A method and system to maintain portable computer data secure and an authentication token for use in the system are provided. The present invention provides for fine-grained authentication and full security of a laptop file system. The laptop disk is encrypted and each time data is fetched from the disk the laptop sends a short message requesting a decryption key from an authentication token worn or associated with the proper laptop user. If the user and his/her token are “present,” then access is allowed. If the user and his/her token are not “present” (i.e., within a predetermined radius), then access is disallowed and all in-memory data is flushed to the disk. The user wears the small authentication token that communicates with the laptop over a short-range, wireless link. Whenever the laptop needs decryption authority, it acquires it from the token; authority is retained only as long as necessary.
Portable computers such as laptops are vulnerable to theft, greatly increasing the likelihood of exposing sensitive files. Storing laptop data in a cryptographic file system does not fully address this problem. Such systems ask the user to imbue them with long-term authority for decryption, but that authority can be used by anyone who physically possesses the machine. Forcing the user to frequently reestablish his identity is too intrusive, encouraging him or her to work around or disable encryption entirely.