Data security for digital data storage
First Claim
Patent Images
1. A data security system, comprising:
- a non-volatile data storage media comprising at least a first storage location;
a security apparatus configured to store information, the information comprising at least a cryptographic key stored at the first storage location and cryptographic data stored at a second storage location; and
an encryption engine configured to encrypt data that is stored on the non-volatile data storage media, and to decrypt data that is stored on the non-volatile data storage media, wherein the encryption engine is further configured to disable encryption based at least in part on the information.
0 Assignments
0 Petitions
Accused Products
Abstract
A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a nonvolatile memory. The key may also be derived at least in part from user input to the computer.
-
Citations
24 Claims
-
1. A data security system, comprising:
-
a non-volatile data storage media comprising at least a first storage location; a security apparatus configured to store information, the information comprising at least a cryptographic key stored at the first storage location and cryptographic data stored at a second storage location; and an encryption engine configured to encrypt data that is stored on the non-volatile data storage media, and to decrypt data that is stored on the non-volatile data storage media, wherein the encryption engine is further configured to disable encryption based at least in part on the information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data security apparatus configured to communicate with a data storage media, the apparatus comprising:
-
first apparatus configured to store information, the information being useful to verify that the data storage media is selected to store encrypted data, the information comprising; a security key, the security key being stored at a first memory location on the data storage media; and a security code, the security code being stored at a second memory location distinct from the first location; and an encryption engine configured to encrypt data for storage on the data storage media, and to decrypt data received from the data storage media; wherein the encryption engine is configured to execute the encryption and the decryption independently of a host processor, the first apparatus being configured to receive data for storage from the host processor; and wherein the encryption engine is further configured to disable encryption based at least in part on the information. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computerized system, comprising:
-
a host processor; a data storage apparatus comprising one or more storage media, the data storage apparatus configured to; store an identification code at a first memory location; and store a cryptographic key at a second memory location; and a data security apparatus for controlling data storage to and data access of the data storage apparatus, the data security apparatus being in data communication with the host processor and the data storage apparatus, and comprising; a security apparatus configured to receive digital data from the host processor, and to forward the digital data to the data storage apparatus in an encrypted form, the security apparatus having an encryption engine configured to encrypt data for storage on the data storage apparatus, and to decrypt encrypted data received from the data storage apparatus, the encryption engine further being configured to disable said encryption based at least in part on the identification code; and a key generation mechanism configured to generate the cryptographic key, the key being used for at least one access to the data storage apparatus subsequent to said generation of the key; wherein the cryptographic key is configured to be accessed by the security apparatus so as to facilitate encryption of the digital data for transmission to the data storage apparatus. - View Dependent Claims (16, 17, 18)
-
-
19. A data security apparatus for use with a digital data storage apparatus, comprising:
-
first apparatus configured to receive digital data from a host processor, and to forward the digital data to the digital data storage apparatus in an encrypted form; a nonvolatile storage device, the non-volatile storage device configured to store an identification code associated with the data security apparatus in a first memory location and a second memory location configured to store a cryptographic key, the cryptographic key being accessible by the data security apparatus so as to facilitate encryption of the digital data for transmission to the digital data storage apparatus; wherein the first apparatus is configured to encrypt the digital data and forward the digital data to the digital data storage apparatus without intervention by the host processor; and wherein the first apparatus comprises a verification mechanism that requires the verification of a received user input prior to causing storage of encrypted data on the digital data storage apparatus. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification