A customer wants to securely delete files from SQFlash drives used for medical patient data without the confidential records restored and re-read while at RMA or with another party. In addition, the drive must be locked to only one assigned platform to prevent unauthorized access to the information while connected to another computer. To avoid complications during the shop floor operations, a simple protocol is required, such as a simple password protected and one-touch erase safety mechanism.
Advantech's 820 series SQFlash drive (2.5" SSD, mSATA & SATAslim) with Advanced Encryption Standard (AES) encryption supports a military-grade one-touch erase mechanism for complete data wipe and a flash lock for securing the drive to one designated platform.
An AES 256-bit encryption key is generated in the drive's security controller before the data gets stored on the NAND flash. Thus, when the controller or firmware fails, the data that is securely stored in the encryption key becomes inaccessible through the NAND flash. Flash Lock, a mechanism that uses the BIOS identifier to secure the SQFlash drive to a particular motherboard, enables the drive to only operate with that corresponding platform so the data cannot be compromised by other devices. To enable this function, an AES encrypted drive must be used with a custom BIOS that contains a unique factory identifier. Because Flash Lock utilizes only the SQFlash firmware and BIOS, it is exclusive to certain Advantech products.
The One-Touch Emergency Erase mechanism is embedded in the SQFlash drive and triggered by two methods: through a hardware jumper or through Advantech's software utility. Once executed, the drive deletes the AES key and immediately resets. Even if a power failure occurs during the erase, the system continues erasing the physical IC block once power is applied. The cleared blocks will be overwritten entirely with "FF" data.
Other military protocols can be triggered to erase data through specific commands and definitions in less than a second., The firmware is destroyed and the drive immediately becomes unusable. The LBA table sets to zero once the AES key is reset. Because the encryption key stored in the firmware resets to a new drive state, the remaining data in the flash IC physical layer becomes unrecoverable and uncrackable.
The customer received Advantech API to develop his or her own password-protected program requirements for controlling the Flash Lock and One-Touch Erase functionalities of the 820 series SQFlash drive.
Flash Lock activation allows the 820 SQFlash drive to lock in with the customer's selected Advantech platform, restricting the data from being read or copied onto other platforms without authorized access, even after the drive is removed.
The One-Touch Erase mechanism will destroy the AES key, while instantly replacing it with a new key. Data on NAND is quickly and securely erased and overwritten with "FF" data.
With all the security features that the 820 series SQFlash drive has to offer, Advantech alleviates any concerns the customer may have regarding data and privacy protection.