Posts: 1
Registered: ‎08-18-2018

Storing X400 Encryption Keys Without a TPM

My team is developing a new medical device and we want to encrypt the SSD to protect patient-specific data. We are considering a X400 SSD and having hardware encryption enabled all the time.


These devices are large and not easily removed or stolen like a laptop. Due to the intensive care nature of the product we do not want to have a nurse to log in or enter any password or other credentials while a patient is unconscious. The concern is not to protect the data in the hospital while the SSD is installed and operational in the system at use. The concern is if the SSD was separated from the system during servicing or from a drive failure. We are looking for a way to enable hardware encryption and use existing memory for a unique key, such as the motherboard serial number, unit serial number stored in BIOS or another non-volatile method to store or use as the encryption key for that unit such that no password is required for the nurse at boot time when the system needs to be used on a patient. We are considering a "fob" thumb drive affixed into the motherboard USB port, but that adds cost and complexity in manufacturing. I know this is like using a sticky note with the combination on the outside of a safe, but I am not trying to protect the data from access when the SSD is in it's proper system configuration.


Any ideas on using BIOS or other existing memory to store the keys or utilize other data already on the motherboard or other peripherals as the key for access at boot without user intervention and how you would set it up?


Thanks for any help.