1. Statement of the Technical Field
The present invention relates to data storage devices and more particularly to a method and system for preventing unauthorized access to one or more proprietary storage areas on the data storage device and for providing irreversible physical evidence that one or more proprietary storage areas of the storage device has been accessed.
2. Description of the Related Art
While compact discs and DVDs proved to be preferred data storage medium of the 1990s, solid state data storage devices such as USB memory keys, Flash Direct Access Storage Devices (DASDs), or Portable External Memory/Storage Packages (PEMPs) are likely to supplant compact discs in the 21st Century as the preferred means of distributing and storing digital information. USB memory sticks have become very popular due to their many advantages over traditional storage devices like floppy disks, ZIP disks, and CD-ROMs. Memory sticks, also known as Flash drives, are small, lightweight, portable devices about the size of a highlighter pen and typically store between 1 MB to 1 GB of data. Similar devices are evolving with much higher storage capabilities. Their transfer rates (about 1 MB/sec), portability, and solid state design (no moving parts to become damaged) provide enormous advantages over traditional storage devices.
However, memory sticks are not without inherent problems. The size and portability of memory sticks allow the devices to be lost, misplaced, or stolen rather easily. If misplaced and discovered by a third party, there is little in the way of security features that would prevent the person from accessing data on the device. Further, unlike compact discs, such devices may contain multiple independent storage locations. Providing a user with access to the storage device gives them access to all areas on the device even if some areas contain proprietary information. When a USB device is accessed, there is no indication as to which portion or portions of the device was accessed.
Although there exist methods, via software, that restrict access to certain portions of the data storage device, if the software is hacked, there is currently no method to verify the unauthorized access to those locations on the device since current methods cannot detect evidence of such unauthorized activity. For example, some devices require the entry of a password to obtain access to specified storage areas. Clever software hackers can circumvent this type of protective measure and access the protected areas.
There are many circumstances where access to certain areas of the data storage device should be prohibited. For example, a user may wish to view a movie trailer or hear a clip from a song prior to committing to the purchase of the entire movie or song. In these instances, the user is presented with a media storage device and can freely access the trailer or clip as often as they wish. If they choose to purchase the full length movie or song, they must first complete a financial transaction. After the user has paid for their selection, software programmed in the device's processor may then remove the protection that was preventing access to the full media file. A little ingenuity and reverse engineering can give a software hacker physical access to these files without leaving a trace.
In another scenario, employees may be entrusted to take home flash memory devices containing work-related files in order to work from home. The flash memory may also contain files that the employee is not allowed to access. Technically inclined, disgruntled or over-curious employees can access client lists, sales forecasts or research data that may be on the flash memory device and return the storage device to their employers, who are none the wiser. Accessing these proprietary files via software techniques leave no trace.
Other solutions may prohibit access to the entire data storage medium (i.e., shrink wrap around a CD), and one must break the seal around the storage medium to access the medium's entire contents. This is not a practical solution when some areas of the medium contain proprietary information or data that is prohibited from user access prior to the completion of a financial transaction. While other solutions might allow access to particular portions of a data storage or memory device, it is often desirable to obtain evidence that such access has occurred in the cases where the access was unauthorized. Such evidence is important for software providers or personal electronic player manufacturers to identify users that have attempted to “play without paying”. Software solutions, electrical solutions, or reversible mechanical solutions do not readily provide lasting evidence of unauthorized access.
It is therefore desirable to have a system and method that prevent content of specific areas of a solid state data storage device or memory storage medium from being accessed “on demand” while providing lasting physical evidence that the specific area has been accessed.