EP2891110A1 - Portable backup/restore device - Google Patents

Portable backup/restore device

Info

Publication number
EP2891110A1
EP2891110A1 EP13735399.1A EP13735399A EP2891110A1 EP 2891110 A1 EP2891110 A1 EP 2891110A1 EP 13735399 A EP13735399 A EP 13735399A EP 2891110 A1 EP2891110 A1 EP 2891110A1
Authority
EP
European Patent Office
Prior art keywords
backup
decryption
decompression
compression
restore
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP13735399.1A
Other languages
German (de)
French (fr)
Inventor
Pierluigi PENTIMALLI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Quantec SA
Original Assignee
Quantec SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Quantec SA filed Critical Quantec SA
Publication of EP2891110A1 publication Critical patent/EP2891110A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Definitions

  • the present invention relates to the field of data encryption and/or compression and particularly to a backup/restore device which can be associated with a portable device for encrypting/decrypting and/or compressing/decompressing data and information of any kind and sort.
  • Software solutions usually envisage that the user performs on the average at least two distinct operations, or even more, with systems different from one other in order to be able to ensure a secure information exchange.
  • the software solution suffers from a big limitation which is common to all of the solutions present on the market: the encryption key by which the information has been encrypted "travels" together with the encrypted information itself.
  • USB devices totally similar to a USB stick
  • a local mass memory like, indeed, common storage USB sticks
  • cryptographic chips like, indeed, common storage USB sticks
  • the Applicant has thus felt the need to provide a device for data encryption/decryption and compression/decompression which has a simple structure, is secure and allows overcoming the abovementioned problems of the known solutions.
  • a device capable of encrypting/decrypting and/or compressing/decompressing data and information in general is available on the market which not only can carry out these operations keeping the encryption keys and/or also the data inside it, but also makes it possible to safely and surely retrieve such encryption keys and/or the data themselves in a simple and reliable way by means of a further external backup and restore device, again of the hardware type.
  • the Applicant has thus faced the problem of finding a hardware device which, in the event of a loss of a device such as that described above, forming the subject of patent application CH212/12 to the same Applicant, allows a new device to be restored, or initialized, retrieving and sharing all the keys and secrets and, when envisaged, also the data, suitable for allowing access to the previously encrypted and/or compressed data.
  • the invention relates to a backup/restore device of an external device for data encryption/decryption and/or compression/decompression, which can be associated with said backup/restore device, said backup/restore device comprising:
  • At least one CPU comprising at least one microcontroller and at least one cryptographic engine
  • At least one authentication cryptographic chip for univocally associating said backup/restore device with an external device for data encryption/decryption and/or compression/decompression;
  • At least one first input/output port adapted to be interfaced with the external device for data encryption/decryption and/or compression/decompression.
  • chip it is meant a highly integrated electronic circuit.
  • backup it is meant the operation of saving data from the external device for data encryption/decryption and/or compression/decompression to the backup/restore device itself.
  • restore it is meant the operation of recovering (restoring) data saved by means of a backup operation.
  • the recovery (restore) of the data saved with a backup operation allows the initial condition to be replicated on a new external device for data encryption/decryption and/or compression/decompression.
  • the expression device for data encryption/decryption and/or compression/decompression it is meant a device such as that described in patent application CH212/12.
  • a portable integrated hardware device configured for encryption/decryption and/or compression/decompression, comprising:
  • At least one authentication support cryptographic chip comprising a random numbers generator, at least one cryptographic hashing engine and at least one protected memory, dedicated to data security tasks;
  • - at least one main chip comprising at least one CPU; said CPU(3) comprising: - at least one microprocessor or microcontroller; and
  • the present invention in the abovementioned aspect, may have at least one of the preferred features hereinafter described.
  • the authentication support cryptographic chip comprises a random numbers generator, at least one cryptographic hashing engine and at least one protected memory, dedicated to data security tasks.
  • the authentication support cryptographic chip is configured for:
  • the first data input/output port comprises connections suitable for data communication with external devices for data encryption/decryption and/or compression/decompression according to an international communication standard selected from Ethernet, USB, Firewire, ThunderBolt, Bluetooth, Wi-Fi, UWB, ZigBee, ANT, WirelessHART, SATA, PATA, EIDE, RS232, RS485, CAN, Lin, Profibus.
  • an international communication standard selected from Ethernet, USB, Firewire, ThunderBolt, Bluetooth, Wi-Fi, UWB, ZigBee, ANT, WirelessHART, SATA, PATA, EIDE, RS232, RS485, CAN, Lin, Profibus.
  • the data input/output port comprises a male connection adapted to be interfaced with a female connection of an external device for data encryption/decryption and/or compression/decompression.
  • connection member adapted to be at least partially introduced in a recess representing a female connection member.
  • female connection it is meant a connection member adapted to at least partially receive a male connection member.
  • the first data input/output port comprises a USB male connection.
  • the CPU comprises at least one memory of the flash type inside it.
  • the present invention relates to a process of data backup/restore between an external device for data encryption/decryption and/or compression/decompression and a backup/restore device as described above, the process comprising the steps of:
  • said device for data encryption/decryption and/or compression/decompression being in turn connected with a computer or notebook or desktop, or server or workstation, or tablet, or smartphone, by means of further available connections of the external device for data encryption/decryption and/or compression/decompression; said external device for data encryption/decryption and/or compression/decompression comprising at least one database comprising an archive of the encryption keys, the user's data and additionally, when envisaged, the data and information themselves;
  • cryptographic hash function it is meant a cryptographic function which converts data with an arbitrary length (a message) into a fixed-sized string called hash value, message digest or control sum.
  • nonce it is meant a number, usually a random or pseudo-random number, which is used only once. Nonce is in fact the contraction of the English words "number used once”.
  • initialization vector (IV) it is meant a block of bits with a predetermined length which is used to initialize the status of a stream cipher, or of a block cipher when the latter acts in a such way to become a stream cipher, so that for identical keys a different keystream is obtained.
  • association between backup/restore device and device for data encryption/decryption and/or compression/decompression it is meant a univocal association.
  • a mathematically univocal association i.e. an association which is always and only the same one. It is not possible for a backup/restore device to be associated with many devices for data encryption/decryption and/or compression/decompression and vice versa.
  • the univocal association is established by generating encryption and combinatorial data starting from the serial numbers of the two devices, which in turn are univocal as being written in a non-modifiable way at a hardware level in the cryptographic authentication chip, as well as starting from the user's personal password and other data and private and protected functions.
  • This set of data generated during the initialization and association step, allows the two devices to function properly, in a secure and univocal way, when they are physically connected with each other, or individually when used in combination with the user's personal password. In no case a single device holds individually the set of data required to access the whole database, the user's encryption keys and possible data and additional information memorized inside the device.
  • the process comprises a step of mutual authentication between the backup/restore device and the device for data encryption/decryption and/or compression/decompression.
  • the step of authentication between the backup/restore device and the device for data encryption/decryption and/or compression/decompression comprises:
  • CKvector 1 a first initialization vector (CKvector 1) CT based on a secret (csk) embedded by the manufacturer of the device for data encryption/decryption and/or compression/decompression and a first random number (CH1) C T;
  • the session key (KSESS);
  • the process comprises the steps of:
  • the process comprises the steps of:
  • the process comprises the steps of:
  • V backup version
  • the process comprises the steps of:
  • the process comprises the steps of:
  • the backup version (V) T comprises:
  • the backup version (V)CT of said device for data encryption/decryption and/or compression/decompression comprises: encryption keys;
  • security-related user's data are meant security data which are specific to the user, such as user's encryption keys, security data for access to web sites, email, home banking and encryption data which associate the user with other users which are present on the device for data encryption/decryption and/or compression/decompression.
  • security- related user's data are not meant generic files not related to the abovementioned purposes.
  • the present invention relates to a process of data backup/restore between an external device for data encryption/decryption and/or compression/decompression and a backup/restore device as described above, the process comprising the steps of:
  • said device for data encryption/decryption and/or compression/decompression being in turn connected with a computer or notebook or desktop, or server or workstation, or tablet, or smartphone, by means of further available connections of the external device for data encryption/decryption and/or compression/decompression; said external device for data encryption/decryption and/or compression/decompression comprising at least one database comprising an archive of the encryption keys, the user's data and additionally, when envisaged, the data and information themselves;
  • FIG. 1 is a schematic view of a backup/restore device according to the present invention adapted to be associated with a portable device for data encryption/decryption and/or compression/decompression according to the present invention
  • FIG. 2 is a block diagram of an embodiment of an hardware configuration of a portable backup/restore device according to the present invention
  • FIG. 3 is a block diagram of a function of the portable backup/restore according to the present invention.
  • FIG. 4 is a block diagram of a function of the portable backup/restore according to the present invention.
  • a portable device for performing a backup/restore of a device for data encryption/decryption and/or compression/decompression according to the present invention is identified by reference numeral 100.
  • the device 100 in the embodiment shown in figure 1 , has an outer casing 2, at least one CPU 3, at least one authentication cryptographic chip 4 and at least one first data input/output port 5 adapted to be interfaced with a device of external devices.
  • the outer casing preferably extends along a main direction so as to define an extension direction X-X.
  • the first port 5 is located at one end of the casing 2 along the extension direction.
  • the casing 2 substantially parallelepiped in shape, has a longitudinal extension L, with L ⁇ 10 cm, even more preferably L ⁇ 5 cm.
  • the same has an overall weight between 0,01 and 0,5 kg.
  • the casing 2 contains in its interior at least the CPU 3 and at least the authentication support cryptographic chip 4, hereinafter described in more detail.
  • the CPU 3 comprises at least one microcontroller and at least one cryptographic engine.
  • the microcontroller is a 16- bit or 32-bit microcontroller with a hardware cryptographic engine integrated in it, integrated flash memory and computing capacity suitable for performing in a secure, fast and reliable way the backup/restore operations described above. Thanks to the specific features thereof, the authentication support cryptographic chip 4 allows the backup/restore device 100 to be univocally associated with a device 90 for data encryption/decryption and/or compression/decompression.
  • the authentication cryptographic chip 4 comprises a random numbers generator of the TRNG type, at least one cryptographic hashing engine and at least one protected memory comprising circuits adapted to prevent unauthorized persons from reading data from outside the device 100 and/or proper metal shielding against intrusive analysis and analysis of weak currents.
  • the authentication cryptographic chip 4 besides performing the functions of random numbers generation and Hash functions computation, is configured for validating the presence of a common data item inside two devices, for example the device 100 according to the present invention and an external device, without needing to exchange the data item itself between the two devices.
  • the authentication cryptographic chip 4 is further configured for obtaining, in a univocal and secure way, from secret encrypted keys further keys and/or codes which are then used by the cryptographic algorithms in the CPU.
  • the authentication cryptographic chip 4 preferably belongs to the TPM (Trusted Platform Module) platform.
  • the device 100 thus allows performing in a secure and hardware way a backup/restore of a device 90 for data encryption/decryption and/or compression/decompression, such as that forming the subject of the patent application herein incorporated by reference as to the illustrative features of the device 90 for data encryption/decryption and/or compression/decompression.
  • the device 100 acts as complement of a specific external device previously defined, i.e. the device 90 for data encryption/decryption and/or compression/decompression.
  • the device 100 does not perform the backup of generic files, rather the backup of the encryption keys, the security data specific to the user, such as data for access to web sites, email, home banking, and the encryption data which associate the user with other users which are present on the device 90 for data encryption/decryption and/or compression/decompression.
  • the CPU of the device 90 for data encryption/decryption and/or compression/decompression constantly checks for the possible plugging of the connection of a portable backup/restore device 100, such as that forming the subject of the present invention, into a second data input/output port of the device 90 for data encryption/decryption and/or compression/decompression.
  • the CPU of the device 90 for data encryption/decryption and/or compression/decompression checks whether a connection of the male type, such as for example a male USB connection 7, is plugged into a USB female connection of the device 90 for data encryption/decryption and/or compression/decompression.
  • the configuration status of the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression is checked.
  • a check of the association status of the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression is performed.
  • an encrypted communication channel is created for exchanging data between said backup/restore device 100 and the device 90 for data encryption/decryption and/or compression/decompression.
  • both devices exchange with each other their available encrypted and combinatorial data and information.
  • Such data and information when present, have been previously generated and exchanged during the step of initializing and univocally associating the two devices with each other.
  • a request is sent to check the version of the encryption keys, the user's data and the data usually present in the backup/restore device, by the device for data encryption/decryption compression/decompression.
  • the backup/restore device 100 Based on the version of the data present in the backup/restore device compared to those present in the device 90 for data encryption/decryption and/or compression/decompression, it is possible to perform a new backup of the data present in the latter device to the backup/restore device 100 (if the data present in the device 90 for data encryption/decryption and/or compression/decompression are more recent), otherwise an attempt to hack the system is detected, as it is not possible that a device for data encryption/decryption and/or compression/decompression already associated with a backup/restore device has an older version of the data to be stored on the latter. If the version of the data to be stored is the same in both the devices, nothing happens.
  • the device 90 for data encryption/decryption and/or compression/decompression sends to the user a message to disconnect the backup/restore device 100 from said device 90 for data encryption/decryption and/or compression/decompression.
  • a backup/restore device 1 00 Each time a backup/restore device 1 00 according to the present invention is connected to a device 90 for data encryption/decryption and/or compression/decompression a step of mutual authentication and genuineness check is performed.
  • the two devices exclude the possibility of attacks of the "men in the middle" type (i.e., in this case, by a non-authorized user who intercepts data packets passing from the backup/restore device 100 to the device 90 for data encryption/decryption and/or compression/decompression or vice versa).
  • FIG 3 a block diagram of a step of mutual authentication and genuineness check of the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression is shown.
  • a random number (CH 1 ) is generated by means of the cryptographic chip of said device 90 for data encryption/decryption and/or compression/decompression.
  • random number it is meant a number randomly generated.
  • a preliminary key (K pre iim) is created by means of a first Hash function based on the high entropy random number (CH1 ) C T and a secret (csk) embedded by the manufacturer of the device 90 for data encryption/decryption and/or compression/decompression.
  • a first initialization vector (CKvector 1 ) is then created by means a secret mathematical function based on the random number (CH 1 ) C T and the preliminary key.
  • the first initialization vector (CKvector 1)CT and the random number (CH1)CT are then sent to said backup/restore device 100.
  • a preliminary key is created by means of said first Hash function, which is private and protected, based on the random number (CH1)CT and said secret (csk) embedded by the manufacturer of the backup/restore device 100.
  • the manufacturer of the backup/restore device 100 and that of the device 90 for data encryption/decryption and/or compression/decompression have to be the same, therefore, within the framework of the present invention, it is totally equivalent to refer to either of them as far as the embedding of secrets inside respectively the backup/restore device 100 or the device 90 for data encryption/decryption and/or compression/decompression is concerned.
  • the process goes on with the creation, by the cryptographic engine of the backup/restore device 100, of the first key (CKvector 1) ⁇ by means of the second secret mathematical function based on the random number (CH1)CT and the preliminary key (K pre iim)-
  • the first initialization vector (CKvector 1) ⁇ generated by the backup/restore device 100 is then compared with the first initialization vector (CKvector 1)CT sent by the device 90 for data encryption/decryption and/or compression/decompression.
  • the cryptographic chip of the backup/restore device 100 generates a second high entropy random number (CH2) T .
  • the cryptographic engine of the backup/restore device 100 then generates a Nonce by means of a second secret mathematical function based on the first and second random numbers (CH1 ; CH2).
  • the cryptographic chip of the backup/restore device 100 then generates an encrypted session key K seS s by means of the first Hash function based on the Nonce and the secret (csk) embedded by the manufacturer of the backup/restore device 100.
  • the cryptographic engine of the backup/restore device 100 generates a second initialization vector (CKvector 2) by means of said second secret mathematical function based on the Nonce and the session key (K sess ).
  • a second initialization vector (CKvector 2) and the random number (CH2) are then sent from the backup/restore device 100 to said device 90 for data encryption/decryption and/or compression/decompression.
  • the cryptographic engine of the device 90 for data encryption/decryption and compression/decompression creates a Nonce by means of said second secret mathematical function based on the first and the second random numbers (CH1 ; CH2).
  • the authentication cryptographic chip of the device 90 for data encryption/decryption and/or compression/decompression creates a session key (Ksess) by means of the first Hash function based on the Nonce and the secret (csk) embedded by the manufacturer of the device 90 for data encryption/decryption and/or compression/decompression.
  • Ksess session key
  • csk secret
  • the cryptographic engine of the device 90 for data encryption/decryption and/or compression/decompression computes a second initialization vector (CKvector 2) CT by means of the second secret mathematical function based on the shared Nonce previously computed and the session key (K sess ).
  • the second initialization vector (CKvector 2)CT computed by the device 90 for data encryption/decryption and/or compression/decompression is then compared with the second initialization vector (CKvector 2) T sent by the backup/restore device 00.
  • the channel ciphering by means of the session key (K seS s) takes place.
  • the device 90 for data encryption/decryption and/or compression/decompression and the backup/restore device 100 encode all the subsequent data passing in both directions according to the following steps: - activating, by the device 90 for data encryption/decryption and/or compression/decompression, the ciphering of the communication channel using a cryptographic algorithm present in the cryptographic engine of the device itself and the related session key (K seS s) obtained during the process described above;
  • the encrypted channel is valid and active for any subsequent communication between said two devices, i.e. the backup/restore device 100 and the device 90 for data encryption/decryption and/or compression/decompression.
  • the step of checking the association status between the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression comprises the steps of:
  • the device 90 for data encryption/decryption and/or compression/decompression has been indicated with the letters CT, and these letters identify as a subscript also all the functions and parameters of the diagram that relate to such device, whereas the backup/restore device 100 has been indicated with the letter T, and this letter identifies as a subscript also all the functions and parameters of the diagram that relate to such device.
  • the process unfolds along four alternative paths, depending on the answer about the association status of the two devices.
  • the backup/restore device 100 is not associated, but the device 90 for data encryption/decryption and/or compression/decompression has already been previously configured and associated with another backup/restore device 100, it means that the backup/restore device 100 is virgin, as may happen for example in case of loss of a backup/restore device previously associated with the device 90 for data encryption/decryption and/or compression/decompression.
  • the process unfolds according to the following steps:
  • a predetermined user's identification code i.e. a password known only to her/him and which she/he had previously entered in and associated with the device 90 for data encryption/decryption and/or compression/decompression
  • the identification code is validly entered, i.e. if the access data obtained by means of the appropriate private and protected functions are consistent with what is present in the device 90 for data encryption/decryption and/or compression/decompression, sending a request to associate the device 90 for data encryption/decryption and/or compression/decompression and the backup/restore device 00 with each other;
  • the backup/restore device has been previously associated with a device 90 for data encryption/decryption and/or compression/decompression, but the device 90 for data encryption/decryption and/or compression/decompression has never been configured and associated with a backup/restore device 100, it means that the device 90 for data encryption/decryption and/or compression/decompression is virgin, as may happen for example in case of loss of a pervious device 90 for data encryption/decryption and/or compression/decompression associated with the backup/restore device 100.
  • a predetermined user's identification code i.e. a password known only to her/him and which she/he had previously entered in and associated with the backup/restore device 1 00;
  • the identification code is validly entered, i.e. if the access data obtained by means of the appropriate private and protected functions are consistent with what is present in the backup/restore device 100, sending a request to associate the device 90 for data encryption/decryption and/or compression/decompression and the backup/restore device 100 with each other;
  • the backup/restore device 100 and the device 90 for data encryption/decryption and/or compression/decompression have already been associated with each other and the backup/restore device has already been previously configured, it means that the devices are being used again in an ordinary way and the process unfolds according to the following steps:
  • a request is sent by the device (90) for data encryption/decryption and/or compression/decompression, to check the backup version (V) T of the backup/restore device (100).
  • the backup version (V)T of said backup/restore device (1 00) is then compared with the backup version (V)CT of the device (90) for data encryption/decryption and/or compression/decompression.
  • the device 90 for data encryption/decryption and/or compression/decompression sends the backup version (V)CT stored in its database to the backup/restore device (100).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

Portable backup/restore device (100) which can be associated with an external device (90) for data encryption/decryption and/or compression/decompression; said backup/restore device (100) comprising: an outer casing; at least one CPU comprising at least one microcontroller and at least one cryptographic engine; at least one authentication cryptographic chip for univocally associating said backup/restore device with an external device for data encryption/decryption and/or compression/decompression; at least one memory of the flash type; at least one first input/output port (5) adapted to be interfaced with the extemal device for data encryption/decryption and/or compression/decompression.

Description

PORTABLE BACKUP/RESTORE DEVICE
FIELD OF THE INVENTION
The present invention relates to the field of data encryption and/or compression and particularly to a backup/restore device which can be associated with a portable device for encrypting/decrypting and/or compressing/decompressing data and information of any kind and sort.
PRIOR ART
In the field of data encryption both software and hardware solutions are available on the market.
Software solutions usually envisage that the user performs on the average at least two distinct operations, or even more, with systems different from one other in order to be able to ensure a secure information exchange.
Considering for example the case of a user who has to send privileged contents to third parties known to her/him and thus wishes to encrypt such data and information (this case can be extended also to compression), the user will have to, in sequence:
- encrypt the information he wishes to send;
- memorize the encrypted information on her/his system (computer, PC, etc.);
- send the encrypted information to the addressee(s) by means of another system (e-mail, web transfer by means of third parties systems, Skype, MSN, peer-to-peer systems, physical shipping of a mass memory device, e.g. a CD Rom, a USB stick, a USB Hard Disk, etc.)
A this point the recipient of the encrypted data has to perform exactly the reverse actions and the procedure clearly depends on the software system used for encryption, as well as on the method used to send the encrypted information.
The Applicant has further noted that the software solution suffers from a big limitation which is common to all of the solutions present on the market: the encryption key by which the information has been encrypted "travels" together with the encrypted information itself.
Among other things, these software solutions are often open-source and, thus, even if the key is "shadowed" in the file itself by means of proper algorithms, it is relatively simple to retrieve it with a few hours work.
The Applicant has further noticed that even if the encryption key were not "travelling" together with the encrypted data and information, the software solution would be easily exposed to attempts of memory dumping, snooping, spoofing and generally of intercepting the key itself. This is possible by means of proper programs, such as trojans and malware in general, keylogger, etc., which create a "backdoor" in the user's computer, thus intercepting the entries made by means of a keyboard or by a mouse "click", and even performing, by means of the "memory dumping" technique, the analysis of the encryption keys and of the critical information of the cryptographic algorithms directly in the computer's memory, i.e. directly in the execution space of the software solution itself.
In view of the above, the Applicant has perceived that the known software solutions are thus inherently not secure and, in addition, require a certain ability to work with a computer.
On the market there are further available some hardware solutions.
Generally, these solutions consist, in the vast majority of the cases, of USB devices (totally similar to a USB stick) internally provided with a local mass memory (like, indeed, common storage USB sticks) and with cryptographic chips. These solutions substantially allow the device to be plugged into a computer (exclusively by means of the USB interface) and data and file to be written and read on/from the integrated storage memory in a secure manner: the data are encrypted and decrypted in real time.
The Applicant has however observed that these devices are not provided with an additional interfacing solution, of the physical type, to further external devices which can be used to protect the encryption keys and/or the user's data which are present in the hardware device itself.
Moreover, as with the software solution, when a user needs to send privileged contents to third parties known to her/him, she/he has in any case to send the USB stick containing the encrypted data, providing the access key to the stick itself by means of another system, thus facing again the abovementioned problems.
The Applicant has thus felt the need to provide a device for data encryption/decryption and compression/decompression which has a simple structure, is secure and allows overcoming the abovementioned problems of the known solutions.
The Applicant has noticed that when a portable hardware device for data encryption/decryption and/or compression/decompression of the type described above gets lost, it is impossible, due to the limitations of the devices available on the market, to communicate with external devices which have already been properly authenticated and are suitable to execute a secure backup and a subsequent restore of the encryption keys and/or of the user's data themselves. In other words, no hardware solution, i.e. a device capable of encrypting/decrypting and/or compressing/decompressing data and information in general, is available on the market which not only can carry out these operations keeping the encryption keys and/or also the data inside it, but also makes it possible to safely and surely retrieve such encryption keys and/or the data themselves in a simple and reliable way by means of a further external backup and restore device, again of the hardware type.
The Applicant has thus faced the problem of finding a hardware device which, in the event of a loss of a device such as that described above, forming the subject of patent application CH212/12 to the same Applicant, allows a new device to be restored, or initialized, retrieving and sharing all the keys and secrets and, when envisaged, also the data, suitable for allowing access to the previously encrypted and/or compressed data.
SUMMARY OF THE INVENTION
Therefore, in a first aspect thereof, the invention relates to a backup/restore device of an external device for data encryption/decryption and/or compression/decompression, which can be associated with said backup/restore device, said backup/restore device comprising:
an outer casing;
at least one CPU comprising at least one microcontroller and at least one cryptographic engine;
at least one authentication cryptographic chip for univocally associating said backup/restore device with an external device for data encryption/decryption and/or compression/decompression;
at least one memory of the flash type;
at least one first input/output port adapted to be interfaced with the external device for data encryption/decryption and/or compression/decompression.
Within the framework of the present invention, by the term chip it is meant a highly integrated electronic circuit.
Moreover, by the term backup it is meant the operation of saving data from the external device for data encryption/decryption and/or compression/decompression to the backup/restore device itself.
By the expression restore it is meant the operation of recovering (restoring) data saved by means of a backup operation. In other words, when the data on the external device for data encryption/decryption and/or compression/decompression cannot be accessed anymore further to human error, hardware failure or loss of the device itself, the recovery (restore) of the data saved with a backup operation allows the initial condition to be replicated on a new external device for data encryption/decryption and/or compression/decompression.
Within the framework of the present invention, by the expression device for data encryption/decryption and/or compression/decompression it is meant a device such as that described in patent application CH212/12.
In other words, a portable integrated hardware device, configured for encryption/decryption and/or compression/decompression, comprising:
- at least one authentication support cryptographic chip comprising a random numbers generator, at least one cryptographic hashing engine and at least one protected memory, dedicated to data security tasks;
- at least one first data input/output port adapted to be interfaced with external devices;
- at least one second data input/output port adapted to be interfaced with external devices;
- at least one main chip comprising at least one CPU; said CPU(3) comprising: - at least one microprocessor or microcontroller; and
- at least one cryptographic engine.
The present invention, in the abovementioned aspect, may have at least one of the preferred features hereinafter described.
Preferably, the authentication support cryptographic chip comprises a random numbers generator, at least one cryptographic hashing engine and at least one protected memory, dedicated to data security tasks.
Conveniently, the authentication support cryptographic chip is configured for:
- performing a mutual authentication between said first external device (90) for data encryption/decryption and/or compression/decompression, interfaced with said first port, and the portable device itself;
- establishing a secure connection between said portable device and a first external device for data encryption/decryption and/or compression/decompression.
Advantageously, the first data input/output port comprises connections suitable for data communication with external devices for data encryption/decryption and/or compression/decompression according to an international communication standard selected from Ethernet, USB, Firewire, ThunderBolt, Bluetooth, Wi-Fi, UWB, ZigBee, ANT, WirelessHART, SATA, PATA, EIDE, RS232, RS485, CAN, Lin, Profibus.
Conveniently, the data input/output port comprises a male connection adapted to be interfaced with a female connection of an external device for data encryption/decryption and/or compression/decompression.
Within the framework of the present invention, by male connection it is meant a connection member adapted to be at least partially introduced in a recess representing a female connection member.
Within the framework of the present invention, by female connection it is meant a connection member adapted to at least partially receive a male connection member.
Conveniently, the first data input/output port comprises a USB male connection. Conveniently, the CPU comprises at least one memory of the flash type inside it.
According to another aspect, the present invention relates to a process of data backup/restore between an external device for data encryption/decryption and/or compression/decompression and a backup/restore device as described above, the process comprising the steps of:
- connecting a male connector of a data input/output port of the backup/restore device with a female connector of a data input/output port of the device for data encryption/decryption and/or compression/decompression; said device for data encryption/decryption and/or compression/decompression being in turn connected with a computer or notebook or desktop, or server or workstation, or tablet, or smartphone, by means of further available connections of the external device for data encryption/decryption and/or compression/decompression; said external device for data encryption/decryption and/or compression/decompression comprising at least one database comprising an archive of the encryption keys, the user's data and additionally, when envisaged, the data and information themselves;
- checking the configuration status of the backup/restore device and of the device for data encryption/decryption and/or compression/decompression;
- checking the association status of the backup/restore device and of the device for data encryption/decryption and/or compression/decompression.
Within the framework of the present invention, by cryptographic hash function it is meant a cryptographic function which converts data with an arbitrary length (a message) into a fixed-sized string called hash value, message digest or control sum.
Moreover, with the expression "nonce" it is meant a number, usually a random or pseudo-random number, which is used only once. Nonce is in fact the contraction of the English words "number used once".
By initialization vector (IV) it is meant a block of bits with a predetermined length which is used to initialize the status of a stream cipher, or of a block cipher when the latter acts in a such way to become a stream cipher, so that for identical keys a different keystream is obtained.
Within the framework of the present invention, by "association between backup/restore device and device for data encryption/decryption and/or compression/decompression" it is meant a univocal association. In other words, a mathematically univocal association, i.e. an association which is always and only the same one. It is not possible for a backup/restore device to be associated with many devices for data encryption/decryption and/or compression/decompression and vice versa. The univocal association is established by generating encryption and combinatorial data starting from the serial numbers of the two devices, which in turn are univocal as being written in a non-modifiable way at a hardware level in the cryptographic authentication chip, as well as starting from the user's personal password and other data and private and protected functions. This set of data, generated during the initialization and association step, allows the two devices to function properly, in a secure and univocal way, when they are physically connected with each other, or individually when used in combination with the user's personal password. In no case a single device holds individually the set of data required to access the whole database, the user's encryption keys and possible data and additional information memorized inside the device.
Advantageously, the process comprises a step of mutual authentication between the backup/restore device and the device for data encryption/decryption and/or compression/decompression.
Preferably, the step of authentication between the backup/restore device and the device for data encryption/decryption and/or compression/decompression comprises:
- creating, by the cryptographic engine of said device for data encryption/decryption and/or compression/decompression, a first initialization vector (CKvector 1)CT based on a secret (csk) embedded by the manufacturer of the device for data encryption/decryption and/or compression/decompression and a first random number (CH1)CT;
- sending the first initialization vector (CKvector 1)CT and the first random number (CH1)CT to said backup/restore device;
- computing, by the cryptographic engine of said backup/restore device, the first initialization vector (CKvector 1)τ;
- comparing the first initialization vector (CKvector 1)CT sent by the device for data encryption/decryption and/or compression/decompression with the first initialization vector (CKvector 1)T computed by the cryptographic engine of said backup/restore device;
- generating a second random number (CH2)T;
- computing, by the cryptographic engine of the backup/restore device (100), the session key (KSESS); - creating, by the cryptographic engine of said backup/restore device (100), a second initialization vector (CKvector 2) based on a secret (csk) embedded by the manufacturer of said backup/restore device and the second random number
(CH2)T;
- sending the second initialization vector (CKvector 2)τ and said second random number (CH2)T to said device (90) for data encryption/decryption and/or compression/decompression;
- computing, by the cryptographic engine of the device for data encryption/decryption and/or compression/decompression, the session key (KSESS);
- computing, by the cryptographic engine of said device for data encryption/decryption and/or compression/decompression, the second initialization vector (CKvector 2)CT;
- comparing the second initialization vector (CKvector 2)τ sent by the backup/restore device with the second initialization vector (CKvector 2)CT computed by the cryptographic engine of said device for data encryption/decryption and/or compression/decompression;
- activating, by the device for data encryption/decryption and/or compression/decompression, the ciphering of the communication channel using a cryptographic algorithm available in the cryptographic engine of the device itself and the related session key (KSESS) previously obtained;
- activating, by the backup/restore device, the ciphering of the communication channel using a cryptographic algorithm available in the cryptographic engine of the device itself and the related session key (KSESS) previously obtained;
- sending, by the device for data encryption/decryption and/or compression/decompression, a known connection command to the backup/restore device over the encrypted channel previously created and activated;
- receiving, by the backup/restore device (100), said command over the encrypted channel and checking its consistency after a decryption step;
- sending, by the backup/restore device (100), a known reply command to the device for data encryption/decryption and/or compression/decompression over the same encrypted channel already created and active;
- checking, by the device for data encryption/decryption and/or compression/decompression, after a decryption step, the consistency of the reply command received from the backup/restore device.
Preferably, the process comprises the steps of:
- requesting said backup/restore device the association status;
- requesting said device for data encryption/decryption and/or compression/decompression the association status.
Advantageously, if neither the backup/restore device nor the device for data encryption/decryption and/or compression/decompression are associated and the backup/restore device has never been configured, the process comprises the steps of:
- initial configuring of the backup/restore device;
- sending a request to associate the backup/restore device and the external device for data encryption/decryption and/or compression/decompression with each other;
- generating and exchanging encryption keys and access data according to predetermined functions in both of said devices;
- sending a confirmation that association has been completed from the backup/restore device to the external device for data encryption/decryption and/or compression/decompression and/or vice versa.
Alternatively, if the backup/restore device is not associated, but the device for data encryption/decryption and/or compression/decompression has already been previously configured and associated with a previous backup/restore device, the process comprises the steps of:
- requesting the user to enter a predetermined user's identification code; - generating and exchanging encryption keys and access data according to predetermined functions in both of said devices;
- if the identification code is validly entered, sending a request to associate the backup/restore device and the device for data encryption/decryption and/or compression/decompression with each other;
- sending, by the backup/restore device, a confirmation that association with the external device for data encryption/decryption and/or compression/decompression has been completed;
- sending the backup version (V)CT of the encryption data and of the data usually stored in the database of the device for data encryption/decryption and/or compression/decompression to the backup/restore device;
- updating the backup version (V)T of the backup/restore device based on the backup version (V)CT received from the device for data encryption/decryption and/or compression/decompression.
According to another alternative, if the backup/restore device has been previously associated with a device for data compression/decompression, but the device for data compression/decompression has never been configured and associated with a backup/restore device, the process comprises the steps of:
- requesting the user to enter a predetermined user's identification code;
- generating and exchanging encryption keys and access data according to predetermined functions in both of said devices;
- if the identification code is validly entered, sending a request to associate the backup/restore device and the external device for data encryption/decryption and/or compression/decompression with each other;
- sending, by the backup/restore device, a confirmation that association with the external device for data encryption/decryption and/or compression/decompression has been completed ;
- sending the backup version (V)T of the encryption data and of the data usually stored in the database of the backup/restore device to the device for data encryption/decryption and/or compression/decompression;
- updating the backup version (V)CT of the device for data encryption/decryption and/or compression/decompression based on the backup version (V)T received from the backup/restore device.
According to a further alternative to the previous cases, if the backup/restore device and the device for data encryption/decryption and/or compression/decompression are associated with each other and the backup/restore device has already been previously configured, the process comprises the steps of:
- requesting the user to enter a predetermined user's identification code;
- checking the encryption keys and the access data according to predetermined functions present in both of said devices;
- if the identification code is validly entered, sending, by the device for data encryption/decryption and/or compression/decompression, a request to check the backup version (V)T of the backup/restore device;
- comparing the backup version (V)T of said backup/restore device with the backup version (V)CT of the device for data encryption/decryption and/or compression/decompression;
- if the version of the device for data encryption/decryption and/or compression/decompression is more recent than that of the backup/restore device (100), sending, by the device for data encryption/decryption and/or compression/decompression, the backup version (V)CT stored in its database to the backup/restore device.
Advantageously, the backup version (V)T comprises:
encryption keys;
security-related user's data;
encrypted data and information.
Preferably, the backup version (V)CT of said device for data encryption/decryption and/or compression/decompression comprises: encryption keys;
security-related user's data;
encrypted data and information.
Within the framework of the present invention, by security-related user's data are meant security data which are specific to the user, such as user's encryption keys, security data for access to web sites, email, home banking and encryption data which associate the user with other users which are present on the device for data encryption/decryption and/or compression/decompression. By security- related user's data are not meant generic files not related to the abovementioned purposes.
According to another aspect thereof, the present invention relates to a process of data backup/restore between an external device for data encryption/decryption and/or compression/decompression and a backup/restore device as described above, the process comprising the steps of:
- connecting a male connector of a data input/output port of the backup/restore device with a female connector of a data input/output port of the device for data encryption/decryption and/or compression/decompression; said device for data encryption/decryption and/or compression/decompression being in turn connected with a computer or notebook or desktop, or server or workstation, or tablet, or smartphone, by means of further available connections of the external device for data encryption/decryption and/or compression/decompression; said external device for data encryption/decryption and/or compression/decompression comprising at least one database comprising an archive of the encryption keys, the user's data and additionally, when envisaged, the data and information themselves;
- checking the configuration status of the backup/restore device and of the device for data encryption/decryption and/or compression/decompression;
- checking the association status of the backup/restore device and of the device for data encryption/decryption and/or compression/decompression; - if the backup/restore device and the device (90) for data encryption/decryption and/or compression/decompression are associated with each other, comparing the backup version (V)T of said backup/restore device (100) with the backup version (V)CT of the device (90) for data encryption/decryption and/or compression/decompression;
- if the backup version (V)CT on the device for data encryption/decryption and/or compression/decompression is more recent than that of the backup/restore device (1 00), sending, by the device for data encryption/decryption and/or compression/decompression, the version of the encryption data and data usually stored in its database to the backup/restore device;
- sending, by the device for data encryption/decryption and/or compression/decompression, a message to disconnect the backup/restore device from the device for data encryption/decryption and/or compression/decompression to the user.
BRIEF DESCRIPTION OF THE DRAWINGS
Further features and advantages of the invention will become more apparent from the detailed description of some preferred, although not exclusive, embodiments of a portable device for data encryption/decryption and/or compression/decompression according to the present invention.
Such description will be presented hereinafter with reference to the accompanying drawings, provided only for indicating, and thus non-limiting, purposes, wherein:
- figure 1 is a schematic view of a backup/restore device according to the present invention adapted to be associated with a portable device for data encryption/decryption and/or compression/decompression according to the present invention;
- figure 2 is a block diagram of an embodiment of an hardware configuration of a portable backup/restore device according to the present invention;
- figure 3 is a block diagram of a function of the portable backup/restore according to the present invention;
- figure 4 is a block diagram of a function of the portable backup/restore according to the present invention.
DETAILED DESCRITPION OF EMBODIMENTS OF THE INVENTION
Referring to figures 1-4, a portable device for performing a backup/restore of a device for data encryption/decryption and/or compression/decompression according to the present invention is identified by reference numeral 100.
The device 100, in the embodiment shown in figure 1 , has an outer casing 2, at least one CPU 3, at least one authentication cryptographic chip 4 and at least one first data input/output port 5 adapted to be interfaced with a device of external devices.
The outer casing preferably extends along a main direction so as to define an extension direction X-X. In the embodiment schematically shown in figure 1 , the first port 5 is located at one end of the casing 2 along the extension direction. Preferably, in order to make the device 100 easily portable, the casing 2, substantially parallelepiped in shape, has a longitudinal extension L, with L < 10 cm, even more preferably L < 5 cm.
Also in order to make the device 100 easily portable, the same has an overall weight between 0,01 and 0,5 kg.
The casing 2 contains in its interior at least the CPU 3 and at least the authentication support cryptographic chip 4, hereinafter described in more detail.
The CPU 3 comprises at least one microcontroller and at least one cryptographic engine. According to an embodiment, the microcontroller is a 16- bit or 32-bit microcontroller with a hardware cryptographic engine integrated in it, integrated flash memory and computing capacity suitable for performing in a secure, fast and reliable way the backup/restore operations described above. Thanks to the specific features thereof, the authentication support cryptographic chip 4 allows the backup/restore device 100 to be univocally associated with a device 90 for data encryption/decryption and/or compression/decompression. This is due to ability of the chip to store in itself encryption data in such a way that they are protected from external access, included hacking and magneto- electric inspection attempts, as well as to its ability to execute, internally and in a protected way, hash cryptographic functions in a hardware way, starting also from secrets present therein. Moreover, thanks to these peculiar features, it allows each single device to be univocally identified thanks to a serial number that is defined at a hardware level, is universally univocal and cannot be replicated nor modified.
The authentication cryptographic chip 4 comprises a random numbers generator of the TRNG type, at least one cryptographic hashing engine and at least one protected memory comprising circuits adapted to prevent unauthorized persons from reading data from outside the device 100 and/or proper metal shielding against intrusive analysis and analysis of weak currents. The authentication cryptographic chip 4, besides performing the functions of random numbers generation and Hash functions computation, is configured for validating the presence of a common data item inside two devices, for example the device 100 according to the present invention and an external device, without needing to exchange the data item itself between the two devices.
The authentication cryptographic chip 4 is further configured for obtaining, in a univocal and secure way, from secret encrypted keys further keys and/or codes which are then used by the cryptographic algorithms in the CPU.
The authentication cryptographic chip 4 preferably belongs to the TPM (Trusted Platform Module) platform.
The device 100 according to the present invention thus allows performing in a secure and hardware way a backup/restore of a device 90 for data encryption/decryption and/or compression/decompression, such as that forming the subject of the patent application herein incorporated by reference as to the illustrative features of the device 90 for data encryption/decryption and/or compression/decompression.
The device 100 according to the present invention acts as complement of a specific external device previously defined, i.e. the device 90 for data encryption/decryption and/or compression/decompression. The device 100 does not perform the backup of generic files, rather the backup of the encryption keys, the security data specific to the user, such as data for access to web sites, email, home banking, and the encryption data which associate the user with other users which are present on the device 90 for data encryption/decryption and/or compression/decompression.
During normal operation or when the device 90 for data encryption/decryption and/or compression/decompression, in turn connected with an external device 97, such as a PC, is switched on, the CPU of the device 90 for data encryption/decryption and/or compression/decompression constantly checks for the possible plugging of the connection of a portable backup/restore device 100, such as that forming the subject of the present invention, into a second data input/output port of the device 90 for data encryption/decryption and/or compression/decompression.
In detail, the CPU of the device 90 for data encryption/decryption and/or compression/decompression checks whether a connection of the male type, such as for example a male USB connection 7, is plugged into a USB female connection of the device 90 for data encryption/decryption and/or compression/decompression.
At this point, once the kind and manufacturer of the device whose male connection has been plugged in have been identified by requesting two identification parameters, VID and PID, the configuration status of the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression is checked.
Simultaneously to said check, a check of the association status of the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression is performed.
Simultaneously to both the abovementioned checks, an encrypted communication channel is created for exchanging data between said backup/restore device 100 and the device 90 for data encryption/decryption and/or compression/decompression.
During the check of the association status of the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression both devices exchange with each other their available encrypted and combinatorial data and information. Such data and information, when present, have been previously generated and exchanged during the step of initializing and univocally associating the two devices with each other.
If the data exchanged between the two devices are consistent, a request is sent to check the version of the encryption keys, the user's data and the data usually present in the backup/restore device, by the device for data encryption/decryption compression/decompression.
Based on the version of the data present in the backup/restore device compared to those present in the device 90 for data encryption/decryption and/or compression/decompression, it is possible to perform a new backup of the data present in the latter device to the backup/restore device 100 (if the data present in the device 90 for data encryption/decryption and/or compression/decompression are more recent), otherwise an attempt to hack the system is detected, as it is not possible that a device for data encryption/decryption and/or compression/decompression already associated with a backup/restore device has an older version of the data to be stored on the latter. If the version of the data to be stored is the same in both the devices, nothing happens.
Once the step above is completed, the device 90 for data encryption/decryption and/or compression/decompression sends to the user a message to disconnect the backup/restore device 100 from said device 90 for data encryption/decryption and/or compression/decompression.
Each time a backup/restore device 1 00 according to the present invention is connected to a device 90 for data encryption/decryption and/or compression/decompression a step of mutual authentication and genuineness check is performed.
By the mutual authentication, the two devices exclude the possibility of attacks of the "men in the middle" type (i.e., in this case, by a non-authorized user who intercepts data packets passing from the backup/restore device 100 to the device 90 for data encryption/decryption and/or compression/decompression or vice versa).
In figure 3 a block diagram of a step of mutual authentication and genuineness check of the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression is shown.
In detail, a random number (CH 1 ) is generated by means of the cryptographic chip of said device 90 for data encryption/decryption and/or compression/decompression.
Within the framework of the present invention, by random number it is meant a number randomly generated.
Subsequently, by means of the cryptographic chip a preliminary key (Kpreiim) is created by means of a first Hash function based on the high entropy random number (CH1 )CT and a secret (csk) embedded by the manufacturer of the device 90 for data encryption/decryption and/or compression/decompression. A first initialization vector (CKvector 1 ) is then created by means a secret mathematical function based on the random number (CH 1 )CT and the preliminary key. The first initialization vector (CKvector 1)CT and the random number (CH1)CT are then sent to said backup/restore device 100.
By the cryptographic engine of the backup/restore device 100 a preliminary key ( preiim) is created by means of said first Hash function, which is private and protected, based on the random number (CH1)CT and said secret (csk) embedded by the manufacturer of the backup/restore device 100.
It is specified that, in order that the abovementioned actions may take place, the manufacturer of the backup/restore device 100 and that of the device 90 for data encryption/decryption and/or compression/decompression have to be the same, therefore, within the framework of the present invention, it is totally equivalent to refer to either of them as far as the embedding of secrets inside respectively the backup/restore device 100 or the device 90 for data encryption/decryption and/or compression/decompression is concerned.
The process goes on with the creation, by the cryptographic engine of the backup/restore device 100, of the first key (CKvector 1)τ by means of the second secret mathematical function based on the random number (CH1)CT and the preliminary key (Kpreiim)-
The first initialization vector (CKvector 1)τ generated by the backup/restore device 100 is then compared with the first initialization vector (CKvector 1)CT sent by the device 90 for data encryption/decryption and/or compression/decompression.
At this point, the cryptographic chip of the backup/restore device 100 generates a second high entropy random number (CH2)T.
The cryptographic engine of the backup/restore device 100 then generates a Nonce by means of a second secret mathematical function based on the first and second random numbers (CH1 ; CH2).
The cryptographic chip of the backup/restore device 100 then generates an encrypted session key KseSs by means of the first Hash function based on the Nonce and the secret (csk) embedded by the manufacturer of the backup/restore device 100.
Accordingly, the cryptographic engine of the backup/restore device 100 generates a second initialization vector (CKvector 2) by means of said second secret mathematical function based on the Nonce and the session key (Ksess). A second initialization vector (CKvector 2) and the random number (CH2) are then sent from the backup/restore device 100 to said device 90 for data encryption/decryption and/or compression/decompression.
At this point, the cryptographic engine of the device 90 for data encryption/decryption and compression/decompression creates a Nonce by means of said second secret mathematical function based on the first and the second random numbers (CH1 ; CH2).
Then, the authentication cryptographic chip of the device 90 for data encryption/decryption and/or compression/decompression creates a session key (Ksess) by means of the first Hash function based on the Nonce and the secret (csk) embedded by the manufacturer of the device 90 for data encryption/decryption and/or compression/decompression.
At this point, the cryptographic engine of the device 90 for data encryption/decryption and/or compression/decompression computes a second initialization vector (CKvector 2)CT by means of the second secret mathematical function based on the shared Nonce previously computed and the session key (Ksess).
The second initialization vector (CKvector 2)CT computed by the device 90 for data encryption/decryption and/or compression/decompression is then compared with the second initialization vector (CKvector 2)T sent by the backup/restore device 00.
Then, the channel ciphering by means of the session key (KseSs) takes place. In other words, the device 90 for data encryption/decryption and/or compression/decompression and the backup/restore device 100 encode all the subsequent data passing in both directions according to the following steps: - activating, by the device 90 for data encryption/decryption and/or compression/decompression, the ciphering of the communication channel using a cryptographic algorithm present in the cryptographic engine of the device itself and the related session key (KseSs) obtained during the process described above;
- activating, by the backup/restore device 100, the ciphering of the communication channel using a cryptographic algorithm present in the cryptographic engine of the device itself and the related session key (KseSs) obtained during the process described above;
- sending, by the device 90 for data encryption/decryption and/or compression/decompression, a known connection command to the backup/restore device 100 over the encrypted channel previously created and activated;
- receiving, by the backup/restore device, said command over the encrypted channel and checking its consistency after proper decryption;
- sending, by the backup/restore device 100, a known reply command to the device 90 for data encryption/decryption and/or compression/decompression over the same encrypted channel already created and active;
- checking, by the backup/restore device 100 to the device 90 for data encryption/decryption and/or compression/decompression, after the related decryption, the consistency of the reply command received from the backup/restore device 100.
- if both checks are successful, the encrypted channel is valid and active for any subsequent communication between said two devices, i.e. the backup/restore device 100 and the device 90 for data encryption/decryption and/or compression/decompression.
Coming back to the block diagram shown in figure 4, it can be seen than the step of checking the association status between the backup/restore device 100 and of the device 90 for data encryption/decryption and/or compression/decompression comprises the steps of:
- requesting said backup/restore device 100 the association status;
- requesting said device 90 for data encryption/decryption and/or compression/decompression the association status.
Referring to figures 3 and 4, it is noted that the device 90 for data encryption/decryption and/or compression/decompression has been indicated with the letters CT, and these letters identify as a subscript also all the functions and parameters of the diagram that relate to such device, whereas the backup/restore device 100 has been indicated with the letter T, and this letter identifies as a subscript also all the functions and parameters of the diagram that relate to such device.
The process unfolds along four alternative paths, depending on the answer about the association status of the two devices.
If neither the backup/restore device 100 nor the device 90 for data encryption/decryption and/or compression/decompression are associated and the backup/restore device has never been configured, the process unfolds according to the following steps:
- initial configuring of the backup/restore device 100;
- sending a request to associate the backup/restore device 100 and the external device 90 for data encryption/decryption and/or compression/decompression with each other;
- generating and exchanging encryption keys and univocal access data according to private and protected functions in both of the devices 90 and 100, respectively;
- sending, by the backup/restore device 100, a confirmation that association has been completed to the external device for data encryption/decryption and/or compression/decompression.
Alternatively, if the backup/restore device 100 is not associated, but the device 90 for data encryption/decryption and/or compression/decompression has already been previously configured and associated with another backup/restore device 100, it means that the backup/restore device 100 is virgin, as may happen for example in case of loss of a backup/restore device previously associated with the device 90 for data encryption/decryption and/or compression/decompression. In this case, the process unfolds according to the following steps:
- requesting the user to enter a predetermined user's identification code, i.e. a password known only to her/him and which she/he had previously entered in and associated with the device 90 for data encryption/decryption and/or compression/decompression;
- generating and exchanging encryption keys and access data according to private and protected functions present in the backup/restore device, obtaining part of the access data themselves by means of said private and protected functions and also using the user's password;
- checking the encryption keys and the access data present in the device 90 for data encryption/decryption and/or compression/decompression;
- if the identification code is validly entered, i.e. if the access data obtained by means of the appropriate private and protected functions are consistent with what is present in the device 90 for data encryption/decryption and/or compression/decompression, sending a request to associate the device 90 for data encryption/decryption and/or compression/decompression and the backup/restore device 00 with each other;
- generating in the backup/restore device the encryption and access data required to confirm the univocal association with the device for data encryption/decryption and/or compression/decompression;
- sending, by the backup/restore device, a confirmation that association with the external device for data encryption/decryption and/or compression/decompression has been completed;
- sending the backup version (V)CT of the encryption data and of the data usually stored in the database of the device (90) for data encryption/decryption and/or compression/decompression to the backup/restore device (1 00);
- updating the backup version (V)T of the backup/restore device (1 00) based on the backup version (V)CT received from the device (90) for data encryption/decryption and/or compression/decompression.
According to another alternative, if the backup/restore device has been previously associated with a device 90 for data encryption/decryption and/or compression/decompression, but the device 90 for data encryption/decryption and/or compression/decompression has never been configured and associated with a backup/restore device 100, it means that the device 90 for data encryption/decryption and/or compression/decompression is virgin, as may happen for example in case of loss of a pervious device 90 for data encryption/decryption and/or compression/decompression associated with the backup/restore device 100.
In this case, the process unfolds according to the following steps:
- requesting the user to enter a predetermined user's identification code, i.e. a password known only to her/him and which she/he had previously entered in and associated with the backup/restore device 1 00;
- generating and exchanging encryption keys and access data according to private and protected functions present in the backup/restore device, obtaining part of the access data themselves by means of said private and protected functions and also using the user's password;
- checking the encryption keys and the access data present in the backup/restore device 1 00;
- if the identification code is validly entered, i.e. if the access data obtained by means of the appropriate private and protected functions are consistent with what is present in the backup/restore device 100, sending a request to associate the device 90 for data encryption/decryption and/or compression/decompression and the backup/restore device 100 with each other;
- generating in the device for data encryption/decryption and/or compression/decompression the encryption and access data required to confirm the univocal association with the backup/restore device;
- sending, by the device for data encryption/decryption and/or compression/decompression, a confirmation that association with the external backup/restore device has been completed ;
- sending the backup version (V)T of the encryption data and of the data usually stored in the database of the backup/restore device (100) to the device (90) for data encryption/decryption and/or compression/decompression to the device ;
- updating the backup version (V)CT of the device (90) for data encryption/decryption and/or compression/decompression based on the backup version (V)T received from the backup/restore device (100).
Finally, according to a further alternative, if the backup/restore device 100 and the device 90 for data encryption/decryption and/or compression/decompression have already been associated with each other and the backup/restore device has already been previously configured, it means that the devices are being used again in an ordinary way and the process unfolds according to the following steps:
- checking the encryption keys and the access data according to private and protected functions present in both of the devices;
- if the data exchange is consistent, i.e. both the devices determine that they are indeed correctly associated with each other, sending, by the device for data encryption/decryption and/or compression/decompression, a request to check the version of the encryption keys, user's data and data usually present in the backup/restore device;
- based on the version of the data present in the backup/restore device compared to those present in the device 90 for data encryption/decryption and/or compression/decompression, it is possible to perform a new backup of the data present in the latter device to the backup/restore device 1 00 (if the data present in the device 90 for data encryption/decryption and/or compression/decompression are more recent), otherwise an attempt to hack the system is detected, as it is not possible that a device for data encryption/decryption and/or compression/decompression already associated with a backup/restore device has an older version of the data to be stored on the latter. If the version of the data is the same, nothing happens.
In other words, if the private and protected functions determine that the access encrypted data are correct and consistent between the two devices, a request is sent by the device (90) for data encryption/decryption and/or compression/decompression, to check the backup version (V)T of the backup/restore device (100).
The backup version (V)T of said backup/restore device (1 00) is then compared with the backup version (V)CT of the device (90) for data encryption/decryption and/or compression/decompression.
If the version of the device 90 for data encryption/decryption and/or compression/decompression is more recent than that of the backup/restore device 100, the device 90 for data encryption/decryption and/or compression/decompression sends the backup version (V)CT stored in its database to the backup/restore device (100).
The present invention has been described with reference to some embodiments thereof. Many modifications can be introduced in the embodiments described in detail, still remaining within the scope of protection of the invention, defined by the appended claims.

Claims

1. Portable backup/restore device (100) configured to be associated with an external device (90) for data encryption/decryption and/or compression/decompression;
said backup/restore device (100) comprising:
an outer casing;
at least one CPU comprising at least one microcontroller and at least one cryptographic engine;
at least one authentication cryptographic chip for univocally associating said backup/restore device with an external device for data encryption/decryption and/or compression/decompression;
at least one memory of the flash type;
at least one first input/output port (5) adapted to be interfaced with the external device for data encryption/decryption and/or compression/decompression.
2. Portable backup/restore device (100) according to claim 1 , characterized in that said authentication support cryptographic chip (4) comprises a random numbers generator, at least one cryptographic hashing engine and at least one protected memory, dedicated to data security tasks.
3. Portable backup/restore device (100) according to claim 1 or 2, characterized in that said first data input/output port (5) comprises connections suitable for data communication with external devices according to an international communication standard selected from Ethernet, USB, Firewire, ThunderBolt, Bluetooth, Wi-Fi, UWB, ZigBee, ANT, WirelessHART, SATA, PATA, EIDE, RS232, RS485, CAN, Lin, Profibus.
4. Portable backup/restore device (100) according to any one of claims 1 to 3, characterized in that said first data input/output port (5) comprises a male connection (7) adapted to be interfaced with a female connection of a first external device (90) for data encryption/decryption and/or compression/decompression.
5. Portable backup/restore device (100) according to any one of claims 1 to 4, characterized in that said first data input/output port (5) comprises a USB male connection (8).
6. Portable backup/restore device (100) according to any one of claims 1 to 5, characterized in that said CPU comprises at least one memory of the flash type inside it.
7. Portable backup/restore device (100) according to any one of claims 1 to 5, characterized in that said authentication support cryptographic chip (4) is configured for:
- performing a mutual authentication between said first external device (90) for data encryption/decryption and/or compression/decompression, interfaced with said first port (5), and the portable device (100) itself;
- establishing a secure connection between said portable device (100) and said first external device (90) for data encryption/decryption and/or compression/decompression.
8. Process of data backup/restore between an external device (90) for data encryption/decryption and/or compression/decompression and a backup/restore device (100) according to any one of the previous claims 1 to 5, the process comprising the steps of:
- connecting a male connector of a data input/output port of the backup/restore device (100) with a female connector of a data input/output port of the device (90) for data encryption/decryption and/or compression/decompression; said device (90) for data encryption/decryption and/or compression/decompression being in turn connected with a computer or notebook or desktop, or server or workstation, or tablet, or smartphone, by means of further available connections of the external device (90) for data encryption/decryption and/or compression/decompression; said external device (90) for data encryption/decryption and/or compression/decompression comprising at least one database comprising a backup version;
- checking the configuration status of the backup/restore device (100) and of the device (90) for data encryption/decryption and/or compression/decompression;
- checking the association status of the backup/restore device (100) and of the device for data encryption/decryption and/or compression/decompression.
9. Process according to claim 8, characterized by comprising a step of mutual authentication between the backup/restore device (100) and the device (90) for data encryption/decryption and/or compression/decompression.
10. Process according to claim 9, characterized in that the step of authentication between the backup/restore device (100) and the device (90) for data encryption/decryption and/or compression/decompression comprises:
- creating, by the cryptographic engine of said device (90) for data encryption/decryption and/or compression/decompression, a first initialization vector (CKvector 1)CT based on a secret (csk) embedded by the manufacturer of the device (90) for data encryption/decryption and/or compression/decompression and a first random number (CH1)CT,;
- sending the first initialization vector (CKvector 1)CT and the first random number (CH1)CT to said backup/restore device;
- computing, by the cryptographic engine of said backup/restore device (100), the first initialization vector (CKvector 1 )τ;
- comparing the first initialization vector (CKvector 1 )CT sent by the device (90) for data encryption/decryption and/or compression/decompression with the first initialization vector (CKvector 1 )γ computed by the cryptographic engine of said backup/restore device (100);
- generating a second random number (CH2)T;
- computing, by the cryptographic engine of the backup/restore device (100) the session key (KSESS);
- creating, by the cryptographic engine of said backup/restore device (100), a second initialization vector (CKvector 2)τ based on a secret (csk) embedded by the manufacturer of said backup/restore device;
- sending the second initialization vector (CKvector 2)T and said second random number (CH2)T to said device (90) for data encryption/decryption and/or compression/decompression;
- computing, by the cryptographic engine of the device (90) for data encryption/decryption and/or compression/decompression, the session key (KSESS);
- computing, by the cryptographic engine of said device for data encryption/decryption and/or compression/decompression, the second initialization vector (CKvector 2)CT;
- comparing the second initialization vector (CKvector 2)T sent by the backup/restore device with the second initialization vector (CKvector 2)CT computed by the cryptographic engine of said device for data encryption/decryption and/or compression/decompression;
- activating, by the device (90) for data encryption/decryption and/or compression/decompression, the ciphering of the communication channel using a cryptographic algorithm available in the cryptographic engine of the device itself and the related session key (KSESS) previously obtained;
- activating, by the backup/restore device (100), the ciphering of the communication channel using a cryptographic algorithm available in the cryptographic engine of the device itself and the related session key (KSESS) previously obtained;
- sending, by the device (90) for data encryption/decryption and/or compression/decompression, a known connection command to the backup/restore device over the encrypted channel previously created and activated;
- receiving, by the backup/restore device (100), said command over the encrypted channel and checking its consistency after a decryption step;
- sending, by the backup/restore device (100), a known reply command to the device (90) for data encryption/decryption and/or compression/decompression over the same encrypted channel already created and active;
- checking, by the device (90) for data encryption/decryption and/or compression/decompression, after a decryption step, the consistency of the reply command received from the backup/restore device (100).
1 1 . Process according to claim 10, characterized in that the step of checking the association status between the backup/restore device and of the device for data encryption/decryption and/or compression/decompression comprises the steps of:
- requesting said backup/restore device (100) the association status;
- requesting said device (90) for data encryption/decryption and/or compression/decompression the association status.
12. Process according to claim 10 or 1 1 , characterized in that, if neither the backup/restore device (100) nor the device for data encryption/decryption and/or compression/decompression are associated and the backup/restore device (100) has never been configured, it comprises the steps of:
- initial configuring of the backup/restore device (100); - sending a request to associate the backup/restore device (1 00) and the external device (90) for data encryption/decryption and/or compression/decompression with each other;
- generating and exchanging encryption keys and access data according to predetermined functions in both of said devices;
- sending a confirmation that association has been completed from the backup/restore device (100) to the external device (90) for data encryption/decryption and/or compression/decompression and/or vice versa.
1 3. Process according to claim 10 or 1 1 , characterized in that, if the backup/restore device (1 00) is not associated, but the device (90) for data encryption/decryption and/or compression/decompression has already been previously configured and associated with a previous backup/restore device (100), it comprises the steps of:
- requesting the user to enter a predetermined user's identification code;
- checking the identification code, comprising checking the consistency of the code entered with the access data obtained by means of the proper functions from what is present in the device (90) for data encryption/decryption and/or compression/decompression;
- if the identification code is validly entered, sending a request to associate the backup/restore device and the device for data encryption/decryption and/or compression/decompression with each other;
- sending, by the backup/restore device (100), a confirmation that association with the external device (90) for data encryption/decryption and/or compression/decompression has been completed;
- sending the backup version (V)CT of the encryption data and of the data usually stored in the database of the device (90) for data encryption/decryption and/or compression/decompression to the backup/restore device (1 00);
- updating the backup version (V)T of the backup/restore device (1 00) based on the backup version (V)CT received from the device (90) for data encryption/decryption and/or compression/decompression.
14. Process according to claim 10, 1 1 , characterized in that, if the backup/restore device has been previously associated with a device for data compression/decompression, but the device for data compression/decompression has never been configured and associated with a backup/restore device, it comprises the steps of:
- requesting the user to enter a predetermined user's identification code;
- checking the identification code, comprising checking the consistency of the code entered with the access data obtained by means of the proper functions from what is present in the backup/restore device (1 00);
- if the identification code is validly entered, sending a request to associate the backup/restore device (100) and the external device (90) for data encryption/decryption and/or compression/decompression with each other;
- sending, by the external device (90) for data encryption/decryption and/or compression/decompression, a confirmation that association with the backup/restore device (1 00) has been completed;
- sending the backup version (V)T of the encryption data and of the data usually stored in the database of the backup/restore device (100) to the device
(90) for data encryption/decryption and/or compression/decompression;
- updating the backup version (V)CT of the device (90) for data encryption/decryption and/or compression/decompression based on the backup version (V)T received from the backup/restore device (1 00).
15. Process according to claim 1 1 , characterized in that, if the backup/restore device (100) and the device (90) for data encryption/decryption and/or compression/decompression are associated with each other and the backup/restore device (100) has already been previously configured, it comprises the steps of:
- checking the encryption keys and the access data according to predetermined functions present in both of said devices;
- checking that the mutual association between the two devices is correct by means of predetermined functions present in both of the devices starting from the previously exchanged access data;
- if the check has a positive outcome, sending, by the device (90) for data encryption/decryption and/or compression/decompression, a request to check the backup version (V)T of the backup/restore device (1 00);
- comparing the backup version (V)T of said backup/restore device (1 00) with the backup version (V)CT of the device (90) for data encryption/decryption and/or compression/decompression;
- if the version of the device (90) for data encryption/decryption and/or compression/decompression is more recent than that of the backup/restore device (100), sending, by the device (90) for data encryption/decryption and/or compression/decompression, the backup version (V)CT stored in its database to the backup/restore device (1 00).
16. Process according to any one of the previous claims 9 to 1 5, characterized in that the backup version (V)T comprises:
encryption keys;
security-related user's data;
encrypted data and information.
17. Process according to any one of the previous claims 9 to 15, characterized in that the backup version (V)CT of said device (90) for data encryption/decryption and/or compression/decompression comprises:
encryption keys;
security-related user's data; encrypted data and information.
EP13735399.1A 2012-06-01 2013-05-31 Portable backup/restore device Withdrawn EP2891110A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CH00753/12A CH706584B1 (en) 2012-06-01 2012-06-01 Portable back up / restore device.
PCT/IB2013/001116 WO2013179128A1 (en) 2012-06-01 2013-05-31 Portable backup/restore device

Publications (1)

Publication Number Publication Date
EP2891110A1 true EP2891110A1 (en) 2015-07-08

Family

ID=48782545

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13735399.1A Withdrawn EP2891110A1 (en) 2012-06-01 2013-05-31 Portable backup/restore device

Country Status (3)

Country Link
EP (1) EP2891110A1 (en)
CH (1) CH706584B1 (en)
WO (1) WO2013179128A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11520935B2 (en) * 2017-01-09 2022-12-06 Interdigital Madison Patent Holdings, Sas Methods and apparatus for performing secure back-up and restore

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CH21212A (en) 1899-12-05 1901-06-15 August Wasmuth Assortment of game pieces for board games with certain start and end positions of the pieces
US7111324B2 (en) * 1999-01-15 2006-09-19 Safenet, Inc. USB hub keypad
US7069585B1 (en) * 2000-08-17 2006-06-27 International Business Machines Corporation Physical key security management method and apparatus for information systems
US8065717B2 (en) * 2002-11-27 2011-11-22 Activcard Automated security token administrative services
CA2560570C (en) * 2004-03-22 2011-09-13 Samsung Electronics Co., Ltd. Authentication between device and portable storage
US8180741B2 (en) * 2006-06-06 2012-05-15 Red Hat, Inc. Methods and systems for providing data objects on a token
US20080263364A1 (en) * 2007-04-20 2008-10-23 Dundas Alan H System and method for providing access to a computer resource
US20090144456A1 (en) * 2007-11-30 2009-06-04 Alexander David Gelf Interface Device for Securely Extending Computer Functionality
WO2010030157A1 (en) * 2008-09-11 2010-03-18 Kong Pheng Lee A method of authentication of computer id for portable data storage devices
EP2388728A1 (en) * 2010-05-17 2011-11-23 Gemalto SA Security token for securely executing an application on a host computer

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2013179128A1 *

Also Published As

Publication number Publication date
CH706584B1 (en) 2017-06-15
CH706584A1 (en) 2013-12-13
WO2013179128A8 (en) 2015-02-19
WO2013179128A1 (en) 2013-12-05

Similar Documents

Publication Publication Date Title
US12047372B2 (en) Resource access management and secure authorization systems and methods
CN110799941B (en) Anti-theft and tamper-proof data protection
TWI740409B (en) Verification of identity using a secret key
CN112074836A (en) Apparatus and method for protecting data through trusted execution environment
TWI489315B (en) System and method for temporary secure boot of an electronic device
JP6275653B2 (en) Data protection method and system
US20170063827A1 (en) Data obfuscation method and service using unique seeds
CN112654992A (en) Cryptographic ASIC for deriving a key hierarchy
JP2016531508A (en) Data secure storage
TWI420339B (en) Software authorization system and method
US20150019875A1 (en) Portable device for data encryption/decryption and/or compression/decompression
TWI631462B (en) Computing system and computing device-implemented method to secure on-board bus transactions and non-transitory computer readable storage medium
CN111614467B (en) System backdoor defense method and device, computer equipment and storage medium
CN110659506A (en) Replay protection of memory based on key refresh
JP2016519544A (en) Self-authentication device and self-authentication method
WO2009129017A1 (en) Methods, apparatus and system for authenticating a programmable hardware device and for authenticating commands received in the programmable hardware device from a secure processor
US20190354697A1 (en) System and method for securing data in a storage medium
WO2013121275A1 (en) Portable device for data encryption/decryption and/or compression/decompression
CN108701200B (en) Improved memory system
WO2014140559A1 (en) Data security device
US9262619B2 (en) Computer system and method for protecting data from external threats
Loftus et al. Android 7 file based encryption and the attacks against it
EP2891110A1 (en) Portable backup/restore device
Lee et al. A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services
CN108270767A (en) Data verification method

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20141229

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20181201