Browse Prior Art Database

ATA Disk Secure Erase for End of Life Sanitization

IP.com Disclosure Number: IPCOM000181051D
Publication Date: 2009-Mar-24
Document File: 3 page(s) / 13K

Publishing Venue

The IP.com Prior Art Database

Abstract

When a Copier/Printer/Multifunction device (MFD) is decommissioned and disposed of, there is a need to provide for secure handling of the included disk drives. Some manufacturers provide for this by removing the hard disks from returning devices and returning them to the customer for disposal or destruction according to customer policies. This idea proposes a method to perform embedded disk drive end-of-life sanitization using the ATA feature known as "Secure Erase" directly from the local UI (User Interface) of a Copier/Printer/MFD. The idea would allow manufacturers and the customers to avoid costs related to manual methods of disk disposal.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 44% of the total text.

ATA Disk Secure Erase for End of Life Sanitization

When a Copier/Printer/Multifunction device (MFD) is decommissioned and disposed of, there is a need to provide for secure handling of the included disk drives.  Some manufacturers provide for this by removing the hard disks from returning devices and returning them to the customer for disposal or destruction according to customer policies.  This idea proposes a method to perform embedded disk drive end-of-life sanitization using the ATA feature known as "Secure Erase" directly from the local UI (User Interface) of a Copier/Printer/MFD. The idea would allow manufacturers and the customers to avoid costs related to manual methods of disk disposal.

The “Secure Erase” feature is readily available in ATA disk drives and is an approved disk sanitization method recommended by NIST (National Institute of Standards and Technology). This function would be used only when a machine is decommissioned and will avoid the need to send a service representative to remove hard drives for disposal.  Appropriate verification will be performed to ensure that only authorized system administrators invoke this command and relevant information (IP address, machine serial number, etc) will be recorded and e-mailed prior to execution of the command.

NIST Special Publication 800-88 “Guidelines for Media Sanitization” describes the current disk cleansing methods approved by the US Government. Table 2-1 defines purging as “a media sanitization process that protects the confidentiality of information against a laboratory attack”. Table 5-1 says that “degaussing and executing the firmware Secure Erase command (for ATA drives only) are acceptable methods of purging”. Information on the algorithm is available at the UC San Diego Center for Magnetic Recording Research website

The so-called Security Feature Set is part of the ATA specifications. It provides for two 32-byte passwords, the "User Password" and the "Master Password." In the event of a user having forgotten his or her password the latter functions as

a second key. Both passwords can be set independently as any random sequence of bytes. The protection is activated by setting the user password with the aid of the ATA command Security Set Password (setting the master password does not activate the protection). Thereupon the hard disk initially remains accessible.  When the computer is switched on again, however, or after a hardware reset, the disk is locked. The disk in this state allows no access to its data and accepts only a limited number of commands, such as, for instance, Identify Device, which is used to call up the device's type designation, serial number and the like. The command Security Unlock in conjunction with the password temporarily unlocks the hard disks allowing one to work with it in a normal fashion. The security function remains in operation, however: At the next cold boot t...