As known, an electronic apparatus such as a mobile device, smart-phone, a tablet, a phablet, a net-book or a notebook includes an operative system, for example, Windows 8, iPhone OS, or Android OS, which manages access to data stored in a memory of the electronic device.
Some of the above operative systems manage a multi-user interface or multi-user profile for separating data stored in the memory and belonging to different users. For instance, each time a user is registered in the electronic apparatus, the operative system associates to the user a corresponding set of folders and subfolders. Thus, several users having access to the electronic apparatus, share the same memory as hardware, but have a dedicated portion of such a memory corresponding to their set of folders and sub-folders storing their data, preferably in a logical or virtual portion of the memory.
However, the above mentioned electronic apparatus may not typically have a security-system for protecting user personal data, such as personal files, SMS messages, emails, etc.
For example, in MS Windows, each user has his own workspace, e.g. corresponding to the folder ‘ . . . \ Documents and Settings’, including all data, files and settings of a single user. However, such a separation is just for organization and not really for security. For instance, a user with administrator privileges has access to all the folders and sub-folders of all the users, and thus to all their files. Moreover, if the mass storage is accessed using another O.S., all the data of all users may be read.
Furthermore, some other operating systems may not support a multi-user interface, and, thus do not provide logical or virtual separation for different users. Thus, electronic apparatuses with such system cannot prevent that data of a user being read by another user.
On the other hand, a method for protecting the access to data through encryption is known, in which the whole content of the mass storage device is encrypted to avoid any access to the data mass storage. For example, MS Windows Vista implemented a “BitLocker Drive Encryption”, which is derived from specifications of the Trusted Computing Group.
However, these methods have some other limitations. First of all they are based on dedicated hardware, i.e. a TPM (Trusted Platform Module) chip. An electronic apparatus without or incompatible with such dedicated hardware cannot protect the access to data.
Moreover, a brute force attack which decrypts the whole memory content deprives all data of all the users from protection. Indeed, “BitLocker Drive Encryption” has been designed mainly for anti-piracy and not for user's data security.
Furthermore, encrypting all the memory content is time consuming and slows down the read or write operations, especially when accessing data which does not require protection. At last, if the TMP is stolen together with the device, all the data of all the users may be decrypted and read.
A shortcoming of the prior art is to provide a method to access data in an electronic apparatus which prevents the user of the apparatus from reading data associated with another user of the apparatus, independently from the access rights or level or roles defined in the electronic apparatus for such users.