Data security for digital data storage

US 7,096,370 B1
Filed: 03/26/1999
Issued: 08/22/2006
Est. Priority Date: 03/26/1999
Status: Expired due to Fees

First Claim

Patent Images

1. In a personal computer having encryption hardware and a processor, a method of storing data on one or more magnetic or optical data storage media in an encrypted form comprising:

storing an identification code in a non-erasable memory during manufacture of the personal computer, wherein said identification code is defined at least in part by information associated with components of said personal computer;

retrieving the identification code from the non-erasable memory in said personal computer;

receiving user input;

generating a cryptographic key derived at least in part from said identification code and the received user input;

retrieving a checksum from a configuration register in a bus-to-bus bridge in the personal computer, the bus-to-bus bridge storing information identifying which of the one or more magnetic or optical data storage media is selected to receive encrypted data;

verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated cryptographic key;

retrieving information from a memory location;

disabling encryption of data routed to one of the one or more magnetic or optical data storage media in response to said retrieved information;

encrypting and decrypting data based on the disabling step, for storage on and retrieval from one of the one or more magnetic or optical data storage media using the the generated cryptographic key, wherein the data is transmitted by the processor and is encrypted in the personal computer by the encryption hardware; and

storing the data in the one or more magnetic or optical data storage media either in encrypted form or non-encrypted form based on the disabling step.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system encrypts user generated data with an encryption process, wherein the encryption process is defined at least in part with information assigned to and associated with host computing logic. The information may comprise a multi-bit identification code. The encryption process may also be defined in part by user input.

Citations

15 Claims

1. In a personal computer having encryption hardware and a processor, a method of storing data on one or more magnetic or optical data storage media in an encrypted form comprising:
- storing an identification code in a non-erasable memory during manufacture of the personal computer, wherein said identification code is defined at least in part by information associated with components of said personal computer;
  
  retrieving the identification code from the non-erasable memory in said personal computer;
  
  receiving user input;
  
  generating a cryptographic key derived at least in part from said identification code and the received user input;
  
  retrieving a checksum from a configuration register in a bus-to-bus bridge in the personal computer, the bus-to-bus bridge storing information identifying which of the one or more magnetic or optical data storage media is selected to receive encrypted data;
  
  verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated cryptographic key;
  
  retrieving information from a memory location;
  
  disabling encryption of data routed to one of the one or more magnetic or optical data storage media in response to said retrieved information;
  
  encrypting and decrypting data based on the disabling step, for storage on and retrieval from one of the one or more magnetic or optical data storage media using the the generated cryptographic key, wherein the data is transmitted by the processor and is encrypted in the personal computer by the encryption hardware; and
  
  storing the data in the one or more magnetic or optical data storage media either in encrypted form or non-encrypted form based on the disabling step.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said retrieving the identification code is performed without intervention by a host processor.
  - 3. The method of claim 2, wherein said verifying occurs without intervention of said host processor.
  - 4. The method of claim 1, wherein encrypting data for storage is performed on an encrypting device that is positioned in a data path between a central processing unit and one of the one or more magnetic or optical data storage media.
  - 5. The method of claim 1, wherein all data that is transmitted to the one or more magnetic or optical data storage data storage media is encrypted.

6. A method of making a computer comprising:
- storing a hardware identifier in a non-erasable memory integrated circuit at the time of manufacture of said computer, wherein the hardware identifier is defined at least in part by information associated with components of said computer;
  
  installing said non-erasable memory integrated circuit into said computer;
  
  providing a data path to the data storage media;
  
  providing a configuration register in a bus-to-bus bridge for storing a checksum, the bus-to-bus bridge storing information identifying which data storage media is selected to receive encrypted data;
  
  coupling a logic circuit comprising an encryption engine to said data path; and
  
  connecting said non-erasable memory integrated circuit to said logic circuit, wherein the hardware identifier and a user input is used by the encrypting engine for encrypting data that is transmitted to the data storage media and for decrypting data that is retrieved from the data storage media, and wherein the encryption engine verifies the generated cryptographic key using the checksum, and wherein the encryption engine is configured to disable encryption of data routed to the data storage media in response to information retrieved from a storage location.
- View Dependent Claims (7)
- - 7. The method of claim 6, wherein said act of connecting comprises routing a serial data bus from said non-erasable memory integrated circuit to said logic circuit.

8. In a computer system comprising a processor and encryption hardware and at least one data storage device, a method of data storage comprising:
- receiving user input;
  
  transmitting data from the processor in the computer system to the encryption hardware in the computer system; and
  
  generating a cryptographic key derived at least in part from the received user input and information that is stored in a non-erasable memory in said computer system during manufacture of said computer system;
  
  retrieving a checksum from a configuration register in a bus-to-bus bridge in said computer system, the bus-to-bus bridge register storing information identifying which storage device is selected to receive encrypted data;
  
  verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated key;
  
  retrieving information from a memory location;
  
  disabling encryption of data routed to said selected data storage device in response to said retrieved information;
  
  encrypting and decrypting, in the encryption hardware, user generated data with an encryption process that uses the generated cryptographic key, the encrypting and decrypting being based on the disabling step;
  
  storing the data in the at least one storage device either in encrypted form or non-encrypted form based on the disabling step.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein said information is permanently associated with said host computing logic.
  - 10. The method of claim 8, wherein said information comprises a multi-bit identification code.
  - 11. The method of claim 10, additionally comprising the act of deriving an encryption key at least in part from said multi-bit identification code.
  - 12. The method of claim 8, additionally comprising defining said encryption process at least in part from user input to said computer system.

13. In a personal computer having encryption hardware and a processor, a method of storing data on one or more magnetic or optical data storage media in an encrypted form comprising:
- storing an identification code in a non-erasable memory during manufacture of the personal computer, wherein said identification code is defined at least in part by information associated with components of said personal computer;
  
  retrieving the identification code from the non-erasable memory in said personal computer;
  
  receiving user input;
  
  generating a cryptographic key derived at least in part from said identification code and the received user input;
  
  retrieving a checksum from a configuration register in a bus-to-bus bridge circuit in said personal computer, the bus-to-bus bridge circuit storing information identifying which of said one or more magnetic or optical storage media is selected to receive encrypted data;
  
  verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated key;
  
  retrieving information from a memory location;
  
  disabling encryption of data routed to one of said storage media in response to said retrieved information;
  
  encrypting and decrypting data based on the disabling step, for storage on and retrieval from one of said one or more magnetic or optical data storage media using said cryptographic key, wherein the data is transmitted by the processor and is encrypted in the personal computer by the encryption hardware, and wherein the encryption hardware is part of the bus-to-bus bridge circuit; and
  
  storing the data in the one or more magnetic or optical data storage media in either encrypted form or non-encrypted form based on the disabling step.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein said retrieving the identification code is performed without intervention by a host processor.
  - 15. The method of claim 14, wherein said verifying occurs without intervention of said host processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Round Rock Research LLC
Original Assignee
Micron Technology, Inc.
Inventors
Klein, Dean A.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Pich, Ponnoreay

Application Number

US09/277,335
Time in Patent Office

2,706 Days
Field of Search

380/44, 380/45, 380/46, 380277-280, 713/162, 713/171, 713/182, 713189-194, 711/163, 711/164, 714/746, 714/763, 714/799, 726/26
US Class Current

713/193
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/80   in storage media based on m...

G06F 21/85   interconnection devices, e....

Data security for digital data storage

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links