×

Method, apparatus, and product for prohibiting unauthorized access of data stored on storage drives

  • US 7,478,220 B2
  • Filed: 06/23/2005
  • Issued: 01/13/2009
  • Est. Priority Date: 06/23/2005
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer implemented method in a computer system, which includes a host coupled to a disk drive, for prohibiting unauthorized access of data that is stored on said disk drive, wherein said disk drive communicates with said host using a disk drive controller that is included in the disk drive, and wherein said disk drive controller forwards read requests and write requests to a read/write channel that is included in the disk drive, and further wherein said read/write channel includes a randomizer and a de-randomizer;

  • said method comprising;

    generating a plurality of logical partitions in said host;

    associating a different unique randomizer seed with each one of said plurality of logical partitions;

    keeping said seed in a trusted platform module that is included said host, wherein said trusted platform module does not exist within any of said plurality of logical partitions, and wherein said seed is not stored within said disk drive;

    controlling, by said trusted platform module, access to said different unique randomizer seed associated with each one of said plurality of logical partitions, wherein only one of said plurality of logical partitions associated with an associated seed can access said associated seed;

    utilizing a first seed that is associated with a first one of said logical partitions to limit access to first data, which was stored by said first one of said plurality of logical partitions in the disk drive, to only said first one of said plurality of logical partitions, wherein other ones of said plurality of logical partitions that are not associated with said first seed are unable to access said first data;

    sending, by an application in said first one of said plurality of logical partitions to a first operating system that is being executed by said first one of said plurality of logical partitions, a data access command to access data in said disk drive;

    retrieving, by said first operating system, said first seed;

    sending, by the host to said disk drive in a read request, a particular read seed to be used by said de-randomizer to attempt to de-randomize data, which is stored on said disk drive; and

    sending, by the host to said disk drive in a write request, a particular write seed to be used by said randomizer to randomize data, wherein said particular write seed is provided to said randomizer by said disk drive controller.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×