System and method for encrypted disk drive sanitizing
First Claim
1. A system for quickly sanitizing a self-encrypting hard disk of the type containing an encryption key in disk drive hardware comprising:
- a disk interface accessible over a network, said disk interface configured to electrically connect to a self-encrypting hard disk drive containing an internally generate encryption key and send commands to said disk drive and to transfer data to and from said disk drive;
said disk interface adapted to authenticate itself to said disk drive at a level sufficient to allow it to issue a command to the disk drive a new encryption key;
said disk interface further adapted to send a command to said disk drive that causes the disk drive to internally generate a new encryption key;
said disk interface further adapted to write predetermined data patterns to every sector on said disk drive a specified number of times after the new encryption key is generated;
said disk interface configured to report over said network completion of sanitation of said disk drive.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it'"'"'s encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable.
9 Citations
17 Claims
-
1. A system for quickly sanitizing a self-encrypting hard disk of the type containing an encryption key in disk drive hardware comprising:
-
a disk interface accessible over a network, said disk interface configured to electrically connect to a self-encrypting hard disk drive containing an internally generate encryption key and send commands to said disk drive and to transfer data to and from said disk drive; said disk interface adapted to authenticate itself to said disk drive at a level sufficient to allow it to issue a command to the disk drive a new encryption key; said disk interface further adapted to send a command to said disk drive that causes the disk drive to internally generate a new encryption key; said disk interface further adapted to write predetermined data patterns to every sector on said disk drive a specified number of times after the new encryption key is generated; said disk interface configured to report over said network completion of sanitation of said disk drive. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of sanitizing a self-encrypting disk drive of the type with an internally generated encryption key comprising:
-
receiving over a network from a user a set of options for sanitizing said disk drive; performing an authentication with the disk drive at a level allowing issuing of a command to the disk drive to generate a new encryption key; issuing a command to said disk drive causing the disk drive to generate a new encryption key; writing a predetermined data pattern to each address of said disk drive; issuing a second command to said disk drive causing the disk drive to generate a second new encryption key; reporting to said user over the network that said disk drive has been sanitized according to said options. - View Dependent Claims (9, 10, 11)
-
-
12. A system for sanitizing a self-encrypting storage device of the type having an internally generated encryption key comprising:
-
a device interface accessible over a network from a remote terminal, said device interface configured to electrically connect to a self-encrypting storage device and send commands to said storage device and to transfer data to and from said storage device; said device interface adapted to authenticate itself to said storage device at a level high enough to allow issuing a command that causes the storage device to generate a new encryption key; said device interface further adapted to send a command to said storage device that causes the storage device to generate a new encryption key; said device interface further adapted to write predetermined data patterns to every location on said storage device a specified number of times after the storage device has generated a new encryption key; said device interface configured to report over said network to said remote terminal completion of sanitation of said storage device. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification