Encrypting operating system
First Claim
1. A computer operating system comprising a kernel, the kernel configured to encrypt and decrypt data transferred between a computer memory and a secondary device.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of and system for encrypting and decrypting data on a computer system is disclosed. In one embodiment, the system comprises an encrypting operating system (EOS), which is a modified UNIX operating system. The EOS is configured to use a symmetric encryption algorithm and an encryption key to encrypt data transferred from physical memory to secondary devices, such as disks, swap devices, network file systems, network buffers, pseudo file systems, or any other structures external to the physical memory and on which can data can be stored. The EOS further uses the symmetric encryption algorithm and the encryption key to decrypt data transferred from the secondary devices back to physical memory. In other embodiments, the EOS adds an extra layer of security by also encrypting the directory structure used to locate the encrypted data. In a further embodiment a user or process is authenticated and its credentials checked before a file can be accessed, using a key management facility that controls access to one or more keys for encrypting and decrypting data.
-
Citations
58 Claims
- 1. A computer operating system comprising a kernel, the kernel configured to encrypt and decrypt data transferred between a computer memory and a secondary device.
-
26. A computer system comprising:
-
a. a first device having an operating system kernel, the operating system kernel configured to encrypt clear data using an encryption key to generate cipher data, the first device further configured to decrypt the cipher data using the encryption key to generate the clear data; and
b. a second device coupled to the first device and configured to exchange cipher data with the first device. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method of encrypting data, the method comprising:
-
a. receiving clear data; and
b. executing kernel code in an operating system, the kernel code using a symmetric key to encrypt the clear data to generate cipher data, the kernel code further using the symmetric key to decrypt the cipher data to generate the clear data. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A computer system comprising:
-
a. a processor;
b. a physical memory;
c. a secondary device coupled to the physical memory; and
d. an operating system comprising a kernel, the kernel configured to encrypt and decrypt data transferred between the physical memory and the secondary device. - View Dependent Claims (49, 50, 51, 52)
-
-
53. A method of accessing a file, the method comprising:
-
a. authenticating a user;
b. checking the user'"'"'s permission to access the file; and
c. encrypting the file using an encryption key. - View Dependent Claims (54, 55, 56, 57, 58)
-
Specification