-2-
FIELD OF THE INVENTION
The present invention relates to a device for securing data storage by storing it
in encrypted form. More particularly the invention relates to a security device for
encrypting and decrypting the data before reading or writing data to drive of a
storage media like CD or DVD.
BACKGROUND OF THE INVENTION
Known operating system dependent methods of data encryption typically do not
have a secure method for storing encryption key. Encryption keys are kept in
clear text in an open operating system. If someone gains access to that machine
such a method may lead to disastrous results.
US Patent 5, 883, 958 discloses decryption method for data, encrypted on the
basis of an encryption key generated in a prescribed manner by a first device. A
second device receives the encrypted data from the first device, for decrypting
the encrypted data by means of the encryption key generated by the first device.
The document discloses the method of calculating and generating the encryption
key.

-3-
The document mainly focuses on providing a method and device for decryption
and playback of MPEG video data.
However, personal information about individuals are to be maintained in
accordance with regulatory compliance like Health Insurance portability and
Accountability Act (HPAA). Simple outlining XML, (SOX); Gramm Leach Bliley Act
(GLBA) and California Security Breach Info.] There was therefore, a need for a
security device and method for data encryption and storage which is
independent of the operating system providing greater security and flexibility.
SUMMARY OF THE INVENTION
The main object of the present invention is to provide a security device
attachable to the drive of storage media like CD / DVD, for encrypting and
decrypting the data before writing or reading data to the CD / VCD drive. The
security device can be fitted to any CD / DVD drive and is provided with a data
cable attached with it.

-4-
The security device of the present invention can also be provided as an in-built
component of the CD / DVD drive.
Another object of the invention is to provide a method which can set or update a
"secret key" used for encrypting the data. This will avoid the need to depend on
a single "secret key", thus making the security even more robust.
The hardware of the security device of the present invention, which can be a
detachable module (for CD / VCD), comprises an encryptor / decryptor chip and
a key storing module. The encryptor / decryptor chip is a hardware engine for
performing encryption and decryption using a "secret key" stored in the key
storing module and pass on the data to the CD / VCD drive. The encryption of
data as already stated, is done using the encryption key.
The "secret key" for encryption can be set or updated by a key manager tool.
The key manager tool is provided with means for interacting with this device to
set / update the "secret key" stored in key storing module. After updating the
key can be used to encrypt / decrypt the data. Only the administrator should
have access to the key manager tool.

-5-
Writing and reading of data to and from the CD / DVD drive can be done using a
data manager tool. The data manager tool is provided with means for burning
for writing to the CD / DVD drive and for reading the data in clear format after
decryption of data from the encrypted CD / DVD.
This encryption / decryption solution of the present invention will work with all
operating systems, applications and versions performing data encryption and
decryption ensuring full security for key and data.
In a preferred embodiment the present invention provides a device for securing
data storage comprising: A device for securing data storage comprising: a
hardware engine for performing encryption / decryption of data using a secret
key that can be set and updated by a key manager tool; a key storage module
provided in said hardware engine for storing the settable and updateable secret
key; and a data cable for connecting said hardware engine to data line of a CPU;
thereby allowing the hardware engine to pass on the data to the CD / DVD drive
for writing / reading using a data manager tool.

-6-
In another preferred embodiment the invention also provides a process for
securing data storage by storing data in an encrypted form comprising the steps
of: attaching a security device to a drive of a storage media like CD / DVD drive;
setting a secret key stored in a module of said security device using a key
manager tool; encrypting the CD / DVD with the help of the secret key for
passing on data through a data cable to a security device; encrypting /
decrypting encryptor / decryptor chip using said secret key; and passing on data
to the CD / DVD drive using a data manger tool after filtering out any media
specific commands in the encrypted / decrypted data.
BREIF DESCRIPTION OF THE ACCOMPANYING DRAWINGS
The invention can now be described in detail with the help of the figures of the
accompanying drawings in which
Figure 1 shows the detachable encryptor / decryptor
module of the present invention.

-7-
Figure 2 illustrates the positioning of the encryption / decryption
chip module between the data line and CD / DVD drive.
DETAILED DESCRIPTION
As shown in Figure 1 reference numeral 10 represents the security device of the
present invention, which comprises a key storage module 1 provided in a
hardware engine 4. The hardware engine 4 comprises an encryption /
decryption chip module for encrypting / decrypting data using a secret key
stored in said key storage module 1.
The security device 10 of the present invention is provided with an ON / OFF
mechanism (not shown) in the chip to enable / disable the encryption /
decryption module. When the user does not want to perform encryption /
decryption the OFF switch can be used and the security device need not be
detached from the CD / DVD drive.

-8-
The hardware engine can be implemented in the form of a universal serial bus
(USB) dongle. The dongle can have the secret key stored in it and this key is re-
programmable by a key manager tool to provide key management capabilities.
The data can be encrypted / decrypted with the secret key stored in the
universal serial bus (USB) dongle.
The encryption / decryption chip module 4 is provided with intermediate layer 2a
for receiving data from data line of CPU 21 through data cable 26 (Fig. 2).
Data cable IDE slot 3a is for establishing contact with data cable 26. IDE slot 3b
is for attaching the security device 10 to the CD / DVD drive 25.
Reference numeral 21 represents a central processing unit (CPU) for sending and
receiving data through data cables 26. Data cable 26 is connected with CPU 21
at one end and to the security device 10 at the other end. The security device
10 is placed between the data line of CPU 21 and the CD / DVD drive 25. An IDE
connector 3b is attached directly to the storage media CD / DVD drive 25.

-9-
The central processing unit 21 of figure 2 is provided with a key manager tool for
setting or updating the secret key stored in the key storage module 1. This key
manager tool of the central processing unit 21 comprises means 27 for
interacting with the security device 10 of the present invention to set / update
the secret key. The CPU 21 is further provided with a data manager tool
comprising means 28 for passing on data to CD / DVD drive 25 via data cable 26
and intermediate layer 2a of the security device 10.
The encryption / decryption module 4 is further provided with intermediate layer
2b which allows means 28 to pass on only data part to the CD / DVD drive 25
after filtering out storage media specific commands.
The CD / DVD will then have the encrypted data and the original data can only
be retrieved by a person having the security device and appropriate secret key
embedded in said device.
For retrieving the clear text data the security device having same secret key as
the one used for the encryption, has to be attached.

-10-
The encryption data can be obtained from the key manager tool / data manager
tool while the CD / DVD would still have only the encrypted data.
As alternatives, an integrated key management module can be used instead of
storing a single secret key at a time. This module can manage and save various
sets of keys that the user can use for securing data in the CD / DVD media.
A high speed encryption / decryption chip can be used to minimize the latency so
that it should not put any constraint on DVD write / read speed.
Thus the security device of the present application provides encryption solutions
which are independent of the operating system providing security and flexibility.
The main importance of the present invention is to prevent data theft. Using this
invention, the user can ship his highly confidential data across geographies
without worrying since the data is encrypted. In case of theft, the data is in
encrypted form and of no use of the hacker / thief. The hacker needs to have a
combination of DVD, the secret key and the hardware appliance to actually get
the data.

-11-
WE CLAIM
1. A device for securing data storage comprising:
- a hardware engine for performing encryption / decryption of data
using a secret key that can be set and updated by a key manager
tool;
- a key storage module provided in said hardware engine for storing
the settable and updateable secret key; and
- a data cable for connecting said hardware engine to data line of a
CPU;
thereby allowing the hardware engine to pass on the data received from
said data line to the CD / DVD drive for writing / reading using a data
manager tool.
2. The device as claimed in claim 1, wherein said hardware engine is an
encryption / decryption chip module.

-12-
3. The device as claimed in claim 2, wherein said encryption / decryption
chip module is provided with an intermediate layer for receiving data
from said data line through a data cable.
4. The device as claimed in claim 1, wherein said device is an in-built
component of the CD / DVD drive for providing to said CD / DVD drive
capability of encryption of data before writing and decryption of data
before reading, using the secret key.
5. The device as claimed in claim 2, wherein an on / off mechanism is
provided in said encryption / description chip module to enable / disable
the encryption / decryption module.
6. The device as claimed in claim 1, wherein said chip module is
implemented in the form of universal serial bus (USB) dongle.
7. A device for securing data storage, substantially as herein described and
illustrated in the accompanying drawings.

-13-
8. A process for securing data storage by storing data in an encrypted form
comprising the steps of:
- attaching a security device to a drive of a storage media like CD /
DVD drive;
- setting a secret key stored in a module of said security device using
a key manager tool;
- encrypting the CD / DVD with the help of the secret key for passing
on data through a data cables to a security device;
- encrypting / decrypting encryptor / decryptor chip using said secret
key; and
- passing on data to the CD / DVD drive using a data manager tool
after filtering out any media specific commands in the encrypted /
decrypted data.

-14-
9. The process as claimed in claim 8, wherein the data encrypted in the CD
/ DVD and the original data can be retrieved only with the help of the
security device having the correct secret key embedded therein.
10. The process as claimed in claim 8, wherein a clear text data can be
retrieved only with the help of the security device having the same
secret key as the one used for data encryption.
11. A device for securing data storage, substantially as herein described and
illustrated in the accompanying drawings.
Dated this 14th day of August 2007.

The main object of the present invention is to provide a security device
attachable to the drive of storage media like CD / DVD, for encrypting and
decrypting the data before writing or reading data to the CD / VCD drive. The
security device can be fitted to any CD / DVD drive and is provided with a data
cable attached with it.
The security device of the present invention can also be provided as an in-built
component of the CD / DVD drive.
Another object of the invention is to provide a method which can set or update a
"secret key" used for encrypting the data. This will avoid the need to depend on
a single "secret key", thus making the security even more robust.
The hardware of the security device of the present invention, which can be a
detachable module (for CD / VCD), comprises an encryptor / decryptor chip and
a key storing module. The encryptor / decryptor chip is a hardware engine for
performing encryption and decryption using a "secret key" stored in the key
storing module and pass on the data to the CD / VCD drive. The encryption of
data as already stated, is done using the encryption key.
The "secret key" for encryption can be set or updated by a key manager tool.
The key manager tool is provided with means for interacting with this device to
set / update the "secret key" stored in key storing module. After updating the
key can be used to encrypt / decrypt the data. Only the administrator should
have access to the key manager tool.
In another preferred embodiment the invention also provides a process for
securing data storage by storing data in an encrypted form comprising the steps
of: attaching a security device to a drive of a storage media like CD / DVD drive;
setting a secret key stored in a module of said security device using a key
manager tool; encrypting the CD / DVD with the help of the secret key for
passing on data through a data cable to a security device; encrypting /
decrypting encryptor / decryptor chip using said secret key; and passing on data
to the CD / DVD drive using a data manger tool after filtering out any media
specific commands in the encrypted / decrypted data.