System and method for pre-operating system encryption and decryption of data

US 8,856,550 B2
Filed: 03/10/2010
Issued: 10/07/2014
Est. Priority Date: 03/10/2010
Status: Active Grant

First Claim

Patent Images

1. An information handling system, comprising:

a hardware processor;

a memory communicatively coupled to the hardware processor;

an encryption accelerator communicatively coupled to the hardware processor, the encryption accelerator configured to encrypt or decrypt data to perform an encryption or decryption task upon data associated with an input/output operation; and

a basic input/output system (BIOS) communicatively coupled to the hardware processor and having a sealed encryption key and instructions stored thereon, the sealed encryption key issued to the BIOS for use with the encryption accelerator, the instructions configured to, when executed by the hardware processor;

monitor for an input/output operation occurring prior to loading of an operating system into the memory; and

in response to detection of the input/output operation, communicate a command and the sealed encryption key to the encryption accelerator;

unseal the sealed encryption key;

designate a particular one of a plurality of cryptographic hardware or software functions for encrypting or decrypting the data; and

communicate the designation to the encryption accelerator;

wherein the encryption accelerator is configured to;

receive the command and the sealed encryption key from the BIOS;

authenticate the command based on the sealed encryption key; and

perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, an encryption accelerator communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The encryption accelerator may be configured to encrypt or decrypt data in response to a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) monitor for input/output operations occurring prior to loading of an operating system into the memory; and (ii) in response to detection of an input/output operation, communicate a command to the encryption accelerator to perform an encryption or decryption task upon data associated with an input/output operation.

Citations

9 Claims

1. An information handling system, comprising:
- a hardware processor;
  
  a memory communicatively coupled to the hardware processor;
  
  an encryption accelerator communicatively coupled to the hardware processor, the encryption accelerator configured to encrypt or decrypt data to perform an encryption or decryption task upon data associated with an input/output operation; and
  
  a basic input/output system (BIOS) communicatively coupled to the hardware processor and having a sealed encryption key and instructions stored thereon, the sealed encryption key issued to the BIOS for use with the encryption accelerator, the instructions configured to, when executed by the hardware processor;
  
  monitor for an input/output operation occurring prior to loading of an operating system into the memory; and
  
  in response to detection of the input/output operation, communicate a command and the sealed encryption key to the encryption accelerator;
  
  unseal the sealed encryption key;
  
  designate a particular one of a plurality of cryptographic hardware or software functions for encrypting or decrypting the data; and
  
  communicate the designation to the encryption accelerator;
  
  wherein the encryption accelerator is configured to;
  
  receive the command and the sealed encryption key from the BIOS;
  
  authenticate the command based on the sealed encryption key; and
  
  perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command.
- View Dependent Claims (2, 3)
- - 2. An information handling system according to claim 1, the encryption accelerator further configured to encrypt or decrypt data based on the particular one of the plurality of cryptographic functions.
  - 3. An information handling system according to claim 1, wherein the plurality of cryptographic functions includes at least one of an encryption algorithm, an algorithm mode, a cryptographic hash, and a sign function.

4. A method for pre-operating system encryption and decryption of data, comprising:
- loading a sealed encryption key stored in a basic input/output system (BIOS), the sealed encryption key issued to the BIOS for use with an encryption accelerator communicatively coupled to a hardware processor; and
  
  loading a program of instructions stored in the BIOS, the program of instructions configured to, when executed by the hardware processor;
  
  monitor for an input/output operation occurring prior to loading of an operating system into a memory communicatively coupled to the processor; and
  
  in response to detection of the input/output operation, communicate a command and the sealed encryption key to the encryption accelerator to perform an encryption or decryption task upon data associated with the input/output operation based on the sealed encryption key;
  
  unseal the sealed encryption key;
  
  designate a particular one of a plurality of cryptographic functions for encrypting or decrypting the data; and
  
  communicate the designation to the encryption accelerator;
  
  wherein the encryption accelerator is configured to;
  
  receive the command and the sealed encryption key from the BIOS,authenticate the command based on the sealed encryption key; and
  
  perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command.
- View Dependent Claims (5, 6)
- - 5. A method according to claim 4, wherein the encryption accelerator is configured to encrypt or decrypt data based on the particular one of the plurality of cryptographic functions.
  - 6. A method according to claim 4, wherein the plurality of cryptographic functions includes at least one of an encryption algorithm, an algorithm mode, a cryptographic hash, and a sign function.

7. A non-transitory computer readable medium storing instructions for a basic input/output system (BIOS) for use in an information handling system, the instructions, when executed by a hardware processor, configured to:
- load a sealed encryption key stored in the BIOS, the sealed encryption key issued to the BIOS for use with an encryption accelerator;
  
  monitor for an input/output operation occurring prior to loading of an operating system by the information handling system; and
  
  communicate, in response to detection of the input/output operation, a command and the sealed encryption key to the encryption accelerator to perform an encryption or decryption task upon data associated with the input/output operation based on the sealed encryption key;
  
  unseal the sealed encryption key;
  
  designate a particular one of a plurality of cryptographic functions for encrypting or decrypting the data; and
  
  communicate the designation to the encryption accelerator;
  
  wherein the encryption accelerator is configured to;
  
  receive the command and the sealed encryption key from the BIOS;
  
  authenticate the command based on the sealed encryption key; and
  
  perform the encryption or decryption task upon the data associated with the input/output operation based on the sealed encryption key and authentication of the command.
- View Dependent Claims (8, 9)
- - 8. A non-transitory computer readable medium according to claim 7, wherein the encryption accelerator is configured to encrypt or decrypt data based on the particular one of the plurality of cryptographic functions.
  - 9. A non-transitory computer readable medium according to claim 7, wherein the plurality of cryptographic functions includes at least one of an encryption algorithm, an algorithm mode, a cryptographic hash, and a sign function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Nelson, Amy Christine, Decker, Brian, Stufflebeam, Kenneth W. Jr., Alexander, Marc D.
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US12/721,369
Publication Number

US 20110225406A1
Time in Patent Office

1,672 Days
Field of Search

713/190, 713/189, 380/255, 380/259
US Class Current

713/190
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

System and method for pre-operating system encryption and decryption of data

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for pre-operating system encryption and decryption of data

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links