Systems and methods for controlling access to data on a computer with a secure boot process
First Claim
1. A computer comprising a mechanism for disabling access to at least one secret for booting an operating system that provides access to encrypted data stored on a computer readable medium, comprising:
- means for securely booting the computer, comprising;
a Hardware Security Module (HSM);
a component that performs a trusted measurement of at least one boot component and submits a trusted measurement value to the HSM;
wherein said HSM compares said trusted measurement value to an HSM sealed value to authenticate said at least one boot component, and wherein said HSM unseals at least one secret when said at least one boot component is authentic;
means for decrypting a subsequent boot component using said at least one secret;
means for disabling said at least one secret comprising means for resetting said HSM sealed value to disable said at least one secret.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for controlling access to data on a computer with a secure boot process can provide a highly efficient mechanism for preventing future access to encrypted digital resources. This may be advantageous in a range of scenarios, for example where a computer is sold and assurance is desired that no stray private data remains on the hard disk. Data resources, for example all data associated with one or more particular hard disk partitions, may be encrypted. The decryption key may be available through a secure boot process. By erasing, altering, or otherwise disabling a secret, such as a decryption key or a process that obtains a decryption key, the data formerly accessible using such secret becomes inaccessible.
-
Citations
10 Claims
-
1. A computer comprising a mechanism for disabling access to at least one secret for booting an operating system that provides access to encrypted data stored on a computer readable medium, comprising:
-
means for securely booting the computer, comprising; a Hardware Security Module (HSM); a component that performs a trusted measurement of at least one boot component and submits a trusted measurement value to the HSM; wherein said HSM compares said trusted measurement value to an HSM sealed value to authenticate said at least one boot component, and wherein said HSM unseals at least one secret when said at least one boot component is authentic; means for decrypting a subsequent boot component using said at least one secret; means for disabling said at least one secret comprising means for resetting said HSM sealed value to disable said at least one secret. - View Dependent Claims (2, 3, 4)
-
-
5. A computer readable storage medium bearing instructions for disabling access to at least one secret for booting an operating system that provides access to encrypted data stored on a computer readable medium, comprising:
-
instructions for securely booting the computer, comprising instructions for performing a trusted measurement of at least one boot component and submitting a trusted measurement value to a Hardware Security Module (HSM); instructions for receiving a secret from said HSM, wherein said HSM compares said trusted measurement value to an HSM sealed value to authenticate said at least one boot component, then unseals said secret; instructions for decrypting a subsequent boot component using said at least one secret; instructions for disabling said at least one secret comprising instructions for resetting said HSM sealed value to disable said at least one secret. - View Dependent Claims (6, 7)
-
-
8. A method for disabling access to at least one secret for booting an operating system that provides access to encrypted data stored on a computer readable medium, comprising:
-
in a computer equipped with a Hardware Security Module and instructions for securely booting the computer, wherein said instructions for securely booting comprise instructions for performing a trusted measurement of at least one boot component, submitting a trusted measurement value to said HSM, receiving at least one secret from said HSM and decrypting a subsequent boot component using said at least one secret; decrypting said subsequent boot component; initiating a process for locating and disabling said at least one secret; and disabling said at least one secret, wherein disabling comprises resetting said HSM sealed value to disable said at least one secret. - View Dependent Claims (9, 10)
-
Specification