Secure computer data storage method and device
0 Assignments
0 Petitions
Accused Products
Abstract
A secure, tamper- and forgery-proof peripheral for the storage of authenticated, dated computer data with an evidential value. The invention is based on an optionally-rewritable, fully-integrated storage peripheral which is functionally protected by an electronic system which only authorizes the addition of data in the unused free space and prohibits the deletion, alteration or overwriting of pre-recorded data. At the end of each file-write operation, the date, which is provided by a non-modifiable internal clock that is calibrated only at the time of production, is associated therewith. Each device includes a unique integrated secret internal digital identifier which is associated with a unique public identifier and the identifiers are used to personalize the device and render same unreproducible. The association can be verified using several third methods which never divulge the secret internal identifier.
-
Citations
31 Claims
-
1-16. -16. (canceled)
-
17. Method for storing computer data, characterised in that it comprises integrating entirely in one device:
-
a data storage peripheral (1), an adapted input-output controller (2) transforming said data storage peripheral (1) into a single- or restricted-write storage peripheral by diverting all input-output interface (13) commands from a host system (20) to the internal interface (3) of the integrated data storage peripheral (1), in order;
to authorise exclusively the addition of new files in the free space (5) by dating them independently thanks to a secure internal real time clock (6), and to prohibit the deletion, alteration and rewriting of previously written and hence prior dated data (4), to protect the totality of said device on the one hand against forgery or duplication by a unique secret internal identifier (7) by association with a unique public serial number (18), on the other hand by a peripheral protection enclosure (10) intended to prevent intrusion into the equipment, the alteration of any component and internal data, and also the analysis of the unique secret identifier without compromising the validity and authenticity in an irremediable manner, to detect said intrusion, alteration and analysis attempt, said detections being able to be verified by several third party methods on said process, the latter being thus secure and suitable for storing authenticated, dated computer data with an evidential value, and in that it comprises furthermore making it possible to guarantee the unique, unreproducible personalisation of the equipment whilst publishing its existence, possibly before authentication, by generating randomly by calculation internally of the equipment, said unique secret identifier (7), by calculating internally a one-way digital fingerprint (23) of the unique secret identifier (7) which does not allow return to the latter, by establishing the uniqueness of the fingerprint by interrogation of a public database (21) containing the fingerprints of the totality of existing equipment, the identifier being recalculated if there is a clash and the device being formally identified as soon as the fingerprint is unique, by adding therefore into the public database (21) the references of the equipment;
unique serial number and fingerprint (23). - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. Device for storing computer data, characterised in that it integrates in full:
-
a data storage peripheral (1) comprising an internal interface (3), an adapted input-output controller (2), an input-output interface (13), a secure internal real time clock (6), a unique secret internal identifier (7), a unique public serial number, a peripheral protection enclosure (10), said adapted input-output controller (2) being able to transform said data storage peripheral (1) into a single- or restricted-write storage peripheral by diverting all input-output interface commands (13) from a host system (20) to the internal interface (3) of the integrated peripheral (1), in order;
to authorise exclusively the addition of new files in the free space (5) by dating them independently thanks to the secure internal real time clock (6), and to prohibit the deletion, alteration and rewriting of previously written and hence prior dated data (4), means for guaranteeing the unique, unreproducible personalisation of the equipment whilst publishing its existence, possibly before authentication, by generating randomly by calculation internally of the equipment, said unique secret identifier (7), by calculating internally a one-way digital fingerprint (23) of the unique secret identifier (7) which does not allow return to the latter, by establishing the uniqueness of the fingerprint by interrogation of a public database (21) containing the fingerprints of the totality of existing equipment, the identifier being recalculated if there is a clash and the device being formally identified as soon as the fingerprint is unique, by adding therefore into the public database (21) the references of the equipment;
unique serial number and fingerprint (23),the totality of said device being protected on the one hand against forgery or duplication by the unique secret internal identifier (7) by association with the unique public serial number, on the other hand by the peripheral protection enclosure (10) preventing intrusion into the equipment, the alteration of any component and internal data, and also the analysis of the unique secret identifier without compromising the validity and authenticity in an irremediable manner, intrusion, alteration and analysis attempts being able to be verified by several third party means on the totality of said device, the latter being thus secure, inviolable and forgery-proof, suitable for storing authenticated, dated computer data with an evidential value. - View Dependent Claims (29, 30, 31)
-
Specification