1. Technical Field
The present invention relates generally to an improved computer security and in particular to an apparatus and a method to improve security on removable media. Still more particularly, the present invention provides an apparatus and a method for using a security key to check for virus infection for data stored on removable media before the data is transferred to the computer memory.
2. Description of the Related Art
Protection of a computer system from virus infection is vitally important for the integrity of computing. One common source of infection is removable media, such as floppy disks, ZIP disks, tape drives, or removable hard drives. Now that it is possible to “hot swap” hard drives, it is becoming more common for a user to take his applications and data with him for use on a remote computer system. Unfortunately, this is a common means by which a virus can be transferred from one computer system to another computer system. Infection can occur the other direction too with the remote machine infecting the removable media that then transfers the infection back to the home machine.
Virus detection software can scan the data once it arrives in memory, but that may be too late to prevent infection. U.S. Pat. No. 5,991,401, entitled “Method and System for Checking Security of Data Received by a Computer System within a Network Environment,” describes a method to check for data infection before sending the data to memory. It is assumed a security key is known at the time the data arrives. In U.S. Pat. No. 5,991,401, there is hardware on a network interface card that decrypts the incoming data and then re-encrypts the decrypted data to produce a new set of data. If this new set of data does not match the original data, then the data is rejected as possibly being infected. If the two sets of data match, then the packet is passed on to the computer memory.
There are a variety of data encryption techniques that may be used to secure data transfers. Data Encryption Standard (DES) is based on use of a symmetric private key with the level of security varying according to key length, typical lengths ranging from 56-bit DES to 256-bit DES.
The technique outlined above works for network data with hardware built onto the network interface card. However, it provides no help for data stored on removable media. Therefore, it would be advantageous to have an apparatus and a method that allows for checking data on removable media for possible virus infection before this data is transferred to the computer memory.