Patent attributes
Disclosed herein is a data storage device comprising a data path and an access controller. The access controller generates a recovery private key, generates encrypted authorization data based on the recovery private key, stores the encrypted authorization data, and sends the recovery private key to a manager device. When recovery is desired, access controller receives a recovery public key, calculated based on the recovery private key, from a recovery manager device, decrypts the encrypted authorization data based on the recovery public key, generates a challenge for the recovery manager device based on the decrypted authorization data, sends the challenge to the recovery manager device over the communication channel that is different from the data path, receives a response to the challenge from the recovery manager device over the communication channel, and based at least partly on the response, enables decryption of the encrypted user content data.
