Data security for digital data storage
First Claim
Patent Images
1. A computing apparatus comprising:
- a digital data storage device;
a bus-to-bus bridge configured to receive digital data from a host processor and to forward the digital data to the digital data storage device in an encrypted form, wherein the bus-to-bus bridge is configured to encrypt the digital data and forward the digital data to the digital storage device without intervention of the host processor, and wherein the bus-to-bus bridge is configured to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
a non-volatile memory location in or connected to the logic circuit bus-to-bus bridge which stores an identification code; and
a key accessed by the logic circuit bus-to-bus bridge to define at least in part an encryption process, wherein the key is derived at least in part from the identification code.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer.
72 Citations
19 Claims
-
1. A computing apparatus comprising:
-
a digital data storage device;
a bus-to-bus bridge configured to receive digital data from a host processor and to forward the digital data to the digital data storage device in an encrypted form, wherein the bus-to-bus bridge is configured to encrypt the digital data and forward the digital data to the digital storage device without intervention of the host processor, and wherein the bus-to-bus bridge is configured to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
a non-volatile memory location in or connected to the logic circuit bus-to-bus bridge which stores an identification code; and
a key accessed by the logic circuit bus-to-bus bridge to define at least in part an encryption process, wherein the key is derived at least in part from the identification code. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer comprising:
-
a plurality of data storage media drives;
a data path connected between the plurality of data storage media drives and a source of data for storage onto media associated with the data storage media drives; and
a bus-to-bus bridge coupled to the data path, the bus-to-bus bridge being configurable to enable encrypting of data being routed to a selectable subset of the plurality of data storage media drives, wherein the bus-to-bus bridge is configured to encrypt the digital data and forward the digital data to the data storage media drives without intervention of the host processor, and wherein the bus-to-bus bridge is configured to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge. - View Dependent Claims (7, 8, 9)
-
-
10. A data processing system comprising:
-
a data source;
at least one data storage device;
a logic circuit coupled to receive digital data from the data source and to route digital data to the data storage device, wherein the logic circuit is configured to encrypt the digital data and forward the digital data to the data storage device without intervention of a host processor, wherein the logic circuit comprises a bus-to-bus bridge;
a non-volatile memory coupled to the logic circuit with a serial data bus, the read only memory containing a hardware identifier;
a key register coupled to the logic circuit, the key register storing a key for performing data encryption, wherein the key is derived at least in part from the identification code; and
wherein the logic circuit is configured to perform encryption on digital data received from the data source using the key prior to storing encrypted digital data on the at least one data storage device, and wherein the configuration logic circuit is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge. - View Dependent Claims (11)
-
-
12. A circuit for encrypting data in a computing system comprising:
-
a first memory location storing an identification code; and
a logic circuit comprising a second memory location and an encryption engine, the logic circuit configured to receive the identification code from the first memory location and to store a key for use by the encryption engine, the key being derived at least in part from the identification code in the second memory location, wherein the logic circuit is configured to encrypt digital data and forward the digital data to a digital storage device without intervention of a processor, wherein the logic circuit comprises a bus-to-bus bridge, and the bus-to-bus bridge is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge. - View Dependent Claims (13, 14)
-
-
15. A computer system comprising:
-
host computing logic circuit, wherein the logic circuit is configured to encrypt digital data and forward the digital data to a digital storage device without intervention of a host processor, wherein the host computing logic circuit is a bus-to-bus bridge, and wherein a the host computing logic circuit is adapted to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
means for storing an identification code associated with the host computing logic; and
means for deriving a key for data encryption at least in part from the identification code.
-
-
16. The computer system of claim 16, wherein the means for deriving a key additionally comprises means for deriving a key at least in part from user input to the computer system.
-
17. A method, comprising:
-
transmitting data from a processor to a bus-to-bus bridge circuit;
encrypting the transmitted data in the bus-to-bus bridge circuit; and
transmitting the data from the bus-to-bus bridge to a storage device. - View Dependent Claims (18, 19)
-
Specification