In some environments, a host device (such as a personal computer) is used with a first storage device (such as a Universal Serial Bus (USB) device or an embedded or removable memory card) that contains a password-protected private memory area and a second storage device (such as a smart card) that stores the password usable for accessing the private memory area in the first storage device. In operation, the second storage device sends the password to the first storage device via the host device, and, if that password matches one stored in the first storage device, the first storage device provides the host device with access to the private memory area. In this way, the second storage device is used for authenticating access to the private memory area on the first storage device.
A security risk can be presented if the password is transmitted from the second storage device to the host or from the host to the first storage device in an unsecured manner. For example, consider the situation in which the first storage device is a USB device and the second storage device is a smart card. While some currently-available USB devices can communicate with a host device over a secure channel, many currently-available smart cards cannot. Accordingly, even though the smart card may be able to securely store the password and even though the transmission of the password from the host device to the USB device can occur over a secure channel, the absence of a secure channel between the smart card and the host device creates an opportunity for a hacker to access the password (because it is transmitted in plaintext form) and later use that password to gain unauthorized access to the private memory area of the USB device.