1. Field of the Invention
This invention relates to apparatus and methods for computer security and to the prevention of unauthorized reading or altering of computer data by individuals or programs operating on a computer or a computer network.
2. Description of the Prior Art
This invention addresses two major areas of computer security for both individual computers and networked computer systems: (1) protection of programs and data at the place where they are stored, and (2) secure exchange of data and programs between computers and computer users.
Protecting computer data and programs from unauthorized copying, destruction, or alteration is a major concern for governmental agencies, businesses, educational institutions, and individual users. In addition to protecting valuable data from spies or malicious programmers, there is a need to protect data from computer "virus" programs which can infect a system and cause damage at some later date. Numerous computer security programs have been written to provide a large variety of features to protect computer data. These include such features as password protection, restricted access to specified files, limited menu options, checksum verification, and scanning for known virus programs or virus-like activities. The major shortcoming of these computer security programs is that they must operate within the computer's working memory space, its RAM. This means the security software is susceptible to other forms of software which can defeat the program's security measures.
Software protection of computer data can be enhanced by the use of specialized computer hardware that provides additional security functions. In U.S. Pat. Nos. 5,144,659 and 5,289,540, Jones teaches a security method wherein a hard drive controller provides extra security functions. In U.S. Pat. No. 5,434,562, Reardon teaches the use of CPU-independent, user activated key lock switches by which an CPU-independent security controller can be configured and reprogrammed in a secure fashion. These inventions illustrate a method of enhancing security by making some security functions independent of the CPU. In Reardon's invention, these hardware secured parameters require a user to insert and activate a CPU independent hardware switch to change or alter the security parameters. Since this switch is CPU independent, it is impossible for this hardware security device to be bypassed or defeated by software or keyboard programming.
The second major area of concern in the field of computer security revolves around the area of secure communication in the exchange of data. This field of security requires an ability to encrypt data, to limit access to intended persons, to verify the accuracy of transmissions, and to verify the identity of the sender. One popular technique employs the use of asynchronous encryption keys. This technique is based on the use of public/private key-pair encryption system wherein two binary strings (one serving as a "public key" and the other as a "private key") are used to encrypt and decrypt data. Anything encrypted with one key can only be decrypted by the other. The public key is "published" or at least accessible to intended recipients of data. The private key is never revealed but is held only by owner of that key. To send a private message, the sender encrypts a message using the receiver's public key. Since only the receiver possesses the matching private key, only the receiver can decrypt the message.
To send proof of one's identity, the sender encrypts a message using his own private key. This message can only be decrypted using the sender's public key. Thus, any receiver who has access to the public key can verify that the message was sent by the person who possesses the matching private key. In this way, the receiver can use non-confidential information, the public key, to verify that the sender possesses the corresponding private key, thus confirming the identity of the sender as that corresponding to public key.
Many additional cryptographic techniques, well known in the art, can be used to enhance this general scheme. For example, proof of the identity of the party associated with a public key can be certified by a private or governmental authority who issues said party a an electronic "Digital Certificate." Also, the integrity of data transmissions can be verified by the use of "hashing" formulae that create a short message digest similar to a check sum. In these ways, for example, financial transactions and the like can be electronically, securely, and and privately transmitted to the intended party (using the receiver's public key), including a digital signature (using the sender's private key), verification of the sender's of identity (using a Digital Certificate), and verification of the message content (using the hashed message digest). To guard against the accidental loss of a private key, or to recover corporate data in the event of a key owners death or disability, private keys can be split into multiple parts that are placed in "escrow" with two or more separate parties. In the event of loss or disability, the escrow agents can provide to the authorized receiver their escrowed portions of the key so that it can be reassembled and used to recover files encrypted with its associated public key. These and other encryption techniques, known to those skilled in the art, can be implemented with the present invention.
The use of asynchronous keys, or public/private key pairs, has been further enhanced by the use of portable electronic devices, often referred to as "tokens," that store the asynchronous key in electronic memory and protect it from unauthorized use by means of a personal identification number (PIN). Tokens may include both memory for storage of keys and encryption processors for encrypting data. These technologies make the private portion of the asynchronous key pair more secure because it does not reside on the computer where the data is created. In addition, the token can be easily transported, like an ID card. The "key" to the data can therefore be stored away from the data, thus enhancing security. To access files encrypted using the owner's public key, a corporate spy would need to (1) gain access to the encrypted files, (2) find and steal the token and (3) discover the owner's PIN which makes the token functional.
One disadvantage of the encryption tokens described above is that they are relatively expensive because of the substantial electronics required for each token. In addition, while these tokens provide excellent security in the exchange of data, they cannot directly protect the storage area where the data is stored from being erased or altered by computer viruses or sabotage.
It was with knowledge of the foregoing disclosures representative of the state of the art that the present invention was conceived and has now been reduced to practice.