IEEE 1619.1-2018 pdf free download – IEEE Standard for Authenticated Encryption with Length Expansion for Storage Devices.
4. General concepts
4.1 Introduction This standard describes elements of an architecture that is suitable for the cryptographic confidentiality and integrity of stored data. This architecture includes a model of several components within a typical system that securely stores and retrieves information. These components are as follows:
— A controller that controls the overall operation of the cryptographic unit and receives status from the cryptographic unit (see 4.2.1)
— A host that provides plaintext data, in the form of host records, to the cryptographic unit and receives plaintext data from the cryptographic unit (see 4.2.2)
— A key manager that may provide or negotiate cipher keys and/or key encrypting keys (KEK) to the cryptographic unit, and that should securely maintain the lifecycle of these cryptographic keys (see 4.2.3)
— A cryptographic unit that performs data formatting, encryption, and decryption, and that may perform cryptographic key management (see 4.2.4)
— A storage medium that provides non-volatile storage of encrypted records and metadata produced by the cryptographic unit (see 4.2.5)
This standard specifies requirements only for the cryptographic unit. An implementer of this standard shall provide documentation to the end-user about the cryptographic unit.This documentation may be in any form (e.g., electronic, printed on paper) that is easily accessible by the end-user. Documentation shall include all the required text as specified throughout this standard. The documentation provides sufficient information to allow optimal use and detailed security evaluation of the cryptographic unit and its environment. SeeAnnex C for a documentation summary.
Figure 1 shows an example of the interactions among the five components listed above and of subcomponents contained within each component. Multiple components shown in Figure 1 may exist within a single embodiment, and multiple instantiations of the same component or subcomponent may exist within a single system.
4.2 Components
4.2.1 Controller
The controller is any entity that controls the overall operation of the cryptographic unit. A controller sends commands to the cryptographic unit and processes status from the cryptographic unit, as needed to implement the policies defined within the controller. There may be multiple controllers controlling a particular cryptographic unit.Acontroller may be part of another component such as a host or key manager.
4.2.2 Host The host provides host records to the cryptographic unit for encryption, and receives host records from the cryptographic unit after decryption. A host record contains plaintext data and may be any size that the cryptographic unit allows. A typical host includes routines to convert arbitrary host plaintext data into host records and vice versa. Such host records may be variable-length, depending on the capabilities of the cryptographic unit. In Figure 1 these routines are as follows:
— Host record formatter: A routine that converts arbitrary host plaintext data into host records for the cryptographic unit
— Host record de-formatter:Aroutine that processes host records from the cryptographic unit into host plaintext data It is not required for a host to implement these functions. The host needs only to present host records to the cryptographic unit, and accept host records from a cryptographic unit. Examples:
— If the cryptographic unit is contained in a tape drive, then the host might be a computer running a backup application in which the backup application takes arbitrary host plaintext data in the form of files and consolidates them into backup sets, breaks these backup sets into variable-length blocks, and sends the blocks as host records to the cryptographic unit.

— If the cryptographic unit is contained in a disk drive, then the host might be an operating system that formats files into fixed-size sectors (typically 512 B) and uses these sectors as host records when sending data to and receiving data from the cryptographic unit.IEEE 1619.1 pdf download.