Methods and systems for promoting security in a computer system employing attached storage devices

US 20050268114A1
Filed: 07/11/2005
Published: 12/01/2005
Est. Priority Date: 07/25/2001
Status: Active Grant

First Claim

Patent Images

1. A data storage device comprising:

a data storage medium;

a secure area defined on the data storage medium, the secure area containing at least one record for determining access to associated data and the associated data; and

a controller within the data storage device adapted to control access to the associated data based on the at least one record.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present methods and systems use specially isolated techniques for promoting security in a computer system. In one embodiment of these methods and systems, a simple file system is concealed in the storage of the computer system and is managed with a processor and simple non-writeable code operating on the storage device. Strong cryptographic design permits the present computer security methods and systems to secure data on the storage device. In one method embodiment, a computer system is provided with an operating system in operative association with at least one storage device, wherein the storage device includes firmware and a processor for processing data and instructions stored on the storage device. The method includes creating at least one security partition in, and restricting access to, at least a portion of the storage device by the operating system. The method also includes creating at least one security partition in the storage device. The method also includes providing at least one authority record and data associated with the authority record in the storage device. System and computer-readable medium embodiments structured in accordance with the method embodiments discussed herein are also provided.

78 Citations

View as Search Results

29 Claims

1. A data storage device comprising:
- a data storage medium;
  
  a secure area defined on the data storage medium, the secure area containing at least one record for determining access to associated data and the associated data; and
  
  a controller within the data storage device adapted to control access to the associated data based on the at least one record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The data storage device of claim 1 wherein the controller is adapted to secure the entire data storage medium.
  - 3. The data storage device of claim 1 wherein the controller prohibits access to the associated data by a file system of an attached computer system.
  - 4. The data storage device of claim 1 wherein the at least one record comprises:
    - a security partition name identifying the secure area;
      
      a passcode for accessing the secure area; and
      
      access rights defining permissions for accessing the associated data based on the passcode.
  - 5. The data storage device of claim 1 wherein the associated data comprises:
    - public keys for secure partitions of other data storage devices.
  - 6. The data storage device of claim 1 wherein the controller comprises:
    - firmware comprising computer readable instructions stored in a memory of the data storage device for managing the at least one record; and
      
      a processor adapted to perform the computer readable instructions.
  - 7. The data storage device of claim 6 further comprising:
    - an encryption key stored within the secure area; and
      
      encryption operations embedded in the firmware and adapted to encrypt the associated data using the encryption key.
  - 8. The data storage device of claim 1 wherein the at least one record comprises:
    - a master record for determining access to other records within the secure area, the master record comprising a master passcode, associated master data, and access permissions to the associated master data.
  - 9. The data storage device of claim 8 wherein the master record governs creation and deletion of the other records within the secure area.
  - 10. The data storage device of claim 8 wherein the master record translates to a group authority within an operating system of an attached computer system.
  - 11. The data storage device of claim 8 wherein the associated master data comprises other records of the at least one record for determining access to associated data within the secure area of the data storage device.
  - 12. The data storage device of claim 1 wherein the controller allows only write access to the secure area for concealing information, the controller adapted to prohibit read access to the information, the secure area for concealing a secret.
  - 13. The data storage device of claim 12 wherein the secret comprises an encryption key.
  - 14. The data storage device of claim 13 wherein the controller is adapted to perform cryptographic operations within the data storage device using the key

15. based on established procedure calls within the data storage device and security features built into one or more user applications.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15 wherein the at least one record comprises:
    - a security partition name identifying the secure partition;
      
      a passcode for accessing the secure partition; and
      
      access rights defining permissions for accessing the associated data based on the passcode.
  - 17. The method of claim 15 wherein before the step of storing, the method further comprises:
    - partitioning the data storage medium to form the secure area.
  - 18. The method of claim 17 wherein the step of partitioning occurs on a low-level formatting portion of the data storage medium.
  - 19. The method of claim 158 wherein the step of controlling further comprises:
    - controlling access to any data stored within the secure area.
  - 20. The method of claim 15 wherein the step of restricting comprises:
    - hiding with the controller selected fields of the at least one records so that the selected fields are inaccessible to processes external to the data storage device.
  - 21. The method of claim 15 wherein the record comprises a public-private key pair and a symmetric key, the method further comprising:
    - encrypting data associated with the secure partition using the symmetric key;
      
      encrypting the symmetric key with a public key of the public-private key pair; and
      
      hiding a private key of the public-private key pair in a hidden field of a selected record of the at least one record, the private key for decoding the symmetric key.

15-1. A method for securing data in a data storage device comprising:
- storing one or more records for determining access to associated data and the associated data in one or more secure partitions formed on a data storage medium of the data storage device; and
  
  controlling with a controller in the data storage device access to the associated data by an operating system of an attached computer system based upon the at least one record.

22. A data storage device comprising:
- a data storage medium;
  
  a secure area defined on the data storage medium, the secure area containing at least one record for determining access to associated data and the associated data; and
  
  a controller within the data storage device adapted to control access to any data stored within the secure area based on the at least one record.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The data storage device of claim 22 wherein the at least one record comprises:
    - a security partition name identifying the secure area;
      
      a passcode for accessing the secure area; and
      
      access rights defining permissions for accessing the associated data based on the passcode.
  - 24. The data storage device of claim 22 wherein the controller comprises:
    - firmware comprising computer readable instructions stored in a memory of the data storage device for managing the at least one record; and
      
      a processor adapted to perform the computer readable instructions.
  - 25. The data storage device of claim 24 further comprising:
    - an encryption key stored within the secure area; and
      
      encryption operations embedded in the firmware and adapted to encrypt the associated datausing the encryption key.
  - 26. The data storage device of claim 22 wherein the at least one record comprises:
    - a master record for determining access to other records within the secure area, the master record comprising a master passcode, associated master data, and access permissions to the associated master data.
  - 27. The data storage device of claim 26 wherein the master record translates to a domain authority within an operating system of an attached computer system for use within a network domain.
  - 28. The data storage device of claim 26 wherein the associated master data comprises other records of the at least one record for determining access to associated data within the secure area of the data storage device.
  - 29. The data storage device of claim 22 wherein the at least one authority record comprises:
    - a plurality of fields containing information for determining access to the associated data, wherein one or more of the plurality of fields are hidden from any process external to the data storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureWave Storage Solutions Inc. (Quarterhill Inc. (f/k/a Wi-LAN Inc.))
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Thibadeau, Robert H.

Granted Patent

US 7,426,747 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 2003/0697   device management, e.g. han...

G06F 21/805   using a security table for ...

G06F 3/0601   Interfaces specially adapte...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0644   Management of space entitie...

G06F 3/0674   Disk device

Methods and systems for promoting security in a computer system employing attached storage devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for promoting security in a computer system employing attached storage devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links