A method for host authentication of removable storage devices and an optional method for authentication of hosts by removable storage devices are specified by this standard. Both methods are certificate based and manageable by device owners. In addition, a method for identifying non-storage capabilities of removable storage devices is specified.

This project defines a standard protocol for secure authentication and creation of trust between a secure host and directly attached Transient and other Storage Devices, such as a Universal Serial Bus (USB) flash drive, portable hard drive, or cellular phone. The protocol has only an indirect relationship with data integrity/security, and does not directly address issues of authorization and enforcement. The protocol also does not address devices that are attached using a network connection. However, a device that uses a point-to- point wireless connection such as wireless USB may comply with this protocol.

Industry has witnessed explosive private and corporate growth in use of transient and externally attached storage devices. Although these devices often serve much the same functionality that floppy disks once did, the necessity of authentication (one and two way) on such devices has become paramount. Enterprises are now beginning to require authentication of devices before connection by a host is permitted. No standard way of accomplishing that authentication exists for these devices. This standard will act to ensure the security of the enterprise using these devices while allowing a continued robust market and a convenient method of transporting information for the user.