Managing access to an address range in a storage device

US 9,104,618 B2
Filed: 12/18/2008
Issued: 08/11/2015
Est. Priority Date: 12/18/2008
Status: Active Grant

First Claim

Patent Images

1. A method for managing access to an addressable memory location in a storage device, the method comprising:

in a storage device with a storage media that has addressable memory locations, a set of one or more of which being identified by an address range of contiguous addresses associated with a first characteristic and a second characteristic, managing access to such addressable memory locations by;

receiving a request from a requesting entity to access an addressable memory location in the storage media;

applying the first characteristic if the addressable memory location is within the set of addressable memory locations and at that time any entity is currently authenticated to and authorized to access the set of addressable memory locations, wherein an entity that is currently authenticated to and authorized to access the set of addressable memory locations has successfully completed an authentication and authorization process and wherein the requesting entity may access the set of addressable memory locations without having to perform an authentication and authorization process; and

applying the second characteristic if the addressable memory location is within the set of addressable memory locations and at that time no entity is authenticated to and authorized to access the set of addressable memory locations.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Enhanced configuration of security and access control for data in a storage device is disclosed. A request is received to access an addressable memory location in a storage media within the storage device. A set of addressable memory locations with contiguous addresses identified by an address range is associated with first and second characteristics. The first characteristic is applied if the addressable memory location is within the set of addressable memory locations, and an entity is currently authenticated to and authorized to access the set of addressable memory locations. The second characteristic is applied if the addressable memory location is within the set of addressable memory locations, and no entity is currently authenticated to and authorized to access the set of addressable memory locations. The set of addressable memory locations can also be a logical partition, where the first and second characteristics are stored in a logical partition table.

Citations

38 Claims

1. A method for managing access to an addressable memory location in a storage device, the method comprising:
- in a storage device with a storage media that has addressable memory locations, a set of one or more of which being identified by an address range of contiguous addresses associated with a first characteristic and a second characteristic, managing access to such addressable memory locations by;
  
  receiving a request from a requesting entity to access an addressable memory location in the storage media;
  
  applying the first characteristic if the addressable memory location is within the set of addressable memory locations and at that time any entity is currently authenticated to and authorized to access the set of addressable memory locations, wherein an entity that is currently authenticated to and authorized to access the set of addressable memory locations has successfully completed an authentication and authorization process and wherein the requesting entity may access the set of addressable memory locations without having to perform an authentication and authorization process; and
  
  applying the second characteristic if the addressable memory location is within the set of addressable memory locations and at that time no entity is authenticated to and authorized to access the set of addressable memory locations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The method of claim 1, wherein managing the access further comprises applying a default characteristic if the addressable memory location is not within the set of addressable memory locations.
  - 3. The method of claim 1, wherein, if the addressable memory location is within the set of addressable memory locations, managing the access further comprises applying the first characteristic if, at that time, a particular entity making the request is authenticated to and authorized to access the set of addressable memory locations, and applying the second characteristic if, at that time, the particular entity making the request is not authenticated to and not authorized to access the set of addressable memory locations.
  - 4. The method of claim 1, wherein the entity is authenticated to the set of addressable memory locations upon the storage device utilizing an access control record from a tree, wherein the tree comprises nodes organized hierarchically therein, each node comprising at least one access control record, wherein the access control record comprises credentials and permissions for authenticating the entity to the set of addressable locations and authorizing access by the entity to data stored in the set of addressable memory locations.
  - 5. The method of claim 1, further comprising authorizing the entity to access the set of addressable memory locations, wherein the authorizing is performed by the storage device.
  - 6. The method of claim 5, wherein authorizing the entity to access the set of addressable memory locations comprises utilizing an access control record from a tree to authorize the entity to access the set of addressable memory locations, wherein the tree comprises nodes organized hierarchically therein, each node comprising at least one access control record, wherein the access control record comprises credentials and permissions for authenticating the entity and authorizing entity access to data stored in the set of addressable memory locations.
  - 7. The method of claim 5, further comprising delegating an authorization from the entity to an additional entity.
  - 8. The method of claim 7, wherein delegating an authorization from the entity to the additional entity comprises delegating at least one permission of the access control record to an additional access control record.
  - 9. The method of claim 1, further comprising creating an association between the set of addressable memory locations and the first characteristic and the second characteristic.
  - 10. The method of claim 9, wherein creating the association between the logical partition and the first characteristic and the second characteristic comprises creating a new entry in a logical partition table.
  - 11. The method of claim 1, further comprising removing an association between the set of addressable memory locations and the first characteristic and the second characteristic.
  - 12. The method of claim 11, wherein removing the association between the logical partition and the first characteristic and the second characteristic comprises removing an entry from a logical partition table.
  - 13. The method of claim 1, further comprising creating an association between a new set of addressable memory locations and the first characteristic and the second characteristic.
  - 14. The method of claim 1, further comprising changing at least one of the first characteristic and the second characteristic associated with the set of addressable memory locations.
  - 15. The method of claim 1, further comprising retrieving the at least one of the first characteristic and the second characteristic associated with the set of addressable memory locations before applying the at least one of the first characteristic and the second characteristic.
  - 16. The method of claim 15, wherein the first characteristic and the second characteristic are stored in a logical partition table, wherein the logical partition table comprises a plurality of entries, wherein an entry comprises a logical partition identifier associated with the address range of contiguous addresses, the first characteristic, and the second characteristic.
  - 17. The method of claim 1, wherein the set of addressable memory locations is within an addressable range of a partition table.
  - 18. The method of claim 1, wherein the first characteristic and the second characteristic comprise access characteristics.
  - 19. The method of claim 18, wherein the access characteristic comprises a read access permission associated with a read command.
  - 20. The method of claim 18, wherein the access characteristic comprises a write access permission associated with a write command.
  - 21. The method of claim 18, wherein the access characteristic comprises a read access permission associated with a read command, and a write access permission associated with a write command.
  - 22. The method of claim 1, wherein the first characteristic and the second characteristic comprise protection characteristics.
  - 23. The method of claim 22, wherein the protection characteristic comprises an encryption instruction.
  - 24. The method of claim 1, wherein the first characteristic and the second characteristic comprise performance characteristics.
  - 25. The method of claim 24, wherein the performance characteristic is one of a first performance level and a second performance level.
  - 26. The method of claim 1, wherein the first characteristic and the second characteristic comprise power consumption characteristics.
  - 27. The method of claim 26, wherein the power consumption characteristic is one of a first power consumption level and a second power consumption level.
  - 28. The method of claim 1, wherein the storage device is a non-volatile removable memory card.
  - 29. The method of claim 1, further comprising:
    - receiving a request by an entity to change at least one of the first characteristic and the second characteristic; and
      
      granting the request if the entity is currently authenticated to and authorized to change at least one of the first characteristic and the second characteristic associated with the set of addressable memory locations.
  - 30. The method of claim 29, wherein the request to change at least one of the first characteristic and the second characteristic is a request to delete the first characteristic and the second characteristic, wherein a deleted characteristic is no longer applied.
  - 31. The method of claim 1, wherein the requesting entity'"'"'s identity is either not specified in the request or is specified but is different from an identity of an entity that is authenticated to and authorized to access the set of addressable memory locations.
  - 32. The method of claim 1, wherein the storage device issues a session ID to an entity that authenticates to and is authorized to access the set of addressable memory locations, and wherein if any entity is authenticated to and is authorized to access the set of addressable memory locations, the storage device applies the first characteristic for any requesting entity, irrespective of whether the requesting entity presents the session ID.

33. A storage device, comprising:
- a storage media that has addressable memory locations, a set of one or more of which being identified by an address range of contiguous addresses associated with a first characteristic and a second characteristic; and
  
  a controller operable to;
  
  receive a request from a requesting entity to access an addressable memory location in the storage media;
  
  apply the first characteristic if the addressable memory location is within the set of addressable memory locations and at that time any entity is currently authenticated to and authorized to access the set of addressable memory locations, wherein an entity that is currently authenticated to and authorized to access the set of addressable memory locations has successfully completed an authentication and authorization process and wherein the requesting entity may access the set of addressable memory locations without having to perform an authentication and authorization process; and
  
  apply the second characteristic if the addressable memory location is within the set of addressable memory locations and at that time no entity is authenticated to and authorized to access the set of addressable memory locations.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The storage device of claim 33, wherein the controller is further operable to apply a default characteristic if the addressable memory location is not within the set of addressable memory locations.
  - 35. The storage device of claim 33, wherein an entity is authenticated to the set of addressable memory locations upon the storage device utilizing an access control record from a tree, wherein the tree comprises nodes organized hierarchically therein, each node comprising at least one access control record, wherein the access control record comprises credentials and permissions for authenticating the entity to the set of addressable locations and authorizing access by the entity to data stored in the set of addressable memory locations.
  - 36. The storage device of claim 33, wherein the storage media further comprises a logical partition table, wherein the logical partition table comprises a plurality of entries, wherein an entry comprises a logical partition identifier associated with the address range of contiguous addresses, the first characteristic, and the second characteristic.
  - 37. The storage device of claim 33, wherein the requesting entity'"'"'s identity is either not specified in the request or is specified but is different from an identity of an entity that is authenticated to and authorized to access the set of addressable memory locations.
  - 38. The storage device of claim 33, wherein the storage device issues a session ID to an entity that authenticates to and is authorized to access the set of addressable memory locations, and wherein if any entity is authenticated to and is authorized to access the set of addressable memory locations, the storage device applies the first characteristic for any requesting entity, irrespective of whether the requesting entity presents the session ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Sela, Rotem, Holtzman, Michael, Barzilai, Ron, Bryant-Rich, Donald Ray
Primary Examiner(s)
Li, Aimee
Assistant Examiner(s)
SIMONETTI, NICHOLAS J

Application Number

US12/338,738
Publication Number

US 20100161928A1
Time in Patent Office

2,427 Days
Field of Search

707/694, 707781-788, 707/797, 707/999.09, 711163-164, 711200-210, 711/221
US Class Current

1/1
CPC Class Codes

G06F 12/0246   in block erasable memory, e...

G06F 12/1441   for a range

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 2212/1016   Performance improvement

G06F 2212/2022   Flash memory

G06F 2221/2107   File encryption

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

Managing access to an address range in a storage device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Managing access to an address range in a storage device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links