Key encryption and decryption

US 10,108,558 B2
Filed: 06/08/2017
Issued: 10/23/2018
Est. Priority Date: 04/10/2007
Status: Active Grant

First Claim

Patent Images

1. An Application Specific Integrated Circuit (ASIC), comprising:

a microprocessor;

a host attachment; and

circuitry coupled directly to the microprocessor and directly to the host attachment, the circuitry comprising;

a root Certificate of Authority check block that checks a root Certificate of Authority (CA) signature;

a first multiplexor that selects a encrypted data key from inputs of a first encrypted data key from the microprocessor and a second encrypted data key from the host attachment, wherein the encrypted data key is created by using a public key of a public-private key pair to wrap a data key;

a register coupled to the first multiplexor that stores the encrypted data key;

a public key decryption block coupled to the register and to a second multiplexor, wherein the public key decryption block receives the encrypted data key and unwraps the encrypted data key using a private key of the public-private key pair to produce the data key for use in encrypting and decrypting data;

a second multiplexor coupled to the public key decryption block that receives the data key as input from the public key decryption block, wherein the second multiplexor selects the data key received from the public key decryption block from inputs of a first session key, a backup data key, a standard data key, and the data key received from the public key decryption block;

an encryption block coupled to the second multiplexor that receives clear text and the data key, wherein the clear text is selected from first clear text from the microprocessor and second clear text from the host attachment, and wherein the encryption block encrypts the clear text with the data key to generate encrypted text; and

a decryption block coupled to the second multiplexor that receives a piece of encrypted data selected from the encrypted data key and the encrypted text from the encryption block, wherein the decryption block decrypts the piece of encrypted data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.

30 Citations

9 Claims

1. An Application Specific Integrated Circuit (ASIC), comprising:
- a microprocessor;
  
  a host attachment; and
  
  circuitry coupled directly to the microprocessor and directly to the host attachment, the circuitry comprising;
  
  a root Certificate of Authority check block that checks a root Certificate of Authority (CA) signature;
  
  a first multiplexor that selects a encrypted data key from inputs of a first encrypted data key from the microprocessor and a second encrypted data key from the host attachment, wherein the encrypted data key is created by using a public key of a public-private key pair to wrap a data key;
  
  a register coupled to the first multiplexor that stores the encrypted data key;
  
  a public key decryption block coupled to the register and to a second multiplexor, wherein the public key decryption block receives the encrypted data key and unwraps the encrypted data key using a private key of the public-private key pair to produce the data key for use in encrypting and decrypting data;
  
  a second multiplexor coupled to the public key decryption block that receives the data key as input from the public key decryption block, wherein the second multiplexor selects the data key received from the public key decryption block from inputs of a first session key, a backup data key, a standard data key, and the data key received from the public key decryption block;
  
  an encryption block coupled to the second multiplexor that receives clear text and the data key, wherein the clear text is selected from first clear text from the microprocessor and second clear text from the host attachment, and wherein the encryption block encrypts the clear text with the data key to generate encrypted text; and
  
  a decryption block coupled to the second multiplexor that receives a piece of encrypted data selected from the encrypted data key and the encrypted text from the encryption block, wherein the decryption block decrypts the piece of encrypted data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The ASIC of claim 1, wherein registers used by the microprocessor cannot be seen by an emulator when the microprocessor performs the checking and the unwrapping.
  - 3. The ASIC of claim 1, further comprising:
    - the circuitry storing the private key.
  - 4. The ASIC of claim 3, wherein the private key is stored in a register space inside the ASIC that is not accessible by external entities.
  - 5. The ASIC of claim 1, wherein the circuitry further comprises:
    - a third multiplexor that selects the clear text from inputs of the first clear text from the microprocessor and the second clear text from the host attachment; and
      
      a fourth multiplexor that selects the piece of encrypted data from inputs of the session encrypted data key and the encrypted text from the encryption block.

6. A system, comprising:
- a microprocessor;
  
  a host attachment coupled to the microprocessor; and
  
  circuitry coupled to the microprocessor and to the host attachment, the circuitry comprising an Application Specific Integrated Circuit (ASIC) for encryption and decryption that includes a first multiplexor, a second multiplexor, a public key decryption block, a decryption block, an encryption block, and a demultiplexor;
  
  wherein the first multiplexor selects an encrypted data key from inputs of a first encrypted data key from the microprocessor and a second encrypted data key from the host attachment, and wherein the encrypted data key is input to the public key decryption block;
  
  wherein the public key decryption block is coupled to the first multiplexor and to the second multiplexor and decrypts the encrypted data key using a private key to obtain a secret key, and wherein the secret key is input to the second multiplexor;
  
  wherein the second multiplexor is coupled to the decryption block and to the encryption block and selects the secret key, from inputs of a first key, a backup data key, a standard data key, and the secret key, wherein the secret key is input to the decryption block and to the encryption block;
  
  wherein the encryption block encrypts clear text using the secret key to generate encrypted text;
  
  wherein the decryption block decrypts the encrypted text using the secret key;
  
  wherein a demultiplexor is coupled to the decryption block, receives the decrypted text, and selects one of storage of the decrypted text and forwarding of the decrypted text to the host attachment; and
  
  wherein the circuitry controls the first multiplexor and the second multiplexor so that the secret key, after the decryption, is not accessible to an entity outside the ASIC.
- View Dependent Claims (7, 8, 9)
- - 7. The system of claim 6, further comprising:
    - a key appliance;
      
      a data storage drive coupled to the key appliance, wherein the circuitry is implemented at the data storage drive; and
      
      the key appliance obtaining a public key that is part of a public-private key pair from the data storage drive, using the public key to wrap the secret key to create the encrypted data key, and sending the encrypted data key to the data storage drive.
  - 8. The system of claim 6, wherein the private key is part of a public-private key pair.
  - 9. The system of claim 6, wherein the private key is stored in a register space inside the ASIC that is not accessible by external entities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Greco, Paul M., Jaquette, Glen A., Schaffer, Scott J.
Primary Examiner(s)
Popham, Jeffrey D

Application Number

US15/617,800
Publication Number

US 20170270057A1
Time in Patent Office

502 Days
Field of Search

713156
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G09C 1/00   Apparatus or methods whereb...

H04L 2209/12   Details relating to cryptog...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/083   involving central third par...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

Key encryption and decryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Key encryption and decryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links