Abstract
Encrypted data on a storage device (e.g., flash memory, hard disk drives, etc.) that is stolen or accessed by an attacker can be read by the attacker by using the onboard media encryption keys (MEK) to decrypt it. This disclosure describes a component, referred to as a key management block (KMB), that can be integrated into a storage device controller. The KMB provides services for generating and encrypting MEKs. The KMB enables a cloud service provider to have both host entropy and customer entropy for customer MEKs, such that decryption of a given section of customer data requires both the customer entropy and the host entropy. The host-specific entropy resides outside the storage device, such that the theft or unauthorized access of the storage device renders decryption infeasible. The integrated KMB enhances the safeguarding of the MEKs, in turn improving the security of the encrypted data.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Andersen, Jeff; Kunzman, Charles; Sabol, Chris; Lagar-Cavilla, Andrés; and Huffman, Amber, "Integrated Key Management Block", Technical Disclosure Commons, (May 08, 2024)
https://www.tdcommons.org/dpubs_series/6980