Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. Multiple manager device records each comprise a first key identical for each of the records, and a second key that different for each of the records. The controller generates an authorization request using the first key and receives a response to the request generated by a manager device. The response is specific to that manager device. The controller uses the response to locate the record; decrypts the located manager device record to obtain key data; and generates configuration data based on the key data to register the device.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates authorization request data indicative of multiple devices to be authorized, and stores the authorization request data on non-volatile configuration memory of the data storage device. Upon approval of the authorization request data by a manager device that is registered with the access controller as a manager device, the access controller locates the authorization request data of one of the multiple devices to be authorized and registers the one of the multiple devices to be authorized as an authorized device.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates an authorization request for a manager device. The authorization request comprises a certificate. The certificate comprising key data. In response to receiving the key data in a response to the authorization request generated by the manager device, the access controller generates configuration data based on the key data to register the device to be authorized as an authorized device.

Abstract: Disclosed herein is a device configured to covertly communicate state information within a transmitter address field of a message. The device comprises a memory configured to store a state key and state information of the device, and a controller in communication with the memory. The controller is configured to apply a one-way function, using the state key, to the state information to produce a transmitter address, and transmit the message, including the transmitter address in the transmitter address field of the message.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine uses a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system. An access controller receives a request from a manager device to initialize the data storage device. The controller generates the cryptographic key, generates a manager key configured to provide manager access for the manager device and provide access to the cryptographic key, and stores, on a data store, authorization data indicative of the manager key and accessible based on a private key stored on the manager device.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. Multiple manager device records each comprise a first key identical for each of the records, and a second key that different for each of the records. The controller generates an authorization request using the first key and receives a response to the request generated by a manager device. The response is specific to that manager device. The controller uses the response to locate the record; decrypts the located manager device record to obtain key data; and generates configuration data based on the key data to register the device.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates authorization request data indicative of multiple devices to be authorized, and stores the authorization request data on non-volatile configuration memory of the data storage device. Upon approval of the authorization request data by a manager device that is registered with the access controller as a manager device, the access controller locates the authorization request data of one of the multiple devices to be authorized and registers the one of the multiple devices to be authorized as an authorized device.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates an authorization request for a manager device. The authorization request comprises a certificate. The certificate comprising key data. In response to receiving the key data in a response to the authorization request generated by the manager device, the access controller generates configuration data based on the key data to register the device to be authorized as an authorized device.

Abstract: This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device. The data storage device is configured to register with the host computer as a block data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine is connected between the data port and the storage medium and uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for an authorized device; sends the challenge to the authorized device; receives a response to the challenge from the authorized device over the communication channel; calculates the cryptographic key based on the response; and provides the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller receives from a manager device a public key. The public key is associated with a private key stored on a device to be authorized. The controller determines a user key that provides access to the cryptographic key; encrypts the user key based on the public key and such that the user key is decryptable based on the private key stored on the device to be authorized; and stores, on the data store, authorization data indicative of the encrypted user key.

Abstract: This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

Abstract: Disclosed herein is a device configured to covertly communicate state information within a transmitter address field of a message. The device comprises a memory configured to store a state key and state information of the device, and a controller in communication with the memory. The controller is configured to apply a one-way function, using the state key, to the state information to produce a transmitter address, and transmit the message, including the transmitter address in the transmitter address field of the message.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine uses a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system. An access controller receives a request from a manager device to initialize the data storage device. The controller generates the cryptographic key, generates a manager key configured to provide manager access for the manager device and provide access to the cryptographic key, and stores, on a data store, authorization data indicative of the manager key and accessible based on a private key stored on the manager device.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device. The data storage device is configured to register with the host computer as a block data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine is connected between the data port and the storage medium and uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for an authorized device; sends the challenge to the authorized device; receives a response to the challenge from the authorized device over the communication channel; calculates the cryptographic key based on the response; and provides the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium.