1. Field of the Invention
The present invention relates generally to encryption, and more particularly to recovery of encrypted data from a secure storage device.
2. Background Art
As data processing becomes ubiquitous, users are increasingly demanding that data be both mobile and secure. Although networks, such as the Internet, can transmit data from one computer to another, users often must identify and transmit the data they need to the proper destination. Unfortunately, the data may fail to be transmitted due to firewalls, proxies, spam blockers, size limitations, technical error, or human error. Further, it is not always practical for users to guess what data is needed at a future time and the location of the need. The data is also often routed through unsecure servers or network devices which can intercept the data and further compromise security.
As a result of these problems, users often load data on USB memory devices (e.g., a memory stick) and carry data with them. Unfortunately, USB memory devices can be stolen and accessed by thieves. Some USB memory devices have passwords which must be entered on the host computer before accessing the stored data. However, the password can be cracked (e.g., a brute force attack) and the data accessed.
Some USB memory devices lock the stored data after a predetermined number of password attempts have been made to prevent data theft. Unfortunately, the lock is often easy to reset. Further, the attacker may overcome the lock with a computer. In one example, the attacker copies the data and the lock stored in the USB memory device on a computer and attempts to enter the password. The lock may lock the copied data after the predetermined number of password attempts. The attacker may then delete the copied data and the copied lock from the computer, and recopy the data and the lock from the USB memory device to try again. This process can be repeated and automated until successful thereby inevitably accessing the data.
Although security measures may prevent unauthorized people from stealing data, the same security measures may prevent authorized people from legitimate access. In one example, the CIO of a company may encourage the issuance of USB memory devices with security measures to the employees of the company. However, the security on the USB memory devices may ultimately prevent the CIO or his agent from accessing data should one or more employees be unavailable.