The inventive concept relates to host controller interfaces. More particularly, the inventive concept relates to security management units in host controller interfaces that are capable of managing a security policy according to region of a corresponding storage device. The inventive concept also relates to methods of operating a host controller interface including the security management unit, as well as devices including such host controller interfaces.
Data security is an important consideration in the design and operation of storage devices within contemporary computer systems. An effective data security approach must prevent unauthorized access to stored data, whether such access intends to read, manipulate, alter, falsify, forge, or extract the data stored. An effective data security approach must also prevent an external agent from blocking access to stored data by a legitimate user.
The data bus (and commensurate data signals communicated by the data bus) between a host controller interface and a corresponding storage device are often targeted during an operation directed to stored data. As a result, many conventional systems will encrypt the data being communicated between the host controller interface and storage device. Various encryption methods and/or encryption modules may be used in conjunction with the host controller interface for this purpose. Such conventional approaches work fairly well so long as the data security policy is applied to all of the data stored across all of the regions of the storage device.
That is, when a so-called “secure processor” is used to manage a particular data security policy for the storage device, significant overhead is encountered when data processing must be performed by a “non-secure processor”. In effect, the processor switching between data having different data security polices degrades overall performance in the constituent computer system.