Method and apparatus for selectively denying access to encoded data
First Claim
1. A method for selectively denying access to encoded data, said method comprising the steps of:
- loading an encryption key into a mission planning workstation at a first location;
connecting a media device to said mission planning workstation;
loading said encryption key from said mission planning workstation into said media device;
encrypting sensitive data using said encryption key;
loading the encrypted data onto the media device;
loading unencrypted data onto a media device, wherein data necessary to enable a target portable computing device associated with a vehicle to return to a location selected as a mission end location remains unencrypted;
disconnecting said media device from the mission planning workstation;
connecting a media device to the target portable computing device;
powering up the target portable computing device, thereby enabling it to execute a desired program or process;
transferring said encryption key to volatile memory from said media device;
transporting the target portable computing device and media devices to a location physically distant from the mission planning workstation;
deleting said encryption key from said media device in response to said transport step;
maintaining said encryption key only in volatile memory after said deleting step; and
deleting the encryption key from volatile memory resident on the target portable computing device responsive to an operator;
orautomatically deleting the encryption key from volatile memory resident on the target portable computing device in the event of a loss of power to the target portable computing device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system is provided for selectively denying access to encoded data. Encryption is used to protect secured data on any of a number of media devices in a system and in which unsecured data is not encrypted. The classified data is encrypted and then transmitted for storage on the medium. The encryption key is stored only in volatile memory on the target device connected to the medium during a mission. The encryption key is known only in a location physically distant from the target device during a mission. Resources are provided for mission personnel to immediately delete the encryption key from volatile memory upon perceiving a threat, as well as causing automatic deletion of the encryption key upon a power loss to the target device in order to make the encrypted data unavailable to any personnel (whether authorized or not) at the location of the target device.
-
Citations
11 Claims
-
1. A method for selectively denying access to encoded data, said method comprising the steps of:
-
loading an encryption key into a mission planning workstation at a first location; connecting a media device to said mission planning workstation; loading said encryption key from said mission planning workstation into said media device; encrypting sensitive data using said encryption key; loading the encrypted data onto the media device; loading unencrypted data onto a media device, wherein data necessary to enable a target portable computing device associated with a vehicle to return to a location selected as a mission end location remains unencrypted; disconnecting said media device from the mission planning workstation; connecting a media device to the target portable computing device; powering up the target portable computing device, thereby enabling it to execute a desired program or process; transferring said encryption key to volatile memory from said media device; transporting the target portable computing device and media devices to a location physically distant from the mission planning workstation; deleting said encryption key from said media device in response to said transport step; maintaining said encryption key only in volatile memory after said deleting step; and deleting the encryption key from volatile memory resident on the target portable computing device responsive to an operator;
orautomatically deleting the encryption key from volatile memory resident on the target portable computing device in the event of a loss of power to the target portable computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for selectively denying access to encoded data, comprising:
-
a selected encryption key, the key being of a number of bits sufficient to deter compromise of sensitive data to a desired difficulty level; a target portable computing device loaded onto a land, sea, air or space vehicle, the target portable computing device used for mission specific tasks and having connections for at least one media device, wherein sensitive encrypted data and/or unencrypted benign data is to be loaded on the at least one media device depending on mission parameters, the target computing device comprising; means to delete the encryption key from volatile memory resident on the target portable computing device in the event of a threat, whether perceived or real responsive to an operator; and means to automatically delete the encryption key from volatile memory resident on the target portable computing device in the event of a loss of power to the target portable computing device; a mission planning workstation connected to at least one media device during loading and encryption of sensitive data, and loading of unencrypted benign data, wherein the encryption key is loaded into the at least one media device and erased from said at least one media device after commencement of the mission, wherein after sensitive data is encrypted on at least one media device connected to the mission planning workstation, each of the at least one media devices are connected to the target portable computing device and the encryption key is resident only in volatile memory on any media device connected to the target portable computing device after mission commencement, and wherein sufficient unencrypted data resides on at least one media device connected to the target portable computing device to enable the mission vehicle to return to a selected mission end location in the event that the encryption key is deleted from volatile memory on the target portable computing device during the mission. - View Dependent Claims (11)
-
Specification