Controlling access to a storage device

US 6,484,173 B1
Filed: 06/27/2000
Issued: 11/19/2002
Est. Priority Date: 02/07/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of controlling a data storage device, comprising:

providing at least one requestor group that accesses the storage device;

providing at least one pool of devices of the data storage device;

providing a plurality of access types, wherein the access types include at least one of;

control, configure, and track changes; and

determining if a request by a requestor of the at least one requestor group is permitted for a device of the at least one pool of devices, wherein the device is an object of the request.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Controlling access to a data storage device includes defining a plurality of groups that access the data storage device, defining a plurality of pools of devices of the data storage device, and, for at least one of the groups, determining access rights with respect to at least one of the pools. The pools of devices may include communication ports and/or memory segments of the storage element. The access rights may indicate whether system calls are allowed on the communication ports. In some embodiments, restricting access to a data storage device includes coupling each of a plurality of host requestor systems to the storage element by one of a plurality of ports provided for the storage element and selectively determining, for each of the ports, whether system calls are allowed, where, for the ports in which system calls are not allowed, a system call by the host systems coupled thereto causes the storage element to indicate that the system call was not performed. In other embodiments, the access to pools of memory resources having a unique ID number is restricted to requestors having unique ID numbers in a data base that matches allowed requestors and request types to allowed pools of memory.

152 Citations

50 Claims

1. A method of controlling a data storage device, comprising:
- providing at least one requestor group that accesses the storage device;
  
  providing at least one pool of devices of the data storage device;
  
  providing a plurality of access types, wherein the access types include at least one of;
  
  control, configure, and track changes; and
  
  determining if a request by a requestor of the at least one requestor group is permitted for a device of the at least one pool of devices, wherein the device is an object of the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the access types include at least one of mirroring, copying, back up, splitting, and tracking system calls.
  - 3. The method of claim 1, wherein the access types further include reading data and writing data.
  - 4. The method of claim 1, wherein the at least one group and the at least one pool includes at least one of logical units having unique ID numbers and physical units.
  - 5. The method of claim 1, wherein the at least one pool includes at least one of:
    - communication ports of the data storage device and portions of memory of the data storage device.
  - 6. The method of claim 5, wherein the pool includes communication ports and the access rights indicate whether system calls are allowed on the communication ports.
  - 7. The method of claim 5, wherein the pool includes portions of the memory and the access rights indicate at least one of read and write access to the sections.

8. A method of controlling access to a data storage device, comprising,providing a requestor identification number for each requestor having access to the data storage device, where the identification number uniquely identifies each requestor;
- partitioning memory of the data storage device into a plurality of memory segments, and defining an identification number for each of the segments;
  
  providing a plurality of request types including at least one of;
  
  read, write, mirroring, copying, back up, splitting, and tracking system calls; and
  
  allowing a requestor a selected type of request access to a selected one of the plurality of memory segments only if a database of requestor identification numbers indicates that the selected type of request to the selected memory segment is allowable according to the requestor identification number, wherein an override memory location stores one of a pass override condition, a reject override condition and no override condition.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
10. The method of claim 8, wherein the override memory location is checked before examining the database, and, if a pass override condition is stored therein, the request is allowed.
11. The method of claim 10, wherein a value stored in the override memory location reverts to the no override condition after a specified time period.
12. The method of claim 8, wherein the override memory location is checked before examining the database, and, if a reject override condition is stored therein, the request is denied.
13. The method of claim 8, wherein the plurality of memory segments are grouped into pools of devices and wherein allowing a requestor a selected type of request access includes examining a particular one of the pools of devices corresponding to the selected memory segment.
14. The method of claim 11, wherein the specified time period is thirty minutes.

15. A method of controlling access to a data storage device, comprising:
- providing at least one group of requestor devices from a plurality of requestor devices that access the data storage device by issuing requests for at least one of;
  
  reading data in a specified portion of the data storage device, writing data into a specified portion of the data storage device, backing up data from a specified portion of the data storage device, mirroring data, copying data from a specified portion of the data storage device, splitting volumes of the data storage device, and tracking changes to volumes of the data storage device;
  
  providing a plurality of pools of memory resources from a plurality of individual addressable memory resources of the data storage device; and
  
  prior to accessing the memory, providing control logic for the data storage device to determine whether a request from one of the plurality of requestor devices for access to at least one of the plurality of pools of memory resources is permissible, wherein an override memory location stores one of a pass override condition, a reject override condition and no override condition.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method of claim 15, wherein the override memory location is checked before examining the database, and, if a pass override condition is stored therein, the request is allowed.
  - 17. The method of claim 15, wherein the override memory location is checked before examining the database, and, if a reject override condition is stored therein, the request is denied.
  - 18. The method of claim 15, wherein an access level for a group corresponding to the requestor is set to provide a lower access level than an access level set for any member of the group of requestors.
  - 19. The method of claim 15, wherein a pool of memory resources allows more access than an access level set for any member of the pool.
  - 20. The method of claim 16, wherein a value stored in the override memory location reverts to the no override condition after a specified time period.
  - 21. The method of claim 18, wherein the access level of the group is examined before the access level of the requestor and, if access for the group is allowed, no check is made on the access level of the requestor.
  - 22. The method of claim 19, wherein the access level of the pool is examined before the access level of the memory segment, and if access for the pool is not allowed, no check is made on the access level of the memory segment.
  - 23. The method of claim 20, wherein the specified time period is thirty minutes.

24. A method of controlling access to a data storage device, comprising:
- associating an ID number that identifies at least one of;
  
  a requestor having access to the storage element and a group to which the requestor belongs; and
  
  determining if the requestor is allowed a requested type of access operation to at least a portion of the data storage device in accordance with access information, where the access information includes one or more access operations associated with at least one of;
  
  the requestor ID number, an ID number of the group, a password associated with the requestor, and a password associated with the group, wherein the access operation includes at least one of;
  
  control, configure, and track changes.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, wherein the access operation further includes at least one of:
    - backup, mirror, copy, and split.
  - 26. The method of claim 25, wherein the access operation further includes at least one of:
    - read data and write data.
  - 27. The method of claim 25, wherein the access information uses only one of:
    - the requestor ID number, the ID number of the group, the password associated with the requestor, and the password associated with the group.
  - 28. The method of claim 25, wherein the access information uses a combination of the requestor ID number and the ID number of the group.
  - 29. The method of claim 25, wherein the access information uses a combination of the ID number of the group and the password associated with the group.
  - 30. The method of claim 25, wherein the access information uses a combination of the ID number of the group and at least one of:
    - the password associated with the requestor and the password associated with the group.

31. A method of controlling access to a data storage device, comprising:
- associating a password that identifies at least one of;
  
  a requestor having access to the storage element and a group to which the requestor belongs; and
  
  determining if the requestor is allowed a requested type of access operation to at least a portion of the data storage device in accordance with access information, where the access information includes one or more access operations associated with the password, wherein the access operation includes at least one of;
  
  control, configure, and track changes.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The method of claim 31, wherein the access operation further includes at least one of:
    - backup, mirror, copy, and split.
  - 33. The method of claim 31, wherein the access operation further includes at least one of:
    - read data and write data.
  - 34. The method of claim 31, wherein the password is associated with the requestor.
  - 35. The method of claim 31, wherein the password is associated with the group.

36. A computer program product that controls a data storage device, comprising:
- executable code that handles at least one requestor group that accesses the storage device;
  
  executable code that handles at least one pool of devices of the data storage device;
  
  executable code that handles a plurality of access types, wherein the access types are selected from the group consisting of;
  
  mirror, split, and track changes; and
  
  executable code that determines if a request by a requestor of the at least one requestor group is permitted for a device of the at least one pool of devices, wherein the device is an object of the request.

37. A computer program product that controls access to a data storage device, comprising,executable code that handles a requestor identification number for each requestor having access to the data storage device, where the identification number uniquely identifies each requestor;
- executable code that partitions memory of the data storage device into a plurality of memory segments, and defines an identification number for each of the segments;
  
  executable code that handles a plurality of request types including at least one of;
  
  read, write, mirroring, copying, back up, splitting, and tracking system calls; and
  
  executable code that allows a requestor a selected type of request access to a selected one of the plurality of memory segments only if a database of requestor identification numbers indicates that the selected type of request to the selected memory segment is allowable according to the requestor identification number, wherein an override memory location stores one of a pass override condition, a reject override condition and no override condition.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The computer program product of claim 37, further comprising:
39. The computer program product of claim 37, further comprising:
- executable code that checks the override memory location before examining the database, and, if a pass override condition is stored therein, the request is allowed.
40. The computer program product of claim 39, further comprising:
- executable code that causes a value stored in the override memory location to revert to the no override condition after a specified time period.
41. The computer program product of claim 37, further comprising:
- executable code that checks the override memory location before examining the database, and, if a reject override condition is stored therein, the request is denied.

42. A computer program product that controls access to a data storage device, comprising:
- executable code that handles at least one group of requestor devices from a plurality of requestor devices that access the data storage device by issuing requests for at least one of;
  
  reading data in a specified portion of the data storage device, writing data into a specified portion of the data storage device, backing up data from a specified portion of the data storage device, mirroring data, copying data from a specified portion of the data storage device, splitting volumes of the data storage device, and tracking changes to volumes of the data storage device;
  
  executable code that handles a plurality of pools of memory resources from a plurality of individual addressable memory resources of the data storage device; and
  
  executable code that determines whether a request from one of the plurality of requestor devices for access to at least one of the plurality of pools of memory resources is permissible, wherein an override memory location stores one of a pass override condition, a reject override condition and no override condition.
- View Dependent Claims (43, 44, 45)
- - 43. The computer program product of claim 42, further comprising:
44. The computer program product of claim 43, further comprising:
- executable code that causes a value stored in the override memory location to revert to the no override condition after a specified time period.
45. The computer program product of claim 42, further comprising:
- executable code that checks the override memory location before examining the database, and, if a reject override condition is stored therein, the request is denied.

46. A computer program product that controls access to a data storage device, comprising:
- executable code that handles an ID number that identifies at least one of;
  
  a requestor having access to the storage element associated with a group to which the requestor belongs; and
  
  executable code that determines if the requestor is allowed a requested type of access operation to at least a portion of the data storage device in accordance with access information, where the access information includes one or more access operations associated with at least one of;
  
  the requestor ID number, an ID number of the group, a password associated with the requestor, and a password associated with the group, wherein the access operation includes at least one of;
  
  control, configure, and track changes.
- View Dependent Claims (47, 48, 49)
- - 47. The computer program product of claim 46, further comprising:
48. The computer program product of claim 46, further comprising:
- executable code that causes the access information to use a combination of the ID number of the group and at least one of;
  
  the password associated with the requestor and the password associated with the group.
49. The computer program product of claim 46, further comprising:
- executable code that causes the access information to use a combination of the ID number of the group and the password associated with the group.

50. A computer program product that controls access to a data storage device, comprising:
- executable code that handles a password that identifies at least one of;
  
  a requestor having access to the storage element and a group to which the requestor belongs; and
  
  executable code that determines if the requestor is allowed a requested type of access operation to at least a portion of the data storage device in accordance with access information, where the access information includes one or more access operations associated with the password, wherein the access operation includes at least one of;
  
  control, configure, and track changes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Garrett, Brian, OʼHare, Jeremy
Primary Examiner(s)
Amsbury, Wayne
Assistant Examiner(s)
AL HASHEMI, SANA A

Application Number

US09/604,592
Time in Patent Office

875 Days
Field of Search

707/9, 707/3, 707/10, 707/104, 709/242, 709/244, 705/42
US Class Current

1/1
CPC Class Codes

G06F 12/1483   using an access-table, e.g....

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99939   Privileged access

Controlling access to a storage device

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

152 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to a storage device

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

152 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links