Over the past few years, many companies have recognized that hard disk drives and other types of data storage devices are highly susceptible to attack. Currently, some types of electronic devices, such as laptop computers for example, rely on password-entry security processes to control access to its hard disk drive. However, other types of electronic devices are unable to effectively utilize password-entry security processes.
For instance, generally speaking, web servers are in constant operation (24×7). However, on occasion, a particular server undergoes a reboot operation (e.g. power-down immediately followed by a power-on operation), which are normally conducted in the early morning hours to avoid disruption in the services offered by the server. During the reboot operation, in accordance with the ATA/ATAPI Command Set-2 specification (2009), a security unlock command is sent to the drive(s) on the server, where the security unlock command includes the password in plain text to unlock the drive. Given that this password is susceptible to an interloper who may try to monitor communications with the server (referred to as “tapping”), administrative level oversight is needed. This administrative oversight is costly and highly inconvenient as this typically requires information technology (IT) personnel to participate in a password-entry security process every time the server is forced to reboot.
Furthermore, due to remoteness of many servers, password-entry security processes are susceptible to the interloper who may intercept password information provided from the server after reboot and, with knowledge of the password, bypass all the security features of these drives in order to recover proprietary software code and other stored content within a hard drive of the server.
Hence, to provide better security, especially for servers and other remotely located storage devices, a security mechanism is needed with some capability to mitigate any attempts to “tap” and access exchanged communications in response to reboot or other state-changing events that may require authorization before granting access control.