System for controlling use of a solid-state storage subsystem

US 7,765,373 B1
Filed: 06/27/2006
Issued: 07/27/2010
Est. Priority Date: 06/27/2006
Status: Active Grant

First Claim

Patent Images

1. A system for restricting access to storage resources, the system comprising:

a storage subsystem having stored therein;

a unique identifier of the storage subsystem;

a unique identifier of a particular host system with which the storage subsystem is configured to operate; and

a device-specific file in a non-protected storage area of the storage subsystem, the file encrypted through an encryption method that is based at least in part on one or more of the unique identifiers to inhibit decryption of the file when it is copied to another storage subsystem;

wherein the storage subsystem is connectable to the host system, and includes a non-volatile, solid state memory that is capable of being accessed by the host system; and

said host system, wherein the host system has stored therein information for verifying an identity of the storage subsystem;

wherein the storage subsystem and the host system are configured to collectively use said unique identifiers and said information to inhibit the host system from being used with other storage subsystems, and to inhibit the storage subsystem from being used with other host systems, such that a one-to-one pairing exists between the storage subsystem and the host system,wherein the storage subsystem is responsive to standard storage access commands from the host system, andwherein said unique identifiers are stored on the storage subsystem in a protected storage area that is not accessible via said standard storage access commands but are retrievable via ATA vendor-specific commands issued by a device driver executed on the host system, and said device driver is configured to use at least one of the unique identifiers to decrypt the device-specific file.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A solid-state storage subsystem, such as a non-volatile memory card or drive, includes a main memory area that is accessible via standard memory access commands (such as ATA commands), and a restricted memory area that is accessible only via one or more non-standard commands. The restricted memory area stores information used to control access to, and/or use of, information stored in the main memory area. As one example, the restricted area may store one or more identifiers, such as a unique subsystem identifier, needed to decrypt an executable or data file stored in the main memory area. A host software component is configured to retrieve the information from the subsystem'"'"'s restricted memory area, and to use the information to control access to and/or use of the information in the main memory area.

Citations

17 Claims

1. A system for restricting access to storage resources, the system comprising:
- a storage subsystem having stored therein;
  
  a unique identifier of the storage subsystem;
  
  a unique identifier of a particular host system with which the storage subsystem is configured to operate; and
  
  a device-specific file in a non-protected storage area of the storage subsystem, the file encrypted through an encryption method that is based at least in part on one or more of the unique identifiers to inhibit decryption of the file when it is copied to another storage subsystem;
  
  wherein the storage subsystem is connectable to the host system, and includes a non-volatile, solid state memory that is capable of being accessed by the host system; and
  
  said host system, wherein the host system has stored therein information for verifying an identity of the storage subsystem;
  
  wherein the storage subsystem and the host system are configured to collectively use said unique identifiers and said information to inhibit the host system from being used with other storage subsystems, and to inhibit the storage subsystem from being used with other host systems, such that a one-to-one pairing exists between the storage subsystem and the host system,wherein the storage subsystem is responsive to standard storage access commands from the host system, andwherein said unique identifiers are stored on the storage subsystem in a protected storage area that is not accessible via said standard storage access commands but are retrievable via ATA vendor-specific commands issued by a device driver executed on the host system, and said device driver is configured to use at least one of the unique identifiers to decrypt the device-specific file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the storage subsystem has stored therein a software application in the device-specific file, and the host system is configured to execute the software application from the storage subsystem without copying the software application to the host system.
  - 3. The system of claim 2, wherein the software application is stored on the storage subsystem in an encrypted form, and the host system is configured to decrypt the software application.
  - 4. The system of claim 1, wherein the unique host system identifier is periodically regenerated by the host system.
  - 5. The system of claim 1, wherein the storage subsystem further comprises a magnetic storage medium, and wherein data is stored on the magnetic storage medium.
  - 6. The system of claim 4, wherein the host system is configured to periodically regenerate the unique host system identifier at a random frequency.
  - 7. The system of claim 4, wherein the host system is configured to periodically regenerate the unique host system identifier at a pre-determined frequency.
  - 8. The system of claim 4, wherein the host system is configured to periodically regenerate the unique host system identifier at a frequency determined by the number of write commands that have been executed in the storage subsystem.

9. A system for restricting access to storage, the system comprising:
- a storage subsystem having stored therein;
  
  at least a portion of a software application in a device-specific file, the file stored in a non-protected storage area of the storage subsystem; and
  
  at least one data string used to identify the storage subsystem, wherein the storage subsystem is responsive to standard storage access commands from a host system, and wherein said at least one data string is stored on the storage subsystem in a protected storage area that is not accessible via said standard storage access commands but is accessible via ATA vendor-specific commands issued by a driver executed on the host system, and is usable by the driver to decrypt the device-specific file;
  
  information identifying the host system with which the storage subsystem is configured to operate; and
  
  a module for receiving a unique host identifier from the host system and comparing the received unique host identifier with the identification information of the host system, and if the unique host identifier received matches the identification information of the host system, providing the host system access to information stored on the storage subsystem,wherein the device-specific file is encrypted based on the at least one data stringy to inhibit decryption of the file when it is copied to another storage subsystem.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, wherein the host system stores therein:
    - a unique host identifier;
      
      a module for identifying the host system to the solid state storage subsystem by sending the unique host identifier; and
      
      executable code in the driver configured to access the at least one data string located on the storage subsystem to verify the identity of the storage subsystem, said executable code further configured to provide access to data stored in the storage subsystem after verification of the storage subsystem'"'"'s identity using the at least one data string, wherein providing access to the data comprises at least one of the following;
      
      (a) using the at least one data string to authenticate the storage subsystem, and then using standard memory access commands to retrieve the data from the storage subsystem;
      
      (b) using standard memory access commands to retrieve the data from the storage subsystem in an encrypted form, and using the at least one data string to decrypt the retrieved data.
  - 11. The system of claim 9, wherein the storage subsystem is further configured to:
    - use the at least one data string to perform a comparison; and
      
      provide access to data stored in the storage subsystem based on the outcome of the comparison.
  - 12. The system of claim 9, wherein the storage subsystem further comprises a magnetic storage medium, and wherein data is stored on the magnetic storage medium.
  - 13. The system of claim 9, wherein the unique host system identifier is periodically regenerated by the host system.
  - 14. The system of claim 9, wherein the host system is configured to execute the software application from the storage subsystem.
  - 15. The system of claim 13, wherein the host system is configured to periodically regenerate the unique host system identifier at a random frequency.
  - 16. The system of claim 13, wherein the host system is configured to periodically regenerate the unique host system identifier at a pre-determined frequency.
  - 17. The system of claim 13, wherein the host system is configured to periodically regenerate the unique host system identifier at a frequency determined by the number of write commands that have been executed in the storage subsystem.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Original Assignee
SiliconSystems, Inc. (Western Digital Corporation)
Inventors
Merry, David E., Diggs, Mark, Drossel, Gary A., Hajeck, Michael J.
Primary Examiner(s)
Kim; Matt
Assistant Examiner(s)
Dare; Ryan

Application Number

US11/475,386
Time in Patent Office

1,491 Days
Field of Search

711/163
US Class Current

711/163
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/78   to assure secure storage of...

G06F 3/0622   in relation to access

G06F 3/0659   Command handling arrangemen...

G06F 3/0679   Non-volatile semiconductor ...

System for controlling use of a solid-state storage subsystem

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System for controlling use of a solid-state storage subsystem

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links