System and method for general purpose encryption of data
First Claim
1. An information handling system, comprising:
- a processor;
a memory communicatively coupled to the processor;
a storage resource communicatively coupled to the processor, the storage resource having a sealed encryption key that is unique to the storage resource and associated only with the storage resource;
an encryption accelerator communicatively coupled to the processor, the encryption accelerator configured to;
encrypt and decrypt information in accordance with a plurality of cryptographic functions;
receive an authorized command from the processor to perform an encryption or decryption task upon data associated with an input/output operation from the storage resource, the authorized command is authenticated based on the unique sealed encryption key and includes a designation of a particular one of the plurality of cryptographic functions to be used in connection with the encryption or decryption task, the unique sealed encryption key is read access disabled; and
in response to receiving the authorized command, load the unique sealed encryption key and encrypt or decrypt the data associated with the input/output operation based on the unique sealed encryption key and the particular one of the plurality of cryptographic functions;
a cryptoprocessor communicatively coupled to the processor and the encryption accelerator, the cryptoprocessor configured to unwrap the unique sealed encryption key for use in connection with the encryption or decryption task; and
an encryption status module stored in the memory and configured to;
determine an encryption status of a volume of the storage resource; and
store a variable indicating a portion of the volume that has been encrypted or decrypted and whether the volume is partially encrypted or decrypted.
14 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and an encryption accelerator communicatively coupled to the processor. The encryption accelerator may be configured to encrypt and decrypt information in accordance with a plurality of cryptographic functions, receive a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation, and in response to receiving the command, encrypt or decrypt the data associated with the input/output operation based on a particular one of the plurality of cryptographic functions.
-
Citations
13 Claims
-
1. An information handling system, comprising:
-
a processor; a memory communicatively coupled to the processor; a storage resource communicatively coupled to the processor, the storage resource having a sealed encryption key that is unique to the storage resource and associated only with the storage resource; an encryption accelerator communicatively coupled to the processor, the encryption accelerator configured to; encrypt and decrypt information in accordance with a plurality of cryptographic functions; receive an authorized command from the processor to perform an encryption or decryption task upon data associated with an input/output operation from the storage resource, the authorized command is authenticated based on the unique sealed encryption key and includes a designation of a particular one of the plurality of cryptographic functions to be used in connection with the encryption or decryption task, the unique sealed encryption key is read access disabled; and in response to receiving the authorized command, load the unique sealed encryption key and encrypt or decrypt the data associated with the input/output operation based on the unique sealed encryption key and the particular one of the plurality of cryptographic functions; a cryptoprocessor communicatively coupled to the processor and the encryption accelerator, the cryptoprocessor configured to unwrap the unique sealed encryption key for use in connection with the encryption or decryption task; and an encryption status module stored in the memory and configured to; determine an encryption status of a volume of the storage resource; and store a variable indicating a portion of the volume that has been encrypted or decrypted and whether the volume is partially encrypted or decrypted. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for encryption and decryption of data, comprising:
-
receiving an authorized command by an encryption accelerator to perform an encryption or decryption task upon data associated with an input/output operation from a storage resource, the storage resource having a sealed encryption key that is unique to the storage resource and associated only with the storage resource; unwrapping the unique sealed encryption key by a cryptoprocessor communicatively coupled to the encryption accelerator; authenticating the authorized command based on the unique sealed encryption key, the unique sealed encryption key is read access disabled, the authorized command designating a particular one of a plurality of cryptographic functions stored on the encryption accelerator; in response to receiving the authorized command, loading the unique sealed encryption key; encrypting or decrypting the data associated with the input/output operation based on the unique sealed encryption key and the particular one of the plurality of cryptographic functions; determining an encryption status of a volume of the storage resource; and storing a variable indicating a portion of the volume that has been encrypted or decrypted and whether the volume is partially encrypted or decrypted. - View Dependent Claims (7, 8, 9)
-
-
10. An encryption accelerator, comprising:
-
a non-transitory computer-readable medium; and computer-executable instructions stored on the non-transitory computer-readable medium, the instructions readable by the encryption accelerator, the instructions, when read and executed, for causing the encryption accelerator to; encrypt and decrypt information in accordance with a plurality of cryptographic functions; receive an authorized command from a processor to perform an encryption or decryption task upon data associated with an input/output operation from a storage resource, the storage resource having a sealed encryption key that is unique to the storage resource and associated only with the storage resource, the authorized command authenticated based on the unique sealed encryption key, the unique sealed encryption key is read access disabled; receive a designation of a particular one of the plurality of cryptographic functions to be used in connection with the encryption or decryption task; and in response to receiving the authorized command, load the unique sealed encryption key and encrypt or decrypt the data associated with the input/output operation based on the unique sealed encryption key and a particular one of the plurality of cryptographic functions; and determine an encryption status of a volume of the storage resource and store a variable indicating a portion of the volume that has been encrypted or decrypted and whether the volume is partially encrypted or decrypted. - View Dependent Claims (11, 12, 13)
-
Specification