Storage controller conditioning host access to stored data according to security key stored in host-inaccessible metadata
First Claim
1. A data storage method for use in a storage system including a storage controller serving one or more hosts where the storage controller is coupled to a digital data storage, the storage containing host-accessible user data accessed by the storage controller on behalf of hosts and host-inaccessible metadata used by the storage controller to manage storage of the host-accessible data, the method comprising operations of:
- the storage controller receiving a write request from one of the hosts, the request including target data and a security key;
the storage controller storing the target data in the digital data storage and storing the security key in metadata in association with the target data;
requiring host provision of a security key with prescribed relationship to the stored security key as a condition to granting future host requests to access the target data in the digital data storage.
1 Assignment
0 Petitions
Accused Products
Abstract
A storage controller conditions host access to stored data objects upon host provision of a proposed key with matching or other prescribed relation to a security key stored in host-inaccessible metadata that is associated with the stored data object. The security key may be established upon writing the data or allocating storage space, for example. This enables the storage controller or device to be attached directly to a network without compromising security or having to add an intermediate server to perform security functions. Another implementation concerns sound recording playback devices that only play sound tracks for which the user has purchased an appropriate security key.
-
Citations
41 Claims
-
1. A data storage method for use in a storage system including a storage controller serving one or more hosts where the storage controller is coupled to a digital data storage, the storage containing host-accessible user data accessed by the storage controller on behalf of hosts and host-inaccessible metadata used by the storage controller to manage storage of the host-accessible data, the method comprising operations of:
-
the storage controller receiving a write request from one of the hosts, the request including target data and a security key;
the storage controller storing the target data in the digital data storage and storing the security key in metadata in association with the target data;
requiring host provision of a security key with prescribed relationship to the stored security key as a condition to granting future host requests to access the target data in the digital data storage. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A data storage method for use in a storage system including a storage controller coupled to a digital data storage where the storage controller serves one or more hosts, the storage containing host-accessible user data accessed by the storage controller on behalf of hosts and host-inaccessible metadata used by the storage controller to manage storage of the host-accessible data, the method comprising operations of:
-
the storage controller receiving an allocation request from one of the hosts;
the storage controller allocating a region of the digital data storage and storing a security key in metadata associated with the allocated region;
requiring host provision of a security key with prescribed relation to the stored security key as a condition to granting future host requests to access data in the allocated region of the digital data storage. - View Dependent Claims (7, 8, 9)
-
-
10. A data security method for use in a storage system including a storage controller responsive to one or more hosts where the storage controller is coupled to a digital data storage, the storage containing host-accessible user data accessed by the storage controller on behalf of hosts and host-inaccessible metadata used by the storage controller to manage storage of the host-accessible data, the method comprising operations of:
-
the storage controller receiving a storage access request from one of the hosts, the request including a proposed security key and an identification of a requested data object contained on the digital data storage;
the storage controller retrieving a security key stored in metadata of the requested data object in the digital data storage, and then determining whether the stored security key and the proposed security key exhibit a prescribed relationship; and
only if the proposed and stored security keys exhibit the prescribed relationship, the storage controller executing the storage access request, otherwise aborting the storage access request. - View Dependent Claims (11)
-
-
12. A signal-bearing medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus to perform data storage operations in a storage system including a storage controller coupled to a digital data storage and serving data requests of one or more hosts, the storage containing host-accessible user data accessed by the storage controller on behalf of hosts and host-inaccessible metadata used by the storage controller to manage storage of the host-accessible data, the operations comprising:
-
the storage controller receiving a write request from one of the hosts, the request including target data and a security key;
the storage controller storing the target data in the digital data storage and storing the security key in metadata in association with the target data;
requiring host provision of a security key with prescribed relation to the stored security key as a condition to granting future host requests to access the target data in the digital data storage. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A signal-bearing medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus to perform data storage operations in a storage system including a storage controller coupled to a digital data storage and serving data requests of one or more hosts, the storage containing host-accessible user data accessed by the storage controller on behalf of hosts and host-inaccessible metadata used by the storage controller to manage storage of the host-accessible data, the operations comprising:
-
the storage controller receiving an allocation request from one of the hosts;
the storage controller allocating a region of the digital data storage and storing a security key in metadata associated with the allocated region;
requiring host provision of a security key with prescribed relation to the stored security key as a condition to granting future host requests to access data in the allocated region of the digital data storage. - View Dependent Claims (18, 19)
-
-
20. A signal-bearing medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus to perform data storage operations in a storage system including a storage controller coupled to a digital data storage and serving one or more hosts, the storage containing host-accessible user data accessed by the storage controller on behalf of hosts and host-inaccessible metadata used by the storage controller to manage storage of the host-accessible data, the operations comprising:
-
the storage controller receiving a storage access request from one of the hosts, the request including a proposed security key and an identification of a requested data object contained on the digital data storage;
the storage controller retrieving a security key stored in metadata of the requested data object in the digital data storage, and then determining whether the. stored security key and the proposed security key exhibit the prescribed relationship; and
only if the proposed and stored security keys exhibit the prescribed relationship, the storage controller executing the storage access request, otherwise aborting the storage access request.
-
-
21. A data storage system accessible by one or more hosts, comprising:
-
a digital data storage containing user data and describing the user data;
the storage controller, coupled to the storage, and programmed to utilize the metadata to manage the user data while rendering the metadata inaccessible to hosts and to selectively access the user data on behalf of hosts by performing operations comprising;
receiving a write request from one of the hosts, the request including target data and a security key;
storing the target data in the digital data storage and storing the security key in metadata in association with the target data;
requiring host provision of a security key with prescribed relation to the stored security key as a condition to granting future host requests to access the target data in the digital data storage. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A data storage system accessible by one or more hosts, comprising:
-
a digital data storage containing user data and metadata describing the user data;
a storage controller, coupled to the storage, and programmed to utilize the metadata to manage the user data while rendering the metadata inaccessible to hosts and to selectively access the user data on behalf of hosts and programmed to perform further operations comprising;
the storage controller receiving an allocation request from one of the hosts;
the storage controller allocating a region of the digital data storage and storing a security key in metadata associated with the allocated region;
requiring host provision of a security key with prescribed relation to the stored security key as a condition to granting future host requests to access data in the allocated region of the digital data storage. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A storage controller programmed to perform operations to manage access to digital data storage containing host-accessible user data accessible by the storage controller on behalf of hosts and also containing host-inaccessible metadata accessible by the storage controller to manage storage of the host-accessible data, the operations comprising:
-
the storage controller receiving a storage access request from one of the hosts, the request including a proposed security key and an identification of a requested data object contained on the digital data storage;
the storage controller retrieving a security key stored in metadata of the requested data object in the digital data storage, and then determining whether the stored security key and the proposed security key exhibit a prescribed relationship; and
only if the proposed and stored security keys exhibit the prescribed relationship, the storage controller executing the storage access request, otherwise aborting the storage access request. - View Dependent Claims (34)
-
-
35. A data storage system accessible by one or more hosts, comprising:
-
digital data storage means for containing user data; and
the storage controller means, coupled to the storage means, for utilizing the metadata to manage the user data while rendering the metadata inaccessible to hosts selectively accessing the user data on behalf of host;
receiving a write request from one of the hosts, the request including target data and a security key;
storing the target data in the storage means and storing the security key in metadata in association with the target data;
requiring host provision of a security key with prescribed relation to the stored security key as a condition to granting future host requests to access the target data in the storage means.
-
-
36. A data storage system accessible by one or more hosts, comprising:
-
digital data storage means for containing user data and metadata describing the user data;
the storage controller means, coupled to the storage means, for utilizing the metadata to manage the user data while rendering the metadata inaccessible to hosts selectively accessing the user data on behalf of hosts and managing access to the digital data storage by hosts by;
the storage controller receiving an allocation request from one of the hosts;
the storage controller allocating a region of the storage means and storing a security key in metadata associated with the allocated region;
requiring host provision of a security key with prescribed relation to the stored security key as a condition to granting future host requests to access data in the allocated region of the storage means.
-
-
37. A data storage system accessible by one or more hosts, comprising:
-
digital data storage means for containing user data and metadata describing the user data;
the storage controller means, coupled to the storage means, for utilizing the metadata to manage the user data while rendering the metadata inaccessible to hosts selectively accessing the user data on behalf of hosts and managing access to the digital data storage by hosts by;
the storage controller receiving a storage access request from one of the hosts, the request including a proposed security key and an identification of a requested data object contained on the storage means;
the storage controller retrieving a security key stored in metadata of the requested data object in the storage means, and then determining whether the stored security key and the proposed security key exhibit a prescribed relationship; and
only if the proposed and stored security keys exhibit the prescribed relationship, the storage controller executing the storage access request, otherwise aborting the storage access request.
-
-
38. A method of distributing sound recordings with selective playback characteristics, comprising operations of:
-
distributing machine-readable data storage media to customers, each including numerous sound segments each segment including a sound recording and metadata including an associated security key;
where the data storage media have a format that is unreadable by conventional playback devices, by including specific structure for use by playback devices requiring customer input of a security key with prescribed relationship to the stored security key as a condition to playback of the sound recording associated with the security key;
selling security keys to customers. - View Dependent Claims (39, 40, 41)
-
Specification