Methods and systems for promoting security in a computer system employing attached storage devices
DC CAFCFirst Claim
1. A storage device for promoting security in a computer system, the storage device comprising:
- a storage medium for storing data;
firmware for reading data from and writing data to the storage medium; and
a partition defined on the storage medium for dividing the storage medium into a data partition and a secure data partition, the secure data partition for storing secure data and one or more authority records, wherein the one or more authority records define access permissions relating to the secure data partition and the secure data;
wherein the secure data partition contains a master authority record, wherein the one or more authority records can be created and deleted as required by a user having access permissions according to the master authority record; and
wherein only the firmware is permitted to access the secure data and the one or more authority records.
7 Assignments
Litigations
4 Petitions
Accused Products
Abstract
The present methods and systems use specially isolated techniques for promoting security in a computer system. In one embodiment of these methods and systems, a simple file system is concealed in the storage of the computer system and is managed with a processor and simple non-writeable code operating on the storage device. Strong cryptographic design permits the present computer security methods and systems to secure data on the storage device. In one method embodiment, a computer system is provided with an operating system in operative association with at least one storage device, wherein the storage device includes firmware and a processor for processing data and instructions stored on the storage device. The method includes creating at least one security partition in, and restricting access to, at least a portion of the storage device by the operating system. The method also includes creating at least one security partition in the storage device. The method also includes providing at least one authority record and data associated with the authority record in the storage device. System and computer-readable medium embodiments structured in accordance with the method embodiments discussed herein are also provided.
-
Citations
14 Claims
-
1. A storage device for promoting security in a computer system, the storage device comprising:
-
a storage medium for storing data; firmware for reading data from and writing data to the storage medium; and a partition defined on the storage medium for dividing the storage medium into a data partition and a secure data partition, the secure data partition for storing secure data and one or more authority records, wherein the one or more authority records define access permissions relating to the secure data partition and the secure data; wherein the secure data partition contains a master authority record, wherein the one or more authority records can be created and deleted as required by a user having access permissions according to the master authority record; and wherein only the firmware is permitted to access the secure data and the one or more authority records. - View Dependent Claims (2, 3, 4, 5, 6, 11)
-
-
7. A method for promoting security in a computer system having an operating system in operative connection with a storage device, wherein said storage device includes a processor and firmware for processing data stored on the storage device, the method comprising:
-
partitioning a storage medium of the storage device into a data partition and a secure data partition, the data partition being accessible to a user and the secure data partition being invisible to the user, the secure data partition for storing secure data and one or more authority records, wherein the secure data is encrypted and a cryptographic code is embedded in the firmware; restricting access to the secure data partition such that only the firmware may access the secure data and the one or more authority records; and authenticating the cryptographic code with a root assurance in the storage device. - View Dependent Claims (8, 9, 10)
-
-
12. A storage device comprising:
- a storage medium having a security partition containing one or more authority records and at least one data set associated with each of the one or more authority records; and
a mechanism within the storage device adapted to limit access to the security partition based on the one or more authority records, wherein the mechanism comprises a processor disposed within the storage device adapted to limit access to the security partition by an operating system of a computer system, and firmware disposed within the storage device adapted to limit access to the security partition by an operating system of a computer system. - View Dependent Claims (13, 14)
- a storage medium having a security partition containing one or more authority records and at least one data set associated with each of the one or more authority records; and
Specification