System and method for transparent disk encryption
First Claim
1. A computing device comprising:
- a main memory for storing a basic input/output system (BIOS);
a processor, communicatively coupled to said main memory, for executing said basic input/output system (BIOS) and an operating system (OS); and
a data storage system, communicatively coupled to said processor and said main memory, including;
a data storage medium storing encrypted data including said operating system (OS);
a controller for receiving a request from said basic input/output system (BIOS) to load at least a portion of said operating system (OS) into said main memory;
said controller for unlocking a key;
a counter mode (CTR) advanced encryption standard (AES) encryption/decryption engine for decrypting at a hardware level a given portion of said encrypted data using said key and counter mode (CTR) of advanced encryption standard (AES) based on a block number and a byte aligned block address of said given portion of said encrypted data passed through a transform function; and
said controller for transferring said given portion of said decrypted data to main memory.
0 Assignments
0 Petitions
Accused Products
Abstract
A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.
77 Citations
9 Claims
-
1. A computing device comprising:
-
a main memory for storing a basic input/output system (BIOS); a processor, communicatively coupled to said main memory, for executing said basic input/output system (BIOS) and an operating system (OS); and a data storage system, communicatively coupled to said processor and said main memory, including; a data storage medium storing encrypted data including said operating system (OS); a controller for receiving a request from said basic input/output system (BIOS) to load at least a portion of said operating system (OS) into said main memory; said controller for unlocking a key; a counter mode (CTR) advanced encryption standard (AES) encryption/decryption engine for decrypting at a hardware level a given portion of said encrypted data using said key and counter mode (CTR) of advanced encryption standard (AES) based on a block number and a byte aligned block address of said given portion of said encrypted data passed through a transform function; and said controller for transferring said given portion of said decrypted data to main memory. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data storage system comprising:
-
a means for storing encrypted data including said operating system (OS); a means for receiving a request from said basic input/output system (BIOS) to load at least a portion of said operating system (OS) into said main memory; a means for unlocking a key; a means for advanced encryption standard (AES) counter mode (CTR) decrypting, at a hardware level, a given portion of said encrypted data using said key, and a block number and a byte aligned address of said given portion of said encrypted data in said means for storing passed through a transform function; and a means for transferring said given portion of said decrypted data to main memory. - View Dependent Claims (8, 9)
-
Specification