Encrypting operating system
First Claim
1. A computer system comprising a memory portion containing an encrypted data file and an operating system comprising a kernel to use a unique hardware address to verify a user to control access to the encrypted data file, wherein the kernel comprises a virtual node (a) to decrypt an encrypted directory entry to determine a location of the encrypted data file and (b) to decrypt the encrypted data file to access data file contents contained therein.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of and system for encrypting and decrypting data on a computer system is disclosed. In one embodiment, the system comprises an encrypting operating system (EOS), which is a modified UNIX operating system. The EOS is configured to use a symmetric encryption algorithm and an encryption key to encrypt data transferred from physical memory to secondary devices, such as disks, swap devices, network file systems, network buffers, pseudo file systems, or any other structures external to the physical memory and on which can data can be stored. The EOS further uses the symmetric encryption algorithm and the encryption key to decrypt data transferred from the secondary devices back to physical memory. In other embodiments, the EOS adds an extra layer of security by also encrypting the directory structure used to locate the encrypted data. In a further embodiment a user or process is authenticated and its credentials checked before a file can be accessed, using a key management facility that controls access to one or more keys for encrypting and decrypting data.
-
Citations
39 Claims
- 1. A computer system comprising a memory portion containing an encrypted data file and an operating system comprising a kernel to use a unique hardware address to verify a user to control access to the encrypted data file, wherein the kernel comprises a virtual node (a) to decrypt an encrypted directory entry to determine a location of the encrypted data file and (b) to decrypt the encrypted data file to access data file contents contained therein.
-
25. A computer system comprising:
-
a. a first device having an operating system kernel to encrypt clear data using an encryption key to generate cipher data, and to decrypt the cipher data using the encryption key to generate the clear data; b. a key generator to generate one or more encryption keys usable for encrypting and decrypting data on the computer system, wherein at least one of the keys is generated by a method comprising dividing an initial key into sub-keys each corresponding to a different block of the clear data, modifying each of the sub-keys in a manner unique to its corresponding block to produce modified sub-keys, and combining the modified sub-keys; and c. a second device coupled to the first device to exchange cipher data with the first device. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method comprising:
decrypting a user data file in a kernel of an operating system in response to user read commands with a key that is usable only on a computer on which the user data file was encrypted. - View Dependent Claims (36, 37, 38, 39)
Specification