Customizable storage controller with integrated F+ storage firewall protection

US 9,455,955 B2
Filed: 06/24/2013
Issued: 09/27/2016
Est. Priority Date: 05/17/2006
Status: Active Grant

First Claim

Patent Images

1. A data storage apparatus, comprising:

a host interface for coupling said storage apparatus to a host computer and/or other digital system;

a protected storage component;

a customizable storage controller operatively associated with said protected storage component;

a storage controller program store; and

a storage firewall adapted to communicatively couple said protected storage component and customizable storage controller with said host interface, said storage firewall being integrated with said customizable storage controller such that the combination thereof is operative to providesoftware authentication including application registration,runtime authentication of software identity and permission to execute,authentication &

authorization in the execution of executable software, andexamination, verification, and authentication of all storage access requests;

a security coprocessor operatively coupled to said storage controller program store, and coupling said storage controller processor to the host computer or other digital system via the storage firewall and host interface; and

locked firmware connected to said storage controller processor and said coprocessor, and operative to contain trusted source storage controller executable software for enabling controller recovery in the event of a problem and/or providing an addition level of protection against unauthorized change of the firmware.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Customizable Storage Controller (CSC) is a software defined storage device controller, a replacement for the ASIC storage controller approach that has been used up to now. The differences from the current storage controllers are that the CSC software will need to be protected from unauthorized modification and provides an excellent place to add additional storage management functionality. The CSC type of storage controller is a good place to integrate the F+ Storage Firewall storage protection technology, fitting the needs of the CSC as well as protecting stored data from unauthorized access. This portion of the larger patent disclosure provides the design of a CSC both with a software version of a F+ Storage Firewall, as well as an improved (more secure) CSC designed with a security co-processor and locked firmware. These designs can be implemented with standard parts such as microprocessors and/or FPGAs (Field Programmable Gate Arrays), RAM (Random Access Memory), and some version of nonvolatile memory as a program store.

13 Citations

View as Search Results

10 Claims

1. A data storage apparatus, comprising:
- a host interface for coupling said storage apparatus to a host computer and/or other digital system;
  
  a protected storage component;
  
  a customizable storage controller operatively associated with said protected storage component;
  
  a storage controller program store; and
  
  a storage firewall adapted to communicatively couple said protected storage component and customizable storage controller with said host interface, said storage firewall being integrated with said customizable storage controller such that the combination thereof is operative to providesoftware authentication including application registration,runtime authentication of software identity and permission to execute,authentication &
  
  authorization in the execution of executable software, andexamination, verification, and authentication of all storage access requests;
  
  a security coprocessor operatively coupled to said storage controller program store, and coupling said storage controller processor to the host computer or other digital system via the storage firewall and host interface; and
  
  locked firmware connected to said storage controller processor and said coprocessor, and operative to contain trusted source storage controller executable software for enabling controller recovery in the event of a problem and/or providing an addition level of protection against unauthorized change of the firmware.
- View Dependent Claims (3)
- - 3. A data storage apparatus as recited in claim 1 wherein said customizable storage controller includesa storage controller module havinga storage controller processor;

2. A data storage system comprising:
- data storage apparatus;
  
  an integrated customizable storage controller processor;
  
  a storage controller program store;
  
  a host interface for coupling said storage apparatus to a host computer;
  
  protected storage media;
  
  a security coprocessor operatively coupled to said storage controller program store, and coupling said storage controller processor to the host computer or other digital system via a storage firewall and the host interface; and
  
  locked firmware connected to said storage controller processor and said coprocessor, and operative to contain trusted source storage controller executable software for enabling controller recovery in the event of a problem and/or providing an addition level of protection against unauthorized change of the firmware;
  
  wherein the customizable storage controller processor and storage firewall are adapted to communicatively couple said protected storage media and said host interface, said integrated customizable storage controller processor and storage firewall being operative to provide storage controller functionality includingprotected storage media access operations including read and write operations, and/orupdates, upgrades, and reconfiguration of storage apparatus while in operation in parallel with the storage media access operations, and/orprotected storage device management, and/orstorage media management, and/orstorage device monitoring, and/orupdates, upgrades, and reconfiguration of said host interface, and/ordata encryption/decryption, and/orauthentication of updates, upgrades, and reconfiguration data, and/orauthentication and registration of software, and/orruntime software authentication and/or authorization and/or permission to execute in the execution of software, andexamination, verification, and authentication of all storage access requests.

4. A customizable storage controller for use in a data storage apparatus including a protected storage component, a host interface for coupling the data storage apparatus to a host computer and/or other digital system, and a storage firewall adapted to communicatively couple the protected storage component and said host interface, said customizable storage controller comprising:
- a storage controller processor coupled to the host computer and/or other digital system via the storage firewall and host interface, said storage controller being adapted to process storage access requests, storage device management requests, and other storage management functionalities;
  
  a storage controller program store communicatively connected to said storage controller processor via an internal bus;
  
  storage controller RAM operatively connected between said storage controller processor and said program store, said RAM being operative to fetch executable software from said program store and hold it for execution by said storage controller processor;
  
  a security coprocessor operatively coupled to said storage controller program store, and coupling said storage controller processor to the host computer or other digital system via the storage firewall and host interface; and
  
  locked firmware connected to said storage controller processor and said coprocessor, and operative to contain trusted source storage controller executable software for enabling controller recovery in the event of a problem and/or providing an addition level of protection against unauthorized change of the firmware.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. A customizable storage controller as recited in claim 4 wherein a principal function of said security coprocessor is to protect the customizable controller'"'"'s operations, and the principal function of the storage controller processor is to enable and support the flexibility and extensibility of the customizable storage controller.
  - 6. A customizable storage controller as recited in claim 4 wherein said security coprocessor is implemented with an FPGA for enabling fast processing of storage access requests as well as other security functions as called by the storage controller software executing on the storage controller processor.
  - 7. A customizable storage controller as recited in claim 4 wherein said security coprocessor can load software from the locked firmware over an internal bus, but cannot write directly to the locked firmware.
  - 8. A customizable storage controller as recited in claim 4 wherein any needed executable and authenticatable software can be enabled and input from a trusted external digital system into the storage processor program store, protected storage component and/or locked firmware.
  - 9. A customizable storage controller as recited in claim 4 wherein controller software on any storage device can be customized on an as-needed basis to enhance its intelligence capability, to enable larger sets of storage devices to be clustered with reduced runtime burden on the storage appliance layer, and to enable ad-hoc sets of storage devices supporting the flexibility goals of infrastructure-as-a-service storage architectures with greater security.
  - 10. A customizable storage controller as recited in claim 4 wherein the storage firewall of the data storage apparatus is an F+Storage Firewall integrated with said customizable storage controller to support SDS/Infrastructure-as-a-Service goals by enabling flexibility in storage architecture and driving cloud virtualization into the storage device, and securing each associated storage device to provide assurance of data integrity as well as system integrity, data confidentiality, and reduced downtime through protection of storage device availability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Richard Fetik
Original Assignee
Richard Fetik
Inventors
Fetik, Richard
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US13/925,822
Publication Number

US 20140020083A1
Time in Patent Office

1,191 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/552   involving long-term monitor...

G06F 21/6209   to a single file or object,...

G06F 21/78   to assure secure storage of...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

H04L 63/101   Access control lists [ACL]

Customizable storage controller with integrated F+ storage firewall protection

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Customizable storage controller with integrated F+ storage firewall protection

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links