Methods and systems for promoting security in a computer system employing attached storage devices
First Claim
1. A storage device comprising:
- a storage medium having a security partition containing at least one authority record and at least one data set associated with each of the authority records; and
a mechanism within the storage device adapted to limit access to the security partition based on the at least authority record, wherein the mechanism comprises a processor disposed within the storage device and adapted to limit access to the security partition by an operating system of a computer system, based at least in part on authentication of a passcode and a signed nonce, which are received from the operating system and verified by the mechanism according to the at least one authority record.
1 Assignment
0 Petitions
Accused Products
Abstract
The present methods and systems use specially isolated techniques for promoting security in a computer system. In one embodiment of these methods and systems, a simple file system is concealed in the storage of the computer system and is managed with a processor and simple non-writeable code operating on the storage device. Strong cryptographic design permits the present computer security methods and systems to secure data on the storage device. In one method embodiment, a computer system is provided with an operating system in operative association with at least one storage device, wherein the storage device includes firmware and a processor for processing data and instructions stored on the storage device. The method includes creating at least one security partition in, and restricting access to, at least a portion of the storage device by the operating system. The method also includes creating at least one security partition in the storage device. The method also includes providing at least one authority record and data associated with the authority record in the storage device. System and computer-readable medium embodiments structured in accordance with the method embodiments discussed herein are also provided.
-
Citations
14 Claims
-
1. A storage device comprising:
-
a storage medium having a security partition containing at least one authority record and at least one data set associated with each of the authority records; and a mechanism within the storage device adapted to limit access to the security partition based on the at least authority record, wherein the mechanism comprises a processor disposed within the storage device and adapted to limit access to the security partition by an operating system of a computer system, based at least in part on authentication of a passcode and a signed nonce, which are received from the operating system and verified by the mechanism according to the at least one authority record. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A disk drive data storage device comprising:
-
a data storage medium comprising a data storage disk; a secure area defined on the data storage disk, the secure area containing at least one authority record and associated data, the authority record determining access to the associated data, including an cryptographic key; and a controller within the data storage device, which is adapted to control access to the associated data based on the at least one authority record, wherein the controller is adapted to perform cryptographic operations within the disk drive data storage device using the key based on established procedure calls within the disk drive data storage device that execute cryptographic operations on behalf of, but concealed from, one or more user applications. - View Dependent Claims (7, 8)
-
-
9. A system for promoting security in a computer system having an operating system in operative connection with at least one storage device, wherein said storage device includes a processor for processing data stored on said storage device, said system for promoting security comprising:
-
a security partition defined in the storage device and containing at least one authority record and associated data, the authority record determining access to the associated data and storage device settings, and wherein the authority record comprises at least one of a cryptographic key or hash, which authorizes at least one of reading or writing the data and storage device settings; and wherein access to the security partition in the storage device by the operating system of the computer system is limited by the processor on the storage device according to the authority record. - View Dependent Claims (10, 11, 12)
-
-
13. A system for promoting security in a computer system having an operating system in operative connection with at least one storage device, wherein said storage device includes a processor for processing data stored on said storage device, said system for promoting security comprising:
-
a security partition formed in said storage device having at least one authority record comprising an authority for authorizing read operations to an associated data set and a separate authority for authorizing write operations to the associated data set; and wherein access to the security partition in the storage device by the operating system of the computer system is limited by the processor on the storage device according to the at least one authority record. - View Dependent Claims (14)
-
Specification