Patent Application
20090175453
This application is based upon and claims the benefit of priority of the prior Japanese Patent Application No. 2007-281584, filed on Oct. 30, 2007, the entire contents of which are incorporated by reference herein.
The application relates to a storage apparatus and an encrypted data processing method for decrypting encrypted data stored.
There have been two information protection methods known as file encryption and drive encryption. File encryption encrypts individual file in which data are stored. Whereas, drive encryption encrypts all data stored in a storage apparatus, i.e., a hard disk. Since drive encryption encrypts all data to be stored in the hard disk automatically without user intervention, omission of encrypting files may be prevented.
In drive encryption, it is more preferable to update encryption keys periodically to enhance security. Should the encryption key be stolen, data are encrypted according to a new encryption key.
Japanese Unexamined Patent Application Publication No. 2004-201038 discloses a data storage apparatus, an information processor having the data storage apparatus, and a data processing method and data processing program for encrypting data to be stored and encryption keys of the data where user authentication and data encryption is used concurrently.
However, updating the encryption keys makes differentiating data encrypted according to an old encryption key from data encrypted according to a new encryption key difficult. Thus, the data encrypted according to the old encryption key are decrypted and read according to the new encryption key.
The application is disclosed to solve the issues described above. An object of the present application is to provide a storage apparatus and an encrypted data processing method to prevent decrypting and outputting data encrypted according to the old encryption key with the new encryption key.
According to the present application, a storage apparatus for storing data onto a recording medium has an encryption key updater for configuring an updated encryption key and identification information thereof, an encryptor for encrypting data by a specific unit according to the encryption key configured by the encryption key updater, a storage for adding the identification information configured by the encryption key updater to the data encrypted by the encryptor and storing the encrypted data and the identification information onto the recording medium, a reader for reading the encrypted data stored by the storage and the identification information added to the encrypted data, a judge for judging whether the identification information added to the encrypted data read by the reader matches the identification information configured by the encryption key updater, and a decryptor for decrypting the encrypted data according to the encryption key configured by the encryption key updater and outputting the decrypted data where the judge judges that the identification information added to the encrypted data by the encryptor matches the identification information configured by the encryption key updater.
The above-described embodiments of the present application are intended as examples, and all embodiments of the present application are not limited to including the features described above.
Reference may now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout.
Embodiments of the present application are disclosed with reference to the accompanying drawings.
First, the structure of the magnetic disk apparatus according to the first embodiment of the present application is disclosed.
The storage apparatus, a magnetic disk apparatus 1, communicates with a host 2 as shown in
The media 11 may be a perpendicular magnetic recording media or a longitudinal magnetic recording media. The media 11 have system areas in their recording areas. The encryption key update history information later described and encryption keys associated with the encryption key update history information are stored in the system areas. The heads 12 write data onto and read data from the media 11. The read channel 3 converts digital signals to be written onto the media 11 with the heads 12 into analog signals and reconverts analog signals read from the media 11 with the heads 12 into digital signals.
The encrypted data identification section 14 judges whether the encryption key of the data stored in the medium 11 matches the updated encryption key. The encryption-decryptor 15 encrypts data stored and decrypts data read out.
The MCU 16 controls the read channel 13, the encrypted data identification section 14 and the encryption-decryptor 15 according to commands issued from the host 2 or with various programs. The MCU 16 may be a CPU or a MPU. The SDRAM 17 buffers data transmitted with the host 2.
First, the encryption key update history information that is added to data will be described.
Each sector stores encrypted data encrypted by the encryption-decryptor 15, an error correcting code (ECC) and encryption key update history information representing an encryption key in bit count, which encrypts the data as shown in
Second, the encryption key update process executed by the magnetic disk apparatus according to the embodiments of the present application will be described.
The MCU 16 generates entropy on receiving the command from the host 2, in operation S101. Then random numbers are generated based on the entropy in operation S102. In operation S103, the latest encryption key update history information is read from the system area of the medium 11 and the information is incremented. In operation S104, the generated random numbers are used as an encryption key and the encryption key is associated with the incremented encryption key update history information and the encryption key and the encryption key update history information are stored in the system area of the medium 11.
Before storing the encryption key in the system area of the medium 11, the encryption key itself is encrypted. The encryption key and the encryption key update history information stored in the system area are read by the MPU through the read channel and configured in the HDC. Hereinafter, the configuration process will be explained.
When the magnetic disk apparatus 1 is activated, the MCU 16 access to the system area of the medium with head 12 through read channel 13 in operation S201. In operation S202, the encryption key update history information is read from the system area. The encryption key update history information corresponding to the latest encryption key is configured in the HDC 1a in an encryption key configuration operation, S203.
The encryption-decryptor 15 encrypts data transmitted from the host 2 according to the encryption key configured in the HDC 1a as described above. Hereinafter, the encryption process will be described.
First, the encryption-decryptor 14 included in the HDC 1a obtains data transmitted from the host 2 in operation S301. In the encryption operation, S302, the data are encrypted and stored by sector according to the encryption key configured. Then the configured encryption key update history information and an ECC are added to the data by sector with the head 12 through the read channel 13 in the storing operation, S303.
The encrypted and stored data are checked against the encryption key update history information configured in the HDC 1a to confirm whether the encryption key used in encrypting the data matches the latest encryption key. The encryption key identification process executed by the HDC 1a will be described.
The MCU 16 reads the data to which the encryption key identification information is added by sector from the medium 11 with the head 12 through the read channel 13 in the reading operation, S401. In the judgment operation, S402, the judge judges whether a value of the encryption key identification information added to the data by sector match a value of the encryption key identification information n configured in the HDC 1a.
Where the value of the encryption key identification information n added to the data by sector is confirmed to be “n” in the decryption operation, S402, the MCU 16 commands the encryption-decryptor 15 to decrypt the data in the decryption operation, S403. Then the decrypted data are transmitted to the host 2 in the decryption operation, S404.
Where the value of the encryption key identification information added to the data by sector is confirmed not to be “n” in operation S402, the MCU 16 commands the encrypted data identification section 14 to substitute the data with “0” or an arbitrary value and transmit the data to the host 2 in operation S405. Alternatively, the encrypted data identification section 14 may not transmit the data because of the encryption key mismatch.
The data encrypted according to the old encryption key is protected because the encryption key update history information is added to the data by sector and not to transmit the data to the host 2. Alternatively, the data encrypted according to the old encryption key are substituted with “0” or the arbitrary value to default the data before being transmitted to the host 2. If data are not encrypted, the data could be invalid by changing encryption key update history information.
The magnetic disk apparatus according to the second embodiment of the present application re-encrypts data encrypted according to an old encryption key with a new encryption key. Hereinafter, the structure and operations of the magnetic disk apparatus in the second embodiment will be described.
The structure of the magnetic disk apparatus in the second embodiment will be described.
The magnetic disk apparatus 1 according to the first embodiment stores only the latest encryption key n and encryption key update history information n corresponding to the latest encryption key n in the system area of the medium 11. The encryption key update history table shown in
Next, re-encryption process in the second embodiment will be described.
The MCU 16 reads data stored in sectors with the head 12 through the read channel 13 in the reading operation, S501. Then the encrypted data identification section 14 judges whether a value of encryption key identification information added to the data stored in the sectors are “n” to confirm whether the data are encrypted according to the latest encryption key in the judgment operation, S502.
Where the encryption key identification information is confirmed not to be “n” in the encryption key configuration operation, S502, the MCU 16 refers the encryption key identification table and configures the previous encryption key corresponding to the encryption key identification information in the encryption-decryptor 15 in the encryption key configuration operation, S503. The encryption-decryptor 15 decrypts the data stored in the sectors according to the old encryption key in the decryption operation, S504. The decrypted data are stored in the SDRAM 17 in the decryption operation, S505. Then a new encryption key is configured in the encryption-decryptor 15 in the encryption key configuration operation, S506. The data stored in the SDRAM 17 are encrypted according to the new encryption key in the encryption operation, S507. Encryption key identification information corresponding to the new encryption key is added by sector and stored in the read channel 13 in the storing operation, S508. Then the value of the encryption key update history information added to the data by sector is confirmed to be “n” or not in operation S509.
Where the value of the encryption key update history information is confirmed to be “n” in operation S509, the MCU 16 terminates the re-encryption process.
Where the value of the encryption key update history information is confirmed not to be “n” in operation S509, the MCU 16 reads the data with the head 12 through the reread channel 13 in operation S501.
Where the value of the encryption key identification information is confirmed to be “n” in operation S502, the MCU 16 judges whether the encryption key update history information added to the data is “n” in operation S509.
Accordingly, the magnetic disk apparatus 1 according to the second embodiment re-encrypts the data encrypted according to the old encryption key with the new encryption key. If the re-encryption process is interrupted, the re-encryption process is resumed from the sector where the process is interrupted with reference to the encryption key update history information added to the data. The magnetic disk apparatus 1 executes the re-encryption process shown in
The magnetic disk apparatus according to the third embodiment uses multiple encryption keys concurrently. The encryption key update history information and the encryption key type information are added to data by sector and stored in encrypting the data. The magnetic disk apparatus according to this embodiment selects an encryption key for decrypting the data from among the multiple encryption keys with reference to the encryption key type information added. Hereinafter, a structure of the magnetic disk apparatus according to the third embodiment and the encryption key identification process will be described.
First, the encryption key type table will be described.
The encryption key type table stored in the system area of the medium 11 provides associations between the encryption keys, the latest encryption key update history information, the encryption key type information and encryption key IDs as shown in
Next, the encryption key identification process according to the third embodiment will be discussed.
The MCU 16 reads data to which the encryption key update history information is added by sector from the medium with the head 12 through the read channel 13 in the reading operation, S601. The encrypted data identification section judges whether the value of the encryption key update history information added to the data by sector and the value of the encryption key update history information n configured in the HDC 1a are the same in the judgment operation, S602.
Where the value of the encryption key update history information added to the data is confirmed to be “n” in operation S602, the MCU 16 refers the encryption key type information added to the data and configures an encryption key corresponding to the encryption key type information in the encryption-decryptor 15 in the encryption key configuration operation, S603. In the decryption operation, S604, the encryption-decryptor 15 decrypts the data. Then the decrypted data are transmitted to the host 2 in the decryption operation, S605.
Where the value of the encryption key type information added to the data is confirmed not to be “n” in the operation S602, the MCU 16 commands the encrypted data identification section 14 to substitute the data with “0” or the arbitrary value and transmit the substituted data to the host 2 in operation S606. Alternatively, the encrypted data identification section 14 may not transmit the data because of the encryption key mismatch.
Accordingly, the magnetic disk apparatus 1 according in the third embodiment uses the encryption keys at different security levels in accordance with the data. The encryption keys are user-selectable in storing data.
Storage apparatuses applying different systems may be substituted with the magnetic disk apparatuses according to the embodiments described above.
Although a few preferred embodiments of the present application have been shown and described, it would be appreciated by those skilled in the art that changes may be made in these embodiments without departing from the principles and spirit of the application, the scope of which is defined in the claims and their equivalents.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2007-281584 | Oct 2007 | JP | national |
