Method, apparatus, and product for prohibiting unauthorized access of data stored on storage drives

US 20060294331A1
Filed: 06/23/2005
Published: 12/28/2006
Est. Priority Date: 06/23/2005
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method in a computer system for prohibiting unauthorized access of data that is stored on a storage drive that is included in said computer system, said method comprising:

generating a plurality of logical partitions in said system;

associating a different unique randomizer seed with each one of said plurality logical partitions, said seed being kept outside of said storage drive and not stored within said storage drive; and

utilizing a seed that is associated with one of said logical partitions to limit access to data, which was stored by said one of said plurality of logical partitions, to said one of said plurality of logical partitions, other ones of said plurality of logical partitions being unable to access said data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and computer program product are disclosed in a data processing system for prohibiting unauthorized access of data that is stored on storage drives. Multiple logical partitions are generated. A different unique randomizer seed is associated with each one of the logical partitions. In response to one of the logical partitions needing to access a storage drive, the logical partition transmits a seed to the storage drive. The transmitted seed is associated with the one of the logical partitions. A transmitting one of the logical partitions is unable to transmit a seed that is other than a seed that is associated with the transmitting one of the logical partitions. The storage drive utilizes the transmitted seed to randomize and de-randomize data for the one of the logical partitions. Data randomized for one of the logical partitions cannot be de-randomized for a different one of the logical partitions.

47 Citations

View as Search Results

20 Claims

1. A computer implemented method in a computer system for prohibiting unauthorized access of data that is stored on a storage drive that is included in said computer system, said method comprising:
- generating a plurality of logical partitions in said system;
  
  associating a different unique randomizer seed with each one of said plurality logical partitions, said seed being kept outside of said storage drive and not stored within said storage drive; and
  
  utilizing a seed that is associated with one of said logical partitions to limit access to data, which was stored by said one of said plurality of logical partitions, to said one of said plurality of logical partitions, other ones of said plurality of logical partitions being unable to access said data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising:
    - said storage drive being removable from said computer system; and
      
      utilizing said seed to prevent said data from being accessed after said storage drive is removed from said computer system.
  - 3. The method according to claim 1, further comprising:
    - transmitting, by said one of said logical partitions, data to be stored in said storage drive;
      
      transmitting, by said one of said logical partitions, said seed that is associated with said one of said plurality of logical partitions to said storage drive;
      
      randomizing, by said storage drive, said transmitted data utilizing said seed; and
      
      storing, by said storage drive, said randomized data in said storage drive.
  - 4. The method according to claim 3, further comprising:
    - transmitting, by a second one of said logical partitions, second data to be stored in said storage drive;
      
      transmitting, by said second one of said logical partitions, a second seed that is associated with said second one of said plurality of logical partitions to said storage drive;
      
      randomizing, by said storage drive, said transmitted second data utilizing said second seed; and
      
      storing, by said storage drive, said randomized second data in said storage drive.
  - 5. The method according to claim 3, further comprising:
    - transmitting a request, by said one of said plurality of logical partitions, to read said randomized data that is stored in said storage drive;
      
      transmitting, by said one of said plurality of logical partitions, said seed that is associated with said one of said plurality of logical partitions;
      
      de-randomizing, by said storage drive, said randomized data utilizing said seed; and
      
      transmitting, by said storage drive, said de-randomized data to said one of said plurality of logical partitions.
  - 6. The method according to claim 3, further comprising:
    - transmitting a request, by a third one of said plurality of logical partitions, to read said randomized data that is stored in said storage drive;
      
      transmitting, by said third one of said plurality of logical partitions, a seed that is associated with said third one of said plurality of logical partitions;
      
      attempting, by said storage drive, to de-randomize said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions;
      
      in response to de-randomizing said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions, transmitting, by said storage drive, said de-randomized data to said third one of said plurality of logical partitions, said third one of said plurality of logical partitions being said one of said plurality of logical partitions; and
      
      in response to being unable to de-randomize said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions, transmitting, by said storage drive, an error message to said third one of said plurality of logical partitions, said third one of said plurality of logical partitions being a logical partition that is not said one of said plurality of logical partitions.
  - 7. The method according to claim 1, further comprising:
    - in response to one of said plurality of logical partitions needing to access a storage drive, transmitting, by said one of said plurality of logical partitions, a seed to said storage drive, said transmitted seed being associated with said one of said plurality of logical partitions;
      
      a transmitting one of said plurality of logical partitions being unable to transmit a seed that is other than a seed that is associated with said transmitting one of said plurality of logical partitions; and
      
      utilizing, by storage drive, said transmitted seed to randomize and de-randomize data for said one of said plurality of logical partitions, data randomized for one of said plurality of logical partitions cannot be de-randomized for a different one of said plurality of logical partitions.

8. An apparatus in a computer system for prohibiting unauthorized access of data that is stored on a storage drive that is included in said computer system, said apparatus comprising:
- a plurality of logical partitions in said system;
  
  a different unique randomizer seed associated with each one of said plurality logical partitions, said seed being kept outside of said storage drive and not stored within said storage drive; and
  
  said a seed that is associated with one of said logical partitions utilized to limit access to data, which was stored by said one of said plurality of logical partitions, to said one of said plurality of logical partitions, other ones of said plurality of logical partitions being unable to access said data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus according to claim 8, further comprising:
    - said storage drive being removable from said computer system; and
      
      said seed preventing said data from being accessed after said storage drive is removed from said computer system.
  - 10. The apparatus according to claim 8, further comprising:
    - said one of said logical partitions transmitting data to be stored in said storage drive;
      
      said one of said logical partitions transmitting said seed that is associated with said one of said plurality of logical partitions to said storage drive;
      
      said storage drive randomizing said transmitted data utilizing said seed; and
      
      said storage drive storing said randomized data in said storage drive.
  - 11. The apparatus according to claim 10, further comprising:
    - a second one of said logical partitions transmitting second data to be stored in said storage drive;
      
      said second one of said logical partitions transmitting a second seed that is associated with said second one of said plurality of logical partitions to said storage drive;
      
      said storage drive randomizing said transmitted second data utilizing said second seed; and
      
      said storage drive storing said randomized second data in said storage drive.
  - 12. The apparatus according to claim 10, further comprising:
    - said one of said plurality of logical partitions transmitting a request to read said randomized data that is stored in said storage drive;
      
      said one of said plurality of logical partitions transmitting said seed that is associated with said one of said plurality of logical partitions;
      
      said storage drive de-randomizing said randomized data utilizing said seed; and
      
      said storage drive transmitting said de-randomized data to said one of said plurality of logical partitions.
  - 13. The apparatus according to claim 10, further comprising:
    - a third one of said plurality of logical partitions transmitting a request to read said randomized data that is stored in said storage drive;
      
      said third one of said plurality of logical partitions transmitting a seed that is associated with said third one of said plurality of logical partitions;
      
      said storage drive attempting to de-randomize said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions;
      
      in response to de-randomizing said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions, said storage drive transmitting said de-randomized data to said third one of said plurality of logical partitions, said third one of said plurality of logical partitions being said one of said plurality of logical partitions; and
      
      in response to being unable to de-randomize said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions, said storage drive transmitting an error message to said third one of said plurality of logical partitions, said third one of said plurality of logical partitions being a logical partition that is not said one of said plurality of logical partitions.
  - 14. The apparatus according to claim 8, further comprising:
    - in response to one of said plurality of logical partitions needing to access a storage drive, said one of said plurality of logical partitions transmitting a seed to said storage drive, said transmitted seed being associated with said one of said plurality of logical partitions;
      
      a transmitting one of said plurality of logical partitions being unable to transmit a seed that is other than a seed that is associated with said transmitting one of said plurality of logical partitions; and
      
      storage drive utilizing said transmitted seed to randomize and de-randomize data for said one of said plurality of logical partitions, data randomized for one of said plurality of logical partitions cannot be de-randomized for a different one of said plurality of logical partitions.

15. A computer program product comprising:
- a computer usable medium including computer usable program code for prohibiting unauthorized access of data that is stored on a storage drive that is included in said computer system including;
  
  computer usable program code for generating a plurality of logical partitions in said system;
  
  computer usable program code for associating a different unique randomizer seed with each one of said plurality logical partitions, said seed being kept outside of said storage drive and not stored within said storage drive; and
  
  computer usable program code for utilizing a seed that is associated with one of said logical partitions to limit access to data, which was stored by said one of said plurality of logical partitions, to said one of said plurality of logical partitions, other ones of said plurality of logical partitions being unable to access said data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The product according to claim 15, further comprising:
    - said storage drive being removable from said computer system; and
      
      computer usable program code for utilizing said seed to prevent said data from being accessed after said storage drive is removed from said computer system.
  - 17. The product according to claim 15, further comprising:
    - computer usable program code for transmitting, by said one of said logical partitions, data to be stored in said storage drive;
      
      computer usable program code for transmitting, by said one of said logical partitions, said seed that is associated with said one of said plurality of logical partitions to said storage drive;
      
      computer usable program code for randomizing, by said storage drive, said transmitted data utilizing said seed; and
      
      computer usable program code for storing, by said storage drive, said randomized data in said storage drive.
  - 18. The product according to claim 17, further comprising:
    - computer usable program code for transmitting a request, by said one of said plurality of logical partitions, to read said randomized data that is stored in said storage drive;
      
      computer usable program code for transmitting, by said one of said plurality of logical partitions, said seed that is associated with said one of said plurality of logical partitions;
      
      computer usable program code for de-randomizing, by said storage drive, said randomized data utilizing said seed; and
      
      computer usable program code for transmitting, by said storage drive, said de-randomized data to said one of said plurality of logical partitions.
  - 19. The product according to claim 17, further comprising:
    - computer usable program code for transmitting, by a second one of said logical partitions, second data to be stored in said storage drive;
      
      computer usable program code for transmitting, by said second one of said logical partitions, a second seed that is associated with said second one of said plurality of logical partitions to said storage drive;
      
      computer usable program code for randomizing, by said storage drive, said transmitted second data utilizing said second seed; and
      
      computer usable program code for storing, by said storage drive, said randomized second data in said storage drive.
  - 20. The product according to claim 15, further comprising:
    - computer usable program code for transmitting a request, by a third one of said plurality of logical partitions, to read said randomized data that is stored in said storage drive;
      
      computer usable program code for transmitting, by said third one of said plurality of logical partitions, a seed that is associated with said third one of said plurality of logical partitions;
      
      computer usable program code for attempting, by said storage drive, to de-randomize said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions;
      
      in response to de-randomizing said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions, computer usable program code for transmitting, by said storage drive, said de-randomized data to said third one of said plurality of logical partitions, said third one of said plurality of logical partitions being said one of said plurality of logical partitions; and
      
      in response to being unable to de-randomize said randomized data utilizing said seed that is associated with said third one of said plurality of logical partitions, computer usable program code for transmitting, by said storage drive, an error message to said third one of said plurality of logical partitions, said third one of said plurality of logical partitions being a logical partition that is not said one of said plurality of logical partitions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Moore, Jason Eric, Forrer, Thomas Richard Jr., Zuzuarregui, Abel Enrique

Granted Patent

US 7,478,220 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/1466 Key-lock mechanism

Method, apparatus, and product for prohibiting unauthorized access of data stored on storage drives

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method, apparatus, and product for prohibiting unauthorized access of data stored on storage drives

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others