System and method for encrypted disk drive sanitizing
First Claim
1. A system for sanitizing a self-encrypting hard disk comprising:
- a disk interface accessible over a network, said disk interface configured to electrically connect to a self-encrypting hard disk drive and send commands to said disk drive and to transfer data to and from said disk drive;
said disk interface constructed to authenticate itself to said disk drive to a level of authentication where it can issue a command for the disk drive to change the value of at least one cryptographic key;
said disk interface further constructed to send a command to the disk drive that causes at least one cryptographic key in the disk drive to change value;
said disk interface further constructed to write predetermined data patterns to every sector on the disk drive a specified number of times;
said disk interface configured to report over said network completion of sanitation of the disk drive.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it'"'"'s encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable.
10 Citations
17 Claims
-
1. A system for sanitizing a self-encrypting hard disk comprising:
-
a disk interface accessible over a network, said disk interface configured to electrically connect to a self-encrypting hard disk drive and send commands to said disk drive and to transfer data to and from said disk drive; said disk interface constructed to authenticate itself to said disk drive to a level of authentication where it can issue a command for the disk drive to change the value of at least one cryptographic key; said disk interface further constructed to send a command to the disk drive that causes at least one cryptographic key in the disk drive to change value; said disk interface further constructed to write predetermined data patterns to every sector on the disk drive a specified number of times; said disk interface configured to report over said network completion of sanitation of the disk drive. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of sanitizing a self-encrypting disk drive containing an internal cryptographic key comprising:
-
receiving a set of options from a user over a network relating to sanitizing the disk drive; issuing a command to the disk drive causing the internal cryptographic key to change value; writing a predetermined data pattern to each address of the disk drive; reporting to the user over the network that the disk drive has been sanitized according to the options. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for sanitizing a self-encrypting storage device comprising:
-
a device interface accessible over a network from a remote terminal, the device interface configured to electrically connect to a self-encrypting storage device and send commands to said storage device and to transfer data to and from said storage device; the device interface constructed to authenticate itself to said storage device at a level high enough to allow a cryptographic key reset; the device interface further constructed to send a command to the storage device that causes a cryptographic key in said storage device to change value; the device interface further constructed to write predetermined data patterns to every location on the storage device a specified number of times; the device interface also constructed to report over said network to the remote terminal completion of sanitation of the storage device. - View Dependent Claims (14, 15, 16, 17)
-
Specification