Key encryption and decryption

US 9,747,223 B2
Filed: 02/20/2015
Issued: 08/29/2017
Est. Priority Date: 04/10/2007
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a microprocessor;

a host attachment coupled to the microprocessor; and

circuitry coupled directly to the microprocessor and directly to the host attachment, the circuitry comprising an Application Specific Integrated Circuit (ASIC) for encryption and decryption that includes a first multiplexor, a second multiplexor, a third multiplexor, a fourth multiplexor, a public key decryption block, a decryption block, and an encryption block;

wherein the first multiplexor selects a session encrypted data key from inputs of a first session encrypted data key from the microprocessor and a second session encrypted data key from the host attachment, and wherein the session encrypted data key is input to the public key decryption block;

wherein the public key decryption block unwraps the session encrypted data key to obtain a secret key that is input to the second multiplexor;

wherein the second multiplexor selects a session key from inputs of a first session key, a backup data key, a standard data key, and the secret key, and wherein the session key is input to the decryption block and input to the encryption block;

wherein the third multiplexor selects clear text from inputs of first clear text from the microprocessor and second clear text from the host attachment, and wherein the clear text is input to the encryption block;

wherein the encryption block encrypts the clear text with the session key to generate encrypted text, and wherein the encrypted text is input to the fourth multiplexor;

wherein the fourth multiplexor selects a piece of encrypted data from inputs of the session encrypted data key and the encrypted text from the encryption block, and wherein the piece of encrypted data is input to the decryption block; and

wherein the decryption block decrypts the piece of encrypted data, wherein the decryption comprises decrypting the session encrypted data key with the session key comprising the first session key when the piece of encrypted data is the session encrypted data key, and wherein the decryption comprises decrypting the encrypted text with the session key comprising one of the backup data key, the standard data key, and the secret key when the piece of encrypted data is the encrypted text.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.

28 Citations

5 Claims

1. A system, comprising:
- a microprocessor;
  
  a host attachment coupled to the microprocessor; and
  
  circuitry coupled directly to the microprocessor and directly to the host attachment, the circuitry comprising an Application Specific Integrated Circuit (ASIC) for encryption and decryption that includes a first multiplexor, a second multiplexor, a third multiplexor, a fourth multiplexor, a public key decryption block, a decryption block, and an encryption block;
  
  wherein the first multiplexor selects a session encrypted data key from inputs of a first session encrypted data key from the microprocessor and a second session encrypted data key from the host attachment, and wherein the session encrypted data key is input to the public key decryption block;
  
  wherein the public key decryption block unwraps the session encrypted data key to obtain a secret key that is input to the second multiplexor;
  
  wherein the second multiplexor selects a session key from inputs of a first session key, a backup data key, a standard data key, and the secret key, and wherein the session key is input to the decryption block and input to the encryption block;
  
  wherein the third multiplexor selects clear text from inputs of first clear text from the microprocessor and second clear text from the host attachment, and wherein the clear text is input to the encryption block;
  
  wherein the encryption block encrypts the clear text with the session key to generate encrypted text, and wherein the encrypted text is input to the fourth multiplexor;
  
  wherein the fourth multiplexor selects a piece of encrypted data from inputs of the session encrypted data key and the encrypted text from the encryption block, and wherein the piece of encrypted data is input to the decryption block; and
  
  wherein the decryption block decrypts the piece of encrypted data, wherein the decryption comprises decrypting the session encrypted data key with the session key comprising the first session key when the piece of encrypted data is the session encrypted data key, and wherein the decryption comprises decrypting the encrypted text with the session key comprising one of the backup data key, the standard data key, and the secret key when the piece of encrypted data is the encrypted text.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, further comprising:
    - a data storage drive that includes the microprocessor, the host attachment, and the circuitry; and
      
      a key manager coupled to the data storage drive, wherein the key manager obtains a public key that is part of a public-private key pair from the data storage drive and uses the public key to create the session encrypted data key.
  - 3. The system of claim 2, further comprising:
    - the circuitry storing a private key that is part of the public-private key pair.
  - 4. The system of claim 3, wherein the private key is stored in a register space inside the ASIC that is not accessible by external entities.
  - 5. The system of claim 1, further comprising:
    - the circuitry using a root Certificate of Authority (CA) block to check a root Certificate of Authority (CA) signature and to unwrap the session encrypted data key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Greco, Paul M., Jaquette, Glen A., Schaffer, Scott J.
Primary Examiner(s)
Popham, Jeffrey D

Application Number

US14/627,763
Publication Number

US 20160357687A1
Time in Patent Office

921 Days
Field of Search

713156
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G09C 1/00   Apparatus or methods whereb...

H04L 2209/12   Details relating to cryptog...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/083   involving central third par...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

Key encryption and decryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Key encryption and decryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links