Methods, systems, and apparatuses for managing a hard drive security system
First Claim
1. A system for use with an electronic device, the electronic device comprising a self-encrypting drive (SED), the SED comprising a nominal space and a pre-boot region, wherein the nominal space can be locked to prevent access to the nominal space, the system comprising:
- a SED management component configured to be loaded in the pre-boot region of the SED, the SED management component comprising;
a pre-boot operating system (OS); and
an access management functionality,wherein the access management functionality comprises an authentication mapping utility operable to provide mapping between a nominal credential of a user and a SED credential of the user,wherein the SED management component is configured to generate a driver session key (DSK), to encrypt an SED credential with the DSK, and to encrypt the DSK with a hash made of the nominal credentials of a given user,wherein the encrypting of the SED credential with the DSK comprises encrypting a SED credential of an authorized user with the DSK, and storing the encrypted SED credential in the pre-boot region,wherein the encrypting of the DSK with a hash made of the nominal credentials of a given user comprises, for each of one or more additional users, creating a hash of the respective additional user'"'"'s nominal credentials, creating a respective encrypted version of the DSK using the respective hash, and storing the respective one or more encrypted versions of the DSK in the pre-boot region, andwherein the SED management component is further configured to;
with the nominal space locked, upon entry of a nominal credential of a given one of the one or more additional users, hash the entered nominal credential to create a hash, and use the hash to attempt to decrypt the encrypted version of the DSK created for the given one of the one or more additional users;
if the attempt to decrypt is successful, use the decrypted version of the DSK created for the given one of the one or more additional users to decrypt the encrypted SED credential, and use the decrypted SED credential to unlock the nominal space, andif the attempt to decrypt fails a predetermined number of times, lock the electronic device.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for use with a computer is provided, the computer including a self-encrypting drive (SED), the SED including a nominal space and a pre-boot region, wherein the nominal space can be locked to prevent access to the nominal space. The system includes SED management software configured to be loaded in the pre-boot region of the SED. The SED management software includes a pre-boot operating system (OS) and an unlocking program. The unlocking program is configured (a) to execute within the pre-boot OS, and (b) upon successful authentication of a user, to unlock the nominal space of the SED. Other embodiments are described and claimed.
-
Citations
118 Claims
-
1. A system for use with an electronic device, the electronic device comprising a self-encrypting drive (SED), the SED comprising a nominal space and a pre-boot region, wherein the nominal space can be locked to prevent access to the nominal space, the system comprising:
-
a SED management component configured to be loaded in the pre-boot region of the SED, the SED management component comprising; a pre-boot operating system (OS); and an access management functionality, wherein the access management functionality comprises an authentication mapping utility operable to provide mapping between a nominal credential of a user and a SED credential of the user, wherein the SED management component is configured to generate a driver session key (DSK), to encrypt an SED credential with the DSK, and to encrypt the DSK with a hash made of the nominal credentials of a given user, wherein the encrypting of the SED credential with the DSK comprises encrypting a SED credential of an authorized user with the DSK, and storing the encrypted SED credential in the pre-boot region, wherein the encrypting of the DSK with a hash made of the nominal credentials of a given user comprises, for each of one or more additional users, creating a hash of the respective additional user'"'"'s nominal credentials, creating a respective encrypted version of the DSK using the respective hash, and storing the respective one or more encrypted versions of the DSK in the pre-boot region, and wherein the SED management component is further configured to; with the nominal space locked, upon entry of a nominal credential of a given one of the one or more additional users, hash the entered nominal credential to create a hash, and use the hash to attempt to decrypt the encrypted version of the DSK created for the given one of the one or more additional users; if the attempt to decrypt is successful, use the decrypted version of the DSK created for the given one of the one or more additional users to decrypt the encrypted SED credential, and use the decrypted SED credential to unlock the nominal space, and if the attempt to decrypt fails a predetermined number of times, lock the electronic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 118)
-
-
28. A method for use with an electronic device, the electronic device comprising a self-encrypting drive (SED), the SED comprising a nominal space and a pre-boot region, wherein the nominal space can be locked to prevent access to the nominal space, the method comprising:
-
providing an access management functionality; providing mapping between a nominal credential of a user and a SED credential of the user; generating a driver session key (DSK); encrypting a SED credential with the DSK; and encrypting the DSK with a hash made of the nominal credentials of a given user, wherein the encrypting of the SED credential with the DSK comprises encrypting a SED credential of an authorized user with the DSK, and storing the encrypted SED credential in the pre-boot region, wherein the encrypting of the DSK with a hash made of the nominal credentials of a given user comprises, for each of one or more additional users, creating a hash of the respective additional user'"'"'s nominal credentials, creating a respective encrypted version of the DSK using the respective hash, and storing the respective one or more encrypted versions of the DSK in the pre-boot region, and wherein the method further comprises; with the nominal space locked, upon entry of a nominal credential of a given one of the one or more additional users, hashing the entered nominal credential to create a hash, and using the hash to attempt to decrypt the encrypted version of the DSK created for the given one of the one or more additional users; if the attempt to decrypt is successful, using the decrypted version of the DSK created for the given one of the one or more additional users to decrypt the encrypted SED credential, and using the decrypted SED credential to unlock the nominal space; and if the attempt to decrypt fails a predetermined number of times, locking the electronic device. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 113, 114, 115, 116, 117)
-
Specification