Method and system for providing bus encryption based on cryptographic key exchange
First Claim
1. A system comprising:
- a number generator to generate a nonce; and
an encryption subsystem to encrypt data accessed from a storage medium containing a key distribution data block using an encryption bus key prior to transmitting the encrypted data via a data bus, wherein said encryption bus key is derived based on at least a portion of the key distribution data block, at least one device key assigned to said encryption subsystem and the nonce generated by the number generator.
1 Assignment
0 Petitions
Accused Products
Abstract
A system is described for protecting digital content stored on a storage medium from unauthorized copying. The system includes a number generator to generate a nonce, an encryption subsystem and a decryption subsystem. The encryption subsystem encrypts data accessed from a storage medium containing a key distribution data block using an encryption bus key prior to transmitting the encrypted data via a data bus. The encryption bus key is derived based on at least a portion of the key distribution data block, at least one device key assigned to the encryption subsystem and the nonce generated by the number generator. The decryption subsystem is coupled to the data bus to decrypt the encrypted data received over the data bus using a decryption bus key derived based on at least a portion of the key distribution data block, at least one device key assigned to the decryption subsystem and the nonce generated by the number generator.
-
Citations
26 Claims
-
1. A system comprising:
-
a number generator to generate a nonce; and
an encryption subsystem to encrypt data accessed from a storage medium containing a key distribution data block using an encryption bus key prior to transmitting the encrypted data via a data bus, wherein said encryption bus key is derived based on at least a portion of the key distribution data block, at least one device key assigned to said encryption subsystem and the nonce generated by the number generator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
a storage device reading a key distribution data block from a storage medium;
the storage device processing at least a portion of said key distribution data block using at least one device key to compute a media key;
the storage device fetching a nonce generated by a number generator;
the storage device combining said nonce with said media key using a one-way function to generate a bus key;
the storage device encrypting data read from the storage medium using the bus key generated by the storage device; and
the storage device transmitting the encrypted data over a data bus. - View Dependent Claims (12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
18. An apparatus comprising:
a storage device to access a storage medium containing data and a key distribution data block, said storage device including a processing logic, a one-way function and an encryption logic, wherein said processing logic processes at least a portion of said key distribution data block using a device key assigned to said storage device to compute a media key, said one-way function combines said media key with a nonce generated by a number generator to produce a bus key and said encryption logic encrypts said data accessed from said storage medium using said bus key prior to transmitting the encrypted data via a data bus.
Specification