Search

CN-114372273-B - Secure storage device authentication using multiple computing devices

CN114372273BCN 114372273 BCN114372273 BCN 114372273BCN-114372273-B

Abstract

The present application relates to secure storage device authentication using multiple computing devices. Methods, systems, and devices for secure storage device authentication employing multiple computing devices are described. The secure storage may receive a first command from a computing device and a first public key of a first key pair associated with the computing device, the secure storage may select a second key pair from a plurality of key pairs to associate with the computing device based on receiving the first command and the first public key. The secure storage may also encrypt a second public key of the second key pair using the first public key received from the computing device based on selecting the second key pair. The secure storage may transmit a message including the encrypted second public key to the computing device.

Inventors

  • Z. Schuber Oxford

Assignees

  • 美光科技公司

Dates

Publication Date
20260505
Application Date
20211014
Priority Date
20201016

Claims (20)

  1. 1. A method for operating a memory device, comprising: receiving, at a secure storage device and from a computing device, a first command and a first public key of a first key pair associated with the computing device; select a second key pair from a plurality of key pairs to associate with the computing device based at least in part on receiving the first command and the first public key; Encrypting a second public key of the second key pair using the first public key based at least in part on selecting the second key pair; Transmitting a first message including an encrypted second public key to the computing device, wherein the first message is signed with a private key of the second key pair; Receiving, at the secure storage device, a second command from the computing device in response to the first message, wherein the second command includes data requesting to be stored at the secure storage device; Verifying the second command as being from the computing device based at least in part on the first public key and the second key pair associated with the computing device, the first public key and the second key selected from the plurality of key pairs in response to the first command, and A second message is transmitted to the computing device indicating execution of the second command based at least in part on verifying the second command.
  2. 2. The method as recited in claim 1, further comprising: a value associated with the second public key of the second key pair is generated using a private key of the second key pair, wherein the first message transmitted to the computing device includes the value.
  3. 3. The method as recited in claim 1, further comprising: Receiving, at the secure storage device and from a second computing device, a third command and a third public key of a third key pair associated with the second computing device; Select a fourth key pair from the plurality of key pairs to associate with the second computing device based at least in part on receiving the third command and the third public key; encrypting a fourth public key of the fourth key pair using the third public key based at least in part on selecting the fourth key pair, and A third message including an encrypted fourth public key is transmitted to the second computing device.
  4. 4. A method according to claim 3, wherein: The selecting the fourth key pair is based on a sequential sequence of available key pairs from the plurality of key pairs.
  5. 5. The method as recited in claim 1, further comprising: The second message is authenticated at the computing device as being from the secure storage based at least in part on the second public key associated with the secure storage.
  6. 6. The method as recited in claim 1, further comprising: Initializing the secure storage device prior to receiving the first command, and The plurality of key pairs are generated at the secure storage based at least in part on initializing the secure storage.
  7. 7. The method as recited in claim 1, further comprising: a third message is received from the computing device indicating receipt of the second public key at the computing device.
  8. 8. The method as recited in claim 1, further comprising: a third command is received from the computing device after transmitting the first message, wherein the third command is generated based at least in part on a first private key of the key pair associated with the computing device.
  9. 9. A memory device, comprising: a secure storage device including a memory array, and A controller coupled with the memory array and configured to cause the memory device to: receive a first command from a computing device and a first public key of a first key pair associated with the computing device; select a second key pair from a plurality of key pairs to associate with the computing device based at least in part on receiving the first command and the first public key; Encrypting a second public key of the second key pair using the first public key based at least in part on selecting the second key pair; Transmitting a first message including an encrypted second public key to the computing device, wherein the first message is signed with a private key of the second key pair; receiving a second command from the computing device in response to the first message, wherein the second command includes data requesting storage at the secure storage; Verifying the second command as being from the computing device based at least in part on the first public key and the second key pair associated with the computing device, the first public key and the second key selected from the plurality of key pairs in response to the first command, and A second message is transmitted to the computing device indicating execution of the second command based at least in part on verifying the second command.
  10. 10. The memory device of claim 9, wherein the controller is further configured to: a value associated with the second public key of the second key pair is generated using a private key of the second key pair, wherein the first message transmitted to the computing device includes the value.
  11. 11. The memory device of claim 9, wherein the controller is further configured to: Receive a third command from a second computing device and a third public key of a third key pair associated with the second computing device; Select a fourth key pair from the plurality of key pairs to associate with the second computing device based at least in part on receiving the third command and the third public key; encrypting a fourth public key of the fourth key pair using the third public key based at least in part on selecting the fourth key pair, and A third message including an encrypted fourth public key is transmitted to the second computing device.
  12. 12. The memory device of claim 11, wherein the controller is configured to select the fourth key pair based on a sequential sequence of available key pairs from the plurality of key pairs.
  13. 13. The memory device of claim 9, wherein the controller is further configured to: Initializing the secure storage device prior to receiving the first command, and The plurality of key pairs are generated at the secure storage based at least in part on initializing the secure storage.
  14. 14. The memory device of claim 9, wherein the controller is further configured to: a third message is received from the computing device indicating receipt of the second public key at the computing device.
  15. 15. The memory device of claim 9, wherein the controller is further configured to: A third command is received from the computing device after transmitting the first message, wherein the third command is generated based at least in part on a private key of the first key pair associated with the computing device.
  16. 16. A non-transitory computer-readable medium storing code comprising instructions that, when executed by a processor of an electronic device, cause the electronic device to: receiving, at a secure storage device and from a computing device, a first command and a first public key of a first key pair associated with the computing device; select a second key pair from a plurality of key pairs to associate with the computing device based at least in part on receiving the first command and the first public key; Encrypting a second public key of the second key pair using the first public key based at least in part on selecting the second key pair; Transmitting a first message including an encrypted second public key to the computing device, wherein the first message is signed with a private key of the second key pair; Receiving, at the secure storage device, a second command from the computing device in response to the first message, wherein the second command includes data requesting to be stored at the secure storage device; Verifying the second command as being from the computing device based at least in part on the first public key and the second key pair associated with the computing device, the first public key and the second key selected from the plurality of key pairs in response to the first command, and A second message is transmitted to the computing device indicating execution of the second command based at least in part on verifying the second command.
  17. 17. The non-transitory computer-readable medium of claim 16, wherein the instructions, when executed by the processor of the electronic device, further cause the electronic device to: a value associated with the second public key of the second key pair is generated using a private key of the second key pair, wherein the first message transmitted to the computing device includes the value.
  18. 18. The non-transitory computer-readable medium of claim 16, wherein the instructions, when executed by the processor of the electronic device, further cause the electronic device to: Receiving, at the secure storage device and from a second computing device, a third command and a third public key of a third key pair associated with the second computing device; Select a fourth key pair from the plurality of key pairs to associate with the second computing device based at least in part on receiving the third command and the third public key; encrypting a fourth public key of the fourth key pair using the third public key based at least in part on selecting the fourth key pair, and A third message including an encrypted fourth public key is transmitted to the second computing device.
  19. 19. The non-transitory computer-readable medium of claim 18, wherein the instructions, when executed by the processor of the electronic device, further cause the electronic device to select the fourth key pair based on a sequential sequence of available key pairs from the plurality of key pairs.
  20. 20. The non-transitory computer-readable medium of claim 16, wherein the instructions, when executed by the processor of the electronic device, further cause the electronic device to: Initializing the secure storage device prior to receiving the first command, and The plurality of key pairs are generated at the secure storage based at least in part on initializing the secure storage.

Description

Secure storage device authentication using multiple computing devices Cross reference to This patent application claims priority from U.S. patent application No. 17/072,541 entitled "secure storage authentication with multiple computing devices (SECURE STORAGE DEVICE VERIFICATION WITH MULTIPLE COMPUTING DEVICES)" filed on 10/16/2020 by Szubbocsev, assigned to the present assignee and expressly incorporated herein by reference in its entirety. Technical Field The following generally relates to one or more systems for memory, and more particularly to secure storage authentication employing multiple computing devices. The technical field relates to secure storage device authentication using multiple computing devices. Background Memory devices are widely used to store information in a variety of electronic devices, such as computers, wireless communication devices, cameras, digital displays, and the like. Information is stored by programming memory cells within a memory device to different states. For example, a binary memory cell may be programmed to one of two supported states, typically represented by a logic 1 or a logic 0. In some examples, a single memory cell may support more than two states, any of which may be stored. To access the stored information, the component may read or sense at least one stored state in the memory device. To store information, the component may write or program a state in the memory device. There are various types of memory devices and memory cells including magnetic hard disks, random Access Memories (RAMs), read Only Memories (ROMs), dynamic RAMs (DRAMs), synchronous Dynamic RAMs (SDRAM), ferroelectric RAMs (ferams), magnetic RAMs (MRAM), resistive RAMs (RRAM), flash memories, phase Change Memories (PCM), self-selected memories, chalcogenide memory technologies, and the like. The memory cells may be volatile or nonvolatile. Nonvolatile memory such as FeRAM can maintain its stored logic state for a long period of time even in the absence of an external power source. Volatile memory devices, such as DRAMs, may lose their stored state when disconnected from an external power source. Disclosure of Invention A method is described. The method may include receiving, at a secure storage device and from a computing device, a first command and a first public key of a first key pair associated with the computing device, selecting a second key pair from a plurality of key pairs to associate with the computing device based at least in part on the received first command and first public key, encrypting a second public key of the second key pair using the first public key based at least in part on the selecting the second key pair, and transmitting a message including the encrypted second public key to the computing device. An apparatus is described. The apparatus may include a secure storage including a memory array, and a controller coupled with the memory array and configured to cause the apparatus to receive a first command from a computing device and a first public key of a first key pair associated with the computing device, select a second key pair from a plurality of key pairs to associate with the computing device based at least in part on the received first command and the first public key, encrypt a second public key of the second key pair using the first public key based at least in part on the selected second key pair, and transmit a message including the encrypted second public key to the computing device. A non-transitory computer-readable medium storing code is described. The non-transitory computer-readable medium storing code may include instructions that, when executed by a processor of an electronic device, cause the electronic device to receive, at a secure storage device and from a computing device, a first command and a first public key of a first key pair associated with the computing device, select a second key pair from a plurality of key pairs to be associated with the computing device based at least in part on the received first command and first public key, encrypt a second public key of the second key pair using the first public key based at least in part on the selected second key pair, and transmit a message including the encrypted second public key to the computing device. Drawings FIG. 1 illustrates an example of a system supporting secure storage authentication employing multiple computing devices according to examples disclosed herein. FIG. 2 illustrates an example of a system supporting secure storage authentication employing multiple computing devices according to examples disclosed herein. FIG. 3 illustrates an example of a flow chart supporting secure storage device authentication employing multiple computing devices according to examples disclosed herein. FIG. 4 shows a block diagram of a secure storage device supporting secure storage device authentication employing multiple computing devices, according to an example disclosed herein. FIG. 5 shows