Method and apparatus for a secure computing environment
First Claim
1. An apparatus to enable operation of a computer by authorized users when in a secure mode of operation, the apparatus comprising:
- a hub, the hub being configured to be portable and in communication with the computer, the hub further including,an installed system tray program configured to allow on demand customization of hub features using a graphical user interface, the customization of hub features including an ability to allow a user to select secure hub ports and an ability to permit a user to enable remote locking of the hub;
a card reader;
a hub microprocessor, andan encryption engine configured to encrypt/decrypt data communications between the hub and a data storage device protected by the hub, the encryption engine including,a plurality of encryption/decryption channels, anda control logic that is configured to determine which encryption/decryption channel is available and direct encrypted data passing through the hub to available encryption/decryption channels;
a card, the card being configured for insertion into the card reader, the card including a card microprocessor; and
a user authentication device, the user authentication device being configured to validate the user as an authorized user of the card wherein, if the user is validated as the authorized user, the card microprocessor being configured to pass a key to the hub microprocessor in response to the validation of the user as the authorized user of the card, thereby activating the encryption engine of the hub to-allow encryption/decryption of data communications.
6 Assignments
0 Petitions
Accused Products
Abstract
An apparatus to enable operation of a computer by authorized users when in a secure mode of operation is provided. One exemplary apparatus includes a hub configured to be in communication with the computer. The hub includes a card reader, a card microprocessor and an encryption engine. The apparatus also includes a card configured for insertion into the card reader. The card includes a card microprocessor. In addition, the apparatus includes a user authentication device configured to validate the user as an authorized user of the card. If the user is validated as the authorized user, then the card microprocessor passes a key to the hub microprocessor in response to the validation of the user as the authorized user of the card. The encryption engine of the hub is then activated to operate in a secure mode of operation.
-
Citations
20 Claims
-
1. An apparatus to enable operation of a computer by authorized users when in a secure mode of operation, the apparatus comprising:
-
a hub, the hub being configured to be portable and in communication with the computer, the hub further including, an installed system tray program configured to allow on demand customization of hub features using a graphical user interface, the customization of hub features including an ability to allow a user to select secure hub ports and an ability to permit a user to enable remote locking of the hub; a card reader; a hub microprocessor, and an encryption engine configured to encrypt/decrypt data communications between the hub and a data storage device protected by the hub, the encryption engine including, a plurality of encryption/decryption channels, and a control logic that is configured to determine which encryption/decryption channel is available and direct encrypted data passing through the hub to available encryption/decryption channels; a card, the card being configured for insertion into the card reader, the card including a card microprocessor; and a user authentication device, the user authentication device being configured to validate the user as an authorized user of the card wherein, if the user is validated as the authorized user, the card microprocessor being configured to pass a key to the hub microprocessor in response to the validation of the user as the authorized user of the card, thereby activating the encryption engine of the hub to-allow encryption/decryption of data communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer security system for a computer, comprising:
-
a portable encryption control device, the encryption control device being in communication with the computer, the encryption control device including, a card reader, the card reader being in communication with an encryption control device microprocessor, a biometric identifier, and an encryption engine configured to encrypt/decrypt data communications between the portable encryption control device and a data storage device protected by a hub, the encryption engine including, a plurality of encryption/decryption channels, and a control logic that is configured to determine which encryption/decryption channel is available and direct encrypted data passing through the hub to available encryption/decryption channels; a system tray program configured to allow on demand customization of the portable encryption control device features using a graphical user interface, the customization including an ability to allow a user to select secure hub ports and an ability to permit a user to enable remote locking of the hub; and a card, the card being adapted to be read by the card reader to validate a user as an authorized owner of the card in conjunction with the biometric identifier, wherein upon validation of the user, the encryption engine activates to allow encryption/decryption of data communications. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus for providing a secure operating environment for a computer, the apparatus comprising:
-
an encryption control device, the encryption control device (ECD) being in communication with the computer, the ECD further including, an installed system tray program configured to allow on demand customization of the ECD features using a graphical user interface, the customization of the ECD features including an ability to allow a user to select secure ports and an ability to permit a user to enable remote locking of the ECD, a card reader, an ECD microprocessor, an encryption engine configured to encrypt/decrypt data communications between the ECD and a data storage medium protected by the ECD, the encryption engine including, a plurality of encryption/decryption channels, and a control logic that is configured to determine which encryption/decryption channel is available and direct encrypted data passing through the ECD to available encryption/decryption channels, and a biometric scanner; a smart card, the smart card being configured for insertion into the card reader, the smart card including a smart card microprocessor, wherein upon the insertion of the smart card into the card reader, a secure path is established between the smart card microprocessor and the ECD microprocessor after completion of authentication of a user and completion of a challenge/response protocol, thereby unlocking the encryption engine to allow encryption/decryption of encrypted data communications. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification