Wireless security access management for a portable data storage cartridge

US 7,178,031 B1
Filed: 11/08/1999
Issued: 02/13/2007
Est. Priority Date: 11/08/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing a portable secure interface to a data storage cartridge, said data storage cartridge having data storage media for storing data for read/write access by a user of a data storage drive when mounted in said data storage drive, and a wireless interface mounted in said portable data storage cartridge for receiving power and data from, and sending data to, said data storage drive when mounted in said data storage drive, said data storage cartridge having a user table separate from said data storage media, comprising at least a unique user identifier for each authorized user and at least one permitted activity said user is authorized to conduct with respect to said data storage media, said user identifier, when combined with a user authentication message from said authorized user in accordance with a predetermined algorithm, authorizes said user, said method comprising the steps of:

receiving said user authentication messages from said data storage drive via said wireless interface;

separate from said data storage media, combining said user authentication message with at least part of said user identifier from said user table in accordance with said predetermined algorithm to authorize or deny said user activity; and

transmitting said user authorization or denial to said data storage drive via said wireless interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable security system mounted in a portable data storage cartridge for managing access by users to the cartridge. A programmable computer processor mounted in the cartridge is powered by and transfers data to a data storage drive via a wireless RF interface, when mounted in the drive. A user table has a unique user identifier for each authorized user and lists permitted activities of the user for the cartridge. The user identifier comprises a user symbol and a user decrypting sender public key. An authentication message from the authorized user is encrypted by a sender private key and a receiver public key. The cartridge processor decrypts the message employing a receiver private key and the sender public key, whereby the user authentication message is known to have come from the user and grants access to the user for the listed activities for the cartridge.

40 Citations

View as Search Results

11 Claims

1. A method for providing a portable secure interface to a data storage cartridge, said data storage cartridge having data storage media for storing data for read/write access by a user of a data storage drive when mounted in said data storage drive, and a wireless interface mounted in said portable data storage cartridge for receiving power and data from, and sending data to, said data storage drive when mounted in said data storage drive, said data storage cartridge having a user table separate from said data storage media, comprising at least a unique user identifier for each authorized user and at least one permitted activity said user is authorized to conduct with respect to said data storage media, said user identifier, when combined with a user authentication message from said authorized user in accordance with a predetermined algorithm, authorizes said user, said method comprising the steps of:
- receiving said user authentication messages from said data storage drive via said wireless interface;
  
  separate from said data storage media, combining said user authentication message with at least part of said user identifier from said user table in accordance with said predetermined algorithm to authorize or deny said user activity; and
  
  transmitting said user authorization or denial to said data storage drive via said wireless interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein each said user identifier comprises a user symbol and a user decrypting key, wherein said user authentication message comprises an encrypted user authentication message which may be decrypted by said user decrypting key, and wherein said combining step comprises decrypting said user authentication message by said user decrypting key.
  - 3. The method of claim 2, wherein said user decrypting key comprises a sender public key, and wherein said predetermined algorithm comprises a public key cryptographic algorithm.
  - 4. The method of claim 3, wherein said user authentication message is encrypted by a sender private key and a receiver public key, wherein said public key cryptographic algorithm decrypts said user authentication message employing a receiver private key and said sender public key, and wherein said combining step comprises decrypting said user authentication message by said receiver private key and said sender public key, whereby said user authentication message is known to have come from said user.
  - 5. The method of claim 1, wherein said user table comprises a plurality of said permitted activities, selected ones of which each of said users may be authorized to conduct, said permitted activities comprising 1) read access to data stored in said data storage media, 2) write access to data stored in said data storage media, 3) read the user entry of said user table, 4) read all entries of said user table, 5) add entries to said user table, and 6) change/delete entries to said user table;
    - and wherein said transmitting step comprises transmitting authorization to conduct the selected said user permitted activities said user is authorized to conduct.
  - 6. The method of claim 1, wherein said user table comprises a separate entry for each said user identifier and said permitted activity said user is authorized to conduct;
    - and wherein said transmitting step additionally comprises identifying said user permitted activities from said separate entries.
  - 7. The method of claim 1, wherein said step of providing said user table comprises a separate entry for each said user identifier, said entry comprising all said permitted activities said user is authorized to conduct;
    - and wherein said transmitting step additionally comprises identifying said user permitted activities from said user separate entry.
  - 8. The method of claim 1, wherein said data storage cartridge additionally comprises a class table comprising at least a unique class identifier for each authorized class of users and at least one permitted activity said class of users is authorized to conduct with respect to said data storage media, said class identifier, when combined with a user authentication message from a user of said authorized class of users in accordance with said predetermined algorithm, authorizes said user;
    - wherein said combining step additionally comprises, upon receiving said user authentication messages from said data storage drive via said wireless interface, combining said user authentication message with said class identifier from said class table in accordance with said predetermined algorithm to authorize or deny said class activity to said user; and
      
      wherein said transmitting step additionally comprises transmitting said class authorization or denial to said data storage drive via said wireless interface.
  - 9. The method of claim 8, wherein said user table additionally comprises any class membership of each said user;
    - and wherein said combining step additionally authorizes said user with respect to said class table either by said class authorization or by said user authorization.
  - 10. The method of claim 8, wherein said user table and said class table comprise a plurality of permitted activities, selected ones of which each of said users may be authorized to conduct, said permitted activities comprising 1) read access to data stored in said data storage media, 2) write access to data stored in said data storage media, 3) read all entries of said class table, 4) add entries to said class table, and 5) change/delete entries to said class table;
    - and wherein said transmitting step comprises transmitting authorization to conduct the selected said user and said class permitted activities said user is authorized to conduct.
  - 11. The method of claim 1, wherein said data stored in said data storage media is encrypted, wherein said step of providing said user table permitted activities comprises providing at least 1) read access to data stored in said data storage media, and wherein said step of transmitting said user authorization for said read access additionally comprises transmitting a decryption key for said encrypted stored data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Seger, Paul Joseph
Primary Examiner(s)
Rimell; Sam
Assistant Examiner(s)
Betit; Jacob F.

Application Number

US09/435,899
Time in Patent Office

2,654 Days
Field of Search

359/152, 705/54, 713/175, 713/201, 713/192, 713/155, 713/209, 713/158, 713168-171, 713/182, 380/4, 380/49, 380/23, 380/25, 380/271, 398/126, 707/9, 707/100, 711/163
US Class Current

713/182
CPC Class Codes

G06F 21/80   in storage media based on m...

G06F 2211/008   Public Key, Asymmetric Key,...

Y10S 707/99939   Privileged access

Wireless security access management for a portable data storage cartridge

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless security access management for a portable data storage cartridge

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links