1. Field of the Invention
This invention relates to hard disk drive units for computer systems and, more particularly, to an apparatus and method for preparing such drives for disposal without compromising the information stored thereon.
2. Summary of the Background Art
Computer systems are often used to store confidential data on their hard disk drives, with the data being of particular value to the individual or organization owning the computer, and with potentially serious consequences being possible in the event that the data were to become available to others. Eventually, all hard disk drives must be somehow disposed. For example, within a computing system, a failing hard disk drive may be replaced with a new hard disk drive, or an older hard disk drive may be replaced with a upgraded hard disk drive having superior features, such as greater storage capacity and faster access speed. Furthermore, a hard disk drive may be part of a computer system that is disposed when it is replaced by newer equipment. Many individuals and organizations are hesitant to allow their hard disk drives or computer systems including hard disk drives to leave their premises for disposal because they perceive that data stored thereon may at some point become available to others. While data can sometimes be erased, or the hard disk drive reformatted, before disposal, often this is impossible because the computer system or the hard disk drive is inoperable.
Hard disk drive units that are returned to manufacturers during a disposal process are often repaired, tested, and sold as refurbished units. While the repair process naturally includes erasing any data remaining from the previous owner of the hard disk drive, a concern remains that a drive not handled property within the process may make its way through the process with such data intact. Therefore, what is needed is a way to ensure that such data will be erased by an automatic process.
In modern hard disk drive units, the electronics, including a controller, needed to perform drive functions, such as moving the drive heads to particular locations to read or write data, are included within the drive unit. This arrangement, which is known as IDE (Integrated Drive Electronics) provides a number of advantages over the former method of providing a controller that is external to the hard disk drive but connected to the drive by a ribbon cable. With IDE, there is no need to match the disk drive mechanism with a the features of a separate controller, and the analog signals causing movement of the magnetic heads, that are subject to receiving noise travel a shorter path in an area that is more easily shielded. Since the drive electronics is now included within the hard disk drive, it is a part of the unit that is disposed when a different hard disk drive is installed or when the computer system itself is disposed. Thus, what is needed is a method for using the electronics that is part of the hard disk drive to ensure that data recorded on a hard disk drive being disposed will the erased by an automatic process.
Communications to an IDE drive typically occur over an ATA (AT Attach) bus, which functions according to ATA specifications controlled by an industry committee identified as the Technical Committee T13. During 1995, support for optionally providing a security mode feature through the use of a password stored in a hard disk drive unit was added to the ATA-3 specification, with such support remaining in more recently issued ATA specifications. Various manufacturers provide hard disk drive units with this security feature, generally for use in laptop computers. The ATA security mode feature set is a password system that restricts access to user data stored on a device. This system uses a User Password and a Master Password, with the security system being enabled when a user password is sent to be stored on the hard disk drive unit. When the security system is enabled, access to user data stored on the hard disk drive unit is denied after a power off/on cycle until the User Password is sent to the device. For example, a graphical prompt for entering the User Password is presented on the display screen during the boot process, before the operating system is loaded. A Master Password may be set in addition to the User Password, providing the system administrator with a method for unlocking the hard disk drive unit without the User Password. With the security system enabled, a security level is set either to High, so that the Master Password can be used to unlock the hard disk drive unit for recovering the data if the User Password is lost, or to Maximum, so that the Master Password without the User Password can only unlock the hard disk drive unit to erase the data.
With this ATA security mode feature enabled on a hard disk drive unit, a correct password must be used to gain access to the data, even if the hard disk drive unit is moved to another computer system that does not support the security mode feature. However, the data remains on the hard disk drive unit, and it is not impossible to recover the data by defeating the security feature. In fact, it is understood that at least one company will unlock such a hard disk drive unit without the password if proof of ownership is sent with the drive. Thus, what is needed is a method to specify circumstances under which the data stored on an hard disk drive unit will automatically be erased to prevent its recovery.
The patent literature includes a number of patents describing methods for preventing unauthorized access to data stored on a hard disk drive. For example, U.S. Pat. No. 5,375,243 describes a hard disk drive which prevents data access operations on the hard disk drive upon power up until the user enters a password. When the computer system is powered up, the hard drive spins up and is tested, responding only to a limited set of commands that do not permit data storage or retrieval operations. The password is located on the hard disk itself to prevent bypassing the hard disk drive's security using a new computer environment. When the user enters the correct password, the hard drive unlocks and operates as a conventional hard drive. If the user chooses, the hard drive may be unlocked by either of two passwords, one defined by the user and the other by the manufacturer. To obtain access to data areas during a locked state, a wipe data command is provided which overwrites all user data on the drive and unlocks the drive. However, unless the user chooses to use the wipe data command, the data remains on the hard disk drive unit, where it may be recovered, even with great difficulty. Thus, again what is needed is a method to specify circumstances under which the data stored on an hard disk drive unit will automatically be erased to prevent its recovery, so that a user with sensitive data has a way to know that his data will not be left in a potentially recoverable state if the hard disk drive unit is removed from his computer system.
Other patents describe security actions, including erasing stored data, which takes place within a computing system when certain events, that could indicate an attempt to surreptitiously read the stored data, take place. For example, U.S. Pat. No. 6,167,519 describes a system for erasing secret stored information, with the system being activated by a switch when a cover of a computing system is removed. U.S. Pat. No. 5,675,321 describes a system that can reformat a hard disk drive so that stored data is obliterated in response to a determination that the continuity of a connection between the computer and a telephone line has been broken for longer than a predetermined time, indicating that the computer is being moved. What is needed is a method for automatically erasing information stored during the operation of a hard disk drive unit within another computing system without otherwise impeding or altering the use of the computing system.