Imagine a PCB which has 2 SATA interfaces (or other interfaces used for data exchange with data storage hardware), a button, RS232 interface, ionistor, a microchip and other hardware needed for operation.
Microchip has a cryptoprocessor and NVRAM.
Also there is a cradle with RS232 and a button.
Microchip is protected. It has two keys: one key is stored in NVRAM, another key (let's name it "chip key") is generated using analog data collected from "protection circuits", such as capacitance, inductance, resistivity and other (every chip should have unique protection circuits so different chips should have different chip keys).
Changing analog characteristics a little should cause a great change in a key. Also we need other physical protection measures. This should make impossible physical cracking of the chip: if an attacker used acid, a microscope and needles to get signals from the chip, he would change its analog characteristics which cause destroying of the chip key.
When one hits a button a new key is generated by cryptoprocessor and overwrites the old key stored in NVRAM. Also it transmits the key via interface to make backup of it (the cradle records it, and then the user can hide the cradle in a safe place).
Most of the time the device encrypts/decrypts the data transmitted via SATA cable using the chip key and the key from NVRAM and changes the offsets (based on the keys).
If a person needs to destroy the data on the disk quickly he just hits the button and the key is overwritten, and the data can no longer be recovered (without breaking the encryption, thermorectal (or rubber hose) cryptanalysis, finding the cradle or other ways to get data without breaking the encryption).
If the person needs to restore the key it overwrites the key in the NVRAM using RS232 interface. For example he can connect the cradle and hit the button on it.
Cryptoprocessor should allow to use a wide range of cryptography algorithms, for example GOST 28147-89 .
Creative Commons License
Idea of cryptographic hardware by KOLANICH is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
<?xpacket begin='' id=''?>
<x:xmpmeta xmlns:x='adobe:ns:meta/'>
<rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'>
<rdf:Description rdf:about=''
xmlns:xapRights='http://ns.adobe.com/xap/1.0/rights/'>
<xapRights:Marked>True</xapRights:Marked>
</rdf:Description>
<rdf:Description rdf:about=''
xmlns:xapRights='http://ns.adobe.com/xap/1.0/rights/'
>
<xapRights:UsageTerms>
<rdf:Alt>
<rdf:li xml:lang='x-default' >This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/">Creative Commons Attribution-ShareAlike 3.0 Unported License</a>.</rdf:li>
<rdf:li xml:lang='ru' >Это произведение доступно по <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/">лицензии Creative Commons «Attribution-ShareAlike» («Атрибуция — На тех же условиях») 3.0 Непортированная</a>.</rdf:li>
<rdf:li xml:lang='en' >This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/">Creative Commons Attribution-ShareAlike 3.0 Unported License</a>.</rdf:li>
</rdf:Alt>
</xapRights:UsageTerms>
</rdf:Description>
<rdf:Description rdf:about=''
xmlns:dc='http://purl.org/dc/elements/1.1/'>
<dc:title>
<rdf:Alt>
<rdf:li xml:lang='x-default'>Idea of cryptographic hardware</rdf:li>
<rdf:li xml:lang='en'>Idea of cryptographic hardware</rdf:li>
<rdf:li xml:lang='ru'>Идея криптографического устройства</rdf:li>
</rdf:Alt>
</dc:title>
</rdf:Description>
<rdf:Description rdf:about=''
xmlns:cc='http://creativecommons.org/ns#'>
<cc:license rdf:resource='http://creativecommons.org/licenses/by-sa/3.0/'/>
</rdf:Description>
<rdf:Description rdf:about=''
xmlns:cc='http://creativecommons.org/ns#'>
<cc:attributionName>KOLANICH</cc:attributionName>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>
<?xpacket end='r'?>