Method and apparatus for operating a computer in a secure mode

US 7,043,643 B1
Filed: 12/06/2001
Issued: 05/09/2006
Est. Priority Date: 12/06/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing a secure computing environment, comprising:

providing a portable encryption control device;

attaching the portable encryption control device to a computing device;

triggering a bus reset on the computer in response to attaching the portable encryption control device;

enabling a user to control and customize the portable encryption control device features through a system tray utility program;

authenticating the user as a valid owner of a smart card;

initializing the encryption control device through a challenge/response protocol with the smart card if the valid owner is authenticated;

activating an encryption/decryption engine of the encryption control device to enable access to data in a secure computing environment if the challenge response protocol is executed successfully;

enabling the user to add a secondary user to the smart card; and

setting the secondary user'"'"'s level of access to the portable encryption control device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for activating an encryption control device that is in communication with a computer for providing a secure computing environment for a user is provided. The method initiates with providing a card for insertion into a card reader of the encryption control device. The card is configured to receive and pass data. Next, a biometric identifier is received from the user. The biometric identifier enables validation of the user as the authorized owner of the card. Then, a challenge/response protocol between the encryption control and the inserted card is run. The challenge/response protocol establishes that the card and the encryption control device are compatible. Next, an encryption engine of the encryption control device is activated to create a secure computing environment if the user is validated as the authorized owner of the card and the challenge/response protocol is successfully executed.

70 Citations

View as Search Results

19 Claims

1. A method for providing a secure computing environment, comprising:
- providing a portable encryption control device;
  
  attaching the portable encryption control device to a computing device;
  
  triggering a bus reset on the computer in response to attaching the portable encryption control device;
  
  enabling a user to control and customize the portable encryption control device features through a system tray utility program;
  
  authenticating the user as a valid owner of a smart card;
  
  initializing the encryption control device through a challenge/response protocol with the smart card if the valid owner is authenticated;
  
  activating an encryption/decryption engine of the encryption control device to enable access to data in a secure computing environment if the challenge response protocol is executed successfully;
  
  enabling the user to add a secondary user to the smart card; and
  
  setting the secondary user'"'"'s level of access to the portable encryption control device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
- - 2. The method as recited in claim 1, wherein the authenticating the user as a valid owner of the smart card includes providing a personal identification number.
  - 3. The method as recited in claim 1, wherein the authenticating the user as a valid owner of the smart card includes providing a biometric identifier.
  - 4. The method as recited in claim 1, wherein the challenge/response protocol includes an exchange of private and public keys between the encryption control device and a smart card.
  - 5. The method as recited in claim 1, wherein a biometric scanner is employed for authenticating a user.
  - 6. The method as recited in claim 1, further including,monitoring for continued presence of the valid owner;
    - andlocking the encryption control device if the valid owner is not detected.
  - 7. The method as recited in claim 1, wherein the smart card stores the user'"'"'s personal data.
  - 8. The method as recited in claim 1, wherein a personal identification number is used to authenticate a user.
  - 9. The method as recited in claim 1, further including, providing control switches for bypassing the encryption control device.
  - 10. The method as recited in claim 1, wherein enabling a user to control and customize the portable encryption control device features through a system tray utility program includes,tracking unauthorized attempts made to access the portable encryption control device, andallowing for a remote shutdown of the portable encryption control device.
  - 12. The method as recited in claim 10, wherein the encryption engine executes RSA public-key cryptosystem.

11. A method for activating an encryption control device that is in communication with a computer for providing a secure computing environment for a user, comprising:
- providing a card for insertion into a card reader of the portable encryption control device, the card being configured to receive and pass data;
  
  attaching the portable encryption device to the computer;
  
  triggering a bus reset on the computer in response to attaching the portable encryption control device;
  
  enabling a user to control and customize the portable encryption control device features through a system tray utility program, the enabling including,tracking unauthorized attempts made to access the portable encryption control device, andallowing for remote shutdown of the portable encryption control device;
  
  receiving a biometric identifier from the user, the biometric identifier enabling validation of the user as the authorized owner of the card;
  
  running a challenge/response protocol between the encryption control device and the inserted card, the challenge/response protocol establishing that the inserted card and the encryption control device are compatible; and
  
  activating an encryption/decryption engine of the encryption control device to create a secure computing environment if the user is validated as the authorized owner of the card and challenge response protocol is successfully executed;
  
  enabling the user to add a secondary user to the smart card; and
  
  setting the secondary user'"'"'s level of access to the portable encryption control device.
- View Dependent Claims (13, 14)
- - 13. The method as recited in claim 11, wherein the data are public and private keys.
  - 14. The method as recited in claim 11, wherein execution of the challenge/response protocol establishes a secure path between the encryption control device and the inserted card, the secure path allowing for configuration and biometric data from the encryption control device to be transferred to the inserted card and allowing data from the inserted card to be downloaded to the encryption control device.

15. A method for operating a computer in a secure mode, comprising:
- attaching a portable encryption control device (ECD) to the computer;
  
  triggering a bus reset on the computer in response to attaching the portable encryption control device;
  
  enabling a user to control and customize the portable encryption control device features through a system tray utility program;
  
  authenticating the user as a valid owner of the smart card, the authenticating further including,receiving a biometric identifier from the user, andcomparing the received biometric indicator with the stored biometric indicator for a match;
  
  activating an encryption/decryption engine of the encryption control device to create a secure operating mode if the user is authenticated;
  
  enabling the user to add a secondary user to the smart card upon authentication; and
  
  setting the secondary user'"'"'s level of access to the portable encryption control device.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method as recited in claim 15, wherein the ECD includes a storage medium for storing encrypted data.
  - 17. The method as recited in claim 15, wherein encrypted data is stored on a virtual drive of the computer.
  - 18. The method as recited in claim 15, further including;
    - allowing the user to transfer unencrypted data from a non-secure storage drive to a secure storage drive, the secure storage drive storing data in an encrypted format.
  - 19. The method as recited in claim 15, wherein enabling a user to control and customize the portable encryption control device features through a system tray utility program includes,tracking unauthorized attempts made to access the portable encryption control device, andallowing for a remote shutdown of the portable encryption control device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Adaptec Incorporated (Steel Partners Holdings LP)
Inventors
Nguyen, Francis L., Doe, Kin, Perona, Leigh
Primary Examiner(s)
Peeso, Thomas R.
Assistant Examiner(s)
SANDOVAL, KRISTIN D

Application Number

US10/006,049
Time in Patent Office

1,615 Days
Field of Search

713/186
US Class Current

713/189
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/57   Certifying or maintaining t...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Method and apparatus for operating a computer in a secure mode

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for operating a computer in a secure mode

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links