Data security for digital data storage

US 6,857,076 B1
Filed: 03/26/1999
Issued: 02/15/2005
Est. Priority Date: 03/26/1999
Status: Expired due to Term

First Claim

Patent Images

1. A computing apparatus comprising:

a digital data storage device;

a bus-to-bus bridge configured to receive digital data from a host processor and to forward said digital data to said digital data storage device in an encrypted form, wherein said bus-to-bus bridge is configured to encrypt said digital data and forward the digital data to the digital storage device without intervention of the host processor, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the bus-to-bus bridge to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;

a non-volatile memory location in or connected to said bus-to-bus bridge which stores an identification code; and

a key accessed by said bus-to-bus bridge to define at least in part an encryption process, wherein said key is derived at least in part from said identification code.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer.

201 Citations

16 Claims

1. A computing apparatus comprising:
- a digital data storage device;
  
  a bus-to-bus bridge configured to receive digital data from a host processor and to forward said digital data to said digital data storage device in an encrypted form, wherein said bus-to-bus bridge is configured to encrypt said digital data and forward the digital data to the digital storage device without intervention of the host processor, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the bus-to-bus bridge to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
  
  a non-volatile memory location in or connected to said bus-to-bus bridge which stores an identification code; and
  
  a key accessed by said bus-to-bus bridge to define at least in part an encryption process, wherein said key is derived at least in part from said identification code.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computing apparatus of claim 1, wherein said identification code is assigned to and associated specifically with said computing apparatus.
  - 3. The computing apparatus of claim 2, wherein said bus-to-bus-bridge is configured to verify said key without intervention by said host processor.
  - 4. The computing apparatus of claim 1, wherein said bus-to-bus bus bridge additionally comprises a circuit for selectively disabling said logic circuit from encrypting said digital data.
  - 5. The computing apparatus of claim 1, wherein said key is derived in part from said identification code and in part from user input.

6. A computer comprising:
- a plurality of data storage media drives;
  
  a data path connected between said plurality of data storage media drives and a source of data for storage onto media associated with said data storage media drives; and
  
  a bus-to-bus bridge coupled to said data path, said bus-to-bus bridge being configurable to enable encrypting of data being routed to a selectable subset of said plurality of data storage media drives, wherein said bus-to-bus bridge is configured to encrypt said digital data and forward said digital data to said data storage media drives without intervention of the host processor, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the bus-to-bus bridge to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge.
- View Dependent Claims (7, 8, 9)
- - 7. The computer of claim 6, wherein said plurality of data storage media drives includes one or more hard disk drives, and one or more floppy disk drives.
  - 8. The computer of claim 6, wherein said bus-to-bus bridge additionally comprises:
    - a non-volatile memory location which stores an identification code; and
      
      a second memory location which stores an encryption key derived at least in part from said identification code, wherein said key is accessed by said bus-to-bus bridge to encrypt said digital data for storage on said data storage media drives.
  - 9. The computing apparatus of claim 8, wherein said identification code is assigned to and associated specifically with said computer.

10. A data processing system comprising:
- a data source;
  
  at least one data storage device;
  
  a logic circuit coupled to receive digital data from said data source and to route digital data to said data storage device, wherein said logic circuit is configured to encrypt said digital data and forward the digital data to the data storage device without intervention of a host processor, wherein the logic circuit comprises a bus-to-bus bridge;
  
  a non-volatile memory coupled to said logic circuit with a serial data bus, said read only memory containing a hardware identifier;
  
  a key register coupled to said logic circuit, said key register storing a key for performing data encryption, wherein said key is derived at least in part from said identification code; and
  
  a configuration register coupled to said logic circuit, wherein said configuration register contains information enabling said logic circuit to perform encryption on digital data received from said data source using said key prior to storing encrypted digital data on said at least one data storage device, and wherein the configuration register is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge.
- View Dependent Claims (11)
- - 11. The data processing device of claim 10, further comprising at least two data storage devices, wherein said configuration register contains information enabling data encryption of data routed to a first one of said at least two data storage devices, and wherein said configuration register contains information disabling data encryption of data routed to a second one of said at least two data storage devices.

12. A circuit for encrypting data in a computing system comprising:
- a first memory location storing an identification code; and
  
  a logic circuit comprising a second memory location and an encryption engine, said logic circuit configured to receive said identification code from said first memory location and to store a key for use by said encryption engine, said key being derived at least in part from said identification code in said second memory location, wherein said logic circuit is configured to encrypt digital data and forward said digital data to a digital storage device without intervention of a processor, wherein the logic circuit comprises a bus-to-bus bridge, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge.
- View Dependent Claims (13, 14)
- - 13. The circuit of claim 12, wherein said first memory location resides on a first integrated circuit, and wherein said logic circuit resides on a second integrated circuit separate from said first integrated circuit.
  - 14. The circuit of claim 13, wherein said first and second integrated circuits are coupled by a serial data bus.

15. A computer system comprising:
- host computing logic, wherein said logic circuit is configured to encrypt digital data and forward said digital data to a digital storage device without intervention of a host processor, wherein the host computing logic is a bus-to-bus bridge, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
  
  means for storing an identification code associated with said host computing logic; and
  
  means for deriving a key for data encryption at least in part from said identification code.
- View Dependent Claims (16)
- - 16. The computer system of claim 15, wherein said means for deriving a key additionally comprises means for deriving a key at least in part from user input to said computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Round Rock Research LLC
Original Assignee
Micron Technology, Inc.
Inventors
Klein, Dean A.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Song, Hosuk

Application Number

US09/277,482
Time in Patent Office

2,153 Days
Field of Search

713/165, 713/168, 713/172, 713182-185, 713189-190, 713192-194, 713200-202, 380/277, 380/44, 380/239, 380/242
US Class Current

713/189
CPC Class Codes

G06F 21/80   in storage media based on m...

G06F 21/85   interconnection devices, e....

H04L 2209/12   Details relating to cryptog...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

Data security for digital data storage

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

201 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links