KEY ENCRYPTION AND DECRYPTION

US 20090327746A1
Filed: 04/10/2007
Published: 12/31/2009
Est. Priority Date: 04/10/2007
Status: Active Grant

First Claim

Patent Images

1. A data storage drive for encrypting data, comprising:

a microprocessor; and

circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.

50 Citations

View as Search Results

25 Claims

1. A data storage drive for encrypting data, comprising:
- a microprocessor; and
  
  circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein the circuitry comprises an Application Specific Integrated Circuit (ASIC) and wherein the unwrapping of the session encrypted data key is internal to the ASIC such that the data key that is unwrapped is not accessible external to the ASIC.
  - 3. The system of claim 1, wherein the session encrypted data key is unwrapped by decryption hardware to produce the data key.
  - 4. The system of claim 1, further comprising:
    - a key manager coupled to the data storage drive, wherein the session key is negotiated between the data storage drive and the key manager.
  - 5. The system of claim 1, further comprising:
    - a host attachment coupled to the circuitry, wherein the session encrypted data key is received from one of the microprocessor and the host attachment.
  - 6. The system of claim 1, wherein a source of the session encrypted data key is hard selected.
  - 7. The system of claim 1, wherein the circuitry is adapted to perform decryption by retrieving cipher text from a data storage medium and decrypting the cipher text using the data key to generate clear text.
  - 8. The system of claim 1, wherein the circuitry is adapted to retrieve cipher text from the data storage medium and bypass decryption.
  - 9. The system of claim 1, further comprising:
    - a host attachment coupled to the circuitry, wherein the circuitry is adapted to select the clear text from one of the microprocessor and the host attachment and to encrypt the clear text for storage on a data storage medium.
  - 10. The system of claim 1, wherein the data key comprises a standard data key, wherein the circuitry is adapted to receive a backup data key that was passed to the data storage drive without being encrypted, and wherein the backup data key is capable of being used to encrypt clear text and to decrypt cipher text.
  - 11. The system of claim 1, wherein the data key comprises a standard data key, wherein the circuitry is adapted to receive a backup data key that was produced when the microprocessor unwrapped the session encrypted data key, and wherein the backup data key is capable of being used to encrypt clear text and to decrypt cipher text.
  - 12. The system of claim 1, wherein the data key comprises a standard data key and further comprising:
    - a key appliance coupled to the data storage drive, wherein the key appliance is adapted to obtain a public key that is part of a public-private key pair from the data storage drive and use the public key to wrap a secret key to create the session encrypted data key.
  - 13. The system of claim 12, wherein the circuitry is adapted to store a private key that is part of the public-private key pair and to decrypt the session encrypted data key with the private key to produce the secret key, and wherein the secret key is capable of being used to encrypt clear text and to decrypt cipher text.
  - 14. The system of claim 13, wherein the circuitry comprises an Application Specific Integrated Circuit (ASIC) and wherein the private key is stored in a register space inside the ASIC that is not accessible by external entities.
  - 15. The system of claim 1, wherein the circuitry comprises public key decryption circuitry adapted to check a root Certificate of Authority (CA) signature and to unwrap the session encrypted data key.

16. A system, comprising:
- a microprocessor;
  
  a host attachment coupled to the microprocessor; and
  
  circuitry coupled to the microprocessor and to the host attachment, wherein the circuitry is adapted to receive a session encrypted data key and a session key, wherein the circuitry is adapted to use the session key to unwrap the session encrypted data key to produce a data key, and wherein the circuitry is adapted to encrypt clear text with the data key for storage in a data storage medium.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the circuitry is adapted to select the clear text from one of the microprocessor and the host attachment.

18. A system, comprising:
- a microprocessor;
  
  a host attachment coupled to the microprocessor; and
  
  circuitry coupled to the microprocessor and to the host attachment, wherein the circuitry is adapted to receive a session encrypted data key and a session key, wherein the circuitry is adapted to use the session key to unwrap the session encrypted data key to produce a data key, and wherein the circuitry is adapted to decrypt cipher text retrieved from the data storage medium using the data key.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the circuitry is adapted to retrieve the cipher text from the data storage medium and bypass decryption to output the cipher text.

20. An Application Specific Integrated Circuit (ASIC), comprising:
- a microprocessor adapted to check a root Certificate of Authority (CA) signature and to unwrap a session encrypted data key to produce a data key for use in encrypting and decrypting data.

21. The ASIC of claim 21, wherein registers used by the microprocessor cannot be seen when the microprocessor performs the checking and the unwrapping.

22. A system, comprising:
- a microprocessor; and
  
  circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, further comprising:
    - a key appliance; and
      
      a data storage drive coupled to the key appliance, wherein the circuitry is implemented at the data storage drive;
      
      wherein the key appliance is adapted to obtain a public key that is part of a public-private key pair from the data storage drive, use the public key to wrap the secret key to create the session encrypted data key, and send the session encrypted data key to the data storage drive.
  - 24. The system of claim 22, wherein the circuitry is adapted to store the private key that is part of the public-private key pair.
  - 25. The system of claim 22, wherein the circuitry comprises an Application Specific Integrated Circuit (ASIC) and wherein the private key is stored in a register space inside the ASIC that is not accessible by external entities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jaquette, Glen Alan, Schaffer, Scott Jeffrey, Greco, Paul Merrill

Granted Patent

US 9,008,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G09C 1/00   Apparatus or methods whereb...

H04L 2209/12   Details relating to cryptog...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/083   involving central third par...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

KEY ENCRYPTION AND DECRYPTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

KEY ENCRYPTION AND DECRYPTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links