System and method for transparent disk encryption

US 20070180515A1
Filed: 02/21/2006
Published: 08/02/2007
Est. Priority Date: 08/07/2002
Status: Active Grant

First Claim

Patent Images

1. A method of booting a computer, comprising;

a controller receiving a password when a computer system coupled to a storage device is booted;

decrypting a key stored in hardware using said password by using a hardware encryption/decryption unit coupled to said controller;

said controller transferring data from said storage device comprising at least a portion of an operating system program; and

decrypting said data using said key and said hardware encryption/decryption unit, wherein said operating system program is available to be loaded in said computer system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.

66 Citations

View as Search Results

20 Claims

1. A method of booting a computer, comprising;
- a controller receiving a password when a computer system coupled to a storage device is booted;
  
  decrypting a key stored in hardware using said password by using a hardware encryption/decryption unit coupled to said controller;
  
  said controller transferring data from said storage device comprising at least a portion of an operating system program; and
  
  decrypting said data using said key and said hardware encryption/decryption unit, wherein said operating system program is available to be loaded in said computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said receiving comprises said controller receiving said password from a basic input/output system (BIOS) of said computer system.
  - 3. The method of claim 2, wherein said receiving further comprises said basic input/output system (BIOS) receiving said password via user input.
  - 4. The method of claim 2, wherein said receiving further comprises said computer system receiving said password via a network connection.
  - 5. The method of claim 1, wherein said receiving further comprises said computer system receiving said password via a network connection.
  - 6. The method of claim 1, wherein said data further comprises a computer booting program.
  - 7. The method of claim 1, wherein said controller and said encryption/decryption unit are an integral part of a memory controller.
  - 8. The method of claim 1, wherein said controller and said encryption/decryption unit are an integral part of a graphics card.

9. A computing device comprising:
- a main memory for storing a basic input/output system (BIOS);
  
  a processor, communicatively coupled to said main memory, for executing said basic input/output system (BIOS) and an operating system (OS); and
  
  a data storage system, communicatively coupled to said processor and said main memory, for;
  
  storing encrypted data including said operating system (OS);
  
  receiving a request from said basic input/output system (BIOS) to load at least a portion of said operating system (OS) into said main memory;
  
  unlocking a key;
  
  decrypting at a hardware level a given portion of said encrypted data comprising at least said portion of the operating system (OS) using said key; and
  
  transferring said given portion of said decrypted data to main memory.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computing device of claim 9, wherein said data storage system comprises:
    - a data storage medium for storing said encrypted data;
      
      a register for securely storing said key; and
      
      a hardware encryption/decryption engine, communicatively coupled to said data storage medium and said register, for encrypting said data transferred to said data storage medium and decrypting said data transferred from said data storage medium using said key.
  - 11. The computing device of claim 9, wherein unlocking said key comprises:
    - receiving a password associated with said request;
      
      receiving an encrypted key from said register; and
      
      decrypting said key using said password.
  - 12. The computing device of claim 11, wherein said basic input/output system (BIOS) prompts a user for said password.
  - 13. The computing device of claim 9, wherein said key is a random number generated by said data storage system.
  - 14. The computing device of claim 9, wherein said key cannot be accessed outside of said data storage system.

15. A graphics card comprising:
- a plurality of registers, wherein each register stores a respective one of a plurality of keys;
  
  a controller for receiving a request to make available at least a portion of an operating system (OS), receiving a given one of said plurality of keys, transferring at least said portion of said operating system (OS) in an encrypted format from a data storage medium to an encryption/decryption engine, transferring said given one of said plurality of keys to said encryption/decryption engine, and making available said operating system (OS) in a decrypted to format; and
  
  said encryption/decryption engine for decrypting at least said portion of said operating system (OS) using said given one of said plurality of keys.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The graphics card of claim 15, wherein each of said registers stores said respective one of said plurality of keys in an encrypted format.
  - 17. The graphics card of claim 16, wherein one of said plurality of keys is encrypted using a password of an administrator.
  - 18. The graphics card of claim 15, wherein said controller is further for verifying a password received with said request.
  - 19. The graphics card of claim 18, wherein said encryption/decryption engine uses said password to decrypt a corresponding one of said plurality of keys.
  - 20. The graphics card of claim 15, wherein said encryption/decryption engine is implemented at a hardware level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Radoslav Danilak
Original Assignee
Radoslav Danilak
Inventors
Danilak, Radoslav

Granted Patent

US 7,849,510 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/16
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

G06F 21/79 in semiconductor storage me...

System and method for transparent disk encryption

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for transparent disk encryption

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links