Block-level storage device with content security
First Claim
Patent Images
1. A block-level storage device, comprising:
- a storage medium; and
a storage engine, the storage engine being configured to generate a secure session key and to receive a block of encrypted content and its corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium.
8 Assignments
0 Petitions
Accused Products
Abstract
A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.
18 Citations
15 Claims
-
1. A block-level storage device, comprising:
-
a storage medium; and a storage engine, the storage engine being configured to generate a secure session key and to receive a block of encrypted content and its corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of writing to a block-level storage device from a host system having a public key and a corresponding private key, comprising:
-
encrypting a secure session key using the public key; recovering the secure session key from the encrypted secure session key using the corresponding private key; encrypting content according to a content key and commanding the block-level storage device to write the encrypted content to host-system-determined block addresses; encrypting the content key using the secure session key and transmitting the encrypted content key to the block-level storage device; in the block-level storage device, decrypting the encrypted content key using the secure session key; in the block-level storage device, encrypting the decrypted content key with a storage device key; and writing the storage-device-encrypted content key to a host-system-determined block address. - View Dependent Claims (12)
-
-
13. A block-level storage device, comprising:
-
a storage medium; and a storage engine, the storage engine being configured to respond to block-level non-secure content requests, block-level secure content requests, and block-level security metadata requests from a host system, the storage engine being further configured to, in response to a security metadata request, generate a secure session key and to receive an encrypted content key from the host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium. - View Dependent Claims (14, 15)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHanger Solutions, LLC (IP Investments Group LLC)
-
Original AssigneeDPHI Incorporated
-
InventorsHines, Randal C., Blankenbeckler, David L., Lee, Lane W., Gurkowski, Mark J.
-
Primary Examiner(s)Abrishamkar; Kaveh
-
Application NumberUS12/207,684Publication NumberTime in Patent Office1,084 DaysField of SearchNoneUS Class Current713/167CPC Class CodesG06F 21/10 Protecting distributed prog...G06F 21/6218 to a system of files or obj...G06F 21/80 in storage media based on m...G06F 2221/2115 Third partyG06F 2221/2129 Authenticate client device ...G11B 20/00086 Circuits for prevention of ...G11B 20/00195 using a device identifier a...G11B 20/0021 involving encryption or dec...G11B 20/00224 wherein the key is obtained...G11B 20/00253 wherein the key is stored o...G11B 20/00492 wherein content or user dat...G11B 20/00536 wherein encrypted content d...G11B 20/00855 involving a step of exchang...H04L 2209/603 Digital right managament [DRM]H04L 9/0825 using asymmetric-key encryp...
