Apparatus and a method for security authorization using a security key installed on removable media
First Claim
1. A method in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the method comprising the steps of:
- temporarily coupling said removable media to said controller;
retrieving, by said system, a security key from the removable media, said security key being exported out from said removable media and into said system;
reading an encrypted block of data, that is intended to be stored in storage in said system, from the removable media and into said system;
prior to said encrypted block of data being received by said storage within said system;
decrypting the encrypted data using the security key, andre-encrypting the decrypted data using the security key to produce a new data; and
forwarding, to said storage within said data processing system, the original encrypted data if the original data and the new data are identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and a method in a data processing system are provided for insuring the security of data accessed from removable media. Normal virus scanning occurs after data is loaded into the main memory, but infection by a virus may have already occurred by this time. Therefore, it would be beneficial to check for possible virus infection before the data is transferred to main memory. A security key is read from the removable media. As encrypted data is read from the device, it is decrypted using the security key and then re-encrypted using the same security key to produce new data. The original data is accepted and sent to main memory if it is identical to the new data produced by decryption and re-encryption. If the two sets of data are not identical, then the data transmission from the device is aborted and all data on the removable media is rejected. The decryption/re-encryption checking is performed in hardware and so it can occur in real time. This hardware could be on the device controller, a separate security card, the mother board, or anywhere along the data path from the device controller to the main memory.
-
Citations
18 Claims
-
1. A method in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the method comprising the steps of:
-
temporarily coupling said removable media to said controller; retrieving, by said system, a security key from the removable media, said security key being exported out from said removable media and into said system; reading an encrypted block of data, that is intended to be stored in storage in said system, from the removable media and into said system; prior to said encrypted block of data being received by said storage within said system; decrypting the encrypted data using the security key, and re-encrypting the decrypted data using the security key to produce a new data; and forwarding, to said storage within said data processing system, the original encrypted data if the original data and the new data are identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the apparatus comprising:
-
said removable media temporarily coupled to said controller; a security means in said data processing system for retrieving a security key from the removable media, said security key being exported out from said removable media and into said system; an accessing means for reading an encrypted block of data, that is intended to be stored in storage in said system, from the removable media and into said system; prior to said encrypted block of data being received by said storage within said system; an encryption means for decrypting the encrypted data using the security key; and an encryption means for re-encrypting the decrypted data using the security key to produce a new data; and forwarding means for forwarding, to said storage within said data processing system, the original encrypted data if the original data and the new data arc identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product in a data processing system for implementing security for a removable media, said system including a device controller within said system, said system reading data from and writing data to said removable media when said removable media is removably coupled to said controller, the computer program product comprising:
-
said removable media temporarily coupled to said controller; instructions for retrieving, by said system, a security key from the removable media, said security key being exported out from said removable media and into said system; instructions for reading an encrypted block of data, that is intended to be stored in storage if said system, from the removable media, and into said system; prior to said encrypted block of data being received by said storage within said system; instructions for decrypting the encrypted data using the security key; and instructions for re-encrypting the decrypted data using the security key to produce a new data; and instructions for forwarding, to said storage within said data processing system, the original encrypted data if the original, data and the new data are identical, said original encrypted data being received by said storage only after a determination is made that said original data and said new data are identical. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification