ATA Disk Secure Erase for End of Life Sanitization
Permalink
Bookmark
Share
Twitter
Digg
Reddit
Facebook
Stumbleupon
Del.icio.us| IP.com Number | IPCOM000181051D |
|
|
|---|---|---|---|
| Dated | Mar 24, 2009 UTC | ||
| Size | 3 page(s) (13.1 KB) | ||
Publication Summary
When a Copier/Printer/Multifunction device (MFD) is decommissioned and disposed of, there is a need to provide for secure handling of the included disk drives. Some manufacturers provide for this by removing the hard disks from returning devices and returning them to the customer for disposal or destruction according to customer policies. This idea proposes a method to perform embedded disk drive end-of-life sanitization using the ATA feature known as "Secure Erase" directly from the local UI (User Interface) of a Copier/Printer/MFD. The idea would allow manufacturers and the customers to avoid costs related to manual methods of disk disposal.| Country | Undisclosed |
|---|---|
| Language | English (United States) |
About this Publication
This document was submitted to IP.com's Prior Art Database and this preview is designed to provide you with information regarding the contents of this document by displaying up to the first four pages of the document as scaled page renderings and displaying a limited amount of text which was extracted from the document on the Text Preview Tab.
To find out more on how to obtain the entire document, click the Download tab. There is a charge for downloading some Prior Art Database documents; please examine carefully whether you believe this document fills your needs before purchasing.
For more information about the Prior Art Database, visit the Learn section of this website. Thank you for visiting IP.com's Prior Art Database! You may wish to check out our Global Patent Search website before you leave.
When a Copier/Printer/Multifunction device (MFD) is decommissioned and disposed of, there is a need to provide for secure handling of the included disk drives. Some manufacturers provide for this by removing the hard disks from returning devices and returning them to the customer for disposal or destruction according to customer policies. This idea proposes a method to perform embedded disk drive end-of-life sanitization using the ATA feature known as "Secure Erase" directly from the local UI (User Interface) of a Copier/Printer/MFD. The idea would allow manufacturers and the customers to avoid costs related to manual methods of disk disposal.
The “Secure Erase” feature is readily available in ATA disk drives and is an approved disk sanitization method recommended by NIST (National Institute of Standards and Technology). This function would be used only when a machine is decommissioned and will avoid the need to send a service representative to remove hard drives for disposal. Appropriate verification will be performed to ensure that only authorized system administrators invoke this command and relevant information (IP address, machine serial number, etc) will be recorded and e-mailed prior to execution of the command.
NIST Special Publication 800-88 “Guidelines for Media Sanitization” describes the current disk cleansing methods approved by the US Government. Table 2-1 defines purging as “a media sanitization process that protects the confidentiality of information against a laboratory attack”. Table 5-1 says that “degaussing and executing the firmware Secure Erase command (for ATA drives only) are acceptable methods of purging”. Information on the algorithm is available at the UC San Diego Center for Magnetic Recording Research website
The so-called Security Feature Set is part of the ATA specifications. It provides for two 32-byte passwords, the "User Password" and the "Master Password." In the event of a user having forgotten his or her password the latter functions as
a second key. Both passwords can be set independently as any random sequence of bytes. The protection is activated by setting the user password with the aid of the ATA command Security Set Password (setting the master password does not activate the protection). Thereupon the hard disk initially remains accessible. When the computer is switched on again, however, or after a hardware reset, the disk is locked. The disk in this state allows no access to its data and accepts only a limited number of commands, such as, for instance, Identify Device, which is used to call up the device's type designation, serial number and the like. The command Security Unlock in conjunction with the password temporarily unlocks the hard disks allowing one to work with it in a normal fashion. The security function remains in operation, however: At the next cold boot t...