Disk drive comprising encryption circuitry selectively enabled by verifying a circuit that provides plaintext data
First Claim
1. A disk drive comprising:
- a disk for storing encrypted data;
a first circuit for providing plaintext data; and
a second circuit comprising;
controllable encryption circuitry for encrypting the plaintext data into the encrypted data, the controllable encryption circuitry comprising;
a data input;
an enable input;
a data output;
a plaintext input for providing the plaintext data to the data input;
an encrypted text output for providing the encrypted data from the data output;
a first control input for receiving a first device authentication signal for authenticating the first circuit; and
a first verification circuit, responsive to the first device authentication signal, for producing a first verification signal for use in controlling the enable input of the encryption circuitry to enable the encryption circuitry to provide the encrypted data via the encrypted text output.
3 Assignments
0 Petitions
Accused Products
Abstract
A disk drive comprising a disk for storing encrypted data is disclosed. The disk drive comprises a first circuit for providing plaintext data to a second circuit. The second circuit comprises controllable encryption circuitry for encrypting the plaintext data into the encrypted data. The controllable encryption circuitry comprises a data input, an enable input, and a data output. The second circuit further comprises a plaintext input for providing the plaintext data to the data input, an encrypted text output for providing the encrypted data from the data output, and a first control input for receiving a first device authentication signal for authenticating the first circuit. The second circuit comprises a first verification circuit, responsive to the first device authentication signal, for producing a first verification signal for use in controlling the enable input of the encryption circuitry to enable the encryption circuitry to provide the encrypted data via the encrypted text output.
206 Citations
16 Claims
-
1. A disk drive comprising:
-
a disk for storing encrypted data;
a first circuit for providing plaintext data; and
a second circuit comprising;
controllable encryption circuitry for encrypting the plaintext data into the encrypted data, the controllable encryption circuitry comprising;
a data input;
an enable input;
a data output;
a plaintext input for providing the plaintext data to the data input;
an encrypted text output for providing the encrypted data from the data output;
a first control input for receiving a first device authentication signal for authenticating the first circuit; and
a first verification circuit, responsive to the first device authentication signal, for producing a first verification signal for use in controlling the enable input of the encryption circuitry to enable the encryption circuitry to provide the encrypted data via the encrypted text output. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
a second control input for receiving a second device authentication signal authenticating the disk;
a second verification circuit responsive to the second device authentication signal for producing a second verification signal; and
a gating circuit responsive to the first and second verification signals for applying an enable signal to the enable input to cause the controllable encryption circuitry to provide the encrypted data via the encrypted text output.
-
-
3. The disk drive as recited in claim 1, wherein:
-
the first device authentication signal comprises a device identifier; and
the first verification circuit verifies the first circuit by comparing the device identifier to a corresponding expected device identifier.
-
-
4. The disk drive as recited in claim 3, wherein the expected device identifier is hardwired into the integrated circuit.
-
5. The disk drive as recited in claim 3, wherein the expected device identifier is stored in a non-volatile memory.
-
6. The disk drive as recited in claim 1, wherein:
-
the first device authentication signal comprises a message authentication code generated over the plaintext data using a device key; and
the first verification circuit verifies the first circuit by verifying the message authentication code using an internal key.
-
-
7. The disk drive as recited in claim 1, wherein the disk and second circuit are sealed within a head disk assembly (HDA).
-
8. The disk drive as recited in claim 1, wherein the first circuit is an interface circuit connected to receive user data from a host computer.
-
9. A method of storing encrypted data to a disk, the method comprising the steps of:
-
receiving plaintext data from a first circuit;
receiving a first device authentication signal for authenticating the first circuit;
producing a first verification signal in response to the first device authentication signal;
enabling encryption circuitry in response to the first verification signal to enable the encryption circuitry to encrypt the plaintext data into the encrypted data; and
storing the encrypted data to the disk. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
receiving a second device authentication signal authenticating the disk;
producing a second verification signal in response to the second device authentication signal; and
enabling the encryption circuitry in response to the first and second verification signals to enable the encryption circuitry to encrypt the plaintext data into the encrypted data.
-
-
11. The method of storing encrypted data to a disk as recited in claim 9, wherein:
-
the first device authentication signal comprises a device identifier; and
the step of producing a first verification signal in response to the first device authentication signal comprises the step of comparing the device identifier to a corresponding expected device identifier.
-
-
12. The method of storing encrypted data to a disk as recited in claim 11, wherein the expected device identifier is hardwired into an integrated circuit.
-
13. The method of storing encrypted data to a disk as recited in claim 11, wherein the expected device identifier is stored in a non-volatile memory.
-
14. The method of storing encrypted data to a disk as recited in claim 9, wherein:
-
the first device authentication signal comprises a message authentication code generated over the plaintext data using a device key; and
the step of producing the first verification signal in response to the first device authentication signal comprises the step of verifying the message authentication code using an internal key.
-
-
15. The method of storing encrypted data to a disk as recited in claim 9, wherein the disk and encryption circuitry are sealed within a head disk assembly (HDA).
-
16. The method of storing encrypted data to a disk as recited in claim 9, wherein the first circuit is an interface circuit connected to receive user data from a host computer.
Specification