This invention relates generally to data transfer from one computing device to another, and more particularly to maintaining the security of that data when it is 'at rest' on a storage device or in transit from a source to a destination. The invention is particularly suited, but not limited to, use in situations where the data is highly sensitive and confidential and, therefore, it is imperative that the risk of it being intercepted and/or accessed by an unauthorised third party is minimised. Examples of highly sensitive data include, for example, military data, inter-governmental data, intelligence data, highly valuable commercial data, research data and so on. In such cases, it is of the utmost importance that access to the data is controlled and reserved for authorised parties only. Thus, the data should be inaccessible when being transferred from one device to another, and should also be un-usable to anyone who inadvertently or maliciously gains access to it. The data must, at all times, be handled in as secure a manner as possible with all known vulnerabilities eliminated or at least minimised.

Ever since technology has allowed data to be sent from one computing device to another, the security of that data in transit has been of concern. Data which resides on a self- contained computer (i.e. a computer which does not receive or send data from to another machine over a network) is relatively secure, assuming that physical access to the computer itself is regulated. Computers can be placed behind 'firewalls' to protect the data while it resides on the machine prior to or following transmission. However, once the computer is opened up to network communications, the data becomes vulnerable to attack and intrusion from outside parties. During transmission that data can be intercepted, copied, amended or removed by an unauthorised third party. As a result, maintaining the security of data during transfer has been, and continues to be, the focus of much research and technical innovation.

A common approach to protecting data from third parties during transmission is to encrypt the data prior to sending it so that even if it is accessed or intercepted along the route it is meaningless to the interceptor (unless it is hacked and unencrypted). Once the encrypted data has arrived at the destination, the data is decrypted by an authorised party having legitimate access to the decryption algorithm. The encryption and decryption processes work together to safeguard the data.

The encryption process requires the use of an encryption key which specifies how the message is to be encoded. The encrypted data can be decoded using a decryption algorithm, which uses a decryption key which unauthorised parties are not aware of. In a 'symmetric-key' approach, the encryption and decryption keys are the same. Therefore, the sending and receiving parties must agree on a secret key before they communicate the sensitive data. Using the 'public-key' approach, the encryption key is available to anyone. However only the receiving party has access to the decryption key and thus is the only one capable of reading the encrypted messages. Clearly, if the decryption algorithm or key can be accessed by an unauthorised third party then the data could be decrypted and thus compromised.

Encryption can be performed by software applications or by dedicated encryption hardware devices (chips). The former operates by requiring a user to provide a predetermined key or password before access is granted to the protected data, while hardware-based encryption requires a user to have an actual, physical key in order to gain access.

One benefit of software-based encryption is that it is much simpler to deploy, requiring simply the installation of a particular software module onto the computer. However, software encryption applications place a processing overhead on the machine which degrades the performance of the computer. Hardware-based encryption, on the other hand, places no such additional computing strain on the part of the host computer because the encryption process is handled by the physical chip. Furthermore, it is generally agreed that hardware-based encryption provides a higher level of security than software-based encryption as a third party is not able to bypass it without being on location to gain access by disassembling the computer itself. However, while software and hardware encryption can protect data whilst residing at either end of the communication channel, data in transit remains vulnerable. This is a concern for highly sensitive data wherein it is imperative that unauthorised access is protected when travelling from one location to another.

In addition, there have been incidents where sensitive data has been saved onto a portable, non- volatile storage device (e.g. disk or storage device) only for the storage device to be inadvertently left in a public place. Therefore, any such data being stored onto a storage device should be saved in such a manner and/or format that its contents are not accessible to any unauthorised party who comes into possession of it.

A data storage apparatus is disclosed in GB 2478553 A and comprises a data storage device and a physically independent transmission control device (referred to as a 'key') which physically plugs into a source device. Transmission of data between the data storage device and the source device (e.g. a workstation of a PC) is enabled only when a connection is established between the key and the data storage device. The data storage device has no ports for connection to an external source of storage. Therefore, the data cannot be stored to a conventional storage device such as a USB flash drive. Thus, it is desirable to provide a solution which enables data to be transferred from one machine to another without compromising the integrity or security of that data. The data should be stored in a highly secure format which is not understandable or useful to any unauthorised party who might intercept it while stored on a non- volatile storage medium. Such an improved solution has now been devised.

Thus, in accordance with the present invention there is provided a method, system and device as defined in the appended claims. Therefore, in accordance with an embodiment of the invention, there may be provided a data security device comprising a secure processor paired with a software component; wherein, upon detection of the secure processor by the software component, the device is configured to:

receive data wirelessly from a source device, encrypt it and store it; or

retrieve data from storage, decrypt it and send it wirelessly to a destination device..

The data security device may be configured to perform its functionality once the paired software component and the secure processor have successfully acknowledged each other.

The data may flow in either direction:

• From the (source) computer to the storage component via the secure processor; or

• From the storage component to the (destination) computer via the secure processor.

In one sense, the invention may be considered to provide a security device which is arranged to handle the retrieval/storage of secure data if, and only if, a connection has been established between a specified processor and a paired software component. The software and the secure processor may be configured to cooperate with each other such that when the software detects the presence of the processor a wireless communications link may be established for the transfer of data to/from the security device. The device may comprise all the necessary (hardware and software components) for the transmission of data via a wireless link. The device may be arranged to perform a 'hand shake' operation with another device to facilitate the transfer of the data.

Preferably, the device is a dedicated data security device. Thus, the device may be designed, arranged and/or configured only to handle the transmission, storage/retrieval and encryption/decryption of the data in cooperation with the software component. In other words, the device may not be a multi-purpose device such as a personal computer.

The terms 'source' and 'destination' may be used to distinguish the direction of flow of the data (with respect to the storage). The source and destination devices may be the same device or may be independent of one another. In other words, they may be physically separate, distinct devices. The processor and the software may be paired with each other via a shared protocol.

Additionally or alternatively, they may be paired by an identifier, such as a serial number.

Preferably, the software component is arranged to execute on a processor which is provided separately from the security device. In other words, the software is provided remotely (relative to the device). The term 'remote' should not necessarily be construed as implying a relatively large geographical distance but simply that the software not housed within the same device as the secure processor. Preferably, the device comprises a housing. The secure processor may be provided within the housing of the device.

The security device may further comprise:

a receiver and/or transmitter for transferring data;

a wireless communications component configured to enable a wireless

communications link to be established for the transfer of data;

non-volatile memory for storing the encrypted/decrypted data; and/or

a connector or interface for connecting the security device to a removable storage device.

These components may be provided within the housing of the security device.

Preferably, the secure processor is arranged to perform hardware encryption and/or decryption of the data.

Alternatively or additionally, the secure processor may be arranged to perform software encryption and/or decryption of the data.

The secure processor may be designed to handle USB secure token and smart card reader applications that require certificate based or other public key cryptographic schemes. It may incorporate security mechanisms to protect secret key data. Self-destruct inputs and environmental monitors (e.g. temperature and voltage sensors) may be provided to erase secret key data when an attack condition has been detected. The secure processor may comprise an integrated USB device interface (possibly including a transceiver), a hardware controller and/or a universal asynchronous receiver-transmitter.

The secure processor may support high-speed encryption. It may comprise hardware accelerators suitable for handling various encryption techniques. It may include a true hardware random-number generator for key generation and challenge generation.

The secure processor may also comprise some memory. For example, flash memory, volatile SRAM, or non-volatile SRAM.

Preferably, the data is stored onto and/or retrieved from non- volatile memory by the secure processor. The memory may be provided within the device or be provided as an external storage device. The storage device may be a portable device. It may be a mass storage device, a flash memory component, or a hard drive. It may be provided as a component of a USB device, a tablet computer, a laptop, a PDA or a removable hard drive. It may be provided as an internal or external SD card.

Preferably, the device comprises a housing which includes a connector or interface for communicating data to/from a removable storage device. For example, the device may comprise a port or interface arranged to receive at least a portion of an external storage device. For example, the device may comprise an interface to enable a memory stick or USB storage device to be connected or inserted into the device such that the encrypted data can transferred onto/from the non-volatile memory. Additionally or alternatively, the device could comprise a plug to enable connection to a HDMI-compatible device.

Preferably, the invention is arranged such that the data is never stored in non- volatile memory unless it has passed through (i.e. been processed by) the secure processor.

The source and/or destination device may be a computing device such as a PC, a server, a workstation, a laptop, a tablet computer, or any other form of computing resource. The software component may be provided on the source/destination device or it may be provided on a further computing device. The further computing device may be a PC, a server, a workstation, a laptop, a tablet computer, or any other form of computing resource. The invention is not limited with respect to the nature or location of the computing device on which the software component is installed for execution.

Preferably, the data is received transmitted by the device via a wireless communications link. The data may be transferred via a localised communications link. In other words, the link may be limited in range rather than being part of a wide area. The range may be determined and/or restricted. The range may be specified in software. The data may be transmitted over a wireless personal area network (WPAN) using a technology such as IrDA, Wireless USB, Bluetooth, Z-Wave, ZigBee or a wi-fi connection. A Bluetooth connection may be preferred for the data transfer due to security mechanisms available with Bluetooth technology.

The communications link may be encrypted. It may be an encrypted tunnel. The data may be transmitted over a link comprising secure shell (SSH) tunnel consisting of an encrypted tunnel created through a protocol connection.

Communication between the software and the secure processor may be enabled only after an authentication process has been successfully performed. For example, the user may be prompted to input a pre-selected identifier (e.g. user and/or password) prior to access being granted to the device.

In accordance with another aspect of the invention, the device may form part of a data security system. The system may comprise one or more further secure processors, which may be paired with each other and/or paired with the software component. A data security system may be provided comprising a data security device as described above, and a source and/or destination computing device arranged to execute the software component. The data security system may further comprise at least one further secure processor, the further secure processor being paired with the secure processor which is provided as a component of the security device.

Also according to the invention, there is provided a data security method comprising the step of providing a device or system as described above.

The invention may be expressed as providing a solution for the secure transfer and storage of confidential data.

The software component of the system may be viewed as working in cooperation with at least one secure processor (which may be referred to as a 'microcontroller') to achieve the secure transfer and/or storage of a portion of data from one location (device) to another so that it can be saved for retrieval from the non- volatile memory.

At its highest level, one embodiment of the system may be described as follows: a flexible and highly customisable software component is provided and is configured to search for a specific secure processor. The processor is provided within a device in accordance with the appended claims. The processor comprises at least one security mechanism to protect the integrity of the data and/or prevent unauthorised access to (or reading of) the data. The security measure may be a hardware encryption or software encryption component. The software ensures that when the data is stored from the source device into storage it passes through the pre-determined secure processor so that it is saved in a secure manner and format. In reverse, when the stored data is to be accessed it passes through the secure processor which decrypts it before sending it to its destination. Therefore, the data may only be received, processed and/or transmitted by the device if the software and the processor are able to 'find' each other and communicate. Without both the software and its matched processor being in communication, the device is not operable to process the data. Furthermore, the security device needs to be in close proximity to the source/destination device because of the limited range of the communications link.

This provides the benefit that if the data is saved onto a portable device which is lost or stolen e.g. a memory stick, it is unusable to anyone who is does not have access to the software, the device (with the paired secure processor in it) and the source device.

In another sense, the invention can be viewed as a variation of the arrangement disclosed in GB 2478553 A. However, the prior art arrangement provides the key and the dedicated storage device as separate physical entities, and the key physically plugs into the source device. However, with the present invention the physical key device is replaced by the software, which searches for the secure processor and controls transmission of the data upon detection of its paired processor. Therefore, the key management is provided by the software component.

An advantage of this is that the software can be provided anywhere in relation to the source and security devices. This, in turn, enables the arrangement to be configured in a variety of ways and according to various levels of required security. For example, the key management software could be provided on a web server which is separate from a PC on which the data is located, the web server also having a secure processor which is paired to at least one other system component.

Another advantage is that the user is able to store the encrypted data on any conventional storage device (e.g. a USB memory stick) rather than on the dedicated storage device of GB 2478553 A.

Thus, the invention provides a solution which:

• is highly flexible and can be configured in a wide variety of ways;

• can be configured to implement different security levels depending upon the

sensitivity of the data;

• requires that a pre-designated secure processor is in close proximity to the

source/destination device in order for a localised wireless connection to be established; this ensures that the data does not travel via an insecure wide area network;

• requires that the data always travels via the secure processor on its way to/from storage, and is thus always subject to a rigorous encryption process;

· prevents unauthorised use of the encrypted data by anyone who does not have access to the software and the security device.

These and other aspects of the present invention will be apparent from and elucidated with reference to, the embodiment described herein.

An embodiment of the present invention will now be described, by way of example only, and with reference to the accompany drawings, in which:

Figure 1 provides an overview of an illustrative embodiment of the invention.

Figure 2 also shows an illustrative embodiment of the invention.

Figure 3 shows an overview of the main components of a data security device in accordance with the invention. The arrow show the direction of the flow of data received from a computer-based resource (e.g. a PC or a tablet) into the device and then into memory or storage.

Figure 4 shows an overview of an embodiment of the invention, similar to that shown in Figure 2, wherein data is received by the security device from a source device which has been fitted with a secure processor.

Figures 5 and 6 show expanded versions of the security device of Figure 4, indicating some examples of non- volatile memory onto which the secure data may be stored.

Figure 7 shows a web-based embodiment of the invention. Highly sensitive data is vulnerable to unauthorised access during transit over electronic networks. Wide area networks (e.g. those which use telecommunications technologies to transfer data from one point to another) can be 'hacked' and data can be intercepted during transfer. Even when 'at rest' on a secondary storage device, the data may be vulnerable to unauthorised access. For instance, a laptop may be left in a public place, or a memory stick may be stolen.

The present invention reduces the vulnerability of such data during transit, and also when it is 'at rest', by ensuring that it is stored in an encrypted form. Its subsequent decryption is dependent upon the user being able to access system components which have been 'paired' with each other. If the software cannot detect the presence of the pre-specified secure processor, the encryption/decryption process cannot be performed. Thus, the data is not of use to any party who does not have access to all the required system components. The invention restricts any electronic transmission of the data to a localised area (local relative to the data source).

Thus, the invention provides a highly flexible and re-configurable software component coupled with at least one dedicated secure processor. The software can be arranged and configured in a wide variety of ways according to the individual needs of the user and the required level of security. Therefore, the system can be customised as required. This is discussed below in more detail.

An important feature of the invention is that the software component 4 only allows data from the source computer 1 to be sent to the device if it finds the necessary paired processor. If it does not find the necessary processor, the data is not sent to the security device.

The secure processor 3a is provided within a data security device 8 which has the necessary hardware and software components for wireless communication. These components include an antenna 9a, and a wireless communications unit 10. The device also has memory provided within it and/or the means for one or more storage devices to be connected to the device. The security device has a casing or housing, which houses the secure processor 3a and communications components. The device serves as an intermediary device which sits between the source/destination computer and storage device. It forms an intermediate data path between the computer 1 and the storage interface 11, the data path only being usable upon being 'unlocked' by the software 4.

The software 4 is configured to search for the specified secure processor. The secure processor may be specified to the software (i.e. paired with it) by a serial number (which it is allocated during manufacture). The software handles the key management functionality of the system.

Additionally or alternatively, the software 4 may be paired to the secure processor 3 by use of a shared communication protocol. This may or may not be a proprietary protocol. In one embodiment, the pairing may be performed via the Bluetooth communication protocol.

During the Bluetooth pairing process, the two paired devices establish a relationship by sharing a secret key. The identity of each device is cryptographically authenticated so the other device knows that it is the same device it previously paired with. The key enables an authenticated Asynchronous Connection-Less (ACL) link between the devices to be encrypted so that the data that they exchange is protected against third party access during transit.

Thus, the secure processor can only 'talk' to the software 4 with which it is arranged to cooperate. Without connection to the software, the secure processor is not able to establish the communications link necessary for transferring the data to/from storage.

In some embodiments, the device can be configured such that it is incapable of receiving data from any non-localised network source. Thus, it is not configured (in software and/or hardware terms) for connection to the internet or a wide area telecommunications network. It can only operate to receive/send the data via a wireless connection when it is physically in close proximity to the source/destination device. The secure processor 3 is a dedicated microcontroller. Typically, it is a secure processor designed for USB secure token and smart card reader applications which require certificate based or other public key cryptographic schemes. It incorporates sophisticated security mechanisms to protect secret key data. Self-destruct inputs and environmental monitors (e.g. temperature and voltage sensors) are provided to erase secret key data when an attack condition has been detected.

Also included is an integrated USB device interface (including a transceiver), a hardware controller and a universal asynchronous receiver-transmitter. It supports high-speed encryption with hardware accelerators for various encryption techniques, and also includes a true hardware random-number generator for key generation and challenge generation.

The invention can be configured to provide various levels of security. Different embodiments will now be described to illustrate at least some of the configurations which may be used to benefit.

Example Embodiment 1 - 1 Secure Processor, Software on Source Device

Turning to Figures 1 and 2, suppose that in use a user generates some data on a source computer 1. For example, the user creates a text document using a word processing application. The source computer is a microcomputer (e.g. desktop PC, or laptop) having a main CPU 13 and a display component 6.

During processing and creation on the computer's CPU 13, the data is stored in volatile memory 5 (RAM) within the source computer 1. The software component 4 of the invention is installed on the user's PC 1 and is represented as a folder icon on the graphical user interface displayed on the screen 6.

At some point in time, the data must be transferred from RAM 5 to secondary (nonvolatile) storage 2 so that it can be retained for long-term access and retrieval. However, it must be transferred in a secure manner, and must be stored in a form which is readable only to authorised parties.

In order to save the data, the user 12 drags the data file onto the software folder on the screen 6. The software 4 then searches for a specific secure processor 3 a. If it does not detect its presence within range, the save request is not performed. Alternatively, if it is located the software 4 the software performs a password check, requiring the user to enter a pre- designated password before being allowed to continue with the process. If the password is entered correctly, the software initiates a secure communications link 7 with the secure processor 3 a and sends the data file to the processor 3 a for encryption. This is shown in Figure 1.

The secure processor 3 a performs hardware and software encryption of the data. It then stores the data to the non-volatile storage 2. The storage is a flash drive that the user 12 has inserted into the device 8 via the USB interface 11. Thus, figure 1 shows a laptop computer 1 being used to establish a link 7 with a security device 8 which is in close proximity to the source computer 1. The link shown is a wi-fi link 7 although a Bluetooth connection may be used (or another form of connection). The device 8 houses an antenna 9a and a wireless unit 10 for enabling the communications link. When the data is saved it flows from the source 1 to the device 8 via the communications link 7, through the secure processor 3 a within the device 8 (where it is encrypted) and onto the storage device 2 via a USB interface 11. This data flow is illustrated in figure 3, with the data flowing in the direction of the arrow (source computer 1 not shown in Figure 3). It will be appreciated, however, that the data flow could be reversed, with data being retrieved from the storage device, decrypted by the secure processor 3 a, and transmitted to the computer (which now serves as and is referred to as a 'destination'). The pairing of the secure processor and the software enables the flow of data in either direction. The wireless unit 10 comprises the necessary protocols for the connection 7 to be established, and to allow the device 8 to perform the necessary handshake with the other computing device. The protocols may include proprietary protocols to enable pairing of the system components. When the data is travelling from the computer 1 to the storage device 2, the computer may be referred to as a 'source' device (as per figure 3). When the process is reversed (i.e. data is retrieved from storage 2, decrypted by the processor 3a, and transmitted to the computer 1 via wireless link 7) the computer 1 may be referred to as a 'destination' device. This is illustrated in Figure 2.

The communications link 7 established for the transfer of the data is a localised connection. By 'localised' it is meant that the data does not travel as part of a Wide Area Network, as the source 1 and security device 8 are in close proximity. If they are not in close proximity, the link cannot be established.

In a preferred embodiment, the link 7 is a wireless link. This may be, for example, a Bluetooth link or a wi-fi based link. Thus, by preventing access to a wider communication network the vulnerability of the data is reduced. The transmission of the data may be conducted via a secure tunnel consisting of an encrypted tunnel created through a protocol connection. According to various embodiments of the invention, the software 4 and the secure processor 3 a may be provided anywhere in the system relative to one another. For example, in figure 2 the software 4 is installed on the source computer 1.

Example Embodiment 2 - 1 Secure Processor, Software on Remote Computing Device

In another embodiment, which is a variant of figure 7, the software is installed on a device which is remote (separate) from the security device and/or source/destination. As with embodiment 1, the secure processor 3 a is provided on a dedicated data security device 8 into which the user 12 plugs an external storage device 2. The software could, for example, be installed on a web server which is separate from the tablet or PC (source) on which the data is created or used.

In such an embodiment, the user is required to authenticate (i.e. 'log in') before being allowed to use the software (and thus the security device 8). The log in may be performed via a secure web page.

This is shown in Figure 7 wherein, as per option 2, the software is logged into via a server. The software communicates with the secure processor unlocking access to the data. Example Embodiment 3 - 2 Secure Processors, Software on Source Device

In this embodiment, the source device 1 is a computer (such as a tablet). The tablet is provided with a second secure processor 3b as shown in figures 2, 4 and 7 (option 1).

Suppose that the user 12 wishes to view data which has been previously stored on a storage device 2. The user 12 plugs the storage device 2 into security device 8 via USB interface 11. The data is processed by the secure processor 3a and is sent by the wireless unit 10 via the antenna 9 out to the destination 1 via the wireless link 7. In such an embodiment, where two secure processors 3a, 3b and the software 4 are provided, a higher level of security is achieved as now the presence of three paired components must be established in order for the system to function. The second secure processor 3b is paired with the software.

As shown in in Figure 7, option 1, the tablet/PC is provided with a secure processor 3 b. The secure processor 3 a in the security device 8 talks to the secure processor in the tablet 3b in order to see if they are matched. If they are matched (paired) then they can perform the handshake operation and the communications link 7 can be established.

Example Embodiment 4 - 3 Secure Processors, Software on Remote Device

In yet another embodiment (a variant of Figure 7), 3 secure processors may be provided, with the software being installed remotely from the source/destination e.g. on a web-based server. The processors are located within the security device 8, the source device 1 and on the remote device (not shown). These processors may all be paired to one another such that the system only operates when all three processors have established each other's presence. The processor 3a in the security device 8 'shakes hands' with the processor 3b on the source (tablet) 1. If a pairing is established, the source computer logs into the software 4 via the internet. The secure processor 3b on the tablet shakes hands with the secure processor on the remote server (3 ^rd secure processor is not shown in Figures). Once all handshakes have been performed and the communications links established, the processing and retrieval/storage of the data can be performed.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims, any reference signs placed in parentheses shall not be construed as limiting the claims. The word "comprising" and "comprises", and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In the present specification, "comprises" means "includes or consists of and "comprising" means "including or consisting of. The singular reference of an element does not exclude the plural reference of such elements and vice- versa. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.