Providing secure data storage to users of computing devices is one of the most important pursuits in the field of computer security. Computer users store massive amounts of valuable and private information on storage devices with the expectation that the data will remain secure from unauthorized access. Compromised access to this data can have potentially disastrous consequences, including financial loss, identity theft, and public availability of private information. Unfortunately, unauthorized access to data by malicious users remains a very real threat.
In light of these concerns, storage device manufacturers have begun to implement hardware-based security for their storage devices. In particular, rather than relying on the host computing device to provide all security, some storage devices now include internal mechanisms for encrypting stored data and ensuring that access attempts originate from an authorized user. By including a mechanism that only permits access when a user is properly authenticated, the storage device may significantly decrease the likelihood of data theft, even if the storage device is stolen and removed from the host computing device.
As with any security measure, such an authentication mechanism imposes additional implementation complexity and some degree of inconvenience on the user. Many computing devices allow a user to enter a “standby” mode, in which some devices are powered off, but sufficient system context is maintained to allow the user to quickly resume operation of the computing device when desired. In existing computing devices that include a self-authenticating storage device, it is often impossible to restore the computing device from standby mode without compromising the protections provided by the storage device. In particular, in the standby mode, the system may be unable to properly authenticate access to the storage device due to, for example, a limited number of functions available to the Basic Input/Output System (BIOS) or operating system (OS) of the computing device.