Storage silo definitions
The following definitions are useful for storage silo driver developers.
Term | Definition |
---|---|
IEEE 1667 | A standard protocol for secure authentication and creation of trust between a secure host and a directly attached Transient Storage Device (TSD), such as a USB flash drive, portable hard drive, or cellular phone.» For more information, see IEEE 1667-2018 — IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices. |
1667 authentication silo | A 1667 silo whose function provides either authentication of host to device, device to host, or both. |
1667 standard authentication silo | A standard certificate or password authentication silo defined in the base 1667 specification for which Microsoft is shipping drivers. |
1667 USB Flash Device (UFD) | USB flash device implementing the 1667 command set according to the IEEE 1667 specification. |
Third-party authentication silo | Silo not defined in the base set of 1667 specified standard authentication silos implementing the authentication function. |
third-party silo | Silo not contained in the set of 1667 specified standard silos. The function is proprietary and not documented in the IEEE 1667 base standard. Sometimes referred to as an «unknown» silo. |
Addressable command target (ACT) | Independent unit of access that accepts 1667 commands and optionally provides access to user data (see Logical Unit). According to the 1667 specification, an ACT is not required to provide a user data access function. A 1667 device may implement one or more ACTs. |
Authentication | (As it relates to IEEE 1667) the act of verifying the veracity of the identity claimed by either the host or the device. In the password authentication case, a secret password established by the user of the device is the credential that serves this purpose. In the certificate authentication case, possession of the private key must be proven by successfully decrypting a random stream of bytes encrypted with the paired public key. |
Authorization | Indication that concomitant access to the governed resource is authorized after a device or host identity has been authenticated. Host-to-device authentication governs authorized access to the user data portion of the associated ACT, whereas successful device-to-host authentication authorizes the connected data channel between the device and the host. |
Certificate silo (Cert Silo) | Authentication silo that uses certificates and associated public-private key pairs as the basis for authentication. |
Legacy mass storage (or Legacy UFD) | A USB mass storage (or USB flash device) not implementing the 1667 command set. |
Logical unit (LUN) | Independent unit of access for user data contained on a device that is exposed as a single disk on the host system. A LUN is synonymous with a data-bearing 1667 ACT currently in the authorized state. Some UFDs are multi-LUN-capable. |
Password silo (PW Silo) | Authentication silo using pass-phrase matching as the basis for authentication. |
Removable media bit (RMB) | A bit contained in the device response to the SCSI INQUIRY command (0x12) that indicates whether the media is removable (RMB=1) or fixed (RMB=0). Not to be confused with the Removable field of the DEVICE_CAPABILITIES used to indicate whether a PDO represents a hot-pluggable device, RMB refers to a property of the media rather than the device itself. Media for which RMB=1 is treated differently by the system than show media with RMB=0. |
Silo | Independent functional unit that responds to 1667 commands. To each ACT one or more silos may be attached. A 1667 silo command may be addressed to a particular ACT index and silo index. |
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Windows driver documentation
SSD Manager
Kingston® SSD Manager — это приложение, предоставляющее пользователям возможность контроля и управления различными параметрами твердотельных накопителей Kingston®.
With Kingston® SSD Manager имеет следующие возможности:
- Контроль исправности, состояния и использования накопителя
- Просмотр идентификационных данных накопителя, включая название модели, серийный номер, версию встроенного ПО и другую информацию
- Просмотр и экспорт подробных отчетов об исправности и состоянии накопителя
- Обновление встроенного ПО накопителя
- Безопасное удаление данных
- Управление TCG Opal и IEEE 1667
- Увеличенная резервная область с использованием защищенной области данных на диске (HPA)
Поддерживаемые операционные системы
Требования к операционной системе для Kingston® SSD Manager см. в приведенной ниже таблице.
Версия программного обеспечения | Поддерживаемые операционные системы |
---|---|
Kingston® SSD Manager x64 v1.5.X.X | Windows 10, 11 x64 |
Kingston® SSD Manager v1.1.X.X | Windows 8, 8.1, 10 x86, x64 |
Системные требования
Для использования Kingston® SSD Manager требуется следующее:
- Один или несколько твердотельных накопителей Kingston®
- Режим AHCI в BIOS
- Права администратора в Windows®
Примечание. Некоторые прежние модели твердотельных накопителей Kingston® могут не поддерживаться приложением Kingston® SSD Manager x64 v1.5.X.X. В этом случае можно продолжить использование версии Kingston® SSD Manager v1.1.X.X.
Процесс установки
- Щелкните ссылку на Kingston SSD Manager (KSM), чтобы начать загрузку программного обеспечения.
- Найдите загруженный файл и распакуйте содержимое.
- Запустите исполняемый файл KSM Setup от имени администратора.
- Следуйте подсказкам мастера установки Setup Wizard и выполните установку ПО KSM.
- После завершения установки может потребоваться перезапуск системы.
Примечание для пользователей MAC и Linux
ПО Kingston SSD Manager несовместимо с операционными системами Mac OS и Linux.
Примечание относительно корпусов для USB-накопителей
При работе с Kingston® SSD Manager рекомендуется использовать встроенный интерфейс для твердотельных накопителей Kingston®. Корпуса USB не поддерживаются.
IEEE 1667-2018
IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices
Discovery, authentication, and authorization protocols between hosts and storage devices over multiple transports are defined in this standard.
Sponsor Committee C/CPSC — Cybersecurity and Privacy Standards Committee
Learn More About C/CPSC — Cybersecurity and Privacy Standards Committee Status Active Standard PAR Approval 2016-06-30 Superseding 1667-2015 Board Approval 2018-06-14 History Published: 2018-10-02
Working Group Details
Society IEEE Computer Society
Learn More About IEEE Computer Society Sponsor Committee C/CPSC — Cybersecurity and Privacy Standards Committee
Learn More About C/CPSC — Cybersecurity and Privacy Standards Committee Working Group 1667_WG — Working Group for 1667
IEEE Program Manager Tom Thompson
Contact Tom Thompson Working Group Chair Curtis E Stevens
Other Activities From This Working Group
- Active Projects
- Active Standards
- Superseded Standards
- Inactive-Withdrawn Standards
- Inactive-Reserved Standards
Current projects that have been authorized by the IEEE SA Standards Board to develop a standard.
No Active Projects
Standards approved by the IEEE SA Standards Board that are within the 10-year lifecycle.
No Active Standards
These standards have been replaced with a revised version of the standard, or by a compilation of the original active standard and all its existing amendments, corrigenda, and errata.
1667-2006
IEEE Standard Protocol for Authentication in Host Attachments of Transient Storage Devices
This project defines a standard protocol for secure authentication and creation of trust between a secure host and a directly attached Transient Storage Device (TSD), such as a USB flash drive, portable hard drive, or cellular phone. The protocol has only an indirect relationship with data integrity/security, and does not directly address issues of authorization and enforcement. The protocol also does not address devices that are attached using a network connection. However, a device that uses a point-to-point wireless connection such as WUSB may comply with this protocol.
1667-2009
IEEE Standard for Authentication in Host Attachments of Transient Storage Devices
This project defines a standard protocol for secure authentication and creation of trust between a secure host and a directly attached Transient and other Storage Devices, such as a USB flash drive, portable hard drive, or cellular phone. The protocol has only an indirect relationship with data integrity/security, and does not directly address issues of authorization and enforcement. The protocol also does not address devices that are attached using a network connection. However, a device that uses a point-to-point wireless connection such as WUSB may comply with this protocol.
1667-2015
IEEE Standard for Discovery, Authentication, and Authorization in Host Attachments of Storage Devices
Discovery, authentication, and authorization protocols between hosts and storage devices over multiple transports are defined in this standard. It specifies a new Silo Type Identifier (STID) allocation process that uses the IEEE Registration Authority.
These standards have been removed from active status through a ballot where the standard is made inactive as a consensus decision of a balloting group.
No Inactive-Withdrawn Standards
These standards are removed from active status through an administrative process for standards that have not undergone a revision process within 10 years.
No Inactive-Reserved Standards
About Enhanced Storage
Enhanced Storage currently supports devices implementing the IEEE 1667 standard (http://www.ieee1667.com) which defines a mechanism of storage target authentication prior to data access. Even more useful is the fact that the standard also defines a generic mechanism by which any customized function implemented by the storage device can be discovered and accessed. For more information on Enhanced Storage, see Overview of the Enhanced Storage Certificate Management Tool.
Enhanced Storage provides Windows applications with methods to:
- Discover and access additional functions available on an Enhanced Storage device.
- Discover and invoke function-specific workflow called action for an Enhanced Storage device.
- Authenticate access to an Enhanced Storage device that supports device authentication.
For additional implementation details, see Using Enhanced Storage.