Patent application number | Description | Published |
20090110188 | CONFIGURABLE RANDOM NUMBER GENERATOR - A method for random number generation includes generating random number sequences using a Random Number Generator (RNG) circuit having an externally-modifiable configuration. The RNG circuit generates a first random number sequence having a first measure of randomness, and modifies the configuration of the RNG circuit, causing the RNG circuit to generate a second random number sequence having a second measure of the randomness, indicating a degree of the randomness that is no less than the first measure. | 04-30-2009 |
20090110190 | FAST SECURE BOOT IMPLEMENTATION - A method for data storage includes employing a first CPU to execute code from a ROM associated therewith. A second CPU is employed to upload code from a flash memory to a code RAM associated with the first CPU, while the first CPU is available to perform other tasks. | 04-30-2009 |
20090112823 | WRITE FAILURE PROTECTION FOR HIERARCHICAL INTEGRITY SCHEMES - A method for data integrity protection includes arranging in an integrity hierarchy a plurality of data blocks, which contain data. The integrity hierarchy includes multiple levels of signature blocks containing signatures computed respectively over lower levels in the hierarchy, wherein the levels culminate in a top-level block containing a top-level signature computed over the hierarchy. A modification to be made in the data stored in a given data block is received. One or more of the signatures is recomputed in response to the modification, including the top-level signature. Copies of the given data block, and of the signature blocks, including a copy of the top-level block, are stored in respective locations in a storage medium. An indication that the copy is a valid version of the top-level block is recorded in the copy of the top-level block. | 04-30-2009 |
20090113117 | RE-FLASH PROTECTION FOR FLASH MEMORY - A method for storing data includes providing a memory package including an integrated circuit containing a non-volatile memory and counter circuitry. The data is written to the non-volatile memory. The counter circuitry is operated to maintain a count of write operations performed on the non-volatile memory. The data and the count from the memory package are received at a controller, separate from the memory package, and the data is authenticated in response to the count. | 04-30-2009 |
20090113146 | SECURE PIPELINE MANAGER - A method for data storage includes supplying data to and from a host to a storage memory via a secure data path. A first CPU is employed to control operation of the storage memory, and a second CPU is employed to control operation of the secure data path. | 04-30-2009 |
20090113207 | SECURE OVERLAY MANAGER PROTECTION - A method for protection of data includes maintaining a control parameter indicative of a current version of the data. The data is partitioned into multiple segments. Respective signatures of the segments are computed, responsively to the control parameter, the segments and respective signatures forming respective signed input segments, which are stored in a memory. After the signed input segments are stored, a signed output segment is fetched from the memory. The signature of the signed output segment is verified responsively to the control parameter, and the data in the signed output segment is processed responsively to verifying the signature. | 04-30-2009 |
20090113214 | SOFTWARE PROTECTION AGAINST FAULT ATTACKS - A method for protecting information in a device includes providing a device with a non-secure hardware domain, a processor having a software-controlled mode of operation, and a secure hardware domain having a secure memory that is inaccessible by the processor when the processor is operating in the software-controlled mode of operation. Data from the non-secure hardware domain is established in the secure hardware domain. Computing operations are executed on the data in the secure hardware domain to produce a result. The secure hardware domain is purged, while retaining the result therein. The result is thereafter returned from the secure hardware domain into the non-secure hardware domain. | 04-30-2009 |
20090113217 | MEMORY RANDOMIZATION FOR PROTECTION AGAINST SIDE CHANNEL ATTACKS - Side channel attacks against a computing device are prevented by combinations of scrambling data to be stored in memory and scrambling the memory addresses of the data using software routines to execute scrambling and descrambling functions. Encrypted versions of variables, data and lookup tables, commonly employed in cryptographic algorithms, are thus dispersed into pseudorandom locations. Data and cryptographic primitives that require data-dependent memory accesses are thus shielded from attacks that could reveal memory access patterns and compromise cryptographic keys. | 04-30-2009 |
20090113218 | SECURE DATA PROCESSING FOR UNALIGNED DATA - A method for data cryptography includes accepting input data, which contains a section that is to undergo a cryptographic operation and starts at an offset with respect to a beginning of the input data, by a Direct Memory Access (DMA) module. The input data is aligned by the DMA module to cancel out the offset. The aligned input data is read out of the DMA module, and the cryptographic operation is performed on the section. | 04-30-2009 |
20100153673 | DATA ACCESS AT A STORAGE DEVICE USING CLUSTER INFORMATION - Systems and methods for accessing data at a data storage device are disclosed. In a particular embodiment, a method includes receiving cluster information at a controller of a data storage device, the data storage device further including a memory, the cluster information being associated with a data file that is stored at the memory. The method also includes accessing the cluster information to locate at least one region of the memory corresponding to the data file. The method further includes accessing data from the data file at the at least one region of the memory that is identified by the cluster information. Accessing of data from the data file includes the controller executing an internal application. | 06-17-2010 |
20100332855 | Method and Memory Device for Performing an Operation on Data - A method and memory device for implementing long operations and supporting multiple streams are provided. In one embodiment, a memory device receives data and a command from a host to perform an operation on the data, wherein a time required for the memory device to complete the operation exceeds a maximum response time for the memory device to respond to the command. The memory device begins performing the operation on the data and, before exceeding the maximum response time and before completing the operation, sends the context of the operation to the host. At a later time, the memory device receives from the host: (i) a command to resume performing the operation and (ii) the context. The memory device then resumes performing the operation on the data based on the context received from the host. | 12-30-2010 |
20110314295 | Storage Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme - A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device. | 12-22-2011 |
20110314296 | Host Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme - A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device. | 12-22-2011 |
20120042376 | Host Device and Method for Securely Booting the Host Device with Operating System Code Loaded From a Storage Device - A host device and method for securely booting the host device with operating system code loaded from a storage device are provided. In one embodiment, a host device is in communication with a storage device having a private memory area storing boot loader code and a public memory area storing operating system code. The host device instructs the storage device to initiate a boot mode and receives the boot loader code from the storage device. The host device executes the boot loader code which performs a security check and executes the operating system code loaded from the storage device only if the security check is successful. | 02-16-2012 |
20120185442 | Write Failure Protection for Hierarchical Integrity Schemes - A method for data integrity protection includes arranging in an integrity hierarchy a plurality of data blocks, which contain data. The integrity hierarchy includes multiple levels of signature blocks containing signatures computed respectively over lower levels in the hierarchy, wherein the levels culminate in a top-level block containing a top-level signature computed over the hierarchy. A modification to be made in the data stored in a given data block is received. One or more of the signatures is recomputed in response to the modification, including the top-level signature. Copies of the given data block, and of the signature blocks, including a copy of the top-level block, are stored in respective locations in a storage medium. An indication that the copy is a valid version of the top-level block is recorded in the copy of the top-level block. | 07-19-2012 |
20120213358 | Digital Random Number Generator Based on Digitally-Controlled Oscillators - A system for random number generation includes a digital oscillator circuit, which has a set of available configurations and is operative to generate a random number sequence in accordance with a current configuration selected from the set. The system further includes a randomization circuit, which is operative to produce a pseudo-random stream of values corresponding to the available configurations of the digital oscillator circuit, and to control the digital oscillator circuit to alternate among the available configurations in accordance with the pseudo-random stream of values. | 08-23-2012 |
20120246442 | STORAGE DEVICE AND METHOD FOR UPDATING DATA IN A PARTITION OF THE STORAGE DEVICE - A storage device and method for updating data stored in a partition of the storage device are provided. In one embodiment, a storage device is provided that contains a logical-to-physical address map and a memory with a first partition storing original data and a second partition. The storage device receives from a host device (i) a command to write updated data to a first logical address and (ii) a signature for verifying integrity of the updated data, wherein the first logical address is mapped to a physical address of the first partition. The storage device then stores the updated data in the second partition instead of the first partition and attempts to verify the signature of the updated data. If the attempt to verify the signature is successful, the storage device updates the logical-to-physical address map to map the first logical address to a physical address of the second partition. | 09-27-2012 |
20120317423 | Memory randomization for protection against side channel attacks - Side channel attacks against a computing device are prevented by combinations of scrambling data to be stored in memory and scrambling the memory addresses of the data using software routines to execute scrambling and descrambling functions. Encrypted versions of variables, data and lookup tables, commonly employed in cryptographic algorithms, are thus dispersed into pseudorandom locations. Data and cryptographic primitives that require data-dependent memory accesses are thus shielded from attacks that could reveal memory access patterns and compromise cryptographic keys. | 12-13-2012 |
20130024682 | Storage Device and Method for Updating a Shadow Master Boot Record - A storage device and method for updating a shadow master boot record (MBR) are provided. In one embodiment, a storage device is provided having a memory with a first storage area and a second storage area. The storage device receives updated sectors of the shadow MBR from a host device and writes the updated sectors in the second storage area. The storage device determines a highest written sector in the first storage area that is occupied by the shadow MBR. The storage device copies the non-updated sectors of the shadow MBR from the first storage area to the second storage area, wherein only the non-updated sectors up to the highest written sector are copied. Accordingly, any non-updated sectors above the highest written sector are not copied from the first storage area to the second storage area. The storage device then designates the second storage area as storing a current version of the shadow MBR. | 01-24-2013 |
20140082324 | Method and Storage Device for Using File System Data to Predict Host Device Operations - A method and storage device for using file system data to predict host device operations are disclosed. In one embodiment, a storage device is disclosed having a first memory storing data and file system metadata, a second memory, and a controller. In response to receiving a command from the host device to read a first address in the first memory, the controller reads data from the first address in the first memory and returns it to the host device. The controller predicts a second address in the first memory to be read by a subsequent read command from the host device, reads the data from the predicted second address, and stores it in the second memory. | 03-20-2014 |
20140223182 | METHODS AND DEVICES FOR AUTHENTICATION AND KEY EXCHANGE - One feature pertains to a content accessing device for securing content. The content accessing device is provisioned with a cryptographic algorithm, and generates a symmetric key also known to a content storage device. The content accessing device sends a first authentication challenge to the content storage device, where the first authentication challenge is based on the cryptographic algorithm and the symmetric key. The content accessing device receives a second authentication challenge from the content storage device in response to sending the first authentication challenge, and determines whether the first authentication challenge is different from the second authentication challenge. If the second authentication challenge is different from the first authentication challenge the content accessing device sends a first response to the content storage device in response to the second authentication challenge. | 08-07-2014 |