Incremental encryption of stored information
First Claim
Patent Images
1. A method of processing read commands comprising the steps of:
- providing a memory device storing a block status table containing a plurality of entries, wherein at least one of said entries is in one of a first state, a second state and a third state, wherein said first state is indicative that respective data is encrypted, said second state is indicative that respective data is not encrypted and should remain unencrypted, and said third state is indicative that respective data is not encrypted and should be encrypted when it is read;
receiving a read command from a host interface wherein said read command comprises a data location;
retrieving an entry in said block status table associated with said data location;
if said entry is in said first state, performing the sub-steps of;
receiving data corresponding to said data location from a storage device interface;
decrypting said data to generate decrypted data;
providing said decrypted data to said host interface;
if said entry is in said second state, performing the sub-steps of;
receiving data corresponding to said data location from said storage device interface;
providing said data to said host interface;
if said entry is in said third state, performing the sub-steps of;
receiving data corresponding to said data location from said storage device interface;
providing said data to said host interface;
encrypting said data to create encrypted data;
providing said encrypted data to said storage device interface;
updating said entry in said block status table from said third state to said first state.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are utilized to incrementally encrypt stored information, and can be applied to an existing medium storing unencrypted information. Information can be conditionally encrypted and/or decrypted as necessary and a separate storage area can be used to record whether a given block of information is stored encrypted or unencrypted. An embodiment of the present invention can be used as a retrofit device in a mechanism to encrypt information without causing undue interruption of normal operations. A variety of mechanisms and policies can also be used to manage, set and eliminate encryption keys.
27 Citations
15 Claims
-
1. A method of processing read commands comprising the steps of:
-
providing a memory device storing a block status table containing a plurality of entries, wherein at least one of said entries is in one of a first state, a second state and a third state, wherein said first state is indicative that respective data is encrypted, said second state is indicative that respective data is not encrypted and should remain unencrypted, and said third state is indicative that respective data is not encrypted and should be encrypted when it is read; receiving a read command from a host interface wherein said read command comprises a data location; retrieving an entry in said block status table associated with said data location; if said entry is in said first state, performing the sub-steps of; receiving data corresponding to said data location from a storage device interface; decrypting said data to generate decrypted data; providing said decrypted data to said host interface; if said entry is in said second state, performing the sub-steps of; receiving data corresponding to said data location from said storage device interface; providing said data to said host interface; if said entry is in said third state, performing the sub-steps of; receiving data corresponding to said data location from said storage device interface; providing said data to said host interface; encrypting said data to create encrypted data; providing said encrypted data to said storage device interface; updating said entry in said block status table from said third state to said first state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of processing write commands comprising the steps of:
-
providing a memory device storing a block status table containing a plurality of entries, wherein at least one of said entries is in one of a first state, a second state and a third state, wherein said first state is indicative that respective data is encrypted and data being written should be encrypted before it is written, said second state is indicative that respective data is not encrypted and data being written should not be encrypted before it is written, and said third state is indicative that respective data is not encrypted and data being written should be encrypted before it is written; receiving a write command from a host interface wherein said write command comprises write data and a data location; retrieving an entry in said block status table associated with said data location; if said entry is in said first state, performing the sub-steps of; encrypting said write data to create encrypted data; providing said encrypted data to a storage device interface; if said entry is in said second state, performing the sub-steps of; providing said write data to said storage device interface; if said entry is in said third state, performing the sub-steps of; encrypting said write data to create encrypted data; providing said encrypted data to said storage device interface; updating said entry from said third state to said first state. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
Specification