System for controlling use of a solid-state storage subsystem
First Claim
1. A system for restricting access to storage resources, the system comprising:
- a storage subsystem having stored therein;
a unique identifier of the storage subsystem;
a unique identifier of a particular host system with which the storage subsystem is configured to operate; and
a device-specific file in a non-protected storage area of the storage subsystem, the file encrypted through an encryption method that is based at least in part on one or more of the unique identifiers to inhibit decryption of the file when it is copied to another storage subsystem;
wherein the storage subsystem is connectable to the host system, and includes a non-volatile, solid state memory that is capable of being accessed by the host system; and
said host system, wherein the host system has stored therein information for verifying an identity of the storage subsystem;
wherein the storage subsystem and the host system are configured to collectively use said unique identifiers and said information to inhibit the host system from being used with other storage subsystems, and to inhibit the storage subsystem from being used with other host systems, such that a one-to-one pairing exists between the storage subsystem and the host system,wherein the storage subsystem is responsive to standard storage access commands from the host system, andwherein said unique identifiers are stored on the storage subsystem in a protected storage area that is not accessible via said standard storage access commands but are retrievable via ATA vendor-specific commands issued by a device driver executed on the host system, and said device driver is configured to use at least one of the unique identifiers to decrypt the device-specific file.
12 Assignments
0 Petitions
Accused Products
Abstract
A solid-state storage subsystem, such as a non-volatile memory card or drive, includes a main memory area that is accessible via standard memory access commands (such as ATA commands), and a restricted memory area that is accessible only via one or more non-standard commands. The restricted memory area stores information used to control access to, and/or use of, information stored in the main memory area. As one example, the restricted area may store one or more identifiers, such as a unique subsystem identifier, needed to decrypt an executable or data file stored in the main memory area. A host software component is configured to retrieve the information from the subsystem'"'"'s restricted memory area, and to use the information to control access to and/or use of the information in the main memory area.
-
Citations
17 Claims
-
1. A system for restricting access to storage resources, the system comprising:
a storage subsystem having stored therein; a unique identifier of the storage subsystem; a unique identifier of a particular host system with which the storage subsystem is configured to operate; and a device-specific file in a non-protected storage area of the storage subsystem, the file encrypted through an encryption method that is based at least in part on one or more of the unique identifiers to inhibit decryption of the file when it is copied to another storage subsystem; wherein the storage subsystem is connectable to the host system, and includes a non-volatile, solid state memory that is capable of being accessed by the host system; and said host system, wherein the host system has stored therein information for verifying an identity of the storage subsystem; wherein the storage subsystem and the host system are configured to collectively use said unique identifiers and said information to inhibit the host system from being used with other storage subsystems, and to inhibit the storage subsystem from being used with other host systems, such that a one-to-one pairing exists between the storage subsystem and the host system, wherein the storage subsystem is responsive to standard storage access commands from the host system, and wherein said unique identifiers are stored on the storage subsystem in a protected storage area that is not accessible via said standard storage access commands but are retrievable via ATA vendor-specific commands issued by a device driver executed on the host system, and said device driver is configured to use at least one of the unique identifiers to decrypt the device-specific file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A system for restricting access to storage, the system comprising:
a storage subsystem having stored therein; at least a portion of a software application in a device-specific file, the file stored in a non-protected storage area of the storage subsystem; and at least one data string used to identify the storage subsystem, wherein the storage subsystem is responsive to standard storage access commands from a host system, and wherein said at least one data string is stored on the storage subsystem in a protected storage area that is not accessible via said standard storage access commands but is accessible via ATA vendor-specific commands issued by a driver executed on the host system, and is usable by the driver to decrypt the device-specific file; information identifying the host system with which the storage subsystem is configured to operate; and a module for receiving a unique host identifier from the host system and comparing the received unique host identifier with the identification information of the host system, and if the unique host identifier received matches the identification information of the host system, providing the host system access to information stored on the storage subsystem, wherein the device-specific file is encrypted based on the at least one data stringy to inhibit decryption of the file when it is copied to another storage subsystem. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
Specification