Protected volume on a data storage device with dual operating systems and configurable access and encryption controls
First Claim
1. A method for providing a protected region of a data storage device associated with a computational device, the protected region being a region within which data cannot be accessed without proper authorization, the method comprising the steps of:
- providing, in an unprotected region of the data storage device, a first operating system and operating system data associated with the first operating system;
monitoring operating system data accessed by the computational device until a predetermined functionality of the first operating system becomes available;
storing, in the protected region, the monitored operating system data;
providing, in the protected region, a second operating system;
transferring control of the computational device, when the predetermined functionality of the first operating system becomes available, from the first operating system to the second operating system;
storing data in the protected region; and
preventing access to the stored data in the protected region without access authorization.
1 Assignment
0 Petitions
Accused Products
Abstract
A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. In a further embodiment of the method, the second operating system optionally provides a second level of security by preventing decryption of data stored in the protected region without decryption authorization.
-
Citations
24 Claims
-
1. A method for providing a protected region of a data storage device associated with a computational device, the protected region being a region within which data cannot be accessed without proper authorization, the method comprising the steps of:
-
providing, in an unprotected region of the data storage device, a first operating system and operating system data associated with the first operating system; monitoring operating system data accessed by the computational device until a predetermined functionality of the first operating system becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device, when the predetermined functionality of the first operating system becomes available, from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for providing a protected region of a data storage device associated with a computational device, the protected region being a region within which data cannot be decrypted without authorization, the method comprising the steps of:
-
providing, in an unprotected region of the data storage device, a first operating system and operating system data associated with the first operating system; monitoring operating system data accessed by the computational device until a predetermined functionality of the first operating system becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device, when the predetermined functionality of the first operating system becomes available, from the first operating system to the second operating system; encrypting data to be protected to create encrypted data; storing the encrypted data in the protected region; and preventing decryption of the encrypted data in the protected region without decryption authorization. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus for providing a protected region of a data storage device associated with a computational device, the protected region being a region within which data cannot be accessed without authorization, the apparatus comprising
a memory, a computational device, and one or more computer-readable instructions stored in the memory, wherein, when said computer-readable instructions in the memory are accessed and executed by the computational device, the apparatus is operative to: -
provide, in an unprotected region of the data storage device, a first operating system and operating system data associated with the first operating system; monitor operating system data accessed by the computational device until a predetermined functionality of the first operating system becomes available; store, in the protected region, the monitored operating system data; provide, in the protected region, a second operating system; transfer control of the computational device, when the predetermined functionality of the first operating system becomes available, from the first operating system to the second operating system; store data in the protected region; and prevent access to the stored data in the protected region without access authorization.
-
-
22. An apparatus for providing a protected region of a data storage device associated with a computational device, the protected region being a region within which data cannot be decrypted without authorization, the apparatus comprising
a memory, a computational device, and one or more computer-readable instructions stored in the memory, wherein, when said computer-readable instructions in the memory are accessed and executed by the computational device, the apparatus is operative to: -
provide, in an unprotected region of the data storage device, a first operating system and operating system data associated with the first operating system; monitor operating system data accessed by the computational device until a predetermined functionality of the first operating system becomes available; store, in the protected region, the monitored operating system data; provide, in the protected region, a second operating system; transfer control of the computational device, when the predetermined functionality of the first operating system becomes available, from the first operating system to the second operating system; encrypt data to be protected to create encrypted data; store the encrypted data in the protected region; and prevent decryption of the encrypted data in the protected region without decryption authorization.
-
-
23. A non-transitory computer readable media for providing a protected region of a data storage device associated with a computational device, the protected region being a region within which data cannot be accessed without authorization, the computer readable media providing one or more computational device instructions to be stored in a memory, wherein, when said computational device instructions stored in the memory are accessed and executed by the computational device, the instructions are operative to:
-
provide, in an unprotected region of the data storage device, a first operating system and operating system data associated with the first operating system; monitor operating system data accessed by the computational device until a predetermined functionality of the first operating system becomes available; store, in the protected region, the monitored operating system data; provide, in the protected region, a second operating system; transfer control of the computational device, when the predetermined functionality of the first operating system becomes available, from the first operating system to the second operating system; store data in the protected region; and prevent access to the stored data in the protected region without access authorization.
-
-
24. A non-transitory computer readable media for providing a protected region of a data storage device associated with a computational device, the protected region being a region within which data cannot be decrypted without authorization, the computer readable media providing one or more computational device instructions to be stored in a memory, wherein, when said computational device instructions stored in the memory are accessed and executed by the computational device, the instructions are operative to:
-
provide, in an unprotected region of the data storage device, a first operating system and operating system data associated with the first operating system; monitor operating system data accessed by the computational device until a predetermined functionality of the first operating system becomes available; store, in the protected region, the monitored operating system data; provide, in the protected region, a second operating system; transfer control of the computational device, when the predetermined functionality of the first operating system becomes available, from the first operating system to the second operating system; encrypt data to be protected to create encrypted data; store the encrypted data in the protected region; and prevent decryption of the encrypted data in the protected region without decryption authorization.
-
Specification