Method and system for protection and security of IO devices using credentials
First Claim
1. A method for protecting access and operation of input/output (IO) devices, comprising the steps of:
- issuing from an IO subsystem manager of a computer system a group credential to members of a group of consumers comprising a plurality of consumers that authorizes the consumers to share usage of an IO device, the group credential comprising a first identifier of the group;
issuing from an IO resource manager a device credential to members of a group of consumers comprising a second identifier of the group and specifying the IO device and specifying privileges for use of the IO device;
conveying a request to use the IO device from one of the consumers to a host gateway in a channel, the request comprising an IO command, the group credential and the device credential;
authenticating the one consumer as a member of the group at the host gateway using the group credential;
transmitting the request to a device controller of the IO device specified in the device credential;
making a determination in the device controller that the request conforms to the privileges of the device credential; and
responsively to the determination granting the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.
-
Citations
28 Claims
-
1. A method for protecting access and operation of input/output (IO) devices, comprising the steps of:
-
issuing from an IO subsystem manager of a computer system a group credential to members of a group of consumers comprising a plurality of consumers that authorizes the consumers to share usage of an IO device, the group credential comprising a first identifier of the group; issuing from an IO resource manager a device credential to members of a group of consumers comprising a second identifier of the group and specifying the IO device and specifying privileges for use of the IO device; conveying a request to use the IO device from one of the consumers to a host gateway in a channel, the request comprising an IO command, the group credential and the device credential; authenticating the one consumer as a member of the group at the host gateway using the group credential; transmitting the request to a device controller of the IO device specified in the device credential; making a determination in the device controller that the request conforms to the privileges of the device credential; and responsively to the determination granting the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer software product for protecting access and operation of input/output (IO) devices, including a computer-readable non-transitory storage medium in which computer program instructions are stored, which instructions, when executed by a computer, cause the computer to perform the steps of:
-
issuing from an IO subsystem manager of a computer system a group credential to members of a group of consumers comprising a plurality of consumers that authorizes the consumers to share usage of an IO device, the group credential comprising a first identifier of the group; issuing from an IO resource manager a device credential to members of a group of consumers comprising a second identifier of the group and specifying the IO device and specifying privileges for use of the IO device; conveying a request to use the IO device from one of the consumers to a host gateway in a channel, the request comprising an IO command, the group credential and the device credential; authenticating the one consumer as a member of the group at the host gateway using the group credential; transmitting the request to a device controller of the IO device specified in the device credential; making a determination in the device controller that the request conforms to the privileges of the device credential; and
responsively to the determination granting the request. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A data processing system adapted to protecting access and operation of input/output (IO) devices comprising:
-
a processor; a plurality of consumers, defining a group of consumers, and comprising at least one operating system and a set of applications executing under control of the at least one operating system; at least one IO device; a channel manager for managing protection of the at least one IO device, comprising a host gateway and a device controller for the at least one IO device; an IO subsystem manager; an IO resource manager; a memory accessible to the processor storing programs and data objects therein, wherein execution of the programs cause the system to perform the steps of; issuing from the IO subsystem manager of a computer system a group credential to members of the group of consumers that authorizes the consumers to share usage of the IO device, the group credential comprising a first identifier of the group; issuing from the IO resource manager a device credential to members of a group of consumers comprising a second identifier of the group and specifying the IO device and specifying privileges for use of the IO device; conveying a request to use the IO device from one of the consumers to the host gateway, the request comprising an IO command, the group credential and the device credential; authenticating the one consumer as a member of the group at the host gateway using the group credential; transmitting the request to the device controller of the IO device specified in the device credential; making a determination in the device controller that the request conforms to the privileges of the device credential; and responsively to the determination granting the request. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification