US2021192090A1PendingUtilityA1

Secure data storage device with security function implemented in a data security bridge

58
Assignee: NYQUIST SEMICONDUCTOR LTDPriority: Apr 10, 2017Filed: Feb 22, 2021Published: Jun 24, 2021
Est. expiryApr 10, 2037(~10.7 yrs left)· nominal 20-yr term from priority
Inventors:Zining Wu
H04L 2209/12G06F 21/602H04L 9/0897H04L 9/3226G06F 21/78G06F 21/604H04L 9/3247G06F 21/80H04L 9/3234G06F 21/32
58
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A storage device includes: a controller; a storage medium coupled to the controller; and a data security bridge comprising a security module and a key management module; wherein the security module is configured to perform data encryption and/or data decryption; and wherein the key management module is configured to obtain a first security key stored in the storage device, obtain a second security key received by the storage device, and perform a user authentication based on the first security key and the second security key.

Claims

exact text as granted — not AI-modified
1 . A storage device comprising:
 a controller;   a storage medium coupled to the controller; and   a data security bridge comprising a security module and a key management module;   wherein the security module is configured to perform data encryption and/or data decryption; and   wherein the key management module is configured to obtain a first security key stored in the storage device, obtain a second security key received by the storage device, and perform a user authentication based on the first security key and the second security key.   
     
     
         2 . The storage device of  claim 1 , further comprising a first interface for communication with a station, and a second interface configured to allow communication between the data security bridge with the controller. 
     
     
         3 . The storage device of  claim 2 , wherein the first interface and the second interface are of a same type. 
     
     
         4 . The storage device of  claim 2 , wherein the first interface and the second interface are of different types. 
     
     
         5 . The storage device of  claim 2 , wherein the second interface is an internal interface integrated with the controller. 
     
     
         6 . The storage device of  claim 1 , wherein the key management module is configured to perform the user authentication based on the first security key and the second security key each time the storage device is boot up from shutdown mode. 
     
     
         7 . The storage device of  claim 1 , wherein the key management module is configured to perform the user authentication based on the first security key and the second security key each time the storage device is waken up from power saving mode. 
     
     
         8 . The storage device of  claim 1 , further comprising a first interface and a second interface, wherein the security module is configured to receive data via the first interface, and perform data encryption on the received data to obtain encrypted data; and
 wherein the second interface is configured to transmit the encrypted data to the controller.   
     
     
         9 . The storage device of  claim 1 , further comprising a first interface and a second interface, wherein the controller is configured to retrieve encrypted data from the storage medium, and transmit the encrypted to the security module via the second interface; and
 wherein the security module is configured to decrypt the encrypted data to obtain decrypted data, and transmit the decrypted data out of the storage device via the first interface.   
     
     
         10 . The storage device of  claim 1 , further comprising a housing for accommodating the controller, the storage medium, and the data security bridge. 
     
     
         11 . The storage device of  claim 1 , wherein the key management module of the data security bridge comprises a medium configured to store the first security key. 
     
     
         12 . The storage device of  claim 1 , wherein the controller, the security module, and the key management module are integrated in an integrated circuit (IC) chip. 
     
     
         13 . The storage device of  claim 1 , wherein the second security key is stored in a USB or a cell phone. 
     
     
         14 . The storage device of  claim 1 , wherein storage device is configured to communicatively coupled with a bridge of a station via a connector, the connector comprising a SATA connector, a m.2 connector, a PCIe connector, an Ethernet connector, or a U.2 connector. 
     
     
         15 . The storage device of  claim 1 , further comprising a wireless receiver, wherein the storage device is configured to obtain the second security key via the wireless receiver. 
     
     
         16 . The storage device of  claim 1 , wherein the data security bridge further comprises a random number generator. 
     
     
         17 . The storage device of  claim 1 , wherein the storage medium is configured to store encrypted data. 
     
     
         18 . The storage device of  claim 1 , wherein the storage medium comprises a spinning disk. 
     
     
         19 . The storage device of  claim 1 , wherein the storage medium comprises HDD, or NAND flash. 
     
     
         20 . A station comprising the storage device of  claim 1 . 
     
     
         21 . The station of  claim 20 , wherein the station is configured to obtain a user identification that is different from the second security key 
     
     
         22 . The station of  claim 21 , wherein the user identification comprises a user password. 
     
     
         23 . The station of  claim 21 , wherein the user identification comprises a finger print, a retina scan, or a voice signature. 
     
     
         24 . The station of  claim 20 , wherein the station is configured to receive the second security key from an external device, and pass the second security key to the key management module in the storage device. 
     
     
         25 . The station of  claim 24 , wherein the external device comprises a USB. 
     
     
         26 . The station of  claim 24 , wherein the external device comprises a cell phone. 
     
     
         27 . The station of  claim 24 , comprising:
 a device detector configured to detect the external device;   a boot-up and/or wake-up controller configured to pause a boot-up and/or wake-up process in response to the device detector detecting the external device; and   a notification generator configured to notify a user to remove the external device.   
     
     
         28 . The station of  claim 27 , wherein the boot-up and/or wake-up controller is configured to resume the boot-up and/or wake-up process in response to the user removing the external device. 
     
     
         29 . A method performed by a storage device, the method comprising:
 obtaining a first security key from a medium in the storage device;   obtaining a second security key stored in an external device;   performing a user authentication by a key management module in the storage device based on the first security key and the second security key; and   retrieving encrypted data from a storage medium in the storage device based at least in part on a result of the act of performing the user authentication.   
     
     
         30 . The method of  claim 29 , further comprising obtaining a user identification from a user, wherein the encrypted data is retrieved from the storage medium in the storage device if the user identification satisfies a criteria and if the user authentication succeeds. 
     
     
         31 . The method of  claim 30 , wherein the user identification comprises a user password, a fingerprint, a retina scan, or a voice signature. 
     
     
         32 . The method of  claim 29 , wherein the external device comprises a USB or a cell phone. 
     
     
         33 . The method of  claim 29 , wherein the storage device comprises a wireless receiver, and wherein the second security key is obtained by the storage device using the wireless receiver. 
     
     
         34 . The method of  claim 29 , further comprising:
 receiving data at the storage device; and   performing data encryption on the received data to obtain the encrypted data.   
     
     
         35 . The method of  claim 29 , further comprising:
 transmitting the encrypted data to a security module in the storage device;   decrypting the encrypted data by the security module to obtain decrypted data; and   transmitting the decrypted data out of the storage device.   
     
     
         36 . The method  claim 29 , wherein the storage device is coupled to a station, and wherein the second security key is transmitted from the external device to the station, which passes the second security key to the storage device. 
     
     
         37 . The method of  claim 36 , further comprising:
 detecting a presence of the external device by the station;   pausing a boot-up and/or a wake-up process in response to the detected presence of the external device; and   notifying a user to remove the external device.   
     
     
         38 . The station of  claim 37 , further comprising resuming the boot-up and/or wake-up process in response to the user removing the external device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.