System and method for encryption and decryption of data
First Claim
1. An information handling system, comprising:
- a processor;
a memory communicatively coupled to the processor;
a storage resource communicatively coupled to the processor, the storage resource having a sealed encryption key that is unique to the storage resource and associated only with the storage resource; and
a computer-readable medium coupled to the processor and having stored thereon instructions for managing encryption and decryption tasks, the instructions configured to, when executed by the processor;
encrypt or decrypt data associated with an input/output operation from the storage resource based on the unique sealed encryption key and a cryptographic function, the unique sealed encryption key is read access disabled, the cryptographic function is selected based on one or more characteristics associated with the data to be encrypted or decrypted;
determine an encryption status of a volume of the storage resource;
store a variable indicating whether the volume is partially encrypted or decrypted; and
boot from the volume of the storage resource and continue encryption or decryption of the data in response to a determination that the variable indicates that the volume is partially encrypted or decrypted, wherein completion of the encryption or decryption of the data results in full volume encryption (FVE) or full disk encryption (FDE).
14 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. A method for encryption and decryption of data, may include encrypting or decrypting data associated with an input/output operation based on at least one of an encryption key and a cryptographic function, wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted. Another method may include encrypting an item of data based on at least one of a first-layer encryption key and a first-layer cryptographic function to produce first-layer encrypted data and encrypting the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data.
-
Citations
20 Claims
-
1. An information handling system, comprising:
-
a processor; a memory communicatively coupled to the processor; a storage resource communicatively coupled to the processor, the storage resource having a sealed encryption key that is unique to the storage resource and associated only with the storage resource; and a computer-readable medium coupled to the processor and having stored thereon instructions for managing encryption and decryption tasks, the instructions configured to, when executed by the processor; encrypt or decrypt data associated with an input/output operation from the storage resource based on the unique sealed encryption key and a cryptographic function, the unique sealed encryption key is read access disabled, the cryptographic function is selected based on one or more characteristics associated with the data to be encrypted or decrypted; determine an encryption status of a volume of the storage resource; store a variable indicating whether the volume is partially encrypted or decrypted; and boot from the volume of the storage resource and continue encryption or decryption of the data in response to a determination that the variable indicates that the volume is partially encrypted or decrypted, wherein completion of the encryption or decryption of the data results in full volume encryption (FVE) or full disk encryption (FDE). - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for encryption and decryption of data, comprising:
-
encrypting or decrypting data associated with an input/output operation from a storage resource based on a unique sealed encryption key and a cryptographic function, the unique sealed encryption key is unique to the storage resource and associated only with the storage resource, the unique sealed encryption key is read access disabled, the cryptographic function is selected based on one or more characteristics associated with the data to be encrypted or decrypted; determining an encryption status of a volume of a storage resource; storing a variable indicating whether the volume is partially encrypted or decrypted; and booting from the volume of the storage resource and continuing encrypting or decrypting the data in response to a determination that the variable indicates that the volume is partially encrypted or decrypted, wherein completion of the encrypting or decrypting of the data results in full volume encryption (FVE) or full disk encryption (FDE). - View Dependent Claims (7, 8, 9, 10)
-
-
11. An information handling system, comprising:
-
a processor; a memory communicatively coupled to the processor; a storage resource communicatively coupled to the processor, the storage resource having a sealed encryption key that is unique to the storage resource and associated only with the storage resource; and a computer-readable medium coupled to the processor and having stored thereon instructions for encrypting an item of data from the storage resource, the instructions configured to, when executed by the processor; encrypt the item of data based on a first-layer encryption key and a first-layer cryptographic function to produce first-layer encrypted data, the first-layer encryption key being the unique sealed encryption key, the unique sealed encryption key is read access disabled; and encrypt the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data; determine an encryption status of a volume of the storage resource; store a variable indicating whether the volume is partially encrypted or decrypted; and boot from the volume of the storage resource and continue encryption of items of data from the storage resource in response to a determination that the variable indicates that the volume is partially encrypted or decrypted, wherein completion of the encryption of the items of data results in full volume encryption (FVE) or full disk encryption (FDE). - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for encrypting data, comprising:
-
encrypting an item of data from a storage resource based on a first-layer encryption key and a first-layer cryptographic function to produce first-layer encrypted data, the first-layer encryption key being a unique sealed encryption key, the unique sealed encryption key is unique to the storage resource and associated only with the storage resource, the unique sealed encryption key is read access disabled; encrypting the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data; determining an encryption status of a volume of a storage resource; storing a variable indicating whether the volume is partially encrypted or decrypted; and booting from the volume of the storage resource and continuing encryption of items of data from the storage resource in response to a determination that the variable indicates that the volume is partially encrypted or decrypted, wherein completion of the encryption of the items of data results in full volume encryption (FVE) or full disk encryption (FDE). - View Dependent Claims (17, 18, 19, 20)
-
Specification