Systems and methods for controlling access to data on a computer with a secure boot process
First Claim
1. A computer comprising a mechanism for disabling access to at least one secret for decrypting encrypted data stored on a computer readable medium, comprising:
- means for securely booting the computer comprising means for authenticating at least one boot component, wherein at least one secret may be accessed if said at least one boot component is authentic;
means for decrypting the encrypted data using said at least one secret;
means for disabling said at least one secret.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.
74 Citations
20 Claims
-
1. A computer comprising a mechanism for disabling access to at least one secret for decrypting encrypted data stored on a computer readable medium, comprising:
-
means for securely booting the computer comprising means for authenticating at least one boot component, wherein at least one secret may be accessed if said at least one boot component is authentic;
means for decrypting the encrypted data using said at least one secret;
means for disabling said at least one secret. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer readable medium bearing instructions for disabling access to at least one secret for decrypting encrypted data stored on a computer readable medium, comprising:
-
instructions for securely booting the computer comprising instructions for authenticating at least one boot component, wherein at least one secret may be accessed if said at least one boot component is authentic;
instructions for decrypting the encrypted data using said at least one secret;
instructions for disabling said at least one secret. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for disabling access to at least one secret for decrypting encrypted data stored on a computer readable medium, comprising:
-
securely booting the computer, wherein said securely booting comprises authenticating at least one boot component, and wherein at least one secret may be accessed if said at least one boot component is authentic;
decrypting at least a portion of the encrypted data using said at least one secret, wherein said at least a portion of the encrypted data contains a process for locating and disabling said at least one secret;
disabling said at least one secret. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer readable medium bearing instructions for disabling access to at least one secret for decrypting encrypted data stored on a computer readable medium, comprising:
-
instructions for encrypting data;
instructions for sealing a secret within a hardware security module, wherein said secret allows decryption of the data;
instructions for disabling the secret that is sealed within the hardware security module (HSM). - View Dependent Claims (20)
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsSchwartz, Jonathan, England, Paul, Ray, Kenneth D., Thom, Stefan, Hunter, Jamie, Schwartz, James Anthony Jr., Humphries, Russell
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/189
-
CPC Class CodesG06F 21/575 Secure bootG06F 21/78 to assure secure storage of...
