公开(公告)号：US20160285638A1

公开(公告)日：2016-09-29

申请号：US14668657

申请日：2015-03-25

Applicant: Intel Corporation

Inventor： ADRIAN R. PEARSON ,  JASON COX ,  JAMES CHU

IPC: H04L9/32 ,  H04L29/06 ,  G06F12/14

CPC classification number: H04L9/3271 ,  G06F12/1408 ,  G06F21/52 ,  G06F21/6218 ,  G06F2212/1052 ,  G06F2221/2139 ,  H04L9/3234 ,  H04L9/3257 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0853

Abstract: Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.

Abstract translation: 各种实施例针对基于盲挑战认证响应机制（BCRAM）访问自加密驱动器（SED）的系统。 SED可以在系统内进行身份验证，例如，在从休眠状态恢复时，基于在SED内生成的质询，由可信执行环境（TEE）使用私钥进行签名，并使用在该内部的相应公钥进行认证 SED。

公开(公告)号：US20160085959A1

公开(公告)日：2016-03-24

申请号：US14492168

申请日：2014-09-22

Applicant: Intel Corporation

Inventor： SANJEEV N. TRIKA ,  JASON COX ,  ANAND S. RAMALINGAM

IPC: G06F21/44 ,  G06F21/31 ,  H04L9/32

CPC classification number: G06F21/44 ,  G06F21/31 ,  G06F21/85 ,  G06F2221/2103 ,  H04L9/0894 ,  H04L9/3271

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for prevention of cable swap security attacks on storage devices. A host system may include a provisioning module configured to generate a challenge-response verification key-pair and further to provide the key-pair to the storage device to enable the challenge-response verification. The system may also include a link error detection module to detect a link error between the host system and the storage device. The system may further include a challenge-response protocol module configured to initiate, in response to the link-error detection, a verification challenge from the storage system and to provide a response to the verification challenge based on the key-pair.

Abstract translation: 通常，本公开提供用于防止对存储设备的电缆交换安全攻击的系统，设备，方法和计算机可读介质。 主机系统可以包括配置模块，配置成生成质询响应验证密钥对，并且进一步将密钥对提供给存储设备以启用挑战响应验证。 该系统还可以包括用于检测主机系统和存储设备之间的链路错误的链路错误检测模块。 所述系统还可以包括质询响应协议模块，所述询问响应协议模块被配置为响应于所述链路错误检测，发起来自所述存储系统的验证挑战并且基于所述密钥对来提供对所述验证挑战的响应。

公开(公告)号：US20160140364A1

公开(公告)日：2016-05-19

申请号：US14543935

申请日：2014-11-18

Applicant: Intel Corporation

Inventor： SHANKAR NATARAJAN ,  JASON COX ,  CHARLES B. FOSTER ,  HINESH K. SHAH

IPC: G06F21/78 ,  G06F12/14

CPC classification number: G06F21/78 ,  G06F21/604 ,  G06F21/6245 ,  G06F2212/402 ,  G06F2221/2111 ,  G11B20/0021

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for secure control of access control enablement and activation on self-encrypting storage devices. In some embodiments, the device may include a non-volatile memory (NVM) and a secure access control module. The secure access control module may include a command processor module configured to receive a request to enable access controls of the NVM from a user, and to enable the access controls. The secure access control module may also include a verification module configured to verify a physical presence of the user. The secure access control module may further include an encryption module to encrypt at least a portion of the NVM in response to an indication of success from the verification module.

Abstract translation: 通常，本公开提供了用于在自加密存储设备上的访问控制启用和激活的安全控制的系统，设备，方法和计算机可读介质。 在一些实施例中，设备可以包括非易失性存储器（NVM）和安全访问控制模块。 安全访问控制模块可以包括命令处理器模块，该命令处理器模块被配置为从用户接收启用NVM的访问控制的请求，并且允许访问控制。 安全访问控制模块还可以包括被配置为验证用户的物理存在的验证模块。 安全访问控制模块还可以包括加密模块，用于响应来自验证模块的成功指示来加密NVM的至少一部分。