Data security for digital data storage

US 8,533,491 B2
Filed: 07/11/2011
Issued: 09/10/2013
Est. Priority Date: 03/26/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A data security system, comprising:

a non-volatile data storage media comprising at least a first storage location;

a security apparatus configured to store information, the information comprising at least a cryptographic key stored at the first storage location and cryptographic data stored at a second storage location; and

an encryption engine configured to encrypt data that is stored on the non-volatile data storage media, and to decrypt data that is stored on the non-volatile data storage media, wherein the encryption engine is further configured to disable encryption based at least in part on the information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a nonvolatile memory. The key may also be derived at least in part from user input to the computer.

Citations

24 Claims

1. A data security system, comprising:
- a non-volatile data storage media comprising at least a first storage location;
  
  a security apparatus configured to store information, the information comprising at least a cryptographic key stored at the first storage location and cryptographic data stored at a second storage location; and
  
  an encryption engine configured to encrypt data that is stored on the non-volatile data storage media, and to decrypt data that is stored on the non-volatile data storage media, wherein the encryption engine is further configured to disable encryption based at least in part on the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The data security system of claim 1, further comprising a key generation mechanism that is configured to generate the cryptographic key for the encryption engine.
  - 3. The data security system of claim 2, wherein the key generation mechanism generates the cryptographic key based at least in part on the cryptographic data.
  - 4. The data security system of claim 3, wherein the cryptographic data comprises a pseudo-random number.
  - 5. The data security system of claim 1, wherein the encryption and decryption by the encryption engine are each based at least in part on a hardware identifier and a user input.
  - 6. The data security system of claim 5, wherein the hardware identifier is stored in a non-erasable memory location.
  - 7. The data security system of claim 1, wherein the security apparatus comprises the encryption engine.
  - 8. The data security system of claim 7, wherein the encryption engine is positioned in a data path between a host processor and the non-volatile data storage media.
  - 9. The data security system of claim 8, wherein the non-volatile data storage media comprises one or more hard disk drives.

10. A data security apparatus configured to communicate with a data storage media, the apparatus comprising:
- first apparatus configured to store information, the information being useful to verify that the data storage media is selected to store encrypted data, the information comprising;
  
  a security key, the security key being stored at a first memory location on the data storage media; and
  
  a security code, the security code being stored at a second memory location distinct from the first location; and
  
  an encryption engine configured to encrypt data for storage on the data storage media, and to decrypt data received from the data storage media;
  
  wherein the encryption engine is configured to execute the encryption and the decryption independently of a host processor, the first apparatus being configured to receive data for storage from the host processor; and
  
  wherein the encryption engine is further configured to disable encryption based at least in part on the information.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The data security apparatus of claim 10, further comprising a key generation mechanism that is configured to generate the security key for the encryption engine, the cryptographic key being generated based at least in part on the security code.
  - 12. The data security apparatus of claim 11, wherein the encryption engine uses at least a hardware identifier and a user input to encrypt and decrypt the data.
  - 13. The data security apparatus of claim 11, wherein the first apparatus comprises the encryption engine.
  - 14. The data security apparatus of claim 13, wherein the security apparatus including encryption engine is positioned in a data path between the host processor and the data storage media.

15. A computerized system, comprising:
- a host processor;
  
  a data storage apparatus comprising one or more storage media, the data storage apparatus configured to;
  
  store an identification code at a first memory location; and
  
  store a cryptographic key at a second memory location; and
  
  a data security apparatus for controlling data storage to and data access of the data storage apparatus, the data security apparatus being in data communication with the host processor and the data storage apparatus, and comprising;
  
  a security apparatus configured to receive digital data from the host processor, and to forward the digital data to the data storage apparatus in an encrypted form, the security apparatus having an encryption engine configured to encrypt data for storage on the data storage apparatus, and to decrypt encrypted data received from the data storage apparatus, the encryption engine further being configured to disable said encryption based at least in part on the identification code; and
  
  a key generation mechanism configured to generate the cryptographic key, the key being used for at least one access to the data storage apparatus subsequent to said generation of the key;
  
  wherein the cryptographic key is configured to be accessed by the security apparatus so as to facilitate encryption of the digital data for transmission to the data storage apparatus.
- View Dependent Claims (16, 17, 18)
- - 16. The data security system of claim 15, where the cryptographic key is generated at least in part based on the identification code.
  - 17. The data security system of claim 16, wherein the identification code comprises a pseudo-random number.
  - 18. The data security system of claim 17, wherein the cryptographic key is based at least in part on a user input.

19. A data security apparatus for use with a digital data storage apparatus, comprising:
- first apparatus configured to receive digital data from a host processor, and to forward the digital data to the digital data storage apparatus in an encrypted form;
  
  a nonvolatile storage device, the non-volatile storage device configured to store an identification code associated with the data security apparatus in a first memory location and a second memory location configured to store a cryptographic key, the cryptographic key being accessible by the data security apparatus so as to facilitate encryption of the digital data for transmission to the digital data storage apparatus;
  
  wherein the first apparatus is configured to encrypt the digital data and forward the digital data to the digital data storage apparatus without intervention by the host processor; and
  
  wherein the first apparatus comprises a verification mechanism that requires the verification of a received user input prior to causing storage of encrypted data on the digital data storage apparatus.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The data security apparatus of claim 19, wherein the first apparatus is configured for data communication with both the host processor and the digital data storage device.
  - 21. The data security apparatus of claim 20, wherein the first apparatus is positioned in a data path between the host processor and the digital data storage device.
  - 22. The data security apparatus of claim 19, wherein the cryptographic key is generated based at least in part on the identification code.
  - 23. The data security apparatus of claim 22, wherein the cryptographic key is based at least in part on a user input.
  - 24. The data security apparatus of claim 19, wherein the identification code comprises a pseudo-random number, the identification code being associated with the data security apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Round Rock Research LLC
Original Assignee
Round Rock Research LLC
Inventors
Klein, Dean A.
Primary Examiner(s)
Song, Hosuk

Application Number

US13/180,282
Publication Number

US 20120011374A1
Time in Patent Office

792 Days
Field of Search

713/165, 713/168, 713/189, 713/190, 713192-194, 380/277, 380/44, 380/239, 380/242, 726/27, 726/30
US Class Current

713/189
CPC Class Codes

G06F 21/80   in storage media based on m...

G06F 21/85   interconnection devices, e....

H04L 2209/12   Details relating to cryptog...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

Data security for digital data storage

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links