Tenant driven security in a storage cloud

US 8,839,399 B2
Filed: 03/30/2012
Issued: 09/16/2014
Est. Priority Date: 03/30/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

determining whether a tenant places a physical key into a slot associated with a hard disk provided by a service provider;

allowing the tenant to have access to the hard disk after determining that the tenant has placed the physical key into the slot, wherein the access to the hard disk occurs at a physical layer and includes translating a virtual address, received from a tool layer, into a physical address, wherein;

the virtual address is stored in libraries in the tool layer;

the physical address includes at least one of a surface, track, and sensor associated with the hard disk, andthe physical address provides access to data in the hard disk; and

sending the data to class loaders in the tool layer, wherein the class loaders create instances in byte memories including the data, and wherein different services located in the tool layer access the byte memories from the class loaders.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Tenant driven security in a storage cloud is provided. A method includes determining whether a tenant places a physical key into a slot associated with a hard disk provided by a service provider. The method further includes allowing the tenant to have access to the hard disk after determining that the tenant has placed the physical key into the slot.

15 Citations

View as Search Results

22 Claims

1. A method, comprising:
- determining whether a tenant places a physical key into a slot associated with a hard disk provided by a service provider;
  
  allowing the tenant to have access to the hard disk after determining that the tenant has placed the physical key into the slot, wherein the access to the hard disk occurs at a physical layer and includes translating a virtual address, received from a tool layer, into a physical address, wherein;
  
  the virtual address is stored in libraries in the tool layer;
  
  the physical address includes at least one of a surface, track, and sensor associated with the hard disk, andthe physical address provides access to data in the hard disk; and
  
  sending the data to class loaders in the tool layer, wherein the class loaders create instances in byte memories including the data, and wherein different services located in the tool layer access the byte memories from the class loaders.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising denying the tenant access to the hard disk before the determining that the tenant has placed the physical key into the slot.
  - 3. The method of claim 1, further comprising generating a soft key after the determining that the tenant has placed the physical key into the slot.
  - 4. The method of claim 3, further comprising allowing the tenant to have access to the hard disk based on the generated soft key.
  - 5. The method of claim 3, wherein:
    - the hard disk is protected by a preamble flag which is initially set to non-complied to indicate that access to the hard disk is not allowed; and
      
      further comprising setting the preamble flag to complied based on the generated soft key, to indicate that access to the hard disk is allowed.
  - 6. The method of claim 3, wherein:
    - the hard disk is protected by a matching key; and
      
      further comprising allowing the tenant to have access to the hard disk after determining that the generated soft key matches the matching key.
  - 7. The method of claim 1, wherein:
    - the hard disk is protected by a preamble flag which is initially set to non-complied to indicate that access to the hard disk is not allowed; and
      
      further comprising setting the preamble flag to complied to indicate that access to the hard disk is allowed, after the determining that the tenant has placed the physical key into the slot.
  - 8. The method of claim 1, wherein the physical key and the slot are provided by the service provider.
  - 9. The method of claim 1, wherein the physical key is allotted to the tenant.
  - 10. The method of claim 1, further comprising, after the determining that the tenant has placed the physical key into the slot, allowing the tenant to have access to at least one of:
    - at least one sector of the hard disk;
      
      at least one track of the hard disk; and
      
      at least one type of data in the hard disk.

11. A system implemented in hardware, comprising:
- a computer infrastructure operable to;
  
  deny a tenant access to a hard disk provided by a service provider before sensing that the tenant has placed a physical key into a slot associated with the hard disk;
  
  sense that the tenant has placed the physical key into the slot;
  
  allow the tenant to have access to the hard disk after the physical key has been sensed in the slot, wherein the access to the hard disk occurs at a physical layer and includes translating a virtual address into a physical address associated with a location within the hard disk, wherein;
  
  the virtual address is stored in libraries in the tool layer;
  
  the physical address includes at least one of a surface, track, and sensor associated with the hard disk, andthe physical address provides access to data in the hard disk; and
  
  sending the data to class loaders in the tool layer, wherein the class loaders create instances in byte memories including the data, and wherein different services located in the tool layer access the byte memories from the class loaders.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the computer infrastructure is further operable to generate a soft key after the tenant has placed the physical key into the slot.
  - 13. The system of claim 12, wherein the computer infrastructure is further operable to allow the tenant to have access to the hard dist based on the generated soft key.
  - 14. The system of claim 11, wherein:
    - the hard disk is protected by a preamble flag which is initially set to non-complied to indicate that access to the hard disk is not allowed; and
      
      the computer infrastructure is further operable to set the preamble flag to complied to indicate that access to the hard disk is allowed, after the tenant has placed the physical key into the slot.
  - 15. The system of claim 11, wherein the physical key and the slot are provided by the service provider.
  - 16. The system of claim 11, wherein the physical key is allotted to the tenant and associated with the hard disk.
  - 17. The system of claim 11, wherein the computer infrastructure is further operable to, after the sensing that the tenant has placed the physical key into the slot, allowing the tenant to have access to at least one of:
    - at least one sector of the hard disk;
      
      at least one track of the hard disk; and
      
      at least one type of data in the hard disk.

18. A computer program product comprising a tangible computer usable storage device or memory having readable program code embodied in the tangible computer usable storage device or memory, the computer program product includes at least one component operable to:
- determine that a tenant has placed a physical key into a slot associated with a hard disk serviced by a service provider;
  
  allow the tenant access to the hard disk after determining that the tenant has placed the physical key into the slot, wherein the access to the hard disk includes translating virtual addresses into physical addresses associated with a location within the hard disk, wherein;
  
  the virtual address is stored in libraries in the tool layer;
  
  the physical address includes at least one of a surface, track, and sensor associated with the hard disk, andthe physical address provides access to data in the hard disk; and
  
  send the data to class loaders in the tool layer, wherein the class loaders create instances in byte memories including the data, and wherein different services located in the tool layer access the byte memories from the class loaders.
- View Dependent Claims (19)
- - 19. The computer program product of claim 18, wherein the at least one component is further operable to deny the tenant access to the hard disk before the determining that the tenant has placed the physical key into the slot.

20. A method of tenant drive security, comprising:
- providing a computer infrastructure being operable to;
  
  provide a tenant using a service with access to a hard disk, a personalized physical key, and a key hook substrate associated with the hard disk;
  
  generate, in a physical layer, a unique key once the physical key is placed into a slot of the key hook substrate;
  
  deny, by default, access to the hard disk until the physical key is placed into the slot;
  
  send the unique key to a hard disk controller; and
  
  set a flag to complied in relevant sectors of the hard disk to allow access to the hard disk, wherein the access includes translating a virtual address, received from libraries in a tool layer, into a physical address,wherein;
  
  the virtual address is stored in the libraries in the tool layer;
  
  the physical address includes at least one of a surface, track, and sensor associated with the hard disk, andthe physical address provides access to data in the hard disk; and
  
  sending the data to class loaders in the tool layer, wherein the class loaders create instances in byte memories including the data, and wherein different services located in the tool layer access the byte memories from the class loaders.
- View Dependent Claims (21)
- - 21. The method of claim 20, wherein the flag is initially set to non-complied to indicate that access to the hard disk is not allowed.

22. A computer system for tenant driven security, the system comprising:
- a CPU, a computer readable memory and a tangible computer readable storage media;
  
  first program instructions to provide a tenant using a service with access to a hard disk, a personalized physical key, and a key hook substrate associated with the hard disk;
  
  second program instructions to generate a unique key once the physical key is placed into a slot of the key hook substrate;
  
  third program instructions to deny, by default, access to the hard disk until the physical key is placed into the slot;
  
  fourth program instructions to send the unique key to a hard disk controller;
  
  fifth program instructions to set a flag to complied in relevant sectors of the hard disk to allow access,wherein the flag is initially set to non-complied to indicate that access to the hard disk is not allowed;
  
  sixth program instructions to set the flag to complied based on the generated soft key, to indicate that access to the hard disk is allowed, wherein;
  
  the access to the hard disk occurs at a physical layer and includes translating a virtual address, received from a tool layer, into a physical address;
  
  the virtual address is stored in libraries in the tool layer;
  
  the physical address includes at least one of a surface, track, and sensor associated with the hard disk, andthe physical address provides access to data in the hard disk; and
  
  seventh program instructions to send the data to class loaders in the tool area, wherein the class loaders create instances in byte memories including the data, and wherein different services located in the tool layer access the byte memories from the class loaders, andwherein the first, second, third, fourth, fifth, sixth, and seventh program instructions are stored on the tangible computer readable storage media for execution by the CPU via the computer readable memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jain, Bhushan P., Patil, Sandeep R., Ramanathan, Sri, Sivakumar, Gandhi, Trevathan, Matthew B.
Primary Examiner(s)
Traore, Fatoumata

Application Number

US13/435,874
Publication Number

US 20130263242A1
Time in Patent Office

900 Days
Field of Search

None
US Class Current

726/9
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/34   involving the use of extern...

G06F 21/77   in smart cards

G06F 21/78   to assure secure storage of...

G06F 21/80   in storage media based on m...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

Tenant driven security in a storage cloud

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Tenant driven security in a storage cloud

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links