System and method for delivering versatile security, digital rights management, and privacy services from storage controllers

US 20050066191A1
Filed: 10/12/2004
Published: 03/24/2005
Est. Priority Date: 07/25/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing enhanced security features in a storage device, the method comprising:

partitioning a storage media in the storage device into a hidden partition and a storage partition in the storage media;

writing a base class to the hidden partition; and

instantiating a security provider base class from the base class, the security provider base class adapted to control access to the storage media.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing enhanced security features in a storage device involves partitioning a storage media in the storage device into a hidden partition and a storage partition in the storage media. A base class is written to the hidden partition. A security provider base class is instantiated from the base class. The security provider base class is adapted to control access to the storage media.

79 Citations

View as Search Results

35 Claims

1. A method for providing enhanced security features in a storage device, the method comprising:
- partitioning a storage media in the storage device into a hidden partition and a storage partition in the storage media;
  
  writing a base class to the hidden partition; and
  
  instantiating a security provider base class from the base class, the security provider base class adapted to control access to the storage media.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the step of instantiating comprises:
    - instantiating a SP administration object and a SP controller object from the security provider base class;
      
      logging into the SP administration object; and
      
      initializing the SP controller object using the SP administration object.
  - 3. The method of claim 2 wherein the SP controller object is initialized with access controls.
  - 4. The method of claim 2 wherein the step of initializing comprises:
    - creating an access control record identifying an user authorized to access the SP controller object and access permissions associated with the authorized user.
  - 5. The method of claim 1 wherein before the step of partitioning, the method further comprising:
    - assembling the storage device;
      
      writing firmware to a controller; and
      
      powering up the drive.
  - 6. The method of claim 1 wherein the security provider object is a Microsoft CSP security provider or a RSA PKCS#11 security provider.
  - 7. The method of claim 1 wherein more than one security provider base class is initialized and wherein each security provider base class is associated with specific storage location on the storage media, the step of initializing further comprising:
    - creating an access control record identifying a user authorized to access an SP controller object; and
      
      creating access permissions within the access control record associated with the specific storage location on the storage media, the access permissions adapted to control access to the specific storage location.
  - 8. The method of claim 1 wherein the storage device is a disc drive.

9. A method for promoting security in a storage device, the storage device having a processor and firmware adapted to access data stored on a storage media, the method comprising:
- writing trusted drive firmware to a controller of the storage device;
  
  partitioning the storage media of the storage device into a hidden portion and a data portion;
  
  writing a security provider object template to the hidden partition; and
  
  instantiating security providers using the security provider object template, each security provider adapted to control access to the storage device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 and further comprising:
    - prohibiting access by a host operating system to the storage device except through authenticated access to the trusted drive firmware of the controller.
  - 11. The method of claim 9 and further comprising:
    - instantiating an administration security provider object and a security provider controller object from the security provider object template.
  - 12. The method of claim 11 wherein the step of initializing comprises:
    - logging in to the administration security provider object; and
      
      initializing the security provider controller object with access controls using the administration security provider object.
  - 13. The method of claim 11 wherein the administration security provider object has one or more authority records stored in the hidden partition, each authority record having an associated data set, the method further comprising:
    - controlling access to the storage media according to the one or more authority records.
  - 14. The method of claim 13 wherein each object stored on the storage media is associated with a security provider, and wherein the step of controlling further comprises:
    - controlling access permissions to objects stored on the storage media according to the associated security provider.
  - 15. The method of claim 9 wherein, upon receiving an access request for access to data stored on the storage device, the method further comprising:
    - querying a requesting device for trust information;
      
      determining whether the remote device can be trusted using the trusted drive feature and an instantiation of the security provider object template; and
      
      if the remote device can be trusted, permitting storage controller access to a specific storage location.

16. A storage device for providing hardened security features having a storage media partitioned into a hidden portion and a data portion and having a storage controller adapted to control access to the storage media, the storage device comprising:
- a trusted drive feature stored in a firmware of the storage controller, the trusted drive feature adapted to authenticate access requests to determine whether each access request can be trusted; and
  
  a SP base object stored in the hidden portion and adapted to cooperate with the trusted drive feature to control access rights to data on the storage media.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The storage device of claim 16, and further comprising:
    - one or more instantiated security providers stored in the hidden portion of the storage media, each instantiated security provider associated with a particular area on the storage media.
  - 18. The storage device of claim 17 wherein the SP base is invoked to create a SP administration object and a SP controller object, the SP administration object is adapted to configure associated security provider objects, the SP controller object is adapted to control access to a particular area on the storage media.
  - 19. The storage device of claim 16 and further comprising:
    - a trusted drive authorizing public key store adapted to cryptographically verify a request for a new security provider instantiation.
  - 20. The storage device of claim 16 and further comprising:
    - a key and passcode revocation store adapted to check keys, passcodes, or other authenticators for revocation.
  - 21. The storage device of claim 16 and further comprising:
    - a registry security provider adapted to provide a standard security provider handle through which any number of physical copies of a security provider can be located and managed.
  - 22. The storage device of claim 16 and further comprising:
    - a hardened log SP adapted to track and log the activity of other security providers based on successes and failures to gain access to data controlled by the other security provider.
  - 23. The storage device of claim 16 and further comprising:
    - a clock time security provider adapted to provide a hardened clock source to other devices and/or to other security providers.
  - 24. The storage device of claim 16 and further comprising:
    - a diagnostics security provider adapted to harden access to storage controller diagnostics.
  - 25. The storage device of claim 16 and further comprising:
    - a test security provider adapted to harden access control to storage controller testing.
  - 26. The storage device of claim 16 and further comprising:
    - an external code security provider adapted to harden access control to software running on the security provider.

27. A storage device comprising:
- a storage media comprising a plurality of partitions, one or more of the partitions being hidden from a host operating system;
  
  a controller coupled to the storage media and to controller firmware, the controller adapted to read and to write data to and from the storage media;
  
  a trusted drive feature stored in the controller firmware; and
  
  one or more security provider objects stored in the one or more hidden partitions, each security provider object cooperating with the trusted drive feature to restrict unauthorized access to data stored on the storage media.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The storage device of claim 27 wherein the trusted drive feature authenticates data access requests to determine whether each access request is received from a trusted entity according to access rights stored in the one or more hidden partitions.
  - 29. The storage device of claim 27 wherein each security provider object is stored in a hidden partition related to the security provider object.
  - 30. The storage device of claim 27 wherein the security provider object comprises:
    - a base security provider class.
  - 31. The storage device of claim 30 wherein the base security provider class comprises:
    - an security provider administration object constructor for instantiating an administration object to configure associated security provider objects; and
      
      a security provider controller object constructor for instantiating a controller object to cooperate with the trusted drive feature to control access to a particular area on the storage media.

32. An enhanced security feature for use in a storage device having a storage media and a controller, the enhanced security feature comprising:
- a trusted drive feature stored in firmware of the controller of the storage device, and a security provider stored in a hidden partition defined on the storage media, the security provider cooperating with the trusted drive feature to control access to data stored on the storage media.
- View Dependent Claims (33, 34, 35)
- - 33. The enhanced security feature of claim 32 wherein the trusted drive feature authenticates access requests to determine whether each access request can be trusted.
  - 34. The enhanced security feature of claim 32 wherein the security provider comprises:
    - a security provider administration object for administering security provider settings; and
      
      a security provider controller object for managing access controls associated with portions of the storage media.
  - 35. The enhanced security feature of claim 32 wherein the security provider comprises a software algorithm implementing a standard security protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Thibadeau, Robert Harwell

Application Number

US10/963,373
Publication Number

US 20050066191A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 2003/0697   device management, e.g. han...

G06F 21/805   using a security table for ...

G06F 3/0601   Interfaces specially adapte...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0644   Management of space entitie...

G06F 3/0674   Disk device

System and method for delivering versatile security, digital rights management, and privacy services from storage controllers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

35 Claims

Specification

Use Cases

Quick Links

Others

System and method for delivering versatile security, digital rights management, and privacy services from storage controllers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

35 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others