Abstract: A system for protecting user-editable files against unauthorized data alteration or against compromised operating systems or compromised applications. It comprises of untrusted operating environments and a trusted operating environment. One or more untrusted operating environments makes available user-editable files for creation and editing, and are stored in a non-protected partition of storage drive. The trusted operating environment provides an authentication key to access protected partition of storage drive, and stores copies of user-editable files in a protected partition of storage drive. Each new stored copy of a user-editable file in the protected partition corresponds to a new or an updated version of the user-editable file. A set of files and folders can be initially selected in an uncompromised untrusted operating environment. A trusted updater module running inside the trusted operating environment can perform copying to protected partition. Scheduled tasks can also copy user-editable files.

Abstract: A system for protecting user-editable files against unauthorized data alteration or against compromised operating systems or compromised applications. It comprises of untrusted operating environments and a trusted operating environment. One or more untrusted operating environments makes available user-editable files for creation and editing, and are stored in a non-protected partition of storage drive. The trusted operating environment provides an authentication key to access protected partition of storage drive, and stores copies of user-editable files in a protected partition of storage drive. Each new stored copy of a user-editable file in the protected partition corresponds to a new or an updated version of the user-editable file. A set of files and folders can be initially selected in an uncompromised untrusted operating environment. A trusted updater module running inside the trusted operating environment can perform copying to protected partition. Scheduled tasks can also copy user-editable files.

Abstract: A method of evaluating secrets in a computer system's trusted execution environment, wherein after evaluation of secrets, a securely stored encryption key is either retrieved or deleted upon entering corresponding secret (password, graphical password, biometric information, data sequence, security token, etc.) or secrets. Deletion of the encryption key can happen in a verifiable manner or in a non-verifiable manner. If a storage is encrypted with the encryption key, deletion of the encryption key makes the encrypted storage irreversibly undecryptable, while retrieval of the key permits decryption of the storage. Two encryption keys can be used to encrypt two separate storages, and then securely stored and processed in the trusted execution environment. Each of the two encryption keys can be retrieved using one or more associated secrets (passwords, etc.), and one or more other secrets would delete the encryption key associated with a preselected storage.

Abstract: A method of evaluating secrets in a computer system's trusted execution environment, wherein after evaluation of secrets, a securely stored encryption key is either retrieved or deleted upon entering corresponding secret (password, graphical password, biometric information, data sequence, security token, etc.) or secrets. Deletion of the encryption key can happen in a verifiable manner or in a non-verifiable manner. If a storage is encrypted with the encryption key, deletion of the encryption key makes the encrypted storage irreversibly undecryptable, while retrieval of the key permits decryption of the storage. Two encryption keys can be used to encrypt two separate storages, and then securely stored and processed in the trusted execution environment. Each of the two encryption keys can be retrieved using one or more associated secrets (passwords, etc.), and one or more other secrets would delete the encryption key associated with a preselected storage.