The present invention relates to a device, a system and method for data access control, particularly for controlling access to data stored on a data storage device, such that access is determined according to the mode of data storage.
Computers are useful for the storage, retrieval and manipulation of data. Currently, many different types of electronic data storage devices are used in conjunction with computers. These electronic storage devices may be located externally or internally to the computer with which the storage device is in communication. For example, a magnetic storage device, such as hard disk drive, could be located internally to the computer, in direct communication with the system bus of the computer and operated by the CPU (central processing unit) of the computer. Flash memory, which is both readable and writable, is a physically smaller storage device, which may be located within the physical case of the computer, and which is also connected to the system bus and operated by the CPU. Removable storage media may also be used to store data, in which a hardware device, or "drive", for reading from and/or writing to the storage medium, is connected to the system bus of the computer. Examples of removable storage media include, but are not limited to, optical disks, CD-ROM disks and floppy diskettes. At some level, all of these various hardware devices are in communication with the computer which operates the device, regardless of the location of the electronic storage device. Therefore, access to the data is provided through such a computer.
One important aspect of such data storage is that access to the data should be controlled, for the purpose of data security. Currently, most forms of data access control are implemented as software programs, which have a number of disadvantages. For example, these programs may be "hacked" or overcome by an unauthorized user, who can then gain access to the data. Such a disadvantage has become more acute with the advent of networks, distributed data storage and "client-server" applications, all of which increase the number of access points to the computer through which the electronic storage device is accessed, and hence to the stored data on that device. Such an increased number of access points also potentially increase the ability of an unauthorized user to access the data. Thus, software programs are clearly not adequate protection for data stored in a networked environment with multiple access points.
Another type of data access control is provided through the operating system of the computer itself. For example, UNIX and other operating systems typically allow an authorized user to determine the level of permissions associated with a particular file and/or sub-directory, which could be "read-only", "read/write" and so forth. Unfortunately, such permissions are often relatively simple, only differentiating between "read" and "write" for example. Also, like other types of software programs, these operating systems may be "hacked" by an unauthorized user, who can then gain access to the data.
In addition, if the electronic hardware storage device itself is stolen, then typically the data becomes completely unprotected, such that any unauthorized user can easily gain access to the data on the storage device. Neither software programs nor the operating system of the computer can overcome this problem, since they are stored and implemented separately from the storage device itself.
A more useful solution would be implemented with the hardware of the electronic storage device in a more integrated manner, such that even if the storage device itself is stolen, the data could not be easily accessed. Furthermore, such integration would increase the difficulty of access by an unauthorized user. Unfortunately, such a solution is not currently available.
There is thus an unmet need for, and it would be useful to have, a device, a system and a method for controlling access to data stored on an electronic storage device, which does not rely on separately stored software programs, which is optionally integrated with the hardware of the storage device, and which is significantly resistant to access by an unauthorized user, even if the electronic data storage device is removed by an unauthorized user for such unauthorized access.