Abstract: Random values can be very beneficial in systems needing to generate random number or encryption keys. Systems and methods are presented herein that can generate a random value based on errors in data. For example, an error vector can be generated when data having errors (e.g. stored data, data received by a receiver, etc.) is compared with corresponding corrected data. A circuit, such as a data channel, can generate the corrected data by applying error correcting codes to the data with errors. One or more error vectors may be used to produce a random value. In some cases, multiple error vectors can be combined to produce a random value.

Abstract: Systems and methods for calculating random values based on data errors are presented. A message collection circuit may collect sets of data having data errors and store them to a memory. The stored sets of data may then be processed to produce a random value based on errors in the sets of data. The random value(s) may be provided to random number generator(s), encryption circuit(s), or other circuit(s).

Abstract: Apparatus and method for data security in a data storage device. In some embodiments, an alternating pattern is written to a magnetic recording medium as a sequence of symbols at a selected clock rate. A repeatable magnetic signature is generated by reading the alternating pattern from the medium, the magnetic signature having relatively weak entropy at boundaries of the symbols. A multi-bit digital sequence is extracted from the repeatable magnetic signature, the digital sequence having relatively strong entropy. The digital sequence is stored in a separate memory coupled to the medium. Access to data stored on the medium is authenticated responsive to the digital sequence stored in the separate memory.

Abstract: Apparatus and method for data security in a data storage environment. In some embodiments, input data from a host is received into a buffer memory. Data compression is applied to the input data to provide compressed data. Encryption is applied to the compressed data to generate encrypted data, and the encrypted data are stored in a main memory of a data storage device. A system parameter value associated with the storage of the encrypted data is generated and stored in a memory, such as the main memory of the storage device. The system parameter value may include information relating to the compression of the data. A trusted relationship is established to authenticate the host responsive to a request for the updated system parameter value. The system parameter value is transferred to the host responsive to the established trusted relationship.

Abstract: Apparatus and method for detecting unauthorized tampering with a data storage device having a housing and a memory. A first identifier value is stored on an external surface of the housing and a second identifier value is stored within the memory. The first and second identifier values are combined in a predetermined order to form a combined identifier value for which a digital signature is generated using a private key, and the digital signature is stored on the storage device. The digital signature, the first and second identifier values, and one or more dummy identification values are retrieved from the storage device and stored in a memory of a verification device, which combines the retrieved first and second identifier values in the predetermined order to generate a retrieved combined identifier value. The storage device is authenticated using the retrieved combined identifier value, the digital signature and a public key.

Abstract: Apparatus and method for data security in a data storage device. In some embodiments, an alternating pattern is written to a magnetic recording medium as a sequence of symbols at a selected clock rate. A repeatable magnetic signature is generated by reading the alternating pattern from the medium, the magnetic signature having relatively weak entropy at boundaries of the symbols. A multi-bit digital sequence is extracted from the repeatable magnetic signature, the digital sequence having relatively strong entropy. The digital sequence is stored in a separate memory coupled to the medium. Access to data stored on the medium is authenticated responsive to the digital sequence stored in the separate memory.

Abstract: Apparatus (400, 500) and method (200, 220, 240, 260, 280, 300) for detecting unauthorized tampering with a data storage device (100, 110, 140, 520). In some embodiments, the data storage device has a housing (112, 142) and a memory (192) supported by the housing. A first identifier value (202A, 222A, 242A, 262A, 282A, 306A) is stored on an external surface of the housing and a second identifier value (202B, 222B, 242B, 262B, 282B, 306B) is stored within the memory. A digital signature (210, 256, 296) generated in response to the first and second identifier values and in response to a private key (208, 254, 288) is stored on the storage device. Thereafter, the first identifier value is retrieved from the external surface of the housing and the second identifier value is retrieved from the memory. The storage device is authenticated using the retrieved first and second identifier values, the digital signature and a public key (228, 274, 312).

Abstract: Apparatus and method for data security in a data storage environment. In some embodiments, input data from a host is received into a buffer memory. Data compression is applied to the input data to provide compressed data. Encryption is applied to the compressed data to generate encrypted data, and the encrypted data are stored in a main memory of a data storage device. A system parameter value associated with the storage of the encrypted data is generated and stored in a memory, such as the main memory of the storage device. The system parameter value may include information relating to the compression of the data. A trusted relationship is established to authenticate the host responsive to a request for the updated system parameter value. The system parameter value is transferred to the host responsive to the established trusted relationship.

Abstract: Systems or methods can be used to detect evidence of tampering. The tampering can be physical tampering, such as the turning of a screw, or removal or modification of an electronic component. In some examples, a tamper detection value can be determined from a tamper detection device and compared to a predetermined tamper detection value to determine if tampering is indicated. The system can, upon detection of the tampering, halt an operation, disable device or circuit functionality, disable future operations, physically disable a device, or any combination thereof.

Abstract: Apparatus and method for secure data shredding in an imperfect data storage device. In some embodiments, a hash function is applied to multi-bit random sequence to generate an output hash. A combinatorial logic function logically combines the output hash with a secret to provide an output value. The random string is processed into a plurality of secret shares which are stored in a first location in a non-volatile memory and the output value is stored in a different, second location of the memory. The secret is subsequently shredded by applying an erasure operation upon the secret shares in the first location of the memory.

Abstract: Apparatus and method for generating random numbers. In accordance with some embodiments, a first multi-bit string of entropy values is derived from a first entropy source having a first trust level and a different, second multi-bit string of entropy values is derived from a second entropy source having a different, second trust level. The first and second multi-bit strings of entropy values are combined in relation to the associated first and second trust levels to generate a multi-bit random number. The multi-bit random number is used as an input to a cryptographic function.

Abstract: Security techniques may be selectively performed on data based on a classification of the data. One example technique includes receiving a memory access command specifying a target data block on a storage medium storing both security data and non-security data. The technique further includes determining whether data affected by the access command is security data. Response to such determination, one of multiple data management schemes is selected to implement the memory access command, where each of the data management schemes is adapted to implement the memory access command via a different series of processing operations to provide a different level of security protection for data affected by the memory access command.

Abstract: Systems, apparatuses, methods, and software for processing data in pipeline architectures are provided herein. In one example, a pipeline architecture is presented. The pipeline architecture includes a plurality of processing stages, linked in series, that iteratively process data as the data propagates through the plurality of processing stages. The pipeline architecture includes at least one other processing stage linked in series with and preceded by the plurality of processing stages and configured to iteratively process the data a number of times based at least on an iteration count comprising how many times the data was iteratively processed as the data propagated through the plurality of processing stages.

Abstract: Apparatus and method for generating random numbers. In accordance with some embodiments, the apparatus comprises a random number generator circuit that generates a random number responsive to a total number of programming pulses used to transition a solid-state memory cell from a first programming state to a second programming state.

Abstract: Apparatus and method for secure data shredding in an imperfect data storage device. In some embodiments, a hash function is applied to multi-bit random sequence to generate an output hash. A combinatorial logic function logically combines the output hash with a secret to provide an output value. The random string is processed into a plurality of secret shares which are stored in a first location in a non-volatile memory and the output value is stored in a different, second location of the memory. The secret is subsequently shredded by applying an erasure operation upon the secret shares in the first location of the memory.

Abstract: Security techniques may be selectively performed on data based on a classification of the data. One example technique includes receiving a memory access command specifying a target data block on a storage medium storing both security data and non-security data. The technique further includes determining whether data affected by the access command is security data. Response to such determination, one of multiple data management schemes is selected to implement the memory access command, where each of the data management schemes is adapted to implement the memory access command via a different series of processing operations to provide a different level of security protection for data affected by the memory access command.

Abstract: Apparatus and method for generating random numbers. In accordance with some embodiments, the apparatus comprises a random number generator circuit that generates a random number responsive to a total number of programming pulses used to transition a solid-state memory cell from a first programming state to a second programming state.

Abstract: Systems, apparatuses, methods, and software for processing data in pipeline architectures are provided herein. In one example, a pipeline architecture is presented. The pipeline architecture includes a plurality of processing stages, linked in series, that iteratively process data as the data propagates through the plurality of processing stages. The pipeline architecture includes at least one other processing stage linked in series with and preceded by the plurality of processing stages and configured to iteratively process the data a number of times based at least on an iteration count comprising how many times the data was iteratively processed as the data propagated through the plurality of processing stages.