公开(公告)号：US20180020011A1

公开(公告)日：2018-01-18

申请号：US15211932

申请日：2016-07-15

Applicant: SEAGATE TECHNOLOGY LLC

Inventor： Christopher Nicholas Allo

IPC: H04L29/06

CPC classification number: G06F21/78 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/1416 ,  H04L63/166 ,  H04L63/18 ,  H04W12/02

Abstract: Systems and methods for wireless enabled security in relation to a storage drive are described. In one embodiment, the systems and methods may include receiving, at a storage drive, a request from a host of the storage drive. In some cases, the request may be received via a wired connection between the storage drive and the host. In some embodiments, the systems and methods may include determining whether the request is flagged by the host as a secure connection request, processing the request upon determining the request is not flagged as a secure connection request, and establishing a wireless connection with the host upon determining the request is flagged by the host as a secure connection request

公开(公告)号：US20210264062A1

公开(公告)日：2021-08-26

申请号：US16801861

申请日：2020-02-26

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo

IPC: G06F21/78 ,  G06F21/60 ,  G06F21/33 ,  G06F8/61 ,  G06F3/06

Abstract: A distributed data storage system can connect a customization module to at least one host and a second data storage device via a network controller. The customization module may disconnect the first data storage device from the host and second data storage device prior to assessing a security operation of the first data storage device with the customization module, generating an optimization strategy with the customization module based on the assessed security operation, implementing the optimization strategy in the first data storage device to alter at least one security parameter of the first data storage device, and then connecting the first data storage device to the host and second data storage device to allow at least one data access to be executed to the first data storage device with the altered at least one security parameter.

公开(公告)号：US20210264037A1

公开(公告)日：2021-08-26

申请号：US16801830

申请日：2020-02-26

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo

IPC: G06F21/57

Abstract: A distributed data storage system can have an attestation module that is connected to the data storage device to disconnect the device from a distributed data storage network or prevent the data storage device from being initialized into the distributed data storage network. A first security evaluation of the data storage device can be conducted with the attestation module to verify an authenticity of the data storage device. The attestation module may then disconnect the network controller from the distributed data storage network and verify an authenticity of the network controller to allow the network controller and data storage device to service a data access request from a host of the distributed data storage network.

公开(公告)号：US11004467B2

公开(公告)日：2021-05-11

申请号：US16408738

申请日：2019-05-10

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo

IPC: G11B5/40 ,  G11B5/39 ,  G06F1/3234 ,  G06F21/78 ,  G11B23/28 ,  G11B5/31

Abstract: A data storage device can transition a functional data storage medium into a read only data surface. Data can be written to a data storage medium with a data writer of a transducing head prior to a security threat being identified. A write head of the transducing head is deactivated in response to the security threat by selecting a permanent deactivation mechanism.

公开(公告)号：US10678953B1

公开(公告)日：2020-06-09

申请号：US15498348

申请日：2017-04-26

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo ,  Saheb Biswas

IPC: G06F12/14 ,  G06F21/78 ,  H04L9/08 ,  G06F9/445

Abstract: A local key management system can be implemented with a unified extensible firmware interface (“UEFI”) basic input/output system (“BIOS”). The local key management system may be part of a removable data storage device that has a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The removable data storage device may also have a second secure area that stores a key to unlock a security enabled data storage device. The UEFI BIOS may be implemented to manage unlocking of security enabled data storage devices or data bands. The UEFI BIOS may also load a UEFI registration shell to manage registration of one or more security enabled drives or bands.

公开(公告)号：US20190342301A1

公开(公告)日：2019-11-07

申请号：US15969363

申请日：2018-05-02

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo

IPC: H04L29/06

Abstract: Apparatus and method for establishing trust among processing devices arranged into a trust family. In some embodiments, each processing device in a group of devices has an internal token value as a unique ID value associated with the corresponding device. The internal token values are distributed among the various devices so that each device stores the internal token value of another device as an external token value. A host controller circuit authenticates the trust family by querying the devices and receiving responses therefrom. Each response is generated by a device using the external token value stored by the device. In this way, the trust family is authenticated by matching each of the external token values to each of the devices in the group. The devices may be data storage devices such as solid state drives (SSDs) in a multi-device storage environment.

公开(公告)号：US10460110B1

公开(公告)日：2019-10-29

申请号：US15436712

申请日：2017-02-17

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo ,  Kevin Gautam Sternberg ,  Saheb Biswas

IPC: G06F21/57 ,  G06F9/4401 ,  H04L9/14 ,  G06F3/06

Abstract: Security of computers, data storage devices, and servers can be improved with a multiple key access system. In some embodiments, a local key management device can be a locally (or virtually) located data storage device such as a HDD or SDD. The key management device may be part of a computer or server system and can have a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The first secure area can store a key to access a second secure area, which may function as a local key management server (LKMS) and store access information to authenticate another data storage device coupled to the computer. For example, the LKMS may store an access key to provide the computer with access to another data storage device.