公开(公告)号：US11381388B2

公开(公告)日：2022-07-05

申请号：US16674413

申请日：2019-11-05

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Hyunsook Hong ,  Jintaek Kwon ,  Myeongjong Lee ,  Seung-Jae Lee ,  Seokgi Hong ,  Byung-Gook Kim ,  Jisoo Kim

IPC: H04L9/08 ,  G06F12/14 ,  H04L9/32

Abstract: A storage device includes a nonvolatile memory device, and a controller that manages a data encryption key (DEK). The DEK is used to encrypt data to be written in a storage space of the nonvolatile memory device by a first user and to decrypt data read from the storage space. The controller grants a second user authority to access the storage space by encrypting the DEK based on a Diffie-Hellman (DH) algorithm, grants a second user authority to access the encrypted DEK, and decrypts the encrypted DEK based on the DH algorithm.

公开(公告)号：US20200169395A1

公开(公告)日：2020-05-28

申请号：US16674413

申请日：2019-11-05

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Hyunsook Hong ,  Jintaek Kwon ,  Myeongjong Lee ,  Seung-Jae Lee ,  Seokgi Hong ,  Byung-Gook Kim ,  Jisoo Kim

IPC: H04L9/08 ,  H04L9/32 ,  G06F12/14

Abstract: A storage device includes a nonvolatile memory device, and a controller that manages a data encryption key (DEK). The DEK is used to encrypt data to be written in a storage space of the nonvolatile memory device by a first user and to decrypt data read from the storage space. The controller grants a second user authority to access the storage space by encrypting the DEK based on a Diffie-Hellman (DH) algorithm, grants a second user authority to access the encrypted DEK, and decrypts the encrypted DEK based on the DH algorithm.

公开(公告)号：US12032492B2

公开(公告)日：2024-07-09

申请号：US17816249

申请日：2022-07-29

Applicant: SAMSUNG ELECTRONICS CO., LTD.

Inventor： Seokgi Hong ,  Mingon Shin ,  Seungjae Lee

IPC: G06F12/14 ,  H04L9/08

CPC classification number: G06F12/1408 ,  H04L9/0819 ,  G06F2212/1052

Abstract: In a method of operating a storage device including a plurality of storage regions, a first request is received. The first request is for a cryptographic erasure with respect to a first storage region. During a first time interval, a first encryption key corresponding to the first storage region is changed based on the first request. A second request is received. In response to receiving the second request within the first time interval, a region access signal is outputted. In response to determining, based on the region access signal, that the second request is associated with the first storage region, an execution of the second request is held. In response to determining, based on the region access signal, that the second request is associated with a second storage region among the plurality of storage regions, the second request is executed.