Data security

US 8,127,150 B2
Filed: 05/28/2009
Issued: 02/28/2012
Est. Priority Date: 10/14/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

storing configuration parameters for determining a configuration of a redundant array of independent disks (RAID) storage;

storing, in a non-volatile memory, a key used to enable encryption, the non-volatile memory in a circuit card not comprised in the RAID storage;

receiving a request to write data to one or more locations in the RAID storage;

encrypting, based upon at least one key, one or more respective portions of write data to generate one or more respective portions of encrypted write data to be stored in the one or more locations of the RAID storage;

generating, based upon the one or more respective portions of the encrypted write data, check data to be stored in the RAID storage;

selecting the one or more locations in the RAID storage for storing the one or more respective portions of the encrypted write data by translating the one or more locations specified in the request into one or more physical or logical locations in the RAID storage based at least upon the stored configuration parameters so as to permit the one or more respective portions of the encrypted write data to be distributed among the one or more storage locations comprised in the RAID storage; and

storing each of the one or more portions of the encrypted write data and check data into the one or more corresponding locations of the RAID storage.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method is provided that may include encrypting, based least in part upon at least one key, one or more respective portions of input data to generate one or more respective portions of output data to be stored in one or more locations in storage. The method of this embodiment also may include generating, based at least in part upon the one or more respective portions of the output data, check data to be stored in the storage, and/or selecting the one or more locations in the storage so as to permit the one or more respective portions of the output data to be distributed among two or more storage devices comprised in the storage. Many modifications, variations, and alternatives are possible without departing from this embodiment.

39 Citations

20 Claims

1. A method comprising:
- storing configuration parameters for determining a configuration of a redundant array of independent disks (RAID) storage;
  
  storing, in a non-volatile memory, a key used to enable encryption, the non-volatile memory in a circuit card not comprised in the RAID storage;
  
  receiving a request to write data to one or more locations in the RAID storage;
  
  encrypting, based upon at least one key, one or more respective portions of write data to generate one or more respective portions of encrypted write data to be stored in the one or more locations of the RAID storage;
  
  generating, based upon the one or more respective portions of the encrypted write data, check data to be stored in the RAID storage;
  
  selecting the one or more locations in the RAID storage for storing the one or more respective portions of the encrypted write data by translating the one or more locations specified in the request into one or more physical or logical locations in the RAID storage based at least upon the stored configuration parameters so as to permit the one or more respective portions of the encrypted write data to be distributed among the one or more storage locations comprised in the RAID storage; and
  
  storing each of the one or more portions of the encrypted write data and check data into the one or more corresponding locations of the RAID storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - determining, based upon one or more credentials whether to perform one or more operations involving the RAID storage.
  - 3. The method of claim 2, further comprising:
    - detecting attempts to tamper with one or more credentials.
  - 4. The method of claim 1, wherein the check data comprises one of parity data and a copy of the encrypted write data.
  - 5. The method of claim 1, wherein the stored configuration parameters for RAID storage configure the RAID storage as one of a plurality of RAID levels.
  - 6. The method of claim 1, wherein the RAID level is selected from the group consisting of 0, 1 and 5.
  - 7. The method of claim 1, wherein the circuit card is coupled to a PCI-Express card slot.

8. A method comprising:
- storing configuration parameters for determining a configuration of a redundant array of independent disks (RAID) storage;
  
  storing, in a non-volatile memory, a key used to enable decryption, the non-volatile memory in a circuit card not comprised in the RAID storage;
  
  receiving a request to retrieve requested data from one or more locations in the RAID storage;
  
  translating the one or more locations specified in the request into one or more physical or logical locations in the RAID storage based at least upon the stored configuration parameters;
  
  retrieving one or more respective portions of encrypted data and corresponding check data from the one or more translated locations in the RAID storage; and
  
  decrypting the one or more respective portions of the encrypted read data retrieved from the one or more locations in the RAID storage based upon at least one key to generate one or more respective portions of read data.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further comprising:
    - determining, based upon one or more credentials whether to perform one or more operations involving the RAID storage.
  - 10. The method of claim 8, further comprising:
    - detecting attempts to tamper with one or more credentials.
  - 11. The method of claim 9, wherein the stored configuration parameters for RAID storage configure the RAID storage as one of a plurality of RAID levels.

12. An apparatus comprising:
- a circuit card comprising;
  
  a non-volatile memory to store configuration parameters for determining a configuration of a redundant array of independent disks (RAID) storage and the non-volatile memory to store a key used to enable encryption; and
  
  logic to receive a request to write data to one or more locations in the RAID storage, to encrypt, based upon at least one key, one or more respective portions of write data to generate one or more respective portions of encrypted write data to be stored in the one or more locations of the RAID storage, to generating, based upon the one or more respective portions of the encrypted write data, check data to be stored in the RAID storage, to select the one or more locations in the RAID storage for storing the one or more respective portions of the encrypted write data by translating the one or more locations specified in the request into one or more physical or logical locations in the RAID storage based at least upon the stored configuration parameters so as to permit the one or more respective portions of the encrypted write data to be distributed among the one or more storage locations comprised in the RAID storage and to store each of the one or more portions of the encrypted write data and check data into the one or more corresponding locations of the RAID storage.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus of claim 12, wherein the logic to determine, based upon one or more credentials whether to perform one or more operations involving the RAID storage.
  - 14. The apparatus of claim 13, wherein the logic to detect attempts to tamper with one or more credentials.
  - 15. The apparatus of claim 12, wherein the check data comprises one of parity data and a copy of the encrypted write data.
  - 16. The apparatus of claim 12, wherein the stored configuration parameters for RAID storage configure the RAID storage as one of a plurality of RAID levels.
  - 17. The apparatus of claim 12, wherein the circuit card is coupled to a PCI-Express card slot.

18. A system comprising:
- a circuit board comprising a circuit card slot and a circuit card that is capable of being inserted into the circuit card slot, the circuit card comprising;
  
  a non-volatile memory to store configuration parameters for determining a configuration of a redundant array of independent disks (RAID) storage and a key used to enable encryption; and
  
  circuitry to receive a request to write data to one or more locations in the RAID storage, to encrypt, based upon at least one key, one or more respective portions of write data to generate one or more respective portions of encrypted write data to be stored in the one or more locations of the RAID storage, to generating, based upon the one or more respective portions of the encrypted write data, check data to be stored in the RAID storage, to select the one or more locations in the RAID storage for storing the one or more respective portions of the encrypted write data by translating the one or more locations specified in the request into one or more physical or logical locations in the RAID storage based at least upon the stored configuration parameters so as to permit the one or more respective portions of the encrypted write data to be distributed among one or more storage locations comprised in the RAID storage and to store each of the one or more portions of the encrypted write data and check data into the one or more corresponding locations of the RAID storage.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the logic to determine, based upon one or more credentials whether to perform one or more operations involving the RAID storage.
  - 20. The system of claim 19, wherein the logic to detect attempts to tamper with one or more credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Komarla, Eshwari P., Zimmer, Vincent J., Bulusu, Mallik
Primary Examiner(s)
Reza, Mohammad

Application Number

US12/474,224
Publication Number

US 20090254760A1
Time in Patent Office

1,006 Days
Field of Search

713/193, 713/162, 713/165, 713/168, 713/190, 726/2, 726/3, 380/28, 380/37, 380281-284, 711/1, 711/114, 711/153
US Class Current

713/193
CPC Class Codes

G06F 21/80   in storage media based on m...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2153   Using hardware token as a s...

G06F 3/0623   in relation to content

Data security

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data security

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links