | Feb 2014 | A1 |
| 20140101369 | Tomlin et al. | Apr 2014 | A1 |
| 20140115427 | Lu | Apr 2014 | A1 |
| 20140133220 | Danilak et al. | May 2014 | A1 |
| 20140136753 | Tomlin et al. | May 2014 | A1 |
| 20140149826 | Lu et al. | May 2014 | A1 |
| 20140157078 | Danilak et al. | Jun 2014 | A1 |
| 20140181432 | Horn | Jun 2014 | A1 |
| 20140181517 | Alaranta et al. | Jun 2014 | A1 |
| 20140223255 | Lu et al. | Aug 2014 | A1 |
| 20140229733 | Henze et al. | Aug 2014 | A1 |
| 20140310536 | Shacham | Oct 2014 | A1 |
| Number | Date | Country | |
|---|---|---|---|
| 61836603 | Jun 2013 | US |
