Computer architecture for an electronic device providing a secure file system

US 20070226517A1
Filed: 03/23/2006
Published: 09/27/2007
Est. Priority Date: 03/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method for providing a secure file service, comprising:

receiving at a cryptographic processor a request from a secure user processor for a classified data file;

responsive to said request, accessing with said cryptographic processor a secure file system containing said classified data file;

decrypting said classified data file with said cryptographic processor; and

serving said classified data file to said secure user processor in decrypted form.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure file service includes a cryptographic processor (302, 602) and a secure file system (301, 601). The cryptographic processor is comprised of a trusted microprocessor and a trusted operating system executing on the trusted cryptographic processor. The cryptographic processor includes hardware and software for accessing at least one classified data file from the secure file system, decrypting the classified data file, and serving the classified data file in decrypted form to a secure user processor (402, 502, 702) that has requested the file. The secure file system can be either a single-level secure file system (301) or a multi-level secure file system (601).

76 Citations

View as Search Results

28 Claims

1. A method for providing a secure file service, comprising:
- receiving at a cryptographic processor a request from a secure user processor for a classified data file;
  
  responsive to said request, accessing with said cryptographic processor a secure file system containing said classified data file;
  
  decrypting said classified data file with said cryptographic processor; and
  
  serving said classified data file to said secure user processor in decrypted form.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 24)
- - 2. The method according to claim 1, further comprising selecting said cryptographic processor to include one or more hardware based encryption services that facilitate the encryption and decryption of classified data files.
  - 3. The method according to claim 2, further comprising selecting said hardware based encryption services from the group consisting of an hardware implemented cryptographic algorithm, a random number generator, and an exponentiator.
  - 4. The method according to claim 1, further comprising selecting said secure file system from the group consisting of a single-level secure file system and a multi-level secure file system.
  - 5. The method according to claim 1, further comprising communicating said classified data file from said cryptographic processor to said secure user processor over a secure path.
  - 6. The method according to claim 1, further comprising generating said request for said classified data file at a secure human/machine interface and communicating said request to said secure user processor.
  - 7. The method according to claim 1, further comprising, displaying information contained in said classified data file to a user with said secure human/machine interface.
  - 8. The method according to claim 1, further comprising:
    - communicating said classified data file from said secure user processor to said cryptographic processor;
      
      encrypting said classified data file using said cryptographic processor; and
      
      accessing said secure file system with said cryptographic processor to store said classified data file after encryption in said secure file system.
  - 9. The method according to claim 1, further comprising, authenticating a user to said cryptographic processor by communicating at least one user authentication information to said cryptographic processor.
  - 10. The method according to claim 1, further comprising:
    - receiving at a cryptographic processor a request from a secure user processor for a non-encrypted unclassified data file;
      
      responsive to said request, accessing with said cryptographic processor a secure file system containing said unclassified data file; and
      
      serving said unclassified data file to said secure user processor in plain-text form.
  - 11. The method according to claim 1, further comprising selecting said cryptographic processor to include a trusted microprocessor and a trusted operating system executing on said trusted cryptographic processor.
  - 12. The method according to claim 1, further comprising selecting said secure user processor to include a trusted microprocessor hardware.
  - 13. The method according to claim 12, further comprising selecting said secure user processor to include a trusted operating system.
  - 14. The method according to claim 12, further comprising selecting said secure user processor to include an untrusted operating system.
  - 24. The system according to claim 1, wherein said cryptographic processor further comprises means for accessing a secure data file system responsive to a request from said secure user processor for an unclassified plain-text data file, and means for serving said unclassified data file to said secure user processor.

15. A system for providing a secure file service, comprising:
- a cryptographic processor comprising means for encrypting and decrypting a classified data file;
  
  a secure file system hosted by said cryptographic processor containing classified data files and accessible exclusively to said cryptographic processor; and
  
  wherein said cryptographic processor comprises processing means responsive to a secure user processor distinct from said cryptographic processor for accessing at least one classified data file from said secure file system, decrypting said classified data file, and serving said classified data file to said secure user processor in decrypted form.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 25, 26, 27, 28)
- - 16. The system according to claim 15, wherein said cryptographic processor further comprises one or more hardware based encryption services that facilitate the encryption and decryption of classified data files.
  - 17. The system according to claim 16, wherein said hardware based encryption services are selected from the group consisting of a hardware implemented cryptographic algorithm, a random number generator, and an exponentiator.
  - 18. The system according to claim 15, wherein said secure file system is selected from the group consisting of a single-level secure file system and a multi-level secure file system.
  - 19. The system according to claim 15, further comprising a secure path defining a data communication link between said secure user processor and said cryptographic processor.
  - 20. The system according to claim 15, further comprising a secure human/machine interface operatively connected to said secure user processor configured for communicating user commands to said secure user processor and for displaying classified data files.
  - 21. The system according to claim 15, wherein said secure user processor further comprises processing means for communicating said classified data file from said secure user processor to said cryptographic processor.
  - 22. The system according to claim 21, further wherein said cryptographic processor further comprises processing means for encrypting said classified data file, and for accessing said secure file system with said cryptographic processor to store said classified data file after encryption in said secure file system.
  - 23. The system according to claim 15, wherein at least one of said secure user processor and said cryptographic processor further comprises processing means for authenticating a user responsive to at least one user authentication information.
  - 25. The system according to claim 15, wherein said cryptographic processor is comprised of a trusted microprocessor and a trusted operating system executing on said trusted cryptographic processor.
  - 26. The system according to claim 15, wherein said secure user processor include a trusted microprocessor hardware.
  - 27. The system according to claim 26, wherein said secure user processor is comprised of a trusted operating system.
  - 28. The system according to claim 26, wherein said secure user processor comprises an untrusted operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nera Innovations Limited (Atlantic IP Services Limited)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Murray, Jeffrey, Blessing, John, O'Brien, Terence, Schmalbach, Richard

Granted Patent

US 8,127,145 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2113   Multi-level security, e.g. ...

Computer architecture for an electronic device providing a secure file system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Computer architecture for an electronic device providing a secure file system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links