Block-level storage device with content security
First Claim
Patent Images
1. A block-level storage device, comprising:
- a storage medium; and
a storage engine, the storage engine being configured to generate a secure session key and to receive a block of encrypted content and its corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium.
8 Assignments
0 Petitions
Accused Products
Abstract
A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.
-
Citations
15 Claims
-
1. A block-level storage device, comprising:
-
a storage medium; and a storage engine, the storage engine being configured to generate a secure session key and to receive a block of encrypted content and its corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of writing to a block-level storage device from a host system having a public key and a corresponding private key, comprising:
-
encrypting a secure session key using the public key; recovering the secure session key from the encrypted secure session key using the corresponding private key; encrypting content according to a content key and commanding the block-level storage device to write the encrypted content to host-system-determined block addresses; encrypting the content key using the secure session key and transmitting the encrypted content key to the block-level storage device; in the block-level storage device, decrypting the encrypted content key using the secure session key; in the block-level storage device, encrypting the decrypted content key with a storage device key; and writing the storage-device-encrypted content key to a host-system-determined block address. - View Dependent Claims (12)
-
-
13. A block-level storage device, comprising:
-
a storage medium; and a storage engine, the storage engine being configured to respond to block-level non-secure content requests, block-level secure content requests, and block-level security metadata requests from a host system, the storage engine being further configured to, in response to a security metadata request, generate a secure session key and to receive an encrypted content key from the host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium. - View Dependent Claims (14, 15)
-
Specification