Storage area network (san) security

US 20040078599A1
Filed: 08/28/2003
Published: 04/22/2004
Est. Priority Date: 03/01/2001
Status: Active Grant

First Claim

Patent Images

1. A method for Storage Area Network (SAN) security comprising booting, the SAN comprising:

physical devices comprising a first array of hosts (1) and a second array of storage devices (4), a storage network (5′

) with network links (5), a users network (6′

) with users network links (6), and a SAN Switch (2, 2A) coupled intermediate the first array and the second array and to each physical device via network links and to the users network via a users network link, the SAN Switch routing I/O commands to the physical devices and being configured for accepting zoning commands defining zones for communication between at least one host and at least one storage device, the method being characterized by comprising the steps of;

operating binary zoning for security comprising default zoning and work zoning permitting the creation of, respectively, at least one default zone and at least one work zone, the binary zoning always first residing in default zoning, and in default zoning;

mutually isolating each one of the physical devices, and running a security procedure on each one of the physical devices for legitimacy verification, and in work zoning;

zoning only legitimate physical devices.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for the binary zoning of a Storage Area Network (SAN) for security is disclosed, for a SAN with physical devices consisting of a first array of hosts (1) and a second array of storage devices (4), and a SAN Switch (2, 2A) coupled intermediate the hosts and the storage devices. The SAN Switch routes I/O commands and accepts zoning commands. The method is based on starting operation of the SAN with mutually isolated physical devices and accepting zoning commands only after running security verification procedures requiring that hosts be authenticated and that storage devices be identified. Zoning is dynamically controlled from a workstation (8) operated by a System Administrator entering meta-zoning instructions which are used to automatically program the zoning of the SAN Switch for legitimate physical devices. The method is implemented for security and booting of a SAN.

Citations

72 Claims

1. A method for Storage Area Network (SAN) security comprising booting, the SAN comprising:
- physical devices comprising a first array of hosts (1) and a second array of storage devices (4), a storage network (5′
  
  ) with network links (5), a users network (6′
  
  ) with users network links (6), and a SAN Switch (2, 2A) coupled intermediate the first array and the second array and to each physical device via network links and to the users network via a users network link, the SAN Switch routing I/O commands to the physical devices and being configured for accepting zoning commands defining zones for communication between at least one host and at least one storage device, the method being characterized by comprising the steps of;
  
  operating binary zoning for security comprising default zoning and work zoning permitting the creation of, respectively, at least one default zone and at least one work zone, the binary zoning always first residing in default zoning, and in default zoning;
  
  mutually isolating each one of the physical devices, and running a security procedure on each one of the physical devices for legitimacy verification, and in work zoning;
  
  zoning only legitimate physical devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 22, 23, 24, 25, 26, 47)
- - 2. The method according to claim 1, characterized by comprising the steps of:
    - running, in default zoning, of the security procedure and thereafter, creating, in work zoning, of at least one work zone comprising at least one legitimate host and at least one legitimate storage device.
  - 3. The method according to claim 1 or 2, wherein running the security procedure further comprises the steps of:
    - running an authentication procedure for presence and legitimacy verification of each one host out of the first array, and an identification procedure for presence and legitimacy verification of each one storage device out of the second array.
  - 4. The method according to claim 1, or 2, or 3, further comprising the steps of:
    - running continuously the security procedure for presence and legitimacy verification of the physical devices actually coupled in operation with the SAN, and rezoning in real time the at least one work zone according to configuration changes associated with running the security procedure continuously.
  - 5. The method according to claim 3, wherein a host comprises at least one HBA which is identified by a first WWN (World Wide Number), and a storage device comprises at least one LU (Logical Unit), and identified by a second WWN and by at least one LUN (Logical Unit Number), the security procedure being further characterized by comprising the steps of:
    - authenticating each one host out of the first array independently of the first WWN, and identifying each one storage device out of the second array by the second WWN and by the at least one LUN.
  - 6. The method according to claim 1, wherein the SAN further comprises:
    - a System Administration (SA) workstation coupled to the users network and to the SAN Switch, the SA workstation being configured for managing, securing and booting the SAN, and the method being further characterized by comprising the steps of;
      
      entering meta-zoning instructions via the SA workstation, the meta-zoning instructions defining programming commands for automatically deriving default zoning and work zoning, and programming automatically the SAN Switch, according to the meta-zoning instructions, into default zones and work zones.
  - 7. The method according to claim 6, further characterized by the step of controlling dynamically the binary zoning of the SAN Switch by entering meta-zoning instructions via the SA workstation.
  - 8. The method according to claim 6, wherein the SAN further comprises:
    - at least one HBA in each one host out of the first array, and the meta-zoning instructions are further characterized by comprising;
      
      instructions for zoning in a work zone at least one HBA pertaining to a legitimate host with at least one legitimate storage device.
  - 9. The method according to claim 6, wherein the SAN further comprises:
    - at least one legitimate host out of the first array comprising a plurality of HBAs, and the meta-zoning instructions are further characterized by comprising;
      
      instructions for zoning in a work zone each one out of the plurality of HBAs comprised in a legitimate host with at least one legitimate storage device.
  - 10. The method according to claim 1, further comprising the step of:
    - burning-in the default zones in the SAN Switch, for automatically returning to and always start operation in default zoning, wherein the physical devices are mutually isolated.
  - 11. The method according to claim 1, wherein the SAN Switch comprises a plurality of ports, each port out of the plurality of ports having a port identity, and each one physical device is coupled to at least one port out of the plurality of ports, the security procedure being further characterized by comprising the step of:
    - verifying the legitimacy of each one of the physical devices independently of the port identity of the at least one port to which one physical device is coupled.
  - 12. The method according to claim 11, wherein the SAN Switch comprises a plurality of ports, for coupling each one physical device to at least one port out of the plurality of ports, the method being further characterized by returning immediately the at least one port from which a physical device is decoupled, to a default zone.
  - 13. The method according to claim 11, further characterized in that a port out of the plurality of ports of the SAN Switch always resides in a default zone when being coupled to a physical device.
  - 15. The method according to the claims 1 or 14, characterized by comprising the step of:
    - configuring the storage network as a Fibre Channel network.
  - 22. The method according to the claims 1 or 14, further characterized in that:
    - the SAN Firewall is packaged with the SAN Switch to form a single unit.
  - 23. The method according to the claims 1 or 14, further characterized in that:
    - the SAN Firewall and the SAN Switch are functionally integrated to form a single unit package.
  - 24. The method according to the claims 1 or 14, further characterized in that:
    - the SAN Firewall functions operate on a host selected from the first array.
  - 25. The method according to any of the claims 1 or 14, further characterized in that:
    - the SAN Firewall functions operate on a remote host coupled to the SAN Switch.
  - 26. The method according to any of the claims 1 to 14, further characterized in that:
    - the SAN Firewall functions operate on a remote host coupled to the SAN Switch via a network link coupled to a global communication network.
  - 47. The system according to claim 1 or 46, wherein the storage network is preferably a Fibre Channel network.

14. A method for Storage Area Network (SAN) booting, the SAN comprising:
- physical devices comprising a first array of hosts (1) and a second array of storage devices (4), a storage network (5′
  
  ) with network links (5), a users network (6′
  
  ) with users network links (6), and a SAN Switch (2) coupled intermediate the first array and the second array and to each physical device via network links and to the users network via a users network link, the SAN Switch routing I/O commands to the physical devices and being configured for accepting zoning commands defining zones for communication between at least one host and at least one storage device, the method being characterized by comprising the steps of;
  
  operating a binary zoning for booting comprising default zoning and work zoning permitting the creation of, respectively, at least one default zone and at least one work zone, the binary zoning always first residing in default zoning, and in default zoning;
  
  booting the first array of hosts in mutual isolation and starting the second array of storage devices, verifying operation of the physical devices, and in the working mode;
  
  zoning only operative physical devices.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method according to the claims 14 or 15, characterized by comprising the steps of:
    - running the boot procedure and thereafter, creating, in work zoning, of at least one work zone comprising at least one operative host and at least one operative storage device.
  - 17. The method according to claim 14, 15, or 16, further comprising the steps of:
    - running continuously the booting procedure for presence and operation verification of the physical devices actually coupled in operation with the SAN, and rezoning in real time the at least one work zone according to configuration changes associated with presence and operation of the physical devices actually coupled to the SAN.
  - 18. The method according to claim 14, wherein the SAN further comprises:
    - a System Administration (SA) workstation coupled to the users network and to the SAN Switch, and the method being further characterized by comprising the steps of;
      
      entering meta-zoning instructions via the SA workstation, the meta-zoning instructions defining default zoning and work zoning, and programming automatically the SAN Switch into work zones for operative physical devices according to the meta-zoning instructions.
  - 19. The method according to claim 14, further comprising the step of:
    - burning-in the default zones in the SAN Switch, for automatically returning to and always start operation in the default zoning, wherein the physical devices are mutually isolated.
  - 20. The method according to claim 19, wherein the SAN Switch comprises a plurality of ports, for coupling each one physical device to at least one port out of the plurality of ports, the method is further characterized by returning immediately the at least one port from which a physical device is decoupled, to the default zone.
  - 21. The method according to claim 19, further characterized in that a port out of the plurality of ports of the SAN Switch always resides in a default zone when being coupled to a physical device.

27. A system for operating SAN security and booting, the system comprising:
- physical devices comprising a first array of hosts (1) and a second array of storage devices (4), a storage network (5′
  
  ) with storage network links (5), a users network (6′
  
  ) with users network links (6), and a SAN Switch (2) coupled intermediate the first array and the second array and to each physical device via network links, and coupled to the users network via a users network link, the SAN Switch routing I/O commands to the physical devices and being configured for accepting zoning commands defining zones for communication between at least one host and at least one storage device, the SAN Switch comprising a plurality of ports for coupling each one of the physical devices to at least one port out of the plurality of ports by at least one network link (5), the system being characterized in that;
  
  a SAN Firewall (3) is coupled by a storage network link to a SAN-Firewall-port (sf) accommodated in the SAN Switch and coupled by a user network link to the users network, the SAN Firewall being configured to automatically program the SAN Switch into zones, with each zone residing in either one of a binary zoning comprising;
  
  in default zoning, at least one default zone counting only two ports, with a first SAN-Firewall-port coupled to the SAN Firewall and connected to a second device-port (h, d) coupled to and isolating a physical device, the SAN Firewall operating at least one security verification procedure on the isolated physical device, and in work zoning, at least one work zone coupling at least three ports, with a single SAN-Firewall-port (sf), and at least two ports coupling only security verified physical devices counting at least one host port (h), and at least one storage device port (d).
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 28. The system according to claim 27, further characterized in that:
    - the SAN Firewall operates the at least one security and booting procedure in associative operation with the physical devices upon start of the SAN, in default zoning, and the physical devices failing the at least one security and booting procedure remain isolated in a default zone.
  - 29. The system according to claim 27, further characterized in that:
    - the SAN Firewall continuously runs the at least one security and booting procedure in associative operation with the physical devices during operation of the SAN, to update configuration of legitimate physical devices.
  - 30. The system according to claim 27, or 28, or 29, wherein the at least one security and booting procedure is a security procedure for securing the SAN, whereby each one host out of the first array is verified for authenticity and each one storage device out of the second array is verified for identity.
  - 31. The system according to claim 27, further characterized by default zones being burnt-in in the SAN Switch to always start operation in default zoning.
  - 32. The system according to claim 31, further characterized by a port of the SAN Switch from which a physical device is decoupled, immediately returns to a default zone.
  - 33. The system according to claim 31, further characterized by a physical device being coupled to a port of the SAN Switch, always couples to a default zone.
  - 34. The system according to claim 27, further comprising:
    - a third array of user workstations (7) coupled to the users network and comprising a System Administrator (SA) workstation (8) coupled to the users network and to the SAN Firewall, the SA workstation being configured for managing, securing and booting the SAN, the system being further characterized in that;
      
      meta-zoning instructions, entered at the SA workstation are received at the SAN Firewall where programming commands are derived automatically to zone the SAN Switch in work zones.
  - 35. The system according to claim 34, further characterized by:
    - dynamically controlling binary zoning of the SAN Switch by entering meta-zoning instructions via the SA workstation.
  - 36. The system according to claim 27, wherein a host comprises at least one HBA (Host Bus Adaptor) which is identified by a first WWN (World Wide Number), and a storage device comprises at least one LU (Logical Unit) which is identified by a second WWN and by at least one LUN (Logical Unit Number), the security procedure being further characterized by comprising the steps of:
    - authenticating each one host out of the first array independently of the first WWN, and identifying each one storage device out of the second array by the second WWN and by the at least one LUN.
  - 37. The system according to claim 36, wherein the SAN further comprises:
    - at least one HBA in each one host out of the first array, and the meta-zoning instructions are further characterized by comprising;
      
      instructions for zoning in a work zone at least one HBA pertaining to a legitimate host with at least one legitimate storage device.
  - 38. The system according to claim 36, wherein the SAN further comprises:
    - at least one legitimate host out of the first array comprising a plurality of HBAs, and the meta-zoning instructions are further characterized by comprising;
      
      instructions for zoning in a work zone each one out of the plurality of HBAs comprised in a legitimate host with at least one legitimate storage device.
  - 39. The system according to claim 27, wherein each port out of the plurality of ports of the SAN Switch has a port identity, and each one physical device is coupled to at least one port out of the plurality of ports, the security procedure being further characterized by comprising:
    - verifying the legitimacy of each one of the physical devices independently of the port identity of the at least one port to which one physical device is coupled.
  - 40. The system according to claim 27, further characterized in that:
    - the at least one security and booting procedure is a booting procedure running in the SAN Firewall, as SAN Firewall functions to verify booting of each one host out of the first array and to verify operation of each one storage device out of the second array, allowing simultaneous booting of the first array of hosts in mutual isolation.
  - 41. The system according to claim 27, further characterized in that:
    - the SAN Firewall is packaged with the SAN Switch to form a single unit.
  - 42. The system according to claim 27, further characterized in that:
    - the SAN Firewall and the SAN Switch are functionally integrated to form a single unit package.
  - 43. The system according to claim 27, further characterized in that:
    - the SAN Firewall functions are operated on a host selected from the first array.
  - 44. The system according to claim 27, further characterized in that:
    - the SAN Firewall functions are operated on a remote host coupled to the SAN Switch.
  - 45. The system according to claim 27, further characterized in that:
    - the SAN Firewall functions are operated on a remote host coupled to the SAN Switch via a network link coupled to a global communication network.

46. A system for SAN booting, the system comprising:
- physical devices comprising a first array of hosts (1) and a second array of storage devices (4), a storage network (5′
  
  ) with storage network links (5), a users network (6′
  
  ) with users network links (6), and a SAN Switch (2) coupled intermediate the first array and the second array and to each physical device via network links, and coupled to the users network via a users network link, the SAN Switch routing I/O commands to the physical devices and being configured for accepting zoning commands defining zones for communication between at least one host and at least one storage device, the SAN Switch comprising a plurality of ports for coupling each one of the physical devices to at least one port out of the plurality of ports by at least one network link (5), the system being further characterized by configuring the SAN Switch for default zoning wherein each port out of the plurality of ports for coupling to a physical device is a mutually isolated default zone and the default zoning is burnt-in in the SAN Switch to always start operation in default zoning, whereby the physical device are mutually isolated, verifying the operation of at least one host of the first array, and operatively zoning the at least one operative host with at least one storage device.
- View Dependent Claims (48)
- - 48. The system according to claim 46, wherein the operative state of each host out of the first array is verified automatically.

49. A Security Computer Program (SCP) operating with a SAN for security and booting, the SAN comprising:
- physical devices comprising a first array of hosts (1) and a second array of storage devices (4), a third array of user workstations (7) comprising a System Administrator (SA) workstation (8), wherein each one host of the first array comprises at least one Host Bus Adaptor (HBA), a SAN Switch (2, 2A) intermediate the first array and the second array, for routing I/O commands to the physical devices and for accepting zoning commands, the SAN Switch comprising a plurality of ports, a storage network (5′
  
  ) with network links (5) coupling the SAN Switch to each one of the physical devices and to at least one port out of the plurality of ports by at least one network link (5), the SAN Switch routing I/O commands to the physical devices and being configured for accepting zoning commands defining zones for communication between at least one host and at least one storage device, a users network (6′
  
  ) with network links (6) coupled to the third array, to the SAN Firewall and to the SAN Switch, the SCP being characterized by comprising;
  
  at least one SAN Agent and a Firewall Software, both being computer programs operating in mutual association, with an at least one SAN Agent operating in each one host out of the first array, and the Firewall Software operating in the SAN Firewall, the Firewall Software comprising;
  
  a binary zoning program comprising default zoning and work zoning, for zoning in response to commands derived from meta zoning instructions, comprising defaults zones and work zones wherein;
  
  a default zone operating on two ports only, the first port being a SAN Firewall port (sf) to which the SAN Firewall is coupled and the second port being either one of a host port (h) and a storage device port (d) to which one physical device is coupled, each default zone mutually isolating the physical device, to perform at least one security and booting procedure in isolation, and a work zone, comprising only physical devices verified by the verification procedure and for coupling at least one host and at least one storage device in associative operation, the default zone comprising at least one host port, one storage device port and the SAN Firewall port.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 65, 66, 68, 69, 70, 71, 72)
- - 50. The Security Computer Program according to claim 49, further characterized by:
    - in the SAN Agent;
      
      an identity key being sent in periodic repetition to the Firewall Software, and in the Firewall Software;
      
      a host authentication procedure comprised in the verification procedure for operation with a host identity key received from a SAN Agent, and a storage device identification procedure comprised in the verification procedure whereby the Firewall Software accesses each one storage device of the second array to check identity parameters comprising a World Wide Name (WWN) and an at least one Logic Unit Number (LUN).
  - 51. The Security Computer Program according to claim 50, further characterized by:
    - a security procedure comprising the host authentication procedure and the storage device identification procedure operating in default zoning, and thereafter, a work zoning procedure for zoning at least one work zone comprising at least one legitimate host and at least one legitimate storage device.
  - 52. The Security Computer Program according to claim 49, further characterized by:
    - running continuously the security procedure for presence and legitimacy verification of the physical devices actually coupled in operation with the SAN, and rezoning in real time the at least one work zone according to configuration changes associated with running the security procedure continuously.
  - 53. The Security Computer Program according to claim 49, wherein in default zoning:
    - an HBA is identified by a first WWN (World Wide Number), a storage device comprises at least one LU (Logical Unit), and identified by a second WWN and by at least one LUN (Logical Unit Number), and a list of presence operated and updated by the Firewall Software to record instant configuration of the physical devices coupled to the SAN with identifiers comprising for each host of the first array, a first WWN of an at least one HBA, and for each storage device of the second array, a second WWN and at least one LUN, and port identity coupled to physical devices at the SAN Switch, the security procedure being further characterized by comprising;
      
      in work zoning;
      
      a status map recording the instant configuration of legitimate physical devices coupled to the SAN with the identifiers, wherein each one host out of the first array is authenticated independently of the first WWN and of the at least one HBA name, and each one storage device out of the second array is identified by the second WWN and by the at least one LUN.
  - 54. The Security Computer Program according to claim 49, wherein the SA workstation is configured for managing, securing and booting the SAN, and the SCP is further characterized by comprising:
    - accepting meta-zoning instructions via the SA workstation, the meta-zoning instructions defining programming commands for automatically deriving default zoning and work zoning, and programming automatically the SAN Switch, according to the meta-zoning instructions and to the security procedure, into default zones and work zones.
  - 55. The Security Computer Program according to claim 54, characterized by further comprising:
    - dynamic control of the SAN by meta-zoning instructions entered via the SA workstation for the binary zoning of the SAN Switch.
  - 56. The Security Computer Program according to claim 54, wherein the meta-zoning instructions are further characterized by comprising:
    - instructions for zoning in a work zone at least one HBA pertaining to a legitimate host with at least one legitimate storage device.
  - 57. The Security Computer Program according to claim 54, wherein at least one legitimate host out of the first array comprises a plurality of HBAs, and the meta-zoning instructions are further characterized by comprising:
    - instructions for zoning in a work zone each one out of the plurality of HBAs comprised in a legitimate host with at least one legitimate storage device.
  - 58. The Security Computer Program according to claim 49, wherein the SAN Switch comprises a plurality of ports, each port out of the plurality of ports having a port identity, and each one physical device is coupled to at least one port out of the plurality of ports, the security procedure being further characterized by comprising:
    - verifying the legitimacy of each one of the physical devices independently of the port identity of the at least one port to which one physical device is coupled.
  - 59. The Security Computer Program according to claim 49, wherein the SAN Switch comprises a plurality of ports, for coupling each one physical device to at least one port out of the plurality of ports, the SCP being further characterized by returning immediately the at least one port from which a physical device is decoupled to a default zone.
  - 60. The Security Computer Program according to claim 49, further characterized in that a port out of the plurality of ports of the SAN Switch always resides in a default zone when being coupled to a physical device.
  - 62. The Security Computer Program according to the claims 49 or 61, further characterized by a SCP configuration adapted for operation on a Fibre Channel network.
  - 65. The SCP according to claims 49 or 61, further characterized by comprising:
    - a listing procedure for listing the physical devices coupled to the SAN Switch, a status map procedure for building and maintaining a Status Map recording the legitimate physical devices coupled to the SAN Switch, and a work zone procedure for commanding automatic zoning of legitimate physical devices recorded in the Status Map.
  - 66. The SCP according to claim 65, further characterized by comprising:
    - an update procedure for continuously updating the Status Map in accordance with a configuration of the physical devices coupled to the SAN Switch and with the meta zoning instructions.
  - 68. The SCP according to claims 49 or 61, further characterized by:
    - the Firewall Software being configured to operate on the SAN Firewall when packaged with the SAN Switch to form a single unit.
  - 69. The SCP according to claims 49 or 61, further characterized by:
    - the Firewall Software being configured to operate on the SAN Firewall and the SAN Switch when functionally integrated to form a single unit package.
  - 70. The SCP according to claims 49 or 61, further characterized by:
    - the Firewall Software being configured to operate on a host selected from the first array.
  - 71. The SCP according to claims 49 or 61, further characterized by:
    - the Firewall Software being configured to operate on a remote host coupled to the SAN Switch.
  - 72. The SCP according to claims 49 or 61, further characterized by:
    - the Firewall Software being configured to operate on a remote host coupled to the SAN Switch via a network link coupled to a global communication network.

61. A Security Computer Program operating with a SAN for booting, the SAN comprising:
- physical devices comprise a first array of hosts (1) and a second array of storage devices (4), a storage network (5′
  
  ) with network links (5), a users network (6′
  
  ) with users network links (6), and a SAN Switch (2) coupled intermediate the first array and the second array and to each physical device via network links and to the users network via a users network link, the SAN Switch routing I/O commands to the physical devices and being configured for accepting zoning commands defining zones for communication between at least one host and at least one storage device, the SCP being further characterized by comprising;
  
  operating a binary zoning program for booting comprising default zoning and work zoning permitting the creation of, respectively, at least one default zone and at least one work zone, the binary zoning program always first residing in default zoning, and in default zoning;
  
  booting the first array of hosts in mutual isolation and starting the second array of storage devices, verifying operation of the physical devices, and in the work mode;
  
  zoning only operative physical devices.
- View Dependent Claims (63, 64, 67)
- - 63. The Security Computer Program according to claim 61, further characterized by the boot procedure operating first, and at least one work zone comprising at least one operative host and at least one operative storage device being created thereafter in work zoning.
  - 64. The Security Computer Program according to claim 61, further characterized in that the booting procedure is operated continuously for presence and operation verification of the physical devices actually coupled in operation with the SAN, and the at least one work zone is rezoned in real time according to configuration changes associated with presence and operation of the physical devices actually coupled to the SAN.
  - 67. The SCP according to claims 61, further comprising:
    - a System Administration (SA) workstation coupled to the users network and to the SAN Switch, and the SCP being further characterized by comprising;
      
      entering meta-zoning instructions via the SA workstation, the meta-zoning instructions defining default zoning and work zoning, and programming automatically the SAN Switch into work zones comprising operative physical devices according to the meta-zoning instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
StoreAge Networking Technologies Ltd. (Broadcom, Inc.)
Inventors
Nahum, Nelson

Granted Patent

US 7,437,753 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06Q 30/04   Billing or invoicing

G06Q 40/12   Accounting

H04L 63/0209   Architectural arrangements,...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

Y10S 707/99953   Recoverability

Storage area network (san) security

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

72 Claims

Specification

Solutions

Use Cases

Quick Links

Storage area network (san) security

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

72 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links