The Boeing Company
Data-at-rest (DAR) encryption for integrated storage media

Abstract:

An improved system for providing transparent, in-line encryption of data-at-rest (DAR) stored by a host controller of a host device. An encryption core is instantiated in a hardware device physically coupled to a system board within the host device. The encryption core includes a storage device proxy, an encryption engine, and a plurality of host device proxies. Each host proxy among the plurality of host proxies interfaces the host controller to one persistent storage device among a plurality of persistent storage devices within the host device via the storage device proxy. The storage device proxy exposes the plurality of persistent storage devices to the host controller as a single persistent storage device. The encryption core encrypts and decrypts DAR exchanged between the host controller and an encrypted storage device.