Method for creating control structure for versatile content control
First Claim
1. A method for controlling access in a storage device, the method comprising:
- performing in a controller in a storage device;
creating a tree in the storage device that has a non-volatile memory, wherein the controller in the storage device is operative to control access to the memory, the tree comprising nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling entity access to data stored in the storage device, wherein the tree is further configured such that, when the storage device receives a request from an entity that has been authenticated to the storage device, the tree can be checked by the controller for a permission corresponding both to the entity and to the request from the entity for access to data stored in the storage device;
creating a second tree in the storage device, wherein the second tree comprises nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling entity access to data stored in the storage device, wherein the tree and the second tree have different root nodes, wherein there are no nodes in the tree above the root nodes; and
storing the trees in the storage device.
3 Assignments
0 Petitions
Accused Products
Abstract
The mobile storage device may be provided with a system agent that is able to create at least one hierarchical tree comprising nodes at different levels for controlling access to data stored in the memory by corresponding entities. Each node of the tree specifies permission or permissions of a corresponding entity or entities for accessing memory data. The permission or permissions at the node of each of the trees has a predetermined relationship to permission or permissions at nodes at a higher or lower or the same level in the same tree. Thus, the mobile storage devices may be issued without any trees already created so that the purchaser of the devices has a free hand in creating hierarchical trees adapted to the applications the purchaser has in mind. Alternatively, the mobile storage devices may also be issued with the trees already created so that a purchaser does not have to go through the trouble of creating the trees. In both situations, preferably certain functionalities of the trees can become fixed after the devices are made so that they cannot be further changed or altered. This provides greater control over access to the content in the device by the content owner. Thus, in one embodiment, the system agent can preferably be disabled so that no additional trees can be created.
-
Citations
84 Claims
-
1. A method for controlling access in a storage device, the method comprising:
performing in a controller in a storage device; creating a tree in the storage device that has a non-volatile memory, wherein the controller in the storage device is operative to control access to the memory, the tree comprising nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling entity access to data stored in the storage device, wherein the tree is further configured such that, when the storage device receives a request from an entity that has been authenticated to the storage device, the tree can be checked by the controller for a permission corresponding both to the entity and to the request from the entity for access to data stored in the storage device; creating a second tree in the storage device, wherein the second tree comprises nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling entity access to data stored in the storage device, wherein the tree and the second tree have different root nodes, wherein there are no nodes in the tree above the root nodes; and storing the trees in the storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
32. A method for controlling access to data in a storage device, the method comprising:
performing in a controller in a storage device; receiving from an entity that has been authenticated to the storage device a request for access to data stored in the storage device; checking for a permission corresponding to the entity and the request in a tree, which tree is in the storage device and comprises nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling access by the entity to data stored in the storage device; granting the request according to the permission; receiving from a second entity that has been authenticated to the storage device a second request for access to data stored in the storage device; checking for a second permission corresponding to the second entity and the second request in a second tree, which second tree comprises nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling access by the second entity to data stored in the storage device, wherein the tree and the second tree have different root nodes, wherein there are no nodes in the tree above the root nodes; and granting the second request according to the second permission. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
43. A storage device comprising:
-
a non-volatile memory; and a controller in communication with the memory, the controller operative to; control access to the non-volatile memory; create a tree in the storage device, the tree comprising nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling entity access to data stored in the storage device, wherein the tree is further configured such that, when the storage device receives a request from an entity that has been authenticated to the storage device, the tree can be checked by the controller for a permission corresponding both to the entity and to the request from the entity for access to data stored in the storage device; create a second tree in the storage device, wherein the second tree comprises nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling entity access to data stored in the storage device, wherein the tree and the second tree have different root nodes, wherein there are no nodes in the tree above the root nodes; and store the trees in the storage device. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
-
-
74. A storage device comprising:
-
a non-volatile memory; and a controller in communication with the memory, the controller operative to; receive from an entity that has been authenticated to the storage device a request for access to data stored in the storage device; check for a permission corresponding to the entity and the request in a tree, which tree is in the storage device and comprises nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling access by the entity to data stored in the storage device; grant the request according to the permission; receive from a second entity that has been authenticated to the storage device a second request for access to data stored in the storage device; check for a second permission corresponding to the second entity and the second request in a second tree, which second tree comprises nodes organized hierarchically therein, each node containing entity authentication credentials and permissions for controlling access by the second entity to data stored in the storage device, wherein the tree and the second tree have different root nodes, wherein there are no nodes in the tree above the root nodes; and grant the second request according to the second permission. - View Dependent Claims (75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
-
Specification