Abstract: Various embodiments of the present disclosure are directed to a storage device having a non-volatile memory, a Proof of Physical Access (PPA) mechanism and a controller circuit. The PPA mechanism generates a PPA value responsive to a direct physical user interaction with the storage device by a user. In response to receipt of a storage command from a host, the controller circuit executes the received storage command responsive to the storage command being determined to be a protected command and responsive to detection of the PPA value during a predetermined window of time. The controller circuit does not execute the received storage command responsive to the storage command being determined to be a protected command and responsive to an absence of the PPA value during the predetermined window of time. The protected command is a command that changes access to data stored in the non-volatile memory.

Abstract: Various embodiments of the present disclosure are directed to a storage device having a non-volatile memory, a Proof of Physical Access (PPA) mechanism and a controller circuit. The PPA mechanism generates a PPA value responsive to a direct physical user interaction with the storage device by a user. In response to receipt of a storage command from a host, the controller circuit executes the received storage command responsive to the storage command being determined to be a protected command and responsive to detection of the PPA value during a predetermined window of time. The controller circuit does not execute the received storage command responsive to the storage command being determined to be a protected command and responsive to an absence of the PPA value during the predetermined window of time. The protected command is a command that changes access to data stored in the non-volatile memory.

Abstract: A hijack-protected, secure storage device requires proof that the user has actual physical access to the device before protected commands are executed. Examples of protected commands include attempts to change storage device security credentials of the device, erasure of protected portions of the device, and attempts to format, sanitize, and trim the device. Various techniques for proving the actual physical possession include manipulating a magnet to control a magnetic reed switch located within the device, operating a momentary switch located within the device, altering light reaching a light sensor located within the device (such as by opening or shutting a laptop cover to change ambient light reaching the sensor), and manipulating a radio-transmitting device (such as a cell phone) near the storage device for detection of the manipulation by a compatible radio receiver located within the device.

Abstract: A hijack-protected, secure storage device requires proof that the user has actual physical access to the device before protected commands are executed. Examples of protected commands include attempts to change storage device security credentials of the device, erasure of protected portions of the device, and attempts to format, sanitize, and trim the device. Various techniques for proving the actual physical possession include manipulating a magnet to control a magnetic reed switch located within the device, operating a momentary switch located within the device, altering light reaching a light sensor located within the device (such as by opening or shutting a laptop cover to change ambient light reaching the sensor), and manipulating a radio-transmitting device (such as a cell phone) near the storage device for detection of the manipulation by a compatible radio receiver located within the device.

Abstract: A method for providing a secure firmware operating environment includes detecting the presence of a new component, for example, a peripheral device. Next, a determination is made as to whether the peripheral device includes an option read-only memory. Next, a determination is made as to whether the option read-only memory is authorized to be executed on the corresponding device. If the option read-only memory is authorized, the code contained within the option read-only memory is executed. By only allowing execution of peripheral devices or components including authorized option read-only memories, security related breaches are substantially reduced or eliminated; thereby, enhancing device integrity.

Abstract: A device and method for providing a secure execution environment includes retrieving a boot loader, for example, from the memory of an electronic device or from a peripheral component. Next, a determination is made as to whether the boot loader is authorized to be executed on the corresponding electronic device. If the boot loader is authorized, then the boot loader code is executed. By only allowing execution of authorized boot loaders, security related breaches are substantially reduced or eliminated; thereby, enhancing device integrity.

Abstract: A method for providing a secure firmware operating environment includes detecting the presence of a new component, for example, a peripheral device. Next, a determination is made as to whether the peripheral device includes an option read-only memory. Next, a determination is made as to whether the option read-only memory is authorized to be executed on the corresponding device. If the option read-only memory is authorized, the code contained within the option read-only memory is executed. By only allowing execution of peripheral devices or components including authorized option read-only memories, security related breaches are substantially reduced or eliminated; thereby, enhancing device integrity.