System and method for recovering from an interrupted encryption and decryption operation performed on a volume

US 9,881,183 B2
Filed: 07/16/2015
Issued: 01/30/2018
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving at a middleware of an information handling system a generalized command from an application, the generalized command including an encryption or decryption task, the middleware comprising instructions executing on a processor;

converting, by the middleware, the generalized command into a format recognizable by an encryption accelerator;

providing the generalized command from the middleware to the encryption accelerator in the format recognizable by the encryption accelerator; and

instructing, by the middleware, a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of;

a user logged into the information handling system,characteristics of the storage resource, orcharacteristics regarding a directory path of data to be written or read.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) receive a generalized command from an application of an information handling system, the generalized command including an encryption or decryption task; (ii) convert the generalized command into a format recognizable by an encryption accelerator; (iii) provide the generalized command to the encryption accelerator in the format recognizable by the encryption accelerator; and (iv) instruct a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of: a user logged into the information handling system, characteristics of the storage resource, or characteristics regarding a directory path of data to be written or read.

74 Citations

20 Claims

1. A method comprising:
- receiving at a middleware of an information handling system a generalized command from an application, the generalized command including an encryption or decryption task, the middleware comprising instructions executing on a processor;
  
  converting, by the middleware, the generalized command into a format recognizable by an encryption accelerator;
  
  providing the generalized command from the middleware to the encryption accelerator in the format recognizable by the encryption accelerator; and
  
  instructing, by the middleware, a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of;
  
  a user logged into the information handling system,characteristics of the storage resource, orcharacteristics regarding a directory path of data to be written or read.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising causing, by the middleware, the application to provide the encryption key to the encryption accelerator.
  - 3. The method of claim 1, wherein the generalized command includes an encryption command or a decryption command.
  - 4. The method of claim 3, further comprising processing, by the middleware, a request from the application the cryptoprocessor to authenticate the encryption command or the decryption command.
  - 5. The method of claim 1, further comprising:
    - providing the generalized command over a bus; and
      
      encrypting a tramsission of the generalized command over the bus with a bus encryption key unique to the bus.
  - 6. The method of claim 1, further comprising receiving, by the middleware, a confirmation from the cryptoprocessor that the application is authorized to request the encryption key from the cryptoprocessor.
  - 7. The method of claim 1, wherein converting the generalized command includes receiving, by the middleware, an application programming interface from a device driver.

8. An information handling system comprising:
- a processor;
  
  a storage resource communicatively coupled to the processor; and
  
  a non-transitory computer-readable medium communicatively coupled to the processor and having instructions stored thereon, the instructions configured to, when executed by the processor;
  
  receive a generalized command from an application, the generalized command including an encryption or decryption task;
  
  convert the generalized command into a format recognizable by an encryption accelerator;
  
  provide the generalized command to the encryption accelerator in the format recognizable by the encryption accelerator; and
  
  instruct a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to the storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of;
  
  a user logged into the information handling system,characteristics of the storage resource, orcharacteristics regarding a directory path of data to be written or read.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The information handling system of claim 8, the instructions are further configured to cause the application to provide the encryption key to the encryption accelerator.
  - 10. The information handling system of claim 8, wherein the generalized command includes an encryption command or a decryption command.
  - 11. The information handling system of claim 10, the instructions are further configured to process a request from the application to the cryptoprocessor to authenticate the encryption command or the decryption command.
  - 12. The information handling system of claim 10, further comprising a bus over which the encryption command or the decryption command is sent, the bus having a unique encryption key.
  - 13. The information handling system of claim 8, the instructions are further configured to receive a confirmation from the cryptoprocessor that the application is authorized to request the encryption key from the cryptoprocessor.
  - 14. The information handling system of claim 8, wherein converting the generalized command includes receiving an application programming interface from a device driver.

15. A non-transitory computer-readable medium communicatively coupled to a processor and having instructions stored thereon, the instructions configured to, when executed by a processor:
- receive a generalized command from an application of an information handling system, the generalized command including an encryption or decryption task;
  
  convert the generalized command into a format recognizable by an encryption accelerator;
  
  provide the generalized command to the encryption accelerator in the format recognizable by the encryption accelerator; and
  
  instruct a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of;
  
  a user logged into the information handling system,characteristics of the storage resource, orcharacteristics regarding a directory path of data to be written or read.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable medium of claim 15, the instructions are further configured to cause the application to provide the encryption key to the encryption accelerator.
  - 17. The computer-readable medium of claim 15, wherein the generalized command includes an encryption command or a decryption command.
  - 18. The computer-readable medium of claim 17, the instructions are further configured to process a request from the application to the cryptoprocessor to authenticate the encryption command or the decryption command.
  - 19. The computer-readable medium of claim 17, wherein a bus over which the encryption command or the decryption command is sent includes a unique encryption key.
  - 20. The computer-readable medium of claim 15, wherein converting the generalized command includes receiving an application programming interface from a device driver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Nelson, Amy Christine, Stufflebeam, Jr., Kenneth W.
Primary Examiner(s)
Revak, Christopher

Application Number

US14/801,546
Publication Number

US 20150324612A1
Time in Patent Office

929 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/78   to assure secure storage of...

G06F 2221/2107   File encryption

H04L 2209/125   Parallelization or pipelini...

System and method for recovering from an interrupted encryption and decryption operation performed on a volume

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

74 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for recovering from an interrupted encryption and decryption operation performed on a volume

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others