Security is a critical issue with almost all aspects of computer use. Storage media, such as hard disk drives attached to computers, contain valuable information, which is vulnerable to data theft. A great deal of money and effort are being applied to guarding personal, corporate, and government security information.
As portable memory storage devices have become smaller, easier to lose, more ubiquitous, cheaper, and larger in memory capacity, they have come to pose extraordinary security problems. It is now possible to download massive amounts of information surreptitiously into portable memory storage devices, such as universal serial bus flash and micro drives, cellphones, camcorders, digital cameras, iPODs, MP3/4 players, smart phones, palm and laptop computers, gaming equipment, authenticators, tokens (containing memory), etc.—in general, a mass storage device (MSD).
More specifically, there are millions of MSDs being used for backup, transfer, intermediate storage, and primary storage into which information can be easily downloaded from a computer and carried away. The primary purpose of any MSD is to store and retrieve “portable content,” which is data and information tied to a particular owner, not a particular computer.
The most common means of providing storage security is to authenticate the user with a computer-entered password. A password is validated against a MSD stored value. If a match occurs, the drive will open. Or, the password itself is used as the encryption key to encrypt/decrypt data stored to the MSD.
For drives that support on-the-fly encryption, the encryption key is often stored on the media in an encrypted form. Since the encryption key is stored on the media, it becomes readily available to those willing to circumvent the standard interface and read the media directly. Thus, a password is used as the key to encrypt the encryption key.
For self-authenticating drives with on-the-fly encryption—e.g., self-encrypting drives (SEDs), their authentication sub-system is responsible for maintaining security. There is no dependency on a host computer to which it is connected. Thus, a password cannot (or need not) be sent from the host in order to unlock the MSD. In fact, the encryption key no longer needs to be stored on the media. The authentication subsystem becomes the means for managing encryption keys.
Some SEDs may also be installed within other devices, such as hard drives with encryption capabilities installed within servers, personal computers, printers, scanners, laptops, tablets, embedded systems, mobile devices, etc. However, some solutions rely on a user entering a password on the hosting device, and then the password is transmitted to the SED. Because they rely on the host, these SEDs have dependencies on the architecture of the host, such as hardware interfaces and host operating systems. Further, by having to maintain a communication channel to receive the passwords, the STDs are susceptible to hacking via this communication channel; the SEDs cannot be completely locked out from the host as the SEDs have to have some open data channels to send the user-authentication information.
Thus, a need still remains for improved security. In view of the ever-increasing commercial competitive pressures, along with growing consumer expectations and diminishing opportunities for meaningful product differentiation in the marketplace, it is critical that answers be found for these problems. Additionally, the needs to reduce costs, improve efficiencies and performance, and meet competitive pressures add an even greater urgency to the critical necessity for finding answers to these problems.
Solutions to these problems have been long sought, but prior developments have not taught or suggested any solutions and, thus, solutions to these problems have long eluded those skilled in the art.