A method and system for maintaining integrity and confidentiality of pages
paged to an external storage unit from a physically secure environment.
An outgoing page is selected to be exported from a physically secure
environment to an insecure environment. An integrity check value is
generated and stored for the outgoing page. In one embodiment, this takes
the form of taking a one-way hash of the page using a well-known one-way
hash function. The outgoing page is then encrypted using a
cryptographically strong encryption algorithm. Among the algorithms that
might be used in one embodiment of the invention are IDEA and DES. The
encrypted outgoing page is then exported to the external storage. By
virtue of the encryption and integrity check, the security of the data on
the outgoing page is maintained in the insecure environment.