The invention is related generally to data security and, more particularly, to the secure transport of data.
The practical difficulties of the coordinated management of different systems and components for the security of data, as well as systemic failures to protect against both known and previously unrecognized security attack approaches, contribute to the vulnerabilities to security breaches of systems, components, and networks. Protecting sensitive and confidential data, such as social security numbers, financial information, project plans, vendor lists, future product development plans, schedules, and other data, is of primary importance. In many cases, such data must be transported from one location to another, yet must be kept secure. Managing the security features for all components of a system involved in transporting data, such as local computers, data storage devices, data transport devices, host computers, networks, main frames for example, can be a difficult task.
One particularly common occurrence is the need to transport data to another location for discussion or support purposes. For example, people asked to make a presentation at a confidential meeting in a remote location may need to transport the necessary sensitive data to be presented. A laptop computer may seem to be a good choice for transporting and presenting that data. On the other hand, if the remote location has the necessary computer and software to make the presentation, the best choice may appear to be simply transporting the data on a portable non-volatile data transport device, such as a flash drive, that can be used with the computer and software at the meeting location.
Further security difficulties arise with the transport of sensitive data on portable, non-volatile data transport devices, such as laptops, flash drives, portable hard drives, and others. Such devices are easier targets of theft and are easily lost due to their small size. Portable devices are not subject to a secure environment as are main frames and desktop devices kept in secure office buildings or laboratories and are therefore much more easily stolen. Once the portable data transport device is stolen, the thief can attempt to retrieve the data residing therein in a controlled environment. Even if the portable data transport device was lost for a reason other than theft, the finder of that device may desire to recover the data on it. While it is likely difficult to avoid a certain level of theft or loss just due to the small size and portable nature of the data transport devices themselves, it would be desirable to make retrieval of the data stored in such portable devices more difficult, if not impossible. Hence, the employment of security features on a portable data transport device would be desirable so that even if lost or stolen, the data transported on the data transport device cannot be read by anyone but its owner.
Laptop computers are portable and portable data transport devices such as flash drives that are used by the laptop computers and desk-top computers are commonly used today for the transport of confidential data. As with other data transport devices, data security has become a critical issue with flash drives, particularly when data is being physically transported. Thousands of laptop computers and flash drives are stolen every day. Sometimes data thieves set out to steal specific confidential data, which becomes compromised when it falls into the wrong hands. Theft of such data can wreak havoc on trust, reputation, and the ability to carry out a mission. Even the perception of a data assault may be damaging, sometimes irreparably. A higher level of protection for such portable data transport devices has been a goal for those of skill in the art. While personnel who are in charge of such portable data transport devices may undergo specific training on avoiding data theft, such efforts are likely to yield limited improvement in keeping data secure. Additionally, those skilled in the art have directed efforts toward making data more difficult to retrieve from such data devices.
Conventionally, security protections are implemented variously as password challenges and data and connection filters layered over the core functionality of an existing computer system or data memory component. The conventional implementation of security functions in software in computer systems and network components implicitly recognizes the inherent complexity of establishing robust security mechanisms. For example, there has been a very practical need to frequently apply patches to close both previously unrecognized and newly emergent vulnerabilities. While patches may be successful for the particular vulnerability, they add complexity to a system and yet another vulnerability may appear and require further security efforts. On the other hand, providing a system designed from the beginning with data security in mind and in which data security features have formed the very foundation of the data memory system would be desirable. Complexity could be substantially lessened when the architecture of a device; i.e., the integration and design of the hardware, firmware, and software of the device, has a primary purpose of protecting the data transported by such a device, yet is also designed to provide the necessary functionality and ease of use.
In designing data security systems, it is also important that data transport devices used to transport sensitive data be relatively easy to use and that they be usable on a wide range of different host computers. Such host computers may be in different locations of the world and may be obtained from different manufacturers having different hardware and software configurations. However, many host computers today have a powered universal serial bus (USB) interface and utilize Microsoft Windows® as the operating system. This provides a common basis for which a portable data transport device usable to transport data may be designed. Using security features in a portable data transport device that would require a host computer to have an atypical configuration, such as requiring the existence of certain security software to be run in addition to the Microsoft Windows® operating system for example, is undesirable due to the need to transport data to many different locations and the possible unavailability of such security software in the configuration of the host computer. Thus, providing more effective security features but at the same time not raising the configuration requirements for host computers are highly desirable.
Passwords are commonly used to maintain the confidentiality of such data and are meant to limit access to only those persons who are authorized to have access. However passwords can be cracked by unauthorized users. Short passwords are easier to crack than longer passwords. Also, passwords are frequently based on a birth date, phone number, or some other some other available information that is simple to guess and are therefore not secure. Even a complicated, randomly generated password can often be readily stolen. Password cracking has been found to be effective against short passwords, dictionary words, user names, relatives' names, social security numbers, employee numbers, and other personal information. Password-based data accessing systems based on such vulnerable passwords are thus vulnerable to criminal attack with resultant risk and damage to industry and the economy and even to people's lives.
Stronger password systems have been devised in which a password cannot be assigned unless it has a certain minimum length and includes mixed symbols and letters, or mixed numbers with letters, or is based on a short phrase. Enforcing a requirement for such stronger passwords has resulted in systems that are less likely to be cracked. Thus password systems can provide a certain level of security, although their use has vulnerabilities.
Another protective measure taken to keep data secure is encryption. In general, encryption is the process of transforming data using a cipher to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. Without the proper key, the encrypted data can be decrypted into a usable format only with a substantial investment of time and processing resources, and even then, only if certain characteristics of the unencrypted data are known (or at least are predictable). Successfully using encryption alone to ensure security can be a challenging problem. While strong ciphers can be devised, a single error in the design of the system or the execution of encryption can allow successful attacks. Also, having the key in the same location as the encrypted data can provide a vulnerability unless a further protection measure is taken.
Simply encrypting data is restrictive in that there may not exist any convenient manner to handle the portability of the data while maintaining the integrity and security of the data. For example, the data may be encrypted and reside or be transferred to a portable storage medium such as a flash drive, a compact disk, a portable hard drive, a floppy disk, or other. If the encrypted data is transported to another host computer, there does not exist a convenient process to decrypt the data for use while simultaneously safeguarding data integrity and data security. The encryption key must somehow be communicated to the next host computer which may enable decryption by an unauthorized person. Carrying the decryption key with the data is unwise due to possible theft and places more of a burden on the person transporting the data storage device.
Encryption also offers a higher level of security to data; however its effectiveness can likewise be compromised when it is simply included as an additional security layer in an already-existing computer or network system. While encryption systems can provide a high degree of security, ease of use is also of primary importance. As a result, those skilled in the art have recognized the value of encryption in securing data undergoing transport, but a further need exists for making the encryption/decryption process more convenient. At the same time, making that process more convenient may compromise the security provided by the encryption technology.
Another data protection technique that has been developed is user authentication such as by use of a biometric system. Such systems are designed to identify a personal characteristic of a user, such as a fingerprint or retina, and store that characteristic in a data transport device. Upon desiring access, the user must scan that personal characteristic. The biometric system then compares that scanned personal characteristic to the stored personal characteristic. If the scanned and stored characteristics are identical, access is permitted by the biometric system. A high degree of security is provided by such systems; however they too have vulnerabilities. Unfortunately, some such biometric authentication systems can also be rendered ineffective by various means, such as by physically swapping components on a data transport device, or by resetting the operating system, or by other means.
As one example of a vulnerability, a laptop computer may have a biometric fingerprint reader installed in the computer that denies access to use of the computer unless the fingerprint of the user attempting to access the computer matches a fingerprint stored in a data base in the laptop computer. However, simply removing the hard drive from that computer and installing it in another computer has been found to permit access to all data stored on that hard drive. In this example and others, the simple substitution of hardware components can be used to overcome certain security systems.
As with the other security systems described above, the biometric system has strengths and weaknesses. While these security systems can provide a degree of security over stored data, each fails to establish a comprehensive security system. Many systems remain particularly vulnerable to basic Trojan [horse] attacks for obtaining passwords and encryption keys, thereby permitting complete conversion of the security systems to support inappropriate access to and modification of the stored data. Furthermore, these systems by themselves may provide no protection against the execution of user-mode programs that may exploit vulnerabilities in the operating system to gain unlimited root or administrator control over the operating system. An intruder can then either directly circumvent the kernel password and encryption mechanisms or breach the security of the password and encryption key management systems to obtain the passwords and keys. In either case, the intruder again obtains unencumbered access to the ostensibly secured stored data over the heightened encryption-based security capabilities with little greater difficulty than exploiting the typically limited security protections afforded by the operating system itself.
Adding one or more of these security systems to an already-existing system can increase complexity and cause unrecognized security vulnerabilities while obtaining only a small incremental increase in security. While it would be desirable to incorporate at least two layers of data protection security in a portable data transport device, it would be preferable if the basic architecture of the portable data transport device were designed so as to fully integrate such security features with the basic data transport operation such that they are primary components.
Hence, those skilled in the art of data security have recognized a need for a more secure data transport system. A need has further been recognized for a portable data transport device in which the basic architecture of the device fully integrates multiple security systems with the data memory and handling operations. The present invention fulfills these needs and others.