Apparatus and a method for security authorization using a security key installed on removable media

US 6,944,769 B1
Filed: 08/10/2000
Issued: 09/13/2005
Est. Priority Date: 08/10/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the method comprising the steps of:

temporarily coupling said removable media to said controller;

retrieving, by said system, a security key from the removable media, said security key being exported out from said removable media and into said system;

reading an encrypted block of data, that is intended to be stored in storage in said system, from the removable media and into said system;

prior to said encrypted block of data being received by said storage within said system;

decrypting the encrypted data using the security key, andre-encrypting the decrypted data using the security key to produce a new data; and

forwarding, to said storage within said data processing system, the original encrypted data if the original data and the new data are identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and a method in a data processing system are provided for insuring the security of data accessed from removable media. Normal virus scanning occurs after data is loaded into the main memory, but infection by a virus may have already occurred by this time. Therefore, it would be beneficial to check for possible virus infection before the data is transferred to main memory. A security key is read from the removable media. As encrypted data is read from the device, it is decrypted using the security key and then re-encrypted using the same security key to produce new data. The original data is accepted and sent to main memory if it is identical to the new data produced by decryption and re-encryption. If the two sets of data are not identical, then the data transmission from the device is aborted and all data on the removable media is rejected. The decryption/re-encryption checking is performed in hardware and so it can occur in real time. This hardware could be on the device controller, a separate security card, the mother board, or anywhere along the data path from the device controller to the main memory.

Citations

18 Claims

1. A method in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the method comprising the steps of:
- temporarily coupling said removable media to said controller;
  
  retrieving, by said system, a security key from the removable media, said security key being exported out from said removable media and into said system;
  
  reading an encrypted block of data, that is intended to be stored in storage in said system, from the removable media and into said system;
  
  prior to said encrypted block of data being received by said storage within said system;
  
  decrypting the encrypted data using the security key, andre-encrypting the decrypted data using the security key to produce a new data; and
  
  forwarding, to said storage within said data processing system, the original encrypted data if the original data and the new data are identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein hardware to perform decryption, re-encryption, and message comparison is on said controller.
  - 3. The method of claim 1, wherein hardware to perform decryption, re-encryption, and message comparison is on a separate security card.
  - 4. The method of claim 1, wherein hardware to perform decryption, re-encryption, and message comparison is on a data path from said controller and said storage.
  - 5. The method of claim 1, wherein the decryption, re-encryption, and comparison of the data is performed in real time.
  - 6. The method of claim 1, further comprising the step of if the encrypted data and the new data are not identical, aborting reading from the removable media and sending an error signal to an operating system.

7. An apparatus in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the apparatus comprising:
- said removable media temporarily coupled to said controller;
  
  a security means in said data processing system for retrieving a security key from the removable media, said security key being exported out from said removable media and into said system;
  
  an accessing means for reading an encrypted block of data, that is intended to be stored in storage in said system, from the removable media and into said system;
  
  prior to said encrypted block of data being received by said storage within said system;
  
  an encryption means for decrypting the encrypted data using the security key; and
  
  an encryption means for re-encrypting the decrypted data using the security key to produce a new data; and
  
  forwarding means for forwarding, to said storage within said data processing system, the original encrypted data if the original data and the new data arc identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7 wherein the encryption means is implemented in hardware to perform decryption, re-encryption, and message comparison is on said controller.
  - 9. The apparatus of claim 7 wherein the encryption means is implemented in hardware to perform decryption, re-encryption, and message comparison is on a separate security card.
  - 10. The apparatus of claim 7, wherein the encryption means is implemented in hardware to perform decryption, re-encryption, and message comparison is on a data path from said controller and said storage.
  - 11. The apparatus of claim 7, wherein the decryption, re-encryption, and comparison of the data is performed in real time.
  - 12. The apparatus of claim 7, further comprising if the encrypted data and the new data are not identical, the accessing means stopping reading from the removable media and sending an error signal to an operating system.

13. A computer program product in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the computer program product comprising:
- said removable media temporarily coupled to said controller;
  
  instructions for retrieving, by said system, a security key from the removable media, said security key being exported out from said removable media and into said system;
  
  instructions for reading an encrypted block of data, that is intended to be stored in storage if said system, from the removable media, and into said system;
  
  prior to said encrypted block of data being received by said storage within said system;
  
  instructions for decrypting the encrypted data using the security key; and
  
  instructions for re-encrypting the decrypted data using the security key to produce a new data; and
  
  instructions for forwarding, to said storage within said data processing system, the original encrypted data if the original, data and the new data are identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, wherein instructions to perform decryption, re-encryption, and message comparison are implemented in hardware on said controller.
  - 15. The computer program product of claim 13, wherein instructions to perform decryption, re-encryption, and message comparison are implemented in hardware on a separate security card.
  - 16. The computer program product of claim 13, wherein instructions to perform decryption, re-encryption, and message comparison are implemented in hardware on a data path from said controller and said storage.
  - 17. The computer program product of claim 13, wherein instructions for decryption, re-encryption, and comparison of the data are performed in real time.
  - 18. The computer program product of claim 13, further comprising if the encrypted data and the new data are not identical, instructions for aborting reading from the removable media and sending an error signal to an operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
International Business Machines Corporation
Inventors
Daniels, Scott Leonard, Neal, Danny Marvin, Ng, Yat Hung
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Colin, Carl G.

Application Number

US09/637,320
Time in Patent Office

1,860 Days
Field of Search

713/200, 713/193, 713/188, 713/201, 713/167, 713/194, 380/277, 711/163, 235/380, 705/51, 705/57
US Class Current

713/188
CPC Class Codes

G06F 21/51 at application loading time...

Apparatus and a method for security authorization using a security key installed on removable media

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and a method for security authorization using a security key installed on removable media

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links