Data security for digital data storage

US 9,117,095 B2
Filed: 09/09/2013
Issued: 08/25/2015
Est. Priority Date: 03/26/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A data security apparatus for use with a digital data storage apparatus, comprising:

a first apparatus configured to receive digital data from a host processor, where the first apparatus is configured to encrypt the digital data with an encryption key, the first apparatus further configured to forward the digital data to the digital data storage apparatus in an encrypted form; and

a boot mechanism configured to;

verify a user; and

after the user is successfully verified, cause the encryption key to be generated;

wherein the verification of the user is based at least on a received user input;

wherein the received user input comprises a password; and

wherein the encryption key is based at least in part on the password.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a nonvolatile memory. The key may also be derived at least in part from user input to the computer.

86 Citations

View as Search Results

24 Claims

1. A data security apparatus for use with a digital data storage apparatus, comprising:
- a first apparatus configured to receive digital data from a host processor, where the first apparatus is configured to encrypt the digital data with an encryption key, the first apparatus further configured to forward the digital data to the digital data storage apparatus in an encrypted form; and
  
  a boot mechanism configured to;
  
  verify a user; and
  
  after the user is successfully verified, cause the encryption key to be generated;
  
  wherein the verification of the user is based at least on a received user input;
  
  wherein the received user input comprises a password; and
  
  wherein the encryption key is based at least in part on the password.
- View Dependent Claims (2, 3)
- - 2. The data security apparatus of claim 1, wherein the boot mechanism is configured to automatically execute on a power event.
  - 3. The data security apparatus of claim 1, wherein the boot mechanism is configured to automatically execute on a reset event.

4. A data security apparatus for use with a digital data storage apparatus, comprising:
- a first apparatus configured to receive digital data from a host processor, where the first apparatus is configured to encrypt the digital data with an encryption key, the first apparatus further configured to forward the digital data to the digital data storage apparatus in an encrypted form;
  
  a boot mechanism configured to;
  
  verify a user; and
  
  after the user is successfully verified, cause the encryption key to be generated;
  
  anda second apparatus configured to retrieve the digital data from the digital data storage apparatus, wherein the second apparatus is further configured to decrypt the digital data with a decryption key that is different than the encryption key.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The data security apparatus of claim 4, wherein the boot mechanism is configured to automatically execute on a power event.
  - 6. The data security apparatus of claim 4, wherein the boot mechanism is configured to automatically execute on a reset event.
  - 7. The data security apparatus of claim 4, wherein the verification of the user is based at least on a received user input.
  - 8. The data security apparatus of claim 7, wherein the received user input comprises a user-specific input.
  - 9. The data security apparatus of claim 7, wherein the received user input comprises a code.
  - 10. The data security apparatus of claim 7, wherein the received user input comprises a password.
  - 11. The data security apparatus of claim 10, wherein the encryption key is based at least in part on the password.

12. A method for securely encrypting a digital data storage apparatus, comprising:
- verifying a user;
  
  when the user is successfully verified;
  
  determining at least one cryptographic key;
  
  receiving digital data;
  
  encrypting the digital data with the at least one cryptographic key; and
  
  storing the encrypted digital data to a digital data storage apparatus; and
  
  otherwise denying access to at least a portion of the digital data storage apparatus;
  
  wherein the at least one cryptographic key comprises an encryption key and a decryption key, and the encryption key and decryption key are different from one another.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, where the verification of the user is based on a user input.
  - 14. The method of claim 13, where the user input comprises a user-specific password or code.
  - 15. The method of claim 12, where the at least one cryptographic key is used for encryption and decryption.
  - 16. The method of claim 12, where the at least one cryptographic key is determined based at least in part on a hardware specific code.
  - 17. The method of claim 12, where the at least one cryptographic key is stored in a key register.
  - 18. The method of claim 12, wherein the encryption key and/or the decryption key is determined based at least in part on a hardware specific code.
  - 19. The method of claim 12, wherein the encryption key and/or the decryption key is stored in a key register.

20. A data security apparatus, comprising:
- a first apparatus configured to receive digital data from a host processor, where the first apparatus is further configured to encrypt the digital data with one or more cryptographic keys, and to forward the digital data to a digital data storage apparatus in an encrypted form; and
  
  a boot mechanism that is configured to verify the host processor based on a hardware identifier; and
  
  when the host processor is successfully verified, enable access to the digital data storage apparatus;
  
  wherein the one or more cryptographic keys are based at least on the hardware identifier.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The data security apparatus of claim 20, wherein the hardware identifier is uniquely associated with the host processor.
  - 22. The data security apparatus of claim 21, wherein the first apparatus is configured to encrypt only a portion of the digital data.
  - 23. The data security apparatus of claim 20, wherein the boot mechanism is further configured to execute before the access to the digital data storage apparatus is enabled.
  - 24. The data security apparatus of claim 20, wherein the boot mechanism is additionally configured to derive the one or more cryptographic keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Round Rock Research LLC
Original Assignee
Round Rock Research LLC
Inventors
Klein, Dean A
Primary Examiner(s)
Song, Hosuk

Application Number

US14/022,095
Publication Number

US 20140082375A1
Time in Patent Office

715 Days
Field of Search

713/165, 713/168, 713/189, 713/190, 713192-194, 380/277, 380/44, 380/239, 380/242, 726/27, 726/30
US Class Current

1/1
CPC Class Codes

G06F 21/80   in storage media based on m...

G06F 21/85   interconnection devices, e....

H04L 2209/12   Details relating to cryptog...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

Data security for digital data storage

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Data security for digital data storage

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links