摘要 |
Embodiments of the invention provide a high degree of security to a computer or several computers connected to the Internet or a LAN. Where there is a high degree of confidentiality required, a combination of hardware and software secures data and provides some isolation from the outside network. An exemplary hardware system consists of a processor module, a redundant non-volatile memory system, such as dual disk drives, and multiple communications interfaces. This security system must be unlocked by a passphrase to access data, and all data is transparently encrypted, stored, archived and available for encrypted backup. A system for maintaining secure communications, file transfer and document signing with PKI, and a system for intrusion monitoring and system integrity checks are provided, logged and selectively alarmed in a tamper-proof, time-certain manner. The encryption keys can be automatically sent encrypted to be escrowed with a secure party to allow recovery.
|