Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-09-23
2001-09-18
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S185000, C713S165000, C713S193000, C713S194000, C713S152000, C380S281000, C380S284000
Reexamination Certificate
active
06292899
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to computer systems and, in particular, to a volatile key apparatus that creates an encrypted master file to securely store all of the passwords, security codes and cryptokeys that are used to safeguard the contents of a computer memory.
It is a problem in the field of computer systems to provide an effective manner of safeguarding the integrity of data that is stored in memory. In most computer and data storage systems, the privacy of computer data can be compromised without undue effort due to a lack of security measures installed on such systems. In computer systems that implement data security, the users typically find the data security systems either burdensome to use or largely ineffective in their operation.
In the field of personal computer systems, the data that is stored thereon is typically intended to remain private to the particular user who creates the data. This data can comprise medical, financial, legal, political and personal information that the user has collected and stored in a conveniently accessible manner by writing into the memory of the personal computer. The security of this information can be ensured to a certain degree by the use of computer passwords, which prevent an unauthorized user from activating the computer system. The password system prevents the system from booting and therefore prevents the unauthorized user from being able to access the data that is stored on the hard drive. However, this password system can be thwarted in a number of ways. The unauthorized user can boot the system from a floppy disk thereby bypassing the password protection. Alternatively, the unauthorized user can remove the hard drive and install it on a personal computer that is not password protected. A third mode of attack comprises the use of a brute force attack where the unauthorized user submits a series of likely passwords until a password match is attained. The number of passwords submitted can be large, and if the password system is of limited capability, such an attack can be effective.
An alternative method of data security is obtained by the use of cryptosystems, wherein the stored data is encrypted using a user provided cryptokey. The use of cryptography is commonly used in the transmission of secure data over a non-secure transmission medium, such as the telephone lines, or over the Internet. When the data stored on a personal computer memory is encrypted, the cryptokey is typically also stored on the same memory, thereby subjecting the cryptokey system to being by comprised. This can be accomplished by obtaining access to the personal computer and subjecting the cryptokey system to a brute force attack by the submission of a large number of cryptokeys.
A further dimension to the problem is that the users have an ever increasing number of passwords and cryptokeys to remember. Users typically write down the passwords and cryptokeys, thereby compromising the effectiveness of the security system. The basic encryption system also requires that specific information, such as the encryption key be available for use by the security system. The encryption key can be stored on removable media to increase security, but loading the security key floppy can be a nuisance, thereby reducing the probability that the user will maintain the system. The user is likely to store the data on the hard disk for convenience or leave the floppy disk in a readily accessible area.
U.S. Pat. No. 5,515,540 discloses a microprocessor that has improved security against tampering, including attempts at active tampering. A battery backed microcontroller includes encryption and power management functions, and is combined with a battery and a volatile semiconductor memory. The microcontroller supplies power to the semiconductor memory. When a security violation is detected, the microcontroller wipes its encryption registers and grounds the power output pin to the memory. This operation destroys all of the data that is stored in the memory. Unfortunately, this system cannot simply recover from a security violation, since all of the data is erased.
The above described problems are solved and a technical advance achieved by the present data security system which uses a volatile key apparatus to create and manage a master file, comprising a single encrypted file that is stored on the hard drive of the computer system. The master file contains all of the passwords, cryptokeys and security codes that are used by conventional security programs and apparatus resident on the computer system to safeguard the confidential data that is contained in the memory of the computer system. The master key that is used to encrypt and decrypt this master file is stored in the volatile key apparatus, which is a piece of hardware located in the personal computer and directly connected to the system bus. When a violation of the system security procedures is detected, the master key is erased from the volatile key apparatus, thereby preventing access to the encrypted information that is stored on the hard drive. The encryption protected data can still be retrieved from the hard drive by the authorized user reinstalling the master key in the volatile key apparatus, thereby enabling decryption of the encrypted passwords, cryptokeys and security codes that are stored in the master file. The conventional security programs and apparatus resident on the computer system can then use the contents of the master file to retrieve the encrypted data from the memory.
The present data security system can be activated by a security violation that is detected by ancillary equipment, such as that disclosed in U.S. Pat. No. 5,675,321, or in response to a brute force attack on the password system. The present data security system can be integrated with such ancillary equipment or can represent a separate security system. In either case, by combining an effective software cryptosystem, such as PGP Cryptosystem, with the volatile key apparatus, a high level of data security for the confidential data stored on the computer system memory can be attained.
REFERENCES:
patent: 5117457 (1992-05-01), Comerford et al.
patent: 5353350 (1994-10-01), Unsworth et al.
patent: 5515540 (1996-05-01), Grider et al.
patent: 5675645 (1997-10-01), Schwartz et al.
patent: 0 583 140 A1 (1994-02-01), None
Applied Crytography (Schneier, Oct. 18, 1995, pp. 184, 224, 561-562).
Callahan Paul E.
Duft, Graziano & Forest, P.C.
Swann Tod
LandOfFree
Volatile key apparatus for safeguarding confidential data... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Volatile key apparatus for safeguarding confidential data..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Volatile key apparatus for safeguarding confidential data... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2435443