Managing security operating modes
First Claim
Patent Images
1. An apparatus comprising:
- an interface connectable to a data bus;
a primary master boot record (MBR);
an alternate master boot record (MBR) that includes instructions for unlocking the apparatus;
a control circuit configured to;
selectively implement a first security protocol between the interface and a device connected to the data bus;
receive an unlock command and check a password against one or more passwords stored in the alternate MBR to selectively unlock one or more portions of the data storage device protected by the first security protocol;
selectively implement a second security protocol between the interface and the device connected to the data bus;
the first security protocol and the second security protocol manage the device'"'"'s access to the apparatus;
redirecting a read of the primary MBR to read the alternate MBR when the apparatus is locked and a host attempts to read the primary MBR from the apparatus; and
when the apparatus is unlocked, deactivate the alternate MBR and implement the primary MBR.
2 Assignments
0 Petitions
Accused Products
Abstract
A storage device that supports Trusted Computer Group (TCG) security allows management of TCG security features by a Basic Input/Output System (BIOS) using non-TCG security commands supported by the BIOS. In one implementation, a BIOS that does not support TCG security but does support ATA security can use ATA drive unlock to invoke TCG drive unlock on the storage device. Further, the storage device can be transitioned among multiple security operating modes (e.g., Undeclared, ATA security or TCG security).
44 Citations
19 Claims
-
1. An apparatus comprising:
-
an interface connectable to a data bus; a primary master boot record (MBR); an alternate master boot record (MBR) that includes instructions for unlocking the apparatus; a control circuit configured to; selectively implement a first security protocol between the interface and a device connected to the data bus; receive an unlock command and check a password against one or more passwords stored in the alternate MBR to selectively unlock one or more portions of the data storage device protected by the first security protocol; selectively implement a second security protocol between the interface and the device connected to the data bus; the first security protocol and the second security protocol manage the device'"'"'s access to the apparatus; redirecting a read of the primary MBR to read the alternate MBR when the apparatus is locked and a host attempts to read the primary MBR from the apparatus; and when the apparatus is unlocked, deactivate the alternate MBR and implement the primary MBR. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a data storage device including; a nonvolatile data storage medium; an interface coupleable to a data bus; a primary master boot record (MBR); an alternate master boot record (MBR) that includes instructions for unlocking the data storage device and for resetting a BIOS of a host; a control circuit configured to; selectively implement a first security protocol; selectively implement a second security protocol different than the first security protocol; the first security protocol and the second security protocol manage access to the data storage device via the data bus; when the data storage device is locked and the BIOS of the host attempts to read the primary MBR from the data storage device, redirecting the read of the primary MBR to read the alternate MBR; when the data storage device is unlocked, deactivate the alternate MBR, and initiate a reset of the BIOS to boot to the primary MBR; and provide access by host applications to unlocked data recorded on the nonvolatile data storage device medium until the data storage device is powered down or locked. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification