A secure computing environment in which a computer automatically operates in a
full-access data storage mode when it detects the presence of a secure removable
storage device. In full-access mode all data written to removable storage device
is encrypted with a cryptographic key and the user is given access to sensitive
if authorized. Otherwise, the computer operates in a restricted-access mode in
which the user is unable to write to the removable storage device and is unable
to access sensitive data. The invention detects security information on the data
storage device and generates a cryptographic key from the security information.
The security information can be a function of the unique format characteristics
of the underlying storage medium, a unique identifier retrieved from an electronic
circuit embedded within the removable storage device or a serial number etched
on the storage device during manufacturing. In addition, drive-specific information
and even user-specific information can also be used to generate the cryptographic
key, thereby creating a highly secure computing environment. When the computer
operates in a full-access mode, all data written to the storage device is encrypted
and the user is able access to sensitive data within the organization. When security
information is not present on the removable storage device the computer automatically
operates in a restricted-access mode in which the user does not have access to
sensitive data and data cannot be written to the removable storage device.