Removable memory devices are found in a wide variety of data-processing systems. Not only traditional data-processing devices such as laptop computers, but other digital equipment such as hand-held computing devices, cameras, personal digital assistants, video gaming consoles, digital video recorders, digital entertainment equipment, and calculators may include hardware, software, and operating system support for removable memory devices.
In the past, removable memory devices were limited to relatively small capacity, low performance solid-state devices, such as flash memory cards. But with improvements in rotating magnetic storage technology, practical and affordable removable disk drive designs have become common. These removable memory devices offer substantial improvements in capacity, performance, and practicality. In addition, advances in digital technology have increased the storage capacity available in a practical removable solid-state memory device. Finally, emerging technologies promise greater capacities with better performance and lower costs aimed at the portable and removable storage markets.
As capacity, performance, and usefulness of removable memory devices continue to improve, many data processing systems have begun to rely on removable memory devices for the majority of the system's non-volatile storage. Even large desktop computing systems employ removable memory devices to facilitate data portability between systems. For example, a user can carry large quantities of data from home to work, or while traveling, increasing productivity. Other uses include archiving data, and storing digital entertainment data, such as video or music, for use later.
One result of these advances in removable and portable memory devices is that users tend to store much more data on removable memory devices. As removable memory device reliability has improved, a larger quantity of mission-critical or sensitive data is being stored on removable memory devices. Furthermore, as the devices have become smaller, more desirable, and more common it is inevitable that a larger number of them are eventually possessed by persons who do not own nor have permission to access the data on the removable memory devices in their possession.
While having large quantities of data easily portable and available is advantageous to the intended users, the potentially sensitive nature, personal aspects, and financial value of the data that may be stored on a removable storage device make it essential that the data remain secure, even if the removable memory device is not in an authorized user's possession.
Traditionally, access to data has been restricted by a combination of password controls and encryption. But software-based passwords and encryption are often inadequate, because the high performance data interface that makes these devices attractive to customers also enables high-speed attacks. Password attacks can be as simple as a computer program that attempts every possible password. The password attack, in particular, is dependent on a high-speed electronic access to the password mechanism to allow an automated, brute force attack. Encryption attacks are based on mathematical analysis of encrypted data, so a security method that allows access to the encrypted user data also facilitates the encryption attack.
Therefore, what is needed is a means to provide greater security without the potential weakness of a software-based password system or encryption system that will keep the data stored on the removable memory device secure any time it is not in an authorized user's possession. What is needed is a secure password method that is not easily susceptible to a brute force password attack. Additionally, what is needed is a security system that restricts any type of access to the user data, whether encrypted or not, in the absence of proper authorization and permission.