WO2006100205A2 - Method and system of introducing physical device security for digitally encoded data - Google Patents
Method and system of introducing physical device security for digitally encoded data Download PDFInfo
- Publication number
- WO2006100205A2 WO2006100205A2 PCT/EP2006/060796 EP2006060796W WO2006100205A2 WO 2006100205 A2 WO2006100205 A2 WO 2006100205A2 EP 2006060796 W EP2006060796 W EP 2006060796W WO 2006100205 A2 WO2006100205 A2 WO 2006100205A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data storage
- storage devices
- digital
- data
- access
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1076—Parity data used in redundant arrays of independent storages, e.g. in RAID systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Definitions
- the invention relates to data security, and more particularly to data security in striped data systems.
- Digital security is largely reliant upon software protection, such as PGP.
- PGP software protection
- Those systems typically breakdown into digital signatures and username/password solutions.
- they are single user in nature. That is, any user who has knowledge of the password and private key may gain access to the protected information.
- the invention described herein provides a method of securing and accessing digital data. This is done by encrypting the digital data with a digital key. Next, the encrypted digital data is striped across a plurality of physical data storage devices, where the digital devices require a key for access to the digital data. Next the digital key is applied to access the encrypted data when all of the physical data storage devices are simultaneously present.
- Figure 1 illustrates a high level flow chart of the invention, with the steps of encrypting the data with a digital key, striping the encrypted data across a plurality of physical data storage devices that require the digital key for access to the stored data, and applying the digital key to access the encrypted data across all of the physical data storage devices when all of the digital data storage devices are simultaneously present;
- Figure 2 illustrates the concept of striping where data, illustrated as text data, is encrypted, here simply by breaking the text data into groups of four characters, and then storing the encrypted data into different media;
- Figure 3 illustrates a system of the invention, with a server, a plurality of physical data storage devices, and data access terminals with means for inserting a storage medium carrying the digital key.
- the invention provides a method of securing and accessing digital data, as illustrated in Figure 1. This is done by encrypting the digital data with a digital key 101. Next, the encrypted digital data is striped across a plurality of physical data storage devices 103, where the digital devices each require a key for access to the digital data. Finally, the digital key is applied to access the encrypted data when all of the physical data storage devices are simultaneously present to access the data 107.
- striping a volume means that the volume spans multiple storage media, such as USB devices, flash memories, hard disks, or the like, but that each file is actually spread over the disks in the stripe set.
- the data 201 illustrated as text data, is encrypted, here simply by breaking the text data into groups of four characters 203, and then the encrypted data is stored or written into different physical data storage devices 205 and 207. This means that performance may be dramatically increased because files are read from and written to multiple hard disks or flash memories simultaneously. For example, if there is a stripe set consisting of three hard disks, then one third of the file would be on each disk.
- the individual physical data storage devices of the plurality of physical data storage devices are individually removable.
- a further aspect of the invention is a data storage system 301 having a server 311 and a plurality of separate, individual memory devices 321, 323, and 325. These devices 321, 323, and 325 are adapted for striped storage of encrypted digital data.
- the individual data storage devices, 312, 323, and 325 are illustrated as disks, but may be USB devices, flash memories, tape drives, or the like.
- the physical storage devices, 321, 323, and 325 are individually removable.
- the system also includes means, such as terminals 331 and 335 for simultaneously applying a digital key, e.g., manually by a keyboard or touch screen entry, or by a simple memory devices, 333 and 337, such as a magnetic card or a flash memory card, to access the encrypted data when all of the physical data storage devices, 321, 313, and 325, are simultaneously present.
- a digital key e.g., manually by a keyboard or touch screen entry
- a simple memory devices, 333 and 337 such as a magnetic card or a flash memory card
- the system is for full striping of encrypted data across all of the physical data storage devices. This is so that the digital key is applied to all of the physical storage devices to access the encrypted data only when all of the physical storage devices are simultaneously present. This is accomplished through a hardware or software interlock that precludes access when less then all of the physical storage devices are present.
- the invention may be implemented, for example, by having the system for securing and accessing digital data, e.g., by encrypting the digital data with a digital key, striping the encrypted data across a plurality of physical data storage devices requiring the key for access to the digital data; and applying the digital key to access the encrypted data when all of the physical data storage devices are simultaneously present.
- This is accomplished by executing the method as a software application, in a dedicated processor, or in a dedicated processor with dedicated code.
- the code executes a sequence of machine-readable instructions, which can also be referred to as code. These instructions may reside in various types of signal-bearing media.
- one aspect of the present invention concerns a program product, comprising a signal-bearing medium or signal-bearing media tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus to perform a method for securing and accessing digital data as a software application.
- This signal-bearing medium may comprise, for example, memory in a server.
- the memory in the server may be non-volatile storage, a data disc, or even memory on a vendor server for downloading to a processor for installation.
- the instructions may be embodied in a signal-bearing medium such as the optical data storage disc.
- the instructions may be stored on any of a variety of machine-readable data storage mediums or media, which may include, for example, a "hard drive", a RAID array, a RAMAC, a magnetic data storage diskette (such as a floppy disk) , magnetic tape, digital optical tape, RAM, ROM, EPROM, EEPROM, flash memory, magneto-optical storage, paper punch cards, or any other suitable signal-bearing media including transmission media such as digital and/or analog communications links, which may be electrical, optical, and/or wireless.
- the machine-readable instructions may comprise software object code, compiled from a language such as "C++", Java, Pascal, ADA, assembler, and the like.
- program code may, for example, be compressed, encrypted, or both, and may include executable code, script code and wizards for installation, as in Zip code and cab code.
- machine-readable instructions or code residing in or on signal-bearing media include all of the above means of delivery.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Quality & Reliability (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/086,183 | 2005-03-22 | ||
US11/086,183 US20060218413A1 (en) | 2005-03-22 | 2005-03-22 | Method of introducing physical device security for digitally encoded data |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006100205A2 true WO2006100205A2 (en) | 2006-09-28 |
WO2006100205A3 WO2006100205A3 (en) | 2007-01-25 |
Family
ID=37024193
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2006/060796 WO2006100205A2 (en) | 2005-03-22 | 2006-03-16 | Method and system of introducing physical device security for digitally encoded data |
Country Status (4)
Country | Link |
---|---|
US (1) | US20060218413A1 (en) |
CN (1) | CN101147152A (en) |
TW (1) | TW200703060A (en) |
WO (1) | WO2006100205A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011011847A2 (en) | 2009-07-31 | 2011-02-03 | Sociedade Beneficiente De Senhoras Hospital Sirio Libanes | Pharmaceutical composition for treating medical conditions and a method for treating alimentary disorders and related diseases |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0400663D0 (en) * | 2004-01-13 | 2004-02-11 | Koninkl Philips Electronics Nv | Secure data handling system, method and related apparatus |
US20090013016A1 (en) * | 2007-07-06 | 2009-01-08 | Neoscale Systems, Inc. | System and method for processing data for data security |
CN101968773A (en) * | 2009-07-28 | 2011-02-09 | 茂晖科技股份有限公司 | Data storage system with biometric protection and method thereof |
US11363100B2 (en) * | 2017-04-14 | 2022-06-14 | Quantum Corporation | Network attached device for accessing removable storage media |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5950230A (en) * | 1997-05-28 | 1999-09-07 | International Business Machines Corporation | RAID array configuration synchronization at power on |
WO2003032133A2 (en) * | 2001-10-12 | 2003-04-17 | Kasten Chase Applied Research Ltd. | Distributed security architecture for storage area networks (san) |
US20040049687A1 (en) * | 1999-09-20 | 2004-03-11 | Orsini Rick L. | Secure data parser method and system |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6154843A (en) * | 1997-03-21 | 2000-11-28 | Microsoft Corporation | Secure remote access computing system |
US6438666B2 (en) * | 1997-09-26 | 2002-08-20 | Hughes Electronics Corporation | Method and apparatus for controlling access to confidential data by analyzing property inherent in data |
US6738907B1 (en) * | 1998-01-20 | 2004-05-18 | Novell, Inc. | Maintaining a soft-token private key store in a distributed environment |
US6118873A (en) * | 1998-04-24 | 2000-09-12 | International Business Machines Corporation | System for encrypting broadcast programs in the presence of compromised receiver devices |
US6289455B1 (en) * | 1999-09-02 | 2001-09-11 | Crypotography Research, Inc. | Method and apparatus for preventing piracy of digital content |
US6732230B1 (en) * | 1999-10-20 | 2004-05-04 | Lsi Logic Corporation | Method of automatically migrating information from a source to an assemblage of structured data carriers and associated system and assemblage of data carriers |
US6792113B1 (en) * | 1999-12-20 | 2004-09-14 | Microsoft Corporation | Adaptable security mechanism for preventing unauthorized access of digital data |
WO2001099387A2 (en) * | 2000-06-20 | 2001-12-27 | Clark James R | Multi-session secured digital transmission process |
GB0026803D0 (en) * | 2000-11-02 | 2000-12-20 | Multimedia Engineering Company | Securized method for communicating and providing services on digital networks and implementing architecture |
US7349987B2 (en) * | 2000-11-13 | 2008-03-25 | Digital Doors, Inc. | Data security system and method with parsing and dispersion techniques |
US7987510B2 (en) * | 2001-03-28 | 2011-07-26 | Rovi Solutions Corporation | Self-protecting digital content |
EP1365537B1 (en) * | 2002-05-24 | 2004-07-07 | Swisscom Mobile AG | Systems and method for certifying digital signatures |
US7353382B2 (en) * | 2002-08-08 | 2008-04-01 | Fujitsu Limited | Security framework and protocol for universal pervasive transactions |
-
2005
- 2005-03-22 US US11/086,183 patent/US20060218413A1/en not_active Abandoned
-
2006
- 2006-03-16 WO PCT/EP2006/060796 patent/WO2006100205A2/en not_active Application Discontinuation
- 2006-03-16 CN CNA2006800089803A patent/CN101147152A/en active Pending
- 2006-03-16 TW TW095109027A patent/TW200703060A/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5950230A (en) * | 1997-05-28 | 1999-09-07 | International Business Machines Corporation | RAID array configuration synchronization at power on |
US20040049687A1 (en) * | 1999-09-20 | 2004-03-11 | Orsini Rick L. | Secure data parser method and system |
WO2003032133A2 (en) * | 2001-10-12 | 2003-04-17 | Kasten Chase Applied Research Ltd. | Distributed security architecture for storage area networks (san) |
Non-Patent Citations (2)
Title |
---|
ADI SHAMIR: "HOW TO SHARE A SECRET" COMMUNICATIONS OF THE ASSOCIATION FOR COMPUTING MACHINERY, ACM, NEW YORK, NY, US, vol. 22, no. 11, 1 November 1979 (1979-11-01), pages 612-613, XP000565227 ISSN: 0001-0782 * |
REILLY D N: "BOOSTING RAID PERFORMANCE WITH SOLID STATE DISKS" COMPUTER TECHNOLOGY REVIEW, WESTWORLD PRODUCTION, BEVERLY HILL, CA, US, vol. 15, no. 10, 1 October 1995 (1995-10-01), pages 50-52, XP000538282 ISSN: 0278-9647 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011011847A2 (en) | 2009-07-31 | 2011-02-03 | Sociedade Beneficiente De Senhoras Hospital Sirio Libanes | Pharmaceutical composition for treating medical conditions and a method for treating alimentary disorders and related diseases |
US9452196B2 (en) | 2009-07-31 | 2016-09-27 | Sociedade Beneficente De Senhoras Hospital Sirio Libanes | Pharmaceutical composition for treating medical conditions and a method for treating alimentary disorders and related diseases |
Also Published As
Publication number | Publication date |
---|---|
CN101147152A (en) | 2008-03-19 |
US20060218413A1 (en) | 2006-09-28 |
TW200703060A (en) | 2007-01-16 |
WO2006100205A3 (en) | 2007-01-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7415571B1 (en) | Disk drive and method for using a mailbox file associated with a disk storage medium for performing a function characterized by contents of the mailbox file | |
US7949693B1 (en) | Log-structured host data storage | |
US7987497B1 (en) | Systems and methods for data encryption using plugins within virtual systems and subsystems | |
AU2931795A (en) | Access control system for restricting access to authorised hours and renewing it using a portable storage medium | |
US8407484B2 (en) | Flash memory distribution of digital content | |
US20070079126A1 (en) | System and method for performing a trust-preserving migration of data objects from a source to a target | |
US20060218413A1 (en) | Method of introducing physical device security for digitally encoded data | |
EP1274000A4 (en) | Computer system for authenticating recording medium and its use method | |
US20090048976A1 (en) | Protecting Stored Data From Traffic Analysis | |
US20080076355A1 (en) | Method for Protecting Security Accounts Manager (SAM) Files Within Windows Operating Systems | |
EP1910911A2 (en) | Mass storage device with near field communications | |
CN101082883A (en) | Storage apparatus having multiple layer encrypting protection | |
CN111400714B (en) | Virus detection method, device, equipment and storage medium | |
RU2348968C2 (en) | System for interlinking of secrets with computer system having some tolerance on hardware changes | |
US20120131057A1 (en) | Non-deterministic audit log protection | |
CN109214204B (en) | Data processing method and storage device | |
US9330282B2 (en) | Instruction cards for storage devices | |
CN103473512B (en) | A kind of mobile memory medium management method and device | |
WO2009009400A2 (en) | System and method for processing data for data security | |
Barker et al. | Artifice: A deniable steganographic file system | |
EP2400422A1 (en) | Method, system and secure processor for executing a software application | |
US9251382B2 (en) | Mapping encrypted and decrypted data via key management system | |
JP7252696B2 (en) | Enable software distribution | |
JP2006221259A (en) | Method for recording data in external storage medium and data transfer control interface software for use therewith | |
Shekhanin et al. | Steganographic hiding information in a file system structure |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680008980.3 Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: RU |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06725107 Country of ref document: EP Kind code of ref document: A2 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06725107 Country of ref document: EP Kind code of ref document: A2 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 6725107 Country of ref document: EP |