This invention is in the field of information security, and more particularly relates to data encryption, data access control, encryption key storage, encryption key management, secure data storage, and data zeroisation.
Zeroisation is the cryptographic operation of erasing from the memory of a device sensitive material such as electronically stored data, cryptographic keys, or other information to prevent disclosure of that information to a later user of the device. Zeroisation is generally accomplished by deleting or writing over the contents to prevent recovery of the original data. For example, the memory can be overwritten with a meaningless value such as all zeros. In tamper resistant hardware, automatic zeroisation may be initiated if tampering is detected. Such circumstances can place unusual demands on the hardware designer, e.g. the need for the device to perform zeroisation even in the absence of connection of the device to a power supply.
Also related to zeroisation are prior art techniques for protection of data. These include storage devices which use ciphers with fixed length keys to encrypt stored data. Such storage devices can be loaded with keys, either persistently, or dynamically. The keys themselves are reused for encryption and decryption operations on the device. Unfortunately, in the event of loss, theft, or compromise of the device, it is sometimes possible for an unauthorized party to recover the key.
Devices used in high security environments often employ some form of manually initiated zeroisation functionality, usually initiated by pressing a button, which erase the key material from the device when circumstances require it. Unfortunately this leaves the device vulnerable to human error, and may allow the stored confidential data to be accessed by an adversary.