System and method for transparent disk encryption

US 7,849,510 B2
Filed: 02/21/2006
Issued: 12/07/2010
Est. Priority Date: 08/07/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method of booting a computer, comprising;

a controller receiving a password when a computer system coupled to a storage device is booted;

decrypting a key stored in a register of said controller using said password by using a hardware encryption/decryption unit coupled to said controller;

said controller transferring encrypted data from said storage device comprising at least a portion of an operating system program; and

decrypting said encrypted data using said key and said hardware encryption/decryption unit, wherein said key is not available unencrypted outside said controller and said hardware encryption/decryption unit and said operating system program is available to be loaded in said computer system, and wherein said hardware encryption/decryption unit utilizes counter mode (CTR) of advanced encryption standard (AES) based on a block number and a byte-aligned block address of said data in said storage device passed through a transform function.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.

37 Citations

View as Search Results

9 Claims

1. A method of booting a computer, comprising;
- a controller receiving a password when a computer system coupled to a storage device is booted;
  
  decrypting a key stored in a register of said controller using said password by using a hardware encryption/decryption unit coupled to said controller;
  
  said controller transferring encrypted data from said storage device comprising at least a portion of an operating system program; and
  
  decrypting said encrypted data using said key and said hardware encryption/decryption unit, wherein said key is not available unencrypted outside said controller and said hardware encryption/decryption unit and said operating system program is available to be loaded in said computer system, and wherein said hardware encryption/decryption unit utilizes counter mode (CTR) of advanced encryption standard (AES) based on a block number and a byte-aligned block address of said data in said storage device passed through a transform function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said receiving comprises said controller receiving said password from a basic input/output system (BIOS) of said computer system.
  - 3. The method of claim 2, wherein said receiving further comprises said basic input/output system (BIOS) receiving said password via user input.
  - 4. The method of claim 2, wherein said receiving further comprises said computer system receiving said password via a network connection.
  - 5. The method of claim 1, wherein said receiving further comprises said computer system receiving said password via a network connection.
  - 6. The method of claim 1, wherein said data further comprises a computer booting program.
  - 7. The method of claim 1, wherein said controller and said encryption/decryption unit are an integral part of a memory controller.
  - 8. The method of claim 1, wherein said controller and said encryption/decryption unit are an integral part of a graphics card.

9. A method of booting a computer, comprising;
- receiving, at a hardware embedded system of said computer, a password when said computer system is booted;
  
  unlocking a key stored in a key register of said hardware embedded system using said password;
  
  receiving encrypted data from a storage device, wherein said encrypted data includes at least a portion of an operating system program;
  
  decrypting, at a hardware encryption/decryption unit of said hardware embedded system, said encrypted data using said key, wherein said key is not available unlocked outside said hardware embedded system, and wherein said hardware encryption/decryption unit utilizes counter mode (CIR) of advanced encryption standard (AES) based on a block number and a byte-aligned block address of said data in said storage device passed through a transform function; and
  
  loading said unencrypted data including at least a portion of the operating system program into main memory of said computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NVIDIA Corporation
Original Assignee
NVIDIA Corporation
Inventors
Danilak, Radoslav
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US11/358,330
Publication Number

US 20070180515A1
Time in Patent Office

1,750 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

G06F 21/79 in semiconductor storage me...

System and method for transparent disk encryption

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for transparent disk encryption

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links