Abstract: Highly secure portable storage device may include a security controller, a data transfer controller and a memory controller. The security controller self-verifies, without a host, an access code. After the verification, the security controller may retrieve a concealed encryption key and a transformation key that were previously self-generated by the security controller. The encryption keys are not generated by the host, a user, or the memory controller. The transformation key is sent to the memory controller via a side channel during a first time period. The concealed encryption key is sent to the memory controller via the side channel during a different time period. After extracting an operating encryption key, the memory controller may notify the data transfer controller to initiate an enumeration process with the host. Data transfer from and to the host is performed via interfaces different from the side channel. Other methods and implementations are also described.

Abstract: Highly secure portable storage device includes a physical input device, a memory and a controller, all of which reside within or on the device itself. The controller may determine whether the device is in an exclusive or nonexclusive mode, whether the device is in a privileged mode, a locked mode or a protected mode, and whether a request is made to self-transform to a renewed mode. When the request is made and the device is in the nonexclusive mode, the device self-transforms to the renewed mode without requiring communication with the host and without requiring access code verification. When the request is made and the device is in the exclusive mode, the device self-transforms to the renewed mode only when a privileged security access code is verified. Transforming to a renewed mode sets all access codes to null and sets a new encryption key. Other methods and implementations are described.

Abstract: Highly secure portable storage device may include a security controller, a data transfer controller and a memory controller. The security controller self-verifies, without a host, an access code. After the verification, the security controller may retrieve a concealed encryption key and a transformation key that were previously self-generated by the security controller. The encryption keys are not generated by the host, a user, or the memory controller. The transformation key is sent to the memory controller via a side channel during a first time period. The concealed encryption key is sent to the memory controller via the side channel during a different time period. After extracting an operating encryption key, the memory controller may notify the data transfer controller to initiate an enumeration process with the host. Data transfer from and to the host is performed via interfaces different from the side channel. Other methods and implementations are also described.

Abstract: A portable storage device can convert itself, without a host computer, from being a fixed disk to a removable disk and from being a removable disk to a fixed disk. The storage device may include a physical input device, a memory and a controller. The controller may determine, based on information stored within the storage device, whether the storage device is currently a fixed disk or a removable disk. The controller may then convert the storage device to a removable disk or a fixed disk, based on a control input and the determination. The control input may be received from the physical key input device. When the storage device is a removable disk and when a command from a host computer requests ejecting a memory within the storage device, the controller declines the request and instead electrically disengages the storage device from the host computer.

Abstract: A portable storage device can convert itself, without a host computer, from being a fixed disk to a removable disk and from being a removable disk to a fixed disk. The storage device may include a physical input device, a memory and a controller. The controller may determine, based on information stored within the storage device, whether the storage device is currently a fixed disk or a removable disk. The controller may then convert the storage device to a removable disk or a fixed disk, based on a control input and the determination. The control input may be received from the physical key input device. When the storage device is a removable disk and when a command from a host computer requests ejecting a memory within the storage device, the controller declines the request and instead electrically disengages the storage device from the host computer.

Abstract: Highly secure portable storage device includes a physical input device, a memory and a controller, all of which reside within or on the device itself. The controller may determine whether the device is in an exclusive or nonexclusive mode, whether the device is in a privileged mode, a locked mode or a protected mode, and whether a request is made to self-transform to a renewed mode. When the request is made and the device is in the nonexclusive mode, the device self-transforms to the renewed mode without requiring communication with the host and without requiring access code verification. When the request is made and the device is in the exclusive mode, the device self-transforms to the renewed mode only when a privileged security access code is verified. Transforming to a renewed mode sets all access codes to null and sets a new encryption key. Other methods and implementations are described.

Abstract: A secure storage device includes a physical key input device, a secure memory and a controller. The controller arbitrates access by a host to securely configure the device based on the device's mode of operation. The controller determines whether the device is in a configuration-ready mode based on information within the device. Only when the device is in the configuration-ready mode, the device may be configured by the host. When a device is in a non-configuration-ready mode, the device is prevented from being configured by the host, but the device can be set to the configuration-ready mode, for example, by nullifying configuration data (e.g., PINs), by creating new encryption key(s), and by setting the mode to the configuration-ready mode. A null PIN is unusable to unlock the device after being locked. A new encryption key is unusable to decrypt data previously stored in the device, making such data unrecoverable.

Abstract: Highly secure portable storage device may include a security controller, a data transfer controller and a memory controller. The security controller self-verifies, without a host, an access code. After the verification, the security controller may retrieve a concealed encryption key and a transformation key that were previously self-generated by the security controller. The encryption keys are not generated by the host, a user, or the memory controller. The transformation key is sent to the memory controller via a side channel during a first time period. The concealed encryption key is sent to the memory controller via the side channel during a different time period. After extracting an operating encryption key, the memory controller may notify the data transfer controller to initiate an enumeration process with the host. Data transfer from and to the host is performed via interfaces different from the side channel. Other methods and implementations are also described.

Abstract: A secure storage device includes a physical key input device, a secure memory and a controller. The controller arbitrates access by a host to securely configure the device based on the device's mode of operation. The controller determines whether the device is in a configuration-ready mode based on information within the device. Only when the device is in the configuration-ready mode, the device may be configured by the host. When a device is in a non-configuration-ready mode, the device is prevented from being configured by the host, but the device can be set to the configuration-ready mode, for example, by nullifying configuration data (e.g., PINs), by creating new encryption key(s), and by setting the mode to the configuration-ready mode. A null PIN is unusable to unlock the device after being locked. A new encryption key is unusable to decrypt data previously stored in the device, making such data unrecoverable.

Abstract: A portable storage device can convert itself, without a host computer, from being a fixed disk to a removable disk and from being a removable disk to a fixed disk. The storage device may include a physical input device, a memory and a controller. The controller may determine, based on information stored within the storage device, whether the storage device is currently a fixed disk or a removable disk. The controller may then convert the storage device to a removable disk or a fixed disk, based on a control input and the determination. The control input may be received from the physical key input device. When the storage device is a removable disk and when a command from a host computer requests ejecting a memory within the storage device, the controller declines the request and instead electrically disengages the storage device from the host computer.

Abstract: A portable storage device can convert itself, without a host computer, from being a fixed disk to a removable disk and from being a removable disk to a fixed disk. The storage device may include a physical input device, a memory and a controller. The controller may determine, based on information stored within the storage device, whether the storage device is currently a fixed disk or a removable disk. The controller may then convert the storage device to a removable disk or a fixed disk, based on a control input and the determination. The control input may be received from the physical key input device. When the storage device is a removable disk and when a command from a host computer requests ejecting a memory within the storage device, the controller declines the request and instead electrically disengages the storage device from the host computer.

Abstract: A secure storage device includes a physical key input device, a secure memory and a controller. The controller arbitrates access by a host to securely configure the device based on the device's mode of operation. The controller determines whether the device is in a configuration-ready mode based on information within the device. Only when the device is in the configuration-ready mode, the device may be configured by the host. When a device is in a non-configuration-ready mode, the device is prevented from being configured by the host, but the device can be set to the configuration-ready mode, for example, by nullifying configuration data (e.g., PINs), by creating new encryption key(s), and by setting the mode to the configuration-ready mode. A null PIN is unusable to unlock the device after being locked. A new encryption key is unusable to decrypt data previously stored in the device, making such data unrecoverable.

Abstract: A secure storage device includes a physical key input device, a secure memory and a controller. The controller arbitrates access by a host to securely configure the device based on the device's mode of operation. The controller determines whether the device is in a configuration-ready mode based on information within the device. Only when the device is in the configuration-ready mode, the device may be configured by the host. When a device is in a non-configuration-ready mode, the device is prevented from being configured by the host, but the device can be set to the configuration-ready mode, for example, by nullifying configuration data (e.g., PINs), by creating new encryption key(s), and by setting the mode to the configuration-ready mode. A null PIN is unusable to unlock the device after being locked. A new encryption key is unusable to decrypt data previously stored in the device, making such data unrecoverable.