System and method for transparent disk encryption
First Claim
1. A method of booting a computer, comprising;
- a controller receiving a password when a computer system coupled to a storage device is booted;
decrypting a key stored in a register of said controller using said password by using a hardware encryption/decryption unit coupled to said controller;
said controller transferring encrypted data from said storage device comprising at least a portion of an operating system program; and
decrypting said encrypted data using said key and said hardware encryption/decryption unit, wherein said key is not available unencrypted outside said controller and said hardware encryption/decryption unit and said operating system program is available to be loaded in said computer system, and wherein said hardware encryption/decryption unit utilizes counter mode (CTR) of advanced encryption standard (AES) based on a block number and a byte-aligned block address of said data in said storage device passed through a transform function.
0 Assignments
0 Petitions
Accused Products
Abstract
A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.
37 Citations
9 Claims
-
1. A method of booting a computer, comprising;
-
a controller receiving a password when a computer system coupled to a storage device is booted; decrypting a key stored in a register of said controller using said password by using a hardware encryption/decryption unit coupled to said controller; said controller transferring encrypted data from said storage device comprising at least a portion of an operating system program; and decrypting said encrypted data using said key and said hardware encryption/decryption unit, wherein said key is not available unencrypted outside said controller and said hardware encryption/decryption unit and said operating system program is available to be loaded in said computer system, and wherein said hardware encryption/decryption unit utilizes counter mode (CTR) of advanced encryption standard (AES) based on a block number and a byte-aligned block address of said data in said storage device passed through a transform function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of booting a computer, comprising;
-
receiving, at a hardware embedded system of said computer, a password when said computer system is booted; unlocking a key stored in a key register of said hardware embedded system using said password; receiving encrypted data from a storage device, wherein said encrypted data includes at least a portion of an operating system program; decrypting, at a hardware encryption/decryption unit of said hardware embedded system, said encrypted data using said key, wherein said key is not available unlocked outside said hardware embedded system, and wherein said hardware encryption/decryption unit utilizes counter mode (CIR) of advanced encryption standard (AES) based on a block number and a byte-aligned block address of said data in said storage device passed through a transform function; and loading said unencrypted data including at least a portion of the operating system program into main memory of said computer system.
-
Specification