公开(公告)号：US20240160794A1

公开(公告)日：2024-05-16

申请号：US18502321

申请日：2023-11-06

Applicant: Samsung Electronics Co., Ltd.

Inventor： Yonghwan SONG ,  Jisoo KIM ,  Jimin RYU ,  Younsung CHU ,  Jaegyu LEE ,  Daejin JUNG

IPC: G06F21/79 ,  G06F21/60 ,  G06F21/64

CPC classification number: G06F21/79 ,  G06F21/602 ,  G06F21/64

Abstract: Provided are an operating method of a storage device and an operating method of a storage system including the storage device. An operating method of a storage device including a nonvolatile memory device and a storage controller includes storing, by the storage controller, a public key received from a first host, transmitting, by the storage controller, a random number to a second host in response to a host authentication start request from the second host that has obtained the public key and a private key corresponding to the public key, receiving, by the storage controller, a signature generated based on the private key and the random number from the second host, verifying, by the storage controller, the signature based on the public key, and changing, by the storage controller, a first device parameter according to a request from the second host in response to the signature being verified.

公开(公告)号：US20240111853A1

公开(公告)日：2024-04-04

申请号：US18474702

申请日：2023-09-26

Applicant: Samsung Electronics Co., Ltd.

Inventor： Younsung CHU ,  Jisoo KIM ,  Mungyu BAE ,  Sungho YOON

IPC: G06F21/33 ,  G06F21/60 ,  G06F21/64

CPC classification number: G06F21/33 ,  G06F21/602 ,  G06F21/64

Abstract: A method of updating a certificate for device identification of at least one example embodiment includes generating a device identifier comprising unique information of the device, generating a device identity (ID) certificate signing request (CSR) based on the device identifier, updating the bootloader, the updating including updating a certificate of the device based on the device ID CSR using firmware of the device in response to a request of a host device, and in response to the bootloader being changed, authenticating the updating of the bootloader based on a second certificate generated by an original equipment manufacturer (OEM) of the device in response to authentication of the bootloader failing based on a first certificate generated by a manufacturer of the device.

公开(公告)号：US20220019356A1

公开(公告)日：2022-01-20

申请号：US17358367

申请日：2021-06-25

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Hyunsook HONG ,  Jisoo KIM ,  Yongsuk LEE ,  Younsung CHU ,  Hyungsup KIM

IPC: G06F3/06

Abstract: A method of writing data to a protected region in response to a request from a host includes receiving a first write request including a first host message authentication code and a first random number from the host, verifying the first write request based on a write count, the first random number, and the first host message authentication code, updating the write count based on a result of verifying the first write request, generating a first device message authentication code based on the updated write count and the first random number, and providing the host with a first response including the first device message authentication code and a result of the verifying of the first write request.

公开(公告)号：US20240249002A1

公开(公告)日：2024-07-25

申请号：US18531059

申请日：2023-12-06

Applicant: Samsung Electronics Co., Ltd.

Inventor： Sungho YOON ,  Younsung CHU

IPC: G06F21/60

CPC classification number: G06F21/602

Abstract: A system includes a storage device, a first device, and a second device. The first device stores a first secret key and a first public key. The second device stores a first key and a second key and receives the first public key, generates a first ciphertext for an updated software image and the second key, based on the first key, and generates a second ciphertext for the first ciphertext and the second key, based on the first public key. The first device obtains the first ciphertext and the second key by decrypting the second ciphertext and provides the first ciphertext and the second key to the storage device. The storage device obtains the updated software image and the second key by decrypting the first ciphertext. The first device provisions, based on the second key, a certificate for a unique key of the storage device into the storage device.

公开(公告)号：US20240211272A1

公开(公告)日：2024-06-27

申请号：US18396430

申请日：2023-12-26

Applicant: Samsung Electronics Co., Ltd.

Inventor： Younsung CHU ,  Jisoo KIM

IPC: G06F9/4401 ,  G06F21/57

CPC classification number: G06F9/4403 ,  G06F21/575 ,  G06F2221/034

Abstract: A storage device includes a device identification module configured to generate a device identifier, a bootloader configured to generate a device identification key pair based on the device identifier and perform booting of the storage device, attester firmware configured to generate a device certificate based on the device identification key pair and report security information on the device to a host, and a measurement manager configured to perform a measurement operation for the device identification module, the bootloader, and the attester firmware, store a first measurement value of the device identification module in response to determining that the first measurement value matches first information, determine whether a second measurement value of the bootloader matches second information in response to storing the first measurement, store the second measurement value in response to determining that the second measurement value matches the second information, determine whether a third measurement value of the attester firmware matches third information in response to the second measurement value being stored, store the third measurement value in response to determining that the second measurement value matches the second information, and transmit the stored first measurement value, the stores second measurement value, and the stored third measurement value to the attester firmware.

公开(公告)号：US20240073033A1

公开(公告)日：2024-02-29

申请号：US18458070

申请日：2023-08-29

Applicant: Samsung Electronics Co., Ltd.

Inventor： Younsung CHU

IPC: H04L9/32

CPC classification number: H04L9/3265 ,  H04L9/3268

Abstract: A device may include processing circuitry configured to, generate a device identifier associated with the device, and generate a unique endorsement identity (ID) associated with the device identifier, a first layer sub-circuit configured to, receive the device identifier, and generate a first certificate and a second certificate based on the device identifier and the unique endorsement ID, the first certificate and the second certificate including information to authenticate the device, and the processing circuitry is further configured to, receive the first certificate and the second certificate, and verify whether the device has been modified based on the first certificate and the second certificate, wherein, in response to the first layer sub-circuit being modified, the first layer sub-circuit is further configured to, generate an endorsement key based on a new unique endorsement ID, and generate a certificate signing request for the new unique endorsement ID based on the endorsement key.

公开(公告)号：US20230222219A1

公开(公告)日：2023-07-13

申请号：US18056325

申请日：2022-11-17

Applicant: Samsung Electronics Co.,Ltd.

Inventor： Moonchan PARK ,  Jisoo KIM ,  Younsung CHU

IPC: G06F21/57 ,  G06F21/60 ,  G06F21/44

CPC classification number: G06F21/572 ,  G06F21/602 ,  G06F21/44 ,  G06F2221/033

Abstract: A storage system includes: a host configured to receive a software image and a first signature for the software image, the first signature being generated based on a first secret key, and generate, based on a second secret key, a second signature for the software image; and a storage device configured to receive, from the host, the software image, the first signature, the second signature, and a second public key related to the second secret key and execute the software image, based on a first verification and a second verification the first verification being performed on the first signature on the basis of a first public key related to the first secret key, and the second verification being performed on the second signature on the basis of the second public key.