The present inventive concept relates to data security technology, and more particularly, to data storage devices capable of efficiently preventing unauthorized access to security code by allowing command descriptor block (CDB) information to be read using only read-only memory (ROM) code. The inventive concept also relates to data storage systems including this type of data security technology.
Hard disk drives (HDDs) allow random data access, provide satisfactory data transmission rates, provide large data storage capacity, and are relatively inexpensive as compared with other types of auxiliary memory devices. For at least these reasons, HDDs are widely used to store (e.g.,) multimedia data. With wide use of HDDs, HDD data security is an important issue. Accordingly, HDD data is commonly encrypted and/or a user authentication procedure is required to access the HDD data.
Most HDD security functions require some form of security code such as an encryption key to authenticate a user or encrypt data. Security code must be protected from external attack, since an unauthorized user may incapacitate a security function by changing stored security code. Yet, the security code must remain readily accessible and changeable to an authorized user.
Security code is typically stored in a predetermined region of the HDD. It is commonly stored, accessed, and used via software or firmware. Access to this enabling software or firmware is restricted to only an authorized entity, such as the HDD manufacturer. However, it is sometimes necessary to access the software or firmware in order to upgrade capabilities, correct a programming bug, etc. Hence, a “security download function” accessing the software or firmware enabling the security functions of a HDD allows an authorized entity to make necessary changes. Unfortunately, the security download function not only allows necessary software/firmware downloads, but also creates a vulnerability that may be exploited by unauthorized entities seeking to incapacitate the security function.