Encrypting operating system
First Claim
1. A method of encrypting data, the method comprising:
- a. receiving a clear data file; and
b. executing kernel code in an operating system, the kernel code using a symmetric key to encrypt the clear data file to generate an encrypted data file, the kernel code further using the symmetric key to decrypt the encrypted data file to generate the clear data file, wherein the symmetric key is generated by a generation method comprising dividing a key into sub-keys each corresponding to a different block of the data file, modifying each of the sub-keys in a manner unique to its corresponding block to produce modified sub-keys, and combining the modified sub-keys.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of and system for encrypting and decrypting data on a computer system is disclosed. In one embodiment, the system comprises an encrypting operating system (EOS), which is a modified UNIX operating system. The EOS is configured to use a symmetric encryption algorithm and an encryption key to encrypt data transferred from physical memory to secondary devices, such as disks, swap devices, network file systems, network buffers, pseudo file systems, or any other structures external to the physical memory and on which can data can be stored. The EOS further uses the symmetric encryption algorithm and the encryption key to decrypt data transferred from the secondary devices back to physical memory. In other embodiments, the EOS adds an extra layer of security by also encrypting the directory structure used to locate the encrypted data. In a further embodiment a user or process is authenticated and its credentials checked before a file can be accessed, using a key management facility that controls access to one or more keys for encrypting and decrypting data.
84 Citations
19 Claims
-
1. A method of encrypting data, the method comprising:
-
a. receiving a clear data file; and b. executing kernel code in an operating system, the kernel code using a symmetric key to encrypt the clear data file to generate an encrypted data file, the kernel code further using the symmetric key to decrypt the encrypted data file to generate the clear data file, wherein the symmetric key is generated by a generation method comprising dividing a key into sub-keys each corresponding to a different block of the data file, modifying each of the sub-keys in a manner unique to its corresponding block to produce modified sub-keys, and combining the modified sub-keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of decrypting a data file on a computer system comprising:
-
granting permission to access the data file by determining that the data file was encrypted on the computer system as an encrypted data file; determining a location of the encrypted data file on the computer system by decrypting an encrypted directory entry; and decrypting the encrypted data file. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification