Lockable Storage Device Study Group
David Burg
dburg at nero.com
Wed Oct 12 16:10:38 PDT 2005
* From the T10 Reflector (t10 at t10.org), posted by:
* "David Burg" <dburg at nero.com>
*
This is a multi-part message in MIME format.
------=_NextPart_000_0003_01C5CF47.7E2E5340
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Dear Curtis,
I assume that the password protects a logical access, but the data
itself will not be protected (e.g. encrypted) by the password itself,
right?
Would a (open standard) file system supporting user authentication (e.g.
login and password) be a valid alternative to a device level password?
Best regards,
David Burg
----------------------------------------------------------------
David Burg
Senior Engineer
Standardization and Research
Nero AG phone: +49 (0)7248 928 327
Im Stoeckmaedle 18 fax: +49 (0)7248 928 299
76307 Karlsbad email: dburg at nero.com
Germany http://www.nero.com <http://www.nero.com/>
----------------------------------------------------------------
_____
From: owner-t10 at t10.org [mailto:owner-t10 at t10.org] On Behalf Of Curtis
Stevens
Sent: Wednesday, October 12, 2005 1:49 PM
To: t10 at t10.org
Subject: Lockable Storage Device Study Group
I have had several inquiries about the purpose of this study group.
There is work going on within USB to enable a capability that allows the
device to prevent access to user data. The possible capabilities are as
follows:
1. Mechanism to detect that the device can prevent media access
2. Mechanism to define a password(s)
3. Mechanism to prevent access to user data areas the works across
power cycles
4. Mechanism to allow access to user data areas
5. Mechanism to gain access if passwords are lost
6. Mechanism to cause OSes to prompt for a driver if they do not
natively support this capability
I think that defining mechanisms for turning on the passwording as well
as preventing or allowing access to the media are straight forward. The
problem is that some OSes develop issues when they see a device but get
failures when they issue reads...
USB devices use SCSI commands (mainly SPC and SBC) and package them in a
USB transport layer. To the best of my knowledge there are no USB
specific CDB's defined. If work is started as a part of this study
group, I expect that SAT would use this mechanism to access the ATA
security feature set. It is also possible that SCSI devices would
implement this capability.
-------------------------------------------------
Curtis E. Stevens
20511 Lake Forest Drive #C-214D
Lake Forest, California 92630
Phone: 949-672-7933
Cell: 949-307-5050
E-Mail: Curtis.Stevens at WDC.com
Ambition is a poor excuse for not having enough sense to be lazy.
------=_NextPart_000_0003_01C5CF47.7E2E5340
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:v =3D=20
"urn:schemas-microsoft-com:vml" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META content=3D"MSHTML 6.00.2900.2722" =
name=3DGENERATOR><o:SmartTagType=20
name=3D"PostalCode"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><o:SmartTagType=20
name=3D"State"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><o:SmartTagType=20
name=3D"City"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><o:SmartTagType=20
name=3D"place"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><o:SmartTagType=20
name=3D"Street"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><o:SmartTagType=20
name=3D"address"=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTag=
Type><!--[if !mso]>
<STYLE>
st1\:*{behavior:url(#default#ieooui) }
</STYLE>
<![endif]-->
<STYLE>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1944262412;
mso-list-type:hybrid;
mso-list-template-ids:1415216124 826179116 67698713 67698715 67698703 =
67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D227000623-12102005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>Dear Curtis,</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D227000623-12102005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2></FONT></SPAN> </DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D227000623-12102005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>I assume that the password protects a logical =
access, but=20
the data itself will not be protected (e.g. encrypted) by the password =
itself,=20
right?</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D227000623-12102005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2></FONT></SPAN> </DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D227000623-12102005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2>Would a (open standard) file system supporting =
user=20
authentication (e.g. login and password) be a valid alternative to a =
device=20
level password?</FONT></SPAN></DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D227000623-12102005><FONT =
face=3DArial=20
color=3D#0000ff size=3D2></FONT></SPAN> </DIV>
<DIV dir=3Dltr align=3Dleft><SPAN class=3D227000623-12102005><!-- =
Converted from text/plain format -->
<P><FONT size=3D2>Best regards,<BR><BR>David=20
Burg<BR><BR>------------------------------------------------------------=
----<BR>David=20
Burg<BR>Senior Engineer<BR>Standardization and Research<BR><BR>Nero=20
AG &nbs=
p; =20
phone: +49 (0)7248 928 327<BR>Im Stoeckmaedle 18 =20
fax: +49 (0)7248 928 299<BR>76307=20
Karlsbad email:=20
dburg at nero.com<BR>Germany  =
; =20
<A=20
href=3D"http://www.nero.com/">http://www.nero.com<BR>---------------=
-------------------------------------------------<BR><BR></FONT></P></SP=
AN></DIV><BR>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft>
<HR tabIndex=3D-1>
<FONT face=3DTahoma size=3D2><B>From:</B> owner-t10 at t10.org=20
[mailto:owner-t10 at t10.org] <B>On Behalf Of </B>Curtis =
Stevens<BR><B>Sent:</B>=20
Wednesday, October 12, 2005 1:49 PM<BR><B>To:</B>=20
t10 at t10.org<BR><B>Subject:</B> Lockable Storage Device Study=20
Group<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=3DSection1>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have had several =
inquiries about=20
the purpose of this study group.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">There is work going on =
within USB=20
to enable a capability that allows the device to prevent access to =
user=20
data. The possible capabilities are as=20
follows:<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"> <o:p></o:p></SPAN></FONT></P>
<OL style=3D"MARGIN-TOP: 0in" type=3D1>
<LI class=3DMsoNormal style=3D"mso-list: l0 level1 lfo1"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Mechanism to detect=20
that the device can prevent media access<o:p></o:p></SPAN></FONT>=20
<LI class=3DMsoNormal style=3D"mso-list: l0 level1 lfo1"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Mechanism to define=20
a password(s)<o:p></o:p></SPAN></FONT>=20
<LI class=3DMsoNormal style=3D"mso-list: l0 level1 lfo1"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Mechanism to=20
prevent access to user data areas the works across power=20
cycles<o:p></o:p></SPAN></FONT>=20
<LI class=3DMsoNormal style=3D"mso-list: l0 level1 lfo1"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Mechanism to allow=20
access to user data areas<o:p></o:p></SPAN></FONT>=20
<LI class=3DMsoNormal style=3D"mso-list: l0 level1 lfo1"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Mechanism to gain=20
access if passwords are lost<o:p></o:p></SPAN></FONT>=20
<LI class=3DMsoNormal style=3D"mso-list: l0 level1 lfo1"><FONT =
face=3DArial=20
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Mechanism to cause=20
OSes to prompt for a driver if they do not natively support this=20
capability<o:p></o:p></SPAN></FONT> </LI></OL>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I think that defining =
mechanisms=20
for turning on the passwording as well as preventing or allowing =
access to the=20
media are straight forward. The problem is that some OSes =
develop issues=20
when they see a device but get failures when they issue=20
reads…<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">USB devices use SCSI =
commands=20
(mainly SPC and SBC) and package them in a USB transport layer. =
To the=20
best of my knowledge there are no USB specific CDB’s =
defined. If work is=20
started as a part of this study group, I expect that SAT would use =
this=20
mechanism to access the ATA security feature set. It is also =
possible=20
that SCSI devices would implement this=20
capability.<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P style=3D"MARGIN: 0in 0in 0pt"><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"><o:p> </o:p></SPAN></FONT></P>
<P style=3D"MARGIN: 0in 0in 0pt"><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">-------------------------------------------------<o:p></o:p></SPA=
N></FONT></P>
<P style=3D"MARGIN: 0in 0in 0pt"><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Curtis E.=20
Stevens<o:p></o:p></SPAN></FONT></P>
<P style=3D"MARGIN: 0in 0in 0pt"><st1:Street w:st=3D"on"><st1:address =
w:st=3D"on"><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">20511 Lake Forest=20
Drive</SPAN></FONT></st1:address></st1:Street><FONT face=3DArial =
size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">=20
#C-214D<o:p></o:p></SPAN></FONT></P>
<P style=3D"MARGIN: 0in 0in 0pt"><st1:place w:st=3D"on"><st1:City =
w:st=3D"on"><FONT=20
face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Lake=20
Forest</SPAN></FONT></st1:City><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">, <st1:State=20
w:st=3D"on">California</st1:State> <st1:PostalCode=20
=
w:st=3D"on">92630</st1:PostalCode></SPAN></FONT></st1:place><o:p></o:p><=
/P>
<P style=3D"MARGIN: 0in 0in 0pt"><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Phone:=20
949-672-7933<o:p></o:p></SPAN></FONT></P>
<P style=3D"MARGIN: 0in 0in 0pt"><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Cell:=20
949-307-5050<o:p></o:p></SPAN></FONT></P>
<P style=3D"MARGIN: 0in 0in 0pt"><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">E-Mail:=20
Curtis.Stevens at WDC.com<o:p></o:p></SPAN></FONT></P>
<P><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Ambition is a poor =
excuse for not=20
having enough sense to be lazy.</SPAN></FONT><B><FONT face=3DArial =
color=3Dred=20
size=3D2><SPAN=20
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: red; FONT-FAMILY: =
Arial"><o:p></o:p></SPAN></FONT></B></P>
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN=20
style=3D"FONT-SIZE: =
12pt"><o:p> </o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTM=
L>
------=_NextPart_000_0003_01C5CF47.7E2E5340--
More information about the T10
mailing list