1. Field of the Invention
This present invention relates to the fields of encryption and digital cryptography on a computer system. More specifically, the present invention relates to securing files and ensuring authenticated access to the secured files without dependence on a single file system.
2. Description of the Related Art
Data security has become an increasingly important aspect of computing due to the integration of computing into everyday use and the popularity of the internet. Securing sensitive data commonly involves the use of digital cryptography such as symmetric and asymmetric cryptography. Symmetric cryptography utilizes the same key to encrypt and decrypt a message and is generally faster than asymmetric cryptography. Because of the speed difference between the two forms, symmetric cryptography is commonly used to secure any message of notable size, including files. Asymmetric cryptography utilizes public and private keys to encrypt and decrypt a message thereby allowing two parties who had no previous interactions to communicate securely.
To secure the sensitive data, the user can currently utilize file level cryptography, file system cryptography and virtual partition cryptography. File level cryptography grants the users the most control over which files get encrypted, how the files are stored, and the location the files are stored in with only confidential files requiring encryption. Because the method works on a file-by-file basis, every encrypted file can use a different key, although many users will habitually utilize the same key for accessing many systems, including multiple files. Also, because only the file is changed, file level encryption can be used with any type of file system because the system does not store any special data in the file. However, one major disadvantage in file level cryptography is that the user must manually select files for encryption and decryption before and after each use. As the number of encrypted files increases, the overhead on the user to manually encrypt/decrypt these files increases as well Second, updating file level cryptography can also be difficult; if the encryption algorithm in use is found to be weak the user must recall and encrypt all files secured with that algorithm. File level cryptography provides a very secure encryption process for smaller numbers of important files, but.
In file system cryptography all the data on a single file system is encrypted thereby securing all stored data. The system requests only a single password, which is used to encrypt all the data, when the drive is being mounted for access. However, because file system cryptography encrypts non-sensitive files; an unnecessary computational overhead is incurred when accessing the files. As most file access on a computer is to non-sensitive files this overhead can be substantial. The single password used to access the file system can also be a disadvantage; for example, when different users use a single computer at different times, each user would need to know the password. Also, most file system cryptography implementations utilize a proprietary file system which may not have all the properties required for use in the computing environment. In addition, during file system cryptography, when the encryption algorithm needs to be updated, all the data on the file system must be decrypted and encrypted using the new algorithm. This can be a very time extensive operation on large file systems.
Virtual partition cryptography finds a median point between file level cryptography and file system cryptography. The system creates a virtual partition and encrypts all data stored in that partition. Virtual partition cryptography maintains many of the strengths found in file system cryptography while avoiding the large performance hit commonly encountered with its use. With oversight from the user all sensitive data can be stored securely in the virtual partition, while the non-sensitive files can be stored in the non-encrypted partition. This negates the performance hit from file system cryptography, but relies on the user to alter their storage system for files.
One disadvantage virtual partition cryptography is that the user must separate sensitive and non-sensitive files. Another disadvantage is allocating the correct amount of space for the virtual partition. Upon creation the user needs to have a rough estimate of the amount of space that will be required by the sensitive files. In addition, this system is difficult to configure correctly and does not expand well as sensitive files are added. Overestimating this space results in a loss of non-sensitive file space, while underestimating results in a costly operation to increase the size of the virtual partition. Virtual partitions are encrypted using a single password, thus all data secured in the partition utilizes the same password. This functionality does not assist the many users requiring differing layers of security.
When choosing a cryptography scheme, the user must consider the underlying file system that will be utilized. File system cryptography and virtual partition (to a degree) both force the type of file system used to a supported option. If a different file system is selected for any other reason, the encryption system must be modified to fit the scheme, or as is more likely, a different encryption system implemented.
Currently, the best option for the end user is to combine file level cryptography and file system cryptography or virtual partition cryptography. This choice provides a good overall encryption scheme, with all data being encrypted with no user interaction, and sensitive data being manually encrypted and decrypted with a separate key. Unfortunately, the user must still manually encrypt and decrypt the highly sensitive files on the system. This requires that the user not to forget to secure a file after accessing it, thereby leaving the file in an unsecured state until the user rectifies the situation. Also, this will limit the total number of files that the user will deem sensitive enough to add the additional security too.
Thus, there is a recognized need in the art for improved file security system that is secure, intuitive and non-intrusive for the end user to operate, file system independent, and easy to update. The system must be secure or it would not serve the primary purpose to securing the file. The system must be intuitive and non-intrusive for the end user to operate in order to limit the amount of necessary interactions by the user. Limiting the interactions will promote the system usage and secure any sensitive information with full security. Unfortunately, no file security systems currently meet all the necessary requirements to be a complete solution for the user.
The prior art is deficient in file level cryptography systems and methods utilizing the same. More specifically, the prior art is deficient in an integrated file level cryptography system that is independent of the file system on a computer and transparent to the user. The present invention fulfills this longstanding need and desire in the art.