Developments in the field of digital rights management (DRM) have accelerated as the proliferation of peer-to-peer file sharing services on the Internet exacerbate the conflict between digital content creators and digital content users. Much digital content such as financial records or medical records is extremely private yet has to be shared with the appropriate users. Transmission of such private digital content over the Internet is problematic even when the content is encrypted given the ever-increasing skills of “hackers.”
Trusted computing is a development that addresses security concerns. Trusted computing describes trust in terms of consistency: an entity can be trusted when it always behaves in the expected manner for the intended purpose. A trusted entity is necessarily secure from unauthorized access so that specified, expected behavior cannot be manipulated. Furthermore, trust can be transitive—it can be extended from one entity to another within a trusted computing protocol.
Trusted computing experts generally agree that trust should be rooted with a hardware component. Software, while an important component in trusted computing, is inadequate by itself because the flexibility of software makes it difficult to protect. The barrier to mount a software-only attack is lower that an attack that involves hardware. Attacks on hardware require significant skill and specialized hardware whereas software-only attacks are limited primarily by the intellectual skills of the hacker. Moreover, as hardware becomes increasingly more sophisticated, this dichotomy between software-only attacks vs. attacks that involve hardware becomes exacerbated. Furthermore, software-only attacks can be automated and thus executed without detailed system knowledge and/or distributed over networks.
All computing systems typically need association with storage devices. For a trusted computing system, storage devices have two roles. Both roles involve serving as a repository of sensitive information. The first role is traditional and more passive—the storage device makes no distinction between sensitive and non-sensitive information. Operating systems and software applications thus manage all aspects of security and trust for such storage devices. A second role for storage devices in trusted computing systems is more active such that the storage device is a direct participant in trusted computing. In this manner, a boundary of trust can be extended to include the storage device, thereby creating new trust and security capabilities for the resulting trusted computing system.
As a direct participant in trusted computing, a storage device is primarily concerned access control and confidentiality. Access control is a mechanism that permits only authorized entities to access resources whereas confidentiality is keeping information secret. Paramount to establishing access control is entity authentication, a mechanism that assures a storage device of a client's identification. Accordingly, there is a need in the art for storage devices having improved entity authentication and confidentiality capabilities.