×

Computer architecture for an electronic device providing a secure file system

  • US 8,127,145 B2
  • Filed: 03/23/2006
  • Issued: 02/28/2012
  • Est. Priority Date: 03/23/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method for providing a secure file service, comprising:

  • providing a computer system for operation in an unsecure environment, said computer system comprising a secure file services module and a secure user processor which is separate and distinct from said secure file services module, each configured to secure data contained therein wherein said secure file services module and said secure user processor are embodied on the same computing device;

    providing first and second secure communication paths in said unsecure environment directly between said secure file services module and said secure user processor, said first secure communication path being separate from said second secure communication path and configured to physically secure data communicated thereover by employing physically secure communication path hardware, said second secure communication path configured to exclusively support user sign-on services and to only software secure data communicated thereover;

    communicating an authentication request to said secure file services module over said second secure communication path, said secure file services module including a file system control interface, a client access interface, a cryptographic processor and a secure file system hosted by said cryptographic processor;

    providing an authentication of said user using said file system control interface;

    communicating to said client access interface over said first secure communication path a request from said secure user processor for a classified data file;

    responsive to said request, accessing said secure file system containing said classified data file;

    decrypting said classified data file with said cryptographic processor;

    and communicating said classified data file to said secure user processor in decrypted form through said first secure communication path.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×