Data processing security system for automatically transferring software protection data from removable store into internal memory upon mounting of stores
First Claim
1. A data processing system including a data processor, and a storage unit connected to said data processor and having a removable storage volume mounted thereon for storing data and an internal memory, said storage volume storing respective protection key information for protecting each of a plurality of data areas in said storage volume from unauthorized access by said data processor and being response to an access request from said data processor for reading or writing data stored therein, comprising:
- first means provided in said storage unit and responsive to the mounting of said storage volume on said storage unit for automatically storing into said internal memory all of the protection key information stored in said storage volume;
second means provided in said storage unit and responsive to receipt of an access request to effect access to a specific data area accompanied by protection information for that protection information accompanying the access request and protection key information corresponding to the specified data area as stored in said internal memory; and
third means provided in said storage unit and connected to said second means for controlling access to said specified data area in said storage volume in accordance with a result of the comparison operation by said second means;
wherein protection area information includes a start address and an end address of a data area to be protected in said storage volume, and said second means includes means for determining if the data area designation information of an access request designates a data area in said storage volume in a range between the start address and the end address included in a protection key information stored in said internal memory.
1 Assignment
0 Petitions
Accused Products
Abstract
In a computer system in which a storage unit is accessed by a host computer, protection key information for each of a plurality of areas of a storage volume, is stored into the storage volume mounted in the storage unit. When the storage volume is mounted on the storage unit, the storage unit reads out protection key information stored in the storage volume and stores it into a memory provided in the storage unit. When an access request for one of the plurality of areas of the storage volume is received from the host computer, the access request is collated with the protection key information stored in the memory relating to the requested area, and the access request is permitted or inhibited in accordance with the collating result.
-
Citations
12 Claims
-
1. A data processing system including a data processor, and a storage unit connected to said data processor and having a removable storage volume mounted thereon for storing data and an internal memory, said storage volume storing respective protection key information for protecting each of a plurality of data areas in said storage volume from unauthorized access by said data processor and being response to an access request from said data processor for reading or writing data stored therein, comprising:
-
first means provided in said storage unit and responsive to the mounting of said storage volume on said storage unit for automatically storing into said internal memory all of the protection key information stored in said storage volume; second means provided in said storage unit and responsive to receipt of an access request to effect access to a specific data area accompanied by protection information for that protection information accompanying the access request and protection key information corresponding to the specified data area as stored in said internal memory; and third means provided in said storage unit and connected to said second means for controlling access to said specified data area in said storage volume in accordance with a result of the comparison operation by said second means; wherein protection area information includes a start address and an end address of a data area to be protected in said storage volume, and said second means includes means for determining if the data area designation information of an access request designates a data area in said storage volume in a range between the start address and the end address included in a protection key information stored in said internal memory. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of protecting data in a storage volume of a data processing system including a data processor, and a storage unit connected to said data processor and having a removable storage volume mounted thereon for storing data and an internal memory, said storage volume storing respective protection key information for protecting each of a plurality of data areas on said storage volume from unauthorized access by said data processor and being responsive to an access request from said data processor for reading or writing data stored therein, comprising the steps of:
-
automatically storing into said internal memory all of the protection key information stored in said storage volume in response to the mounting of said storage volume on said storage unit; receiving in said storage unit an access request to effect access to a specific data area accompanied by protection information for that specific data area; comparing in said storage until the protection information accompanying a received access request and the protection key information corresponding to the specified data area of the access request as stored in said internal memory upon receipt of an access request from said data processor; and controlling in said storage unit access to said storage volume in accordance with a result of the comparing step; wherein an access request from said data processor includes data designation information for designating a data area of said storage volume to be accessed, wherein each protection key information includes protection area information indicating a data area of said storage volume to be protected and related control information for permitting or inhibiting access to said data area, wherein said comparing step includes comparing the data area designation information included in an access request with said protection area information in an internal memory and comparing protection information with related control information, and wherein said controlling step includes inhibiting access to said storage volume when no comparison is found during said comparing step. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification