Security System Using Physical Key for Cryptographic Processes
First Claim
1. A device for cryptographic process comprising:
- a cipher engine that encrypts or decrypts data from a host;
a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and
a controller that manages interactions of the cipher engine and the storage with the host.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the invention is based on the recognition that by keeping the encryption key (DEK) in a key device, and using the key device to perform all encryption and decryption, where the DEK is not supplied to the computing system, the above noted security problems can be overcome. The encrypted information is stored in the computing system and not in the key device. However, without the key device, it is not possible to access the encrypted information stored in the computing system. Thus, the function of the key device is similar to that of a physical key used in daily life for unlocking a door or drawer, except that the user gains access to protected information instead of access to a building, drawer or car.
-
Citations
25 Claims
-
1. A device for cryptographic process comprising:
-
a cipher engine that encrypts or decrypts data from a host; a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and a controller that manages interactions of the cipher engine and the storage with the host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
- 11. A host computing system having a memory and an operating system, said computing system running a computer program to create in the system a file that behaves like a disk drive to the operating system of the system for storing encrypted information sent to it by a key device that is connected to the system and that performs cryptographic processes, and to translate accesses to this file by the system into commands, wherein when a command to read or write is issued by the system to the file, the computer program when executed by the system will cause a cipher engine in the key device to perform encryption and/or decryption of data from such file and/or to be stored into such file.
-
18. A method for cryptographic process comprising:
-
supplying a key device including a cipher engine that encrypts or decrypts data from a host; and a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and supplying a storage medium storing a computer program for creating in the host a file that behaves like a disk drive to an operating system of the host, and for translating accesses to this file by the host into commands, wherein the cipher engine performs encryption and/or decryption of data from such file and/or to be stored into such file in response to the commands.
-
-
19. A method for cryptographic process comprising:
-
supplying a key device including a cipher engine that encrypts or decrypts data from a host; and a storage for storing cipher keys used in encryption and/or decryption of the data from the host, wherein said device does not store the data that is encrypted or decrypted by the cipher engine; and supplying information for obtaining a computer program for creating in the host a file that behaves like a disk drive to an operating system of the host, and for translating accesses to this file by the host into commands, wherein the cipher engine performs encryption and/or decryption of data from such file and/or to be stored into such file in response to the commands.
-
- 20. A computer readable storage medium storing a computer program for use in a computing system having a memory and an operating system, wherein when the computer program is executed by the computing system, a file that behaves like a disk drive to the operating system of the system is created in the memory of the system for storing encrypted information sent to it by a key device that is connected to the system and that performs cryptographic processes, and accesses to this file by the system are translated into commands, wherein when a command to read or write is issued by the system to the file, the computer program when executed by the system will cause a cipher engine in the key device to perform encryption and/or decryption of data from such file and/or to be stored into such file.
Specification