The use of portable storage devices has become widespread. Storage technology such as flash memory and hard drives have become inexpensive and very small in size, thus enabling the development of portable storage devices that can be used to easily move large amounts of data between computers. These devices create serious security threats, as their small size makes them subject to loss and theft. Because highly confidential and sensitive data such as company trade secrets or personal information concerning employees can be stored on such devices, unauthorized access can create very severe security, business and legal problems.
Portable storage devices exist today in which the stored data can be encrypted, such that the device cannot simply by plugged into any host and read. In some encryption protected devices, the actual encryption is executed by the portable device, typically at a hardware level. The user can decide what data to encrypt, and what to leave in the clear. Encrypting data on a portable storage device is an important security measure, but it is only effective to the extent it is used. Encrypting data has an overhead, and thus it not uncommon for users to leave sensitive information unencrypted.
Portable storage devices can also be password protected, such that a password must be entered to access the device when it is plugged into a host. However, simple password protection is subject to hacking, and if the data has been left unencrypted on the device, a sophisticated party can often gain access, the password protection scheme notwithstanding.
Host management systems also exist, which allow only portable storage devices which specific serial numbers to be attached. These systems allow an IT department or system administrator to prevent unknown portable devices from being connected to computers in an organization. For example, an employee could not bring a portable device from home and connect it to his work computer under such a system. As portable storage devices can spread viruses and other malware, being able to prevent unauthorized portable devices from being used within the organization is beneficial. However, these host management systems provide no additional security for authorized portable devices.
Thus, despite the security features discussed above, portable storage devices are still subject to unauthorized access of confidential information. It would be desirable to provide further security for portable devices to address this shortcoming.