Rapid data protection for storage devices

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Innokentiy Basmov · Redmond, US
• Magnus Bo Gustaf Nyström · Bedford, US
• Niels T. Ferguson · Redmond, US
• Alex M. Semenko · Issaquah, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/24
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A computing device uses a data encryption and decryption system that includes a trusted runtime and an inline cryptographic processor. The trusted runtime provides a trusted execution environment, and the inline cryptographic processor provides decryption and encryption of data in-line with storage device read and write operations. When a portion (e.g., partition) of a storage device is defined, the trusted runtime generates an encryption key and provides the encryption key to the inline cryptographic processor, which uses the encryption key to encrypt data written to the portion and decrypt data read from the portion. Access to the portion can be subsequently protected by associating the key with authentication credentials of a user or other entity. The trusted runtime protects the encryption key based on an authentication key associated with the authentication credentials, allowing subsequent access to the encryption key only in response to the proper authentication credentials being provided.