US Patent 10536266 Cryptographically securing entropy for later use

Apparatus and method for managing entropy in a cryptographic processing system. In some embodiments, a first block of conditioned entropy is generated from at least one entropy source. The first block of conditioned entropy is subjected to a first cryptographic process to generate cryptographically secured entropy which is stored in a memory. The cryptographically secured entropy is subsequently retrieved from the memory and subjected to a second cryptographic process to generate a second block of conditioned entropy, which is thereafter used as an input in a third cryptographic process such as to encrypt or decrypt user data in a data storage device. The first cryptographic process may include an encryption algorithm to generate ciphertext and a hash function to generate a keyed digest value, such as an HMAC value, to detect tampering with the ciphertext by an attacker. The second cryptographic process may decrypt or further encrypt the ciphertext.