System and method for secure data disposal

US 7,853,804 B2
Filed: 09/10/2007
Issued: 12/14/2010
Est. Priority Date: 09/10/2007
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method comprising:

initializing one or more expected Platform Configuration Registers (expected PCRs) in a nonvolatile data area, wherein the expected PCRs are secured by a hardware-based Trusted Platform Module (TPM), wherein the initializing is performed by;

generating a random number;

storing the generated random number in a nonvolatile memory;

seeding one or more of the expected PCRs with the generated random number;

inputting a plurality of startup code processes to a hash algorithm process resulting in a first plurality of hash values;

updating the expected PCRs using the first plurality of hash values; and

saving the expected PCRs in the nonvolatile data area that is secured by the TPM;

storing a plurality of encrypted files, each of the encrypted files encrypted using a drive encryption key stored in an encrypted data object; and

booting the machine one or more times after the initializing, during each of the boots;

retrieving, by the TPM, the previously stored random number from the nonvolatile memory;

seeding one or more Platform Configuration Registers (PCRs) with the retrieved random number;

inputting the plurality of startup code processes to the hash algorithm process resulting in a second plurality of hash values;

updating the PCRs using the second plurality of hash values; and

decrypting the encrypted data object in response to the PCRs being the same as the corresponding expected PCRs.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and program product is provided that initializes expected PCRs stored in a TPM by generating and storing a random number, seeding expected PCRs with the random number, inputting a set of startup code processes to a hash algorithm resulting in a set of hash values, updating the expected PCRs using the set of hash values, and saving the expected PCRs in a nonvolatile data area that is secured by the TPM. Upon reboot, the random number is retrieved from the nonvolatile data area, the PCRs are seeded with the retrieved random number, the startup code processes are input to the hash algorithm process resulting in another set of hash values, the PCRs are updated using the resulting set of hash values, and an encrypted data object is decrypted in response to the PCRs being the same as the expected PCRs.

Citations

17 Claims

1. A machine-implemented method comprising:
- initializing one or more expected Platform Configuration Registers (expected PCRs) in a nonvolatile data area, wherein the expected PCRs are secured by a hardware-based Trusted Platform Module (TPM), wherein the initializing is performed by;
  
  generating a random number;
  
  storing the generated random number in a nonvolatile memory;
  
  seeding one or more of the expected PCRs with the generated random number;
  
  inputting a plurality of startup code processes to a hash algorithm process resulting in a first plurality of hash values;
  
  updating the expected PCRs using the first plurality of hash values; and
  
  saving the expected PCRs in the nonvolatile data area that is secured by the TPM;
  
  storing a plurality of encrypted files, each of the encrypted files encrypted using a drive encryption key stored in an encrypted data object; and
  
  booting the machine one or more times after the initializing, during each of the boots;
  
  retrieving, by the TPM, the previously stored random number from the nonvolatile memory;
  
  seeding one or more Platform Configuration Registers (PCRs) with the retrieved random number;
  
  inputting the plurality of startup code processes to the hash algorithm process resulting in a second plurality of hash values;
  
  updating the PCRs using the second plurality of hash values; and
  
  decrypting the encrypted data object in response to the PCRs being the same as the corresponding expected PCRs.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the startup code processes include one or more BIOS processes and one or more operating system boot processes, and wherein the random number is generated using a random number generator included in the TPM, the method further comprising:
    - receiving a request from a user of the machine to activate the seeding of the expected PCRs with the random number, in response to the receiving the request;
      
      receiving authentication data from the user; and
      
      storing the received authentication data in a secure nonvolatile storage area.
  - 3. The method of claim 1 further comprising:
    - after the storing of the plurality of files, making the stored plurality of encrypted files inaccessible by modifying the stored random number.
  - 4. The method of claim 3 further comprising:
    - receiving user authentication data from a user of the machine; and
      
      retrieving a previously stored user authentication data, wherein the modifying of the stored random number is performed in response to the received user authentication data matching the previously stored user authentication data.
  - 5. The method of claim 3 further comprising:
    - rebooting the machine after the modifying of the stored random number, the rebooting including;
      
      retrieving the modified stored random number from the nonvolatile memory;
      
      seeding the plurality of PCRs with the retrieved modified random number;
      
      inputting the plurality of startup code processes to the hash algorithm process resulting in a third plurality of hash values;
      
      updating the PCRs using the third plurality of hash values; and
      
      inhibiting decryption of the encrypted data object that includes the drive encryption key in response to the one or more PCRs being different than the corresponding one or more selected from the expected PCRs.
  - 6. The method of claim 3 wherein the modification of the stored random number comprises:
    - generating a second random number using a random number generator included in the TPM; and
      
      overwriting of the random number by storing the second random number in the nonvolatile memory.

7. A information handling system comprising:
- one or more processors;
  
  a memory accessible by at least one of the processors;
  
  one or more nonvolatile storage areas accessible by at least one of the processors;
  
  a plurality of startup code processes stored in the nonvolatile storage areas;
  
  a Trusted Platform Module (TPM) that secures a plurality of expected Platform Configuration Registers (PCRs) stored in a first secure nonvolatile memory;
  
  a random number generator included in the TPM; and
  
  a set of instructions stored in the memory and executed by at least one of the processors in order to perform actions of;
  
  initializing a plurality of the expected PCRs by;
  
  generating a random number using the TPM'"'"'s random number generator;
  
  storing the generated random number in the second secure nonvolatile memory;
  
  seeding one or more of the expected PCRs with the generated random number;
  
  inputting the startup code processes to a hash algorithm process resulting in a first plurality of hash values;
  
  updating the expected PCRs using the first plurality of hash values; and
  
  saving the expected PCRs in one of the nonvolatile storage areas, wherein the nonvolatile storage area used to save the expected PCRs is secured by the TPM;
  
  storing a plurality of encrypted files, each of the plurality of encrypted files encrypted using a drive encryption key stored in an encrypted data object; and
  
  booting the information handling system one or more times after the initializing, during each of the boots;
  
  retrieving, by the TPM, the previously stored random number from the nonvolatile storage area;
  
  seeding a plurality of PCRs with the retrieved random number;
  
  inputting the plurality of startup code processes to the hash algorithm process resulting in a second plurality of hash values;
  
  updating the PCRs using the second plurality of hash values; and
  
  decrypting the encrypted data object stored on one of the nonvolatile storage areas in response to the one or more PCRs being the same as the corresponding one or more selected from the expected PCRs.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The information handing system of claim 7 wherein the startup code processes include one or more BIOS processes and one or more operating system boot processes and wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
    - receiving a request from a user of the information handling system to activate the seeding of the expected PCRs with the random number, in response to the receiving the request;
      
      receiving authentication data from the user; and
      
      storing the received authentication data in a secure nonvolatile storage area.
  - 9. The information handing system of claim 7 wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
    - after the storing of the plurality of files, making the stored plurality of encrypted files inaccessible by modifying the stored random number.
  - 10. The information handing system of claim 9 wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
    - receiving user authentication data from a user of the information handling system; and
      
      retrieving a previously stored user authentication data, wherein the modifying of the stored random number is performed in response to the received user authentication data matching the previously stored user authentication data.
  - 11. The information handing system of claim 9 wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
    - rebooting the information handling system after the modifying of the stored random number, the rebooting including;
      
      retrieving the modified stored random number from the nonvolatile memory;
      
      seeding the plurality of PCRs with the retrieved modified random number;
      
      inputting the plurality of startup code processes to the hash algorithm process resulting in a third plurality of hash values;
      
      updating the PCRs using the third plurality of hash values; and
      
      inhibiting decryption of the encrypted data object that includes the drive encryption key in response to the one or more PCRs being different than the corresponding one or more selected from the expected PCRs.
  - 12. The information handing system of claim 9 wherein the set of instructions, when executed, cause at least one of the processors to perform further actions comprising:
    - generating a second random number using a random number generator included in the TPM; and
      
      overwriting of the random number by storing the second random number in the nonvolatile memory.

13. A computer program product stored in a non-transitory computer readable medium, comprising functional descriptive material that, when executed by an information handling system, causes the information handling system to perform actions that include:
- initializing one or more expected Platform Configuration Registers (PCRs) in a nonvolatile data area, wherein the expected PCRs are secured by a hardware-based Trusted Platform Module (TPM), wherein the initializing is performed by;
  
  generating a random number;
  
  storing the generated random number in a nonvolatile memory;
  
  seeding one or more of the expected PCRs with the generated random number;
  
  inputting a plurality of startup code processes to a hash algorithm process resulting in a first plurality of hash values;
  
  updating the expected PCRs using the first plurality of hash values; and
  
  saving the expected PCRs in the nonvolatile data area that is secured by the TPM;
  
  storing a plurality of encrypted files, each of the encrypted files encrypted using a drive encryption key stored in an encrypted data object; and
  
  booting the machine one or more times after the initializing, during each of the boots;
  
  retrieving, by the TPM, the previously stored random number from the nonvolatile memory;
  
  seeding one or more Platform Configuration Registers (PCRs) with the retrieved random number;
  
  inputting the plurality of startup code processes to the hash algorithm process resulting in a second plurality of hash values;
  
  updating the PCRs using the second plurality of hash values; and
  
  decrypting the encrypted data object in response to the PCRs being the same as the corresponding expected PCRs.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13 wherein the startup code processes include one or more BIOS processes and one or more operating system boot processes, and wherein the random number is generated using a random number generator included in the TPM, and further comprising functional descriptive material that causes the data processing system to perform additional actions that include:
    - receiving a request from a user of the machine to activate the seeding of the expected PCRs with the random number, in response to the receiving the request;
      
      receiving authentication data from the user; and
      
      storing the received authentication data in a secure nonvolatile storage area.
  - 15. The computer program product of claim 13 further comprising functional descriptive material that causes the data processing system to perform additional actions that include:
    - after the storing of the plurality of files, making the stored plurality of encrypted files inaccessible by modifying the stored random number.
  - 16. The computer program product of claim 15 further comprising functional descriptive material that causes the data processing system to perform additional actions that include:
    - rebooting the machine after the modifying of the stored random number, the rebooting including;
      
      retrieving the modified stored random number from the nonvolatile memory;
      
      seeding the plurality of PCRs with the retrieved modified random number;
      
      inputting the plurality of startup code processes to the hash algorithm process resulting in a third plurality of hash values;
      
      updating the PCRs using the third plurality of hash values; and
      
      inhibiting decryption of the encrypted data object that includes the drive encryption key in response to the one or more PCRs being different than the corresponding one or more selected from the expected PCRs.
  - 17. The computer program product of claim 15 wherein the modification of the stored random number further comprises functional descriptive material that causes the data processing system to perform additional actions that include:
    - generating a second random number using a random number generator included in the TPM; and
      
      overwriting of the random number by storing the second random number in the nonvolatile memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Cromer, Daryl Carvis, Locker, Howard Jeffrey, Springfield, Randall Scott
Primary Examiner(s)
GERGISO, TECHANE

Application Number

US11/852,418
Publication Number

US 20090070598A1
Time in Patent Office

1,191 Days
Field of Search

713/13, 713/193, 713/164, 726/16
US Class Current

713/193
CPC Class Codes

G06F 21/575 Secure boot

System and method for secure data disposal

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure data disposal

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links