Patent attributes
Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device and registers with the host computer system as a block data storage device. A non-volatile storage medium stores encrypted user content data. A cryptography engine is connected between the data port and the storage medium and uses a key to decrypt the encrypted user content data. A data store stores multiple entries comprising authorization data associated with respective authorized devices. The access controller receives from a manager device a public key associated with a private key stored on a device to be authorized, creates the authorization data, and stores the authorization data in association with the public key in the data store, thereby registering the device to be authorized as one of the authorized devices.