Computing environment having secure storage device
DC CAFCFirst Claim
1. A method comprising:
- sensing whether a storage device has device-specific security information stored thereon;
operating a computer in a full-access mode when the storage device has the device-specific security information, wherein in the full-access mode the computer permits both read and write access to the storage device; and
operating the computer in a restricted-access mode when the storage device does not have the device-specific security information, wherein in the restricted-access mode the computer permits read access to the storage device and prevents write access to the storage device.
5 Assignments
Litigations
2 Petitions
Accused Products
Abstract
A secure computing environment in which a computer automatically operates in a full-access data storage mode when it detects the presence of a secure removable storage device. In full-access mode all data written to removable storage device is encrypted with a cryptographic key and the user is given access to sensitive if authorized. Otherwise, the computer operates in a restricted-access mode in which the user is unable to write to the removable storage device and is unable to access sensitive data. The invention detects security information on the data storage device and generates a cryptographic key from the security information. The security information can be a function of the unique format characteristics of the underlying storage medium, a unique identifier retrieved from an electronic circuit embedded within the removable storage device or a serial number etched on the storage device during manufacturing. In addition, drive-specific information and even user-specific information can also be used to generate the cryptographic key, thereby creating a highly secure computing environment. When the computer operates in a full-access mode, all data written to the storage device is encrypted and the user is able access to sensitive data within the organization. When security information is not present on the removable storage device the computer automatically operates in a restricted-access mode in which the user does not have access to sensitive data and data cannot be written to the removable storage device.
85 Citations
50 Claims
-
1. A method comprising:
-
sensing whether a storage device has device-specific security information stored thereon; operating a computer in a full-access mode when the storage device has the device-specific security information, wherein in the full-access mode the computer permits both read and write access to the storage device; and operating the computer in a restricted-access mode when the storage device does not have the device-specific security information, wherein in the restricted-access mode the computer permits read access to the storage device and prevents write access to the storage device. - View Dependent Claims (2, 3, 4, 8, 9, 10, 11, 12, 13, 14)
-
- 5. The method of clam 2, wherein the digital data is encrypted and decrypted using a cryptographic key generated from information specific to a removable media drive used for accessing the storage device.
-
15. A method for accessing a storage device comprising:
-
detecting a storage device within the storage drive; sensing whether a storage device has device-specific security information stored thereon; providing full-access to the storage device when the storage device has the device-specific security information by; encrypting digital data using the security information during a write access to write the digital data to the storage device; and decrypting digital data using the security information during a read access to read the digital data from the storage device; and providing restricted-access to the storage device when the storage device does not store the device-specific security information by preventing the digital data from being written to the storage device during the write access. - View Dependent Claims (16, 17)
-
-
18. A method for controlling access to a storage device comprising:
-
detecting a storage device within a storage drive; sensing whether the storage device has security information generated from a combination of device-specific information associated with the storage device and user-specific information associated with a user; configuring the storage drive to prevent write access to the storage device when the security information is not sensed; and configuring the storage drive to permit write access by encrypting digital data using the security information and writing the encrypted digital data to the storage device when the security information is sensed. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for operating a storage drive comprising:
-
configuring the storage drive to operate in a read-only mode upon power-up; determining whether a storage device has device-specific security information written thereon; and configuring the storage drive to operate in a read/write mode when the storage device within the storage drive has device-specific security information written thereon. - View Dependent Claims (31, 32)
-
-
33. A computer-readable medium having computer-executable instructions for performing the method of:
-
sensing whether a storage device is security information stored thereon; operating a computer in a full-access mode when the storage device has the device-specific security information, wherein in the full-access mode the computer permits both read and write access to the storage device; and operating the computer in a restricted-access mode when the storage device does not have the device-specific security information, wherein in the restricted-access mode the computer permits read access to the storage device and prevents write access to the storage device. - View Dependent Claims (34, 35, 36, 37, 38)
-
-
39. A computer comprising:
-
a drive for accessing a data storage device having device-specific security information stored thereon; and a storage manager to selectively configure the drive to operate in a full-access mode of operation or a restricted-access mode of operation as a function of the device-specific security information stored on the storage device, wherein in the full-access mode the drive permits both read and write access to the storage device, and in the restricted-access mode the drive permits read access to the storage device and prevents write access to the storage device. - View Dependent Claims (40, 41, 43, 44, 45, 46, 47, 48)
-
-
42. The computer of clam 39, wherein the storage device includes a serial number physically etched onto the storage device during manufacturing, and further wherein the storage manager generates a cryptographic key as a function of the serial number and decrypts data stored on the storage dice using the generated key.
-
49. A computer comprising:
-
a storage drive operating in a read-only mode upon power-up; a storage device operably coupled to the storage drive, wherein the storage device has device-specific format information stored thereon; and a storage manager to selectively configure the storage drive to operate in a read/write mode as a function of the format at information stored on the storage device. - View Dependent Claims (50)
-
Specification