There have in recent years been a number of high-profile cases where a device storing sensitive data has been stolen or lost. In order to reduce the risk of information falling into the wrong hands by way of the loss or theft of a device, it is known to encrypt the contents of any persistent memory in the device (e.g. by using full disk encryption). However, such protection is only effective whilst the computer is switched off—if a computer is stolen or captured whilst it is switched on, then full disk encryption offers no protection against loss of data. Also, there is no protection against an attacker who has successfully installed malicious monitoring software on the computer.
Some data recorders record sensitive data in operation, and hence the so-called ‘data at rest’ protections mentioned above are of no use for protecting the sensitive information from an attacker who captures the data recorder in operation, or who has successfully installed malicious monitoring software on the data recorder. Similar considerations apply to laptop computers and the like which are intended to be used by people whilst travelling between relatively secure environments.
WO 2007/006072 describes a method of encrypting data for sending over an internal communications link within a personal computer. There is no discussion of how the personal computer might be used to securely store data in non-volatile storage (i.e. persistent storage which retains data even when the power supply is removed).
WO 01/72075 describes an improved implementation of a stream cipher in which an encryption key is used in the generation of a cryptographic mask. Again, there is no discussion of securely storing data in non-volatile storage.
According to a first aspect of the present invention, there is provided a data recorder comprising:    a receiver for receiving input data;    one or more persistent data stores storing pseudo-random masking data deterministically generated by a psuedo-random data generator in dependence on one or more masking data generation parameters;    one or more processors arranged in operation to combine said input data with said pseudo-random masking data to generate masked data using a masking process reversible with knowledge of said one or more masking data generation parameters;    a persistent data store updater arranged in operation to erase said pseudo-random masking data in said one or more persistent data stores once it has been used in said masking process, and to write the masked data output by said one or more processors in said one or more persistent data stores; and    an output for outputting said masked data from said one or more persistent data stores to a reader device having access to said one or more masking data generation parameters.
By operating a data recorder to generate masked data by combining record data with pseudo-random masking data previously stored in persistent memory, said pseudo-random masking data having been deterministically generated by a psuedo-random data generator in dependence on one or more masking data generation parameters, and erasing the pseudo-random masking data stored in said memory once it has been used in generating said masked data, said data recorder stores record data in an masked form which can only be decrypted by a reader able to generate identical pseudo-random masking data using said one or more masking data generation parameters. In this way, sensitive record data may be recorded in the persistent memory of the data recorder in a manner which makes that sensitive data inaccessible to someone who captures the data recorder in use, but accessible to someone in possession of the one or more masking data generation parameters. Importantly, there is no need for the processor to have the masking data generation parameters in volatile memory whilst generating the masked data from the (sensitive) record data. This overcomes or alleviates the problem of protecting data being recorded by the data recorder even from an attacker who has access to the data recorder whilst it is recording. This applies whether the attacker has physical access to the data recorder or virtual access by virtue of a snooping program or device maliciously installed in the data recorder.
It is to be noted here that persistent is used in the sense that the contents of the memory remain readable even after the data recorder has been powered down for sufficient time to allow the contents of the recorder's volatile memory to be lost.
Preferably, said persistent data updater overwrites said pseudo-random masking data in said persistent memory with the masked data output by said one or more processors. This has the advantage of efficiently combining the erasure of the masking data and the writing of the masked data.
Preferably, for example when in an initial relatively secure environment, said data recorder uses a mask parameter encryption key in encrypting said mask generation parameters, stores said encrypted mask generation parameters in said persistent memory, and deletes said mask parameter encryption key from said data recorder prior to combining input data with the pseudo-random mask data generated using said mask generation parameters.
This has the advantage that a reader need not store a plurality of mask generation parameters used to generate respective sets of mask data, but instead stores a mask generation parameter encryption key. This obviates the need for the reader to store data associating a plurality of mask generation parameters with respective sets of mask data and makes it easier for a single reader to be used to read data securely recorded by a plurality of data recorders.
In some embodiments, the deletion of the mask generation parameters prior to the use of mask data generated using those parameters, might be achieved by powering said data recorder down for some time prior to switching the data recorder back on in order to securely record input data. In other embodiments, the data recorder further comprises a pseudo-random mask data generator operable to generate a plurality of sets of pseudo-random mask data in said persistent memory, each set of pseudo-random data depending upon a different set of one or more mask generation parameters, said data recorder being arranged to delete the set of one or more parameters used in generating each file prior to combining input data with said set of pseudo-random data.
Preferably, the encryption of the one or more mask generation parameters uses a public-key encryption algorithm to encrypt the one or more parameters with a public key corresponding to a private key accessible to the reader.
Where the reader can be kept in a physically secure environment, then reader preferably stores the private key in its persistent memory.
According to some embodiments, there is provided a data recorder comprising:    means for receiving input data;    means for storing pseudo-random masking data deterministically generated by a psuedo-random data generator in dependence on one or more masking data generation parameters;    means for combining said input data with said pseudo-random masking data to generate masked data using a masking process reversible with knowledge of said one or more masking data generation parameters;    means for erasing said pseudo-random masking data once it has been used in generating said masked data;    means for recording the masked data output by said one or more processors; and    means for outputting said masked data to a reader having access to said one or more masking data generation parameters.
According to some embodiments there is provided a personal computer comprising:    a receiver for receiving input data;    one or more writable persistent data stores storing pseudo-random mask data deterministically generated by a pseudo-random data generator in dependence on one or more mask generation parameters;    one or more processors operable to combine said data for recording with said pseudo-random mask data, said combination being reversible by a reader able to generate identical pseudo-random mask data using said one or more mask generation parameters to recover said record data;    a memory writer operable to overwrite said pseudo-random mask data in said one or more persistent data stores with the combination data output by said one or more processors;    an output for outputting said combined data from said one or more persistent data stores to a reader having access to said one or more mask data generation parameters.
According to some embodiments, there is provided a reader for use with a data recorder according to the first aspect of the present invention, said reader comprising:    a receiver for receiving said masked data from said data recorder or said personal computer;    one or more processors operable to recreate said masking data using said one or more masking data generation parameters and to recover said input data by combining said masking data with said masked data;    one or more stores for storing said recovered input data.
Such a reader might be implemented as suitably programmed general purpose computer.