1. Field of the Invention
The present invention relates to the field of data encryption and user authentication. More particularly, the present invention involves a system and method for transparently encrypting and decrypting digital data, wherein the encryption and decryption is managed in a biometrically secured process.
2. Description of Prior Art
Protecting sensitive computer data such as personal financial information, social security numbers, etcetera, is of the utmost importance to individuals, businesses, and the government. Sensitive data may be protected, in part, by isolating data storage devices, such as computer hard drives, from computer networks so that users at remote locations cannot “hack” into the sensitive data. Isolation does not protect the data, however, in the event such storage devices are physically stolen or directly accessed on-sight by a malefactor. Furthermore, in some situations it is impractical or impossible to isolate data from computer networks or to maintain it in a single, physically secure location.
An alternative method of protecting digital data is by use of encryption, which is the process of encoding information in such a way that only a person (or computer) with a proper key can decode it. Thus, even if an unauthorized person gains access to sensitive data, the data is safe so long as the person does not have the key. Most encryption schemes fall into one of two categories: symmetric and asymmetric.
In symmetric encryption schemes, each computer has a secret key, or code, that it uses to encrypt a packet of information before the packet is stored on a data storage device or is sent over a network connection to another computer. Each computer uses the key to decrypt a packet of information encrypted using the same key, even if the packet was encrypted and sent by another computer. Symmetric encryption requires each computer to have a copy of a shared private key, and therefore requires users to be aware of which computers will be communicating to ensure that each computer has a copy of the key. If the shared key is communicated via a network medium, it may be intercepted by a third party who is then able to use the key to decrypt encrypted data and information.
Asymmetric encryption schemes use both a publically-accessible key and a private key, and eliminate the need for a shared private key to ever be communicated between computers. An example is a system wherein two computers each have a public key and a private key. Each computer is able to generate an identical shared private key using its private key, its public key, and the other computer's public key.
Unfortunately, encryption suffers from various problems and limitations that render it unsatisfactory in many circumstances. Encryption software, for example, is time consuming to use and is often difficult to learn. Consequently, users may encrypt only a portion of the sensitive data they would otherwise protect—or may forego data encryption altogether—in order to avoid spending time using, or learning how to use, the software.
Furthermore, encrypting data in a portable device is susceptible to circumvention because the key is hidden on a data storage element on the device itself. Thus, a person who discovers the key has access to the encrypted data stored on the device.
Accordingly, there is a need for an improved system of encryption and decryption that does not suffer from the problems and limitations of the prior art.