• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Peerless DRM and Enterprise Security-Enabled Removable Data Storage Cartridges

Peerless DRM and Enterprise Security-Enabled Removable Data Storage Cartridges



A discussion of security issues and architectures for removable data storage.

A discussion of security issues and architectures for removable data storage.



Total Views
Views on SlideShare
Embed Views



1 Embed 1

http://www.linkedin.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Peerless DRM and Enterprise Security-Enabled Removable Data Storage Cartridges Peerless DRM and Enterprise Security-Enabled Removable Data Storage Cartridges Presentation Transcript

    • Peerless DRM and Enterprise Security-Enabled Removable Data Storage Cartridges A discussion of security issues and architectures for removable data storage. Fred Thomas, Chief Technologist, Adv. R&D, R&D RSA Conference 2002
      • The Presenter – Fred Thomas
      • Iomega Involvement – Who is Iomega?
      • Topics
        • Peerless
        • Peerless Latent Data Security Features
        • Data Security Applications for Removable Storage
          • Peerless DRM Solution Discussion
          • Peerless Enterprise/Government Centric Data Security Solution Discussion
        • Synopsis of message
      Overview of Today’s Presentation
    • Peerless Description
      • General
      • Disk Storage Capacity
      • Operating System Compatibility
        • USB
        • IEEE 1394
      • External Connections
        • USB
        • IEEE 1394
      10GB or 20GB   Windows 98 / Me / 2000, Mac OS 8.6 - 9.x Windows 98 SE/ Me / 2000, Mac OS 8.6 - 9.x   USB connector (2) 6-pin 1394 connectors     Peerless Specifications
      • Performance
      • Average Seek Time
      • Typical Start/Stop time
      • Average Data Transfer Rate
        • USB
        • IEEE 1394
      • Segmented Buffer with write cache
      • Rotational Speed
      112 ms (read), 13 ms (write) 3.0 sec   Up to 1 MB/sec Up to 15 MB/sec 2MB - Upper 174KB is used for Firmware 4200 RPM
    • Peerless Latent Security Features
      • Secure Memory Device (SMD) with cryptographic authentication (SmartCard Technology) in Peerless data storage cartridge.
      • Asymmetric encryption keys and strings embedded in SMD.
      • Drive µP capable of host PC isolated asymmetric string encryption.
      • Factory encryption of cartridge unique media serial number with private key series for cartridge seeding.
      • Unalterable media serial number – In SMD and on media.
      • Cartridge based latent irradiance tag authentication system.
    • Peerless Block Diagram Inertial Latch Voice Coil Motor Spin Motor Pre-Amp Secure IC ESD Protection Eject Mechanism Motor ID Tag ID Circuitry External Memory Read Channel VCM Driver Spindle Driver Micro-Cntrlr ROM RAM LCD Micro-Cntrlr Logic RAM Power Supply IDE Slave I/O Expansion LED Power Electronics ROM Logic Peerless Cartridge Jasper DE Cartridge Flex HDD PCA Drive PCA Connector PCA Peerless Drive Interface Module Bus Switch
    • Data Security Applications for Removable Data Storage
      • DRM (Digital Rights Management)
      • Enterprise Secure Drive Product
        • Address the data security needs of the enterprise/government organization, not the individual.
    • What is DRM?
      • Digital Rights Management.
      • In this context, DRM means the use of technology to protect copyrighted information in digital form.
        • e.g. Music, Video, Publications
        • Technology Objectives: Check-in Check-out, Limited device play capability, tracking of content owners, limited digital copying, tying content to limited hardware, etc.
      • The industry players driving DRM are the “Content Providers.”
        • BMG Entertainment, Sony, EMI Capitol Records, Universal Music Group, … etc.
      • DRM Roles:
        • Content Providers
        • Security Technology providers (H/W, encryption: RSA, Certicom, Atmel, DigiMarc, etc.)
        • DRM Secure Delivery providers (Host Software: Liquid Audio, InterTrust, MicroSoft)
        • DRM Enablers (Device Mfgrs: Iomega, MicroSoft, SanDisk, Diamond Rio, etc.)
        • DRM Killers (Napster, open environment computers, internet, hackers ..)
      • Iomega perspective:
      • Iomega should address the basic DRM problem from a removable media provider’s perspective in a robust manner, but also in a manner that is as user/customer non-intrusive as possible.
      What is the Role of Removable Data Storage Drive/Media Manufacturer In the DRM Landscape?
      • Removable Data Storage Drive/Cartridge’s DRM Role:
        • Pass a unique*, unaltered and authenticated media serial number (MSN) from an Iomega data cartridge to a third-party DRM Software application upon an invoked authenticated MSN transfer call by the third-party DRM Software application. This should be done without the requirement for Internet connectivity .
        • *At present all Iomega removable magnetic media has a unique media serial number encoded on it.
      What is the Requirement of DRM from Removable Data Storage?
    • The Removable Data Storage Secure Pipe Problem
    • Peerless SMD Contents
      • MS# - Peerless Media Serial #
      • DK - Drive Private Key # (1 of numerous loaded at
      • factory off of trade-secret list)
      •       DKI# - Drive Private/Public Key Index number
      • FEMS# - Factory Encrypted MS#
      • (asymmetrically encrypted at Factory
      • with trade-secret private key list L4)
      • FKI# - Factory Private/Public Key Index Number
    • A DRM Protocol for Peerless
    • Why an Enterprise Centric Secure Removable Data Storage Product?
      • Allows utility of cartridge-based removable data storage technology into corporate, university & government computing environments where removable storage is seen as a liability at present due to information security considerations.
      • A seamless solution which supports a spectrum of data security solutions as a core building block.
    • Specific Enterprise Secure Drive System Objectives
      • Provide enterprise centric security solution, not individual centric solution
      • Data transportability within the enterprise while addressing the “Dedicated Insider Threat”
      • Maintain ability to physically secure data and enhance this attribute
      • Incorporate linkage and support of user authentication and tracking in disk file management
      • Secure and authenticated drive data transfers
      • Manage “possible” security lapses in future - updateable system
      • Provide enterprise centric Digital Rights Management (DRM) – Secure Pipe
      • Transparent compatibility with other data encryption software
      • Low cost solution / do not re-invent the wheel / use existing technology
    • Enterprise Secure Drive Building Blocks
      • Encryption (Symmetric vs. Asymmetric)
      • Authentication (Hash Function, Digital Signatures & Biometric)
      • Distribution of security
      • Physical linkage (Smart Card Secure Memory Devices)
      • Migration capable
      • RF tag technology
      • “ Non-exposed” security mechanisms
    • The “Cash in the Bag” Problem
    • Peerless Enterprise Drive Distributed Encryption Key Implementation
    • Conclusions about Security Market from the Perspective of Removable Data Storage
      • Hard to see path to DRM revenues from removable data storage supplier perspective at present.
      • Enterprise Secure Drive product may be a large niche market for Iomega with long legs into the future.
      • From a technology development perspective, both robust DRM and Enterprise security for removable data storage can be addressed with many of the same tools and resources. Co-development recommended.
      • To most effectively address and sell to this market, Iomega should seek an appropriate E-Security partner.
    • Objectives of Today’s Talk
      • Create an awareness of Peerless and other Iomega removable storage devices fielded data security technologies within the E-security community.
      • Explore possible routes to commercializing this new class of security features embedded within removable data storage devices. We are looking for a partner/partners with a strong presence in the enterprise/government data security marketplace, with a focus on hardware solutions. This partner/partners would provide resources to help evaluate, develop and sell a secure removable data storage solution for this market.
    • Iomega Contact Information Business Contact: Tim Dammon Product General Manager Iomega Corporation 4435 Eastgate Mall San Diego, CA 92121 Phone: 858-795-7049 Fax: 858-795-7004 Email: dammon@iomega.com Technical Contact: Fred Thomas Chief Technologist, Adv. R&D, R&D Iomega Corporation 1821 West Iomega Way Roy, UT 84067 Phone: 801-332-4662 Fax: 801-332-1030 Email: thomasf@iomega.com
    • Have a Good Day!