Method and apparatus for securing data storage while insuring control by logical roles
First Claim
Patent Images
1. A device comprising:
- a host computer system comprisinga host processor;
a data storage device comprising;
a command interface configured to receive commands from the host computer system and a second computer communicatively coupled to the host computer system;
a data storage medium;
a data storage device controller coupled to the command interface and the data storage medium, the data storage device controller adapted to;
create a security partition on the data storage medium when an authorization to create the security partition is received from the second computer along a direct secure connection that bypasses a host operating system while the host processor is executing the host operating system; and
reject a request to create the security partition when the authorization is not received from the second computer.
7 Assignments
0 Petitions
Accused Products
Abstract
A storage device with hardened security features has a storage medium, an interface, and a controller. The interface is adapted to communicatively couple the storage device to a host system. The controller is within the storage device and is adapted to read and to write information to and from the storage medium. The controller is adapted to require a security partition authorization from a manufacturer of the storage device before executing a security partition creation command received over the interface.
47 Citations
16 Claims
-
1. A device comprising:
a host computer system comprising a host processor; a data storage device comprising; a command interface configured to receive commands from the host computer system and a second computer communicatively coupled to the host computer system; a data storage medium; a data storage device controller coupled to the command interface and the data storage medium, the data storage device controller adapted to; create a security partition on the data storage medium when an authorization to create the security partition is received from the second computer along a direct secure connection that bypasses a host operating system while the host processor is executing the host operating system; and reject a request to create the security partition when the authorization is not received from the second computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A device comprising a data storage controller configured to:
-
receive a request to create a security partition on a data storage medium from a client system; instruct the client system to request authorization to create the security partition from a second computer and connect to the second computer through a secure tunnel; create the security partition when an authorization to create the security partition is received from the second computer through the secure tunnel; and reject the request to create the security partition when the authorization is not received from the second computer. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A server comprising:
-
an interface to receive data and commands from a network; a controller coupled to the interface and configured to; receive an authorization request to create a security partition on an external data storage device that is external to the server, the authorization request identifying a specific application requesting creation of the security partition, wherein a security partition comprises an area of a data storage medium of the external data storage device that has a restricted access and is used exclusively by a specific authorized application; determine whether an application requesting the authorization request is trusted; determine whether to issue the authorization based on the comparison; issue the authorization by sending an authorization indicator to the external data storage device when the requesting application is trusted; and reject the authorization by sending a rejection indicator to the external data storage device when the requesting application is not trusted. - View Dependent Claims (14, 15, 16)
-
Specification