Digital storage devices are equipped with hardware interfaces for connection to host computers. An interface for providing access to a storage device within a host computer is the Advanced Technology Attachment (ATA). Known storage devices inside host computers such as for example hard disk drives (HDD) and solid state drives (SSD) are oftentimes equipped with ATA interfaces.
A commonly accepted standard in host-storage device communication is the standard ATA/ATAPI (Advanced Technology Attachment Packet Interface) command set. The security feature set one of the features of the command set. The security feature set includes a security set password command for restricting access to user data stored on the digital storage device. With the security set password command, the storage device may be locked or unlocked using a user password.
When the security set password is enabled, the storage device is locked, i.e. access to user data on the device is denied. The security set password is enabled by using the security password. Only after a power-on reset the security set password is enabled. Only until a security unlock command is completed without error the storage device can be accessed again. The security unlock command requires a correct user password. More information about this standard can for example be found in the INCITS (International Committee for Information Technology Standards) 452-2008 (D1699): AT Attachment 8—ATA/ATAPI Command Set standard documentation, which is publically available.
The security feature set allows a user or system to digitally lock a storage device so that unauthorized persons and/or unauthorized systems cannot access the storage device. When a storage device is disconnected from its original host computer, and thereafter connected to another host computer, the security password cannot be provided by the user or the other computer. The storage device cannot be unlocked by the new host computer, and cannot be accessed.
A security feature set can be set by a computer provider, or by and end user. The security feature set can for example be accessed through the BIOS. When a user password has been lost, and the storage device has been locked, the storage device provider may unlock the storage device using a master password, which is generally not available to end users.
Another feature that allows for data in a storage device to be secured is encryption. Encryption may be defined as the process of transforming data using an algorithm (which may be called cipher) to make it unreadable to systems or users except those systems or uses that possess special knowledge, usually referred to as a key.
In some geographical regions certain encrypted data is not allowed. In some regions, encrypted data or data encryption may for example only be allowed if it is encrypted according to specific standards, for example local standards, and/or if specific licenses or certifications are obtained before the storage device enters the region. In some regions, it may not be allowed to encrypt data on a computer at all. Foreign storage devices with encrypted data or data encryption capabilities may not comply with regional regulations and are therefore not allowed to be imported into the region, or at least not without complying with the required standards and obtaining the relevant licenses or certifications first.
However, geographical regions applying encryption restrictions oftentimes do allow for the ATA security feature set to be applied in computers and storage devices. So it may happen that for a certain region the ATA security functionality for storage devices is allowed, while certain encrypted data or encryption functionalities on storage devices are not allowed.