Methods and systems for promoting security in a computer system employing attached storage devices

US 7,426,747 B2
Filed: 07/11/2005
Issued: 09/16/2008
Est. Priority Date: 07/25/2001
Status: Expired due to Term

First Claim

Patent Images

1. A disk drive data storage device comprising:

a data storage medium comprising a data storage disk;

a secure area defined on the data storage disk, the secure area containing at least one authority record for determining access to associated data contained on the secure area, the at least one authority record comprising a master record comprising a master passcode, associated master data, and access permissions to the associated master data, wherein the master data comprises another of the at least one authority records; and

a controller and firmware within the data storage device, which are adapted to control access to the associated data based on the at least one authority record.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present methods and systems use specially isolated techniques for promoting security in a computer system. In one embodiment of these methods and systems, a simple file system is concealed in the storage of the computer system and is managed with a processor and simple non-writeable code operating on the storage device. Strong cryptographic design permits the present computer security methods and systems to secure data on the storage device. In one method embodiment, a computer system is provided with an operating system in operative association with at least one storage device, wherein the storage device includes firmware and a processor for processing data and instructions stored on the storage device. The method includes creating at least one security partition in, and restricting access to, at least a portion of the storage device by the operating system. The method also includes creating at least one security partition in the storage device. The method also includes providing at least one authority record and data associated with the authority record in the storage device. System and computer-readable medium embodiments structured in accordance with the method embodiments discussed herein are also provided.

Citations

27 Claims

1. A disk drive data storage device comprising:
- a data storage medium comprising a data storage disk;
  
  a secure area defined on the data storage disk, the secure area containing at least one authority record for determining access to associated data contained on the secure area, the at least one authority record comprising a master record comprising a master passcode, associated master data, and access permissions to the associated master data, wherein the master data comprises another of the at least one authority records; and
  
  a controller and firmware within the data storage device, which are adapted to control access to the associated data based on the at least one authority record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The disk drive data storage device of claim 1 wherein the controller is adapted to secure the entire data storage medium.
  - 3. The disk drive data storage device of claim 1 wherein the controller prohibits access to the associated data by a file system of an attached computer system.
  - 4. The disk drive data storage device of claim 1 wherein each of the at least one record comprises:
    - a security partition name identifying the secure area;
      
      a passcode for accessing the secure area; and
      
      access rights defining permissions for accessing the associated data based on the passcode.
  - 5. The disk drive data storage device of claim 1 wherein the associated data comprises:
    - public keys for secure partitions of other data storage devices.
  - 6. The disk drive data storage device of claim 1 wherein the controller comprises:
    - the firmware, which comprises computer readable instructions stored in a memory of the disk drive data storage device for managing the at least one record, wherein at least a portion of the firmware comprises non-writable firmware; and
      
      a processor adapted to perform the computer readable instructions.
  - 7. The disk drive data storage device of claim 6 further comprising:
    - an encryption key stored within the secure area; and
      
      encryption operations embedded in the firmware and adapted to encrypt the associated data using the encryption key.
  - 8. The disk drive data storage device of claim 1 wherein the master record contains authority records of other secure areas on at least one other disk drive.
  - 9. The disk drive data storage device of claim 1 wherein the master record governs creation and deletion of the other records within the secure area.
  - 10. The disk drive data storage device of claim 1 wherein the master record translates to a group authority within an operating system of an attached computer system.
  - 11. The disk drive data storage device of claim 1 wherein the controller allows only write access to the secure area for concealing information, the controller adapted to prohibit read access to the information, the secure area for concealing a secret.
  - 12. The disk drive data storage device of claim 11 wherein the secret comprises an encryption key.
  - 13. The disk drive data storage device of claim 12 wherein the controller is adapted to perform cryptographic operations within the disk drive data storage device using the key based on established procedure calls within the disk drive data storage device and security features built into one or more user applications.

14. A method for securing data in a disk drive data storage device comprising:
- Storing associated data and one or more authority records for determining access to the associated data in one or more secure partitions formed on at least one data storage disk of the disk drive data storage device; and
  
  controlling with a controller and firmware, which are located in the disk drive data storage device, access to the associated data by an operating system of an attached computer system based upon the at least one authority record, wherein the one or more authority record comprising a master record comprising a master passcode, associated master data, and access permissions to the associated master data, wherein the master data comprises another of the one or more authority records.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14 wherein the each of the one or more authority records comprises:
    - a security partition name identifying the secure partition;
      
      a passcode for accessing the secure partition; and
      
      access rights defining permissions for accessing the associated data based on the passcode.
  - 16. The method of claim 14 wherein before the step of storing, the method further comprises:
    - partitioning the data storage disk to form the secure area.
  - 17. The method of claim 16 wherein the step of partitioning occurs on a low-level formatting portion of the data storage disk.
  - 18. The method of claim 14 wherein the step of controlling further comprises:
    - controlling access to any data stored within the secure area, wherein at least a portion of the firmware comprises non-writable firmware.
  - 19. The method of claim 14 wherein the step of restricting comprises:
    - hiding with the controller selected fields of the at least one records so that the selected fields are inaccessible to processes external to the disk drive data storage device.
  - 20. The method of claim 14 wherein the record comprises a public-private key pair and a symmetric key, the method further comprising:
    - encrypting data associated with the secure partition using the symmetric key;
      
      encrypting the symmetric key with a public key of the public-private key pair; and
      
      hiding a private key of the public-private key pair in a hidden field of a selected record of the at least one record, the private key for decoding the symmetric key.

21. A disk drive data storage device comprising:
- a data storage disk;
  
  a secure area defined on the data storage disk, the secure area containing associated data and containing at least one authority record for determining access to the associated data, wherein the at least one authority record comprises a master record comprising a master passcode, associated master data, and access permissions to the associated master data, wherein the master data comprises another of the at least one authority records; and
  
  a controller and firmware within the disk drive data storage device, which are adapted to control access to any data stored within the secure area based on the at least one authority record.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The disk drive data storage device of claim 21 wherein each of the at least one authority records comprises:
    - a security partition name identifying the secure area;
      
      a passcode for accessing the secure area; and
      
      access rights defining permissions for accessing the associated data based on the passcode.
  - 23. The disk drive data storage device of claim 21 wherein the controller comprises:
    - the firmware, which comprises computer readable instructions stored in a memory of the disk drive data storage device for managing the at least one record, wherein at least a portion of the firmware comprises non-writable firmware; and
      
      a processor adapted to perform the computer readable instructions.
  - 24. The disk drive data storage device of claim 23 further comprising:
    - an encryption key stored within the secure area; and
      
      encryption operations embedded in the firmware and adapted to encrypt the associated data using the encryption key.
  - 25. The disk drive data storage device of claim 21 wherein the master record contains authority records of other secure areas on at least one other data storage device.
  - 26. The disk drive data storage device of claim 21 wherein the master record translates to a domain authority within an operating system of an attached computer system for use within a network domain.
  - 27. The disk drive data storage device of claim 21 wherein at least one of the authority records comprises:
    - a plurality of fields containing information for determining access to the associated data, wherein one or more of the plurality fields are hidden from any process external to the disk drive data storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureWave Storage Solutions Inc. (Quarterhill Inc. (f/k/a Wi-LAN Inc.))
Original Assignee
Antique Books, Inc
Inventors
Thibadeau, Robert
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US11/178,908
Publication Number

US 20050268114A1
Time in Patent Office

1,163 Days
Field of Search

None
US Class Current

726/9
CPC Class Codes

G06F 2003/0697   device management, e.g. han...

G06F 21/805   using a security table for ...

G06F 3/0601   Interfaces specially adapte...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0644   Management of space entitie...

G06F 3/0674   Disk device

Methods and systems for promoting security in a computer system employing attached storage devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for promoting security in a computer system employing attached storage devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links