Computer software encryption apparatus

US 4,937,861 A
Filed: 08/03/1988
Issued: 06/26/1990
Est. Priority Date: 08/03/1988
Status: Expired due to Fees

First Claim

Patent Images

1. In a computer system having a fixed data storage medium, a removable data storage medium and a buffer area for communicating with said fixed data storage medium and said removable data storage medium, a data security system comprising:

a selectively invocable nonencrypting operating routine for controlling said removable data storage medium;

a selectively invocable encrypting operating routine for controlling said removable data storage medium;

a power-on self-test routine for automatically enabling said encrypting operating routine and disabling said nonencrypting operating routine upon power up of said computer system;

a security means invoked by said encrypting operating routine and communicating with said buffer area for automatically intercepting and encrypting data flowing from said buffer area to said removable data storage medium for storage on said removable data storage medium in an encrypted state and for intercepting and decrypting data flowing from said removable data storage medium to said buffer area without intercepting and encrypting data flowing from said buffer area to said fixed data storage medium; and

a means for testing user input requesting encryption to be disabled and responding to said user input by enabling said nonencrypting operating routine and disabling said encrypting operating routine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data security is provided using an encryption/decryption algorithm which attaches at the primitive BIOS level of the operating system automatically during the power-on self-test routines. The encryption/decryption process is implemented by intercepting the removable media or floppy diskette interrupt in order to add additional interrupt handling routing instructions which perform the encryption and decryption of data passed between the diskette controller and the data transfer buffer area within system RAM. Bitwise alteration of the data in a predefined relationship is used to encrypt and decrypt. The encryption/decryption system attaches before the computer power-up sequence renders data entry hardward active, hence the user cannot readily override the security system. Data stored on nonremovable media such as hard disk media is not encrypted, thereby preserving the integrity of more permanent data.

46 Citations

View as Search Results

13 Claims

1. In a computer system having a fixed data storage medium, a removable data storage medium and a buffer area for communicating with said fixed data storage medium and said removable data storage medium, a data security system comprising:
- a selectively invocable nonencrypting operating routine for controlling said removable data storage medium;
  
  a selectively invocable encrypting operating routine for controlling said removable data storage medium;
  
  a power-on self-test routine for automatically enabling said encrypting operating routine and disabling said nonencrypting operating routine upon power up of said computer system;
  
  a security means invoked by said encrypting operating routine and communicating with said buffer area for automatically intercepting and encrypting data flowing from said buffer area to said removable data storage medium for storage on said removable data storage medium in an encrypted state and for intercepting and decrypting data flowing from said removable data storage medium to said buffer area without intercepting and encrypting data flowing from said buffer area to said fixed data storage medium; and
  
  a means for testing user input requesting encryption to be disabled and responding to said user input by enabling said nonencrypting operating routine and disabling said encrypting operating routine.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The data security system of claim 1 wherein said computer system includes nonvolatile program means for providing instructions whereby data may be transferred between said removable data storage medium and said buffer area and wherein said security means communicates with said nonvolatile program means.
  - 3. The data security system of claim 2 wherein said security means includes encryption program means having means for intercepting control from said nonvolatile program means.
  - 4. The data security system of claim 2 wherein said security means includes encryption program means having means for intercepting control from said nonvolatile program means to effect encryption and having means for thereafter returning control to said nonvolatile program means.
  - 5. The data security system of claim 1 wherein said security means is stored at least in part in nonvolatile memory.
  - 6. The data security system of claim 1 wherein said computer system includes nonvolatile program means for providing instructions whereby data may be transferred between said removable data storage medium and said buffer area and wherein said security means includes decryption program means having means for intercepting control from said nonvolatile program means.
  - 7. The data security system of claim 1 wherein said security means includes decryption program means having means for intercepting control from said nonvolatile program means to effect decryption following the transfer of data from said data storage medium to said buffer area.

8. In a computer system having a processor means for operating on data comprising arrangements of binary digits, means for implementing a power-on routine for causing said processor to scan a predetermined range of memory location addresses for instructions after power-on, means for enabling said processor means to communicate with data storage media comprising program means for reading and writing data to a fixed data storage medium and to a removable data storage medium, a data security system comprising:
- security program means disposed within said predetermined range of memory location addresses and providing instructions for causing said processor means to automatically alter said program means for reading and writing during said power-on routine;
  
  said security program means causing data communicated between at least one of said fixed and removable data storage media and said processor means to be altered such that said data stored on said one of said data storage media is represented using a different arrangement of binary digits than is used when said data is operated upon by said processor;
  
  said security program means further including means for testing user input requesting the disabling of security and for responding to said user input by causing data communicated between at least one of said fixed and removable data storage media and said processor means to be communicated without alteration, such that said data stored on said one of said data storage media is represented using the same arrangement, of binary digits as is used when said data is operated upon by said processor.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The data security system of claim 8 wherein said security program is stored at least in part in nonvolatile memory.
  - 10. The data security system of claim 8 wherein said security program is stored at least in part in nonvolatile memory in which is also stored at least a portion of said instructions.
  - 11. The data security system of claim 8 wherein said security program includes means for altering said data by bitwise rotation.
  - 12. The data security system of claim 8 wherein said power-on routine comprises at least one computer self-test routine.
  - 13. The data security system of claim 8 wherein said security program causes said processor means to alter said program means for reading and writing at a time during said power-on routine before access to said computer system by external human input may be effected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kelly Services Incorporated
Original Assignee
Kelly Services Incorporated
Inventors
Cummins, Marty T.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/227,720
Time in Patent Office

692 Days
Field of Search

380/4, 380/25, 380/49, 380/50, 380/2
US Class Current

380/2
CPC Class Codes

G06F 21/78 to assure secure storage of...

Computer software encryption apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Computer software encryption apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links