Abstract: A data storage device comprises a non-volatile storage medium configured to store user data, a data port configured to transmit data between a host computer system and the data storage device, a beacon component, and a power manager configured to provide electrical energy to the beacon component. The beacon component is configured to wirelessly transmit a signal in accordance with a beacon configuration, and, in response to determining a power availability level associated with the power manager, adjust the beacon configuration to change a rate of consumption of electrical energy by the beacon component.

Abstract: A data storage device comprises a non-volatile storage medium configured to store user data, a data port configured to transmit data between a host computer system and the data storage device, an energy harvesting component configured to produce electrical energy from an ambient energy source, and a beacon component, configured to wirelessly transmit a signal. The beacon component is configured to consume the electrical energy to wirelessly transmit the signal. The data storage device may further comprise an energy store configured to store the electrical energy produced by the energy harvesting component as stored energy.

Abstract: A data storage device 100 comprising: a non-volatile storage medium 108 configured to store user data 109; a data port 106 configured to transmit data and power between a host computer system 130 and the data storage device 100; a data access state indicator 140; and a controller 110 configured to: selectively set a data access state of the data storage device 100 to either: an unlocked state to enable access to the user data 109; or a locked state to disable access to the user data 109; and generate an indicator control signal to cause the data access state indicator 140 to indicate the data access state, wherein the data access state indicator 140 is configured to indicate the data access state irrespective of whether the data storage device 100 is powered through the data port 106.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates authorization request data indicative of multiple devices to be authorized, and stores the authorization request data on non-volatile configuration memory of the data storage device. Upon approval of the authorization request data by a manager device that is registered with the access controller as a manager device, the access controller locates the authorization request data of one of the multiple devices to be authorized and registers the one of the multiple devices to be authorized as an authorized device.

Abstract: Data storage devices, methods, and systems for passcode authentication based on automatically generated and dynamically changing unlock passcodes are described. An access controller of a data storage device is configured to receive a first passcode based on an externally generated input passcode that is synchronized with internal generation of an unlock passcode by the access controller. The access controller generates a second passcode based on the internally generated unlock passcode, and unlocking the data storage device is responsive to the first passcode matching the second passcode.

Abstract: An in-line security device to transfer cryptographic key material, the device comprising: a first connector configured to connect, via wire, with a host device; a second connector configured to connect, via wire, with a data storage device; a pass-through circuit between the first connector and the second connector to facilitate data communication between the host device and the data storage device; and a communication interface to send cryptographic key material to the data storage device via the second connector.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The access controller generates a recovery private key, generates encrypted authorization data based on the recovery private key, stores the encrypted authorization data, and sends the recovery private key to a manager device. When recovery is desired, access controller receives a recovery public key, calculated based on the recovery private key, from a recovery manager device, decrypts the encrypted authorization data based on the recovery public key, generates a challenge for the recovery manager device based on the decrypted authorization data, sends the challenge to the recovery manager device over the communication channel that is different from the data path, receives a response to the challenge from the recovery manager device over the communication channel, and based at least partly on the response, enables decryption of the encrypted user content data.

Abstract: A data storage device 100 comprising: a non-volatile storage medium 108 configured to store user data 109; a data port 106 configured to transmit data and power between a host computer system 130 and the data storage device 100; a data access state indicator 140; and a controller 110 configured to: selectively set a data access state of the data storage device 100 to either: an unlocked state to enable access to the user data 109; or a locked state to disable access to the user data 109; and generate an indicator control signal to cause the data access state indicator 140 to indicate the data access state, wherein the data access state indicator 140 is configured to indicate the data access state irrespective of whether the data storage device 100 is powered through the data port 106.

Abstract: A data storage device including a biometric reader for biometric authentication to enable access to a storage medium. The data storage device is configured for remote registration of a remote user of the data storage device, wherein registration includes receiving a record of a biometric authentication data set of the remote user from a secure database. Alternatively, a secure authorizing command is received remotely from an authorization server to enable the data storage device to directly read and store biometric data of the remote user. The data storage device can be unlocked by biometric authentication to enable a host device to access user data in the storage medium.

Abstract: A data storage device comprising a data path and an access controller, wherein: the data path comprises: a data port configured to transmit data between a host computer system and the data storage device, wherein the data storage device is configured to register with the host computer system as a block data storage device; a non-volatile storage medium configured to store user content data; and the access controller is configured to: repeatedly and automatically generate a dynamically changing unlock passcode for unlocking the data storage device; receive a first passcode including, at least, an input passcode provided by a user device external to the data storage device, wherein the input passcode is generated externally to the data storage device and synchronously with the generation of the unlock passcode by the access controller; and provide access to the user content data via the data port in response to the first passcode matching with a second passcode generated by the access controller, wherein the se

Abstract: Disclosed herein is a data storage device with storage medium that stores encrypted user content data. A cryptography engine uses a cryptographic key to decrypt the encrypted user content data. An access controller receives, from a user device, a request to register the user device and generates a challenge for a manager device. The manager device is located remotely from the data storage device. The controller sends, to the user device, the challenge for the manager device; receives, from the user device, a response calculated by the manager device to approve the request to register; calculates the cryptographic key based at least partly on the response calculated by the manager device; and creates and stores authorization data associated with the user device. The authorisation data indicates the cryptographic key, to register the user device with the data storage device.

Abstract: An in-line security device to transfer cryptographic key material, the device comprising: a first connector configured to connect, via wire, with a host device; a second connector configured to connect, via wire, with a data storage device; a pass-through circuit between the first connector and the second connector to facilitate data communication between the host device and the data storage device; and a communication interface to send cryptographic key material to the data storage device via the second connector.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device and registers with the host computer system as a block data storage device. A non-volatile storage medium stores encrypted user content data. A cryptography engine is connected between the data port and the storage medium and uses a key to decrypt the encrypted user content data. A data store stores multiple entries comprising authorization data associated with respective authorized devices. The access controller receives from a manager device a public key associated with a private key stored on a device to be authorized, creates the authorization data, and stores the authorization data in association with the public key in the data store, thereby registering the device to be authorized as one of the authorized devices.

Abstract: Disclosed herein is a data storage device comprising a data path, an access controller, and a data store. The data path comprises a data port configured to transmit data between a host computer system and the data storage device; a non-volatile storage medium configured to store encrypted user content data; and a cryptography engine connected between the data port and the storage medium and configured to use a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system. The access controller is configured to store on the data store multiple entries associated with multiple respective registered devices. The multiple entries comprise authorization data indicative of cryptographic keys that selectively provide user access or manager access for each of the multiple registered devices.

Abstract: This disclosure relates to data storage device (DSD) hardware and, more specifically, to systems and methods for encrypting data stored on a DSD. A DSD comprises a non-volatile storage medium to store multiple file system data objects using block addressing. A device controller is integrated with the DSD and comprises hardware circuitry configured to encrypt data to be stored on the storage medium. The controller receives a request for an encrypted file system data object from a host computer system, identifies one of the ranges of blocks where the requested encrypted file system data object is stored on the storage medium, and sends the file system data object stored in the identified range of blocks to the host computer system in encrypted form as stored on the storage medium.

Abstract: This disclosure relates to data storage device (DSD) hardware and, more specifically, to systems and methods for encrypting data stored on a DSD. A DSD comprises a non-volatile storage medium to store multiple file system data objects using block addressing. The multiple file system data objects are addressable by respective ranges of blocks. A device controller is integrated with the DSD and comprises hardware circuitry configured to encrypt data to be stored on the storage medium and decrypt data stored on the storage medium based on different cryptographic keys, and to use each of the different cryptographic keys for one of the ranges of blocks addressing a respective file system data object. The decryption part of the hardware circuitry can be deactivated so that the data can be read in encrypted form.

Abstract: Disclosed here is a data storage device comprising a non-transitory storage medium configured to store user content data, a data port configured to transfer the user content data between the storage medium and a host computer system over a data channel, and a controller. The controller is configured to select one of multiple file system formats, format the storage medium by creating a file system in accordance with the selected file system format on the storage medium, and register with the host computer system as a block data storage device.

Abstract: Disclosed herein is a data storage device comprising a data path, an access controller, and a data store. The data path comprises a data port configured to transmit data between a host computer system and the data storage device; a non-volatile storage medium configured to store encrypted user content data; and a cryptography engine connected between the data port and the storage medium and configured to use a cryptographic key to decrypt the encrypted user content data stored on the storage medium in response to a request from the host computer system. The access controller is configured to store on the data store multiple entries associated with multiple respective registered devices. The multiple entries comprise authorization data indicative of cryptographic keys that selectively provide user access or manager access for each of the multiple registered devices.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The access controller generates a recovery private key, generates encrypted authorization data based on the recovery private key, stores the encrypted authorization data, and sends the recovery private key to a manager device. When recovery is desired, access controller receives a recovery public key, calculated based on the recovery private key, from a recovery manager device, decrypts the encrypted authorization data based on the recovery public key, generates a challenge for the recovery manager device based on the decrypted authorization data, sends the challenge to the recovery manager device over the communication channel that is different from the data path, receives a response to the challenge from the recovery manager device over the communication channel, and based at least partly on the response, enables decryption of the encrypted user content data.

Abstract: Disclosed herein is a data storage device with storage medium that stores encrypted user content data. A cryptography engine uses a cryptographic key to decrypt the encrypted user content data. An access controller receives, from a user device, a request to register the user device and generates a challenge for a manager device. The manager device is located remotely from the data storage device. The controller sends, to the user device, the challenge for the manager device; receives, from the user device, a response calculated by the manager device to approve the request to register; calculates the cryptographic key based at least partly on the response calculated by the manager device; and creates and stores authorization data associated with the user device. The authorisation data indicates the cryptographic key, to register the user device with the data storage device.