1. Field of the Invention
The invention relates to the field of data processing systems, and more specifically to a method, apparatus, and product for prohibiting unauthorized access of data that is stored on storage drives.
2. Description of the Related Art
As is well known to those of ordinary skill in the art, certain binary sequences or patterns are to be avoided when writing binary data to a magnetic recording disk, since these binary patterns stress the ability of the head/disk interface to accurately position the magnetic transitions at the desired positions linearly along the track surface of the disk. In order to avoid these patterns, it is known in the art to randomize data prior to writing the data to the disk. The data is then de-randomized upon subsequently reading the randomized data from the disk.
In known storage drives, a standardized seed is used by the storage drive when reading or writing data regardless of the process, application, or partition that requests the read/write access. This seed is generated within the storage drive itself for use by the storage drive's randomizer/de-randomizer. When a request is received by the storage drive to write data, the randomizer uses the storage drive's seed to randomize the data. The randomized data is then written to the storage drive. When a request is received by the storage drive to read data, the de-randomizer uses the same seed to de-randomize the retrieved randomized data.
This same seed is used whenever a request to read or write is received. Therefore, all applications and partitions that write data to the storage drive will have their data randomized using the same seed. Conversely, when data is requested by any application to be read from the storage drive, the requested data is de-randomized using the same seed.
In the prior art, the seed is selected by the storage drive. The seed is kept within the storage drive. The seed is not unique to any particular application, process, partition, or operating system. Thus, all data on the storage drive is randomized using the same seed. Therefore, all of the data can be de-randomized using the same seed.
The seed of the prior art is a method for eliminating read/write errors when accessing a storage drive. The seed is not used as a security device to protect the data on the storage drive because any process can access the data by transmitting an access command to the storage drive.
Storage drives can be removed from one computer system and inserted into a different computer system where the data stored on the drive can then be accessed. This may be necessary in order to repair a drive. The drive may be removed from its computer system and then sent to a repair facility which then has access to the drive's data. Because the standardized seed is stored within the storage drive, once the drive is removed, its data can be accessed and is not protected. In order to access the data on a typical drive, an appropriate access command is sent to the drive. The drive then uses the standardized seed that is stored in the drive to de-randomize the data that is stored on the drive. Thus, the data on a drive that is inserted into a different computer system can be easily accessed.
The ability to protect a data processing system is limited by the manner in which trust is created or rooted within the data processing system. To address the issues of protecting data processing systems, a consortium of companies has formed the Trusted Computing Group (TCG) to develop and to promulgate open standards and specifications for trusted computing. According to the specifications of the Trusted Computing Group, trust within a given data processing system or trust between a data processing system and another entity is based on the existence of a hardware component within the data processing system that has been termed the trusted platform module (TPM).
A need exists for a method, apparatus, and computer program product for prohibiting unauthorized access of data that is stored on storage drives.