Method for versatile content control with partitioning

US 8,601,283 B2
Filed: 12/20/2005
Issued: 12/03/2013
Est. Priority Date: 12/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method for access control, the method comprising:

performing by a storage device that has a non-volatile memory with a partition and contains an account with authentication credentials and further contains permissions;

receiving a request to access the partition, the request including a session ID, the session ID being associated with the permissions upon authenticating an entity to the account using the authentication credentials, wherein the storage device stores the permissions prior to receiving a request to authenticate the entity;

using the session ID included in the request to look up in the storage device the permissions associated with the session ID;

determining whether the permissions authorize the requested access to the partition; and

granting the requested access to the partition if the permissions authorize the requested access to the partition;

wherein the session ID is sharable among other entities to share access to the partition, and wherein after the entity is authenticated to the account using the authentication credentials, the storage device identifies the other entities by the session ID and not the authentication credentials.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.

Citations

24 Claims

1. A method for access control, the method comprising:
- performing by a storage device that has a non-volatile memory with a partition and contains an account with authentication credentials and further contains permissions;
  
  receiving a request to access the partition, the request including a session ID, the session ID being associated with the permissions upon authenticating an entity to the account using the authentication credentials, wherein the storage device stores the permissions prior to receiving a request to authenticate the entity;
  
  using the session ID included in the request to look up in the storage device the permissions associated with the session ID;
  
  determining whether the permissions authorize the requested access to the partition; and
  
  granting the requested access to the partition if the permissions authorize the requested access to the partition;
  
  wherein the session ID is sharable among other entities to share access to the partition, and wherein after the entity is authenticated to the account using the authentication credentials, the storage device identifies the other entities by the session ID and not the authentication credentials.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the memory comprises an additional partition, and wherein the method further comprises permitting authenticated entities to access data in the additional partition.
  - 3. The method of claim 1, wherein a type of access to the partition is independent from any authentication used to authenticate the entity to the account.
  - 4. The method of claim 1, wherein multiple accounts can be authorized for a type of access to the partition.
  - 5. The method of claim 1, wherein the account is stored in a memory component of the storage device, and wherein information relating to the account is fetched from the memory component by a controller of the storage device during authentication.
  - 6. The method of claim 1, wherein the partition comprises a continuous range of addresses.

7. A method for access control, the method comprising:
- performing by a storage device that has a non-volatile memory with a partition and contains an account with authentication credentials and further contains permissions;
  
  allowing one of read and write access to the partition in the non-volatile memory of the storage device without authentication; and
  
  allowing the other one of read and write access to the partition only upon authentication of an entity to the account using the authentication credentials, in which a session ID is provided to the entity and is associated with the permissions, wherein the storage device stores the permissions prior to receiving a request to authenticate the entity, and only upon;
  
  receiving a request to perform the other one of read and write access to the partition, the request including the session ID;
  
  using the session ID included in the request to look up in the storage device the permissions associated with the session ID; and
  
  determining that the permissions authorize the other one of read and write access to the partition;
  
  wherein the session ID is sharable among other entities to share permission to perform the other one of read and write access to the partition, and wherein after the entity is authenticated to the account using the authentication credentials, the storage device identifies the other entities by the session ID and not the authentication credentials.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein access to the partition is controlled based on at least one other account.
  - 9. The method of claim 7, wherein the memory comprises at least one additional partition.
  - 10. The method of claim 7, wherein the account comprises an access control record.
  - 11. The method of claim 7, wherein the account is stored in a memory component of the storage device, and wherein information relating to the account is fetched from the memory component by a controller of the storage device during authentication.
  - 12. The method of claim 7, wherein the partition comprises a continuous range of addresses.

13. A storage device comprising:
- a non-volatile memory having a partition and containing an account with authentication credentials and further containing permissions; and
  
  a controller in communication with the non-volatile memory, wherein the controller is operative to;
  
  receive a request to access the partition, the request including a session ID, the session ID being associated with the permissions upon authenticating an entity to the account using the authentication credentials, wherein the storage device stores the permissions prior to receiving a request to authenticate the entity;
  
  use the session ID included in the request to look up in the storage device the permissions associated with the session ID;
  
  determine whether the permissions authorize the requested access to the partition; and
  
  grant the requested access to the partition if the permissions authorize the requested access to the partition;
  
  wherein the session ID is sharable among other entities to share access to the partition, and wherein after the entity is authenticated to the account using the authentication credentials, the storage device identifies the other entities by the session ID and not the authentication credentials.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The storage device of claim 13, wherein the memory comprises an additional partition, and wherein the controller is further operative to permit authenticated entities to access data in the additional partition.
  - 15. The storage device of claim 13, wherein a type of access to the partition is independent from any authentication used to authenticate the entity to the account.
  - 16. The storage device of claim 13, wherein multiple accounts can be authorized for a type of access to the partition.
  - 17. The storage device of claim 13, wherein information relating to the account is fetched from the non-volatile memory by the controller during authentication.
  - 18. The storage device of claim 13, wherein the partition comprises a continuous range of addresses.

19. A storage device comprising:
- a non-volatile memory having a partition and containing an account with authentication credentials and further containing permissions; and
  
  a controller in communication with the non-volatile memory, wherein the controller is operative to;
  
  allow one of read and write access to the partition in the non-volatile memory without authentication; and
  
  allow the other one of read and write access to the partition only upon authentication of an entity to the account using the authentication credentials, in which a session ID is provided to the entity and is associated with the permissions, wherein the storage device stores the permissions prior to receiving a request to authenticate the entity, and only upon;
  
  receiving a request to perform the other one of read and write access to the partition, the request including the session ID;
  
  using the session ID included in the request to look up in the storage device the permissions associated with the session ID; and
  
  determining that the permissions authorize the other one of read and write access to the partition;
  
  wherein the session ID is sharable among other entities to share permission to perform the other one of read and write access to the partition, and wherein after the entity is authenticated to the account using the authentication credentials, the storage device identifies the other entities by the session ID and not the authentication credentials.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The storage device of claim 19, wherein access to the partition is controlled based on at least one other account.
  - 21. The storage device of claim 19, wherein the non-volatile memory comprises at least one additional partition.
  - 22. The storage device of claim 19, wherein the account comprises an access control record.
  - 23. The storage device of claim 19, wherein information relating to the account is fetched from the memory by the controller during authentication.
  - 24. The storage device of claim 19, wherein the partition comprises a continuous range of addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Jogand-Coulomb, Fabrice, Holtzman, Michael, Qawami, Bahman, Barzilai, Ron
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US11/314,052
Publication Number

US 20060242065A1
Time in Patent Office

2,905 Days
Field of Search

726 2- 30, 713189-193, 713/158, 713/168, 713/194, 705/50, 705/56, 705/58, 705/59
US Class Current

713/193
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2145   Inheriting rights or proper...

Method for versatile content control with partitioning

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method for versatile content control with partitioning

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links