Abstract: The technology disclosed herein provides a blockchain transactions forwarding mechanism that allows for tracking and notification from the originating blockchain through to a last blockchain and back again. An implementation of the system disclosed herein also provides a whitelist mechanism to provide a list of acceptable blockchains or nodes that may receive transactions. Yet another implementation provides a predetermined hop count that may be used as the maximum allowable hop counts that provides the number of times a transaction is allowed to be forwarded.

Abstract: The technology disclosed herein provides a method to control the resources used in a device. An implementation of such a method includes generating a device configuration ledger block based on initial assembly of components of a storage device, storing the device configuration ledger block on a node of a distributed ledger, detecting an activation of the device; in response to detecting the activation of the device, generating a current distributed ledger block based on current assembly of components of the storage device, comparing the current distributed ledger block with the device configuration ledger block, and in response to determining that the current distributed ledger block does not match with the device configuration ledger block disabling the operation of the device.

Abstract: The technology disclosed herein provides a method to use a private distributed blockchain to generate a secure encrypted record of authentication attempts for a set of distributed network attached user devices or nodes. In at least one implementation, the method includes initiating a security incident blockchain for a network comprising a plurality nodes, provisioning each the plurality of nodes in the network with a synchronous key wherein a master node has a copy of all of the synchronous keys, adding a configuration transaction to the security incident blockchain, the configuration transaction including security policies for the plurality of nodes in the network, detecting a security incident at one of the plurality of nodes in the network, and in response to the detection of the security incident, performing a security incident response in compliance with the security policies as provided in the configuration transaction.

Abstract: The technology disclosed herein provides a blockchain transactions forwarding mechanism that allows for tracking and notification from the originating blockchain through to a last blockchain and back again. An implementation of the system disclosed herein also provides a whitelist mechanism to provide a list of acceptable blockchains or nodes that may receive transactions. Yet another implementation provides a predetermined hop count that may be used as the maximum allowable hop counts that provides the number of times a transaction is allowed to be forwarded.

Abstract: Apparatus and method for transferring data between a processing circuit and a memory. In some embodiments, a data storage device has a main non-volatile memory (NVM) configured to store user data from a host device. A controller circuit is configured to direct transfers of the user data between the NVM and the host device. The controller circuit has a programmable processor and a secure data transfer circuit. The secure data transfer circuit executes memory access operations to transfer user data and control values between the processor and a local memory. A memory access operation includes receiving bits of a multi-bit control value on a multi-line bus from the processor, and activating a programmable switching circuit to randomly interconnect different ones of the multi-line bus to transpose the bits in the control value.

Abstract: The technology disclosed herein provides a method to use a private distributed blockchain to generate a secure encrypted record of authentication attempts for a set of distributed network attached user devices or nodes. In at least one implementation, the method includes initiating a security incident blockchain for a network comprising a plurality nodes, provisioning each the plurality of nodes in the network with a synchronous key wherein a master node has a copy of all of the synchronous keys, adding a configuration transaction to the security incident blockchain, the configuration transaction including security policies for the plurality of nodes in the network, detecting a security incident at one of the plurality of nodes in the network, and in response to the detection of the security incident, performing a security incident response in compliance with the security policies as provided in the configuration transaction.

Abstract: A network resource and a user device include secure connection applications that share one or more keys and a key selection criterion. A communication is received from the user utilizing a key selected from the one or more keys. The network resource selects a key based on the key selection criterion. If the keys match, then the user device is authorized and the user is allowed to access data of the network resource. The keys may further be selected and used to encrypt and decrypt data. Different key selections provide security to communications.

Abstract: Apparatus and method for enacting data security in a data storage device, such as by protecting against a differential power analysis (DPA) attack. In some embodiments, a programmable processor executes programming in a memory to perform a cryptographic function upon user data associated with a host command received from a host device. The cryptographic function involves multiple logical computations to arrive at an output value responsive to an input value over a time interval. During the time interval, the programmable processor is repetitively interrupted by a plurality of interrupt calls respectively selected responsive to a first series of random numbers and resumes operation by a corresponding plurality of function return calls respectively selected responsive to a second series of random numbers. Each of the interrupt calls causes the programmable processor to temporarily suspend the multiple logical computations and perform at least one non-cryptographic function.

Abstract: The technology disclosed herein provides a method to control the resources used in a device. An implementation of such a method includes generating a device configuration ledger block based on initial assembly of components of a storage device, storing the device configuration ledger block on a node of a distributed ledger, detecting an activation of the device; in response to detecting the activation of the device, generating a current distributed ledger block based on current assembly of components of the storage device, comparing the current distributed ledger block with the device configuration ledger block, and in response to determining that the current distributed ledger block does not match with the device configuration ledger block disabling the operation of the device.

Abstract: Apparatus and method for managing entropy in a cryptographic processing system. In some embodiments, a first block of conditioned entropy is generated from at least one entropy source. The first block of conditioned entropy is subjected to a first cryptographic process to generate cryptographically secured entropy which is stored in a memory. The cryptographically secured entropy is subsequently retrieved from the memory and subjected to a second cryptographic process to generate a second block of conditioned entropy, which is thereafter used as an input in a third cryptographic process such as to encrypt or decrypt user data in a data storage device. The first cryptographic process may include an encryption algorithm to generate ciphertext and a hash function to generate a keyed digest value, such as an HMAC value, to detect tampering with the ciphertext by an attacker. The second cryptographic process may decrypt or further encrypt the ciphertext.

Abstract: Apparatus and method for enacting data security in a cryptographic processing system, such as a data storage device. In some embodiments, a timer circuit is initiated to denote an elapsed time interval of predetermined duration responsive to a function call by an initiator circuit to perform a selected cryptographic function upon input data. The selected cryptographic function is executed to generate output data which are temporarily stored in a memory location during a waiting period prior to a conclusion of the elapsed time interval. Additional functions may be performed during the waiting period. A notification from the timer circuit is received at the conclusion of the elapsed time interval, and the output data are transferred from the memory to the initiator circuit. In this way, a timing attack may be defended against by configuring the selected cryptographic function to have the same overall execution time for different input data sets.

Abstract: Apparatus and method for transferring data between a processing circuit and a memory. In some embodiments, a data storage device has a main non-volatile memory (NVM) configured to store user data from a host device. A controller circuit is configured to direct transfers of the user data between the NVM and the host device. The controller circuit has a programmable processor and a secure data transfer circuit. The secure data transfer circuit executes memory access operations to transfer user data and control values between the processor and a local memory. A memory access operation includes receiving bits of a multi-bit control value on a multi-line bus from the processor, and activating a programmable switching circuit to randomly interconnect different ones of the multi-line bus to transpose the bits in the control value.

Abstract: Apparatus and method for enacting data security in a cryptographic processing system, such as a data storage device. In some embodiments, a timer circuit is initiated to denote an elapsed time interval of predetermined duration responsive to a function call by an initiator circuit to perform a selected cryptographic function upon input data. The selected cryptographic function is executed to generate output data which are temporarily stored in a memory location during a waiting period prior to a conclusion of the elapsed time interval. Additional functions may be performed during the waiting period. A notification from the timer circuit is received at the conclusion of the elapsed time interval, and the output data are transferred from the memory to the initiator circuit. In this way, a timing attack may be defended against by configuring the selected cryptographic function to have the same overall execution time for different input data sets.

Abstract: Apparatus and method for managing entropy in a cryptographic processing system. In some embodiments, a first block of conditioned entropy is generated from at least one entropy source. The first block of conditioned entropy is subjected to a first cryptographic process to generate cryptographically secured entropy which is stored in a memory. The cryptographically secured entropy is subsequently retrieved from the memory and subjected to a second cryptographic process to generate a second block of conditioned entropy, which is thereafter used as an input in a third cryptographic process such as to encrypt or decrypt user data in a data storage device. The first cryptographic process may include an encryption algorithm to generate ciphertext and a hash function to generate a keyed digest value, such as an HMAC value, to detect tampering with the ciphertext by an attacker. The second cryptographic process may decrypt or further encrypt the ciphertext.

Abstract: Apparatus and method for enacting data security in a data storage device, such as by protecting against a differential power analysis (DPA) attack. In some embodiments, a programmable processor executes programming in a memory to perform a cryptographic function upon user data associated with a host command received from a host device. The cryptographic function involves multiple logical computations to arrive at an output value responsive to an input value over a time interval. During the time interval, the programmable processor is repetitively interrupted by a plurality of interrupt calls respectively selected responsive to a first series of random numbers and resumes operation by a corresponding plurality of function return calls respectively selected responsive to a second series of random numbers. Each of the interrupt calls causes the programmable processor to temporarily suspend the multiple logical computations and perform at least one non-cryptographic function.

Abstract: A network resource and a user device include secure connection applications that share one or more keys and a key selection criterion. A communication is received from the user utilizing a key selected from the one or more keys. The network resource selects a key based on the key selection criterion. If the keys match, then the user device is authorized and the user is allowed to access data of the network resource. The keys may further be selected and used to encrypt and decrypt data. Different key selections provide security to communications.

Abstract: A data storage device may be destroyed by suspending a transducing head above a data storage medium prior to inducing contact of the transducing head with a first layer of the data storage medium in response to a signal from a controller. Deflection of the transducing head can then be increased to penetrate to a destroy depth in a second layer of the data storage medium that is maintained while the data storage medium spins. The controller may then issue at least one data read command to access data from the data storage medium and when a data read error is received, the data storage medium and transducing head can be verified as destroyed and incapable of accessing data previously written to the data storage medium.