Cryptographically protected paging system
First Claim
1. A method comprising:
- importing encrypted incoming information into a physically secure environment from an external storage unit of a physically insecure environment;
decrypting the encrypted incoming information within the physically secure environment;
calculating an integrity check value for the incoming information within the physically secure environment;
comparing the integrity check value of the incoming information with a previously storedintegrity check value corresponding to the incoming information from within the physically secure environment;
discarding the incoming information when the calculated integrity check value does not match the previously stored integrity check value of the incoming information;
storing the incoming information within the physically secure environment when the calculated integrity check value matches the previously stored integrity check value of the incoming information; and
processing the stored, incoming information within the physically secure environment.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.
-
Citations
14 Claims
-
1. A method comprising:
-
importing encrypted incoming information into a physically secure environment from an external storage unit of a physically insecure environment; decrypting the encrypted incoming information within the physically secure environment; calculating an integrity check value for the incoming information within the physically secure environment; comparing the integrity check value of the incoming information with a previously stored integrity check value corresponding to the incoming information from within the physically secure environment; discarding the incoming information when the calculated integrity check value does not match the previously stored integrity check value of the incoming information; storing the incoming information within the physically secure environment when the calculated integrity check value matches the previously stored integrity check value of the incoming information; and processing the stored, incoming information within the physically secure environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification