Conventional computing devices typically include one to many conventional types of input/output (I/O) ports for communicating with connectable external devices such as mice, keyboards, wireless modems, etc.
However, the specifications for many I/O interfaces, such as USB, SAS, SATA, Firewire, PCI Express, Hypertransport, Thunderbolt, etc. have no provision for authenticating attached devices or encrypting their traffic. One way to secure communication in such devices is by changing software layers (drivers, applications). This is impractical to implement due to variety of different software stack implementations and lack of interoperability. This is the main reason why this approach did not gain a widespread adoption. Another option is to encrypt the entire file system. This approach also suffers from lack of interoperability. Both approaches have another disadvantage: the key to perform encryption is stored in the same system, which weakens overall security. Examples of prior art approaches include U.S. Patent Application Number 2008/0247540, U.S. Pat. No. 7,469,343 and EP Application No. EP240790.
Meanwhile, there are a number of applications that would benefit greatly from data encryption, such as storing sensitive data on USB mass storage devices. Accordingly, a need remains for an efficient method for encrypting and decrypting data on otherwise unsecure interfaces such as USB.