Secure direct platter access
First Claim
1. A method comprising:
- defining a protected area in addition to a user area for data storage in a data storage device;
defining a secured sub-area within the protected areareceiving a request to execute a command associated with a logical block address (LBA) between a minimum LBA and a maximum LBA of the secured sub-area;
accessing the secured sub-area while executing the command; and
buffering data in the secured sub-area when the command is to read or write data to the user area.
7 Assignments
0 Petitions
Accused Products
Abstract
Bulk data transfers by directly accessing a persistent and secured area on the data storage device, e.g., a disk drive having a magnetic storage medium, without relying on the system operating system to execute its read/write operations. For a disk drive, the Protected Area Run Time Interface Extension (PARTIES) technology is applied to create and organize a secured sub-area within a secured storage area. The secured sub-area is a data buffer to and from which large data file transfers can be made with data authenticity and confidentiality. Since this new secured sub-area is not organized and protected by the operating system, it is inherently protected from attack by viruses or Trojan horse software whose effectiveness depends on their ability to maliciously direct the operating system. In addition, the read/write operations bypass command payload limits while reducing data and command validation costs.
51 Citations
19 Claims
-
1. A method comprising:
-
defining a protected area in addition to a user area for data storage in a data storage device; defining a secured sub-area within the protected area receiving a request to execute a command associated with a logical block address (LBA) between a minimum LBA and a maximum LBA of the secured sub-area; accessing the secured sub-area while executing the command; and buffering data in the secured sub-area when the command is to read or write data to the user area. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving a request that references a secured sub-portion of a protected area in a data storage device that is separate from a user data storage area of the data storage device; buffering a command in the secured sub-portion when the command is to read or write data to the user data storage area; in response to the request, accessing the secured sub-portion of the protected area to retrieve a command stored in the secured sub-portion of the protected area; and executing the command.
-
-
11. A device, comprising:
-
a data storage medium, wherein a protected area in addition to a user area are defined for data storage; a secured sub-area is defined within the protected area for buffering data in the secured sub-area when a command is to read or write to the user area; a controller adapted to; receive a request from a host system to execute a command, the request comprising at least one logical block address (LBA), and executing the command when the at least one LBA is within the secured sub-area of the protected area. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification