End-user costs are a concern in connection with maintaining the security of electronic data. End-user costs refer to the collection of tangible and intangible burdens that an end user must endure in order to access the electronic data, yet maintain the security of the data. In some cases, security is maintained by binding the data to an electronic device which processes the data so that the data cannot be processed on a different electronic device. In some cases, security is maintained by storing the data in a manner that prevents the data from being disclosed and/or modified. And, in some cases security is maintained by detecting attempts to process, disclose, modify, or access the data in an unauthorized manner.
Often times, an electronic device that implements some sort of data-security style will be less user friendly than similar devices that do not implement data security or that implement a lower level data-security style. The reduction in user friendliness may be attributed to additional procedures, activities, steps, and time required for causing the electronic device to process the secure data and an increased likelihood that a user will not be able to access the secure data at all. In some situations, the reduction in user friendliness may be attributed to human security procedures that surround the use of the electronic device. Regardless, the implementation of a given security style often leads to end-user costs associated with blocked data access, increased frustration, increased time, reduced productivity, increased expenses for acquiring, operating, and maintaining secure electronic devices, and other security-related costs.
Often, an electronic device is designed to implement a particular data security style. The design process results in a sharp balance being struck between security level and end-user costs. One technique for striking this balance is to determine the end-user costs that may be tolerated, and then design the electronic device to implement as high a level of data security as is compatible with the tolerable end-user costs. Another technique for striking this balance is to determine a required level of data security, and then design the electronic device to implement as low a level of end-user costs as is compatible with the required data security level. Regardless of the technique, a need exists for increasing the level of data security provided by a given end-user cost.
While different industry groups have attempted to define standards with respect to data security for specific data processing applications, the implementation of data security across a variety of different applications is far from standardized. Different data processing applications have vastly different data security needs. Consequently, the balance between data security levels and end-user costs is likely to be struck differently for different applications. For example, a point-of-sale terminal may have different data security requirements from a cellular telephone, and both of these applications may have different data security requirements from a digital media player.
Conventional electronic components and devices intended for use in data security applications have been designed to provide a limited range of security levels. Accordingly, components and devices which may be suitable for one application can be entirely unsuitable for other applications. A wide proliferation of proprietary data-security components and devices for niche markets has developed. In other words, data-security applications have failed to experience the cost, reliability, ease-of-use, and other benefits achievable through mass market manufacturing techniques and experienced in connection with data processing applications that are not as security sensitive.
Moreover, conventional electronic components and devices intended for use in data security applications have been designed to provide static security levels. In other words, if a conventional device is asked to perform both a higher-level security-sensitive application and a lower-level security-sensitive application, security techniques suitable for the higher-level security-sensitive application are likely to be implemented for the entire device. This conventional technique unnecessarily increases end-user costs for the lower-level security-sensitive application. For example, a device configured to implement security appropriate for a higher-level application may become unusable if data tampering is detected, preventing even the lower-level security-sensitive application from being usable.
Accordingly, a need exists for an encryption apparatus that can benefit from mass-market manufacturing techniques, that can accommodate a wide range of security levels, that can accommodate dynamic security levels, and/or that can accommodate increased levels of data security without increased end-user costs.