Patent Application
20060050871
The present invention relates to the field of data security. More particularly, the invention relates to a method and apparatus for securing data stored within a non-volatile memory.
Flash memory is a type of nonvolatile memory that can be erased and reprogrammed. It is a variation of electrically erasable programmable read-only memory (EEPROM), which is slower than flash memory updating. One of the earliest implementations of a flash memory was for holding control code such as the basic input/output system (BIOS) in a personal computer. When BIOS needed to be changed (rewritten), the flash memory could be written to in block (rather than byte) sizes, making it easy to update (a block can be considered as a fixed size chunk of data, which its size is determined according to physical reasons, programmable reasons, or even is determined arbitrarily).
Currently flash memory is commonly used in cellular phones, digital cameras, LAN switches, PC Cards for notebook computers, digital set-up boxes, embedded controllers, and so forth.
One of the most popular devices based on flash memory is the USB flash drive. It is a small, portable card that plugs into a computer's USB connector, and functions as a portable drive which currently can have up to 2 GB of storage capacity. USB flash drives are considered as being easy-to-use, small enough to be carried in a pocket, and can plugged into any computer with a USB drive. USB flash drives have less storage capacity than an external hard drive, but they are smaller and more durable because they do not contain any internal moving parts like a magnetic disk. USB flash drives also are also called pen drives, key drives or simply USB drives.
“Compact flash” is a well known format of flash memory, which is very common in digital cameras. Yet another format of flash memory is the “SD Card”, a miniaturized format of flash card, which is of a Size of postage stamp at only 2 gr., designed to comply with current and future SDMI (Secure Digital Music Initiative) portable device requirements. Yet another type of flash memory is the “SmartMedia”, designed for use with digital still cameras, PDA's, MP3 players and other electronic products that use SmartMedia cards as standard or extended data storage. Yet another example is the “Multimedia Card”, with a size of postage stamp at only 2 gr. designed to allow to easily uploading, downloading, storing and capturing of images, music and data in digital camera, audio player, PDA or other handheld devices. These non-volatile, durable cards are designed to perform over a wide temperature range while being extremely shock resistant.
From the user's point of view, upon inserting a USB flash drive into a USB connector of a computer, the user gets access to a disk drive. Thus, the user can store and retrieve files from the USB flash drive. As such, USB flash drives are used as personal storage means. For example, a user that stores some of his personal files on a USB flash drive can use these files at the office as well as at home.
Due to their portable nature, USB flash drives have a security fault, since losing a USB flash drive can result not only in losing the stored data, but also in the data falling into wrong hands.
Therefore, it is an object of the present invention to provide a method and apparatus for securing data stored within a non-volatile memory device.
Other objects and advantages of the invention will become apparent as the description proceeds.
In one aspect, the present invention is directed to a method for securing data on a non-volatile memory device, the method comprising the steps of: providing the non-volatile memory device with a secured chip, for securely storing a secret for ciphering/deciphering the data; providing the non-volatile memory device with a ciphering/deciphering logic, for ciphering/deciphering the data with a secret; storing a secret for ciphering/deciphering the data within the secured chip; on storing data within the non-volatile memory device, employing the secret from the secured chip, and ciphering the data with the secret; and on retrieving data from the non-volatile memory device, employing the secret from the secured chip, and deciphering the encrypted data with the secret.
According to another aspect, the present invention is directed to a non-volatile memory device, for securely storing data, the non-volatile memory device comprising: a non-volatile memory, for storing data; a secured chip, for securely storing a secret for ciphering and deciphering the data; and ciphering/deciphering logic, for ciphering and deciphering the data using the secret. The non-volatile memory device may further comprise communication means to a host (e.g. USB, WiFi, Bluetooth, infrared, radio frequency, serial communication, and parallel communication).
The present invention may be better understood in conjunction with the following figures:
The term Non-Volatile Memory Device (NVMD) refers herein to a device comprising non-volatile memory storage. NVMD can be implemented in a variety of ways, such as non-volatile memory (e.g. flash memory) connected to a bus of another device; as a small and portable device that plugs into a host (e.g. personal computer) by wired (e.g. USB, RS232, printer's port) or wireless (e.g. infrared such as IrDA, RF such as Bluetooth) means, and so forth.
USB flash drive is an example of an NVMD. Also the Puppy (manufactured by Sony), Disk-On-Key manufactured by M-Systems, are examples of NVMD.
The term Non-Volatile Device refers herein to an apparatus comprising non-volatile memory. For example, NVMD is a private case of a non-volatile memory device. In order to facilitate the description herein, the examples herein refer usually to NVMD, however it should be noted that the description is directed to any kind of non-volatile device, including NVMD. For example, a BIOS based on flash memory also falls within the definition of non-volatile memory devices. A digital camera which stores the captured images in a flash memory also falls within the definition of non-volatile memory device. A non-volatile device may further comprise communication means with another device, such as a host.
Protecting data stored within the non-volatile memory 100 is carried out by the ciphering logic 30, which implements the secret 20 for this purpose. Since the secret 20 is stored within a secured chip, the effort required to expose the secret is actually the effort required to “hack” the secured chip, and since secured chips are designed to prevent exposing their content, the effort to expose the secret 20 is substantial.
The term “secured chip” refers herein to a microelectronics circuitry for storing information (e.g. data and applications) in a protected form. Smart card chip is an example of a secured chip. The term “secured device” refers herein to a hardware device coupled with a secured chip. Smart card is an example to a secured device.
A secured device interacts with other devices by physical contact between dedicated conductive parts of the secured device and the other devices. This functionality is provided also by a secured device reader, a small device into which both, the secured device and the other device, are connected. The other device usually connects to the secured device reader by a common interface, such as USB.
In order to get services from a secured device, a client has to share a secret with the secured device. Thus, when a client asks for a service from a secured device, it should present to the secured device a PIN, password, etc. This is referred in the art as Access Condition.
There are two common physical ways of contact between a secured device and a reader (or other device); “landing” contact and “friction” contact (also known as sliding or wiping). In general, card reader of landing type provides better protection to the card than that of the friction type.
Nowadays a high level specification to secured devices is provided, e.g. ISO7816 for electrical contacts, ISO7810 (ID-1) for physical characteristics, etc. Secured devices operate with dedicated operating system, such as MULTOS.
As a computerized system, a secured device has a CPU chip (such as of Infineon, Amtel, Hitachi, Phillips) and memory, usually of EEPROM. Nowadays the size of the memory of a secured device is about 64 KB.
Typically, data of a file system mechanism is written/read in blocks, especially when the mechanism is based on flash memory. According to one embodiment of the invention, prior to writing a block, the block is ciphered, and after the block is retrieved, the block is deciphered.
The ciphering/deciphering operation is carried out by the ciphering/deciphering mechanism 30, using the key(s) 20 stored within the secured chip 10. Of course the ciphering mechanism and the deciphering mechanism can be separate entities.
Typically, the ciphering/deciphering mechanism is based on software (computer code), however it can be based also on hardware (shift operations, XOR, etc.), and also on the combination of both.
According to another embodiment of the invention, instead (or in addition) to ciphering/deciphering of blocks, the ciphering/deciphering operation can be carried out on a file basis. For example, a file that has been copied to or created on the NVMD is encrypted after being used, and decrypted before being used.
According to another embodiment of the invention, the ciphering/deciphering is based on a chunk of data of a certain size, of a chunk of data of variable size, etc.
According to another embodiment of the invention, additionally or alternatively to ciphering/deciphering blocks, the order of the blocks on the memory 40 is “scrambled”, i.e. the blocks are stored in a pseudo-random order, while the block table (known in the art as FAT—File Allocation Table) is kept within the secured chip 10.
The ciphering/deciphering operations may be based on symmetric methods (e.g. private-key), asymmetric methods (e.g. public-key), one-time-password methods, RSA, etc.
It should be noted that an NVMD can be also in a form of a secured device, e.g. a credit-card-sized device with embedded microelectronics circuitry for storing information about an individual. An NVMD can also be of a form of a security token, i.e. a small hardware device that the owner carries with in order to authorize access to a service, e.g. Aladdin eToken™, Rainbow, iKey™, a key fob, etc.
Those skilled in the art will appreciate that the invention can be embodied by other forms and ways, without losing the scope of the invention. The embodiments described herein should be considered as illustrative and not restrictive.
