[go: up one dir, main page]

HK1075945B - Method and device for encryption/decryption of data on mass storage device - Google Patents

Method and device for encryption/decryption of data on mass storage device Download PDF

Info

Publication number
HK1075945B
HK1075945B HK05107868.9A HK05107868A HK1075945B HK 1075945 B HK1075945 B HK 1075945B HK 05107868 A HK05107868 A HK 05107868A HK 1075945 B HK1075945 B HK 1075945B
Authority
HK
Hong Kong
Prior art keywords
key
encryption
decryption
mass storage
physical address
Prior art date
Application number
HK05107868.9A
Other languages
Chinese (zh)
Other versions
HK1075945A1 (en
Inventor
Kai Wilhelm Nessler
Original Assignee
High Density Devices As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by High Density Devices As filed Critical High Density Devices As
Priority claimed from PCT/NO2002/000342 external-priority patent/WO2003027816A1/en
Publication of HK1075945A1 publication Critical patent/HK1075945A1/en
Publication of HK1075945B publication Critical patent/HK1075945B/en

Links

Description

Method and apparatus for encrypting/decrypting data on a mass storage device
Technical Field
The present invention relates to a method and apparatus for securely encrypting (encrypting), scrambling, decrypting (decrypting) and descrambling data, and more particularly, to a method and apparatus for securely encrypting and decrypting data when writing to or reading from a mass storage device such as a disk unit, a tape unit or other electronic/mechanical/optical mass storage media (referred to as mass storage) connected to a computer or other electronic apparatus such as a digital camera, a digital audio/video recording apparatus (referred to as a computer system) through a mass storage bus.
Background
Computer systems store programs and data in mass storage devices. Unauthorized access to such stored data is a well-known and increasingly threatening issue. A common method of protecting such stored information is to require the user of the computer system to provide a username and password in order to avoid unauthorized access to the data.
Little has been realized that unauthorized persons can access any portion of the information stored on the mass storage device without standard user identification methods; an unauthorized person can remove the storage device from the computer (which is particularly easy on some systems with an external mass storage unit), insert the storage device into another computer system, and read/use the information stored on the mass storage unit, even if data is modified (fraud) if necessary. Stealing mass storage data is an increasing threat.
It is well known to secure information by encryption before it is stored on a mass storage medium. The encrypted file or data segment must be decrypted before it can be used. When the data is written back to the storage unit, the data must be re-encrypted. This process involves the user taking additional procedural steps, and is why such precautions are rarely effective when used.
Most computer operating systems are also built as working files (swap files, temporary files) that use the information currently being processed. Sensitive data may remain available in the working file. Even if the user thinks the job is complete and the data is encrypted and securely written to disk, one skilled in the art will be able to extract the data and document from the working file.
These working file copies can be restored even after deletion, because deletion typically only marks an area on the mass storage medium as available, rather than erasing the data. To ensure erasure of data, the medium is repeatedly written with random data to ensure that no information is available on the deleted portion of the mass storage medium. This process is susceptible to storage media. The above is typical for magnetic type media, but is different for electronic/mechanical/optical media; since writing usually shortens the lifetime of the medium, it is not possible to write back flash media multiple times.
These processes involve extensive computer processing and the use of specially designed software.
Using a software encryption program exposes the assigned encryption keys when processing them. Unauthorized persons, virus programs, spy programs, etc. may use these exposed keys to decrypt stored data.
To avoid some of the above disadvantages of protecting mass storage data, it is known to encrypt all of the stored data on a mass storage device and decrypt all of the data read from such a mass storage device.
One advantage of this scheme is that all data on the mass storage device is always encrypted. This is accomplished by executing a special program to process the data stream to and from the mass storage device.
However, the above-described programs cannot be stored encrypted because the computer system must be able to read and initiate execution of the program in order to be able to decrypt the information stored on the mass storage device. If all information stored on a mass storage device is to be encrypted, the program must be stored on another mass storage device without encrypting the data stored thereon. Another significant drawback of such systems is that the encryption/decryption process requires computer resources, leaving much less processor resources for the computer system user, and the encryption keys are exposed when used.
Us patent 5513262(van Rumpt et al) discloses an electronic apparatus that encrypts and decrypts data sent to and from a mass storage device in a computer system by inserting the electronic apparatus in a bus connecting the computer system and the mass storage device.
The connection bus passes command codes, for example, of a hard disk drive controller. Commands will be passed through by the electronic device and remain unchanged, while data can be encrypted/decrypted at high speed as it is passed through the electronic device to and from the mass storage device.
Encryption/decryption may be accomplished by applying an encryption/decryption algorithm (DES) and an encryption/decryption key to a data stream communicated through the electronic device. However, the disclosure does not teach how to enter the key into the encryption/decryption device in a secure manner.
One possible solution is to hard-code the key into the unit, but an alternative key is more attractive, as in case the used key is accidentally revealed. The manufacture of the encryption/decryption device must also keep track of all the codes used, for example if the electronic device used is destroyed it must be replaced to access the stored data. Therefore, there must be an index linking the hard-coded key with a particular device, which in itself presents a security risk.
Replacing the key would mean transferring the key from the computer system to the electronic apparatus via the interconnecting bus between the computer and the mass storage device, which means involving the central processor of the computer system. Malware inserted in a computer system, such as viruses, worms or Trojan (Trojan) code, may hijack keys when they are transferred, thus compromising encryption.
British patent application No. GB 2264374(Nolan) discloses another arrangement interposed between a host and a mass storage device. Data flows between several data buffers, which is acceptable for low speed tape recording systems, but the architecture of the device cannot be used in modern high speed hard disk drives. Furthermore, encryption/decryption depends on the organization of the data blocks in memory, which makes the encryption/decryption device dependent on the computer system. However, this patent discloses a stand-alone terminal on which an operator can input an encryption/decryption key directly to an encryption/decryption device without involving a central processor in a computer system. Even if keys are provided from a separate key storage medium, like a smart card, using a separate channel, the data stream may still be compromised and/or manipulated.
A major drawback of the prior art is that all methods known so far use one algorithm and one key for all content on the storage medium. The same data set will be encrypted by the same pattern that can be used to crack the key and encryption method used. A simple example may illustrate this situation: the english word "is to be encrypted as, for example," ce ". Recognizing that "is a very common term in english text, and that the combination of the two letters is often the second term in a sentence, such observations and patterns can help to break the code used.
Summary of The Invention
The invention as claimed in the appended patent claims and the present embodiments of the invention present improved methods and apparatus for allowing encrypted/decrypted data to be stored and retrieved from mass storage media in the context of a computer system or similar system.
The present invention provides a method and apparatus for encrypting and decrypting data in an addressable area on a mass storage media by one of a plurality of encryption/decryption algorithms and keys, wherein the current algorithm and key to use for a current data item within said addressable area is selected based on the physical address of the lower address bound and the upper address bound of said addressable area range on the mass storage media.
Device configurations according to embodiments of the present invention can encrypt/decrypt email or other types of electronic messages at high speed. The key and associated encryption and algorithms may be a system that provides a public key and a private key. In this way, a person communicating using email can establish a secure message channel using their own private key and by exchanging information about the public key and algorithm used to encrypt the message.
In a preferred embodiment of the present invention, a method and apparatus are provided that allow different operating systems to be completely separate and apart even if stored on the same mass storage medium, and to be loaded into a computer system only when the correct key is inserted in the apparatus of the present invention for use in an operating environment. In one embodiment of the invention, a user/administrator of a computer system stores its own key encryption on a key carrier that transmits the key to the encryption/decryption device over a secure channel. This configuration allows the user administrator to access his own data files and allowed operating environments. When such a key is deleted from the device, according to a preferred embodiment of the invention, the possible operations performed may be one of the following: shutting down the computer; stopping only the execution of the program in the computer; the program execution may be stopped after a predetermined period of time or the computer system may simply be held in an operational state until the computer system is rebooted. At this point, the key will be needed when booting is started again. The method and apparatus according to this particular embodiment of the invention greatly improves the security of data in a computer server system over the prior art.
One aspect of the present invention is to provide a secure and tamper-free method and apparatus to provide a key for an encryption/decryption algorithm operating in an embodiment of the present invention.
FIG. 1 schematically shows an example of embodiment of the present invention;
fig. 2 schematically shows a secure channel for transferring encryption/decryption keys from a smart card or other type of key carrier to a device according to the invention;
fig. 3 schematically shows the layout and interconnection of functional units in an electronic device according to a preferred embodiment of the present invention;
FIG. 4 is a diagram of an exemplary encryption process according to an embodiment of the present invention;
FIG. 5 is a diagram of an exemplary encryption process, according to an embodiment of the present invention;
FIG. 6 is a diagram of a preferred embodiment of an encryption process in accordance with the present invention;
FIG. 7 schematically illustrates a comparison system of the embodiment of the invention shown in FIG. 3;
FIG. 8 shows the system of the present invention wherein the master boot record of the disk system is swappable.
DISCLOSURE OF THE INVENTION
The mass storage device is connected to the computer system through a mass storage bus (e.g., a cable, copper wire or fiber optic cable, etc.) that provides for the transfer of data, control code, and status code between the mass storage device and the computer system.
There are several types of bus systems and protocols that can be used for this purpose. Such as a SCSI (small computer system interface) bus, an IDE (integrated drive electronics) bus, an AT (advanced technology) bus, an ATA (advanced technology attachment) bus, a USB (universal serial bus), a FireWire (fire bus), a FiberChannel, and others. These bus types are well known to those skilled in the art.
The present invention may use one or more of these bus protocols.
Fig. 1 shows an electronic device 13 according to an embodiment of the invention. The mass storage device communicates with the computer through means 13, the means 13 providing a first end 12 communicating with the computer 10 via the bus segment 11 and a second end 14 communicating with the mass storage bus device 16 via the bus segment 15. The bus segment 15 typically uses a standard mass storage bus protocol well known to those skilled in the art. Bus segment 11 may use the same protocol as segment 15, but may also be different, such as a serial bus, while segment 15 is a parallel bus. The apparatus 13 is generally configured to transceive data from both ends of the link between the computer system 10 and the mass storage device 16. Data sent from the computer system 10 via the bus segment 11 is encrypted at high speed in the device 13, while data sent from the mass storage device 16 to the computer system 10 via the bus segment 15 is also decrypted at high speed in the same device 13. In embodiments of the present invention, where bus segment 11 and bus segment 15 employ different bus protocols, device 13 also acts as a converter between the two protocols while encrypting/decrypting user data at high speed.
The device 13 can be arranged in different ways according to the invention. For example, the functional unit shown in fig. 3 may be provided as a main part of a hard disk controller. In this case, the bus segment 11 is typically a mass storage bus. The bus 15 is typically an internal bus definition that is directly connected to the hard disk drive system.
In another example of an embodiment of the present invention, device 13 would be a circuit designed as part of a motherboard of a computer system. Typically, the bus segment 11 will be implemented according to the internal bus definition of the motherboard or adapted to communicate with programmable input/output devices on the motherboard, such as direct memory access channels. The bus segment 15 is a mass storage bus.
Data transferred between a computer system and a mass storage device can be divided into two categories: command/control codes and user data. Command/control codes are all information related to the command/control of a mass storage device, including status codes, format codes, and codes that specify the organization of mass storage media data, the operations performed, the locations used on the media, and so on.
The command/control code is read from the bus 11 via the first end 12 of the device 13 and then written by the device 13 onto the bus 15 via the second end 14 without encryption or decryption (although this may vary in some cases). The mass storage device controller will follow these command/control operations that conform to the mass storage device manufacturing specifications. This arrangement of selectively identifying commands/codes or data is used to transmit extended control/codes that are active on the device 13 to select encryption keys, algorithms and other operational functions and characteristics within the device 13.
The scheme of how to identify such command/control codes is generally described in the mass storage bus protocol.
However, in some mass storage bus protocols, the command/control code cannot be extended to enable operation in the device 13. In another example of an embodiment of the present invention, some blocks of data may be "borrowed" on unused areas of the mass storage media, typically areas outside the storage device's restricted area (hidden area). The device 13 may use such an area as a communication window for communicating with the computer and may be used in the same way as is well known to a person skilled in the art when extending command/control codes. The computer system and the device 13 can read and write messages (commands, instructions, data, etc.) to each other through this window.
Referring now to fig. 3, user data is data to be stored on a mass storage medium. Encryption and decryption is performed by passing the user data as input to a well-proven encryption algorithm such as DES, AES, etc. The encryption/decryption device 13 according to the invention has an internal encryption (crypto) bus 32 which connects different hardware parts 41a, 41b, 41n in the device 13, which respectively run specific algorithms and are connected to a user data input stream flowing between the first end 12 and the second end 14 via the internal bus within the device 13 under the supervision of the device control part 30. It will be readily appreciated by those skilled in the art that 41a, 41b, 41n may implement any of a variety of known algorithms (e.g., in a hardwired processing arrangement that takes into account each algorithm that achieves maximum rates), as well as algorithms developed specifically for particular needs (e.g., scrambling algorithms) such as military, satellite communication links, etc.
In yet another embodiment of the present invention, the algorithm may be executed in a microcontroller device, wherein the particular algorithm is selected by loading different program counter contents into the microcontroller. Each of the program counter contents corresponds to a start address of each algorithm stored in a common program memory. For example, the program memory may be a fixed non-volatile memory or a random access memory that is initialized upon power-up of the computer system 10. Encryption and/or rigorous authentication procedures known to those skilled in the art may also be performed on such transmissions.
Large mass storage devices require organization of data so that it can be managed by a computer system and provide a functional file system for users or applications. The basic formatting is to divide blocks/sectors of the medium. It is often necessary for addressable areas with sub-addressable units within an area on a mass storage medium to constitute a functional mass storage solution such as a file system. An addressable area on a mass storage medium is typically a contiguous physically addressable area of the medium that is bounded by lower and upper addresses that define a range of addressable areas. Mass storage systems are typically arranged in a logical layer architecture that defines, for example, different types of storage areas and systems. One example is a RAID disk system definition. The address of such a region is commonly referred to as a logical address. In the present invention, all references are the lowest level addresses, i.e. the physical addresses in the medium. Embodiments of the present invention may be used with all kinds of logical storage layers and systems on top of physical media.
According to a preferred embodiment of the invention, the addressable areas (blocks/sectors) can be individually encrypted using their own encryption keys and/or algorithms. A block 40 in the apparatus 13 receives the area address, such as a block/sector number, and selects an algorithm to be run in the sections 41a, 41b, 41. Fig. 7 shows a comparison block 40. The start address and the end address of the data block (the boundary of the addressable area on the medium) are stored in the comparator 40 as a "start block" and a "stop block", respectively. Upon receipt of the address of the user data item (sub-address within the region), the user data item address is compared with the "start block" and "end block" addresses described above. If the user data item address is greater than or equal to the start block address and the user data item address is less than or equal to the end block address (this condition is detected by the boolean operator and in comparator 40) and a "is my" signal is sent to one of the algorithm portions 41a, 41 b. Otherwise, if the signal is false, execution of the algorithm is prohibited.
In an embodiment of the invention, all hardwired processor algorithm portions 41a, 41b, 41n contain memory areas having the same number of memory units as the algorithm portions. Subsequently, linking of the "is my" signal to a specific algorithm portion is achieved by inputting a logic 1 in a cell having an address equal to the algorithm portion number; otherwise, a logic 0 is input. The selection of the algorithm will be interchangeable, programmable by combining each "is my" signal of each comparator with all cells having an address corresponding to the "is my" signal number.
In a microcontroller embodiment of the algorithm portion, the correct contents of the program counter may be associated with the associated "is my" signal to enable selective and interchangeable programming.
The comparison logic is repeated n times in the comparator block 40, one for each of the n portions of the running algorithm.
Fig. 4 shows an example of encryption of a data element (block/sector or addressable area) where the data is different but the same key is used.
Fig. 5 shows the same encryption scheme as fig. 4, but in this example, the two data elements are the same and the keys used are the same. Thus, the encrypted data elements will be identical, forming a pattern that may be a security risk.
In a preferred embodiment of the invention, the block/sector number information in the command/control code, or the information given in the command for a certain addressable area about that particular addressable area, together with the unique number generated for this block/sector/addressable area selection, is used to select a key (a combination of block/sector/addressable area number and a randomly generated table, where the combination can be made up by concatenation if the key is, for example, a symbol, or by addition or subtraction if the key is a number, etc.). This scheme is shown in figure 6.
The generated number is chosen to prevent two identical blocks (or sequences) of data from being encrypted to be identical, as shown in fig. 5. Random numbers are generated and stored in a table addressed by block/sector/addressable area number within the device 13. In an embodiment of the invention there may be a plurality of tables addressed in two steps, the first step being addressed by the selection signal "my" generated in comparator 40 and in the second step by the block/sector/addressable area number. This arrangement provides the same random numbers for the same blocks/sectors/addressable areas, thereby ensuring correct encryption/decryption of the same data elements, while providing a completely random pattern in the encrypted data stream even if the same data elements and keys are used as shown in fig. 6. The table contents may be generated in a microcontroller 51 within the device 13.
Referring now to fig. 3, to write a block (sequence) of data to disk, the computer tells the disk controller where to write the data via the block/sector number. The encryption/decryption means will receive a command containing a block/sector/addressable area number via part 12 of means 13. The device 13 interprets the protocol of the part 30 recognizing this as a command and feeds it to the part 14 of the device 13 through its internal data path. The protocol part 30 will also store this information ("start block" and "end block" addresses, addresses of user data items etc.) and feed it to the comparator 40 within the device 13 as described above.
When the computer sends a write command, the protocol portion 30 sends the write command to the portion 14 and sets the protocol portion 30 ready for data transfer. Subsequently, the computer starts to transmit data. The protocol part 30 will collect the data from the part 12 via the bus 11 and resize them to 32 bits (this is the size of the internal encryption bus 32 but is not limited to this size) and then transfer the data to the encryption bus 32. Comparator 40 enables the appropriate algorithm portion and associated key and passes the data on encrypted bus 32 through the appropriate algorithm portions 41a, 41 b.
When data is read from the mass storage device 16, the computer sends a read command and the protocol part 30 will arrange the data stream to be read from the mass storage device to the computer by means of an appropriate decryption function in the apparatus 13 in a manner similar to that described above.
At the start of a read/write data transaction, comparator section 40 will send an output signal "is my" corresponding to the current sector, thereby selecting the appropriate algorithm section 41a, 41b,. and 41n and the associated key, where the comparator section 40 contains a set of comparators describing the addressable areas ("start block" and "end block" addresses) on the mass storage medium encrypted using different algorithms.
The encryption/decryption algorithm 41a, 41 b.. or 41n will start collecting data, arranging them to the bit size used by the algorithm. When the correct number of bits is collected, the data will be sent through the current algorithm portion 41a, 41b,. -, 41n selected by the comparator 40. After encryption/decryption, the data is divided into encrypted bus bit sizes and sent from the output of the current algorithms 41a, 41b, 41. The encrypted portions 41a, 41b, 41n also obtain information from the comparators at the start of a new block of data, so that the security protection can be extended using CBC or other encoding functions.
The protocol part 30 also sends all necessary "handshake" signals as part of the bus segments 11 and 15.
The method and apparatus according to the invention are not limited to a certain encryption/decryption algorithm as described above. The portions 41a, 41b, 41n may implement any type of algorithm or data scrambling. In a preferred embodiment of the invention, each section 41a, 41b, 41.
In the best mode embodiment of the invention, the apparatus shown in fig. 1 and 2 is implemented in which the key is arranged in an interchangeable and replaceable manner in each section 41a, 41b,.. so, 41n of the memory allocation selected by the comparator system shown in fig. 7 when the signal is my selected section 41a, 41b,.. so, 41n to run the current algorithm selected by the comparator 40.
Initializing the encryption/decryption system according to a preferred embodiment of the invention comprises providing a start block address, a stop block address, a key and an indicator indicating which algorithm part 41a, 41 b. Fig. 2 shows a system with a smart card reader 61a for reading a smart card 63a (key carrier) containing a start block address, an end block address, a key and an algorithm indicator. Other means of providing this information to the device 13 may be used in accordance with the present invention, such as an infrared communication link or radio link 62 b.
The internal microcontroller 51 will collect the key from the key carrier when the device 13 is activated. The microcontroller sends the key to the appropriate encryption portion via the secure portion 42. The security part will prevent the key from being damaged in case the microcontroller 51 starts running a fault code. The microcontroller will also load the comparator value.
The internal RAM31 (random access memory) is arranged in the same way as the addressable parts of the mass storage device. That is, all the usual functions of the device 13 according to the invention are applicable to the content in the RAM.
To use this functionality, blocks of data may be transferred from RAM31 to computer system 10 via bus segment 11, or from computer 10 to RAM31, or from RAM31 to mass storage device 16 via bus segment 15, or from mass storage device 16 to RAM31, using spreading code as described above. Another way to access the RAM31 is to use it as a storage location outside the disk boundary and thus access the memory, albeit hidden, as if it were part of a disk system. These operations are controlled by the protocol section 30.
One operation that RAM31 may perform is sending an interrupt signal to internal microcontroller 51 when, for example, RAM31 is full. The microcontroller 51 then reads the data from the RAM31 and performs processing on the data. The microcontroller may also perform write operations to the RAM 31. The computer system 10 may also read data from the RAM 31. By constructing a simple communication protocol, the computer can communicate with the microcontroller 51. In a preferred embodiment of the invention, such a protocol is implemented, and a protocol is also implemented which allows the microcontroller 51 to pass this information to the key carrier 63, 65. Thus we have a communication channel to the microcontroller and key carrier 63, 65 via the computer system 10 and just inside the device 13. These communication channels are used for loading keys into the key carriers 63, 65 and for loading keys into the algorithm parts 41a, 41 b.
Regardless of the implementation, the RAM31 may be utilized in several useful applications. In one embodiment of the present invention, the RAM is utilized to load e-mail or other types of electronic data, such as files, network traffic information, etc., into the RAM31 and encrypt the RAM contents in a selected portion 41a, 41b, 41 a. If the length of the data exceeds the size of the RAM31, the communication protocol will split the data and then cycle through the above process to process different portions of the data until the end of the data.
For example, when encrypted e-mail or other types of data are to be decrypted, a user of computer system 10 must load the e-mail or data into RAM 31. The device 13 then runs the appropriate algorithm and transmits the decrypted email back to the computer system 10. The key used for this operation may be a public/private key system providing a secure system in which the key is never exposed when encrypted according to the invention for transmission to the device 13 as described in the invention.
An important aspect of the present invention is to provide secure handling of encryption keys. In a preferred embodiment of the present invention, the key is first transferred from the computer system 10 to the microcontroller. Subsequently, the device 13 may perform the selected key encryption, and the microcontroller 51 may then transmit and load the encryption key into a key carrier 63, 65, such as a smart card. In this simple way, the method and apparatus according to the invention provide a secure channel for the encrypted encryption key used in the system, enabling reliable transfer thereof.
An important aspect of the invention is the use of keys encrypted on a key carrier, such as a smart card. Key carrier technology allows the data content to be "hidden" within the carrier. This functionality improves the security of the key. A more important aspect of key carrier technology is that it is possible for the key carrier to generate within itself a random encryption key for the session. In this way, the whole key process will continue without any human intervention, thereby further improving the security of the key.
The key carrier 63, 65 carrying the key is directly connected to the device 13 via the communication channel 60. For example, the key device interface 61 may be a dedicated smart card reader. For other types of key carriers, it may be an IR transceiver, a radio transceiver, or other similar device.
The key is stored in the external device 65 or 63. There are also methods of storing key data inside the device 13 in the non-volatile memory 52, 53, where to enable these keys the user has to use an authentication procedure (this is a procedure that can be done with other security products).
The present invention protects the loading of external keys by encrypting data to and from the key carriers 63, 65. According to the invention, the device 13 will send the public key to the key carrier 63, 65 after detecting the key carrier 63, 65. The key carrier 63, 65 will then encrypt the session key of the device 13 using the public key, after which the device 13 and the key carrier 63, 65 can start communicating. An alternative approach is to use a key exchange scheme (e.g., Diffie-Hellman key exchange) to define the session keys. The session key will encrypt all data on the communication channel 60. The invention will send a check message to the key carrier 63, 65 to ensure that the key carrier 63, 65 and the key device interface 61 are still online. This check message will be sent with enough data at random time intervals to ensure that the key device interface 61 and keys 63, 65 and device 13 can authenticate each other. If the key carrier 63, 65 detects an irregularity it will be switched off. If the device 13 detects an irregularity it will be switched off. An exception to this scheme is that the key may have a lifetime parameter. This parameter tells the device 13 the period for which the key remains "valid" in the device 13 after deletion. If the key is deleted, the key device 13 will not turn off the key until the key life has reached a predetermined limit according to the invention. All other detectable "tampering" with the key or key device interface 61 will cause the apparatus 13 to turn off all keys. Shutdown means that the key is deleted from the device 13 in a detectable way and the device 13 will no longer be able to access the protected area determined by the key.
Referring now to FIG. 8, the present invention may also perform data interception functions; meaning that it can mark sectors/blocks and store content inside RAM31, which can then be modified or altered and then sent to host system 10. Through the function, the partition table on the disk system can be changed, and the partition table is changed to match a key set; for example, different key sets may boot systems with different operating systems. One key unit may boot operating system 1 and another key unit may boot operating system 2, with operating systems 1 and 2 being separate from each other on the hard disk drive.
This is a useful function in home office computers and other computers where more than one user needs to have exclusive access to and protect data.
As shown in fig. 8, the hard disk device 16 may be divided into several independently partitioned storage areas. The MBR (master boot record) contains the necessary information for the computer system to first load at system boot. The contents of the MBR tell the computer system where and how to load the operating system from the hard drive. According to embodiments of the present invention, MBRs for different operating systems on the same hard disk drive may be stored, for example, on a smart card, along with encryption keys. As described above, the MBR on the smart card may be loaded into the RAM31 and decrypted and then used as the MBR for the hard disk drive 16 connected to the device 13.
The invention also provides a two-step booting method of the computer system. First, a program code segment (stored in the non-volatile memory 52 of the device 13, or in a key carrier such as a smart card) that provides an authentication method for the user/administrator is sent to the host system 10. Second, after the authentication is successful, the main boot area is downloaded from the hard disk drive to the computer.
The present invention provides methods and apparatus for encrypting/decrypting data stored on addressable portions of a mass storage media by employing different algorithms and encryption/decryption keys, thereby improving the security of the mass storage device.
One aspect of the present invention is to provide a key and an algorithm for a particular addressable portion of a storage medium.
Another aspect of the invention is to improve security when encrypting the above addressable portions of the storage medium by means of the specific key and algorithm by providing a random number together with the key in order to randomize the pattern formed on the encrypted medium, even if successive data records are similar and encrypted using the same key and algorithm. The random numbers are stored in a table allowing recovery of a particular random number when decrypting data encrypted using a random number selected by information about the block/sector number or the address of the addressable part of the medium.
The present invention also provides a system for downloading a particular operating system and operating environment from a hard disk drive onto a computer system in a secure manner, which also achieves complete physical and logical isolation of data files of different operating systems from the computer system user. The present invention provides an encryption/decryption method and apparatus that prevents access to data on a server hard disk when, for example, the disk system on the server is stolen or removed and transferred to another computer system.
A further aspect of the invention is to provide an encrypted communication channel for key transfer between a key carrier and a device according to the invention.

Claims (36)

1. Method of encrypting a data stream transferred to or from a mass storage medium, including encoding and scrambling, and decrypting, including decoding and descrambling, wherein the data stream comprises a plurality of data items, each respective data item having a uniquely associated physical address comprised in the data stream, the address defining a location on or retrievable from the mass storage medium where the respective associated data item is storable or retrievable, wherein the method comprises the steps of:
providing a partition for dividing the mass storage medium into a plurality of segments, each respective segment comprising contiguous physically addressable readable/writable storage locations, wherein each respective segment is bounded by a lower physical address and an upper physical address of the mass storage medium, each address of the respective lower physical address and the upper physical address being part of each respective segment,
associating a plurality of encryption/decryption algorithms with each respective one of the plurality of segments dividing the mass storage media, wherein the same one of the plurality of encryption/decryption algorithms may be associated with a different segment,
associating a plurality of encryption/decryption keys with each respective one of the plurality of segments dividing the mass storage medium,
in case of streaming data to a mass storage medium:
comparing the physical address of each respective associated data item with a respective upper physical address and a respective lower physical address that bound each respective segment of the mass storage medium into which the associated physical address is partitioned to identify within which bound segment,
using the identified segment to select an associated encryption algorithm and a corresponding associated encryption key for said segment for encrypting the data item before storing the data item at an address on the mass storage medium defined by said associated physical address,
in case of a data stream streaming from a mass storage medium:
comparing the physical address of each respective associated data item with a respective upper physical address and a respective lower physical address that bound each respective segment of the mass storage medium into which the physical address is partitioned, thereby identifying within which bound segment the physical address is,
the associated decryption algorithm and the corresponding associated decryption key are selected using the identified segment to decrypt the data item prior to transfer from the mass storage medium.
2. The method of claim 1, wherein the step of selecting the encryption/decryption algorithm and the associated key further comprises the step of combining the key with a randomly generated number by: a cascade, subtraction or addition operation or a combination of these operations, or any other arithmetic or logical operation is applied to the two terms constituting the randomly generated number and the secret key.
3. The method of claim 2, wherein the randomly generated number is taken from a table whose address is an index made up of at least a portion of the address of the data item.
4. The method of claim 3, wherein the randomly generated numbers for combination with the key are stored in the table, wherein the addresses of the table are based on two physical addresses within a range selected by the corresponding addressable segment on the mass storage medium.
5. The method of claim 4, wherein at least a portion of the contents of the table storing the randomly generated numbers is stored in the table in a static or dynamic alternative.
6. The method of claim 1, wherein said step of selecting said algorithm and said associated key comprises the steps of:
providing a set of addressable region ranges by listing the lower address bounds and the upper address bounds in pairs;
providing a link that links an entry in the set of addressable area ranges to one of the algorithms, but one algorithm may be used in more than one addressable area range of the mass storage media;
comparing said address with all of said upper and lower address bounds in said set using said address of a data item, thereby finding pairs of lower and upper address bounds that encompass said address of said data item in a detectable manner; and
sending out a signal or message containing information about said enclosure of said data item address, whereby the appropriate one of said encryption/decryption algorithms is identified by using said linking of algorithms and addressable area ranges.
7. The method of claim 6, wherein a lower address bound and an upper address bound are predefined static or dynamic links to the link to an encryption/decryption algorithm and its associated key.
8. A method according to claim 1, wherein the keys associated with the plurality of encryption/decryption algorithms are transferred from the data carrier of the keys to the algorithms via a secure encrypted communication channel.
9. A method according to claim 8, wherein said communicating of said key is effected by a Diffie-Hellman key exchange scheme or using a public-private key infrastructure.
10. The method of claim 8, wherein the transmission of the key is accomplished through an authentication process.
11. The method of claim 8, wherein the key carrier is a device comprising a processing unit and a non-volatile memory.
12. A method according to claim 8, characterized in that the securely encrypted communication channel is arranged between key device interfaces provided with means for connecting the key carrier to the communication channel in a receivable manner.
13. The method of claim 12, wherein the secured encrypted communication channel of the arrangement is an optical and/or fiber optic communication channel.
14. The method of claim 12, wherein the set secure encrypted communication channel is a radio communication channel.
15. The method of claim 12, wherein the set secure encrypted communication channel is a wired communication channel.
16. The method of claim 11, wherein the key carrier generates an encryption/decryption key in the embedded processing unit and the non-volatile memory.
17. The method of claim 1, comprising the further step of:
providing a master boot record of the hard disk system encrypted with one of the plurality of encryption/decryption algorithms and an associated key on the key carrier;
reading the content of the smart card, thereby realizing the decryption of the master boot record by utilizing a recognizable decryption algorithm and the related secret key;
transferring the decrypted contents of the master boot record to a computer system coupled to a hard disk drive system, thereby enabling booting of a portion of a computer operating system and/or file system and/or system/user environment and/or other types of partitions and/or information stored encrypted on the hard disk drive system into the computer system.
18. The method of claim 17, wherein the key carrier contains one of an encryption/decryption key and a plurality of master boot records.
19. An apparatus (13) for secure encryption and decryption of data for providing encryption including encoding and scrambling and decryption including decoding and descrambling of a data stream flowing through said apparatus (13) for transfer to or from a mass storage medium, wherein the data stream comprises a plurality of data items, each respective data item having a uniquely associated physical address included in the data stream, the physical address defining a location at which the respective associated data item is storable on or retrievable from the mass storage medium, the mass storage medium being divided into a plurality of segments, each respective segment comprising a contiguous physically addressable readable/writable storage location, wherein each respective segment is bounded by a lower physical address and an upper physical address of the mass storage medium, each address of the respective lower physical address and the upper physical address being part of each respective segment, wherein a plurality of encryption/decryption algorithms are associated with each respective one of the plurality of segments of the partitioned mass storage media and a plurality of encryption/decryption keys are associated with each respective one of the plurality of segments of the partitioned mass storage media, wherein the apparatus comprises:
a plurality of electronic encryption/decryption circuit portions (41a, 41n) providing said plurality of encryption/decryption algorithms with an acceptable contiguous storage space for storing/retrieving associated encryption/decryption keys;
a comparator circuit (40) divided into a plurality of sections, including in each section the following interconnected: two writable/readable storage locations (100, 101) to which the lower physical address and the upper physical address delimiting one of the segments, respectively, two electronic comparator units (102, 103) and a logical and gate (104) are interconnected, so as to compare in the comparator unit (102) the content loaded in the storage location (100) with the associated physical address (105) from the data stream, to determine whether the associated physical address (105) is greater than or equal to the content loaded in the storage location (100), and to simultaneously compare in the comparator unit (103) the associated physical address (105) with the content loaded in the storage location (101), to determine whether the associated physical address (105) is less than or equal to the loaded content of the storage location (101), whereby the output of said and-gate (104) generates an enable signal, each of said enable signals being connected to a respective one of said plurality of electronic encryption/decryption circuit portions (41a, 41b, 41n) in each of said portions of said comparator circuit (40), thereby also initiating retrieval of an associated encryption/decryption key from said connected memory space.
20. An apparatus as claimed in claim 19, characterized in that a writable/readable table of randomly generated numbers is present in the apparatus (13), whereby, with the enable signal, the associated key associated with said one of the selected algorithms is combined with the randomly generated numbers by a logical or arithmetic operation.
21. The apparatus according to claim 20, wherein the contents of the table are predefined and provided in a plurality of apparatuses (13).
22. The device according to claim 19, wherein the key associated with the algorithm is transferred from a key carrier (63, 65) to the electronic encryption/decryption circuitry portion (41a, 41b, 41n) via a secure encrypted communication channel (60) connected to a microcontroller (51) in the device (13).
23. An apparatus according to claim 22, wherein the transmission of the key is implemented via a Diffie-Hellman key exchange scheme or public-private key infrastructure.
24. The apparatus of claim 22, wherein the transmission of the key is accomplished through an authentication process.
25. An arrangement according to claim 22, characterized in that the key carrier (63, 65) is a device comprising a processing unit and a non-volatile memory.
26. An arrangement according to claim 22, characterized in that the securely encrypted communication channel (60) is established between the key carrier (63, 65) and the encryption/decryption circuit portion (41a, 41b, 41n) which are connected in a receivable manner to a key device interface (61) by means of the microcontroller (51) and an electronic security unit (42).
27. An arrangement according to claim 26, characterized in that the key device interface (61) is a smart card reader.
28. The arrangement according to claim 22, wherein the secure encrypted communication channel (60) is an optical and/or fibre-optic communication channel.
29. The apparatus of claim 22, wherein the secure encrypted communication channel (60) is a radio communication channel.
30. The apparatus of claim 22, wherein the secure encrypted communication channel (60) is a wired communication channel.
31. The apparatus according to claim 19, wherein the input and output of the plurality of electronic encryption/decryption circuit portions (41a, 41b, 41.
32. An arrangement as claimed in claim 31, characterised in that an internal RAM (31) is connected to the cryptographic bus (32) via a circuit controller (30).
33. An arrangement according to claim 19, characterized in that said data stream flowing to or from said mass storage medium to said device (13) is transferred on a first input/output bus (15), that data stream flowing to or from said device (13) to a computer system is transferred on a second input/output bus (11) of said device (13), that said first input/output bus (11) and said second input/output bus (15) are one of the following bus standards: SCSI, IDE, AT, ATA, USB, FireWire, FiberChannel.
34. An apparatus according to claim 33, wherein the first input/output bus (11) and the second input/output bus (15) are different in case a circuit controller (30) in the apparatus (13) performs a protocol conversion between the two input/output buses (11, 15).
35. The apparatus of claim 22, wherein:
a hard disk system master boot record encrypted using one of the plurality of encryption/decryption algorithms and an associated key in the plurality of electronic encryption/decryption circuit portions (41a, 41 b.., 41n) is stored on a key carrier (63, 65);
the microcontroller (51) reading and transmitting the master boot record for storage in an internal RAM (31);
the connected computer system (10) is then booted according to the contents of the RAM (31) via a circuit controller (30) and an input/output bus (11).
36. The apparatus of claim 32, wherein e-mail or any type of electronic data transmitted as a data stream is transferred from a computer system (10) to RAM (31) via an input/output bus (11) and the circuit controller (30), and is encrypted/decrypted via the encryption bus (32) and then read back to the computer system (10) for further operation.
HK05107868.9A 2001-09-28 2002-09-25 Method and device for encryption/decryption of data on mass storage device HK1075945B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US32516801P 2001-09-28 2001-09-28
US60/325,168 2001-09-28
PCT/NO2002/000342 WO2003027816A1 (en) 2001-09-28 2002-09-25 Method and device for encryption/decryption of data on mass storage device

Publications (2)

Publication Number Publication Date
HK1075945A1 HK1075945A1 (en) 2005-12-30
HK1075945B true HK1075945B (en) 2011-01-14

Family

ID=

Similar Documents

Publication Publication Date Title
KR100692425B1 (en) Method and apparatus for encrypting / decrypting mass storage device
AU2002326226A1 (en) Method and device for encryption/decryption of data on mass storage device
US7979720B2 (en) Data security for digital data storage
US7861094B2 (en) Data security for digital data storage
CN101983379B (en) Disk drive data encryption
US20040172538A1 (en) Information processing with data storage
US10592641B2 (en) Encryption method for digital data memory card and assembly for performing the same
US20100043078A1 (en) Secure compact flash
JPH11272561A (en) Storage medium data protection method, device thereof and storage medium
JP2007510201A (en) Data security
US7818567B2 (en) Method for protecting security accounts manager (SAM) files within windows operating systems
KR101117588B1 (en) Record carrier comprising encryption indication information
CN103294969A (en) File system mounting method and file system mounting device
JP2008005408A (en) Recording data processing device
CN101727557B (en) Secrecy isolation hard disk and secrecy method thereof
JP2002538566A5 (en)
HK1075945B (en) Method and device for encryption/decryption of data on mass storage device
CN102129535A (en) Encryption method of non-volatile computer system based on hardware and computer
CN119475451A (en) A method, device and electronic device for lossless encryption migration of hard disk data and encryption of designated partitions
JPH02188782A (en) Enciphering device