Traditionally, computer readable data is typically stored by data storage hardware devices, such as hard disk drives, that comprise computer readable media on which the computer readable data is stored. To prevent unauthorized access of data, especially in situations where physical access to the data storage hardware is gained, such as through theft or loss, the concept of “full volume encryption” was developed whereby data belonging to a data volume was stored in an encrypted manner. Since full volume encryption was applied to substantially all of the data in a data volume, it provided greater protection than individual file encryption technologies that were utilized previously. Consequently, even if a data storage device were to be stolen and communicationally coupled to a computing device devoid of executable instructions that would prevent the unauthorized access of data from the data storage device, the data could, nevertheless, remain protected, since it would be physically stored in an encrypted manner.
To increase the efficiency of such full volume encryption, the task of encrypting and decrypting data can be performed by hardware associated with the storage device itself, instead of by the central processing unit of the host computing device. Alternatively, the encrypting and decrypting of data as well as control of the encryption conversion can be performed by intermediate elements which may, or may not be, part of the storage device, and, likewise, may, or may not, be part of the central processing unit of the host computing device. In either case, such devices would still cause the storage device to appear, to higher level components, such as the operating system or application software, as a traditional storage device. However, upon receiving data for storage, the data can be automatically encrypted prior to being stored on the storage medium and, similarly, when reading data, the data can first be decrypted before it is provided to higher level components.
Typically, storage devices that comprise hardware cryptographic support, or are communicationally coupled to an intermediate cryptographic element, utilize a single cryptographic key to encrypt and decrypt all, or substantially all, of the data that is stored in a particular range of storage locations, or “addresses”, and another, different, cryptographic key to encrypt and decrypt data that is stored in a different range of storage addresses. The range of addresses which comprise data encrypted by a single key is traditionally called a “band” or “region”, and the bands or regions of such a storage device are typically configured by the computing device to which the storage device is communicationally coupled.