Systems and methods for unlocking self-encrypting data storage devices
First Claim
1. An apparatus comprising:
- a data storage device configured to;
removably connect to a first server having a first operating system configured to perform native operating system functions of the first server;
load a second operating system stored locally in the data storage device into the memory of the first server, the second operating system configured to execute security functions of the data storage device, including;
unlocking a first secure area of the data storage device;
retrieving a first access key from the first secure area;
unlocking a second secure area of the data storage device with the first access key;
determining a second access key based on information stored to the second secure area; and
unlocking a secure storage area of another data storage device with the second access key.
1 Assignment
0 Petitions
Accused Products
Abstract
Security of computers, data storage devices, and servers can be improved with a multiple key access system. In some embodiments, a local key management device can be a locally (or virtually) located data storage device such as a HDD or SDD. The key management device may be part of a computer or server system and can have a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The first secure area can store a key to access a second secure area, which may function as a local key management server (LKMS) and store access information to authenticate another data storage device coupled to the computer. For example, the LKMS may store an access key to provide the computer with access to another data storage device.
35 Citations
20 Claims
-
1. An apparatus comprising:
a data storage device configured to; removably connect to a first server having a first operating system configured to perform native operating system functions of the first server; load a second operating system stored locally in the data storage device into the memory of the first server, the second operating system configured to execute security functions of the data storage device, including; unlocking a first secure area of the data storage device; retrieving a first access key from the first secure area; unlocking a second secure area of the data storage device with the first access key; determining a second access key based on information stored to the second secure area; and unlocking a secure storage area of another data storage device with the second access key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A system comprising:
a first data storage device configured to be connectable and removable from a first server having a first operating system, the first data storage device including; an interface circuit; a first secure nonvolatile data storage area; a second secure nonvolatile data storage area; a memory storing a second operating system configured to perform key management functions for the first data storage device; a controller configured to; load the second operating system into the memory of the first server, the second operating system configured to; access a hardware encryption circuit of the first server; obtain access to the first secure nonvolatile data storage area via the hardware encryption circuit; retrieve a first access key from the first secure nonvolatile data storage area when access is granted to the second operating system; obtain access to the second secure nonvolatile data storage area via the first access key; determine a second access key based on information stored to the second secure nonvolatile data storage area; and unlock, via the second access key, an encrypted second data storage device (“
DSD”
) connected to the first server.- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
18. A memory device storing instructions that when executed cause a processor to perform a method comprising:
-
accessing a hardware encryption circuit of a first computer; obtaining access to a first secure nonvolatile data storage area of a first data storage device via the hardware encryption circuit; retrieving a first key from the first secure nonvolatile data storage area when access is granted; utilizing the first key to access a second secure nonvolatile data storage area; determining a second key from information stored in the second secure nonvolatile data storage area; and unlocking, via the second key, a second data storage device coupled to the first computer. - View Dependent Claims (19, 20)
-
Specification