Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-02-04
2001-09-18
Lee, Thomas (Department: 2182)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S193000, C713S194000
Reexamination Certificate
active
06292898
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to protection of electronically stored data from tampering and, in particular, to preventing ascertainment of the content of data stored in a data storage device situated in a secure environment.
2. Related Art
Computational devices and/or related peripheral devices often include a data storage device. In some situations, the content of the data stored in a data storage device may be particularly sensitive, so that the data storage device is situated within a secure environment, such as the enclosure within a mechanically sealed housing. (Such a data storage device is sometimes referred to herein as a “secure data storage device” and the device of which the data storage device is part is sometimes referred to herein as a “secure device.”) However, even secure environments are susceptible to intrusion: it may be possible to pry open a mechanically sealed housing, for example. Thus, even when a secure environment has been provided for a data storage device that stores sensitive data, it can be desirable to provide additional security for the data storage device. Such additional security can comprise erasing or otherwise destroying the stored data when an intrusion into the secure environment is detected.
Generally, a data storage device can be either non-volatile (i.e., data continues to be stored in the data storage device even after the application of power to the data storage device is ceased) or volatile (i.e., data stored in the data storage device is lost after the application of power to the data storage device is ceased). Volatile data storage devices typically include a multiplicity of data storage elements (memory cells) that can each store one of two different values. The capacity of a volatile data storage device to store two different values in a memory cell (i.e., to store data) depends upon the maintenance of two distinct voltage levels within the volatile data storage device, which, in turn, requires a continual supply of power to the volatile data storage device, as indicated above.
It can be desirable to embody a secure data storage device with a volatile data storage device (“secure volatile data storage device”), such as a random access memory (RAM), because, as will be clear from the description below, when an intrusion into the secure environment is detected, data stored in a volatile data storage device can more easily be erased or otherwise destroyed than can data stored in a nonvolatile data storage device.
In some situations it can be desirable to make a volatile data storage device effectively non-volatile. This can be done by using a backup power supply (i.e., a power supply, such as a battery, to which the volatile data storage device can be connected when the device of which the volatile data storage device is part is not operating) to continue to supply power to the volatile data storage device after a primary power supply (i.e., a power supply to which the volatile data storage device is connected during operation of the device of which the volatile data storage device is part) has been disconnected from the volatile data storage device. In particular, in portable devices (which are frequently not connected to a primary power supply), it can be desirable to provide a backup power supply to enable a volatile data storage device of the portable device to be made non-volatile. The construction of a “non-volatile data storage device” by providing a backup power supply for a volatile data storage device can be desirable because, as made clearer by the description below, such construction enables non-volatilely stored data to be more easily erased or otherwise destroyed, if tampering with the data storage device is detected, than would be the case if the data storage device was embodied by a conventional non-volatile data storage device.
FIG. 1
is a block diagram illustrating the functional components of a previous system for protecting data stored in a volatile data storage device that is situated within a secure environment and connected to a power supply. A volatile data storage device
101
that is situated within a secure environment is initially electrically connected to a power supply
102
(i.e., a switch
104
is configured to make electrical connection between the nodes
105
and
106
) so that data can be continually stored in the volatile data storage device
101
. A detector
103
is adapted to detect an intrusion into the secure environment. When an intrusion is detected, the switch
104
changes configuration so that the power supply
102
is disconnected from the volatile data storage device
101
(as shown in FIG.
1
). Since power is no longer supplied to the volatile data storage device
101
, electrical charge within the volatile data storage device
101
gradually flows so that two distinct voltages are no longer present in the volatile data storage device
101
, i.e., the data in the volatile data storage device
101
is lost. Erasure (sometimes referred to as “zeroization”) in this manner of data stored in a volatile data storage device is generally referred to herein as “passive erasure” (or “passive zeroization”).
If the volatile data storage device consumes relatively little power in operation (such as is often the case in small portable devices) and/or the volatile data storage device operates at voltage levels that differ in magnitude by a relatively large amount, passive erasure can take an undesirably long time (e.g., tens of seconds) to erase the data stored in the volatile data storage device. For example, portable digital assistants (PDAs) typically are constructed to be relatively low power devices such that passive erasure of the data stored in a volatile data storage device of the PDA would take about 30 seconds. This amount of time can enable a tamperer to re-establish the connection between the power supply and the volatile data storage device, or provide a substitute power supply, so that the data stored within the volatile data storage device is preserved. For example, a device can include a secure volatile data storage device situated in an enclosure within a mechanically sealed housing, the device constructed so that prying open the housing breaks electrical connection between the volatile data storage device and a power supply. A tamperer, after prying open the housing of such a device, may be able to, with sufficient familiarity with the device (which could be obtained, for example, from previous intrusions into one or more similar devices), attach jumpers to appropriate nodes of the device to re-establish the broken electrical connection or provide a substitute power supply, so that, from the perspective of the volatile data storage device, it appears that no intrusion has occurred. If the tamperer can accomplish this before the data has been erased from the volatile data storage device by passive erasure (e.g., within several seconds), the tamperer can then use known techniques to ascertain at his leisure the content of the data stored in the volatile data storage device. Thus, the use of passive erasure to protect data stored in a volatile data storage device situated within a secure environment may not be as effective as desired.
FIG. 2
is a block diagram illustrating the functional components of another previous system for protecting data stored in a volatile data storage device that is situated within a secure environment and connected to a power supply. As in the system depicted in
FIG. 1
, a volatile data storage device
201
that is situated within a secure environment is initially electrically connected to a power supply
202
so that data can be continually stored in the volatile data storage device
201
, and a detector
203
is adapted to detect when an intrusion into the secure environment has occurred. When an intrusion is detected, a processor
204
causes data stored within the volatile data storage device
201
to be erased or changed so that the originally stored data cannot be ascertained. The processor
204
m
Graham David R.
Lee Thomas
Mai Rijue
Spyrus, Inc.
LandOfFree
Active erasure of electronically stored data upon tamper... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Active erasure of electronically stored data upon tamper..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Active erasure of electronically stored data upon tamper... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2452399