Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and dec

Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and dec

Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and dec

Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and dec

Abstract: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.

Abstract: In one embodiment, a storage device with biometric access includes: a biometric scanner adapted to scan a biological feature of a user to provide a corresponding extracted biometric template; and a storage engine adapted to retrieve an encrypted biometric template from a storage medium and to retrieve a corresponding encrypted content key from the storage medium. The storage engine generates a first key and combines the first key with a media identifier from the storage medium to provide a content key. Using the content key, the storage engine decrypts the retrieved encrypted biometric template. If the extracted biometric template matches the retrieved biometric template, the storage engine grants a user access to content on the storage medium.

Abstract: A method of encrypting data is provided that uses a medium key retrieved from a storage medium. The medium key is combined with another key to generate a combination key. Content is encrypted according to the combination key and written to the storage medium.

Abstract: In one embodiment, a storage device is provided that includes: a storage medium; and a storage engine, the storage engine being configured to generate a secure session key and to receive encrypted content and a corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium.

Abstract: A system and method is provided for detecting unauthorized actions with respect to encrypted data on a media disk, the media disk including a first portion for prerecorded content and a second portion for written content. The method includes reading an identifier on the media disk, wherein the identifier includes one or more sections located in one of the first portion for pre-recorded content, the second portion for written content, and both the first portion for pre-recorded content and the second portion for written content, determining whether the identifier includes a section located in the second portion written content, comparing the identifier with one or more predetermined types of identifiers for which a section is located in the second portion for written content, and if the identifier is of a type that is one of the one or more predetermined types of identifiers, detecting an unauthorized action.

Abstract: A system and method is provided for revoking a device. A method includes receiving a certificate from the device, the certificate including one or more of fields, at least one of the fields holding a signature, attempting to verify the signature, receiving a revocation list from a source, the revocation list identifying one or more data on the certificate as valid or invalid, the data including at least one of the fields of the certificate; and if one of one or more signatures identified unsuccessfully verified and one or more data is identified as invalid, preventing the transmission of a session key to the device, the session key being required to establish a secure communication channel.

Abstract: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.

Abstract: In one embodiment, a storage device is provided that includes: a storage medium; and a storage engine, the storage engine being configured to generate a secure session key and to receive encrypted content and a corresponding encrypted content key from a host system, wherein the content key has been encrypted by the host system using the secure session key, the storage engine being further configured to decrypt the encrypted content key using the secure session key and to encrypt the decrypted content key with a first storage engine encryption key and to write the storage-engine-encrypted content key to the storage medium.

Abstract: A method of encrypting data is provided that uses a medium key retrieved from a storage medium. The medium key is combined with another key to generate a combination key. Content is encrypted according to the combination key and written to the storage medium.

Abstract: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.

Abstract: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and dec

Abstract: A system and method is provided for authenticating a device. A method includes receiving a certificate from the device, the certificate including a plurality of fields, including a field holding a digital signature from a certifying authority, verifying the digital signatures in the certificate, the verifying including at least one of verifying the certifying authority digital signature using the certifying authority public key; and verifying a device digital signature using a device public key, and receiving validation data from a source, the validation data identifying one or more data in the certificate as valid or invalid according to predetermined criteria, and if the digital signatures are verified and validated, transmitting a session key to the device to establish a secure communication channel.

Abstract: A secure electronic content system and method is provided. The system includes a controller including an interface component, a host system coupled to the controller, the host system configured to present content under predetermined conditions, the host system operable with a navigation protocol, the host system further including a system manager operable with an associations component configured to be at least partially run by the host system, a translator configured to provide meanings and generate commands within the host system at least a first digital rights management (DRM) component configured to provide encoding and access rules for the content; and a file system component including a file system application programming interface (API) configured to provide a logical interface between a plurality of components.

Abstract: A method and apparatus for storing, updating, adding, deleting, and locating file system objects on a WORM storage medium, wherein information can be written to, but not erased from, the storage medium. The WORM storage medium has a writeable area that includes a system area and a data area. The system area includes system information regarding the file system objects on the storage medium. A system sector is written starting at one end of the system area, while the content of the file system objects is written in the data area starting at another end of the writeable area. When a change is made to the file system objects in the writeable area, an updated system sector is generated that replaces the previous file system information for those modified file system objects. Since the previous system sector is not erasable, the updated system sector is written in a location in the system area where it will be read before any previous system sectors.

Abstract: A method and system for managing a plurality of defects that may cause an error during a write operation in a write-once data storage disk is provided. A host system sends a write command to a disk drive that contains the storage disk. The process detects any errors that may occur during the write operation. When an error is detected, a “skip list” containing the addresses of physical sectors on the disk that are to be skipped during a read operation is updated, the write operation is suspended, and the process attempts to rewrite the data in another sector. If the rewrite is performed successfully, the write operation continues. Otherwise, the write operation is terminated and the host device is notified. While the disk drive is operative, the skip list is preferably maintained in a buffer memory, but periodically the entries in the skip list are copied to the disk for permanent storage. Before a read operation begins, the skip list is copied from the disk to the memory.

Abstract: A file system for accessing information on digital storage media is provided by a storage device controller embedded within the storage device. The storage device controller includes an interface component to receive a packet having a file system command. A command decode component in the storage device controller decodes the file system command, and an interface response structure component creates a strategy for performing the file system command. The storage device controller generates an identifier for a file system object and accesses the file system object using the file system object's identifier. A host system coupled to the storage device receives a storage device access request from an application program and generates a command to perform on the file system object based on the storage device access request. The host system uses the identifier to indicate the file system object to be accessed.