	US 11,720,715 B2
	Secure data storage device and method of encryption
Amir Segev, Meitar (IL); and Shay Benisty, Beer Sheva (IL)
Assigned to Western Digital Technologies, Inc., San Jose, CA (US)
Filed by Western Digital Technologies, Inc., San Jose, CA (US)
Filed on Mar. 21, 2021, as Appl. No. 17/207,725.
Prior Publication US 2022/0300663 A1, Sep. 22, 2022
Int. Cl. G06F 21/78 (2013.01); G06F 21/85 (2013.01); G06F 21/74 (2013.01); G06F 21/60 (2013.01)

CPC G06F 21/78 (2013.01) [G06F 21/602 (2013.01); G06F 21/74 (2013.01); G06F 21/85 (2013.01)]

20 Claims

1. A data storage device comprising:

a first cryptography engine selected to apply a first cryptographic function to data;

a second cryptography engine selected, responsive to selection of the first cryptography engine, to apply a second cryptographic function to data, wherein the first cryptographic function is inverse, and symmetric, to the second cryptographic function;

a duplex bus configured to support parallel operation of:

a read channel configured to: receive data from a host device; and select between the first cryptography engine and the second cryptography engine; and

a write channel configured to: write data to the host device; and select between the first cryptography engine and the second cryptography engine;

a processor configured to control the data storage device; a storage medium;

a first path configured to pass user data from the storage medium to the host device, wherein: the first path passes through the second cryptography engine to apply the second cryptographic function to the user data sent to the host device; and the write channel is selectively operable to form part of the first path for the user data;

a second path configured to pass user data from the host device to the storage medium, wherein: the second path passes through the first cryptography engine to apply the first cryptographic function to the user data sent to the storage medium; and the read channel is selectively operable to form part of the second path for the user data;

a third path configured to pass device management data from the processor to a host memory of the host device, wherein the third path: passes through the second cryptography engine to apply the second cryptographic function to the device management data sent to the host memory; uses direct memory access to write the device management data to the host memory; and the write channel is selectively operable to form part of the third path for the device management data responsive to the first path not being operated; and

a fourth path configured to pass device management data from the host memory to the processor, wherein the fourth path: passes through the first cryptography engine to apply the first cryptographic function to the device management data received at the processor; uses direct memory access to read the device management data from the host memory; and the read channel is selectively operable to form part of the fourth path for the device management data responsive to the second path not being operated.