Some conventional storage devices send a user authentication routine for executing user authentication to a host device prior to access from the host device to the storage device, and permits data access to the storage device after the user authentication succeeds.
Another types of the conventional storage devices store an authentication program in a Read Only Memory (ROM) area in a hard disk drive (hereinafter, simply referred to as “HDD”), and execute user authentication based on the stored authentication program (see Japanese Patent Application Laid-open No. 2003-150455, for example).
Still another types of the conventional storage devices execute user authentication after startup of boot Operating System (OS) of an external storage medium (see Japanese Patent Application Laid-open No. 2007-66123, for example).
In general, a storage device such as magnetic disk device has a system area that stores firmware (hereinafter, simply referred to as “FW”) of the magnetic disk device itself and a user area that stores OS and the like.
The magnetic disk device assigns a logical block address (LBA) to each sector of the user area. One conventional technique allows access to the magnetic disk device using Basic Input/Output System (BIOS) of a host device and the LBA (see Japanese Patent Application Laid-open No. 2006-268861, for example). The host device is prohibited from accessing to the system area inside the magnetic disk device, however, is permitted to access the user area by using LBA.
On the other hand, standard of Storage Working Group (SWG) of Trusted Computing Group (TCG) intends to realize user authentication only by a storage device and a host device. At the startup of the host device, the host device side accesses a part of the storage device called Master Boot Record (MBR) and executes OS startup sequence via this part of MBR.
A storage device implementing TCG standard maps a specific area for reading a user authentication routine to an area accessed at the OS startup, and reads in the user authentication routine in a similar way as the OS startup sequence, and executes the read user authentication routine. When the user authentication is succeeded, the OS startup sequence is executed.
Because the TCG standard is a conceptual standard under planning, there is no specific definition about the area for storing a user authentication routine. For example, in a storage device such as magnetic disk device having only two kinds of areas, namely a user area and a system area, it is conceivable to store a user authentication routine in an user area which is accessible from the host device rather than in a special area separately provided for storing the user authentication routine.
However, when a user authentication routine is stored in the user area, the host device can easily access the user authentication routine. For example, not to mention the setting before the startup of OS which does not require user authentication, even after completion of user authentication, namely when a user authentication routine is not used, access to the user authentication routine from the host device is permitted. Therefore, it is difficult to comply with the TCG standard that prohibits access to the user authentication routine from the host device when the user authentication routine is not used.