Data security for digital data storage
First Claim
Patent Images
1. A computing apparatus comprising:
- a digital data storage device;
a bus-to-bus bridge configured to receive digital data from a host processor and to forward said digital data to said digital data storage device in an encrypted form, wherein said bus-to-bus bridge is configured to encrypt said digital data and forward the digital data to the digital storage device without intervention of the host processor, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the bus-to-bus bridge to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
a non-volatile memory location in or connected to said bus-to-bus bridge which stores an identification code; and
a key accessed by said bus-to-bus bridge to define at least in part an encryption process, wherein said key is derived at least in part from said identification code.
4 Assignments
0 Petitions
Accused Products
Abstract
A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a non-volatile memory. The key may also be derived at least in part from user input to the computer.
201 Citations
16 Claims
-
1. A computing apparatus comprising:
-
a digital data storage device;
a bus-to-bus bridge configured to receive digital data from a host processor and to forward said digital data to said digital data storage device in an encrypted form, wherein said bus-to-bus bridge is configured to encrypt said digital data and forward the digital data to the digital storage device without intervention of the host processor, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the bus-to-bus bridge to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
a non-volatile memory location in or connected to said bus-to-bus bridge which stores an identification code; and
a key accessed by said bus-to-bus bridge to define at least in part an encryption process, wherein said key is derived at least in part from said identification code. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer comprising:
-
a plurality of data storage media drives;
a data path connected between said plurality of data storage media drives and a source of data for storage onto media associated with said data storage media drives; and
a bus-to-bus bridge coupled to said data path, said bus-to-bus bridge being configurable to enable encrypting of data being routed to a selectable subset of said plurality of data storage media drives, wherein said bus-to-bus bridge is configured to encrypt said digital data and forward said digital data to said data storage media drives without intervention of the host processor, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the bus-to-bus bridge to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge. - View Dependent Claims (7, 8, 9)
-
-
10. A data processing system comprising:
-
a data source;
at least one data storage device;
a logic circuit coupled to receive digital data from said data source and to route digital data to said data storage device, wherein said logic circuit is configured to encrypt said digital data and forward the digital data to the data storage device without intervention of a host processor, wherein the logic circuit comprises a bus-to-bus bridge;
a non-volatile memory coupled to said logic circuit with a serial data bus, said read only memory containing a hardware identifier;
a key register coupled to said logic circuit, said key register storing a key for performing data encryption, wherein said key is derived at least in part from said identification code; and
a configuration register coupled to said logic circuit, wherein said configuration register contains information enabling said logic circuit to perform encryption on digital data received from said data source using said key prior to storing encrypted digital data on said at least one data storage device, and wherein the configuration register is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge. - View Dependent Claims (11)
-
-
12. A circuit for encrypting data in a computing system comprising:
-
a first memory location storing an identification code; and
a logic circuit comprising a second memory location and an encryption engine, said logic circuit configured to receive said identification code from said first memory location and to store a key for use by said encryption engine, said key being derived at least in part from said identification code in said second memory location, wherein said logic circuit is configured to encrypt digital data and forward said digital data to a digital storage device without intervention of a processor, wherein the logic circuit comprises a bus-to-bus bridge, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge. - View Dependent Claims (13, 14)
-
-
15. A computer system comprising:
-
host computing logic, wherein said logic circuit is configured to encrypt digital data and forward said digital data to a digital storage device without intervention of a host processor, wherein the host computing logic is a bus-to-bus bridge, and wherein a configuration register in the bus-to-bus bridge is adapted to store information that is used by the logic circuit to selectively enable and disable encryption depending on the target device that is to receive the data that is transmitted via the bus-to-bus bridge;
means for storing an identification code associated with said host computing logic; and
means for deriving a key for data encryption at least in part from said identification code. - View Dependent Claims (16)
-
Specification