It is common to encrypt information that includes valuable content. To view the encrypted information a user must have a computer program that can read in the encrypted information and decrypt the information. Many computer programs or applications can read either encrypted or clear-text information. Clear-text information refers to unencrypted text that is machine readable. Many applications also provide files that use special formats. Such applications use undocumented internal data structures for processing these files. The files that use special formats can only be read by an application that recognizes the internal data structures.
Conventionally, applications are developed to read in and decrypt the encrypted information that is in a particular file format. FIG. 1 illustrates a block diagram of the conventional approach that is used to read encrypted information with an application. To begin, information can be provided in a clear-text format 110. The clear-text information 110 is passed through an encryption program 120 that encrypts the clear-text information 110 and outputs an encrypted file 140. An application 150 can be used to read the encrypted file 140. In the case depicted in FIG. 1, the application 150 includes a decryption program 160 and an input function 170.
When the application 150 is used to read in the encrypted file 140, the encrypted file 140 is first passed through the decryption program 160. The decryption program 160 decrypts the encrypted file 140 to produce a clear-text form 165. After the decryption, the clear-text form 165 is stored in memory so that the application 150 can process it. Once the file is decrypted and stored in clear-text form 165 in memory, the application 150 uses the input function 170 to read the data and to create internal data structures 175 that allow the application 150 to process the file. These internal data structures 175 are typically sets of tables and data structures that represent the essential information derived from the file. When the application 150 completes the processing the clear-text form 165 can be erased from memory.
A disadvantage of the conventional approach becomes evident when the application 150 is paused or killed. This is because when encrypted data is read in and decrypted by the application 150, the data it is stored as clear-text in memory 165. When the application 150 is paused or killed, the clear-text information 165 is left in a readable core image. Typically, the core image of the decrypted information (clear-text) is left in memory where it can be easily found.
This provides an easy opportunity for someone to find the clear-text information that includes valuable content. For example, there are many utility programs that exist on several operating systems that will find and print clear-text strings from inside of a binary file such as a core dump image.
It is therefore a desirable to have a more secure approach that does not suffer from the vulnerability of the conventional approach. More specifically, it is desired that upon an event that pauses or kills an application, the application does not leave valuable information in memory as clear-text.