Disc drive and other storage subsystems, including flash memory devices and removable storage devices, typically have a processor (sometimes called a microprocessor) in their built-in electronics. The processor can be used to hide computations as well as stored data. In many security applications, and in many applications where an application provider may wish to guard against fraudulent use of applications or content, it may be desirable to perform certain computations in a hidden way. This includes hiding keys that may be employed to unlock an asset through a cryptographic proof or through simple knowledge of a shared secret. Performing computations in a hidden way may also include hiding certain computations that may be employed to allow software or content external to the storage device to operate desirably.
Generally, devices that offer storage subsystems with hardened security features employ various measures to protect data from unauthorized discovery. One such technique involves securing tabular data areas with various authentication methods.
One potential problem with any secured data area involves user access to that secured data area. More specifically, the user may or may not be granted access to that area. In some cases, access issues may lead to undesirable consequences, particularly when a confidential data area is secured by, for example, a malicious or otherwise unauthorized agent.
One purpose of versatile security data areas is to permit a third-party software vendor to acquire control over a hidden security partition (SP) on a disc drive or other storage subsystem. Once the vendor gains control, the vendor can set access controls on the data within that partition in any fashion. Unfortunately, the vendor may also deny the owner of the storage subsystem access to the data in the security partition. While it is common for third-party software vendors to deny owners access to data, in general, the owner always retains the option of deleting the associated software as well as explicitly installing the software. If an application is permitted to create a security partition without the permission of the device owner or a user of a device, a security partition may be created on the storage subsystem to which neither the user nor the device manufacturer has access. In other words, data may be hidden from the user, device owner or manufacturer which may be malicious but which remains inaccessible.
Therefore, there is a need in data storage for a system and method for controlling and managing security partition issuance and usage. Embodiments of the present invention provide solutions to these and other problems, and offer other advantages over the prior art.