Beruflich Dokumente
Kultur Dokumente
2.3 Corporate
Protected
Storage ..............3
2.4 Securing
Credentials ..........5
www.discretix.com
This document may be used in its complete form only and is solely for the use
of Discretix employees and authorized Discretix channels or customers. The
material herein is proprietary to Discretix Ltd.; any unauthorized reproduction
of any part thereof is strictly prohibited. The contents of this document are
believed to be accurate at the time of distribution. Discretix reserves the right
to alter this information at any time without notice. The primary distribution
media of this document is soft copy. It can be printed on a black and white
laser printer using A4 or Letter size sheets.
1 Background
Today, data applications become increasingly commonplace with more
applications running on a larger number of devices, handling a growing
quantity of data.
Two segments that are particularly affected by that trend are handsets
and USB flash drives sectors. Handsets require an ever-increasing
storage capacity, which is now shifted into removable storage devices.
Both the removable storage capacity for handsets and the capacity of
USB drives exhibit very fast compound annual growth rate (CAGR) –
220% in the case of removable storage devices for handsets and 70%
in the case of USB flash drives. The combined capacity of these two
segments is estimated to reach over 61,000,000 Gigabytes in 2007
(34,000,000 GB attributed to handsets without including the non-
removable storage, and 27,000,000 GB attributed to USB drives)1.
In the mobile space, even the base-line handsets support new, more
advanced applications that require protection. These applications range
from entertainment-oriented ones that enforce copyrights to personal
secure storage that protects sensitive user information from prying
eyes.
1
Gartner 2004 and IDC 2003
Other proprietary schemes follow suit and use the same concept of
sensitive rights object that must be stored securely.
In the basic phones and older generation of handsets, most of the data
stored included private telephone lists and a log of SMS messages. In
contrast, in Smartphones e-mail messages, passwords and other
sensitive personal information are likely to be stored, requiring secure
storage.
USB drives are used not only to store and transfer information, but
also for secure personal applications such as password management
(single sign on). These applications naturally require secure storage for
all sensitive information.
Mass storage devices such as USB drives are beginning to be used for
specific applications where mass storage is combined with security
(secure storage).
Now the secure storage is ready for user or enterprise data. Each
user/enterprise data object has a corresponding key with a set of
access control rules that define when this key can be used to decrypt
the encrypted data (or encrypt it in the case of write permission).
Authorization mechanism used in order to gain access rights includes
one of the following: PIN (digits only), Password (alpha-numeric
characters), a symmetric key or a signature. The latter two cases may
be used when a remote server is a legitimate entity with access rights
that has to be strongly authenticated. Then, a challenge response
mechanism may be used, based on either digitally signing a challenge
(an associated certificate is used as a verification method) or
encrypting a challenge with a shared key.
Whenever there is a live session with the SO, that session should be
indicated in the secure storage mechanism. The secure storage
mechanism may need to query the status of this bit in order to provide
the rights associated with it, in accordance with what is specified in the
security record associated with the data object.