US Patent 11265152 Enrolment of pre-authorized device

Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller receives from a manager device a public key. The public key is associated with a private key stored on a device to be authorized. The controller determines a user key that provides access to the cryptographic key; encrypts the user key based on the public key and such that the user key is decryptable based on the private key stored on the device to be authorized; and stores, on the data store, authorization data indicative of the encrypted user key.