Method, Apparatus, and Product for Prohibiting Unauthorized Access of Data Stored on Storage Drives
0 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and computer program product are disclosed in a data processing system for prohibiting unauthorized access of data that is stored on storage drives. Multiple logical partitions are generated. A different unique randomizer seed is associated with each one of the logical partitions. In response to one of the logical partitions needing to access a storage drive, the logical partition transmits a seed to the storage drive. The transmitted seed is associated with the one of the logical partitions. A transmitting one of the logical partitions is unable to transmit a seed that is other than a seed that is associated with the transmitting one of the logical partitions. The storage drive utilizes the transmitted seed to randomize and de-randomize data for the one of the logical partitions. Data randomized for one of the logical partitions cannot be de-randomized for a different one of the logical partitions.
23 Citations
23 Claims
-
1-7. -7. (canceled)
-
8. A data processing system, which includes a host coupled to a disk drive, for prohibiting unauthorized access of data that is stored on said disk drive, wherein said disk drive communicates with said host using a disk drive controller that is included in the disk drive, and wherein said disk drive controller forwards read requests and write requests to a read/write channel that is included in the disk drive, and further wherein said read/write channel includes a randomizer and a de-randomizer;
- said data processing system comprising;
first generating means for generating a plurality of logical partitions in said host; second associating means for associating a different unique randomizer seed with each one of said plurality of logical partitions; third keeping means for keeping said seed in a trusted platform module that is included in said host, wherein said trusted platform module does not exist within any of said plurality of logical partitions, and wherein said seed is not stored within said disk drive; fourth controlling means for controlling, by said trusted platform module, access to said different unique randomizer seed associated with each one of said plurality of logical partitions, wherein only one of said plurality of logical partitions associated with an associated seed can access said associated seed; fifth utilizing means for utilizing a first seed that is associated with a first one of said logical partitions to limit access to first data, which was stored by said first one of said plurality of logical partitions in the disk drive, to only said first one of said plurality of logical partitions, wherein other ones of said plurality of logical partitions that are not associated with said first seed are unable to access said first data; sixth sending means for sending, by an application in said first one of said plurality of logical partitions to a first operating system that is being executed by said first one of said plurality of logical partitions, a data access command to access data in said disk drive; seventh retrieving means for retrieving, by said first operating system, said first seed; eighth sending means for sending, by the host to said disk drive in a read request, a particular read seed to be used by said de-randomizer to attempt to de-randomize data, which is stored on said disk drive; and ninth sending means for sending, by the host to said disk drive in a write request, a particular write seed to be used by said randomizer to randomize data, wherein said particular write seed is provided to said randomizer by said disk drive controller. - View Dependent Claims (10, 11, 12, 13, 14)
- said data processing system comprising;
-
9. (canceled)
-
15. A computer program product in a computer recordable-type medium for prohibiting unauthorized access of data that is stored on a disk drive that is included in a computer system, wherein said disk drive communicates with a host coupled to a disk drive using a disk drive controller that is included in the disk drive, and wherein said disk drive controller forwards read requests and write requests to a read/write channel that is included in the disk drive, and further wherein said read/write channel includes a randomizer and a de-randomizer, said computer program product comprising:
-
first instructions for generating a plurality of logical partitions in said host; second instructions for associating a different unique randomizer seed with each one of said plurality of logical partitions; third instructions for keeping said seed in a trusted platform module that is included in said host, wherein said trusted platform module does not exist within any of said plurality of logical partitions, and wherein said seed is not stored within said disk drive; fourth instructions for controlling, by said trusted platform module, access to said different unique randomizer seed associated with each one of said plurality of logical partitions, wherein only one of said plurality of logical partitions associated with an associated seed can access said associated seed; fifth instructions for utilizing a first seed that is associated with a first one of said logical partitions to limit access to first data, which was stored by said first one of said plurality of logical partitions in the disk drive, to only said first one of said plurality of logical partitions, wherein other ones of said plurality of logical partitions that are not associated with said first seed are unable to access said first data; sixth instructions for sending, by an application in said first one of said plurality of logical partitions to a first operating system that is being executed by said first one of said plurality of logical partitions, a data access command to access data in said disk drive; seventh instructions for retrieving, by said first operating system, said first seed; eighth instructions for sending, by the host to said disk drive in a read request, a particular read seed to be used by said de-randomizer to attempt to de-randomize data, which is stored on said disk drive; and ninth instructions for sending, by the host to said disk drive in a write request, a particular write seed to be used by said randomizer to randomize data, wherein said particular write seed is provided to said randomizer by said disk drive controller. - View Dependent Claims (17, 18, 19, 20)
-
-
16. (canceled)
-
21. (canceled)
-
22. A data processing system, which includes a host coupled to a disk drive, for prohibiting unauthorized access of data that is stored on said disk drive, wherein said disk drive communicates with said host using a disk drive controller that is included in the disk drive, and wherein said disk drive controller forwards read requests and write requests to a read/write channel that is included in the disk drive, and further wherein said read/write channel includes a randomizer and a de-randomizer, the data processing system comprising:
-
first means for generating a plurality of logical partitions in said host; second means for associating a different unique randomizer seed with each one of said plurality of logical partitions; third means for keeping said seed in a trusted platform module that is included in said host, wherein said trusted platform module does not exist within any of said plurality of logical partitions, and wherein said seed is not stored within said disk drive; fourth means for controlling, by said trusted platform module, access to said different unique randomizer seed associated with each one of said plurality of logical partitions, wherein only one of said plurality of logical partitions associated with an associated seed can access said associated seed; fifth means for utilizing a first seed that is associated with a first one of said logical partitions to limit access to first data, which was stored by said first one of said plurality of logical partitions in the disk drive, to only said first one of said plurality of logical partitions, wherein other ones of said plurality of logical partitions that are not associated with said first seed are unable to access said first data; sixth means for sending, by an application in said first one of said plurality of logical partitions to a first operating system that is being executed by said first one of said plurality of logical partitions, a data access command to access data in said disk drive; seventh means for retrieving, by said first operating system, said first seed; eighth means for using said de-randomizer to attempt to de-randomize data, which is stored on said disk drive, using a particular read seed that is provided to said de-randomizer in a read request; and ninth means for using said randomizer data, which is provided to said randomizer by said disk drive controller, using a particular write seed that is provided to said randomizer in a write request.
-
-
23. A computer program product in a computer recordable-type medium in a host coupled to a disk drive, for prohibiting unauthorized access of data that is stored on said disk drive, wherein said disk drive communicates with said host using a disk drive controller that is included in the disk drive, and wherein said disk drive controller forwards read requests and write requests to a read/write channel includes a randomizer and a de-randomizer, the computer program product comprising:
-
first instructions for generating a plurality of logical partitions in said host; second instructions for associating a different unique randomizer seed with each one of said plurality of logical partitions; third instructions for keeping said seed in a trusted platform module that is included said host, wherein said trusted platform module does not exist within any of said plurality of logical partitions, and wherein said seed is not stored within said disk drive; fourth instructions for controlling, by said trusted platform module, access to said different unique randomizer seed associated with each one of said plurality of logical partitions, wherein only one of said plurality of logical partitions associated with an associated seed can access said associated seed; fifth instructions for utilizing a first seed that is associated with a first one of said logical partitions to limit access to first data, which was stored by said first one of said plurality of logical partitions in the disk drive, to only said first one of said plurality of logical partitions, wherein other ones of said plurality of logical partitions that are not associated with said first seed are unable to access said first data; sixth instructions for sending, by an application in said first one of said plurality of logical partitions to a first operating system that is being executed by said first one of said plurality of logical partitions, a data access command to access data in said disk drive; seventh instructions for retrieving, by said first operating system, said first seed;
-
Specification