Proceedings of the 37th Hawaii International Conference on System Sciences- 2004 A Security Policy Based upon Hardware Encryption

This paper presents an overview of a mobile communications device that implements a key management policy and hardware encryption for datacentric security. Examples of applications for this device include portable medical record systems, inventory tracking systems, communication devices, and portable gaming systems. Security for these devices typically takes one of three forms: 1) a password or code, 2) a key or token lock, 3) a biometric user authentication system. These security measures are intended to protect the device against unauthorized access, but do not generally protect the device against threats to its intellectual property. Even if a password is required to use a device, it is still possible to duplicate the device, leaving out the authorization control. This paper presents a secure user interface that not only controls device access, but also allows for user-based device hardware customization while protecting against reverse engineering