Managing security operating modes

US 8,566,603 B2
Filed: 06/14/2010
Issued: 10/22/2013
Est. Priority Date: 06/14/2010
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

an interface connectable to a data bus;

a primary master boot record (MBR);

an alternate master boot record (MBR) that includes instructions for unlocking the apparatus;

a control circuit configured to;

selectively implement a first security protocol between the interface and a device connected to the data bus;

receive an unlock command and check a password against one or more passwords stored in the alternate MBR to selectively unlock one or more portions of the data storage device protected by the first security protocol;

selectively implement a second security protocol between the interface and the device connected to the data bus;

the first security protocol and the second security protocol manage the device'"'"'s access to the apparatus;

redirecting a read of the primary MBR to read the alternate MBR when the apparatus is locked and a host attempts to read the primary MBR from the apparatus; and

when the apparatus is unlocked, deactivate the alternate MBR and implement the primary MBR.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage device that supports Trusted Computer Group (TCG) security allows management of TCG security features by a Basic Input/Output System (BIOS) using non-TCG security commands supported by the BIOS. In one implementation, a BIOS that does not support TCG security but does support ATA security can use ATA drive unlock to invoke TCG drive unlock on the storage device. Further, the storage device can be transitioned among multiple security operating modes (e.g., Undeclared, ATA security or TCG security).

44 Citations

View as Search Results

19 Claims

1. An apparatus comprising:
- an interface connectable to a data bus;
  
  a primary master boot record (MBR);
  
  an alternate master boot record (MBR) that includes instructions for unlocking the apparatus;
  
  a control circuit configured to;
  
  selectively implement a first security protocol between the interface and a device connected to the data bus;
  
  receive an unlock command and check a password against one or more passwords stored in the alternate MBR to selectively unlock one or more portions of the data storage device protected by the first security protocol;
  
  selectively implement a second security protocol between the interface and the device connected to the data bus;
  
  the first security protocol and the second security protocol manage the device'"'"'s access to the apparatus;
  
  redirecting a read of the primary MBR to read the alternate MBR when the apparatus is locked and a host attempts to read the primary MBR from the apparatus; and
  
  when the apparatus is unlocked, deactivate the alternate MBR and implement the primary MBR.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1 further comprising the first security protocol implements security with data encryption and the second security protocol does not implement security through data encryption.
  - 3. The apparatus of claim 2 further comprising the first security protocol complies with a Trusted Computing Group (TCG) security protocol and the second security protocol complies with an AT Attachment (ATA) security protocol.
  - 4. The apparatus of claim 3 further comprising the control circuit configured to overwrite a TCG default Security ID (SID) password with an ATA security password in response to receipt of an ATA security enable command and the control circuit configured to restore the TCG default SID password in response to receipt of an ATA security disable command.
  - 5. The apparatus of claim 3 further comprising the control circuit configured to receive and validate a TCG password for unlocking one or more portions of a data storage medium locked using an ATA lock command.
  - 6. The apparatus of claim 3 further comprising the control circuit configured to check a TCG password received with an ATA unlock command against a TCG password associated with one or more portions of a data storage medium.
  - 7. The apparatus of claim 6 further comprising the control circuit configured to unlock at least one portion of the data storage medium when the TCG password matches a respective TCG password of the at least one portion.
  - 8. The apparatus of claim 1 wherein the apparatus comprises a data storage device and the interface includes a connector to connect to the data bus.
  - 9. The apparatus of claim 8 further comprising the first security protocol complies with a Trusted Computing Group (TCG) security protocol and the second security protocol complies with an AT Attachment (ATA) security protocol.
  - 10. The apparatus of claim 8 wherein the data storage device further includes a magnetic disc data storage medium.
  - 11. The apparatus of claim 8 wherein the data storage device further includes a non-volatile solid state data storage medium.
  - 12. The apparatus of claim 1 further comprising the control circuit configured to selectively implement the first security protocol and the second security protocol based on defined transitions that determine which security protocol is selected to manage security for the apparatus.
  - 13. The apparatus of claim 12 further comprising a no security state in which the apparatus is not protected by either security protocol;
    - and the control circuit is configured to selectively implement the first security protocol, the second security protocol, and the no security state.

14. A system comprising:
- a data storage device including;
  
  a nonvolatile data storage medium;
  
  an interface coupleable to a data bus;
  
  a primary master boot record (MBR);
  
  an alternate master boot record (MBR) that includes instructions for unlocking the data storage device and for resetting a BIOS of a host;
  
  a control circuit configured to;
  
  selectively implement a first security protocol;
  
  selectively implement a second security protocol different than the first security protocol;
  
  the first security protocol and the second security protocol manage access to the data storage device via the data bus;
  
  when the data storage device is locked and the BIOS of the host attempts to read the primary MBR from the data storage device, redirecting the read of the primary MBR to read the alternate MBR;
  
  when the data storage device is unlocked, deactivate the alternate MBR, and initiate a reset of the BIOS to boot to the primary MBR; and
  
  provide access by host applications to unlocked data recorded on the nonvolatile data storage device medium until the data storage device is powered down or locked.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14 wherein the data storage device further comprises the control circuit configured to selectively implement the first security protocol and the second security protocol based on defined transitions that determine which security protocol is selected to manage access to the data storage device.
  - 16. The system of claim 15 wherein the data storage device further comprises a no security state in which the data storage device is not protected by either security protocol;
    - and the control circuit is configure to selectively implement the first security protocol, the second security protocol, and the no security state.
  - 17. The system of claim 14 wherein the data storage device further comprises the first security protocol complies with a Trusted Computing Group (TCG) security protocol and the second security protocol complies with an AT Attachment (ATA) security protocol.
  - 18. The system of claim 14 further comprising:
    - a host computer including a Basic Input/Output System (BIOS) that does not support the first security protocol, wherein the data storage device does support the first security protocol;
      
      the data bus coupled to the data storage device to receive commands and data from the host computer and BIOS;
      
      a command, stored within the BIOS, to provide management of the first security protocol.
  - 19. The system of claim 18 further comprising:
    - the host computer configured to execute software that supports the first security protocol;
      
      the command is an unlock command compatible with the second security protocol and the unlock command includes a password compatible with the first security protocol even though the BIOS does not support the first security protocol;
      
      the data storage device is configured to receive the unlock command and check the password against one or more passwords stored in the alternate MBR to selectively unlock one or more portions of the data storage device protected by the first security protocol; and
      
      when at least a portion of the data storage device is unlocked, processing control is provided to the software to allow access to an unlocked portion of the data storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Cox, Jason R., Demattio, Christopher J., Forehand, Monty A., Danielson, Michael B., Hatfield, James C., Offenberg, Manuel A.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US12/815,216
Publication Number

US 20110307709A1
Time in Patent Office

1,226 Days
Field of Search

713/183
US Class Current

713/183
CPC Class Codes

G06F 21/79 in semiconductor storage me...

G06F 21/80 in storage media based on m...

Managing security operating modes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Managing security operating modes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others