Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-06-30
2001-07-17
Iqbal, Nadeem (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C380S001000
Reexamination Certificate
active
06263445
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to the field of information storage devices and more particularly to a method and apparatus for managing access to data in a storage device.
DESCRIPTION OF THE RELATED ART
Computer systems generally include one or more host processors and a storage system for storing data accessed by the host processor. The storage system may include one or more storage devices (e.g., disk drives) to service the storage needs of the host processor. Disk drives may include one or more disks of a recording media, such as a magnetic recording medium or an optical recording medium.
In a typical computer system configuration, a bus provides an interconnect between the host processor and the storage system. The bus operates according to a protocol, such as the Small Component System Interconnect (SCSI) protocol, which dictates a format of packets transferred between the host processor and the storage system. As data is needed by the host processor, requests and responses are forwarded to and from the storage system over the bus.
With the growth of networked computer systems, multiple hosts have been coupled over a network to a shared data storage system. Fibre Channel is an example of a network that can be used to form such a configuration. Fibre Channel is a network standard that allows multiple initiators to communicate with multiple targets over the network, where the initiator and target may be any device coupled to the network. Using a network, multiple hosts are able to share access to a single storage system. One problem with coupling multiple hosts to a shared storage system is the management of data access at the storage system. Because multiple hosts have access to a common storage system, each host may physically be able to access information that may be proprietary to the other host processors.
Various techniques have been implemented to manage access to data at the storage system. For example, certain portions or zones of memory at the storage system may be dedicated to one or more of the hosts. Each host is ‘trusted’ to access only those portions of memory for which it has privileges. However, such an approach is vulnerable to the individual actions of each of the hosts. As a result, such a data management method may not be sufficient to protect data from unprivileged accesses.
SUMMARY OF THE INVENTION
According to one aspect of the invention, a data management method for managing access to a storage system by a device includes steps of authenticating, at the storage system, that each request in a series of requests for access to the storage system indicated as having been issued by the device was actually issued by the device and responsive to the step of authenticating, selectively servicing each request that is authenticated.
According to another aspect of the invention, a method for managing access by a device to a storage system, includes the steps of receiving, at the device, at least one expected identifier to be included in at least one subsequent request issued by the device to the storage system and issuing, from the device, at least one request to the storage system, the at least one request including the at least one expected identifier.
According to another aspect of the invention, a host computer for use in a system including a storage device includes a port to receive at least one expected identifier to be included in at least one subsequent request for access to the storage system and a controller to issue at least one request to the storage system, the at least one request including the at least one expected identifier.
According to another aspect of the invention, a storage system includes at least one storage device apportioned into a plurality of volumes and an adapter to interface the storage system to a plurality of devices, the adapter to authenticate at least one request from at least one of devices of the plurality of devices to verify that the at least one request was issued from the at least one of the devices, the adapter to selectively forward the at least one request to the at least one storage device for servicing responsive to authentication of the at least one request.
According to another aspect of the invention, an adapter is provided for use in a device to authenticate a connection between the device and a storage system. The adapter includes a data structure comprising at least one entry to store at least one unique identifier provided by the storage system and a controller to issue at least one request to the storage system that includes the at least one unique identifier so that the storage system can use the at least one unique identifier to authenticate the connection between the device and the storage system.
REFERENCES:
patent: 4652990 (1987-03-01), Pailen et al.
patent: 5235642 (1993-08-01), Wobber et al.
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5771291 (1998-06-01), Newton et al.
patent: 5784464 (1998-07-01), Akiyama et al.
patent: 5864843 (1999-01-01), Carino et al.
patent: 5930786 (1999-07-01), Carino et al.
patent: 5941947 (1999-08-01), Brown et al.
patent: 5991876 (1999-11-01), Johnson et al.
patent: 6026293 (2000-02-01), Osborn
patent: 6044155 (2000-03-01), Thomlinson et al.
patent: 6061794 (2000-05-01), Angelo et al.
patent: 6075860 (2000-06-01), Ketcham
patent: 0 580 350 A1 (1994-01-01), None
patent: WO 95/13583 (1995-05-01), None
PCT International Search Report, dated Oct. 28, 1999.
EMC Corporation
Iqbal Nadeem
Wolf Greenfield & Sacks P.C.
LandOfFree
Method and apparatus for authenticating connections to a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for authenticating connections to a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for authenticating connections to a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2458204