Restricted access devices

US 6,842,810 B1
Filed: 10/18/2001
Issued: 01/11/2005
Est. Priority Date: 10/18/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for restricting access to a device comprising:

receiving a data operation in connection with the device;

determining a type of said device as one of restricted access and standard access;

determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;

determining a target location associated with said data operation; and

in response to determining one of said first and said second sets of opcodes, said type, and said target location, determining if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described are techniques in connection with restricting access to devices within a computer system. Access to a device may be restricted to one or more particular hosts within the computer system, and also further restricted to a particular software program executing within the particular hosts. The restricted access device (RAD) may be recognized by one or more hosts only having access to specific portions of the RAD unless special RAD I/O opcodes are used in connection with performing I/O operations. Access to a device may be obtained by enabling a particular use of the special RAD I/O opcodes. Subsequently, access to the same device may be disabled by stopping use of the special RAD I/O opcodes by a particular host and/or software executing in the host. RADs may be used in a variety of applications including, for example, restricting access to shared logs or journals and protecting a database.

Citations

42 Claims

1. A method for restricting access to a device comprising:
- receiving a data operation in connection with the device;
  
  determining a type of said device as one of restricted access and standard access;
  
  determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
  
  determining a target location associated with said data operation; and
  
  in response to determining one of said first and said second sets of opcodes, said type, and said target location, determining if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - recognizing a device which is of type restricted access by all hosts included in the computer system.
  - 3. The method of claim 2, further comprising:
    - restricting access to a recognized device to a particular host in the computer system by having said particular host perform data operations to said recognized device using opcodes included in said second set.
  - 4. The method of claim 3, wherein only a specific software program executing on the particular host in the computer system is able to access said recognized device by performing data operations using opcodes included in said second set.
  - 5. The method of claim 4, further comprising:
    - changing a status associated with a recognized device between restricted and standard.
  - 6. The method of claim 5, further comprising:
    - using a configuration file and value included therein to specify said status.
  - 7. The method of claim 4, further comprising:
    - performing a data operation to said recognized device that includes a file that is accessible by a plurality of hosts, a first of said plurality of hosts having exclusive access to said file by performing data operations in connection with said recognized device using opcodes included in said second set.
  - 8. The method of claim 1, further comprising:
    - installing an application programming interface on a host included in said computer system performing said data operation; and
      
      using said application programming interface to issue said data operation.
  - 9. The method of claim 8, further comprising:
    - configuring said application programming interface in accordance with a device configuring associated with said host wherein said device configuration includes said host accessing at least one device as a restricted access device.

10. A method for restricting access to a device comprising:
- receiving a data operation in connection with the device;
  
  determining a type of said device as one of restricted access and standard access;
  
  determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
  
  determining a target location associated with said data operation;
  
  in response to determining one of said first and said second sets of opcodes, said type, and said target location, determining if said data operation is valid; and
  
  determining that said data operation is valid if said opcode is included in said second set and said type is restricted.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, further comprising:
    - determining that said data operation is valid if said opcode is included in said first set and said type is standard.
  - 12. The method of claim 11, further comprising:
    - determining that said data operation is valid in response to determining that said opcode is included in said first set, said type is restricted and said location is one of standard access on said device.
  - 13. The method of claim 12, further comprising:
    - performing said data operation in response to determining that said data operation is valid and otherwise performing error processing.
  - 14. The method of claim 13, wherein each of said first and second sets of opcodes includes a read opcode and a write opcode, each of the opcodes included in said first set being different from each of said opcodes included in said second set.

15. A computer program product stored on a computer-readable medium for restricting access to a device comprising:
- machine executable code that receives a data operation in connection with the device;
  
  machine executable code that determines a type of said device as one of restricted access and standard access;
  
  machine executable code that determines if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
  
  machine executable code that determines a target location associated with said data operation; and
  
  machine executable code that, in response to determining one of said first and said second sets of opcodes, said type, and said target location, determines if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The computer program product of claim 15, further comprising:
    - machine executable code that determines that said data operation is valid if said opcode is included in said second set and said type is restricted.
  - 17. The computer program product of claim 16, further comprising:
    - machine executable code that determines that said data operation is valid if said opcode is included in said first set and said type is standard.
  - 18. The computer program product of claim 17, further comprising:
    - machine executable code that determines that said data operation is valid in response to determining that said opcode is included in said first set, said type is restricted and said location is one of standard access on said device.
  - 19. The computer program product of claim 18, further comprising:
    - machine executable code that performs said data operation in response to determining that said data operation is valid and otherwise performing error processing.
  - 20. The computer program product of claim 19, wherein each of said first and second sets of opcodes includes a read opcode and a write opcode, each of the opcodes included in said first set being different from each of said opcodes included in said second set.
  - 21. The computer program product of claim 15, further comprising:
    - machine executable code that recognizes a device which is of type restricted access by all hosts included in the computer system.
  - 22. The machine executable code of claim 21, further comprising:
    - machine executable code that restricts access to a recognized device to a particular host in the computer system by having said particular host perform data operations to said recognized device using opcodes included in said second set.
  - 23. The computer program product of claim 22, wherein only a specific software program executing on the particular host in the computer system is able to access said recognized device by performing data operations using opcodes included in said second set.
  - 24. The computer program product of claim 23, further comprising:
    - machine executable code that changes a status associated with a recognized device between restricted and standard.
  - 25. The computer program product of claim 24, further comprising:
    - machine executable code that uses a configuration file and value included therein to specify said status.
  - 26. The computer program product of claim 23, further comprising:
    - machine executable code that performs a data operation to said recognized device that includes a file that is accessible by a plurality of hosts, a first of said plurality of hosts having exclusive access to said file by performing data operations in connection with said recognized device using opcodes included in said second set.
  - 27. The computer program product of claim 15, further comprising:
    - machine executable code that installs an application programming interface on a host included in said computer system performing said data operation; and
      
      machine executable code that uses said application programming interface to issue said data operation.
  - 28. The computer program product of claim 27, further comprising:
    - machine executable code that configures said application programming interface in accordance with a device configuration associated with said host wherein said device configuration includes said host accessing at least one device as a restricted access device.

29. An apparatus for restricting access to a device in a computer system comprising:
- means for receiving a data operation in connection with the device;
  
  means for determining a type of said device as one of restricted access and standard access;
  
  means for determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
  
  means for determining a target location associated with said data operation; and
  
  means for determining, in response to said means for determining one of said first and said second sets of opcodes, said type, and said target location, if said data operation is valid in accordance with said type and which of said sets of opcodes includes said opcode.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
- - 30. The apparatus of claim 29, further comprising:
    - means for recognizing a device which is of type restricted access by all hosts included in the computer system.
  - 31. The apparatus of claim 30, further comprising:
    - means for restricting access to a recognized device to a particular host in the computer system by having said particular host perform data operations to said recognized device using opcodes included in said second set.
  - 32. The apparatus of claim 31, wherein only a specific software program executing on the particular host in the computer system is able to access said recognized device by performing data operations using opcodes included in said second set.
  - 33. The apparatus of claim 32, further comprising:
    - means for changing a status associated with a recognized device between restricted and standard.
  - 34. The apparatus of claim 33, further comprising:
    - means for using a configuration file and value included therein to specify said status.
  - 35. The apparatus of claim 32, further comprising:
    - means for performing a data operation to said recognized device that includes a file that is accessible by a plurality of hosts, a first of said plurality of hosts having exclusive access to said file by performing data operations in connection with said recognized device using opcodes included in said second set.
  - 36. The apparatus of claim 29, further comprising:
    - means for installing an application programming interface on a host included in said computer system performing said data operation; and
      
      means for using said application programming interface to issue said data operation.
  - 37. The apparatus of claim 36, further comprising:
    - means for configuring said application programming interface in accordance with a device configuration associated with said host wherein said device configuration includes said host accessing at least one device as a restricted access device.

38. An apparatus for restricting access to a device in a computer system comprising:
- means for receiving a data operation in connection with the device;
  
  means for determining a type of said device as one of restricted access and standard access;
  
  means for determining if an opcode associated with said data operation is included in one of a first set of opcodes and a second set of opcodes, said first set of opcodes specifying standard data operations, and said second set of opcodes specifying restricted data operations;
  
  means for determining a target location associated with said data operation;
  
  means for determining, in response to said means for determining one of said first and said second sets of opcodes, said type, and said target location, if said data operation is valid; and
  
  means for determining that said data operation is valid if said opcode is included in said second set and said type is restricted.
- View Dependent Claims (39, 40, 41, 42)
- - 39. The apparatus of claim 38, further comprising:
    - means for determining that said data operation is valid if said opcode is included in said first set and said type is standard.
  - 40. The apparatus of claim 39, further comprising:
    - means for determining that said data operation is valid in response to determining that said opcode is included in said first set, said type is restricted and said location is one of standard access on said device.
  - 41. The apparatus of claim 40, further comprising:
    - means for performing said data operation in response to determining that said data operation is valid and otherwise performing error processing.
  - 42. The apparatus of claim 41, wherein each of said first and second sets of opcodes includes a read opcode and a write opcode, each of the opcodes included in said first set being different from each of said opcodes included in said second set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Fitzgerald, John T., Don, Arieh, Tamer, Philip E., Krasner, Jonathan I., Veprinsky, Alexander
Primary Examiner(s)
AUVE, GLENN ALLEN

Application Number

US09/982,492
Time in Patent Office

1,181 Days
Field of Search

710/5, 710/107, 710/240, 710/305
US Class Current

710/240
CPC Class Codes

G06F 21/78   to assure secure storage of...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0689   Disk arrays, e.g. RAID, JBOD

H04L 63/101   Access control lists [ACL]

Restricted access devices

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Restricted access devices

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links