| CPC H04L 9/3231 (2013.01) [H04L 9/0869 (2013.01); H04L 9/0894 (2013.01)] | 11 Claims |
|
1. A portable device for connection to a computer, the portable device for storing encryption keys, the portable device comprising:
a first connector for connection to the computer;
an internal memory;
an input module; and
an authentication module for receiving user identification information, via the input module, from a user,
wherein the authentication module is configured to authenticate received user identification information,
wherein a first data encryption key, DEK, is stored in encrypted form on the internal memory and is associated with a first plurality of user identities, and
wherein a second DEK is stored in encrypted form on the internal memory and is associated with a second, different, plurality of user identities,
wherein, when a user enters user identification information corresponding to one of the first plurality of user identities, the authentication module is configured to decrypt the first DEK for use, and
wherein, when a user enters user identification information corresponding to one of the second plurality of user identities, the authentication module is configured to decrypt the second DEK for use, wherein, when the authentication module has decrypted a given DEK, the device is configured to encrypt or decrypt data received via the first connector using the given DEK;
wherein the portable device is configured such that the DEKs are never transferred out of the portable device;
wherein derived user identification information for each of the user identities is stored on the internal memory and is associated with its given DEK; and
wherein the user identification information and an initially generated random number, and the DEK are entered as inputs to an algorithm that produces an encrypted DEK, and wherein the encrypted DEK and the random number are stored together as the derived user identification information for that user identity on the internal memory, and the user identification information is not stored on the internal memory.
|