System and method for transparent disk encryption
First Claim
1. A method of booting a computer, comprising;
- a controller receiving a password when a computer system coupled to a storage device is booted;
decrypting a key stored in hardware using said password by using a hardware encryption/decryption unit coupled to said controller;
said controller transferring data from said storage device comprising at least a portion of an operating system program; and
decrypting said data using said key and said hardware encryption/decryption unit, wherein said operating system program is available to be loaded in said computer system.
0 Assignments
0 Petitions
Accused Products
Abstract
A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.
66 Citations
20 Claims
-
1. A method of booting a computer, comprising;
-
a controller receiving a password when a computer system coupled to a storage device is booted;
decrypting a key stored in hardware using said password by using a hardware encryption/decryption unit coupled to said controller;
said controller transferring data from said storage device comprising at least a portion of an operating system program; and
decrypting said data using said key and said hardware encryption/decryption unit, wherein said operating system program is available to be loaded in said computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device comprising:
-
a main memory for storing a basic input/output system (BIOS);
a processor, communicatively coupled to said main memory, for executing said basic input/output system (BIOS) and an operating system (OS); and
a data storage system, communicatively coupled to said processor and said main memory, for;
storing encrypted data including said operating system (OS);
receiving a request from said basic input/output system (BIOS) to load at least a portion of said operating system (OS) into said main memory;
unlocking a key;
decrypting at a hardware level a given portion of said encrypted data comprising at least said portion of the operating system (OS) using said key; and
transferring said given portion of said decrypted data to main memory. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A graphics card comprising:
-
a plurality of registers, wherein each register stores a respective one of a plurality of keys;
a controller for receiving a request to make available at least a portion of an operating system (OS), receiving a given one of said plurality of keys, transferring at least said portion of said operating system (OS) in an encrypted format from a data storage medium to an encryption/decryption engine, transferring said given one of said plurality of keys to said encryption/decryption engine, and making available said operating system (OS) in a decrypted to format; and
said encryption/decryption engine for decrypting at least said portion of said operating system (OS) using said given one of said plurality of keys. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification