[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US20170277916A1 - Secure control of self-encrypting storage devices - Google Patents

Secure control of self-encrypting storage devices Download PDF

Info

Publication number
US20170277916A1
US20170277916A1 US15/482,226 US201715482226A US2017277916A1 US 20170277916 A1 US20170277916 A1 US 20170277916A1 US 201715482226 A US201715482226 A US 201715482226A US 2017277916 A1 US2017277916 A1 US 2017277916A1
Authority
US
United States
Prior art keywords
sid
storage device
value
nvm
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/482,226
Inventor
Shankar Natarajan
Jason R. Cox
Charles B. Foster
Hinesh K. Shah
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to US15/482,226 priority Critical patent/US20170277916A1/en
Publication of US20170277916A1 publication Critical patent/US20170277916A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/40Specific encoding of data in memory or cache
    • G06F2212/402Encrypted data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • the present disclosure relates to self-encrypting storage devices, and more particularly, to self-encrypting storage devices with secure control of access control enablement and activation.
  • Storage drives for example solid state drives (SSDs) or hard disk drives (HDDs), are often configured to provide security features including self-encryption and access control. These security features are designed to prevent a data breach in the event of physical loss or theft of the storage drive or the device containing the drive.
  • SSDs solid state drives
  • HDDs hard disk drives
  • FIG. 1 illustrates a top level system diagram of an example embodiment consistent with the present disclosure
  • FIG. 2 illustrates a block diagram of one example embodiment consistent with the present disclosure
  • FIG. 3 illustrates a flowchart of operations of one example embodiment consistent with the present disclosure
  • FIG. 4 illustrates a flowchart of operations of another example embodiment consistent with the present disclosure.
  • FIG. 5 illustrates a system diagram of a platform of another example embodiment consistent with the present disclosure.
  • Security features provided by storage devices may typically be enabled or disabled by the manufacturer in a fixed manner. It would generally be desirable, however, to provide a capability that allows the end user to enable or disable these types of security features, for example through a software configurable device setting, without compromising the integrity of the drive. This would avoid the requirement for a user to purchase different devices depending on their security needs and simplify the logistics for manufacturers and suppliers who would otherwise need to manage separate product lines.
  • Providing a user enable/disable capability may present a security threat since a malicious attacker could potentially enable the security feature remotely and take ownership of the drive by setting new access control authentication credentials. This would lock out the legitimate user, who may not even be aware that security is enabled on the drive.
  • the storage device may include a non-volatile memory (NVM) and a secure access control module.
  • the secure access control module may be configured to process commands received from a user or host system including a request to enable access controls of the NVM.
  • the secure access control module may further be configured to verify a physical presence of the user. Physical presence of the user may be verified by requiring the user to provide the Physical Security Identifier (PSID) associated with the storage device, which can generally be obtained in a limited manner, such as, for example, by reading a physical label on the storage device.
  • PSID Physical Security Identifier
  • the secure access control module may further be configured to allow the user to activate and provision access controls if the physical presence verification is successful and after a revert operation is performed.
  • the secure access control module may further include an encryption module configured to encrypt at least a portion of the NVM when access controls have been activated.
  • the NVM may include or otherwise be configured as a Solid State Drive (SSD) or magnetic disk in a Hard Disk Drives (HDD). Any suitable method of encryption may be used including, for example, the Advanced Encryption Standard (AES), the Data Encryption Standard (DES) and the International Data Encryption Algorithm (IDEA).
  • AES Advanced Encryption Standard
  • DES Data Encryption Standard
  • IDEA International Data Encryption Algorithm
  • the enablement of access controls may be considered an initialization or set-up activity of the storage device, to be performed by the user/owner of the storage device during an initial phase of deployment.
  • the terms “enablement,” “activation,” and “provisioning,” with respect to access controls are defined as follows.
  • “enablement” the access control capabilities of the device may be supported (embedded in hardware or software of the device, by the manufacturer) but remain in a disabled or hidden state until enablement is performed. After a successful enablement, activation may be performed to turn on the access controls so that portions of the NVM are encrypted or otherwise locked for security. Activation may also be accompanied by provisioning which is an operation to configure the access controls (e.g., provide additional authentication credentials for administrators and/or users and specify regions of the NVM for encryption, etc.).
  • FIG. 1 illustrates a top level system diagram 100 of one example embodiment consistent with the present disclosure.
  • a host system 104 is shown coupled to a self-encrypting storage device with secure control capability 110 .
  • the secure control capability of the storage device will be described in greater detail below.
  • the host system 104 may be, for example, a desktop computer, workstation, laptop computer, convertible tablet, notebook, smart phone, smart tablet, personal digital assistant (PDA) or mobile Internet device (MID).
  • PDA personal digital assistant
  • MID mobile Internet device
  • the host system 104 may be coupled to the storage device 110 through interface modules 108 a , 108 b and storage bus 130 , which may be configured as a Serial Advanced Technology Attachment (SATA) interface, a Serial Attached Small Computer System (SAS) Interface or a Peripheral Component Interconnect Express (PCIe) interface, a Universal Flash Storage (UFS) interface, an embedded Multimedia Controller interface (eMMC) or any other suitable type of interface.
  • SATA and SAS interfaces may comply with ANSI standards managed by T13 (www.t13.org) and T10 (www.t10.org) technical committees.
  • the PCIe interface may comply with the PCISIG standard (www.pcisig.com).
  • the UFS and eMMC may comply with the JEDEC standards (www.jedec.org).
  • the storage device 110 described in this disclosure may be configured as a solid state drive (SSD).
  • the storage device 110 may include hard disk drive (HDD).
  • An intended or legitimate user 102 may access the storage device 110 through the host system 104 and interface 108 and bus 130 .
  • a remote attacker or malicious user 106 may attempt to access the storage device 110 and attempt to enable access controls (and self-encryption of the device) to the detriment of the intended user 102 .
  • the secure control capability of the storage device 110 may be configured, however, to defeat such attempts, as will be described below.
  • FIG. 2 illustrates a block diagram 200 of one example embodiment consistent with the present disclosure.
  • the storage device 110 is shown to include a secure access control module 204 , a storage device side interface module 108 b and an NVM 220 .
  • the storage device 110 and/or the secure access control module 204 may be configured to implement, comply with, or otherwise be compatible with the Opal Storage Specification: “TCG Storage Security Subsystem Class: Opal,” Specification Version 1.00, Feb. 4, 2010 of the Trusted Computing Group (TCG), including current, previous and future versions of that specification.
  • the storage device 110 may also be referred to as a “Trusted Peripheral” in Opal terminology. Although operations will be described here in the context of Opal, it will be appreciated that these techniques may be applied to other similarly purposed storage device security systems.
  • the secure access control module 204 is shown to include a command processor module 212 , a verification module 214 , an encryption module 216 , a random number generator 218 and storage for a Security Identifier (SID) 206 , PSID 208 and a Manufacturer Security Identifier (MSID) 210 .
  • SID Security Identifier
  • MSID Manufacturer Security Identifier
  • the command processor module 212 may be configured to receive requests from a user or host system including a request to enable or disable the secure access control features of the NVM 220 . Any required encryption or decryption of one or more portions (e.g., address ranges) of the NVM 220 may be performed by encryption module 216 as appropriate.
  • the command processor module 212 may also be configured to receive the associated verification credentials (SID, PSID, etc.) that may be required from the user for these operations.
  • Verification module 214 may be configured to perform the verification operations, as will be described below, to verify the credentials and physical presence of the user.
  • a software application is provided by the manufacturer or an independent software vendor to send the appropriate configuration commands as specified in the TCG Opal spec to the storage device.
  • the software application issues a sequence of commands, called methods in the TCG specifications, to perform configuration and provisioning operations.
  • the software application invokes the Level 0 discovery command and Properties method to determine the capabilities of the secure access control module 204 (e.g., the OPAL security subsystem).
  • the StartSession method is used by the software application to initiate a communications session between the host system 104 and the storage device 110 .
  • This method can also pass a credential, such as the PSID or SID, to the storage device for authentication.
  • the storage device is configured to authenticate the credential and responds with success if the credential is successfully authenticated.
  • the software application invokes the Activate method, which is used to activate the locking and encryption management functionality supplied by the Opal subsystem in the storage device.
  • the session is then ended by the software application.
  • StartSession to initiate a new session and authenticate an Admins credential, in order to satisfy access control requirements necessary to perform configuration and provisioning operations, such as setting User passwords and access controls.
  • the software application invokes the Get method in a session, in order to retrieve metadata from tables in the subsystem, which are data structures employed to store configurations and metadata.
  • the software application invokes the Set method in a session to configure Users and Admins passwords, and configure the device to lock when the device power cycles.
  • the MSID 210 is an identifier, for example an alphanumeric value, which is used as a default credential for the storage device.
  • the MSID 210 is encoded or otherwise stored in a reserved location in non-volatile memory that is outside of the region of encrypted data of the non-volatile memory of the storage device 110 .
  • the MSID is accessed by a user/host system through the interface 108 through an appropriate set of commands Generally, the MSID, once set by the manufacturer, cannot be changed by the user.
  • the SID 206 is a security identifier, for example an alphanumeric value, or credential that is associated with the owner or legitimate user of the storage device 110 .
  • the SID 206 is typically initialized by the manufacturer to a default value that is set to the MSID 210 and can subsequently be changed by the user to enforce access controls on the device 110 .
  • the SID 206 can also be stored in a non-volatile memory of the storage device, for example, outside of the region of encrypted data.
  • the PSID 208 is a physical security identifier, for example an alphanumeric value, or credential that is associated with and unique to the storage device 110 .
  • the PSID 208 can be generated by the manufacturer and stored in a non-volatile memory of the storage device that is inaccessible through the interface 108 .
  • the PSID 208 cannot be read or otherwise discovered by any entity external to the device 110 through any electronic method.
  • the PSID 208 can, however, be printed on a label attached to the device 110 , or otherwise made available, for example through some visual method, to a user located in physical proximity to the device 110 .
  • the PSID is printed or otherwise visually accessible on the housing of the storage device 110 or on a housing of a system within which storage device 100 is incorporated. A remote attacker 106 can therefore be prevented from obtaining the PSID 208 .
  • the PSID is thus used to verify a physical presence of the device owner or legitimate user 102 , for example prior to enablement of the self-encryption feature.
  • physical presence does not necessarily require that the intended or legitimate user 102 need always be locally present in the proximity of the storage device 110 .
  • physical presence may indicate a one-time presence by the user 102 to visually obtain the PSID which may later be used during a verification process from a remote location.
  • FIG. 3 illustrates a flowchart of operations 300 of another example embodiment consistent with the present disclosure.
  • the operations provide a method for secure enablement and activation of access controls on a self-encrypting storage device.
  • a request is received to enable self-encryption (e.g., as implemented through Opal).
  • Opal is enabled for the device and a random number or string (generated for example by random number generator 218 ) is assigned to the SID for the device, which will no longer be the same as the MSID. This may prevent any further attempts to alter access control settings until the current operation is successfully completed (e.g., by the intended user 102 ).
  • the random number generator 218 may implement a non-deterministic random number generation algorithm to reduce the probability that a remote attacker might predict the random number value.
  • a request is received for a revert operation, via the TCG Opal Revert method.
  • the requester's physical presence is verified at operation 340 , by supplying a valid PSID associated with the device, via a TCG method such as StartSession or Authenticate. Because access to the PSID is limited to visual observation of some portion of the device, such as a printed label as described previously, knowledge of the PSID may be used to verify the physical presence of the requester. If the verification fails, then at operation 350 the Revert method invocation will subsequently be denied and the SID remains set to the random value. In some embodiments, an alert may be generated to log the event and/or notify the legitimate user (e.g., intended user 102 ) of a failed attempt to enable access controls (Opal).
  • the revert operation is performed.
  • the SID is reset back to the MSID associated with the device and Opal is left in an enabled state.
  • the user may optionally, activate and provision Opal, at operation 380 , for example through the Activate method executed by the software application.
  • FIG. 4 illustrates a flowchart of operations 400 of another example embodiment consistent with the present disclosure.
  • the operations provide a method for secure control of access control enablement and activation on a self-encrypting storage device.
  • a request is received to enable access controls of the storage device.
  • the request is received from a user of a host system of the storage device, for example through a software application that requests the storage device to enable OPAL security by sending an appropriate sequence of commands.
  • the StartSession method is used to initiate a communications session and authenticate the SID credential.
  • the Activate method is used to activate the locking functionality provided by the Opal subsystem implemented in the storage device.
  • access controls e.g., OPAL security
  • the physical presence of the user is verified, for example by supplying a valid PSID associated with the device as printed on the storage device label.
  • the software application may be configured to prompt the user to enter the PSID.
  • the user may then enter the PSID through the software application.
  • the software application may send the PSID to the storage device, for example by using the StartSession method or using the Authenticate method in a session that has already been initiated.
  • the storage device verifies the submitted PSID and responds with the verification result. Because access to the PSID is limited to visual observation of some portion of the device, such as a printed label as described previously, knowledge of the PSID may be used to verify the physical presence of the requester.
  • the software application invokes the “Revert” command which resets the SID to MSID and activation of self-encryption of the storage device is then possible, via execution of the Activate method. If the physical presence verification fails, access controls (e.g., OPAL security) may remain in their existing state and the SID remains set to the random value.
  • access controls e.g., OPAL security
  • FIG. 5 illustrates a system diagram 500 of one example embodiment consistent with the present disclosure.
  • the system 500 may be a mobile platform 510 or computing device such as, for example, a smart phone, smart tablet, personal digital assistant (PDA), mobile Internet device (MID), convertible tablet, notebook or laptop computer, or any other suitable device.
  • PDA personal digital assistant
  • MID mobile Internet device
  • the system 500 may be a workstation or desktop computer.
  • the device may generally present various interfaces to a user via a display element 560 such as, for example, a touch screen, liquid crystal display (LCD) or any other suitable display type.
  • LCD liquid crystal display
  • the system 500 is shown to include a host system 104 that may further include any number of processors 520 and memory modules 530 .
  • the processors 520 may be implemented as any number of processor cores.
  • the processor (or processor cores) may be any type of processor, such as, for example, a micro-processor, an embedded processor, a digital signal processor (DSP), a graphics processor (GPU), a network processor, a field programmable gate array or other device configured to execute code.
  • the processors may be multithreaded cores in that they may include more than one hardware thread context (or “logical processor”) per core.
  • the memory 530 may be coupled to the processors.
  • the memory 530 may be any of a wide variety of memories (including various layers of memory hierarchy and/or memory caches) as are known or otherwise available to those of skill in the art. It will be appreciated that the processors and memory may be configured to store, host and/or execute one or more user applications or other software modules. These applications may include, but not be limited to, for example, any type of computation, communication, data management, data storage and/or user interface task. In some embodiments, these applications may employ or interact with any other components of the mobile platform 510 .
  • System 500 is also shown to include network interface module 540 which may include wireless communication capabilities, such as, for example, cellular communications, Wireless Fidelity (WiFi), Bluetooth®, and/or Near Field Communication (NFC).
  • the wireless communications may conform to or otherwise be compatible with any existing or yet to be developed communication standards including past, current and future version of Bluetooth®, Wi-Fi and mobile phone communication standards.
  • System 500 is also shown to include an input/output (IO) system or controller 550 which may be configured to enable or manage data communication between processor 520 and other elements of system 500 or other elements (not shown) external to system 500 .
  • IO input/output
  • System 500 is also shown to include a self-encrypting storage device with secure control 110 , as described previously.
  • Storage device 110 may further include a secure access control module (e.g., Opal) and an NVM as illustrated in FIG. 2 .
  • Interface modules 108 a , 108 b may also be provided to couple the storage device 110 to the host system 104 over a storage bus.
  • the various components of the system 500 may be combined in a system-on-a-chip (SoC) architecture.
  • the components may be hardware components, firmware components, software components or any suitable combination of hardware, firmware or software.
  • Embodiments of the methods described herein may be implemented in a system that includes one or more storage mediums having stored thereon, individually or in combination, instructions that when executed by one or more processors perform the methods.
  • the processor may include, for example, a system CPU (e.g., core processor) and/or programmable circuitry.
  • a system CPU e.g., core processor
  • programmable circuitry e.g., programmable circuitry.
  • operations according to the methods described herein may be distributed across a plurality of physical devices, such as, for example, processing structures at several different physical locations.
  • the method operations may be performed individually or in a subcombination, as would be understood by one skilled in the art.
  • the present disclosure expressly intends that all subcombinations of such operations are enabled as would be understood by one of ordinary skill in the art.
  • the storage medium may include any type of tangible medium, for example, any type of disk including floppy disks, optical disks, compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), digital versatile disks (DVDs) and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic and static RAMs, erasable programmable read-only memories (EPROMs), electrically erasable programmable read-only memories (EEPROMs), flash memories, magnetic or optical cards, or any type of media suitable for storing electronic instructions.
  • ROMs read-only memories
  • RAMs random access memories
  • EPROMs erasable programmable read-only memories
  • EEPROMs electrically erasable programmable read-only memories
  • flash memories magnetic or optical cards, or any type of media suitable for storing electronic instructions.
  • Circuitry may include, for example, singly or in any combination, hardwired circuitry, programmable circuitry, state machine circuitry, and/or firmware that stores instructions executed by programmable circuitry.
  • An application or “app” may be embodied as code or instructions which may be executed on programmable circuitry such as a host processor or other programmable circuitry.
  • a module as used in any embodiment herein, may be embodied as circuitry.
  • the circuitry may be embodied as an integrated circuit, such as an integrated circuit chip.
  • the present disclosure provides systems, devices, methods and computer readable media for secure control of access control enablement and activation on self-encrypting storage devices.
  • the following examples pertain to further embodiments.
  • the device may include a non-volatile memory (NVM) and a secure access control module.
  • the secure access control module of this example may include a command processor module to receive a request to enable access controls of the NVM, from a user, and to enable the access controls; a verification module to verify a physical presence of the user; and an encryption module to allow encryption of at least a portion of the NVM in response to an indication of success from the verification module.
  • Example 2 may include the subject matter of Example 1, and the secure access control module implements Opal Storage Specification access controls.
  • Example 3 may include the subject matter of Examples 1 and 2, further including a random number generator to generate a random number and update a Security Identifier (SID) associated with the access controls to the random number.
  • SID Security Identifier
  • Example 4 may include the subject matter of Examples 1-3, and the verification of the physical presence of the user is based on receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • PSID Physical Security Identifier
  • Example 5 may include the subject matter of Examples 1-4, and the PSID is displayed on a housing of the storage device.
  • Example 6 may include the subject matter of Examples 1-5, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 7 may include the subject matter of Examples 1-6, and the secure access control module is further to perform a revert operation of the storage device, if the verification of the physical presence is successful.
  • Example 8 may include the subject matter of Examples 1-7, and the revert operation restores the SID to a Manufacturer Security Identifier (MSID).
  • MSID Manufacturer Security Identifier
  • Example 9 may include the subject matter of Examples 1-8, and the secure access control module is further to allow configuration of the access controls of the NVM if the verification of the physical presence is successful.
  • Example 10 may include the subject matter of Examples 1-9, and the NVM is a solid state drive (SSD).
  • SSD solid state drive
  • Example 11 may include the subject matter of Examples 1-10, and the secure access control module is further to communicate with a host system through an interface module and a storage bus, the interface module to implement one of a Serial Advanced Technology Attachment (SATA) interface, a Serial Attached Small Computer System (SAS) Interface, a Peripheral Component Interconnect Express (PCIe) interface, a Universal Flash Storage (UFS) interface and/or an embedded Multimedia Controller interface (eMMC).
  • SATA Serial Advanced Technology Attachment
  • SAS Serial Attached Small Computer System
  • PCIe Peripheral Component Interconnect Express
  • UFS Universal Flash Storage
  • eMMC embedded Multimedia Controller interface
  • Example 12 there is provided a method for secure control of a storage device.
  • the method may include receiving a request, from a user, to enable access controls of an NVM; enabling the access controls in response to the request; verifying a physical presence of the user; and allowing activation of self-encryption of the NVM in response to success of the verifying.
  • Example 13 may include the subject matter of Example 12, and the storage device implements Opal Storage Specification access controls.
  • Example 14 may include the subject matter of Examples 12 and 13, and the enabling of the access controls further includes generating a random number and updating a Security Identifier (SID) associated with the access controls to the random number.
  • SID Security Identifier
  • Example 15 may include the subject matter of Examples 12-14, and the verifying of the physical presence of the user further includes receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • PSID Physical Security Identifier
  • Example 16 may include the subject matter of Examples 12-15, and the PSID is displayed on a housing of the storage device.
  • Example 17 may include the subject matter of Examples 12-16, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 18 may include the subject matter of Examples 12-17, further including performing a revert operation of the storage device, in response to success of the verifying.
  • Example 19 may include the subject matter of Examples 12-18, and the revert operation further includes restoring the SID to a Manufacturer Security Identifier (MSID).
  • MSID Manufacturer Security Identifier
  • Example 20 may include the subject matter of Examples 12-19, further including allowing configuration of the access controls of the NVM in response to success of the verifying.
  • the mobile platform may include a processor; a display element coupled to the processor; and an SSD storage device coupled to the processor.
  • the SSD of this example may include a non-volatile memory (NVM) and a secure access control module.
  • the secure access control module of this example may include a command processor module to enable access controls of the NVM in response to a request from the processor; a verification module to verify a physical presence of a user; and an encryption module to allow encryption of at least a portion of the NVM in response to an indication of success from the verification module.
  • Example 22 may include the subject matter of Example 21, and the secure access control module implements Opal Storage Specification access controls.
  • Example 23 may include the subject matter of Examples 21-22, and the verification of the physical presence of the user is based on receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • PSID Physical Security Identifier
  • Example 24 may include the subject matter of Examples 21-23, and the PSID is displayed on a housing of the storage device.
  • Example 25 may include the subject matter of Examples 21-24, and the secure access control module is further to perform a revert operation of the storage device, if the verification of the physical presence is successful.
  • Example 26 may include the subject matter of Examples 21-25, and the revert operation restores the SID to a Manufacturer Security Identifier (MSID).
  • MSID Manufacturer Security Identifier
  • Example 27 may include the subject matter of Examples 21-26, and the secure access control module is further to allow configuration of the access controls of the NVM if the verification of the physical presence is successful.
  • Example 28 may include the subject matter of Examples 21-27, and the secure access control module is further to communicate with a host system through an interface module and a storage bus, the interface module to implement one of a Serial Advanced Technology Attachment (SATA) interface, a Serial Attached Small Computer System (SAS) Interface, a Peripheral Component Interconnect Express (PCIe) interface, a Universal Flash Storage (UFS) interface and/or an embedded Multimedia Controller interface (eMMC).
  • SATA Serial Advanced Technology Attachment
  • SAS Serial Attached Small Computer System
  • PCIe Peripheral Component Interconnect Express
  • UFS Universal Flash Storage
  • eMMC embedded Multimedia Controller interface
  • Example 29 may include the subject matter of Examples 21-28, and the mobile platform is a smart phone, smart tablet, notebook or laptop computer.
  • Example 30 there is provided at least one computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for secure control of a storage device.
  • the operations may include receiving a request, from a user, to enable access controls of an NVM; enabling the access controls in response to the request; verifying a physical presence of the user; and allowing activation of self-encryption of the NVM in response to success of the verifying.
  • Example 31 may include the subject matter of Example 30, and the storage device implements Opal Storage Specification access controls.
  • Example 32 may include the subject matter of Examples 30 and 31, and the enabling of the access controls further includes the operations of generating a random number and updating a Security Identifier (SID) associated with the access controls to the random number.
  • SID Security Identifier
  • Example 33 may include the subject matter of Examples 30-32, and the verifying of the physical presence of the user further includes the operation of receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • PSID Physical Security Identifier
  • Example 34 may include the subject matter of Examples 30-33, and the PSID is displayed on a housing of the storage device.
  • Example 35 may include the subject matter of Examples 30-34, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 36 may include the subject matter of Examples 30-35, further including the operation of performing a revert operation of the storage device, in response to success of the verifying.
  • Example 37 may include the subject matter of Examples 30-36, and the revert operation further includes the operation of restoring the SID to a Manufacturer Security Identifier (MSID).
  • MSID Manufacturer Security Identifier
  • Example 38 may include the subject matter of Examples 30-37, further including allowing configuration of the access controls of the NVM in response to success of the verifying.
  • Example 39 there is provided a system for secure control of a storage device.
  • the system may include means for receiving a request, from a user, to enable access controls of an NVM; means for enabling the access controls in response to the request; means for verifying a physical presence of the user; and means for allowing activation of self-encryption of the NVM in response to success of the verifying.
  • Example 40 may include the subject matter of Example 39, and the storage device implements Opal Storage Specification access controls.
  • Example 41 may include the subject matter of Examples 39 and 40, and the enabling of the access controls further includes means for generating a random number and updating a Security Identifier (SID) associated with the access controls to the random number.
  • SID Security Identifier
  • Example 42 may include the subject matter of Examples 39-41, and the verifying of the physical presence of the user further includes means for receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • PSID Physical Security Identifier
  • Example 43 may include the subject matter of Examples 39-42, and the PSID is displayed on a housing of the storage device.
  • Example 44 may include the subject matter of Examples 39-43, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 45 may include the subject matter of Examples 39-44, further including means for performing a revert operation of the storage device, in response to success of the verifying.
  • Example 46 may include the subject matter of Examples 39-45, and the revert operation further includes means for restoring the SID to a Manufacturer Security Identifier (MSID).
  • MSID Manufacturer Security Identifier
  • Example 47 may include the subject matter of Examples 39-46, further including means for allowing configuration of the access controls of the NVM in response to success of the verifying.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

Generally, this disclosure provides systems, devices, methods and computer readable media for secure control of access control enablement and activation on self-encrypting storage devices. In some embodiments, the device may include a non-volatile memory (NVM) and a secure access control module. The secure access control module may include a command processor module configured to receive a request to enable access controls of the NVM from a user, and to enable the access controls. The secure access control module may also include a verification module configured to verify a physical presence of the user. The secure access control module may further include an encryption module to encrypt at least a portion of the NVM in response to an indication of success from the verification module.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • The present application is a continuation of U.S. patent application Ser. No. 14/543,935 filed Nov. 18, 2014, the entire disclosure of which is incorporated herein by reference.
    • FIELD
  • The present disclosure relates to self-encrypting storage devices, and more particularly, to self-encrypting storage devices with secure control of access control enablement and activation.
    • BACKGROUND
  • Storage drives, for example solid state drives (SSDs) or hard disk drives (HDDs), are often configured to provide security features including self-encryption and access control. These security features are designed to prevent a data breach in the event of physical loss or theft of the storage drive or the device containing the drive.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Features and advantages of embodiments of the claimed subject matter will become apparent as the following Detailed Description proceeds, and upon reference to the Drawings, wherein like numerals depict like parts, and in which:
  • FIG. 1 illustrates a top level system diagram of an example embodiment consistent with the present disclosure;
  • FIG. 2 illustrates a block diagram of one example embodiment consistent with the present disclosure;
  • FIG. 3 illustrates a flowchart of operations of one example embodiment consistent with the present disclosure;
  • FIG. 4 illustrates a flowchart of operations of another example embodiment consistent with the present disclosure; and
  • FIG. 5 illustrates a system diagram of a platform of another example embodiment consistent with the present disclosure.
    •
  • Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.
    • DETAILED DESCRIPTION
  • Security features provided by storage devices may typically be enabled or disabled by the manufacturer in a fixed manner. It would generally be desirable, however, to provide a capability that allows the end user to enable or disable these types of security features, for example through a software configurable device setting, without compromising the integrity of the drive. This would avoid the requirement for a user to purchase different devices depending on their security needs and simplify the logistics for manufacturers and suppliers who would otherwise need to manage separate product lines. Providing a user enable/disable capability, however, may present a security threat since a malicious attacker could potentially enable the security feature remotely and take ownership of the drive by setting new access control authentication credentials. This would lock out the legitimate user, who may not even be aware that security is enabled on the drive.
  • Generally, this disclosure provides systems, devices, methods and computer readable media for secure control of access control enablement and activation on self-encrypting storage devices. In one embodiment, the storage device may include a non-volatile memory (NVM) and a secure access control module. The secure access control module may be configured to process commands received from a user or host system including a request to enable access controls of the NVM. The secure access control module may further be configured to verify a physical presence of the user. Physical presence of the user may be verified by requiring the user to provide the Physical Security Identifier (PSID) associated with the storage device, which can generally be obtained in a limited manner, such as, for example, by reading a physical label on the storage device. The secure access control module may further be configured to allow the user to activate and provision access controls if the physical presence verification is successful and after a revert operation is performed.
  • The secure access control module may further include an encryption module configured to encrypt at least a portion of the NVM when access controls have been activated. The NVM may include or otherwise be configured as a Solid State Drive (SSD) or magnetic disk in a Hard Disk Drives (HDD). Any suitable method of encryption may be used including, for example, the Advanced Encryption Standard (AES), the Data Encryption Standard (DES) and the International Data Encryption Algorithm (IDEA). In some embodiments, the enablement of access controls may be considered an initialization or set-up activity of the storage device, to be performed by the user/owner of the storage device during an initial phase of deployment.
  • As used herein, the terms “enablement,” “activation,” and “provisioning,” with respect to access controls, are defined as follows. Regarding “enablement,” the access control capabilities of the device may be supported (embedded in hardware or software of the device, by the manufacturer) but remain in a disabled or hidden state until enablement is performed. After a successful enablement, activation may be performed to turn on the access controls so that portions of the NVM are encrypted or otherwise locked for security. Activation may also be accompanied by provisioning which is an operation to configure the access controls (e.g., provide additional authentication credentials for administrators and/or users and specify regions of the NVM for encryption, etc.).
  • FIG. 1 illustrates a top level system diagram 100 of one example embodiment consistent with the present disclosure. A host system 104 is shown coupled to a self-encrypting storage device with secure control capability 110. The secure control capability of the storage device will be described in greater detail below. In some embodiments, the host system 104 may be, for example, a desktop computer, workstation, laptop computer, convertible tablet, notebook, smart phone, smart tablet, personal digital assistant (PDA) or mobile Internet device (MID).
  • The host system 104 may be coupled to the storage device 110 through interface modules 108 a, 108 b and storage bus 130, which may be configured as a Serial Advanced Technology Attachment (SATA) interface, a Serial Attached Small Computer System (SAS) Interface or a Peripheral Component Interconnect Express (PCIe) interface, a Universal Flash Storage (UFS) interface, an embedded Multimedia Controller interface (eMMC) or any other suitable type of interface. The SATA and SAS interfaces may comply with ANSI standards managed by T13 (www.t13.org) and T10 (www.t10.org) technical committees. The PCIe interface may comply with the PCISIG standard (www.pcisig.com). The UFS and eMMC may comply with the JEDEC standards (www.jedec.org). The storage device 110 described in this disclosure may be configured as a solid state drive (SSD). In some embodiments, the storage device 110 may include hard disk drive (HDD).
  • An intended or legitimate user 102 may access the storage device 110 through the host system 104 and interface 108 and bus 130. Similarly, a remote attacker or malicious user 106 may attempt to access the storage device 110 and attempt to enable access controls (and self-encryption of the device) to the detriment of the intended user 102. The secure control capability of the storage device 110 may be configured, however, to defeat such attempts, as will be described below.
  • FIG. 2 illustrates a block diagram 200 of one example embodiment consistent with the present disclosure. The storage device 110 is shown to include a secure access control module 204, a storage device side interface module 108 b and an NVM 220.
  • The storage device 110 and/or the secure access control module 204 may be configured to implement, comply with, or otherwise be compatible with the Opal Storage Specification: “TCG Storage Security Subsystem Class: Opal,” Specification Version 1.00, Feb. 4, 2010 of the Trusted Computing Group (TCG), including current, previous and future versions of that specification. The storage device 110 may also be referred to as a “Trusted Peripheral” in Opal terminology. Although operations will be described here in the context of Opal, it will be appreciated that these techniques may be applied to other similarly purposed storage device security systems.
  • The secure access control module 204 is shown to include a command processor module 212, a verification module 214, an encryption module 216, a random number generator 218 and storage for a Security Identifier (SID) 206, PSID 208 and a Manufacturer Security Identifier (MSID) 210.
  • The command processor module 212 may be configured to receive requests from a user or host system including a request to enable or disable the secure access control features of the NVM 220. Any required encryption or decryption of one or more portions (e.g., address ranges) of the NVM 220 may be performed by encryption module 216 as appropriate. The command processor module 212 may also be configured to receive the associated verification credentials (SID, PSID, etc.) that may be required from the user for these operations. Verification module 214 may be configured to perform the verification operations, as will be described below, to verify the credentials and physical presence of the user.
  • In some embodiments, a software application is provided by the manufacturer or an independent software vendor to send the appropriate configuration commands as specified in the TCG Opal spec to the storage device. In an embodiment, the software application issues a sequence of commands, called methods in the TCG specifications, to perform configuration and provisioning operations. Prior to initiating a session, the software application invokes the Level 0 discovery command and Properties method to determine the capabilities of the secure access control module 204 (e.g., the OPAL security subsystem).
  • The StartSession method is used by the software application to initiate a communications session between the host system 104 and the storage device 110. This method can also pass a credential, such as the PSID or SID, to the storage device for authentication. The storage device is configured to authenticate the credential and responds with success if the credential is successfully authenticated.
  • After successful authentication of the SID credential and initiation of a session, the software application invokes the Activate method, which is used to activate the locking and encryption management functionality supplied by the Opal subsystem in the storage device. The session is then ended by the software application.
  • Once locking and encryption management have been activated, the software application invokes StartSession to initiate a new session and authenticate an Admins credential, in order to satisfy access control requirements necessary to perform configuration and provisioning operations, such as setting User passwords and access controls.
  • The software application invokes the Get method in a session, in order to retrieve metadata from tables in the subsystem, which are data structures employed to store configurations and metadata. The software application invokes the Set method in a session to configure Users and Admins passwords, and configure the device to lock when the device power cycles.
  • The MSID 210 is an identifier, for example an alphanumeric value, which is used as a default credential for the storage device. The MSID 210 is encoded or otherwise stored in a reserved location in non-volatile memory that is outside of the region of encrypted data of the non-volatile memory of the storage device 110. The MSID is accessed by a user/host system through the interface 108 through an appropriate set of commands Generally, the MSID, once set by the manufacturer, cannot be changed by the user.
  • The SID 206 is a security identifier, for example an alphanumeric value, or credential that is associated with the owner or legitimate user of the storage device 110. The SID 206 is typically initialized by the manufacturer to a default value that is set to the MSID 210 and can subsequently be changed by the user to enforce access controls on the device 110. The SID 206 can also be stored in a non-volatile memory of the storage device, for example, outside of the region of encrypted data.
  • The PSID 208 is a physical security identifier, for example an alphanumeric value, or credential that is associated with and unique to the storage device 110. In an embodiment, the PSID 208 can be generated by the manufacturer and stored in a non-volatile memory of the storage device that is inaccessible through the interface 108.
  • In other words, the PSID 208 cannot be read or otherwise discovered by any entity external to the device 110 through any electronic method. The PSID 208 can, however, be printed on a label attached to the device 110, or otherwise made available, for example through some visual method, to a user located in physical proximity to the device 110. In some embodiments, the PSID is printed or otherwise visually accessible on the housing of the storage device 110 or on a housing of a system within which storage device 100 is incorporated. A remote attacker 106 can therefore be prevented from obtaining the PSID 208. The PSID is thus used to verify a physical presence of the device owner or legitimate user 102, for example prior to enablement of the self-encryption feature.
  • It will be appreciated that the term “physical presence” does not necessarily require that the intended or legitimate user 102 need always be locally present in the proximity of the storage device 110. For example, physical presence may indicate a one-time presence by the user 102 to visually obtain the PSID which may later be used during a verification process from a remote location.
  • FIG. 3 illustrates a flowchart of operations 300 of another example embodiment consistent with the present disclosure. The operations provide a method for secure enablement and activation of access controls on a self-encrypting storage device. At operation 310, a request is received to enable self-encryption (e.g., as implemented through Opal). At operation 320, Opal is enabled for the device and a random number or string (generated for example by random number generator 218) is assigned to the SID for the device, which will no longer be the same as the MSID. This may prevent any further attempts to alter access control settings until the current operation is successfully completed (e.g., by the intended user 102). The random number generator 218 may implement a non-deterministic random number generation algorithm to reduce the probability that a remote attacker might predict the random number value.
  • At operation 330, a request is received for a revert operation, via the TCG Opal Revert method. The requester's physical presence is verified at operation 340, by supplying a valid PSID associated with the device, via a TCG method such as StartSession or Authenticate. Because access to the PSID is limited to visual observation of some portion of the device, such as a printed label as described previously, knowledge of the PSID may be used to verify the physical presence of the requester. If the verification fails, then at operation 350 the Revert method invocation will subsequently be denied and the SID remains set to the random value. In some embodiments, an alert may be generated to log the event and/or notify the legitimate user (e.g., intended user 102) of a failed attempt to enable access controls (Opal).
  • If the verification succeeds, however, then at operation 360 the revert operation is performed. At operation 370, as part of the revert, the SID is reset back to the MSID associated with the device and Opal is left in an enabled state. At this point the user may optionally, activate and provision Opal, at operation 380, for example through the Activate method executed by the software application.
  • FIG. 4 illustrates a flowchart of operations 400 of another example embodiment consistent with the present disclosure. The operations provide a method for secure control of access control enablement and activation on a self-encrypting storage device. At operation 410, a request is received to enable access controls of the storage device. The request is received from a user of a host system of the storage device, for example through a software application that requests the storage device to enable OPAL security by sending an appropriate sequence of commands. The StartSession method is used to initiate a communications session and authenticate the SID credential. The Activate method is used to activate the locking functionality provided by the Opal subsystem implemented in the storage device. At operation 420, access controls (e.g., OPAL security) are enabled in response to the request. At operation 430, the physical presence of the user is verified, for example by supplying a valid PSID associated with the device as printed on the storage device label. The software application may be configured to prompt the user to enter the PSID. The user may then enter the PSID through the software application. The software application may send the PSID to the storage device, for example by using the StartSession method or using the Authenticate method in a session that has already been initiated. The storage device verifies the submitted PSID and responds with the verification result. Because access to the PSID is limited to visual observation of some portion of the device, such as a printed label as described previously, knowledge of the PSID may be used to verify the physical presence of the requester. At operation 440, if the physical presence verification succeeds, the software application invokes the “Revert” command which resets the SID to MSID and activation of self-encryption of the storage device is then possible, via execution of the Activate method. If the physical presence verification fails, access controls (e.g., OPAL security) may remain in their existing state and the SID remains set to the random value.
  • FIG. 5 illustrates a system diagram 500 of one example embodiment consistent with the present disclosure. The system 500 may be a mobile platform 510 or computing device such as, for example, a smart phone, smart tablet, personal digital assistant (PDA), mobile Internet device (MID), convertible tablet, notebook or laptop computer, or any other suitable device. It will be appreciated, however, that embodiments of the system described herein are not limited to mobile platforms, and in some embodiments, the system 500 may be a workstation or desktop computer. The device may generally present various interfaces to a user via a display element 560 such as, for example, a touch screen, liquid crystal display (LCD) or any other suitable display type.
  • The system 500 is shown to include a host system 104 that may further include any number of processors 520 and memory modules 530. In some embodiments, the processors 520 may be implemented as any number of processor cores. The processor (or processor cores) may be any type of processor, such as, for example, a micro-processor, an embedded processor, a digital signal processor (DSP), a graphics processor (GPU), a network processor, a field programmable gate array or other device configured to execute code. The processors may be multithreaded cores in that they may include more than one hardware thread context (or “logical processor”) per core. The memory 530 may be coupled to the processors. The memory 530 may be any of a wide variety of memories (including various layers of memory hierarchy and/or memory caches) as are known or otherwise available to those of skill in the art. It will be appreciated that the processors and memory may be configured to store, host and/or execute one or more user applications or other software modules. These applications may include, but not be limited to, for example, any type of computation, communication, data management, data storage and/or user interface task. In some embodiments, these applications may employ or interact with any other components of the mobile platform 510.
  • System 500 is also shown to include network interface module 540 which may include wireless communication capabilities, such as, for example, cellular communications, Wireless Fidelity (WiFi), Bluetooth®, and/or Near Field Communication (NFC). The wireless communications may conform to or otherwise be compatible with any existing or yet to be developed communication standards including past, current and future version of Bluetooth®, Wi-Fi and mobile phone communication standards.
  • System 500 is also shown to include an input/output (IO) system or controller 550 which may be configured to enable or manage data communication between processor 520 and other elements of system 500 or other elements (not shown) external to system 500.
  • System 500 is also shown to include a self-encrypting storage device with secure control 110, as described previously. Storage device 110 may further include a secure access control module (e.g., Opal) and an NVM as illustrated in FIG. 2. Interface modules 108 a, 108 b may also be provided to couple the storage device 110 to the host system 104 over a storage bus.
  • It will be appreciated that in some embodiments, the various components of the system 500 may be combined in a system-on-a-chip (SoC) architecture. In some embodiments, the components may be hardware components, firmware components, software components or any suitable combination of hardware, firmware or software.
  • Embodiments of the methods described herein may be implemented in a system that includes one or more storage mediums having stored thereon, individually or in combination, instructions that when executed by one or more processors perform the methods. Here, the processor may include, for example, a system CPU (e.g., core processor) and/or programmable circuitry. Thus, it is intended that operations according to the methods described herein may be distributed across a plurality of physical devices, such as, for example, processing structures at several different physical locations. Also, it is intended that the method operations may be performed individually or in a subcombination, as would be understood by one skilled in the art. Thus, not all of the operations of each of the flow charts need to be performed, and the present disclosure expressly intends that all subcombinations of such operations are enabled as would be understood by one of ordinary skill in the art.
  • The storage medium may include any type of tangible medium, for example, any type of disk including floppy disks, optical disks, compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), digital versatile disks (DVDs) and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic and static RAMs, erasable programmable read-only memories (EPROMs), electrically erasable programmable read-only memories (EEPROMs), flash memories, magnetic or optical cards, or any type of media suitable for storing electronic instructions.
  • “Circuitry”, as used in any embodiment herein, may include, for example, singly or in any combination, hardwired circuitry, programmable circuitry, state machine circuitry, and/or firmware that stores instructions executed by programmable circuitry. An application or “app” may be embodied as code or instructions which may be executed on programmable circuitry such as a host processor or other programmable circuitry. A module, as used in any embodiment herein, may be embodied as circuitry. The circuitry may be embodied as an integrated circuit, such as an integrated circuit chip.
  • Thus, the present disclosure provides systems, devices, methods and computer readable media for secure control of access control enablement and activation on self-encrypting storage devices. The following examples pertain to further embodiments.
  • According to Example 1 there is provided a storage device. The device may include a non-volatile memory (NVM) and a secure access control module. The secure access control module of this example may include a command processor module to receive a request to enable access controls of the NVM, from a user, and to enable the access controls; a verification module to verify a physical presence of the user; and an encryption module to allow encryption of at least a portion of the NVM in response to an indication of success from the verification module.
  • Example 2 may include the subject matter of Example 1, and the secure access control module implements Opal Storage Specification access controls.
  • Example 3 may include the subject matter of Examples 1 and 2, further including a random number generator to generate a random number and update a Security Identifier (SID) associated with the access controls to the random number.
  • Example 4 may include the subject matter of Examples 1-3, and the verification of the physical presence of the user is based on receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • Example 5 may include the subject matter of Examples 1-4, and the PSID is displayed on a housing of the storage device.
  • Example 6 may include the subject matter of Examples 1-5, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 7 may include the subject matter of Examples 1-6, and the secure access control module is further to perform a revert operation of the storage device, if the verification of the physical presence is successful.
  • Example 8 may include the subject matter of Examples 1-7, and the revert operation restores the SID to a Manufacturer Security Identifier (MSID).
  • Example 9 may include the subject matter of Examples 1-8, and the secure access control module is further to allow configuration of the access controls of the NVM if the verification of the physical presence is successful.
  • Example 10 may include the subject matter of Examples 1-9, and the NVM is a solid state drive (SSD).
  • Example 11 may include the subject matter of Examples 1-10, and the secure access control module is further to communicate with a host system through an interface module and a storage bus, the interface module to implement one of a Serial Advanced Technology Attachment (SATA) interface, a Serial Attached Small Computer System (SAS) Interface, a Peripheral Component Interconnect Express (PCIe) interface, a Universal Flash Storage (UFS) interface and/or an embedded Multimedia Controller interface (eMMC).
  • According to Example 12 there is provided a method for secure control of a storage device. The method may include receiving a request, from a user, to enable access controls of an NVM; enabling the access controls in response to the request; verifying a physical presence of the user; and allowing activation of self-encryption of the NVM in response to success of the verifying.
  • Example 13 may include the subject matter of Example 12, and the storage device implements Opal Storage Specification access controls.
  • Example 14 may include the subject matter of Examples 12 and 13, and the enabling of the access controls further includes generating a random number and updating a Security Identifier (SID) associated with the access controls to the random number.
  • Example 15 may include the subject matter of Examples 12-14, and the verifying of the physical presence of the user further includes receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • Example 16 may include the subject matter of Examples 12-15, and the PSID is displayed on a housing of the storage device.
  • Example 17 may include the subject matter of Examples 12-16, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 18 may include the subject matter of Examples 12-17, further including performing a revert operation of the storage device, in response to success of the verifying.
  • Example 19 may include the subject matter of Examples 12-18, and the revert operation further includes restoring the SID to a Manufacturer Security Identifier (MSID).
  • Example 20 may include the subject matter of Examples 12-19, further including allowing configuration of the access controls of the NVM in response to success of the verifying.
  • According to Example 21 there is provided a mobile platform. The mobile platform may include a processor; a display element coupled to the processor; and an SSD storage device coupled to the processor. The SSD of this example may include a non-volatile memory (NVM) and a secure access control module. The secure access control module of this example may include a command processor module to enable access controls of the NVM in response to a request from the processor; a verification module to verify a physical presence of a user; and an encryption module to allow encryption of at least a portion of the NVM in response to an indication of success from the verification module.
  • Example 22 may include the subject matter of Example 21, and the secure access control module implements Opal Storage Specification access controls.
  • Example 23 may include the subject matter of Examples 21-22, and the verification of the physical presence of the user is based on receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • Example 24 may include the subject matter of Examples 21-23, and the PSID is displayed on a housing of the storage device.
  • Example 25 may include the subject matter of Examples 21-24, and the secure access control module is further to perform a revert operation of the storage device, if the verification of the physical presence is successful.
  • Example 26 may include the subject matter of Examples 21-25, and the revert operation restores the SID to a Manufacturer Security Identifier (MSID).
  • Example 27 may include the subject matter of Examples 21-26, and the secure access control module is further to allow configuration of the access controls of the NVM if the verification of the physical presence is successful.
  • Example 28 may include the subject matter of Examples 21-27, and the secure access control module is further to communicate with a host system through an interface module and a storage bus, the interface module to implement one of a Serial Advanced Technology Attachment (SATA) interface, a Serial Attached Small Computer System (SAS) Interface, a Peripheral Component Interconnect Express (PCIe) interface, a Universal Flash Storage (UFS) interface and/or an embedded Multimedia Controller interface (eMMC).
  • Example 29 may include the subject matter of Examples 21-28, and the mobile platform is a smart phone, smart tablet, notebook or laptop computer.
  • According to Example 30 there is provided at least one computer-readable storage medium having instructions stored thereon which when executed by a processor result in the following operations for secure control of a storage device. The operations may include receiving a request, from a user, to enable access controls of an NVM; enabling the access controls in response to the request; verifying a physical presence of the user; and allowing activation of self-encryption of the NVM in response to success of the verifying.
  • Example 31 may include the subject matter of Example 30, and the storage device implements Opal Storage Specification access controls.
  • Example 32 may include the subject matter of Examples 30 and 31, and the enabling of the access controls further includes the operations of generating a random number and updating a Security Identifier (SID) associated with the access controls to the random number.
  • Example 33 may include the subject matter of Examples 30-32, and the verifying of the physical presence of the user further includes the operation of receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • Example 34 may include the subject matter of Examples 30-33, and the PSID is displayed on a housing of the storage device.
  • Example 35 may include the subject matter of Examples 30-34, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 36 may include the subject matter of Examples 30-35, further including the operation of performing a revert operation of the storage device, in response to success of the verifying.
  • Example 37 may include the subject matter of Examples 30-36, and the revert operation further includes the operation of restoring the SID to a Manufacturer Security Identifier (MSID).
  • Example 38 may include the subject matter of Examples 30-37, further including allowing configuration of the access controls of the NVM in response to success of the verifying.
  • According to Example 39 there is provided a system for secure control of a storage device. The system may include means for receiving a request, from a user, to enable access controls of an NVM; means for enabling the access controls in response to the request; means for verifying a physical presence of the user; and means for allowing activation of self-encryption of the NVM in response to success of the verifying.
  • Example 40 may include the subject matter of Example 39, and the storage device implements Opal Storage Specification access controls.
  • Example 41 may include the subject matter of Examples 39 and 40, and the enabling of the access controls further includes means for generating a random number and updating a Security Identifier (SID) associated with the access controls to the random number.
  • Example 42 may include the subject matter of Examples 39-41, and the verifying of the physical presence of the user further includes means for receiving a Physical Security Identifier (PSID) from the user, the PSID associated with the storage device.
  • Example 43 may include the subject matter of Examples 39-42, and the PSID is displayed on a housing of the storage device.
  • Example 44 may include the subject matter of Examples 39-43, and the PSID is provided in a visually observable manner in association with the storage device.
  • Example 45 may include the subject matter of Examples 39-44, further including means for performing a revert operation of the storage device, in response to success of the verifying.
  • Example 46 may include the subject matter of Examples 39-45, and the revert operation further includes means for restoring the SID to a Manufacturer Security Identifier (MSID).
  • Example 47 may include the subject matter of Examples 39-46, further including means for allowing configuration of the access controls of the NVM in response to success of the verifying.
  • The terms and expressions which have been employed herein are used as terms of description and not of limitation, and there is no intention, in the use of such terms and expressions, of excluding any equivalents of the features shown and described (or portions thereof), and it is recognized that various modifications are possible within the scope of the claims. Accordingly, the claims are intended to cover all such equivalents. Various features, aspects, and embodiments have been described herein. The features, aspects, and embodiments are susceptible to combination with one another as well as to variation and modification, as will be understood by those having skill in the art. The present disclosure should, therefore, be considered to encompass such combinations, variations, and modifications.

Claims (21)

What is claimed:
1-27. (canceled)
28. A storage device comprising:
a non-volatile memory (NVM); and
secure access control circuitry to:
store a Security Identifier (SID) having a first SID value;
receive a request to enable access controls of the NVM;
responsive to the received request to enable the access controls, set the SID to a second SID value;
receive a request to revert the SID to the first SID value;
responsive to the received request to revert the SID to the first SID value, verify a physical presence of a user using a Physical Security Identifier (PSID);
responsive to a successful verification of the physical presence of the user:
set the SID to the first SID value; and
enable the access controls of the NVM; and
responsive to an unsuccessful verification of the physical presence of the user, deny the received request to revert the SID to the first SID value, wherein the SID remains the second SID value.
29. The storage device of claim 28, wherein the secure access control module implements Opal Storage Specification access controls.
30. The storage device of claim 28, wherein the second SID value is a randomly generated value.
31. The storage device of claim 30, further comprising a random number generator to generate the randomly generated value.
32. The storage device of claim 28, wherein the PSID is associated with the storage device.
33. The storage device of claim 32, wherein the PSID is displayed on a housing of the storage device.
34. The storage device of claim 28, wherein the access controls of the NVM enable encryption of at least part of the NVM.
35. The storage device of claim 28, wherein the NVM is a solid state drive (SSD).
36. The storage device of claim 28, wherein:
the secure access control circuitry is further to store a Manufacturer Security Identifier (MSID) having a MSID value; and
the first SID value is the MSID value.
37. The storage device of claim 28, wherein the secure access control circuitry communicates with a host system via interface circuitry and a storage bus, the interface circuitry to implement one of:
a Serial Advanced Technology Attachment (SATA) interface;
a Serial Attached Small Computer System (SAS) Interface;
a Peripheral Component Interconnect Express (PCIe) interface;
a Universal Flash Storage (UFS) interface; or
an embedded Multimedia Controller interface (eMMC).
38. A method for secure control of a storage device, the method comprising:
receiving a request to enable access controls of a non-volatile memory (NVM) of the storage device;
responsive to the received request to enable access controls of the NVM, setting a Security Identifier (SID) to a first SID value;
receiving a request to revert the SID to a second SID value;
responsive to the received request to revert the SID to the second SID value, verifying a physical presence of a user using a Physical Security Identifier (PSID);
responsive to the verification of the physical presence of the user being successful:
setting the SID to the second SID value; and
enabling the access controls of the NVM; and
responsive to the verification of the physical presence of the user not being successful, denying the received request to revert the SID to the second SID value, wherein the SID remains the first SID value.
39. The method of claim 38, wherein the storage device implements Opal Storage Specification access controls.
40. The method of claim 38, further comprising generating, via a random number generator, a randomly generated value, wherein the first SID value is the randomly generated value.
41. The method of claim 38, wherein the PSID is displayed on a housing of the storage device.
42. The method of claim 38, wherein the access controls of the NVM enable encryption of at least part of the NVM.
43. A mobile platform, comprising:
a processor;
a display element coupled to the processor; and
a solid state drive (SSD) storage device coupled to the processor, the SSD comprising:
a non-volatile memory (NVM); and
secure access control circuitry to:
store a Security Identifier (SID) having a first SID value;
receive a request to enable access controls of the NVM;
responsive to the received request to enable the access controls, set the SID to a second SID value;
receive a request to revert the SID to the first SID value;
responsive to the received request to revert the SID to the first SID value, verify a physical presence of a user using a Physical Security Identifier (PSID);
responsive to the verification of the physical presence of the user being successful:
set the SID to the first SID value; and
enable the access controls of the NVM; and
responsive to the verification of the physical presence of the user not being successful, deny the received request to revert the SID to the first SID value, wherein the SID remains the second SID value.
44. The mobile platform of claim 43, wherein the secure access control circuitry implements Opal Storage Specification access controls.
45. The mobile platform of claim 43, further comprising a random number generator to generate a randomly generated value, wherein the second SID value is the randomly generated value.
46. The mobile platform of claim 43, wherein the access controls of the NVM enable encryption of at least part of the NVM.
47. The mobile platform of claim 43, wherein the secure access control circuitry communicates with the processor via interface circuitry and a storage bus, the interface circuitry to implement one of:
a Serial Advanced Technology Attachment (SATA) interface;
a Serial Attached Small Computer System (SAS) Interface;
a Peripheral Component Interconnect Express (PCIe) interface;
a Universal Flash Storage (UFS) interface; or
an embedded Multimedia Controller interface (eMMC).
US15/482,226 2014-11-18 2017-04-07 Secure control of self-encrypting storage devices Abandoned US20170277916A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/482,226 US20170277916A1 (en) 2014-11-18 2017-04-07 Secure control of self-encrypting storage devices

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/543,935 US9626531B2 (en) 2014-11-18 2014-11-18 Secure control of self-encrypting storage devices
US15/482,226 US20170277916A1 (en) 2014-11-18 2017-04-07 Secure control of self-encrypting storage devices

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US14/543,935 Continuation US9626531B2 (en) 2014-11-18 2014-11-18 Secure control of self-encrypting storage devices

Publications (1)

Publication Number Publication Date
US20170277916A1 true US20170277916A1 (en) 2017-09-28

Family

ID=55961971

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/543,935 Active 2035-01-30 US9626531B2 (en) 2014-11-18 2014-11-18 Secure control of self-encrypting storage devices
US15/482,226 Abandoned US20170277916A1 (en) 2014-11-18 2017-04-07 Secure control of self-encrypting storage devices

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US14/543,935 Active 2035-01-30 US9626531B2 (en) 2014-11-18 2014-11-18 Secure control of self-encrypting storage devices

Country Status (4)

Country Link
US (2) US9626531B2 (en)
KR (2) KR102419976B1 (en)
TW (1) TWI596503B (en)
WO (1) WO2016081122A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10608819B1 (en) 2019-09-24 2020-03-31 Apricorn Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption key(s) via side channel
US10656854B1 (en) 2019-10-22 2020-05-19 Apricorn Method and portable storage device with internal controller that can self-verify the device and self-convert the device from current mode to renewed mode without communicating with host
US11222144B2 (en) 2018-08-21 2022-01-11 Toshiba Memory Corporation Self-encrypting storage device and protection method
US11650873B2 (en) 2020-06-05 2023-05-16 Samsung Electronics Co., Ltd. Memory controller, method of operating the memory controller, and storage device including memory controller
EP4365765A1 (en) * 2022-11-02 2024-05-08 Kioxia Corporation Memory system

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201715431A (en) * 2015-10-29 2017-05-01 宇瞻科技股份有限公司 Hard drive management system and method thereof with network authentication function
EP3330878B1 (en) * 2016-12-05 2019-03-13 Samsung SDI Co., Ltd. Control unit for a battery system with security identifier
TWI620119B (en) * 2017-02-21 2018-04-01 群聯電子股份有限公司 Random data generation circuit, memory storage device and random data generation method
JP2019133345A (en) 2018-01-30 2019-08-08 東芝メモリ株式会社 Data accumulating device, data processing system and data processing method
KR102653018B1 (en) * 2019-01-16 2024-03-29 삼성전자주식회사 Security processor performing remainder calculation using random number and operating method using the same
TWI728635B (en) * 2020-01-02 2021-05-21 系微股份有限公司 Storage device information management method compatible with different storage specifications

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5375243A (en) * 1991-10-07 1994-12-20 Compaq Computer Corporation Hard disk password security system
US7690030B1 (en) * 2000-01-06 2010-03-30 Super Talent Electronics, Inc. Electronic data flash card with fingerprint verification capability
US7036020B2 (en) * 2001-07-25 2006-04-25 Antique Books, Inc Methods and systems for promoting security in a computer system employing attached storage devices
JP2004030102A (en) 2002-06-25 2004-01-29 Sony Corp Information storage device, system and method for memory access control, and computer program
US8745409B2 (en) * 2002-12-18 2014-06-03 Sandisk Il Ltd. System and method for securing portable data
US7783281B1 (en) * 2004-04-22 2010-08-24 Sprint Spectrum L.P. Method and system for securing a mobile device
US20070180210A1 (en) * 2006-01-31 2007-08-02 Seagate Technology Llc Storage device for providing flexible protected access for security applications
US8028166B2 (en) * 2006-04-25 2011-09-27 Seagate Technology Llc Versatile secure and non-secure messaging
IL187039A0 (en) 2007-10-30 2008-02-09 Sandisk Il Ltd Secure overlay manager protection
WO2009073969A1 (en) * 2007-12-13 2009-06-18 Certicom Corp. System and method for controlling features on a device
US8556991B2 (en) * 2008-08-08 2013-10-15 Absolute Software Corporation Approaches for ensuring data security
US20100037319A1 (en) * 2008-08-08 2010-02-11 Microsoft Corporation Two stage access control for intelligent storage device
JP4762292B2 (en) * 2008-10-29 2011-08-31 東芝ストレージデバイス株式会社 Storage apparatus, storage system, and unlock processing method
US8688940B2 (en) * 2008-12-18 2014-04-01 Sandisk Technologies Inc. Method for using a CAPTCHA challenge to protect a removable mobile flash memory storage device
US20100185843A1 (en) * 2009-01-20 2010-07-22 Microsoft Corporation Hardware encrypting storage device with physically separable key storage device
US8286004B2 (en) * 2009-10-09 2012-10-09 Lsi Corporation Saving encryption keys in one-time programmable memory
US20110093958A1 (en) * 2009-10-21 2011-04-21 Gilles Bruno Marie Devictor Secure Data Storage Apparatus and Method
US20110150266A1 (en) 2009-12-22 2011-06-23 Dirk Hohndel Automated security control using encoded security information
US8442235B2 (en) * 2010-04-14 2013-05-14 Microsoft Corporation Extensible management of self-encrypting storage devices
US8566603B2 (en) * 2010-06-14 2013-10-22 Seagate Technology Llc Managing security operating modes
US9202059B2 (en) * 2011-03-01 2015-12-01 Apurva M. Bhansali Methods, systems, and apparatuses for managing a hard drive security system
JP6049716B2 (en) * 2011-07-27 2016-12-21 シーゲイト テクノロジー エルエルシーSeagate Technology LLC Technology for secure storage hijacking protection
US8856553B2 (en) * 2011-09-12 2014-10-07 Microsoft Corporation Managing self-encrypting drives in decentralized environments
WO2013095565A1 (en) * 2011-12-22 2013-06-27 Intel Corporation Systems and methods for providing anti-malware protection on storage devices
KR101959738B1 (en) 2012-05-24 2019-03-19 삼성전자 주식회사 Apparatus for generating secure key using device ID and user authentication information

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11222144B2 (en) 2018-08-21 2022-01-11 Toshiba Memory Corporation Self-encrypting storage device and protection method
US10608819B1 (en) 2019-09-24 2020-03-31 Apricorn Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption key(s) via side channel
US11310048B2 (en) 2019-09-24 2022-04-19 Apricorn Portable storage device with internal secure controller that performs self-verification and self-generates encryption key(s) without using host or memory controller and that securely sends encryption keys(s) via side channel
US10656854B1 (en) 2019-10-22 2020-05-19 Apricorn Method and portable storage device with internal controller that can self-verify the device and self-convert the device from current mode to renewed mode without communicating with host
US11650873B2 (en) 2020-06-05 2023-05-16 Samsung Electronics Co., Ltd. Memory controller, method of operating the memory controller, and storage device including memory controller
EP4365765A1 (en) * 2022-11-02 2024-05-08 Kioxia Corporation Memory system

Also Published As

Publication number Publication date
US9626531B2 (en) 2017-04-18
KR102419976B1 (en) 2022-07-13
KR20170085489A (en) 2017-07-24
TW201633208A (en) 2016-09-16
WO2016081122A1 (en) 2016-05-26
US20160140364A1 (en) 2016-05-19
KR102598131B1 (en) 2023-11-02
TWI596503B (en) 2017-08-21
KR20220101017A (en) 2022-07-18

Similar Documents

Publication Publication Date Title
US9626531B2 (en) Secure control of self-encrypting storage devices
JP6096301B2 (en) Theft prevention in firmware
US9235719B2 (en) Apparatus, system, and method for providing memory access control
US9507964B2 (en) Regulating access using information regarding a host machine of a portable storage drive
US20170168851A1 (en) System and method for managing bios setting configurations
KR102403138B1 (en) Method for privileged mode based secure input mechanism
US9740867B2 (en) Securely passing user authentication data between a pre-boot authentication environment and an operating system
KR101281678B1 (en) Method and Apparatus for authorizing host in portable storage device and providing information for authorizing host, and computer readable medium thereof
US20210034733A1 (en) Runtime Device Firmware Verification Using Trust Chaining
US9147076B2 (en) System and method for establishing perpetual trust among platform domains
US20120159041A1 (en) Storage drive based antimalware methods and apparatuses
EP3198518B1 (en) Prevention of cable-swap security attack on storage devices
US10360370B2 (en) Authenticated access to manageability hardware components
US20190205560A1 (en) Remote provisioning and authenticated writes to secure storage devices
US11200065B2 (en) Boot authentication
WO2018026628A1 (en) Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor
US20230114687A1 (en) Self-deploying encrypted hard disk, deployment method thereof, self-deploying encrypted hard disk system and boot method thereof
US11757859B2 (en) Run-time attestation of a user workspace
US20130275745A1 (en) System and Method for Secure Communication
US20240073007A1 (en) Enforcing access control for embedded controller resources and interfaces
CN113454624A (en) Storage of network credentials

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION