Key encryption and decryption
First Claim
1. An Application Specific Integrated Circuit (ASIC), comprising:
- a microprocessor;
a host attachment; and
circuitry coupled directly to the microprocessor and directly to the host attachment, the circuitry comprising;
a root Certificate of Authority check block that checks a root Certificate of Authority (CA) signature;
a first multiplexor that selects a encrypted data key from inputs of a first encrypted data key from the microprocessor and a second encrypted data key from the host attachment, wherein the encrypted data key is created by using a public key of a public-private key pair to wrap a data key;
a register coupled to the first multiplexor that stores the encrypted data key;
a public key decryption block coupled to the register and to a second multiplexor, wherein the public key decryption block receives the encrypted data key and unwraps the encrypted data key using a private key of the public-private key pair to produce the data key for use in encrypting and decrypting data;
a second multiplexor coupled to the public key decryption block that receives the data key as input from the public key decryption block, wherein the second multiplexor selects the data key received from the public key decryption block from inputs of a first session key, a backup data key, a standard data key, and the data key received from the public key decryption block;
an encryption block coupled to the second multiplexor that receives clear text and the data key, wherein the clear text is selected from first clear text from the microprocessor and second clear text from the host attachment, and wherein the encryption block encrypts the clear text with the data key to generate encrypted text; and
a decryption block coupled to the second multiplexor that receives a piece of encrypted data selected from the encrypted data key and the encrypted text from the encryption block, wherein the decryption block decrypts the piece of encrypted data.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.
30 Citations
9 Claims
-
1. An Application Specific Integrated Circuit (ASIC), comprising:
-
a microprocessor; a host attachment; and circuitry coupled directly to the microprocessor and directly to the host attachment, the circuitry comprising; a root Certificate of Authority check block that checks a root Certificate of Authority (CA) signature; a first multiplexor that selects a encrypted data key from inputs of a first encrypted data key from the microprocessor and a second encrypted data key from the host attachment, wherein the encrypted data key is created by using a public key of a public-private key pair to wrap a data key; a register coupled to the first multiplexor that stores the encrypted data key; a public key decryption block coupled to the register and to a second multiplexor, wherein the public key decryption block receives the encrypted data key and unwraps the encrypted data key using a private key of the public-private key pair to produce the data key for use in encrypting and decrypting data; a second multiplexor coupled to the public key decryption block that receives the data key as input from the public key decryption block, wherein the second multiplexor selects the data key received from the public key decryption block from inputs of a first session key, a backup data key, a standard data key, and the data key received from the public key decryption block; an encryption block coupled to the second multiplexor that receives clear text and the data key, wherein the clear text is selected from first clear text from the microprocessor and second clear text from the host attachment, and wherein the encryption block encrypts the clear text with the data key to generate encrypted text; and a decryption block coupled to the second multiplexor that receives a piece of encrypted data selected from the encrypted data key and the encrypted text from the encryption block, wherein the decryption block decrypts the piece of encrypted data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
a microprocessor; a host attachment coupled to the microprocessor; and circuitry coupled to the microprocessor and to the host attachment, the circuitry comprising an Application Specific Integrated Circuit (ASIC) for encryption and decryption that includes a first multiplexor, a second multiplexor, a public key decryption block, a decryption block, an encryption block, and a demultiplexor; wherein the first multiplexor selects an encrypted data key from inputs of a first encrypted data key from the microprocessor and a second encrypted data key from the host attachment, and wherein the encrypted data key is input to the public key decryption block; wherein the public key decryption block is coupled to the first multiplexor and to the second multiplexor and decrypts the encrypted data key using a private key to obtain a secret key, and wherein the secret key is input to the second multiplexor; wherein the second multiplexor is coupled to the decryption block and to the encryption block and selects the secret key, from inputs of a first key, a backup data key, a standard data key, and the secret key, wherein the secret key is input to the decryption block and to the encryption block; wherein the encryption block encrypts clear text using the secret key to generate encrypted text; wherein the decryption block decrypts the encrypted text using the secret key; wherein a demultiplexor is coupled to the decryption block, receives the decrypted text, and selects one of storage of the decrypted text and forwarding of the decrypted text to the host attachment; and wherein the circuitry controls the first multiplexor and the second multiplexor so that the secret key, after the decryption, is not accessible to an entity outside the ASIC. - View Dependent Claims (7, 8, 9)
-
Specification