The present invention is generally related to printers and communication devices, and, more particularly, is related to a system and method for securing confidential information in a nonvolatile internal memory.
A variety of devices are configured to receive information and/or capture image information. Examples of such devices include print devices, copy machines, personal device assistants (PDA), facsimile (FAX) machines and scanners. Typically, the information is further processed for some intended purpose. Examples of information include data, text and/or images in electronic format or in a hardcopy format.
A common feature of the above-described devices is that the device employs an internal memory that xe2x80x9ctemporarilyxe2x80x9d stores the information while further processing occurs. For example, one type of print device employs a magnetic disk drive memory that receives the information from a remote source, which is then printed. Such a memory acts as a xe2x80x9cbufferxe2x80x9d for the temporary storage of the information. As later information is received, the prior information is overwritten.
Memories may be nonvolatile. In a nonvolatile internal memory, the information is retained after power is removed from the memory. An example of a nonvolatile memory is a writable magnetic disk drive. Other examples of nonvolatile memories include, an optical drive, a compact discs (CD), a digital versatile disks (DVD), a floppy disk, a magnetic tape drive, an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), a flash memory, a nonvolatile random access memory, and various types of volatile memories that become nonvolatile by virtue of a battery backup or other power source that is maintained when the device is inactive.
When the device is deactivated, such as by turning off the power, any saved information currently residing in the nonvolatile internal memory is retained. Accordingly, confidential information received by the device may remain in the nonvolatile internal memory. The user would prefer that the confidential information be removed from the nonvolatile internal memory or otherwise be destroyed. That is, the user of the device intends that the information remain confidential and not be available to unauthorized third parties.
The above-described nonvolatile internal memory to a device is not generally electronically accessible to an unauthorized third party because there is no way for the third party to exert control over the nonvolatile internal memory using external programs. For example, if a print device receives information from a personal computer, the print job origination program residing in the personal computer is limited to sending information to the print device in a suitable electronic format for printing images. Examples of print job origination programs include word processing programs, browsers, photo editors, and graphic/drawing programs. Since the print job origination program does not have direct control over the nonvolatile internal memory residing in the print device, there is no convenient way for an unauthorized third party to cause the printer to print confidential information residing in the nonvolatile internal memory.
Furthermore, such nonvolatile internal memories are not readily accessible to physical access. That is, the memory is difficult to physically remove from the device. However, if the nonvolatile internal memory is physically removed from the device, a variety of techniques are available for retrieving the information from the memory. Accordingly, if an unauthorized third party xe2x80x9cstealsxe2x80x9d the nonvolatile internal memory after the confidential information is received by the device (and before additional information is received which would otherwise overwrite the confidential information), the confidential information can be accessed.
Accordingly, it is desirable to protect confidential information received by a device and residing in a nonvolatile internal memory. That is, it is desirable to prevent access to confidential information residing in a nonvolatile internal memory by an unauthorized third party.
The present invention provides a system and method for securing confidential information. Briefly described, one embodiment comprises a memory configured to save the confidential information, a decryption key, and a processor configured to encrypt the confidential information when received, configured to store the encrypted confidential information in the memory, configured to decrypt the confidential information when the confidential information is accessed by another component, and further configured to erase the decryption key after a component has accessed the confidential information.
Another embodiment comprises encrypting the confidential information, storing the encrypted confidential information in a memory, generating a decryption key, decrypting the encrypted confidential information using the decryption key; and erasing the decryption key.