Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
2001-01-19
2003-08-12
Yoo, Do Hyun (Department: 2187)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
C711S164000, C713S152000, C713S152000, C713S152000, C709S217000, C709S219000, C709S224000, C709S225000
Reexamination Certificate
active
06606695
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention generally relates to security setting for prevention of illegal access between information processors. Particularly, the invention relates to a storage system for prevention of illegal access when a request occurs to access to a storage region under command of a storage controller in a computer system having a network provided between a high-rank unit (host computer) and the storage controller (storage system), and relates to the computer system including this storage system.
In the fiber channel protocol standardized by ANSI, X3T11, a great number of apparatus can be connected, and a large variety of protocols such as SCSI, ESCON and TCP/IP can be simultaneously operated. However, when it is feared that data in storage devices is destroyed by an access which a different file system makes due to a different kind of protocol, it is necessary to take a security measure against that.
To assure this security, as described in JP-A-10-333839, a table showing information for uniquely identifying host computers and to either permit or reject access to storage regions under command of a storage controller is provided within the storage controller. At the time of access, by referring to this table, it is possible to reject the access from the other apparatus than the host computers that are permitted to access, and hence prevent illegal access.
This identifycation information is an array of 48-bit digits called N_Port_Name, unique to each host bus adapter. Under the condition that the identification information for host computers are previously registered within the storage controller, the host computers can make access to storage regions within a storage device under command of the storage controller.
In order to previously register the host computer identifying information within the storage controller, the user or supervisor is first required to examine the N_Port_Name expressed by 48-bit digits that has an eight-byte region peculiar to a host computer by use of a manager connected to host computers through LAN. Then, it is necessary that this number be noted and registered in the storage controller by his own hand. Therefore, it is feared that if a wrong N_Port_Name is registered by mistake as the correct one of a host computer, this host computer cannot access to a storage region or an undesired host computer might make access to a storage region and destroy data.
Moreover, when information of either permitting or rejecting access to a large number of host computers is registered, it takes much time. Therefore, it is desired that this identification information be simply acquired and set.
SUMMARY OF THE INVENTION
Accordingly, it is an object of the invention to provide a system capable of acquiring information that uniquely identifies the connected host computers and automatically registering it within a storage controller, thereby making it possible simply to either permit or reject access to storage regions under command of the storage controller.
To achieve the above object, according to the invention, the host-identifying information is first acquired from a frame transmitted from the corresponding host computer, and registered in the storage controller, and then flag information is set to change for permitting that host computer to access by the supervisor's operation.
REFERENCES:
patent: 6061753 (2000-05-01), Ericson
patent: 6119121 (2000-09-01), Zhu
patent: 6209023 (2001-03-01), Dimitroff et al.
patent: 6295575 (2001-09-01), Blumenau et al.
patent: A-5-128030 (1993-05-01), None
patent: A-10-333839 (1998-12-01), None
Kamano Toshimitsu
Takamoto Ken-ichi
Antonelli Terry Stout & Kraus LLP
Dinh Ngoc V
Yoo Do Hyun
LandOfFree
Method and apparatus for controlling access to storage device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for controlling access to storage device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for controlling access to storage device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3074084