Patent attributes
A system for protecting user-editable files against unauthorized data alteration or against compromised operating systems or compromised applications. It comprises of untrusted operating environments and a trusted operating environment. One or more untrusted operating environments makes available user-editable files for creation and editing, and are stored in a non-protected partition of storage drive. The trusted operating environment provides an authentication key to access protected partition of storage drive, and stores copies of user-editable files in a protected partition of storage drive. Each new stored copy of a user-editable file in the protected partition corresponds to a new or an updated version of the user-editable file. A set of files and folders can be initially selected in an uncompromised untrusted operating environment. A trusted updater module running inside the trusted operating environment can perform copying to protected partition. Scheduled tasks can also copy user-editable files. Untrusted operating environment can also be suspended prior to triggering the trusted environment. The trusted operating environment can be implemented using a Trusted Execution Environment (TEE) or a similar trusted environment enabled CPU. The authentication key can be sealed into a Trusted Platform Module (TPM), or a Secure Element (SE). Protected partition can be on a security enhanced device.
