Traditionally, computer readable data is typically stored by data storage hardware devices, such as hard disk drives, that comprise computer readable media on which the computer readable data is stored. To prevent unauthorized access of data, especially in situations where physical access to the data storage hardware is gained, such as through theft or loss, the concept of “full volume encryption” was developed whereby data belonging to a data volume was stored in an encrypted manner. Consequently, even if such a data storage device were to be stolen and communicationally coupled to a computing device having no executable instructions for the protection of the data, the data could, nevertheless, remain protected, since it would be physically stored in an encrypted manner.
To increase the efficiency of such full volume encryption, the task of encrypting and decrypting data can be performed by hardware associated with the storage device itself, instead of by the central processing unit of the host computing device. Such hardware encrypting storage devices appear, to higher level components, such as the operating system or application software, as traditional storage devices. However, upon receiving data for storage, such hardware encrypting storage devices automatically encrypt the data before placing it on the storage medium. Similarly, when reading data, a hardware encrypting storage device will read the data from the storage medium and decrypt it first, before providing it to higher level components.
Typically, hardware encrypting storage devices utilize one cryptographic key to encrypt and decrypt data that is stored in one range of storage locations, or “addresses”, and another, different, cryptographic key to encrypt and decrypt data that is stored in a different range of storage addresses. The range of addresses which comprise data encrypted by a single key is traditionally called a “band”, and the bands of a hardware encrypted storage device are typically configured by the computing device to which such a hardware encrypting storage device is communicationally coupled. Similarly, the cryptographic keys utilized to encrypt and decrypt data that is stored within the bands are typically protected, either directly or indirectly, by cryptographic keys that are likewise managed by the computing device to which such a hardware encrypting storage device is communicationally coupled. However, the computer-executable instructions, executing on such a computing device, that can perform some aspect of band management may be different from, and operate independently of, the computer executable instructions, again executing on such a computing device, that performs some aspect of key management.