Data security for digital data storage
First Claim
Patent Images
1. In a personal computer having encryption hardware and a processor, a method of storing data on one or more magnetic or optical data storage media in an encrypted form comprising:
- storing an identification code in a non-erasable memory during manufacture of the personal computer, wherein said identification code is defined at least in part by information associated with components of said personal computer;
retrieving the identification code from the non-erasable memory in said personal computer;
receiving user input;
generating a cryptographic key derived at least in part from said identification code and the received user input;
retrieving a checksum from a configuration register in a bus-to-bus bridge in the personal computer, the bus-to-bus bridge storing information identifying which of the one or more magnetic or optical data storage media is selected to receive encrypted data;
verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated cryptographic key;
retrieving information from a memory location;
disabling encryption of data routed to one of the one or more magnetic or optical data storage media in response to said retrieved information;
encrypting and decrypting data based on the disabling step, for storage on and retrieval from one of the one or more magnetic or optical data storage media using the the generated cryptographic key, wherein the data is transmitted by the processor and is encrypted in the personal computer by the encryption hardware; and
storing the data in the one or more magnetic or optical data storage media either in encrypted form or non-encrypted form based on the disabling step.
5 Assignments
0 Petitions
Accused Products
Abstract
A computer system encrypts user generated data with an encryption process, wherein the encryption process is defined at least in part with information assigned to and associated with host computing logic. The information may comprise a multi-bit identification code. The encryption process may also be defined in part by user input.
-
Citations
15 Claims
-
1. In a personal computer having encryption hardware and a processor, a method of storing data on one or more magnetic or optical data storage media in an encrypted form comprising:
-
storing an identification code in a non-erasable memory during manufacture of the personal computer, wherein said identification code is defined at least in part by information associated with components of said personal computer; retrieving the identification code from the non-erasable memory in said personal computer; receiving user input; generating a cryptographic key derived at least in part from said identification code and the received user input; retrieving a checksum from a configuration register in a bus-to-bus bridge in the personal computer, the bus-to-bus bridge storing information identifying which of the one or more magnetic or optical data storage media is selected to receive encrypted data; verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated cryptographic key; retrieving information from a memory location; disabling encryption of data routed to one of the one or more magnetic or optical data storage media in response to said retrieved information; encrypting and decrypting data based on the disabling step, for storage on and retrieval from one of the one or more magnetic or optical data storage media using the the generated cryptographic key, wherein the data is transmitted by the processor and is encrypted in the personal computer by the encryption hardware; and storing the data in the one or more magnetic or optical data storage media either in encrypted form or non-encrypted form based on the disabling step. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of making a computer comprising:
-
storing a hardware identifier in a non-erasable memory integrated circuit at the time of manufacture of said computer, wherein the hardware identifier is defined at least in part by information associated with components of said computer; installing said non-erasable memory integrated circuit into said computer; providing a data path to the data storage media; providing a configuration register in a bus-to-bus bridge for storing a checksum, the bus-to-bus bridge storing information identifying which data storage media is selected to receive encrypted data; coupling a logic circuit comprising an encryption engine to said data path; and connecting said non-erasable memory integrated circuit to said logic circuit, wherein the hardware identifier and a user input is used by the encrypting engine for encrypting data that is transmitted to the data storage media and for decrypting data that is retrieved from the data storage media, and wherein the encryption engine verifies the generated cryptographic key using the checksum, and wherein the encryption engine is configured to disable encryption of data routed to the data storage media in response to information retrieved from a storage location. - View Dependent Claims (7)
-
-
8. In a computer system comprising a processor and encryption hardware and at least one data storage device, a method of data storage comprising:
-
receiving user input; transmitting data from the processor in the computer system to the encryption hardware in the computer system; and generating a cryptographic key derived at least in part from the received user input and information that is stored in a non-erasable memory in said computer system during manufacture of said computer system; retrieving a checksum from a configuration register in a bus-to-bus bridge in said computer system, the bus-to-bus bridge register storing information identifying which storage device is selected to receive encrypted data; verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated key; retrieving information from a memory location; disabling encryption of data routed to said selected data storage device in response to said retrieved information; encrypting and decrypting, in the encryption hardware, user generated data with an encryption process that uses the generated cryptographic key, the encrypting and decrypting being based on the disabling step; storing the data in the at least one storage device either in encrypted form or non-encrypted form based on the disabling step. - View Dependent Claims (9, 10, 11, 12)
-
-
13. In a personal computer having encryption hardware and a processor, a method of storing data on one or more magnetic or optical data storage media in an encrypted form comprising:
-
storing an identification code in a non-erasable memory during manufacture of the personal computer, wherein said identification code is defined at least in part by information associated with components of said personal computer; retrieving the identification code from the non-erasable memory in said personal computer; receiving user input; generating a cryptographic key derived at least in part from said identification code and the received user input; retrieving a checksum from a configuration register in a bus-to-bus bridge circuit in said personal computer, the bus-to-bus bridge circuit storing information identifying which of said one or more magnetic or optical storage media is selected to receive encrypted data; verifying the generated cryptographic key, wherein verifying comprises determining a checksum of the generated key; retrieving information from a memory location; disabling encryption of data routed to one of said storage media in response to said retrieved information; encrypting and decrypting data based on the disabling step, for storage on and retrieval from one of said one or more magnetic or optical data storage media using said cryptographic key, wherein the data is transmitted by the processor and is encrypted in the personal computer by the encryption hardware, and wherein the encryption hardware is part of the bus-to-bus bridge circuit; and storing the data in the one or more magnetic or optical data storage media in either encrypted form or non-encrypted form based on the disabling step. - View Dependent Claims (14, 15)
-
Specification