Disc drive and other storage subsystems, including flash memory devices and removable storage devices, typically have a processor (sometimes called a microprocessor) in their built-in electronics. The processor can be used to hide computations as well as stored data. In many security applications, and in many applications where an application provider may wish to guard against fraudulent use of applications or content, it may be desirable to perform certain computations in a hidden way. This includes hiding keys that may be employed to unlock an asset through a cryptographic proof or through simple knowledge of a shared secret. Performing computations in a hidden way may also include hiding certain computations that may be employed to allow software or content external to the storage device to operate desirably. Unlike conventional read/write commands, security commands are typically provided within the context of a protocol that stipulates that a particular sequence of messages must be exchanged between the storage device and the host according to strictly defined partial ordering constraints. Digital Rights Management and other content protection protocols are of this form. Read/Write commands are monolithic in themselves, while protocols are monolithic only if a strict sequence is completed without error or intervention.
A convenient and general way to perform such hidden and well-defined calculations and computations is through scripting or programming languages that execute on the storage device processor. A potential disadvantage of allowing an external agent to program the storage device processor is that the external agent can then use this programming capability maliciously. The external agent could impair the storage device's operations with unexpected consequences, either maliciously or accidentally. Embodiments of the present invention provide solutions to these and other problems, and offer other advantages over the prior art.