Transient storage devices (TSDS) have come into widespread use for portable computer data storage in recent years. TSDs may take the form of universal serial bus (USB) flash drives and memory cards and “sticks” for mobile phones, digital cameras, personal digital assistants, digital music players (e.g., MP3 players), and other portable devices. Because of the large storage capacity of and high speed of data transfer to and from TSDs, security of data transfer to and from host devices to which a TSD may be connected is a recognized concern. The Institute of Electrical and Electronics Engineers (IEEE) 1667 standard for TSDs addresses this concern by including the definition of an authentication data structure (a “silo”) for the purpose of storing authentication certificates and subsequent authorization of access to user data on a TSD.
The IEEE 1667 standard allows for devices to have multiple authentication silos which, taken together, govern authorization of access to a single data storage area (an “addressable command target” or ACT) on the TSD storage volume. However, the standard presently only defines one type of authentication silo for certificates and does not suggest what other types of authentication silos could be used. The standard provides no direction with respect to which authentication silo to use in the situation in which more than one authentication silo for an ACT is present or with respect to differing environmental situations of use. Further, the standard lacks a general authentication configuration mechanism for use with multiple silos. An implementation of silo hierarchy and configuration within the constraints of the current IEEE 1667 standard is complicated because the specification provides a limited set of authentication and certificate store management operations as implemented by the certificate silo. However, any configuration solution would need to operate within the parameters and requirements of the current IEEE 1667 standard specification.