CPC G06F 21/78 (2013.01) [G06F 21/602 (2013.01); G06F 21/74 (2013.01); G06F 21/85 (2013.01)] | 20 Claims |
1. A data storage device comprising:
a first cryptography engine selected to apply a first cryptographic function to data;
a second cryptography engine selected, responsive to selection of the first cryptography engine, to apply a second cryptographic function to data, wherein the first cryptographic function is inverse, and symmetric, to the second cryptographic function;
a duplex bus configured to support parallel operation of:
a read channel configured to: receive data from a host device; and select between the first cryptography engine and the second cryptography engine; and
a write channel configured to: write data to the host device; and select between the first cryptography engine and the second cryptography engine;
a processor configured to control the data storage device; a storage medium;
a first path configured to pass user data from the storage medium to the host device, wherein: the first path passes through the second cryptography engine to apply the second cryptographic function to the user data sent to the host device; and the write channel is selectively operable to form part of the first path for the user data;
a second path configured to pass user data from the host device to the storage medium, wherein: the second path passes through the first cryptography engine to apply the first cryptographic function to the user data sent to the storage medium; and the read channel is selectively operable to form part of the second path for the user data;
a third path configured to pass device management data from the processor to a host memory of the host device, wherein the third path: passes through the second cryptography engine to apply the second cryptographic function to the device management data sent to the host memory; uses direct memory access to write the device management data to the host memory; and the write channel is selectively operable to form part of the third path for the device management data responsive to the first path not being operated; and
a fourth path configured to pass device management data from the host memory to the processor, wherein the fourth path: passes through the first cryptography engine to apply the first cryptographic function to the device management data received at the processor; uses direct memory access to read the device management data from the host memory; and the read channel is selectively operable to form part of the fourth path for the device management data responsive to the second path not being operated.
|