Conventional handheld computing devices are becoming more popular. They were initially used primarily for note taking and as appointment reminders, but they are gradually becoming more versatile.
The conventional handheld computing devices typically have limited amounts of storage capacity, so many of them now support removable media in the form of multimedia cards and memory sticks®. For example, the Sony CLIE™ uses removable memory sticks® ranging in size from 8 MB up to 128 MB.
With the introduction of these removable media types, it becomes possible for the end user to store large amounts of data. Some of this data may be of a confidential nature and/or include copyrighted material, and the end user may wish to restrict access to this data to a specific authorized user or class of users. The current generation of secure media attempts to address this problem by requiring authentication by the user. However, these secure media devices implement a type of security where the file is visible in an encrypted form even without authentication. This is undesirable because the encrypted data might still be decrypted using a brute-force “try all permutations” type approach. Further, encrypted keys or passwords needed to decrypt the encrypted data may also be visible without authentication and therefore subject to decryption without user authentication.
For example, referring to FIG. 1, a block diagram illustrating an embodiment of a conventional handheld computer device 105 communicatively coupled to a conventional removable secure media card 145 is shown. The computer device 105 includes an application 110, file system 120, authentication engine 130, and an authentication graphical user interface 140 (GUI), which all reside in memory (not shown) of the computer device 105. The card 145 includes an authentication database 150, sector driver 160, and physical media 170.
The secure media card 145 protects data by keeping the authentication database 150 on the card 145 and by encrypting the database 150. This design protects the authentication database 150 by preventing authentication codes and encrypted passwords in database 150 from being compromised. However, the secure media card 145 itself is accessed by sectors, and does not know which sectors belong to protected and unprotected files, so it cannot perform access checks at the sector level. Therefore, the raw encrypted data is accessible at the sector level.