System and Method for Pre-Operating System Encryption and Decryption of Data

US 20110225406A1
Filed: 03/10/2010
Published: 09/15/2011
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. An information handling system, comprising:

a processor;

a memory communicatively coupled to the processor;

an encryption accelerator communicatively coupled to the processor, the encryption accelerator configured to encrypt or decrypt data in response to a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation; and

a computer-readable medium communicatively coupled to the processor and having instructions stored thereon, the instructions configured to, when executed by the processor;

monitor for input/output operations occurring prior to loading of an operating system into the memory; and

in response to detection of an input/output operation, communicate a command to the encryption accelerator to perform an encryption or decryption task upon data associated with an input/output operation.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, an encryption accelerator communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The encryption accelerator may be configured to encrypt or decrypt data in response to a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) monitor for input/output operations occurring prior to loading of an operating system into the memory; and (ii) in response to detection of an input/output operation, communicate a command to the encryption accelerator to perform an encryption or decryption task upon data associated with an input/output operation.

Citations

20 Claims

1. An information handling system, comprising:
- a processor;
  
  a memory communicatively coupled to the processor;
  
  an encryption accelerator communicatively coupled to the processor, the encryption accelerator configured to encrypt or decrypt data in response to a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation; and
  
  a computer-readable medium communicatively coupled to the processor and having instructions stored thereon, the instructions configured to, when executed by the processor;
  
  monitor for input/output operations occurring prior to loading of an operating system into the memory; and
  
  in response to detection of an input/output operation, communicate a command to the encryption accelerator to perform an encryption or decryption task upon data associated with an input/output operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. An information handling system according to claim 1, wherein the computer-readable medium is an integral part of a basic input/output system (BIOS) of the information handling system.
  - 3. An information handling system according to claim 1, wherein:
    - the computer-readable medium further has stored thereon an encryption key;
      
      the instructions are further configured to, when executed, communicate the encryption key to the encryption accelerator; and
      
      the encryption accelerator is further configured to encrypt or decrypt data based on the encryption key.
  - 4. An information handling system according to claim 3, wherein:
    - the encryption key is stored on the computer-readable medium in a sealed format; and
      
      the instructions are further configured to, when executed, unseal the encryption key.
  - 5. An information handling system according to claim 1, wherein the instructions are further configured to, when executed:
    - designate a particular one of a plurality of cryptographic functions for encrypting or decrypting the data; and
      
      communicate the designation to the encryption accelerator.
  - 6. An information handling system according to claim 5, the encryption accelerator further configured to encrypt or decrypt data based on the particular one of the plurality of cryptographic functions.
  - 7. An information handling system according to claim 5, wherein the plurality of cryptographic functions includes at least one of an encryption algorithm, an algorithm mode, a cryptographic hash, and a sign function.

8. A method for pre-operating system encryption and decryption of data, comprising:
- loading a program of instructions stored in a basic input/output system, the program of instructions configured to, when executed by a processor;
  
  monitor for an input/output operation occurring prior to loading of an operating system into a memory communicatively coupled to the processor; and
  
  in response to detection of an input/output operation, communicate a command to an encryption accelerator communicatively coupled to the processor to perform an encryption or decryption task upon data associated with an input/output operation;
  
  wherein the encryption accelerator is configured to encrypt or decrypt data to perform the encryption or decryption task upon data associated with an input/output operation in response to the command.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A method according to claim 8, further comprising loading the program of instruction from a basic input/output system (BIOS).
  - 10. A method according to claim 8, the program of instructions further configured to:
    - load an encryption key stored in a basic input/output system (BIOS); and
      
      communicate the encryption key to the encryption accelerator, wherein encryption accelerator is configured to encrypt or decrypt data based on the encryption key.
  - 11. A method according to claim 10, wherein:
    - the encryption key is stored in the BIOS in a sealed format; and
      
      the program of instructions is further configured to, when executed, cause a cryptoprocessor communicatively coupled to the encryption accelerator to unseal the encryption key.
  - 12. A method according to claim 8, the program of instructions further configured to:
    - designate a particular one of a plurality of cryptographic functions for encrypting or decrypting the data; and
      
      communicate the designation to the encryption accelerator.
  - 13. A method according to claim 12, wherein the encryption accelerator is configured to encrypt or decrypt data based on the particular one of the plurality of cryptographic functions.
  - 14. A method according to claim 12, wherein the plurality of cryptographic functions includes at least one of an encryption algorithm, an algorithm mode, a cryptographic hash, and a sign function.

15. A basic input/output system (BIOS) for use in an information handling system, comprising:
- logic for monitoring for an input/output operation occurring prior to loading of an operating system by the information handling system; and
  
  logic for communicating, in response to detection of an input/output operation, a command to an encryption accelerator to perform an encryption or decryption task upon data associated with an input/output operation;
  
  wherein the encryption accelerator is configured to encrypt or decrypt data to perform the encryption or decryption task upon data associated with an input/output operation in response to the command.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A BIOS according to claim 15, further comprising logic for communicating an encryption key stored in the BIOS to the encryption accelerator, wherein encryption accelerator is configured to encrypt or decrypt data based on the encryption key.
  - 17. A BIOS according to claim 16, further comprising logic for decrypting the encryption key prior to communicating the encryption key to the encryption accelerator.
  - 18. A BIOS according to claim 15, further comprising:
    - logic for designating a particular one of a plurality of cryptographic functions for encrypting or decrypting the data; and
      
      logic for communicating the designation to the encryption accelerator.
  - 19. A BIOS according to claim 18, wherein the encryption accelerator is configured to encrypt or decrypt data based on the particular one of the plurality of cryptographic functions.
  - 20. A BIOS according to claim 18, wherein the plurality of cryptographic functions includes at least one of an encryption algorithm, an algorithm mode, a cryptographic hash, and a sign function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Nelson, Amy Christine, Alexander, Marc D., Decker, Brian, Stufflebeam, Kenneth W. JR.

Granted Patent

US 8,856,550 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

System and Method for Pre-Operating System Encryption and Decryption of Data

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Pre-Operating System Encryption and Decryption of Data

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links