System and method for delivering versatile security, digital rights management, and privacy services

US 7,925,894 B2
Filed: 11/09/2004
Issued: 04/12/2011
Est. Priority Date: 07/25/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

partitioning a storage media in a storage device into a hidden partition and a storage partition in the storage media;

writing a base class to the hidden partition;

instantiating a security provider base class from the base class, the security provider base class adapted to control access to the storage media;

instantiating a security provider (SP) administration object and a SP controller object from the security provider base class;

logging into the SP administration object;

initializing the SP controller object using the SP administration object; and

creating an access control record identifying an user authorized to access the SP controller object and access permissions associated with the authorized user.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing enhanced security features in a storage device involves partitioning a storage media in the storage device into a hidden partition and a storage partition in the storage media. A base class is written to the hidden partition. A security provider base class is instantiated from the base class. The security provider base class is adapted to control access to the storage media.

126 Citations

22 Claims

1. A method comprising:
- partitioning a storage media in a storage device into a hidden partition and a storage partition in the storage media;
  
  writing a base class to the hidden partition;
  
  instantiating a security provider base class from the base class, the security provider base class adapted to control access to the storage media;
  
  instantiating a security provider (SP) administration object and a SP controller object from the security provider base class;
  
  logging into the SP administration object;
  
  initializing the SP controller object using the SP administration object; and
  
  creating an access control record identifying an user authorized to access the SP controller object and access permissions associated with the authorized user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the SP controller object is initialized with access controls.
  - 3. The method of claim 1 wherein before the step of partitioning, the method further comprising:
    - assembling the storage device;
      
      writing firmware to a controller; and
      
      powering up the drive.
  - 4. The method of claim 1 wherein the security provider object is a cryptographic security provider.
  - 5. The method of claim 1 wherein the storage device is a disc drive.

6. A method comprising:
- partitioning a storage media in the storage device into a hidden partition and a storage partition in the storage media;
  
  writing a base class to the hidden partition;
  
  initializing more than one security provider base class from the base class, each security provider base class adapted to control access to a specific storage location on the storage mediacreating an access control record identifying a user authorized to access a security provider controller object; and
  
  creating access permissions within the access control record associated with the specific storage location on the storage media, the access permissions adapted to control access to the specific storage location.

7. A method comprising:
- writing trusted drive firmware to a controller of a storage device;
  
  partitioning a storage media of the storage device into a hidden portion and a data portion;
  
  writing a security provider object template to the hidden partition; and
  
  instantiating security providers using the security provider object template, each security provider adapted to control access to the storage device; and
  
  prohibiting access by a host operating system to the storage device except through authenticated access to the trusted drive firmware of the controller.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7 and further comprising:
    - instantiating an administration security provider object and a security provider controller object from the security provider object template.
  - 9. The method of claim 8 wherein the step of initializing comprises:
    - logging in to the administration security provider object; and
      
      initializing the security provider controller object with access controls using the administration security provider object.
  - 10. The method of claim 8 wherein the administration security provider object has one or more authority records stored in the hidden partition, each authority record having an associated data set, the method further comprising:
    - controlling access to the storage media according to the one or more authority records.
  - 11. The method of claim 10 wherein each object stored on the storage media is associated with a security provider, and wherein the step of controlling further comprises:
    - controlling access permissions to objects stored on the storage media according to the associated security provider.

12. A method comprising:
- writing trusted drive firmware to a controller of a storage device;
  
  partitioning a storage media of the storage device into a hidden portion and a data portion;
  
  writing a security provider object template to the hidden partition;
  
  instantiating security providers using the security provider object template, each security provider adapted to control access to the storage device;
  
  receiving an access request from for access to data stored on the storage device;
  
  querying a requesting device for trust information;
  
  determining whether the requesting device can be trusted using the trusted drive firmware and an instantiation of the security provider object template; and
  
  permitting storage controller access to a specific storage location when the requesting device can be trusted.

13. A storage device comprising:
- a storage media partitioned into a hidden portion and a data portion;
  
  a storage controller adapted to control access to the storage media;
  
  a trusted drive feature stored in a firmware of the storage controller, the trusted drive feature adapted to authenticate access requests to determine whether each access request can be trusted;
  
  a security provider base object stored in the hidden portion and adapted to cooperate with the trusted drive feature to control access rights to data on the storage media; and
  
  a security protected log adapted to track and log the activity of other security providers based on successes and failures to gain access to data controlled by the other security provider.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The storage device of claim 13, and further comprising:
    - one or more instantiated security providers stored in the hidden portion of the storage media, each instantiated security provider associated with a particular area on the storage media.
  - 15. The storage device of claim 14 wherein the security provider base is invoked to create a security provider administration object and a security provider controller object, the security provider administration object is adapted to configure associated security provider objects, the security provider controller object is adapted to control access to a particular area on the storage media.
  - 16. The storage device of claim 13 and further comprising:
    - a public key store adapted to cryptographically verify a request for a new security provider instantiation.
  - 17. The storage device of claim 13 and further comprising:
    - a key and passcode revocation store adapted to check keys, passcodes, or other authenticators for revocation.
  - 18. The storage device of claim 13 and further comprising:
    - a registry security provider adapted to provide a standard security provider handle through which any number of physical copies of a security provider can be located and managed.
  - 19. The storage device of claim 13 and further comprising:
    - a clock time security provider adapted to provide a security protected clock source to other devices or to other security providers.
  - 20. The storage device of claim 13 and further comprising:
    - a diagnostics security provider adapted to enable security to access storage controller diagnostics.
  - 21. The storage device of claim 13 and further comprising:
    - a test security provider adapted to enable security to access control to storage controller testing.
  - 22. The storage device of claim 13 and further comprising:
    - an external code security provider adapted to harden access control to software running on the security provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Thibadeau, Robert Harwell
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US10/984,368
Publication Number

US 20050160281A1
Time in Patent Office

2,345 Days
Field of Search

None
US Class Current

713/193
CPC Class Codes

G06F 2003/0697   device management, e.g. han...

G06F 21/805   using a security table for ...

G06F 3/0601   Interfaces specially adapte...

System and method for delivering versatile security, digital rights management, and privacy services

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

126 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for delivering versatile security, digital rights management, and privacy services

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links