FI125231B - A method for protecting the contents of a portable storage device - Google Patents

Description

BACKGROUND OF THE INVENTION USB storage devices have replaced the old-fashioned floppy disks and CD-RWs as removable storage devices. There are other removable memory devices (RMDs), such as Compact Flash cards and Secure Digital flash drives. Memory cells in RMD devices are usually based on Flash technology, but high capacity devices may also have small hard drives. In this terminology, RMD means a storage device that can be removed without the use of tools and that, after removal, can transfer data from one location to another. To use RMD, you need to install the proper driver for your computer's operating system. This driver provides access to all RMD data. Access means reading and writing data from RMD. Usually, RMD appears as a disk drive.

You cannot save data to disk drives unless they are properly formatted. During formatting, a file system is created on the disk. In Windows XP, typical disk systems are NTFS and FAT32, while in Linux EXT2 is common. After formatting a disk drive, its file system contains an empty root directory that can be used to reference files and subdirectories. Almost all file system information is stored in blocks that point to specific locations in the physical memory of the storage medium. RMD's memory addresses are an example of an assignment.

Based on semiconductor technology, RMDs are the most practical tools for transferring personal and business information. They are light and compact in size and have proven to be more reliable than their predecessor floppy disks. The typical Flash based RMD capacity is currently 1 GB. 64 GB devices already exist and can be expected to stabilize the market within a few years.

Let's look at the situation where a company has made its employee available to RMD. It is likely that RMD will store more or less confidential content. Numerous encryption methods have been proposed to protect the content stored on RMD. The most common implementation is to split RMD into two sections, one protected and the other unprotected. An unprotected partition has a driver that will be installed first and will only allow you to use the protected partition after entering the password. Other security methods are also in place, such as integrating a fingerprint reader into RMD. In this case, the protected information is not revealed until the correct fingerprint has been identified.

None of these methods protect information in cases where the employee is no longer employed by the company or has changed department within the company. He will still have access to RMD's confidential information, even though he no longer has the right to use it.

Information can be encrypted with or without concatenation. The information is encrypted in a predetermined manner using an encryption key and decrypted with a decryption key, respectively. In non-chained encryption, the end result is not dependent on previous data, whereas in chained cryptography, the end result of previous encryptions defines the initial state of the next encryptions. There are many examples in the art of non-chain (e.g. DES, ECB) and chain (e.g. CBC, CBF, OFB, 3DES) encryption and their encryption methods.

WO 03088052 A1, Tune, describes a system for storing information, in particular a credit card number. It consists of four components: an information server, a client system with a local database, a hash server, and a transaction server, all of which are connected to an Internet network. When new information is stored that is intended to be useless to an intruder, it is divided into two parts. At first, the customer system does nothing at all. Instead, the customer service of the second part, to which the customer number is attached, sends a message over the network to the information server, but before that it digitally signs it and encrypts the information server with the public encryption key. The information server decrypts the message, extracts said second part and client number, and sends the client number in an encrypted message to the hash server, which, using the strong hash function, generates a hash value from the client number and sends it to the information server. This uses the resulting hash value as a hash index at the registry where the second part extracted from the original information is stored unencrypted. In addition, the hash server performs the hash operation on the second non-encrypted part and sends the resulting hash value to the information server encrypted, which sends it and the client number in an encrypted and digitally signed message to the client server.

The customer service decrypts the message, appends the hash value received from the information server to the first part, and stores the combination in a database, and uses the unencrypted customer number as the search key to the storage location. When the client server wants to compile the original information, it requests the information server to store the second piece of information. First, using the hash values and the client number stored by both parties in a certain way to verify the correctness of the request, the information server returns the second portion stored by it.

The publication does not provide a solution to the problem of combining information, where part of the information is stored from a sharing location to a separate storage location and another part to a removable storage device that is detached from the sharing location system, pocketed, removed, connected to another machine where the information is assembled intact.

US 2005240749 A1, Clemo et al., Describes a procedure whereby a device with limited memory, such as a mobile phone, can securely store data over a network on external file servers. The phone analyzes the data and applies a fragmentation policy according to which, depending on the nature of the data, the data is split into pieces of such a length that it is not possible to find out all the content in one piece. After the data to be transmitted, such as a file, is chopped, the pieces are sent from the mobile phone over the network to different file servers. Once done, both the fragmentation policy and the distribution policy are stored in the phone memory. When the data is to be recaptured to the phone from its various storage locations, the data fragmentation policy and the distribution policy are retrieved from the memory. They are inversely applied, whereby the distribution policy tells where the pieces are sought and the fragmentation policy how to combine the data into the original data.

The publication does not provide a solution to the problem of combining information, where part of the information is stored from a sharing location to a separate storage location and another part to a removable storage device detached from the sharing location system is removed and connected to another machine where the information is assembled intact. In a publishing system, both chopping and compiling of information take place in the same place, that is, data in a separate storage location on a telephone cannot be combined with missing parts independently of the telephone.

The state of the art does not disclose a method of protecting information in cases where it is desired to prevent a person from gaining access to sensitive data on a flash drive or similar when he is no longer authorized to use it.

Summary of the Invention

In addition to RMD, the user has at his disposal a secondary storage device (SMD). RMD is a storage device that is easy to carry with you, while SMD is a storage device that is accessible through a telecommunications network from numerous locations. Indeed, SMD can be a file server that the user can access through an intranet or a secure remote connection tunnel, such as VPN (Virtual Private Network). There are numerous examples of prior art processing of data on a file server: for example, there is an open source implementation that allows Windows workstations to use Linux servers that have Linux Samba installed. SOAP (Service Oriented Architecture Protocol) also provides a method for data transfer in a network environment.

When writing data to RMD via the appropriate driver, Fig. 1, the driver deletes part of the original data 1 and saves the deleted part 2 to the SMD 4. The remaining part is written to RMD 5. There are numerous methods of deleting what part of the data is described below. by way of example, a few.

One simple way of defining the information to be deleted is to generate a Pseudorandom Bit Stream (PBS) 8 with a pseudorandom bit generator 7 generating a specific seed number 6. In this case, the random number generator produces a bit string with nk and yk. In this case, it is sufficient to store the seed number 6 on the SMD 4 along with the deleted data 2, because when the data is restored, the same seed number produces exactly the same bit sequence by the same algorithm.

It should be noted that non-numeric data, such as a vector, may be used instead of a seed number. For purposes of clarity, the term "seed number" is used in this description to describe any input that controls a random number generator. You do not need to save this feed in its entirety to SMD 4, as long as the feed is fully available when data is later restored.

When data is recovered, in Fig. 2, from RMD 5, the driver requests the deleted part of SMD 4 and resets it by first reading the seed number 6 from the stored data and forwarding it to a random number generator 7 which in turn produces the same PBS 8 used when writing the data. . PBS controls a bit string combiner, which extracts bits from the data read from either SMDJ 4 or RMDJ 5, depending on which bit is present in PBS. Exactly SMDJ and RMDJ read data are placed in their own buffers, each read separately bit by bit. If there is no connection to SMD 4, the data 5 read from RMDJ will remain incomplete and unsuitable for most applications.

In other words, PBS defines the locations from which data to write to RMDJ 5 was deleted. The data read from SMD 4 is placed at these points, whereupon the original data 1 can be restored.

There are other procedures for marking the items to be deleted: Instead of deleting data using pseudorandom numbers, it would be possible and less cumbersome to always delete a certain amount of data from the beginning of each block. In this particular case, neither the random number generator 7 nor the seed number generator 6 is required, PBS can be thought of as always constant, and thus there is no need to store the seed number 6 on the SMD. The disadvantage here is the weakness of protection, especially if the number of bits to be deleted is small. As a compromise between security and computational efficiency, a lookup table could be used, where the seed number defines a point in the table where the data would be used instead of a random number generator.

While the previous example and the following examples illustrate bit-by-bit data removal, it should be noted that for most platforms, it is more computationally efficient to delete data in a byte byte, byte byte, word by word, or in portions larger than one bit. In other words, the smallest unit of data in the original data 1, the deleted data 2, and the remaining data 3 is a set of bits instead of one bit.

It should also be noted that information can be divided into more than two parts, although for the sake of clarity the examples only illustrate the division into two.

If the RMD user does not have access to the SMD or the network in use, all requests to the SMD will fail and the data cannot be returned to that user. This allows a knowledgeable network administrator to remotely disable or restore any user's RMD by simply changing that user's network access.

Everything above about RMD can be generalized to other memory devices, especially to mass storage devices and volumes, even if any memory device can become removable, for example, as a result of a burglary.

List of figures

In the following, the invention will be explained in more detail with reference to the accompanying diagrammatic figures, of which Figure 1 illustrates data partitioning and storage on memory devices, and Figure 2 combines shared information on another memory device.

DETAILED DESCRIPTION OF THE INVENTION

The easiest way to implement the invention is to obtain an open source driver for a file system. For example, there are Windows implementations for the Linux EXT2 file system, which is not supported by default in Windows XP. Translating some drivers may require the Microsoft Installable File System development kit.

In the preferred embodiment, the open source driver is modified such that each block that the driver writes to RMD (5) is modified: First, the content is encrypted using some unlinked algorithm, and then some data and information on the block is stored in SMD (4). where it came from. Let this data be called the data removed from the RMD (5). Deleting shortens the block to write to RMD, so you can add random data to the end of the block to keep the block size. Another option is to overwrite random data for deleted bits, which of course needs to be taken into account when recovering the original data.

It is easy to find numerous pseudorandom algorithms in the literature. The algorithm must be such that it always produces the same sequence with the same seed number. It is easy for one skilled in the art to control the ratio of one to zero: For example, if an average of every 16 bits were to be deleted, a random number generator could produce 4-bit half-bytes for each bit. Whenever a byte contains zeros, it would result in a zero bit for PBS. All other combinations would produce the first bit.

Additional protection is obtained by the random number generator generating a bit string from the secret key in the same way as the AES-128 CTR generates an XOR-decoding bit string in the commonly known ISMACryp encryption algorithm.

Further, additional protection is obtained by encrypting the data (1) before deleting anything. Reading data is much more difficult if the deleted data comes from encrypted data. Particularly, the best security is achieved by using a concatenated method, in which case all the information below depends on the data being removed.

As the information is read, the block from RMD 5 and both the erased data and its position information from the SMD are read. For example, one skilled in the art will be able to identify, by using a disk block number and any disk identifier, which deleted data belongs to which block. The PBS is created in the same way as when storing the data, the bit strings are combined in the combiner (10) according to PBS, and the original data 1 is restored. The random data that was added at the end of the block as it was typed is deleted.

If random data was overwritten on the data instead of deleting the data, the data read from the SMD will be overwritten on this random data at the points indicated by PBS.

If any data is read by random access in the middle of the block, then the size of the block should be returned to the buffer and read from there. Similarly, random access writing would consist of restoring the original data to the buffer and overwriting the bits to be updated. When the buffer is no longer written, it is saved as described above. All of this is accomplished by one skilled in the art.

In another embodiment of the invention, information is processed at the file-1/0 level instead of blocks. Usually the files are read and written in sequential order. In this implementation, the method is similar to the one described above, but it is good to have a concatenated algorithm before encrypting the data. In this case, any deletion of data would corrupt the entire subsequent file, even if the decryption key is revealed. The disadvantage is that access to the file would be more difficult.

In random access, information is searched by moving the read or write pointer to a specific location within the file. If the file is encrypted by a concatenated algorithm, the data must be read from the beginning to restore the concatenated state before processing that block, unless a few additional steps are taken: To avoid this problem, each file has one or more milestones, either at regular or irregular intervals. The data between these milestones is handled in the same way as the blocks of the preferred embodiment of the invention, except that the state of the concatenated encryption is stored at each milestone.

Each milestone defines its location within the file and its current threaded encryption status. These milestones are stored on SMD 4 in the same way as the deleted data of the primary implementation. When writing a file on a random access basis, it is possible to retrieve the pre-write milestone and restore the buffer to its original data between it and the next milestone. This allows data to be written to this buffer. When a consecutive number reaches the next milestone, its status is read.

In addition, security can be enhanced by encrypting the original data 1 and storing a new encryption / decryption key on the SMD 4 for use with other milestone related information. The milestone may also include other information related to optimizing read and write operations, as deemed necessary by the skilled artisan in each case.

In other embodiments, the reading rate can be significantly increased using read ahead algorithms known to those skilled in the art. So far, methods of data processing have been presented. Here are a few practical points.

When writing data to RMD 5 and SMD 4, it is essential that they remain in sync with each other. In practice, this means that data should be reliably written to both RMD 5 and SMD 4 at the same time. If all operations are always in the same place, the connection speed for SMD 4 would not be a problem as 100 Mbps and 1 Gbps LANs are twinkling ordinary. But what if RMD 5 has a global application range, and connection speed to SMD 4 cannot be guaranteed? In these cases, it is useful to build a local SMD 4 cache (SMDC) at the locations where RMD 5 is used. This SMDC would work like the SMD described above and would preferably be implemented in a fault tolerant manner. The arrangement would also include a centralized SMD server, which would receive updates from the SMDC as bandwidth would allow. Instead of or in addition to SMDC, a centralized server could be used from a variety of locations. In fact, SMDC would serve as a caching cache for a centralized SMD server.

Data is read from SMD 4 from a centralized server if the centralized server contains more up-to-date data. In order to determine the most up-to-date information, it is necessary to specify a unique session identifier when the latest write operation to RMD occurs. This can be called a session identifier which is stored in RMD 5 and also in SMDCs. After all data has been updated to a central server, the session identifier is finally updated there as well. If the session labels on RMD and SMD do not match, no read or write operation should be performed. Instead of a session, you can also use a file-specific extension, for example, using the time stamp of the last time the file was written.

When located in a secure location, the SMDC can also serve as a backup medium for data on the RMD (5). Backup information can also be passed to a centralized SMD server.

For security and tracking purposes, SMDs and SMDCs collect log history information on the server, which includes business information such as my user name, RMD unique identifier, session identifier, current time, user location, file names used, and file operations (read, write, delete, add).

You can further increase security by setting the expiration date. Obviously, data cannot be restored if access to the SMD 4 stops. As a small but useful security measure, the RMD driver may have an additional feature that overwrites the data deleted from RMD 5. Mechanisms and procedures can be readily established by one skilled in the art to remove data from RMDJ 5, for example in the following cases:

When SMD 4 sends an delete command. For example, it could be a seed rate that is never used otherwise. RMD 5 has a hidden file or some specific block containing an expiration time (GMT timestamp), preferably encrypted. If the RMD driver reads from the time server a time that is later than the Expiration Time, the RMD 5 will be cleared. If the time server cannot be reached, the local clock will be used. RMD 5 is a hidden file or special block containing a timestamp of the latest SMD 4 update. If the driver receives a time from the time server that is earlier than the last update time, RMD 5 will be cleared. If the time server cannot be reached, the local clock will be used. The RMD 5 hidden file or a specific block may also contain a session identifier, which could in fact be the timestamp of the last update.

The limitation period can be generalized to cover access periods more generally. Consider, for example, a stock release announcement that has a "get published" time (instead of an expiration date) where any attempt to read the content could be prevented or even lead to the immediate removal of the RMD content.

In addition to time-based access control, location-based access restrictions can also be created by specifying to SMD a list of locations where access is secure (or insecure), such as IP addresses where RMD is allowed (or denied) to communicate. If an RMD request for missing data arrives from an unauthorized location, the request will not be answered or will even remove the contents of the RMD.

These functions can be readily accomplished by one skilled in the art.

Claims (10)

Method for protecting information (1) to be stored on a replaceable memory device (5), characterized in that it comprises the following steps: the replaceable memory device (5) is coupled to a first terminal, the original information is shared in the first terminal by use of an inserted sharing method on a first part (2) and a second part (3), the first part and the information of the sharing method are transmitted through a communication network to a file storage location (4), which is connected to the network and is accessible at least from two different locations, and the second portion is transferred from the terminal to the replaceable memory device (5) connected to the terminal, the replaceable memory device is removed from the first terminal, the replaceable memory device is coupled to the second terminal, in which the second portion is read from the replaceable memory device. (5), a request to obtain the first part (2) and the information of the division method is sent to the file storage location connected to the network (4), the first part and information of the sharing method is received from the file storage site after it (4) has been verified the user rights, using the information of the sharing method, the first and second part are combined and thus the original information is reconstructed ( 1). The method according to claim 1, characterized in that the interchangeable memory device is a portable memory device. The method according to claim 1, characterized in that the driver of the interchangeable memory device, installed in the first and second terminals, performs the steps which should be realized in them. The method according to claim 1, characterized in that the partitioning method is based on a quasi-random algorithm (7), which always produces from the same input (6) the same random byte (8), and that the second part is generated by removing from the original file. data bits, corresponding to selected data bits in the random bit row, the first part consisting of the remaining data bits. The method according to claim 4, characterized in that the input of the quasi-random generator is stored as the information of the division method at the file storage location. The method according to claim 1, characterized in that the information is encrypted before its division. The method according to claim 6, characterized in that an information, which should be used to reveal the encrypted information, is stored on the file storage location connected to the communication network. The driver according to claim 2, characterized in that the driver can remove the information from the interchangeable memory device. The driver according to claim 8, characterized in that the interchangeable memory device has an aging period and the driver deletes the information after the aging period has expired. The driver according to claim 8, characterized in that the driver can erase the information when a response received from the file storage location connected to the communication network contains a request to erase.