HP High Performance Secure Hard Disk - Overview

HP High-Performance Secure Hard disk White Paper Sept 2008

Page 4

By default, at start-up, a newly discovered and unused encrypted hard disk will be

automatically configured and “locked” to the device. The Drive Lock Key is a software-

based key, not a physical key. An administrator may configure the device to not

automatically lock newly discovered encrypted hard disks, in which case the hard disk

will act as an unencrypted hard disk. The hard disk may be manually locked to the

printer at a later time.

4 Multiple Hard disks

If multiple hard disks are present, the following priority will be used in determining which

hard disk is utilized.

1. Internal, encrypted

2. EIO, encrypted

3. Internal, unencrypted

4. EIO, unencrypted

Once an encrypted hard disk is locked to a printer, all additional hard disks (internal

and EIO) installed in the printer will be disabled from use. For example, if an EIO

encrypted hard disk is installed in an MFP with an internal hard disk, the internal hard

disk will be disabled from use.

Disabled hard disks will be reported as being physically present in the management

interfaces, however they will not be accessible for any read/write operations by the

printer or users.

5 Encryption

A Seagate FDE hard disk is used that continuously encrypts every write operation and

decrypts every read operation without user intervention. The hard disk uses an internally

controlled encryption key for the encryption and decryption processes and this encryption

key is not accessible by the printer or printer user. The hard disk uses 128 bit Advanced

Encryption Standard (AES) data encryption and decryption.

This solution protects data stored on a printer’s hard disk from unauthorized access when

the hard disk is removed from the printer to which it is “locked.” The “Lock Password” is

either randomly generated by the printer or manually specified by the customer at

installation.