1. Field of the Invention
This invention relates generally to methods and apparatus for securing personal computer data and more specifically to providing a portable encryption/decryption device that is configured to quickly and conveniently interface with any computer.
2. Description of the Related Art
The phenomenal growth of personal computers (PC) in the world over the recent past has fueled a technological revolution of dramatic proportions. Personal computers pervade not only the workplace, but also the home. In fact, the PC is approaching a point where it is a commodity similar to a telephone. The ubiquitous nature of the PC in the world today is partially due to the many functions the PC is capable of performing, especially in lieu of the worldwide hysteria created by the Internet.
Personal computers are now routinely utilized to transfer sensitive data over the Internet via local area networks (LAN) and wide area networks (WAN). Additionally, numerous households keep financial data and other personal information on a PC. Many of the same households communicate personal information over the Internet through e-commerce channels. Because of the efficiencies related to electronic commerce, more and more businesses and consumers are moving a higher percentage of their transactions to this medium over time. With the advent of digital signatures, transactions via a personal computer are becoming routine.
However, with all of the promotion centered around the technological revolution there is a downside. Given the sensitive nature of the information stored within a PC, whether at work or at home, the risk of someone stealing this sensitive information, or simply using someone's PC to impersonate them, is substantial. For example, anyone can commandeer a party's work PC when the party is out of the office or just at lunch. Access to the party's work PC can cause damage ranging from pilfering confidential information to sending out emails from the PC with the receiving parties believing the message is being originated by the owner of the email address. An outside hacker may be able to gain access to data stored on a PC's hard drive or the server system to which the PC is connected to copy or compromise the data. Furthermore, with the large population of work and residential PC's being always connected to the Internet via cable modems or direct subscriber lines (DSL), a hacker may gain access to the PC over a network to which the cable modem or DSL is connected.
Current PC's are also woefully inadequate in providing a safe environment for creating and saving documents or data. Not surprisingly, there is a valid concern over the level of the protection of sensitive data as it is vulnerable to a host of criminal or suspect activity such as industrial espionage, fraud and the like. Furthermore, when transporting sensitive or personal data via a compact disc, hard drive, floppy or some other storage media, the data is at risk of falling into a competitor's hands or even some other adversarial party through theft or loss.
One attempt to prevent the data from becoming susceptible, is to apply passwords in order to protect access to sensitive data. For example, screen savers provide the option of password protection. In addition, attaining access to secure websites generally requires disclosing a password as a prerequisite. However, passwords may be stolen through commonly known means or through hacker programs which monitor key stroke activity and thus allow access to data supposedly protected.
Software applications currently exist which locally encrypt data prior to transmitting, such as PGP™. However, if a user wants to copy the data onto a storage medium for use on another PC, there are no quick and convenient solutions available. Moreover, these software applications which locally encrypt data are typically slow.
With modern society becoming more connected, more information is becoming available. Additionally, in order to focus on core activities organizations are offloading the management and storage of sensitive data to third party contractors such as storage service providers. Thus, there is a contemporaneous need to provide safeguards for data integrity and data secrecy. Likewise, the source of the information or data must be authenticated so that the recipient has complete certainty that the information came from the original source in its original state. While data encryption methodology such as data encryption standard (DES) and triple DES provide protection of sensitive data, they lack means to validate that the information or data such as electronic mail, attachments, credit card accounts, website login passwords and so forth, is actually coming from the source identified as the sender.
Simply encrypting the above mentioned data is further restrictive in that there does not exist any convenient manner to handle the portability of the data while maintaining the integrity and security of the data. For example, the data may reside or be transferred to a portable storage media such as a compact disk or floppy disk. If the data, either in encrypted or plain text form, is transported to another PC, then there does not exist a convenient process to manipulate or send the data and simultaneously safeguard data integrity and data security.
As a result, there is a need to solve the problems of the prior art to provide a convenient and portable solution to secure sensitive data and authenticate data integrity thereby validating the source and state of the data.