WO2010112869A1 - Système de protection de données - Google Patents

Système de protection de données Download PDF

Info

Publication number
WO2010112869A1
WO2010112869A1 PCT/GB2010/000660 GB2010000660W WO2010112869A1 WO 2010112869 A1 WO2010112869 A1 WO 2010112869A1 GB 2010000660 W GB2010000660 W GB 2010000660W WO 2010112869 A1 WO2010112869 A1 WO 2010112869A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
data
encrypted
random
drive
Prior art date
Application number
PCT/GB2010/000660
Other languages
English (en)
Inventor
Peter Norman Panayi
Original Assignee
Peter Norman Panayi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peter Norman Panayi filed Critical Peter Norman Panayi
Priority to EP10717197A priority Critical patent/EP2414984A1/fr
Publication of WO2010112869A1 publication Critical patent/WO2010112869A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • the present invention relates to a system for protecting data stored electronically, for example on a personal computer or laptop.
  • a means of encryption of said data is disclosed.
  • the invention aims to affordably and easily allow computer users absolute control over the security of their own data.
  • the present invention seeks to address the above problems through the provision of a key: an important condition being that the key, employed by the invention remains safe.
  • the solution provided by the invention to the problem does not require any action by the user to ensure that data written to the computer hard drive is encrypted. It happens automatically. Also so long as the key is kept safe, the data cannot be decrypted without the key. Such a decryption is theoretically impossible. Also by using two such random keys the system ensures that even if one key is stolen, data backed up to a remote and possibly insecure server is also safe.
  • the invention consists of such a device loaded with random data derived from a truly random source in conjunction with special driver software. Every key supplied is a very large one time key which will contain different random data to any other key and will have encoded within it a unique identification number identifying the key. Each key is also supplied with a second key which will reside only on the computer to be protected. The first key is referred to as the portable key and the second the fixed key.
  • Encryption and decryption is automatic. All the user has to do is ensure the key is present and to drag files or folders into a window representing the files to be encrypted.
  • a system for the protection of data on a laptop or other computer from unauthorised access comprising:
  • a portable random one time pad based encryption and decryption key comprising random data located on a flash drive or other removable storage medium; driver software which when the key is in place transparently allows read and write access to the encrypted data by the user and by all installed software without modification which allows decrypted access to the encrypted data and which ensures that if the portable key is not ⁇ onnected, the data can be accessed only in its encrypted and unintelligible form for the purpose of backup and copying.
  • the system requires no modification to the computer; requires no knowledge or intervention by the user except: to ensure that the portable key is present when required; to ensure that the portable key is not present when the computer is not in use;
  • the system includes a second, fixed, encryption and decryption key stored on the target computer or an additional storage device stored within the target computer.
  • the fixed key is also in the form of a truly random one time pad.
  • the fixed key is optionally not a one time pad
  • Optional ⁇ configuration of an encrypted data subset uses the simple device of dragging and dropping the data from the unencrypted drive or folder, to a designated drive or folder whereupon the original data is overwritten by an encrypted copy and is subsequently only accessible via when the key is present.
  • the portable key is kept on a flash drive or other device with a retractable connector. Further conveniently, the portable key is kept on a flash drive or other device with the facility to attach it to a key ring. Preferably the files encrypted with both keys may be stored on the flash drive containing the portable key.
  • the random data is organised into two or more files.
  • the organisation of the key into relatively small files which are named in accordance with their position in the key means that the encryption software need only load that small part of the key which is currently in use
  • One of the simplest methods of encrypting data is a simple substitution cipher.
  • An example that almost everyone knows is to substitute every letter in the alphabet by a different letter so that the message becomes unreadable. Again almost everyone knows how to break such a code.
  • the key can only be used once and so the key needs to be as big as the data being encrypted. Thus to encrypt the whole of a hard disk another storage facility of the same size is needed.
  • the one time key can only be used by one sender and any recipient also * needs a copy of the key. This poses obvious security problems. Ideally the sender should destroy the key after use, there should only be a single recipient who destroys the key after reading the message.
  • the key which is the subject of the present invention is in two parts both of which are, in the implementation being described here, one time pads.
  • the keys are initially loaded on to a flash drive, the size of which depends on the requirements of the specific user.
  • the product is not intended for encrypting large files such as photos or videos and so the requirement of the average user will be no larger than 1 gigabyte. However with current technology the size could be up to 32 gigabytes.
  • the key consists of random data organised into files. It is convenient to organise the key into relatively small files which are named in accordance with their position in the key. This means that the encryption software need only load that small part of the key which is currently in use. This obviates the possibility that parts of the key might be temporarily stored in virtual memory on the hard disc and thereby leave a trace which would be a security risk.
  • the data is produced by a random thermal electronic noise source of a very high frequency.
  • This noise source also has a very wide and flat frequency response.
  • the autocorrelation time between samples which is known to be the Fourier transform of the frequency spectrum is therefore inherently short.
  • the data is then sampled at a rate which is long compared to the autocorrelation time constant thus ensuring that even before entropy distillation the correlation between data bits and subsequent data bits is already very low.
  • In order to remove bias from the data hardware feedback is used from the output bit stream.
  • the key is then subjected to a form of entropy distillation which greatly reduces both bias and bit to bit correlation.
  • a form of entropy distillation which greatly reduces both bias and bit to bit correlation.
  • the key is then exclusive ORed with a very large fixed random key.
  • the entry point into this key for this step is not fixed but decided by a pseudo-random generator.
  • the user must decide where the fixed key is located. If the user intends to allow automated backup of the whole disk then the key must be located elsewhere, for example on another USB device, a memory card or other plug in card which the computer may accept such as an SD card. The user may decide that he is not worried however about the security of backed up data in the event of theft of the portable key and so these precautions will not be necessary. In this case the user will be given the option of not using a fixed key at all and therefore having access to a portable key of twice the size.
  • the user must install prior to first use driver software which implements the above and the following functionality.
  • the installation is automated and made as transparent to the user as possible.
  • Encrypted files are created in one of two ways: They are always double encrypted with the portable and fixed keys unless the user has chosen the option of no fixed key.
  • Files or folders can be created on the virtual drive in exactly the same way as any other files. The only difference is that they are not really there.
  • an item is created on the virtual drive the real data is created on the target drive in the corresponding part of the directory structure but in an encrypted form.
  • an encrypted file is modified it will be re-encrypted with a fresh part of both keys.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système permettant de protéger des données conservées sur le disque dur d'un ordinateur portable ou de tout autre ordinateur personnel contre un accès non-autorisé. Des données qui ont été sauvegardées sur un serveur, une carte mémoire, un CD ou tout autre support de sauvegarde sont également protégées. Les données sont protégées par une clé impossible à déchiffrer qui se trouve sur un lecteur flash USB ou un dispositif amovible similaire. Éventuellement, une seconde clé connue comme la clé fixe peut également être utilisée. Dans ce cas, les deux clés doivent être présentes pour lire les données, et ainsi, en cas de perte de l'ordinateur ou de la clé amovible, les données sont en sécurité. Pour compromettre les données, il faut donc voler la clé amovible et l'ordinateur. Le système est conçu pour crypter et décrypter des données automatiquement sans action ou connaissance de la part de l'utilisateur.
PCT/GB2010/000660 2009-04-04 2010-04-01 Système de protection de données WO2010112869A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP10717197A EP2414984A1 (fr) 2009-04-04 2010-04-01 Système de protection de données

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0905917A GB2469141A (en) 2009-04-04 2009-04-04 Protecting data from unauthorised access using one-time pad stored on removable storage device
GB0905917.1 2009-04-04

Publications (1)

Publication Number Publication Date
WO2010112869A1 true WO2010112869A1 (fr) 2010-10-07

Family

ID=40750158

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2010/000660 WO2010112869A1 (fr) 2009-04-04 2010-04-01 Système de protection de données

Country Status (3)

Country Link
EP (1) EP2414984A1 (fr)
GB (1) GB2469141A (fr)
WO (1) WO2010112869A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102207913A (zh) * 2011-06-09 2011-10-05 中兴通讯股份有限公司 嵌入式系统中写保护的控制方法和装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070255963A1 (en) * 2006-04-28 2007-11-01 Erix Pizano System and method for biometrically secured, transparent encryption and decryption
EP1953669A2 (fr) * 2007-01-30 2008-08-06 Technology Properties Limited Système et procédé de cryptage de données d'un dispositiv de stockage et accès via une clé matérielle
GB2449410A (en) * 1992-10-30 2008-11-26 Commw Of Australia Communications security and trusted path method and means

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623546A (en) * 1995-06-23 1997-04-22 Motorola, Inc. Encryption method and system for portable data
US5802175A (en) * 1996-09-18 1998-09-01 Kara; Salim G. Computer file backup encryption system and method
US7702922B2 (en) * 2004-08-17 2010-04-20 Microsoft Corporation Physical encryption key system
US20070011469A1 (en) * 2005-07-11 2007-01-11 Simdesk Technologies Secure local storage of files
US8588421B2 (en) * 2007-01-26 2013-11-19 Microsoft Corporation Cryptographic key containers on a USB token

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2449410A (en) * 1992-10-30 2008-11-26 Commw Of Australia Communications security and trusted path method and means
US20070255963A1 (en) * 2006-04-28 2007-11-01 Erix Pizano System and method for biometrically secured, transparent encryption and decryption
EP1953669A2 (fr) * 2007-01-30 2008-08-06 Technology Properties Limited Système et procédé de cryptage de données d'un dispositiv de stockage et accès via une clé matérielle

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102207913A (zh) * 2011-06-09 2011-10-05 中兴通讯股份有限公司 嵌入式系统中写保护的控制方法和装置

Also Published As

Publication number Publication date
GB2469141A (en) 2010-10-06
GB0905917D0 (en) 2009-05-20
EP2414984A1 (fr) 2012-02-08

Similar Documents

Publication Publication Date Title
US6292899B1 (en) Volatile key apparatus for safeguarding confidential data stored in a computer system memory
US8315394B2 (en) Techniques for encrypting data on storage devices using an intermediate key
US10592641B2 (en) Encryption method for digital data memory card and assembly for performing the same
CN104239820B (zh) 一种安全存储设备
US20080077807A1 (en) Computer Hard Disk Security
US20080016127A1 (en) Utilizing software for backing up and recovering data
JP2009225437A (ja) 記憶データの安全な処分
TW201329779A (zh) 於兩裝置間保護資料存取之方法及系統
US8200964B2 (en) Method and apparatus for accessing an encrypted file system using non-local keys
US20080235521A1 (en) Method and encryption tool for securing electronic data storage devices
EP2264639A2 (fr) Sécurisation de l'intégrité de code exécutable utilisant une clé dérivative automatiquement
CN114175580B (zh) 增强的安全加密和解密系统
CN1776563A (zh) 一种基于通用串行总线接口的文件夹加密装置
EP2037389A1 (fr) Système de protection de fichier électronique disposant d'un ou plusieurs dispositifs de mémoire amovibles
Belenko et al. “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really?
US20080313473A1 (en) Method and surveillance tool for managing security of mass storage devices
US9697372B2 (en) Methods and apparatuses for securing tethered data
CN100428108C (zh) 一种数据加密存储的方法
US11283600B2 (en) Symmetrically encrypt a master passphrase key
US20090077377A1 (en) System and method of protecting content of an electronic file for sending and receiving
WO2010112869A1 (fr) Système de protection de données
CN111291429B (zh) 一种数据保护方法和系统
US10992453B2 (en) System architecture for encrypting external memory
Kiltz et al. Hidden in Plain Sight-Persistent Alternative Mass Storage Data Streams as a Means for Data Hiding With the Help of UEFI NVRAM and Implications for IT Forensics
Halcrow Demands, solutions, and improvements for Linux filesystem security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10717197

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2010717197

Country of ref document: EP