Revolutionary changes in our communication vehicles brought about by the amazing growth of the Internet and the ever-increasing digitization of information, pose unprecedented threats to personal security and privacy. An increasing amount of sensitive information is now circulating in electronic form, including E-mails, facsimile messages, telephone conversations, fund transfers, trade secrets and other personal records. The same technological advances have brought enormous benefits to humankind, but also make us more vulnerable to unwanted and potentially dangerous snooping. A number of new applications for those computer storage devices have emerged, and many of these have a need for enhancing the overall security of information stored in the computer storage devices.
FIG. 1 to FIG. 3 are schematic diagrams of a secure storage device and operation of the same according to U.S. Pat. No. 6,880,054 to Cheng et al. The flash memory 4, as shown in FIG. 1, is divided into a number of different sections or zones. Typically, the flash memory is divided into two zones: zone 1 is for setting a software serial number, and zone 2 is used typically for storing a user's data. Besides, each zone has a unique password. Referring now to FIG. 2, it is a flow diagram showing the initial set-up of a password for zone 2 of the flash memory 4 by an end user. To set up the password for zone 2 the user plugs in 20 the device 10 into a USB port on the computer and communication 21 is established between the computer and the device 10. The user then runs the driver software and the driver software enters a password installation set-up mode 23 for zone 2. The user then enters 28 a password that they wish to use to prevent unauthorized access to zone 2 of the flash memory 4. The password entered is then encrypted 29 and stored 30 in the flash memory 4.
After an end user has performed the initial password set up procedure described above and shown in FIG. 2, when the user selects zone 2 to access data stored in the flash memory 4 (see FIG. 3), the micro-controller 3 sends a command to the computer to request 46 the user to enter the password for zone 2. When the user enters the password, the computer sends the password to the micro-controller 3. The micro-controller 3 retrieves the password for zone 2 from the flash memory 4, decrypts 47 the password and compares it with the password entered by the user. If the password entered by the user is incorrect, the operation returns to step 46 and the computer requests 46 the user for the password again. If the password entered by the user is correct, the user has access to zone 2 of the flash memory 4 to read data from the flash memory 4 and to write data to the flash memory 4. However, data can only be written to the flash memory 4 if the manual switch 7 is in the position to permit data to be written to the flash memory 4. In order to read or write data from or to the flash memory 4 a read or write command is sent 48 by the computer in USB format to the micro-controller 3. In response to the read or write command the micro-controller 3 either retrieves 49 data from the flash memory 4 and sends it to the driver 2 for conversion 50 to PC format and then to be output to the computer or receives data from the driver to write it to the flash memory 4. The micro-controller 3 then determines 51 whether the read or write operation is complete. If the operation is not complete it returns to step 49. If the operation is complete the operation terminates 52.
While U.S. Pat. No. 6,880,054 employs the method of comparing the user-supplied password and the stored password to limit access to the data in the flash memory, the disadvantage is that code breakers eventually decipher the password through “trial-and-error” time after time. Besides, once the flash memory 4 stored with the password is compromised or dismantled, malicious code breakers can easily access the data. Therefore, the prior art could not ensure the utmost confidentiality of the data in the storage device. Hence, there is a resulting need for a secure data access method to avoid potential leakage of the private data. Unlike conventional data access method, such as that of U.S. Pat. No. 6,880,054, the present invention takes a step ahead in enhancing the confidentiality of the digital data through generation of a password-based encryption key, and further encrypting the pre-stored data into ciphertext with the encryption key, to eliminate chances of intruders deciphering the key after many times of “trial-and-error”.