Remote access control of storage devices
First Claim
1. An access control device comprising:
- at least one communicational interface through which communications with a storage device comprising encrypted data are established;
at least one processing unit;
access control information comprising identifications of entities that are to be allowed by the access control device to access, in an unencrypted form, the encrypted data stored on the storage device;
storage-related cryptographic information that can decrypt the encrypted data of the storage device with which communications are established through the at least one communicational interface, wherein the storage-related cryptographic information comprises;
a first storage-related cryptographic information that can decrypt only a first portion of the encrypted data of the storage device; and
a second storage-related cryptographic information that can decrypt only a second portion of the encrypted data of the storage device, the second portion being different from the first portion; and
a computer-readable medium comprising computer-executable instructions that, when executed by the at least one processing unit, cause the at least one processing unit to perform steps comprising;
receiving an identification of an accessing entity, from a computing device to which the storage device is communicationally coupled, the accessing entity seeking to access, in the unencrypted form, the encrypted data stored on the storage device;
comparing the received identification of the accessing entity to the access control information;
providing, in a secured manner, the storage-related cryptographic information to the storage device, thereby enabling the storage device to decrypt the encrypted data, if the comparing reveals that the received identification of the accessing entity matches at least one of the identifications of the entities that comprise the access control information;
wherein the access control device is physically separable from both the storage device and the computing device; and
wherein further the computer-executable instructions that cause the provision of the storage related cryptographic information to the storage device comprises computer-executable instructions that, when executed by the at least one processing unit, cause the at least one processing unit to;
provide, to the storage device, only the first storage-related cryptographic information if the accessing entity is associated with the first storage-related cryptographic information; and
provide, to the storage device, only the second storage-related cryptographic information if the accessing entity is associated with the second storage-related cryptographic information.
2 Assignments
0 Petitions
Accused Products
Abstract
An access control device can be communicationally coupled to a storage device and can control access thereto. The access control device can comprise information, such as identities of authorized entities, to enable the access control device to independently determine whether to provide access to an associated storage device. Alternatively, the access control device can comprise information to establish a secure connection to an authorization computing device and the access control device can implement the decisions of the authorization computing device. The access control device can control access by instructing a storage device to execute specific firmware instructions to prevent meaningful responses to data storage related requests. The access control device can also comprise storage-related cryptographic information utilized by the storage device to encrypt and decrypt data. In such a case, the access control device can control access by not releasing the storage-related cryptographic information to the storage device.
-
Citations
11 Claims
-
1. An access control device comprising:
-
at least one communicational interface through which communications with a storage device comprising encrypted data are established; at least one processing unit; access control information comprising identifications of entities that are to be allowed by the access control device to access, in an unencrypted form, the encrypted data stored on the storage device; storage-related cryptographic information that can decrypt the encrypted data of the storage device with which communications are established through the at least one communicational interface, wherein the storage-related cryptographic information comprises; a first storage-related cryptographic information that can decrypt only a first portion of the encrypted data of the storage device; and a second storage-related cryptographic information that can decrypt only a second portion of the encrypted data of the storage device, the second portion being different from the first portion; and a computer-readable medium comprising computer-executable instructions that, when executed by the at least one processing unit, cause the at least one processing unit to perform steps comprising; receiving an identification of an accessing entity, from a computing device to which the storage device is communicationally coupled, the accessing entity seeking to access, in the unencrypted form, the encrypted data stored on the storage device; comparing the received identification of the accessing entity to the access control information; providing, in a secured manner, the storage-related cryptographic information to the storage device, thereby enabling the storage device to decrypt the encrypted data, if the comparing reveals that the received identification of the accessing entity matches at least one of the identifications of the entities that comprise the access control information; wherein the access control device is physically separable from both the storage device and the computing device; and wherein further the computer-executable instructions that cause the provision of the storage related cryptographic information to the storage device comprises computer-executable instructions that, when executed by the at least one processing unit, cause the at least one processing unit to; provide, to the storage device, only the first storage-related cryptographic information if the accessing entity is associated with the first storage-related cryptographic information; and provide, to the storage device, only the second storage-related cryptographic information if the accessing entity is associated with the second storage-related cryptographic information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification