摘要 |
A secure file service includes a cryptographic processor ( 302, 602 ) and a secure file system ( 301, 601 ). The cryptographic processor is comprised of a trusted microprocessor and a trusted operating system executing on the trusted cryptographic processor. The cryptographic processor includes hardware and software for accessing at least one classified data file from the secure file system, decrypting the classified data file, and serving the classified data file in decrypted form to a secure user processor ( 402, 502, 702 ) that has requested the file. The secure file system can be either a single-level secure file system ( 301 ) or a multi-level secure file system ( 601 ).
|