Firewall+ storage apparatus, method and system
First Claim
1. A data storage firewall apparatus for working in parallel with existing security technologies to prevent unauthorized writes and/or reads between a host processor and a storage component that includes non-volatile or persistent memory, and/or random access memory, and a controller processor for handling storage requests, comprising:
- a storage firewall for communicatively coupling the storage component and the host processor, said storage firewall being included in at least one of said non-volatile or persistent memory, said random access memory, or said controller processor, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, and/or user authentication and authorization in the execution of an application'"'"'s request to write and/or read, and/or examination, verification, and authentication of all storage access requests.
0 Assignments
0 Petitions
Accused Products
Abstract
A storage firewall architecture, method and system that works in parallel with existing security technologies and, inter alia, provides application software authentication, user authentication & authorization in the execution of an application, examination, verification, and authentication of all storage access requests, monitoring of protected storage to detect & repair anomalous changes, encryption of protected storage, both data and software, provisioning (deployment) of patches, configuration changes, and software through a secure synchronization link to a configuration and patch management server, and server-based system administration & configuration to prevent malware from penetrating local configuration mechanisms.
-
Citations
26 Claims
-
1. A data storage firewall apparatus for working in parallel with existing security technologies to prevent unauthorized writes and/or reads between a host processor and a storage component that includes non-volatile or persistent memory, and/or random access memory, and a controller processor for handling storage requests, comprising:
a storage firewall for communicatively coupling the storage component and the host processor, said storage firewall being included in at least one of said non-volatile or persistent memory, said random access memory, or said controller processor, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, and/or user authentication and authorization in the execution of an application'"'"'s request to write and/or read, and/or examination, verification, and authentication of all storage access requests.
-
2. A data storage firewall apparatus for working in parallel with existing security technologies to prevent unauthorized writes and/or reads between a host processor and a storage component that includes non-volatile or persistent memory, and/or random access memory, and a controller processor for handling storage requests, comprising:
a storage firewall for communicatively coupling the storage component and the host processor, said storage firewall including operative components distributed between at least two of said non-volatile or persistent memory, said random access memory, and said controller processor, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, and/or user authentication and authorization in the execution of an application'"'"'s request to write and/or read, and/or examination, verification, and authentication of all storage access requests.
-
3. A storage firewall and management system, comprising:
-
a data storage apparatus that includes a protected storage component including non-volatile or persistent memory, and/or random access memory, and a controller processor for handling storage requests; a host interface for coupling said protected storage component to a host processor; and a storage firewall adapted to communicatively couple said protected storage component to said host interface, said storage firewall being included in at least one of said non-volatile or persistent memory, said random access memory, and said controller processor, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, user authentication &
authorization in the execution of an application, and examination, verification, and authentication of all storage access requests;an update server including a configuration database; an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said data storage apparatus; and a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices.
-
-
4. A storage firewall and management system, comprising:
-
a data storage apparatus that includes a protected storage component including non-volatile or persistent memory, and/or random access memory, and a controller processor for handling storage requests; a host interface for coupling said protected storage component to a host processor; and a storage firewall adapted to communicatively couple said protected storage component to said host interface, said storage firewall including operative components distributed between at least two of said non-volatile or persistent memory, said random access memory, and said controller processor, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, user authentication &
authorization in the execution of an application, and examination, verification, and authentication of all storage access requests;an update server including a configuration database; an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said data storage apparatus; and a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices.
-
-
5. A storage firewall and management system, comprising:
-
a data storage apparatus including a protected storage component; a host interface for coupling said protected storage component to a host processor; and a storage firewall adapted to communicatively couple said protected storage component to said host interface, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, user authentication &
authorization in the execution of an application, and examination, verification, and authentication of all storage access requests;an update server including a configuration database; an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said data storage apparatus; and a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices. - View Dependent Claims (6, 7, 8)
-
-
9. A method of providing a storage firewall and management system, comprising:
-
providing a data storage means, including providing a host interface for coupling said storage apparatus to a host processor; providing a protected storage component; and providing a storage firewall adapted to communicatively couple said protected storage component to said host interface, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, user authentication &
authorization in the execution of an application, and examination, verification, and authentication of all storage access requests;providing an update server including a configuration database; and an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said data storage apparatus; and providing a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices. - View Dependent Claims (10, 11, 12)
-
-
13. A storage firewall and management system, comprising:
-
a data storage means, including an interface for coupling said data storage means to a digital logic means; a protected storage component; a storage firewall adapted to communicatively couple said protected storage component to said interface, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, user authentication &
authorization in the execution of an application, and examination, verification, and authentication of all storage access requests to said protected storage component;an update server including a configuration database; an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said data storage component; and a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices. - View Dependent Claims (14, 15, 16)
-
-
17. A method of providing a storage firewall and management system, comprising:
-
providing a storage means including a protected storage component; providing a host interface for coupling data to and from a digital logic component; providing a storage firewall adapted to communicatively couple said protected storage component to said host interface, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, user authentication &
authorization in the execution of an application, and examination, verification, and authentication of all storage access requests;providing an update server including a configuration database; providing an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said protected storage component; and providing a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices. - View Dependent Claims (18, 19, 20)
-
-
21. A storage firewall and management system, comprising:
-
a data storage means, including an interface for coupling said data storage means to a digital logic means; a protected storage component; a storage firewall adapted to communicatively couple said protected storage component to said interface, said storage firewall being operative to provide and/or enable scanning functionality and/or operations, and/or maintenance functionality and/or operations, and/or any other non-access-control and/or functionality and/or operations on said protected storage component; an update server including a configuration database; an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said data storage component; and a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices.
-
-
22. A storage firewall and management system, comprising:
-
a data storage means, including an interface for coupling said data storage means to a digital logic means such as a host processor; a protected storage component; a storage firewall adapted to communicatively couple said protected storage component to said interface, said storage firewall being operative to provide application software authentication including application registration, runtime authentication of application identity and permission to execute, user authentication &
authorization in the execution of an application, and examination, verification, and authentication of all storage access requests, said storage firewall being further operative to provide and/or enable scanning functionality and/or operations, and/or maintenance functionality and/or operations, and/or any other non-access-control and/or functionality and/or operations on said protected storage component;an update server including a configuration database; an Internet interfacing means for communicating with said update server via the Internet to provide updates, configuration changes, new software, and other information to said data storage component; and a configuration web server or other user interface coupled to said update server for enabling end users to select customization options for their storage firewall protected storage and endpoint devices. - View Dependent Claims (23, 24, 25, 26)
-
Specification