Spyrus Granted Patent for Full Disk Encryption

SPYRUS, Inc. announced that the United States Patent and Trademark Office has granted it U.S. Patent No. 7,380,140, Providing a Protected Volume on a Data Storage Device. The patent’s innovative pre-boot authentication methods automate full disk encryption over an entire storage device. User access rights and volume protection rules in direct access, downloading and subscriber-based applications can be configured either through central enterprise administration or by individual users.

In an embodiment of the patented technology that is activated at each start-up to validate pre-boot software integrity, cryptographic hashes are applied over the pre-boot operating system and compared to a reference hash previously stored in an encryption-protected volume. Failure of this integrity validation causes termination of system boot-up and disrupts tampering attempts. Upon validation of pre-boot integrity, user authentication and cryptographic token support can proceed and computing operation converts to a secure mode in which the data can be accessed from the protected volume.

Other embodiments of the patented technology enable either full disk encryption or the ability to divide storage media into full disk encrypted and plaintext (unencrypted) volumes. The technology can be used with most data memory products for secure storage of data and system files, swap files, temp files, streams and applications, such as disks or disk arrays, SD memory cards, flash memory, and SSD drives.

Separate data encryption/decryption rules can be set for each protected volume, and user access rights can be individually assigned. This provides enterprises with the flexibility to implement selective policies to control data security and access.

Embodiments of the patented technology provide multiple advantages for enterprise data storage protection. All data can be encrypted automatically as it is written to designated volumes, without user intervention. Data can be moved in encrypted form to secondary mass storage devices for back-up or disaster-recovery. This prevents the vulnerability of most encrypting hard drives, where data must be decrypted to plaintext, moved to a back-up storage device, and then re-encrypted. The new technology saves both time and costly equipment resources for enterprise data security management.

In cell phones and media players, individual protected memory regions can be set and reset as needed to permit secure downloading of content such as music, video and movies. To offer additional powerful protection for content distribution, multiple layers of encryption can be independently provided, one at the volume level, where the encryption key can be based on the host device or memory identification parameters, one associated with the specific content and the content provider’s user access rights policies, and one associated with user identification and authentication.

”We’ve been addressing the needs for data security to protect sensitive business data and content distribution of consumer entertainment media since 1993,” said Tom Dickens, Chief Operating Officer of SPYRUS, Inc. Pointing out the advantages of its early innovation security technology, Mr. Dickens added, “Our mobile data security, secure data storage, and digital rights management products and solutions incorporate patents from an extensive security patent portfolio that we began building 15 years ago. Today, in collaboration with strategic partners, our IP licensing program creates opportunities for media content providers and data storage product suppliers to offer superior security performance and expanded operational features in their solutions.”