System and method for general purpose encryption of data

US 9,658,969 B2
Filed: 02/18/2016
Issued: 05/23/2017
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. An information handling system, comprising:

a processor;

a memory communicatively coupled to the processor;

a storage resource communicatively coupled to the processor; and

instructions stored in the memory, the instructions, when loaded and executed by the processor, cause the processor to;

determine an encryption status of a boot volume of the storage resource;

initiate encryption or decryption of data stored on the boot volume;

track the encryption status of the boot volume by periodically storing, during an encryption or decryption of data stored on the boot volume, a variable indicating a portion of the boot volume that has been encrypted or decrypted and whether the boot volume is partially encrypted or decrypted;

in response to an interruption to the encryption or decryption of data stored on the boot volume, determine whether the boot volume is in a partially encrypted or decrypted state; and

based on the determination that the boot volume is in the partially encrypted or decrypted state, boot from the boot volume in the partially encrypted or decrypted state.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and an encryption accelerator communicatively coupled to the processor. The encryption accelerator may be configured to encrypt and decrypt information in accordance with a plurality of cryptographic functions, receive a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation, and in response to receiving the command, encrypt or decrypt the data associated with the input/output operation based on a particular one of the plurality of cryptographic functions.

Citations

14 Claims

1. An information handling system, comprising:
- a processor;
  
  a memory communicatively coupled to the processor;
  
  a storage resource communicatively coupled to the processor; and
  
  instructions stored in the memory, the instructions, when loaded and executed by the processor, cause the processor to;
  
  determine an encryption status of a boot volume of the storage resource;
  
  initiate encryption or decryption of data stored on the boot volume;
  
  track the encryption status of the boot volume by periodically storing, during an encryption or decryption of data stored on the boot volume, a variable indicating a portion of the boot volume that has been encrypted or decrypted and whether the boot volume is partially encrypted or decrypted;
  
  in response to an interruption to the encryption or decryption of data stored on the boot volume, determine whether the boot volume is in a partially encrypted or decrypted state; and
  
  based on the determination that the boot volume is in the partially encrypted or decrypted state, boot from the boot volume in the partially encrypted or decrypted state.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The information handling system of claim 1, wherein the instructions further cause the processor to determine the variable by combining a first variable indicating the portion of the boot volume that has been encrypted or decrypted and a second variable indicating whether the boot volume is partially encrypted or decrypted.
  - 3. The information handling system of claim 1, wherein the variable indicates an address of a last encrypted or decrypted sector of the boot volume.
  - 4. The information handling system of claim 1, wherein the storage resource includes a sealed encryption key that is unique to the storage resource.
  - 5. The information handling system of claim 4, further comprising a cryptoprocessor communicatively coupled to the processor, the cryptoprocessor configured to unwrap the unique sealed encryption key for use in connection with an encryption or decryption task to be performed on data from the storage resource.
  - 6. The information handling system of claim 5, wherein the cryptoprocessor is further configured to authenticate that a user associated with the data is authorized to provide the unique sealed encryption key.

7. A method for encryption and decryption of data, comprising:
- determining, by a processor loading and executing instructions stored on a memory, an encryption status of a boot volume of a storage resource;
  
  initiating, by the processor, encryption or decryption of data stored on the boot volume;
  
  tracking, by the processor, the encryption status of the boot volume by periodically storing, during an encryption or decryption of data stored on the boot volume, a variable indicating a portion of the boot volume that has been encrypted or decrypted and whether the boot volume is partially encrypted or decrypted;
  
  in response to an interruption to the encryption or decryption of data stored on the boot volume, determining whether the boot volume is in a partially encrypted or decrypted state; and
  
  based on the determination that the boot volume is in the partially encrypted or decrypted state, booting from the boot volume in the partially encrypted or decrypted state.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising determining, by the processor, the variable by combining a first variable indicating the portion of the boot volume that has been encrypted or decrypted and a second variable indicating whether the boot volume is partially encrypted or decrypted.
  - 9. The method of claim 7, wherein the variable indicates an address of a last encrypted or decrypted sector of the boot volume.
  - 10. The method of claim 7, wherein the storage resource includes a sealed encryption key that is unique to the storage resource.
  - 11. The method of claim 10, further comprising unwrapping, by a cryptoprocessor communicatively coupled to the processor, the unique sealed encryption key for use in connection with an encryption or decryption task to be performed on data from the storage resource.
  - 12. The method of claim 11, further comprising authenticating, by the cryptoprocessor, that a user associated with the data is authorized to provide the unique sealed encryption key.

13. A non-transitory computer-readable medium comprising instructions stored therein, the instructions readable by a processor and, when read and executed, configured to cause the processor to:
- determine an encryption status of a boot volume of a storage resource;
  
  initiate encryption or decryption of data stored on the boot volume;
  
  track the encryption status of the boot volume by periodically storing, during an encryption or decryption of data stored on the boot volume, a variable indicating a portion of the boot volume that has been encrypted or decrypted and whether the boot volume is partially encrypted or decrypted;
  
  in response to an interruption to the encryption or decryption of data stored on the boot volume, determine whether the boot volume is in a partially encrypted or decrypted state; and
  
  based on the determination that the boot volume is in the partially encrypted or decrypted state, boot from the boot volume in the partially encrypted or decrypted state.
- View Dependent Claims (14)
- - 14. The computer-readable medium of claim 13, wherein the instructions are further configured to cause the processor to determine the variable by combining a first variable indicating the portion of the boot volume that has been encrypted or decrypted and a second variable indicating whether the boot volume is partially encrypted or decrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Stufflebeam, Jr., Kenneth W., Kopp, Michele
Primary Examiner(s)
CHANG, KENNETH W

Application Number

US15/047,020
Publication Number

US 20160246738A1
Time in Patent Office

460 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/575   Secure boot

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2212/1052   Security improvement

H04L 9/14   using a plurality of keys o...

System and method for general purpose encryption of data

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for general purpose encryption of data

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links