Method for creating control structure for versatile content control

US 20060242064A1
Filed: 12/20/2005
Published: 10/26/2006
Est. Priority Date: 12/21/2004
Status: Active Grant

First Claim

Patent Images

1. A secure storage method for use in a storage system, comprising a non-volatile memory;

and a controller controlling access to the memory, said method comprising;

creating, by means of a system agent stored in the controller or the memory, at least one hierarchical tree comprising nodes at different levels for controlling access to data stored in the memory by corresponding entities, wherein each node of the at least one tree specifies permission(s) of a corresponding entity or entities for accessing memory data, wherein permission(s) at a node of each of the trees has a predetermined relationship to permission(s) at another node at a higher or lower level in the same tree; and

using the at least one hierarchical tree to control access to memory data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The mobile storage device may be provided with a system agent that is able to create at least one hierarchical tree comprising nodes at different levels for controlling access to data stored in the memory by corresponding entities. Each node of the tree specifies permission or permissions of a corresponding entity or entities for accessing memory data. The permission or permissions at the node of each of the trees has a predetermined relationship to permission or permissions at nodes at a higher or lower or the same level in the same tree. Thus, the mobile storage devices may be issued without any trees already created so that the purchaser of the devices has a free hand in creating hierarchical trees adapted to the applications the purchaser has in mind. Alternatively, the mobile storage devices may also be issued with the trees already created so that a purchaser does not have to go through the trouble of creating the trees. In both situations, preferably certain functionalities of the trees can become fixed after the devices are made so that they cannot be further changed or altered. This provides greater control over access to the content in the device by the content owner. Thus, in one embodiment, the system agent can preferably be disabled so that no additional trees can be created.

Citations

13 Claims

1. A secure storage method for use in a storage system, comprising a non-volatile memory;
- and a controller controlling access to the memory, said method comprising;
  
  creating, by means of a system agent stored in the controller or the memory, at least one hierarchical tree comprising nodes at different levels for controlling access to data stored in the memory by corresponding entities, wherein each node of the at least one tree specifies permission(s) of a corresponding entity or entities for accessing memory data, wherein permission(s) at a node of each of the trees has a predetermined relationship to permission(s) at another node at a higher or lower level in the same tree; and
  
  using the at least one hierarchical tree to control access to memory data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the creating creates at least two trees, and there is no cross-talk between the at least two trees created by the agent.
  - 3. The method of claim 1, wherein the first node of any tree created by the agent is the root node, said method further comprising disabling the agent, wherein the root node of any tree(s) created by the agent cannot be altered after the agent is disabled.
  - 4. The method of claim 1, further comprising disabling the agent, wherein no additional tree(s) can be created.
  - 5. The method of claim 1, wherein said permission(s) at a node of each of the trees indicate access rights to data in the memory not less than those indicated by permission(s) at a node at a lower level in the same tree.
  - 6. The method of claim 1, wherein a node in a tree has the capability to create a child node at a lower level for enabling access by an entity to data in the memory, said method further comprising creating the child node.
  - 7. The method of claim 6, wherein the permission(s) of the child node is not greater than that of the node that created the child node.
  - 8. The method of claim 1, wherein said permission(s) at a node of a tree permits a corresponding entity to create and/or delete another node in the same tree, and/or alter the permission at a node in the same tree, and/or delegate permission(s) to another node in the same tree and/or transfer association with a node to another node in the same tree, said method further comprising deleting another node, altering permission at a node, delegating permission(s) to another node and/or transfer association with a node to another node, in the same tree, in accordance with the permission(s).
  - 9. The method of claim 1, wherein said permission(s) at a node of a tree is for access to a key for encrypting and/or decrypting data in the memory.
  - 10. The method of claim 1, wherein said permission(s) at a node of a tree is for access to one or more partitions of the memory, said method further comprising accessing the one or more partitions of the memory, in accordance with the permission(s).
  - 11. The method of claim 1, wherein the permission(s) at a node permits key(s) for data encryption and/or decryption to be created on behalf of a corresponding entity, said method further comprising creating said key(s), in accordance with the permission(s).
  - 12. The method of claim 11, wherein the permission(s) at a node permits the corresponding entity to delegate ownership of key(s) created on its behalf and/or permission(s) of access to key(s), said key(s) used in encrypting and/or decrypting data stored in the memory, said method further comprising delegating ownership of key(s) created on its behalf and/or permission(s) of access to key(s), in accordance with the permission(s).
  - 13. The method of claim 11, wherein the permission(s) at a node permits a corresponding entity for whom key(s) have been created to delete such key(s) , said method further comprising deleting such key(s), in accordance with the permission(s).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Holtzman, Michael, Jogand-Coulomb, Fabrice, Barzilai, Ron, Qawami, Bahman

Granted Patent

US 8,051,052 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2145   Inheriting rights or proper...

Method for creating control structure for versatile content control

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for creating control structure for versatile content control

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links