R
Roedy Green
As you may know, I wrote a program called the Replicator lets a group
of people share files, by automatically giving them just the changes
each time they access the central repository. It is a free program.
It was originally used by drug researchers to share data. I use to
let people maintain a mirror of my website on their local hard disk.
I was thinking about what sorts of security could be added using USB
flash drives.
In the simplest case I distribute only encrypted files. People are
given flash drives with a list of keys on them, which restricts them
to some branches of the document tree. They can then decrypt documents
and have them in plaintext form on their hard disks.
I have tried to find out what AES hardware encryption flash drives can
do and how that might be used to improve things. The Ironkey people
seem more forthcoming than most.
I also heard than NexCopy makes flash drives used for DRM distribution
of files.
Nice features would be:
1. not possible to copy the flash drive.
2. documents are never on hard disk in plaintext form. The viewer is
incapable of storing them there.
3. ability to revoke without co-operation of the revokee.
4. Someone other than the owner cannot use the flash drive to access
files.
5. there is a safe way to give enhanced access to someone without
physical access to their key.
So the questions:
1. what do you know about writing software to interface with enhanced
flash drives? I have not yet found any published apis or even detailed
instruction on how to operate such features manually.
2. have you any thoughts on how a scheme might work.
3. I played with the idea what I could do with a drive with a private
and public key, that could encrypt and decrypt text from the outside,
however, I get the impression, such beasts don't exist, or that such
features are not published.
--
Roedy Green Canadian Mind Products
http://mindprod.com
To err is human, but to really foul things up requires a computer.
~ Farmer's Almanac
It is breathtaking how a misplaced comma in a computer program can
shred megabytes of data in seconds.
of people share files, by automatically giving them just the changes
each time they access the central repository. It is a free program.
It was originally used by drug researchers to share data. I use to
let people maintain a mirror of my website on their local hard disk.
I was thinking about what sorts of security could be added using USB
flash drives.
In the simplest case I distribute only encrypted files. People are
given flash drives with a list of keys on them, which restricts them
to some branches of the document tree. They can then decrypt documents
and have them in plaintext form on their hard disks.
I have tried to find out what AES hardware encryption flash drives can
do and how that might be used to improve things. The Ironkey people
seem more forthcoming than most.
I also heard than NexCopy makes flash drives used for DRM distribution
of files.
Nice features would be:
1. not possible to copy the flash drive.
2. documents are never on hard disk in plaintext form. The viewer is
incapable of storing them there.
3. ability to revoke without co-operation of the revokee.
4. Someone other than the owner cannot use the flash drive to access
files.
5. there is a safe way to give enhanced access to someone without
physical access to their key.
So the questions:
1. what do you know about writing software to interface with enhanced
flash drives? I have not yet found any published apis or even detailed
instruction on how to operate such features manually.
2. have you any thoughts on how a scheme might work.
3. I played with the idea what I could do with a drive with a private
and public key, that could encrypt and decrypt text from the outside,
however, I get the impression, such beasts don't exist, or that such
features are not published.
--
Roedy Green Canadian Mind Products
http://mindprod.com
To err is human, but to really foul things up requires a computer.
~ Farmer's Almanac
It is breathtaking how a misplaced comma in a computer program can
shred megabytes of data in seconds.