公开(公告)号：US11144654B2

公开(公告)日：2021-10-12

申请号：US16296800

申请日：2019-03-08

Applicant: Seagate Technology LLC

Inventor： Saheb Biswas ,  Kevin Gautam Sternberg ,  David Michael Seesdorf ,  Timothy John Courtney

IPC: G06F21/60 ,  H04L29/06 ,  G06F16/23 ,  H04L9/32 ,  G06F21/64

Abstract: A system includes an environment-aware storage drive comprising one or more storage medium with a location-based service wherein the environment-aware storage drive generates a signal containing information about a location of the storage drive relative to a geo-fenced area and updates a ledger unit of an event happening to the storage drive based on the signal, wherein the event is related to the current environment of the storage drive. The ledger unit keeps track of a number of events and/or data received from the environment-aware storage drive. A policy unit determines an expandable set of security policies for the storage drive triggered by the event and/or data, wherein the security policies specify access restrictions to the environment-aware storage drive based on its current environment. The policy unit transmits and enforces the set of security policies on the environment-aware storage drive to prevent data from being theft from the storage drive.

公开(公告)号：US10382201B1

公开(公告)日：2019-08-13

申请号：US15214965

申请日：2016-07-20

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo ,  Saheb Biswas ,  Kevin Gautam Sternberg

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F21/80 ,  G06F9/4401

Abstract: Security of data storage devices and servers can be improved by the system and methods described herein. In some embodiments, a key management device of a server can be a locally (or virtually) located data storage device such as a HDD or SDD. The key management device may be part of a server system and can have a secure area protected by a cryptographic module (e.g. hardware integrated circuit). The secure area can store a certificate needed to authenticate another data storage device coupled to the server. A second server may authenticate the certificate and provide the access key to the another data storage device.

公开(公告)号：US10942668B2

公开(公告)日：2021-03-09

申请号：US15992072

申请日：2018-05-29

Applicant: Seagate Technology LLC

Inventor： Mohammad Mohsin Awan ,  David Michael Seesdorf ,  Kevin Gautam Sternberg ,  Saheb Biswas ,  Anthony Ramon Duran

IPC: G06F3/06 ,  G11B5/024 ,  G06F21/62 ,  G06F21/60 ,  G06F12/14 ,  G06F21/44

Abstract: Provided herein is a method that includes receiving a signal to erase content stored on a storage device. The method further includes erasing the content stored on the storage device in response to the signal to erase. The method also includes issuing a certificate of erasure, wherein the certificate is unique to the storage device.

公开(公告)号：US20210385249A1

公开(公告)日：2021-12-09

申请号：US16946088

申请日：2020-06-05

Applicant: Seagate Technology LLC

Inventor： Christopher N. Allo ,  Saheb Biswas ,  Kevin G. Sternberg

IPC: H04L29/06

Abstract: A data storage system can consist of a network controller connected to a data storage device and a remote host. An attack mitigation strategy may be generated with an attack module connected to the network controller in response to detected data storage conditions in the data storage device. The attack mitigation strategy can be executed with the attack module by sending separate first and second security queries to the data storage device over time. At least a powered move attack can then be identified based on the second security query.

公开(公告)号：US09768952B1

公开(公告)日：2017-09-19

申请号：US14862128

申请日：2015-09-22

Applicant: Seagate Technology LLC

Inventor： Christopher Allo ,  Saheb Biswas

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/80

CPC classification number: H04L9/083 ,  G06F21/575 ,  G06F21/80

Abstract: Data storage devices (“DSDs”) can be cryptographically locked, and may be unlocked with encryption keys. One or more encryption keys may be stored remotely in a key server, and may be retrieved by a removable circuit that can be coupled to a server, such as a data server, email server, file system server, other server, or other system. The removable circuit can determine which of the DSDs are locked, and may transmit a request to the key server for encryption keys corresponding to the locked DSDs. The removable circuit can unlock the locked DSDs with the encryption keys provided by the key server.

公开(公告)号：US11611589B2

公开(公告)日：2023-03-21

申请号：US16946088

申请日：2020-06-05

Applicant: Seagate Technology LLC

Inventor： Christopher N. Allo ,  Saheb Biswas ,  Kevin G. Sternberg

IPC: H04L9/40

Abstract: A data storage system can consist of a network controller connected to a data storage device and a remote host. An attack mitigation strategy may be generated with an attack module connected to the network controller in response to detected data storage conditions in the data storage device. The attack mitigation strategy can be executed with the attack module by sending separate first and second security queries to the data storage device over time. At least a powered move attack can then be identified based on the second security query.

公开(公告)号：US10678953B1

公开(公告)日：2020-06-09

申请号：US15498348

申请日：2017-04-26

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo ,  Saheb Biswas

IPC: G06F12/14 ,  G06F21/78 ,  H04L9/08 ,  G06F9/445

Abstract: A local key management system can be implemented with a unified extensible firmware interface (“UEFI”) basic input/output system (“BIOS”). The local key management system may be part of a removable data storage device that has a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The removable data storage device may also have a second secure area that stores a key to unlock a security enabled data storage device. The UEFI BIOS may be implemented to manage unlocking of security enabled data storage devices or data bands. The UEFI BIOS may also load a UEFI registration shell to manage registration of one or more security enabled drives or bands.

公开(公告)号：US10460110B1

公开(公告)日：2019-10-29

申请号：US15436712

申请日：2017-02-17

Applicant: Seagate Technology LLC

Inventor： Christopher Nicholas Allo ,  Kevin Gautam Sternberg ,  Saheb Biswas

IPC: G06F21/57 ,  G06F9/4401 ,  H04L9/14 ,  G06F3/06

Abstract: Security of computers, data storage devices, and servers can be improved with a multiple key access system. In some embodiments, a local key management device can be a locally (or virtually) located data storage device such as a HDD or SDD. The key management device may be part of a computer or server system and can have a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The first secure area can store a key to access a second secure area, which may function as a local key management server (LKMS) and store access information to authenticate another data storage device coupled to the computer. For example, the LKMS may store an access key to provide the computer with access to another data storage device.