Solid-state storage subsystem security solution
First Claim
1. A system for restricting access to data stored in a memory array, the system comprising:
- a storage subsystem comprising a controller and a non-volatile memory, the controller configured to communicate with a host system to verify the identity of the host system based on a unique identifier of the host system, and the non-volatile memory having stored therein;
at least a portion of a software application; and
at least one data string used to identify the storage subsystem, the at least one data string stored within a memory location that is separate from general readable/writeable memory and is not accessible via standard storage access commands; and
executable code adapted to run on the host system and configured to;
provide the unique identifier of the host system to the storage subsystem for verifying the identity of the host system;
access, via advanced technology attachment (ATA) vendor-specific commands, the at least one data string located on the storage subsystem to verify the identity of the storage subsystem; and
cause the host system to execute the portion of the software application located on the storage subsystem after a one-to-one pairing is created between the host system and the storage subsystem, wherein the one-to-one pairing is created after (1) the storage subsystem has verified the identity of the host system based on the unique identifier of the host system and (2) the host system has verified the identity of the storage subsystem based on the at least one data string.
12 Assignments
0 Petitions
Accused Products
Abstract
A solid-state storage subsystem, such as a non-volatile memory card or drive, includes a main memory area that is accessible via standard memory access commands (such as ATA commands), and a restricted memory area that is accessible only via one or more non-standard commands. The restricted memory area stores information used to control access to, and/or use of, information stored in the main memory area. As one example, the restricted area may store one or more identifiers, such as a unique subsystem identifier, needed to decrypt an executable or data file stored in the main memory area. A host software component is configured to retrieve the information from the subsystem'"'"'s restricted memory area, and to use the information to control access to and/or use of the information in the main memory area.
-
Citations
8 Claims
-
1. A system for restricting access to data stored in a memory array, the system comprising:
-
a storage subsystem comprising a controller and a non-volatile memory, the controller configured to communicate with a host system to verify the identity of the host system based on a unique identifier of the host system, and the non-volatile memory having stored therein; at least a portion of a software application; and at least one data string used to identify the storage subsystem, the at least one data string stored within a memory location that is separate from general readable/writeable memory and is not accessible via standard storage access commands; and executable code adapted to run on the host system and configured to; provide the unique identifier of the host system to the storage subsystem for verifying the identity of the host system; access, via advanced technology attachment (ATA) vendor-specific commands, the at least one data string located on the storage subsystem to verify the identity of the storage subsystem; and cause the host system to execute the portion of the software application located on the storage subsystem after a one-to-one pairing is created between the host system and the storage subsystem, wherein the one-to-one pairing is created after (1) the storage subsystem has verified the identity of the host system based on the unique identifier of the host system and (2) the host system has verified the identity of the storage subsystem based on the at least one data string. - View Dependent Claims (2, 3, 4, 6, 7, 8)
-
-
5. A system for restricting access to data stored in a memory array, the system comprising:
-
a processor; and a memory configured to store executable code that, when executed, causes the processor to; provide a unique identifier of the system to a storage subsystem for verifying the identity of the system; access, via advanced technology attachment (ATA) vendor-specific commands, at least one data string located on the storage subsystem to verify the identity of the storage subsystem, wherein the at least one data string is stored in a memory location that is separate from general readable/writeable memory and not accessible via standard storage access commands; and initiate execution of at least a portion of a software application located on the storage subsystem after a one-to-one pairing is created between the system and the storage subsystem, wherein the one-to-one pairing is created after (1) the storage subsystem has verified the identity of the system based on the unique identifier of the system and (2) the system has verified the identity of the storage subsystem based on the at least one data string.
-
Specification