System, Method and Computer Program Product for Secure Access Control to a Storage Device
First Claim
Patent Images
1. A method for accessing a storage device, the method comprises:
- receiving, by storage device, a block based storage access command and cryptographically secured access control information;
wherein the block based storage access command and the cryptographically secured access control information are associated with at least one fixed size block of data and with a client;
processing at least a portion of the cryptographically secured access control information by using a secret key accessible to the storage device and to a security entity; and
selectively executing the block based storage access command in response to a result of the processing.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for accessing a storage device, the method includes: receiving, by storage device, a block based storage access command and cryptographically secured access control information; wherein the block based storage access command and the cryptographically secured access control information are associated with at least one fixed size block of data and with a client; processing at least a portion of the cryptographically secured access control information by using a secret key accessible to the storage device and to a security entity; and selectively executing the block based storage access command in response to a result of the processing.
-
Citations
35 Claims
-
1. A method for accessing a storage device, the method comprises:
-
receiving, by storage device, a block based storage access command and cryptographically secured access control information;
wherein the block based storage access command and the cryptographically secured access control information are associated with at least one fixed size block of data and with a client;processing at least a portion of the cryptographically secured access control information by using a secret key accessible to the storage device and to a security entity; and selectively executing the block based storage access command in response to a result of the processing. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for accessing a storage device, the method comprises:
-
sending to a security entity, a request to receive access control information associated with at least one fixed size logical block and with a client; receiving the access control information and capability key;
generating a cryptographically secured access information based on the received access control information and capability key; andproviding a block based storage access command associated with the cryptographically secured access control information. - View Dependent Claims (8, 9, 10)
-
-
11. A computer program product comprising a computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
receive a block based storage access command and cryptographically secured access control information;
wherein the block based storage access command and the cryptographically secured access control information are associated with at least one fixed size logical block and with a client;process at least a portion of the cryptographically secured access control information by using a secret key accessible to the storage device and to a security entity; and selectively execute the block based storage access command in response to a result of the processing. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer program product comprising a computer usable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
send to a security entity, a request to receive access control information associated with at least one fixed size block of data and with a client; receive the access control information and a capability key; generate a cryptographically secured access information based on the access control information and the capability key; and provide a block based storage access command associated with the cryptographically secured access control information. - View Dependent Claims (18, 19, 20)
-
-
21. A system having data access capabilities, the system comprises:
a storage device that comprises a storage medium and a storage device interface that is adapted to receive, a block based storage access command and cryptographically secured access control information;
wherein the block based storage access command and the cryptographically secured access control information are associated with at least one fixed size logical block and with a client;
wherein the storage device is adapted to process at least a portion of the cryptographically secured access control information by using a secret key accessible to the storage device and to a security entity and to selectively execute the block based storage access command in response to a result of the processing.- View Dependent Claims (22, 23, 24, 25, 26)
-
27. A system comprising a host computer and an interface;
- wherein the interface is adapted to receive access control information;
wherein the host computer is adapted to host at least a portion of a client that is adapted to send to a security entity, a request to receive the access control information associated with at least one fixed size block of data and with a client, and a capability key;
generate a cryptographically secured access information in response to the access control information and the capability key; and
provide a block based storage access command associated with the cryptographically secured access control information. - View Dependent Claims (28, 29, 30)
- wherein the interface is adapted to receive access control information;
-
31. A method for accessing a storage device, the method comprising:
-
sending to a security entity, a request to receive access control information associated with at least one fixed size block of data and with a client; providing the access control information and a capability key; generating a cryptographically secured access information based on the access control information and the capability key; sending a block based storage access command associated with the cryptographically secured access control information to a storage device; receiving, by the storage device, the block based storage access command and the cryptographically secured access control information; processing at least a portion of the cryptographically secured access control information by using a secret key accessible to the storage device and to a security entity; and selectively executing the block based storage access command in response to a result of the processing. - View Dependent Claims (32, 33, 34, 35)
-
Specification