Method and apparatus for securing computer mass storage data

US 10,395,044 B2
Filed: 08/22/2016
Issued: 08/27/2019
Est. Priority Date: 08/20/2013
Status: Active Grant

First Claim

Patent Images

1. A system for securely storing computer system data comprising:

a mass storage including a SATA device;

a host processor system including a SATA host, the host processor system executing an operating system and applications that produce and use data stored on the mass storage via the SATA host; and

a secure subsystem including a SATA complex, the secure subsystem being interposed between the SATA host of the host processor system and the SATA device of the mass storage,wherein the SATA complex includes a SATA device core that communicates with the SATA host of the host processor system when the operating system and applications are producing and using the data stored on the mass storage device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, embodiments of the invention include methods and apparatuses for securely storing computer system data. Embodiments of the invention encrypt and decrypt SATA data transparently to software layers. That makes it unnecessary to make any software modifications to the file system, device drivers, operating system, or application. Encryption key management is performed either remotely on a centralized Remote Management System or locally. Embodiments of the invention implement background disk backups using snapshots. Additional security features that are included in embodiments of the invention include virus scanning, a virtual/network drive, a RAM drive and a port selector that provides prioritized and/or background access to SATA mass storage to a secure subsystem.

Citations

16 Claims

1. A system for securely storing computer system data comprising:
- a mass storage including a SATA device;
  
  a host processor system including a SATA host, the host processor system executing an operating system and applications that produce and use data stored on the mass storage via the SATA host; and
  
  a secure subsystem including a SATA complex, the secure subsystem being interposed between the SATA host of the host processor system and the SATA device of the mass storage,wherein the SATA complex includes a SATA device core that communicates with the SATA host of the host processor system when the operating system and applications are producing and using the data stored on the mass storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A system according to claim 1, wherein the secure subsystem includes an encryption module that transparently encrypts the data produced by the operating system and applications of the host processor system before it is stored on the mass storage.
  - 3. A system according to claim 2, wherein the secure subsystem includes a decryption module that transparently decrypts the data stored on the mass storage that was encrypted by the encryption module before it is used by the operating system and applications of the host processor system.
  - 4. A system according to claim 1, wherein the secure subsystem includes a port selector for controlling an input and output of data on the mass storage device.
  - 5. A system according to claim 4, wherein the port selector chooses to input the data from either the host processor system or the secure subsystem.
  - 6. A system according to claim 4, wherein the port selector chooses to output data to either the mass storage, a RAM drive included in the secure subsystem, or a virtual drive.
  - 7. A system according to claim 4, wherein the port selector enables prioritized access to the mass storage device by either the host processor system or the secure subsystem.
  - 8. A system according to claim 1, wherein the secure subsystem includes a port multiplier for providing a host drive interface in the host processor system access to a plurality of drives.
  - 9. A system according to claim 8, wherein the plurality of drives include one or more of a hard drive, a solid state drive, a RAM drive, a virtual drive, and a snapshot drive.
  - 10. A system according to claim 1, further comprising a volatile memory, wherein the secure subsystem includes a RAM drive controller coupled to the volatile memory for providing the host processor system access to a RAM drive in the volatile memory.
  - 11. A system according to claim 1, further comprising a remote management system interface adapted to be coupled to a network, wherein the secure subsystem includes a virtual drive controller coupled to the remote management system interface for providing the host processor system access to a virtual drive in the network.
  - 12. A system according to claim 1, wherein the secure subsystem includes a snapshot manager that provides the host processor system access to one of a plurality of stored snapshots of the data on the mass storage.
  - 13. A system according to claim 1, wherein the mass storage comprises a hard disk drive.
  - 14. A system according to claim 1, wherein the mass storage comprises a solid state disk drive.

15. A standalone computer system, comprising:
- a host processor subsystem that executes an operating system and applications that produce and use host data, the host processor subsystem having an interface for causing the host data to be stored on and accessed from a mass storage device;
  
  a secure subsystem that communicates with the interface so as to control the storage and access of the host data transparently to and independently from the host processor subsystem, and wherein the secure subsystem selectively causes the host data to be stored on one of a RAM drive in volatile memory in the standalone computer system, a hard drive in the standalone computer system or a virtual drive on a network; and
  
  a motherboard to which the host processor subsystem and the secure subsystem are commonly attached.
- View Dependent Claims (16)
- - 16. A standalone computer system according to claim 15, wherein the interface comprises a SATA host, the secure subsystem including a SATA device core for communicating with the SATA host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Janus Technologies, Inc.
Original Assignee
Janus Technologies, Inc.
Inventors
Wang, Michael, Porten, Joshua, Raskin, Sofin, Borisov, Mikhail
Primary Examiner(s)
Rojas, Midys

Application Number

US15/243,826
Publication Number

US 20160357973A1
Time in Patent Office

1,100 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 12/14   Protection against unauthor...

G06F 12/1408   by using cryptography for d...

G06F 12/1416   by checking the object acce...

G06F 12/1425   the protection being physic...

G06F 12/1458   by checking the subject acc...

G06F 12/16   Protection against loss of ...

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

G06F 21/80   in storage media based on m...

G06F 2213/0032   Serial ATA [SATA]

G06F 3/0614   Improving the reliability o...

G06F 3/0619   in relation to data integri...

G06F 3/062   Securing storage systems

G06F 3/0623   in relation to content

G06F 3/0661   Format or protocol conversi...

G06F 3/0673   Single storage device

Method and apparatus for securing computer mass storage data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securing computer mass storage data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links