US20180373449A1 - Device Controller and Method of Enforcing Time Based High Level Data Characteristics - Google Patents

Device Controller and Method of Enforcing Time Based High Level Data Characteristics Download PDF

Info

Publication number
US20180373449A1
US20180373449A1 US16/118,695 US201816118695A US2018373449A1 US 20180373449 A1 US20180373449 A1 US 20180373449A1 US 201816118695 A US201816118695 A US 201816118695A US 2018373449 A1 US2018373449 A1 US 2018373449A1
Authority
US
United States
Prior art keywords
time
high level
clock
data
level data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/118,695
Inventor
John Edward Benkert
Tony Edward Fessel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US16/118,695 priority Critical patent/US20180373449A1/en
Publication of US20180373449A1 publication Critical patent/US20180373449A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • G06F21/725Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits operating on a secure reference time value
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0653Monitoring storage devices or systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0659Command handling arrangements, e.g. command buffers, queues, command scheduling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device

Definitions

  • the present invention relates to device controllers, and more specifically, to data security and coherency.
  • a device controller can interface between a computer processing device and one or more memory devices.
  • a computer processing device such as a computer, can issue memory read and write requests to such a device controller, which can effectuate the requests by facilitating the reading from and writing to the one or more memory devices.
  • the present invention can include a device controller interfaced between an electronic processing device and a sector based data storage device, with the device controller including at least one processor communicatively connected to a clock and to at least one computer memory having a control list stored therein.
  • a control list can include one or more security feature entries, with each security feature entry respectively including a high level data characteristic, time data associated with the characteristic, and at least one security response associated with the characteristic.
  • the at least one processor can determine, based at least in part on interrogation of the control list and a clock time generated by the clock, the time data of the particular entry conflicts with the clock time, and in response to such determination, can thereafter execute the at least one security response of the particular entry on one or more target sector ranges determined based, at least in part, on the respective high level data characteristic.
  • time data can represent an expiration date and the at least one processor can determine the time data conflicts with the clock time if the clock time is beyond the expiration date.
  • the at least one processor can render a time conflict determination in response to a processing request received from an electronic processing device, in response to an alarm interrupt received from an optional event monitoring system communicatively connected to the at least one processor, or in response to any desired logical condition or state, including but not limited to the former two cases.
  • the time data can represent a time window
  • the at least one processor can determine the time data conflicts with the clock time when the time data is within the time window.
  • a time data conflict determination can be further conditioned on a data keep alive flag being false.
  • a high level data characteristic can include at least a portion of a file name, a time factor, a location factor, file content, or a file size, for example and not in limitation.
  • the present invention includes corresponding methods of enforcing time-based sector level security.
  • FIG. 1 illustrates an exemplary embodiment of the present invention, in which a device controller interfaced between an electronic processing device and a sector based storage device can include a processor and a computer memory, and can be communicatively connected to a clock.
  • FIG. 2 a illustrates an exemplary computer memory having stored therein an optional DKA check flag and an exemplary control list containing at least one security feature entry, with each entry having a target sector range, time data, and at least one security response.
  • FIG. 2 b illustrates exemplary security responses.
  • FIG. 3 illustrates another exemplary embodiment of the invention, in which a device controller interfaced between an electronic processing device and a sector based storage device can include a processor and a computer memory, and can be communicatively connected to an event monitoring system.
  • FIG. 4 illustrates an exemplary method according to the present invention, with such a method including steps of receiving, by the at least one processor, a clock time from a clock; determining, by the at least one processor, based at least in part on interrogation of a control list and a clock time, time data associated with a security feature entry conflicts with the clock time; and executing at least one security response associated with the particular entry.
  • FIG. 5 illustrates an exemplary aspect of such a method, with the time data representing an expiration date, and the step of determining includes determining the time data conflicts with the clock time if the clock time is beyond the expiration date.
  • FIG. 6 illustrates another exemplary aspect of such a method, where the step of determining occurs in response to an alarm interrupt received from an event monitoring system.
  • FIG. 7 illustrates an additional exemplary aspect of the invention, in which a method can further include a step of requesting, before the step of determining, by a processor the clock time from a clock in response to receipt, from an electronic processing device, of a processing request involving the storage device.
  • FIG. 8 illustrates still another exemplary aspect of the invention, in which time data can represent a time window, and the step of determining can include determining the time data conflicts with the clock time if the clock time is within the time window.
  • FIG. 9 illustrates a further exemplary aspect of the invention, in which a step of determining can include confirming a Data Keep Alive (“DKA”) check flag is true.
  • DKA Data Keep Alive
  • FIG. 10 illustrates still a further exemplary aspect of the invention, in which a method can further include a step of waiting, before a step of determining, by the at least one processor for expiration of a wait state.
  • this disclosure includes a plurality of embodiments, each having a plurality of elements, steps, and/or aspects, and such elements, steps, and/or aspects need not necessarily be interpreted as being conjunctively required by one or more embodiments of the present invention. Rather, all combinations of all elements, steps, and/or aspects described herein can enable a separate embodiment of the present invention, which may be claimed with particularity in the present or one or more future filed Non-Provisional Patent Applications. Moreover, any particular structure, arrangement, step, and/or functional logic disclosed herein, whether expressly or implicitly, are to be construed strictly as illustrative and enabling, and not necessarily limiting.
  • required hardware elements for each embodiment described herein are to be perceived in a minimalistic manner. Accordingly, one of ordinary skill in the art is directed to interpret the required hardware for each embodiment as the minimum hardware elements required to effectuate each respective security feature, with any additional hardware illustratively shown and/or described conjunctively herein as being strictly optional for that respective embodiment.
  • perceived benefits of the present invention can include functional utility, whether expressly or implicitly stated herein, or apparent herefrom. However, it is expressly set forth that these benefits are not intended as exclusive. Therefore, any explicit, implicit, or apparent benefit from the disclosure herein is expressly deemed as applicable to the present invention.
  • Exemplary functional utility provided by a device controller disclosed herein includes enforcement of at least one feature of the security feature set described herein, and can include any additional or alternative utility apparent herefrom.
  • the present invention can be embodied in a device controller and a method that enforce sector level security between an electronic processing device (such as a computer or other functionally compatible device, for example and not in limitation) and a sector based storage device (such as a disk drive, a solid state drive, or any other type of sector based storage structure, for example and not in limitation).
  • an electronic processing device such as a computer or other functionally compatible device, for example and not in limitation
  • a sector based storage device such as a disk drive, a solid state drive, or any other type of sector based storage structure, for example and not in limitation.
  • the present invention allows user, factory, and/or default configurations to define and apply particular security features to particular sector ranges within a sector based storage device.
  • an exemplary device controller 100 can be interfaced between an electronic processing device 10 and a sector based storage device 20 , can include at least one processor 110 (sometimes, “processor”) and at least one computer memory 120 (sometimes, “computer memory”), and further, can be communicatively connected to a clock 130 .
  • processor 110 sometimes, “processor”
  • computer memory 120 sometimes, “computer memory”
  • the present invention contemplates utilization of any type and number of processors 110 desired, insofar as functionally compatible with the present invention, including but not limited to, an Application-Specific Integrated Circuit (“ASIC”), a Field-Programmable Gate Array (“FPGA”), a general processor, etc., for example and not in limitation. Further, processing duties can be shared across multiple devices to the extent desired.
  • ASIC Application-Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • processing duties can be shared across multiple devices to the extent desired.
  • the present invention contemplates utilization of any type and number of computer memories 120 desired, insofar as functionally compatible, including but not limited to, a random access memory, a read-only memory, a latch, a register, sequential access memory, etc., insofar as the resulting one or more computer memories are functionally compatible with the present invention as claimed. Further, memory duties can be shared across multiple devices to the extent desired.
  • device controller 100 can be provided as any direct or indirect interfacing device between electronic processing device 10 and storage device 20 desired, such as a host controller, a memory controller, or any other known or apparent implementation of a device controller functionally compatible herewith.
  • device controller 100 can be implemented with one or more of a proprietary data interface and a “standardized” data interface, such as a Serial Advanced Technology Attachment (“SATA”), Serial Attached Small Computer System Interface (“SAS”), Small Computer System Interface (“SCSI”), Peripheral Component Interconnect Express (“PCI Express”), or Universal Serial Bus (“USB”) interface, for example and not in limitation, insofar as functionally compatible.
  • SATA Serial Advanced Technology Attachment
  • SAS Serial Attached Small Computer System Interface
  • SCSI Small Computer System Interface
  • PCI Express Peripheral Component Interconnect Express
  • USB Universal Serial Bus
  • electronic processing device 10 can include a computer or any other functionally compatible device that can send data (such as a request or signal, for example and not in limitation) to device controller 100 .
  • sector based storage device 20 can be provided as any type of desired data storage device that can organize stored data in a sector-based manner, such as a solid state drive, a hard drive, an optical drive, etc., for example and not in limitation.
  • clock 130 can provide a clock time 131 to processor 110 .
  • clock time 131 can correspond to a current real or virtual time and/or date that represent the present real or virtual time and/or date.
  • clock 130 can be integrated with either to the extent desired.
  • clock 130 can provide clock time 131 to device controller 100 according to any desired logical condition, such as, for example and not in limitation, according to a predetermined schedule (e.g., every n seconds or clock cycles, upon a scheduled event, etc.), continuously, sua sponte, or in response a logical state (e.g., in response to a time request, upon a power-up state, upon an initialization state, in conjunction with an alarm interrupt, etc.).
  • clock 130 can provide clock time 131 in response to an optional time request 132 received from device controller 100 .
  • computer memory 120 can have stored therein an exemplary optional Data Keep Alive (“DKA”) check flag 121 (further discussed infra) and an exemplary control list 122 containing at least one security feature entry 123 having a target sector range 123 . 1 (which can be actual or determinable), time data 123 . 2 associated with the target sector range, and at least one security response 123 . 3 associated with the target sector range.
  • DKA Data Keep Alive
  • a security feature entry 123 in whole or in part, can be user, default, and/or factory defined as desired.
  • target sector range 123 . 1 represents a range of sectors of storage device 20 that are to be acted upon if a time conflict is determined by processor 110 .
  • Such a range 123 . 1 can be user, default, or factory defined, and can be an actual or determinable sector range, which can be stored for subsequent use or determined dynamically, periodically, randomly, chaotically, or in response to any desired logical state or condition.
  • such a range 123 . 1 can be a portion or all of available sectors ranges of a storage device 20 .
  • a determinable sector range can be based upon one or more high level data characteristics, one or more of which can be used to encapsulate and define one or more sector ranges.
  • a high level data characteristic can be converted into one or more sector ranges at any logical state prior to use, such as during an initial configuration process, upon a conflict determination, etc.
  • the physical sector range or ranges for that file can be determined and used and/or stored as the range or ranges to be acted upon.
  • an instance of time data 123 . 2 can represent an expiration date (i.e., a particular time and/or date) or a time window (i.e., a period of time), either of which can be an actual or virtual time and/or date.
  • an expiration date i.e., a particular time and/or date
  • a time window i.e., a period of time
  • a security response 123 . 3 can include at least one of a write access denial (i.e., processor 110 denies write requests involving data stored within a target sector range 123 . 1 ), a read access denial (i.e., the processor denies read requests involving data stored within the target sector range), a data encryption (i.e., the processor fetches, encrypts, and overwrites the data within the target sector range with the encrypted version), an existing data deletion (i.e., the processor deletes [e.g., marks as deleted or actually deletes] data stored within the target sector range), an existing data wipe (i.e., the processor securely overwrites the data within the target sector range), an existing data relocation (i.e., the processor fetches, then stores, the data within the target sector range elsewhere, and either deletes or wipes the original data within the target sector range), and a log event generation (i.e., The processor generates and stores a write access denial (i.e., processor 110 denies write
  • processing load on computer processor 110 can be reduced, as illustrated in FIG. 3 , via optional inclusion of an event monitoring system (“event monitor” or “EMS”) 140 , which can include a processing device 141 (i.e., at least one computer processor) communicatively connected to clock 130 and a data storage 142 . Accordingly, a portion of enforcement duties can be carried out by EMS 140 , which can increase the availability of processor 110 to execute other duties.
  • event monitor or “event monitor” or “EMS”
  • processing device 141 i.e., at least one computer processor
  • EMS 140 can include a microcontroller (such as, an MSP430, for example and not in limitation), which too can be provided as any type of functionally compatible processor or processors, and can optionally include one or more of built-in Clock-Calendar capabilities, internal non-volatile storage, a rechargeable battery system, and desired sensor interfaces.
  • a microcontroller such as, an MSP430, for example and not in limitation
  • Clock-Calendar functionality can be external from the microcontroller as could the non-volatile storage and the battery system, to the extent desired.
  • Clock/Calendar capabilities can also be used to generate a timestamp when a sensor event occurs and/or to provide a timestamp to the device controller 100 upon request.
  • the microcontroller can also have alarm capabilities that can be defined to generate and issue an interrupt to device controller 100 when a programmed alarm time or event is reached or occurs, respectively.
  • the non-volatile storage can be used to store configuration options (such as, alarm times, sensor thresholds, etc., for example and not in limitation) and/or events (such as log sensor, alarm events, etc., for example and not in limitation) as they occur or in due course.
  • log entries can be time stamped to the extent desired.
  • various environmental sensors can be connected to the microcontroller, which can respond to interrupts generated by the sensors, or it may poll the sensors to obtain environmental measurements, such as temperatures, etc., for example and not in limitation.
  • a rechargeable battery system can be configured to manually or automatically recharge when the device is connected to a powered host.
  • the microcontroller and optional sensor(s) can be powered by the battery when the host system is offline, which can allow the device to log and/or respond to an event(s) even if they occur when the device is not powered, such as by a powered host, for example and not in limitation.
  • data storage 142 can be provided as any one or more types of computer memory, as defined supra, and can store one or more alarm events respectively representing target sector range 123 . 1 and/or time data 123 . 2 of at least one security feature entry 123 stored in computer memory 120 .
  • processing device 141 can determine based on calendar logic or otherwise interrogate data storage 142 against clock time 131 to assess whether an alarm event has arisen, or will arise, which can equate to a time conflict as further described herein. Accordingly, where such an alarm event arises, or will arise, EMS 140 can notify device controller 100 by sending an alarm interrupt 133 thereto.
  • processor 110 can determine a time conflict exists based on the values of clock time 131 and time data 123 . 2 .
  • time data 123 . 2 can represent an expiration date (i.e., a time and/or date) or a time window (i.e., times and/or dates).
  • processor 110 can determine a time conflict exists if clock time 131 is within the time window represented by the time data, and where the time data represents a time window, processor 110 can determine a time conflict exists if the clock time is within or during the time windows represented by the time data.
  • an exemplary method of enforcing sector level security can include the following: a step of receiving 200 , by processor 110 , a clock time 131 from clock 130 ; a step of determining 300 , by the processor, based at least in part on interrogation of control list 122 and the clock time, the time data of a particular security feature entry 123 conflicts with the clock time; and a step of executing at least one security response 123 . 3 of the particular entry.
  • the step of determining 300 can include determining the time data conflicts with clock time 131 , if the clock time is beyond the expiration date.
  • the present invention can optionally include an EMS 140 , in which case, as illustrated in FIG. 6 , in conjunction with the optional EMS, processor 110 can execute the step of determining 300 in response to receipt by the processor of an alarm interrupt 133 from the EMS.
  • a method of enforcing sector level security can apply when device controller 100 receives a processing request (e.g., read request, write request, or any other request that involves storage device 20 ) from electronic processing device 10 .
  • a method of enforcing sector-based security can optionally include the following additional step: before a step of determining 300 , requesting 400 , by processor 110 , the clock time 131 from clock 130 in response to receipt of a processing request 11 from electronic processing device 10 involving storage device 20 .
  • the step of determining 300 can include determining the time data conflicts with clock time 131 , if the clock time is within the time window represented by the time data.
  • an optional DKA check flag in conjunction with time data 123 . 2 representing a time window, can be set as TRUE or FALSE, with either value being set and/or toggled by default and/or via a DKA Command, which can add a control layer to sector level security enforcement.
  • a step of determining 300 in conjunction with time data 123 . 2 representing a time window, as illustrated in FIG. 9 , can include confirming that a DKA flag is true as a condition for processor 110 to determine the existence of a time conflict.
  • a method of enforcing sector based security can additionally include a step of waiting 500 by processor 110 for the expiration of a wait state, which can be defined as a determinable amount of time, whether predefined or defined by the occurrence of any desired logical state or event (such as a user or system component based response or acknowledgement, for example and not in limitation) before a step of determining 300 .
  • a step of waiting 500 can provide time for receiving a DKA command, which could toggle optional DKA check flag between true and false.

Abstract

A device controller interfaced between an electronic processing device and a sector-based data storage device, includes a processor connected to a clock, and a computer memory having a control list stored therein. A control list includes a security feature entry having a high level data characteristic, time data associated with the characteristic, and at least one security response associated with the characteristic. The processor determines, based at least in part on interrogation of the control list and a clock time, the time data of the entry conflicts with the clock time, and executes the at least one security response.

Description

    RELATED DOCUMENTS
  • This document is related to, claims the priority benefit of, and incorporates by reference in their entireties, the following co-pending United States Patent Applications: Ser. No. ______, entitled “Device Controller and Method of Enforcing Time Based Sector Level Security,” and filed on Aug. 31, 2018 by John Edward Benkert and Tony Edward Fessel; and Ser. No. 15/150,860, entitled “Device Controller and Method of Enforcing Time-Based Sector Level Security,” and filed on May 10, 2016 by John Edward Benkert and Tony Edward Fessel, which in turn claims the priority benefit of, and incorporates in its entirety Provisional Patent Application Ser. No. 62/181,591, entitled “Device Controller and System with Sector Level Security,” and filed on Jun. 18, 2015 by John Edward Benkert and Tony Edward Fessel.
    • FIELD OF THE INVENTION
  • The present invention relates to device controllers, and more specifically, to data security and coherency.
    • BACKGROUND OF THE INVENTION
  • A device controller can interface between a computer processing device and one or more memory devices. A computer processing device, such as a computer, can issue memory read and write requests to such a device controller, which can effectuate the requests by facilitating the reading from and writing to the one or more memory devices.
    • SUMMARY OF THE INVENTION
  • It is an object of the present invention to provide a device controller to enforce time-based sector level security.
  • It is another object of the present invention to provide corresponding methods of enforcing time-based sector level security.
  • In an exemplary embodiment, the present invention can include a device controller interfaced between an electronic processing device and a sector based data storage device, with the device controller including at least one processor communicatively connected to a clock and to at least one computer memory having a control list stored therein.
  • In an exemplary aspect, a control list can include one or more security feature entries, with each security feature entry respectively including a high level data characteristic, time data associated with the characteristic, and at least one security response associated with the characteristic.
  • In another exemplary aspect, for a particular one of the one or more security feature entries, the at least one processor can determine, based at least in part on interrogation of the control list and a clock time generated by the clock, the time data of the particular entry conflicts with the clock time, and in response to such determination, can thereafter execute the at least one security response of the particular entry on one or more target sector ranges determined based, at least in part, on the respective high level data characteristic.
  • According to an exemplary embodiment of the invention, time data can represent an expiration date and the at least one processor can determine the time data conflicts with the clock time if the clock time is beyond the expiration date.
  • In an exemplary aspect of any embodiment of the present invention, the at least one processor can render a time conflict determination in response to a processing request received from an electronic processing device, in response to an alarm interrupt received from an optional event monitoring system communicatively connected to the at least one processor, or in response to any desired logical condition or state, including but not limited to the former two cases.
  • In another exemplary aspect of the present invention, the time data can represent a time window, and the at least one processor can determine the time data conflicts with the clock time when the time data is within the time window. Optionally, such a time data conflict determination can be further conditioned on a data keep alive flag being false.
  • In still another exemplary aspect of the present invention, a high level data characteristic can include at least a portion of a file name, a time factor, a location factor, file content, or a file size, for example and not in limitation.
  • In additional exemplary embodiments, the present invention includes corresponding methods of enforcing time-based sector level security.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates an exemplary embodiment of the present invention, in which a device controller interfaced between an electronic processing device and a sector based storage device can include a processor and a computer memory, and can be communicatively connected to a clock.
  • FIG. 2a illustrates an exemplary computer memory having stored therein an optional DKA check flag and an exemplary control list containing at least one security feature entry, with each entry having a target sector range, time data, and at least one security response.
  • FIG. 2b illustrates exemplary security responses.
  • FIG. 3 illustrates another exemplary embodiment of the invention, in which a device controller interfaced between an electronic processing device and a sector based storage device can include a processor and a computer memory, and can be communicatively connected to an event monitoring system.
  • FIG. 4 illustrates an exemplary method according to the present invention, with such a method including steps of receiving, by the at least one processor, a clock time from a clock; determining, by the at least one processor, based at least in part on interrogation of a control list and a clock time, time data associated with a security feature entry conflicts with the clock time; and executing at least one security response associated with the particular entry.
  • FIG. 5 illustrates an exemplary aspect of such a method, with the time data representing an expiration date, and the step of determining includes determining the time data conflicts with the clock time if the clock time is beyond the expiration date.
  • FIG. 6 illustrates another exemplary aspect of such a method, where the step of determining occurs in response to an alarm interrupt received from an event monitoring system.
  • FIG. 7 illustrates an additional exemplary aspect of the invention, in which a method can further include a step of requesting, before the step of determining, by a processor the clock time from a clock in response to receipt, from an electronic processing device, of a processing request involving the storage device.
  • FIG. 8 illustrates still another exemplary aspect of the invention, in which time data can represent a time window, and the step of determining can include determining the time data conflicts with the clock time if the clock time is within the time window.
  • FIG. 9 illustrates a further exemplary aspect of the invention, in which a step of determining can include confirming a Data Keep Alive (“DKA”) check flag is true.
  • FIG. 10 illustrates still a further exemplary aspect of the invention, in which a method can further include a step of waiting, before a step of determining, by the at least one processor for expiration of a wait state.
    •  DETAILED DESCRIPTION
  • It should be noted that this disclosure includes a plurality of embodiments, each having a plurality of elements, steps, and/or aspects, and such elements, steps, and/or aspects need not necessarily be interpreted as being conjunctively required by one or more embodiments of the present invention. Rather, all combinations of all elements, steps, and/or aspects described herein can enable a separate embodiment of the present invention, which may be claimed with particularity in the present or one or more future filed Non-Provisional Patent Applications. Moreover, any particular structure, arrangement, step, and/or functional logic disclosed herein, whether expressly or implicitly, are to be construed strictly as illustrative and enabling, and not necessarily limiting. Therefore, it is expressly set forth that such structure, step, arrangement, and functional logic, independently or in any combination thereof, are merely illustratively representative of one or more elements, steps, and/or aspects of one or more embodiments of the present invention and are not to be construed as necessary in a strict sense.
  • Further, to the extent the same element, step, or aspect is defined differently anywhere within this disclosure, whether expressly or implicitly, or individually or in combination with any another element, step, or aspect, the broader definition is to take absolute precedence, with the distinctions encompassed by the narrower definition to be strictly construed as optional.
  • Moreover, required hardware elements for each embodiment described herein are to be perceived in a minimalistic manner. Accordingly, one of ordinary skill in the art is directed to interpret the required hardware for each embodiment as the minimum hardware elements required to effectuate each respective security feature, with any additional hardware illustratively shown and/or described conjunctively herein as being strictly optional for that respective embodiment.
  • Illustratively, perceived benefits of the present invention can include functional utility, whether expressly or implicitly stated herein, or apparent herefrom. However, it is expressly set forth that these benefits are not intended as exclusive. Therefore, any explicit, implicit, or apparent benefit from the disclosure herein is expressly deemed as applicable to the present invention. Exemplary functional utility provided by a device controller disclosed herein includes enforcement of at least one feature of the security feature set described herein, and can include any additional or alternative utility apparent herefrom.
  • The present invention can be embodied in a device controller and a method that enforce sector level security between an electronic processing device (such as a computer or other functionally compatible device, for example and not in limitation) and a sector based storage device (such as a disk drive, a solid state drive, or any other type of sector based storage structure, for example and not in limitation).
  • The present invention allows user, factory, and/or default configurations to define and apply particular security features to particular sector ranges within a sector based storage device.
  • As illustrated in FIG. 1, according to the present invention, an exemplary device controller 100 can be interfaced between an electronic processing device 10 and a sector based storage device 20, can include at least one processor 110 (sometimes, “processor”) and at least one computer memory 120 (sometimes, “computer memory”), and further, can be communicatively connected to a clock 130.
  • In an exemplary aspect, the present invention contemplates utilization of any type and number of processors 110 desired, insofar as functionally compatible with the present invention, including but not limited to, an Application-Specific Integrated Circuit (“ASIC”), a Field-Programmable Gate Array (“FPGA”), a general processor, etc., for example and not in limitation. Further, processing duties can be shared across multiple devices to the extent desired.
  • In another exemplary aspect, the present invention contemplates utilization of any type and number of computer memories 120 desired, insofar as functionally compatible, including but not limited to, a random access memory, a read-only memory, a latch, a register, sequential access memory, etc., insofar as the resulting one or more computer memories are functionally compatible with the present invention as claimed. Further, memory duties can be shared across multiple devices to the extent desired.
  • In another exemplary aspect, device controller 100 can be provided as any direct or indirect interfacing device between electronic processing device 10 and storage device 20 desired, such as a host controller, a memory controller, or any other known or apparent implementation of a device controller functionally compatible herewith. Further, device controller 100 can be implemented with one or more of a proprietary data interface and a “standardized” data interface, such as a Serial Advanced Technology Attachment (“SATA”), Serial Attached Small Computer System Interface (“SAS”), Small Computer System Interface (“SCSI”), Peripheral Component Interconnect Express (“PCI Express”), or Universal Serial Bus (“USB”) interface, for example and not in limitation, insofar as functionally compatible.
  • In a further exemplary aspect, electronic processing device 10 can include a computer or any other functionally compatible device that can send data (such as a request or signal, for example and not in limitation) to device controller 100.
  • In another exemplary aspect, sector based storage device 20 can be provided as any type of desired data storage device that can organize stored data in a sector-based manner, such as a solid state drive, a hard drive, an optical drive, etc., for example and not in limitation.
  • As further illustrated in FIG. 1, clock 130 can provide a clock time 131 to processor 110. According to the present invention, clock time 131 can correspond to a current real or virtual time and/or date that represent the present real or virtual time and/or date. Notably, though illustratively shown in FIG. 1 as a device separate from device controller 100 and processor 110, clock 130 can be integrated with either to the extent desired.
  • In a further exemplary aspect, clock 130 can provide clock time 131 to device controller 100 according to any desired logical condition, such as, for example and not in limitation, according to a predetermined schedule (e.g., every n seconds or clock cycles, upon a scheduled event, etc.), continuously, sua sponte, or in response a logical state (e.g., in response to a time request, upon a power-up state, upon an initialization state, in conjunction with an alarm interrupt, etc.). As illustratively shown in FIG. 1, clock 130 can provide clock time 131 in response to an optional time request 132 received from device controller 100.
  • As illustrated in FIG. 2a , computer memory 120 can have stored therein an exemplary optional Data Keep Alive (“DKA”) check flag 121 (further discussed infra) and an exemplary control list 122 containing at least one security feature entry 123 having a target sector range 123.1 (which can be actual or determinable), time data 123.2 associated with the target sector range, and at least one security response 123.3 associated with the target sector range. Notably, a security feature entry 123, in whole or in part, can be user, default, and/or factory defined as desired.
  • In an exemplary aspect, target sector range 123.1 represents a range of sectors of storage device 20 that are to be acted upon if a time conflict is determined by processor 110. Such a range 123.1 can be user, default, or factory defined, and can be an actual or determinable sector range, which can be stored for subsequent use or determined dynamically, periodically, randomly, chaotically, or in response to any desired logical state or condition. Notably, such a range 123.1 can be a portion or all of available sectors ranges of a storage device 20.
  • In another exemplary aspect, a determinable sector range can be based upon one or more high level data characteristics, one or more of which can be used to encapsulate and define one or more sector ranges. For example and not in limitation, a high level data characteristic can be converted into one or more sector ranges at any logical state prior to use, such as during an initial configuration process, upon a conflict determination, etc. Also, for example and not in limitation, where a user specifies a file name as a high level data characteristic, the physical sector range or ranges for that file can be determined and used and/or stored as the range or ranges to be acted upon.
  • In a further exemplary aspect, a high-level data characteristic can represent one or more of the following: a portion of, or an entire, drive, partition, path, or directory; a file name, which can optionally include a wildcard; a time factor (such as a creation time, modified time, accessed time, etc.); a location factor (such as from where a file, directory, or partition was created, modified, accessed, etc.); file content (such as a particular data instance, which can include a wildcard, contained within one or more files); file size (such as =, <=, <. >, >=, ≠ a defined size); or any other file or data characteristic upon which one or more files or data instances can be logically referenced.
  • In a further exemplary aspect, an instance of time data 123.2 according to the present invention can represent an expiration date (i.e., a particular time and/or date) or a time window (i.e., a period of time), either of which can be an actual or virtual time and/or date.
  • In another exemplary aspect, as illustrated in FIG. 2b , a security response 123.3 can include at least one of a write access denial (i.e., processor 110 denies write requests involving data stored within a target sector range 123.1), a read access denial (i.e., the processor denies read requests involving data stored within the target sector range), a data encryption (i.e., the processor fetches, encrypts, and overwrites the data within the target sector range with the encrypted version), an existing data deletion (i.e., the processor deletes [e.g., marks as deleted or actually deletes] data stored within the target sector range), an existing data wipe (i.e., the processor securely overwrites the data within the target sector range), an existing data relocation (i.e., the processor fetches, then stores, the data within the target sector range elsewhere, and either deletes or wipes the original data within the target sector range), and a log event generation (i.e., The processor generates and stores a log entry reflecting at least one aspect of the security enforcement, such as, for example and not in limitation, the time, cause, result, etc. of the enforcement.)
  • In still another exemplary aspect, processing load on computer processor 110 can be reduced, as illustrated in FIG. 3, via optional inclusion of an event monitoring system (“event monitor” or “EMS”) 140, which can include a processing device 141 (i.e., at least one computer processor) communicatively connected to clock 130 and a data storage 142. Accordingly, a portion of enforcement duties can be carried out by EMS 140, which can increase the availability of processor 110 to execute other duties.
  • In another exemplary aspect, EMS 140 can include a microcontroller (such as, an MSP430, for example and not in limitation), which too can be provided as any type of functionally compatible processor or processors, and can optionally include one or more of built-in Clock-Calendar capabilities, internal non-volatile storage, a rechargeable battery system, and desired sensor interfaces.
  • Notably, such Clock-Calendar functionality can be external from the microcontroller as could the non-volatile storage and the battery system, to the extent desired. Clock/Calendar capabilities can also be used to generate a timestamp when a sensor event occurs and/or to provide a timestamp to the device controller 100 upon request. The microcontroller can also have alarm capabilities that can be defined to generate and issue an interrupt to device controller 100 when a programmed alarm time or event is reached or occurs, respectively.
  • The non-volatile storage can be used to store configuration options (such as, alarm times, sensor thresholds, etc., for example and not in limitation) and/or events (such as log sensor, alarm events, etc., for example and not in limitation) as they occur or in due course. In another exemplary aspect, log entries can be time stamped to the extent desired.
  • In a further exemplary aspect, various environmental sensors can be connected to the microcontroller, which can respond to interrupts generated by the sensors, or it may poll the sensors to obtain environmental measurements, such as temperatures, etc., for example and not in limitation.
  • In still another exemplary aspect, a rechargeable battery system can be configured to manually or automatically recharge when the device is connected to a powered host. The microcontroller and optional sensor(s) can be powered by the battery when the host system is offline, which can allow the device to log and/or respond to an event(s) even if they occur when the device is not powered, such as by a powered host, for example and not in limitation.
  • In an exemplary aspect, data storage 142 can be provided as any one or more types of computer memory, as defined supra, and can store one or more alarm events respectively representing target sector range 123.1 and/or time data 123.2 of at least one security feature entry 123 stored in computer memory 120. Further, in this exemplary embodiment, processing device 141 can determine based on calendar logic or otherwise interrogate data storage 142 against clock time 131 to assess whether an alarm event has arisen, or will arise, which can equate to a time conflict as further described herein. Accordingly, where such an alarm event arises, or will arise, EMS 140 can notify device controller 100 by sending an alarm interrupt 133 thereto.
  • According to the present invention, processor 110 can determine a time conflict exists based on the values of clock time 131 and time data 123.2. As noted above, time data 123.2 can represent an expiration date (i.e., a time and/or date) or a time window (i.e., times and/or dates). Accordingly, where time data 123.2 represents an expiration date, processor 110 can determine a time conflict exists if clock time 131 is within the time window represented by the time data, and where the time data represents a time window, processor 110 can determine a time conflict exists if the clock time is within or during the time windows represented by the time data.
  • As illustrated in FIG. 4, an exemplary method of enforcing sector level security can include the following: a step of receiving 200, by processor 110, a clock time 131 from clock 130; a step of determining 300, by the processor, based at least in part on interrogation of control list 122 and the clock time, the time data of a particular security feature entry 123 conflicts with the clock time; and a step of executing at least one security response 123.3 of the particular entry.
  • In an exemplary aspect, as noted above and illustrated in FIG. 5, where time data 123.2 represents an expiration date, the step of determining 300 can include determining the time data conflicts with clock time 131, if the clock time is beyond the expiration date.
  • As described above, the present invention can optionally include an EMS 140, in which case, as illustrated in FIG. 6, in conjunction with the optional EMS, processor 110 can execute the step of determining 300 in response to receipt by the processor of an alarm interrupt 133 from the EMS.
  • In another exemplary aspect, a method of enforcing sector level security can apply when device controller 100 receives a processing request (e.g., read request, write request, or any other request that involves storage device 20) from electronic processing device 10. Accordingly, as illustrated in FIG. 7, a method of enforcing sector-based security can optionally include the following additional step: before a step of determining 300, requesting 400, by processor 110, the clock time 131 from clock 130 in response to receipt of a processing request 11 from electronic processing device 10 involving storage device 20.
  • In an additional exemplary aspect, the present invention as noted above and illustrated in FIG. 8, where time data 123.2 represents a time window, the step of determining 300 can include determining the time data conflicts with clock time 131, if the clock time is within the time window represented by the time data.
  • In still another exemplary aspect, in conjunction with time data 123.2 representing a time window, an optional DKA check flag can be set as TRUE or FALSE, with either value being set and/or toggled by default and/or via a DKA Command, which can add a control layer to sector level security enforcement. Accordingly, in conjunction with time data 123.2 representing a time window, as illustrated in FIG. 9, a step of determining 300 can include confirming that a DKA flag is true as a condition for processor 110 to determine the existence of a time conflict.
  • In still yet another exemplary aspect, optionally, as illustrated in FIG. 10, a method of enforcing sector based security can additionally include a step of waiting 500 by processor 110 for the expiration of a wait state, which can be defined as a determinable amount of time, whether predefined or defined by the occurrence of any desired logical state or event (such as a user or system component based response or acknowledgement, for example and not in limitation) before a step of determining 300. Accordingly, such a step of waiting 500 can provide time for receiving a DKA command, which could toggle optional DKA check flag between true and false.
  • It will be apparent to one of ordinary skill in the art that the manner of making and using the claimed invention has been adequately disclosed in the above-written and attached description of the exemplary embodiments and aspects of the present invention.
  • It should be understood, however, that the invention is not necessarily limited to the specific embodiments, aspects, arrangement, steps, and components shown and described above, but may be susceptible to numerous variations within the scope of the invention. For example and not in limitation, the various logic aspects of the present invention can be implemented in any one or more of software, firmware, and hardwired logic circuitry, and additionally, processing can be distributed or centralized to any desired degree consistent with the present invention.
  • Therefore, the specification and drawings are to be regarded in an illustrative and enabling, rather than a restrictive, sense.
  • Accordingly, it will be understood that the above description of the embodiments of the present invention are susceptible to various modifications, changes, and adaptations, and the same are intended to be comprehended within the meaning and range of equivalents apparent to one of ordinary skill in the art.

Claims (20)

Therefore, we claim:
1. A device controller interfaced between an electronic processing device and a sector-based data storage device having a plurality of sectors, said controller comprising:
at least one processor communicatively connected to a clock and at least one computer memory having stored therein a control list including a security feature entry respectively including a high level data characteristic, time data associated with the high level data characteristic, and at least one security response associated with the high level data characteristic;
wherein said at least one processor determines based, at least in part, on interrogation of the control list and a clock time generated by the clock, the time data of the security feature entry conflicts with the clock time, determines one or more target sector ranges based, at least in part, on the high level data characteristic, and effectuates one or more of the at least one security response on the one or more determined sector ranges.
2. The device controller of claim 1, wherein the time data represents an expiration date and said at least one processor determines the time data conflicts with the clock time when the clock time is beyond the expiration date.
3. The device controller of claim 2, wherein said at least one processor is communicatively connected to an event monitoring system and determines the time data conflicts with the clock time in response to an alarm interrupt received from the event monitoring system.
4. The device controller of claim 1, wherein the time data represents a time window, and said at least one processor determines the time data conflicts with the clock time when the time data is within the time window.
5. The device controller of claim 4, wherein said at least one processor determines the time data conflicts with the clock time after confirming a data keep alive check flag is false.
6. The device controller of claim 1, wherein the high level data characteristic defines at least a portion of a file name.
7. The device controller of claim 6, wherein the high level data characteristic is a time factor.
8. The device controller of claim 1, wherein the high level data characteristic defines a location factor.
9. The device controller of claim 1, wherein the high level data characteristic defines file content.
10. The device controller of claim 1, wherein the high level data characteristic defines a file size.
11. A method of enforcing time based high level data characteristics by a device controller interfaced between an electronic processing device and a sector-based data storage device having a plurality of sectors, with the device controller having at least one processor communicatively connected to a clock and at least one computer memory having stored therein a control list including a security feature entry respectively including a high level data characteristic, time data associated with the high level data characteristic, and at least one security response associated with the high level data characteristic, said method, comprising:
receiving, by the at least one processor, a clock time from the clock;
determining, by the at least one processor, based at least in part on interrogation of the control list and the clock time, the time data of the security feature entry conflicts with the clock time; and
executing the at least one security response associated with the security feature entry on one or more target sector ranges determined based, at least in part, on the high level data characteristic.
12. The method of claim 11, wherein the time data represents an expiration date and the at least one processor determines the time data conflicts with the clock time when the clock time is beyond the expiration date.
13. The method of claim 12, wherein the at least one processor is communicatively connected to an event monitoring system and said step of determining is in response to an alarm interrupt received from the event monitoring system.
14. The method of claim 11, wherein the time data represents a time window, and the at least one processor determines the time data conflicts with the clock time when the time data is beyond the time window.
15. The method of claim 14, wherein the at least one processor determines the time data conflicts with the clock time after confirming a data keep alive check flag is false.
16. The method of claim 11, wherein the high level data characteristic defines at least a portion of a file name.
17. The method of claim 16, wherein the high level data characteristic is a time factor.
18. The method of claim 11, wherein the high level data characteristic defines a location factor.
19. The method of claim 11, wherein the high level data characteristic defines file content.
20. The method of claim 11, wherein the high level data characteristic defines a file size.
US16/118,695 2015-06-18 2018-08-31 Device Controller and Method of Enforcing Time Based High Level Data Characteristics Abandoned US20180373449A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/118,695 US20180373449A1 (en) 2015-06-18 2018-08-31 Device Controller and Method of Enforcing Time Based High Level Data Characteristics

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201562181591P 2015-06-18 2015-06-18
US15/150,860 US10095431B2 (en) 2015-06-18 2016-05-10 Device controller and method of enforcing time-based sector level security
US16/118,695 US20180373449A1 (en) 2015-06-18 2018-08-31 Device Controller and Method of Enforcing Time Based High Level Data Characteristics

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US15/150,860 Continuation US10095431B2 (en) 2015-06-18 2016-05-10 Device controller and method of enforcing time-based sector level security

Publications (1)

Publication Number Publication Date
US20180373449A1 true US20180373449A1 (en) 2018-12-27

Family

ID=57587068

Family Applications (4)

Application Number Title Priority Date Filing Date
US15/150,860 Active 2036-11-30 US10095431B2 (en) 2015-06-18 2016-05-10 Device controller and method of enforcing time-based sector level security
US15/157,623 Abandoned US20160371478A1 (en) 2015-06-18 2016-05-18 Device controller and method to forensically secure electronic data storage device
US16/118,683 Active US10282117B2 (en) 2015-06-18 2018-08-31 Device controller and method of enforcing time based sector level security
US16/118,695 Abandoned US20180373449A1 (en) 2015-06-18 2018-08-31 Device Controller and Method of Enforcing Time Based High Level Data Characteristics

Family Applications Before (3)

Application Number Title Priority Date Filing Date
US15/150,860 Active 2036-11-30 US10095431B2 (en) 2015-06-18 2016-05-10 Device controller and method of enforcing time-based sector level security
US15/157,623 Abandoned US20160371478A1 (en) 2015-06-18 2016-05-18 Device controller and method to forensically secure electronic data storage device
US16/118,683 Active US10282117B2 (en) 2015-06-18 2018-08-31 Device controller and method of enforcing time based sector level security

Country Status (1)

Country Link
US (4) US10095431B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11003786B2 (en) * 2018-05-30 2021-05-11 Dell Products L.P. System and method to manage file access rights in an information handling system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030177379A1 (en) * 2002-03-14 2003-09-18 Sanyo Electric Co., Ltd. Storing device allowing arbitrary setting of storage region of classified data
US20070011747A1 (en) * 2005-07-08 2007-01-11 Whitfield Lloyd T Jr Methods, systems, and devices for securing content
US20080168247A1 (en) * 2007-01-05 2008-07-10 Seagate Technology Llc Method and apparatus for controlling access to a data storage device
US7973607B1 (en) * 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
US20140281244A1 (en) * 2012-11-14 2014-09-18 Hitachi, Ltd. Storage apparatus and control method for storage apparatus
US20150280959A1 (en) * 2014-03-31 2015-10-01 Amazon Technologies, Inc. Session management in distributed storage systems

Family Cites Families (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5842016A (en) 1997-05-29 1998-11-24 Microsoft Corporation Thread synchronization in a garbage-collected system using execution barriers
US6215405B1 (en) * 1998-04-23 2001-04-10 Digital Security Controls Ltd. Programmable temperature sensor for security system
US7325052B1 (en) 1998-10-06 2008-01-29 Ricoh Company, Ltd. Method and system to erase data after expiration or other condition
US6618751B1 (en) 1999-08-20 2003-09-09 International Business Machines Corporation Systems and methods for publishing data with expiration times
US6553241B2 (en) 2000-08-31 2003-04-22 Mallinckrodt Inc. Oximeter sensor with digital memory encoding sensor expiration data
WO2002087152A1 (en) * 2001-04-18 2002-10-31 Caveo Technology, Llc Universal, customizable security system for computers and other devices
US7356641B2 (en) 2001-08-28 2008-04-08 International Business Machines Corporation Data management in flash memory
US7367503B2 (en) * 2002-11-13 2008-05-06 Sandisk Corporation Universal non-volatile memory card used with various different standard cards containing a memory controller
EP1538507A1 (en) 2003-12-02 2005-06-08 Axalto S.A. Flash memory access method and system
US7559088B2 (en) 2004-02-04 2009-07-07 Netapp, Inc. Method and apparatus for deleting data upon expiration
JP4296971B2 (en) 2004-03-17 2009-07-15 株式会社日立製作所 Recording apparatus and recording / reproducing apparatus
US7590522B2 (en) * 2004-06-14 2009-09-15 Hewlett-Packard Development Company, L.P. Virtual mass storage device for server management information
US7290203B2 (en) 2004-10-29 2007-10-30 International Business Machines Corporation Dynamic memory architecture employing passive expiration of data
WO2006095335A2 (en) 2005-03-07 2006-09-14 Noam Camiel System and method for a dynamic policies enforced file system for a data storage device
US8438645B2 (en) * 2005-04-27 2013-05-07 Microsoft Corporation Secure clock with grace periods
US20080099570A1 (en) * 2006-10-04 2008-05-01 Steve Krebs System and method for estimating temperature drift and drive curves
US7836258B2 (en) 2006-11-13 2010-11-16 International Business Machines Corporation Dynamic data cache invalidate with data dependent expiration
US8688924B2 (en) * 2007-06-08 2014-04-01 Sandisk Technologies Inc. Method for improving accuracy of a time estimate from a memory device
US8688588B2 (en) * 2007-06-08 2014-04-01 Sandisk Technologies Inc. Method for improving accuracy of a time estimate used in digital rights management (DRM) license validation
US8869288B2 (en) * 2007-06-08 2014-10-21 Sandisk Technologies Inc. Method for using time from a trusted host device
US7996621B2 (en) 2007-07-12 2011-08-09 International Business Machines Corporation Data cache invalidate with data dependent expiration using a step value
US8013738B2 (en) * 2007-10-04 2011-09-06 Kd Secure, Llc Hierarchical storage manager (HSM) for intelligent storage of large volumes of data
US8224898B2 (en) 2007-12-14 2012-07-17 Microsoft Corporation Relevance-based expiration of data
US8073884B2 (en) 2007-12-20 2011-12-06 Hewlett-Packard Development Company, L.P. System and method to derive high level file system information by passively monitoring low level operations on a FAT file system
US7806323B2 (en) 2008-01-04 2010-10-05 Visa U.S.A. Inc. System and method for providing activation and expiration data associated with newly issued financial presentation devices
JP2009181332A (en) * 2008-01-30 2009-08-13 Sony Corp Storage medium and conflict control method
US7932829B2 (en) 2008-06-05 2011-04-26 International Business Machines Corporation Method and apparatus for self-expiration of a passive data tag device
US7929356B2 (en) * 2008-09-05 2011-04-19 Atmel Corporation Method and system to access memory
JP5377182B2 (en) 2009-09-10 2013-12-25 株式会社東芝 Control device
WO2011128936A1 (en) * 2010-04-14 2011-10-20 株式会社日立製作所 Storage control device and control method of storage control device
RU2011116257A (en) 2011-04-26 2012-11-10 ЭлЭсАй Корпорейшн (US) TIMER MANAGER (OPTIONS) AND METHOD FOR IMPLEMENTING THE TIMER MANAGER ARCHITECTURE BASED ON THE BINARY PYRAMID
WO2013062519A1 (en) * 2011-10-25 2013-05-02 Hewlett-Packard Development Company, L.P. Drive carrier touch sensing
US10324642B2 (en) * 2013-06-07 2019-06-18 Sanmina Corporation Peripheral component interconnect express (PCIe) solid state drive (SSD) accelerator
US9542104B2 (en) * 2013-08-05 2017-01-10 Western Digital Technologies, Inc. System and method for controlling a storage device
KR101480642B1 (en) * 2013-10-15 2015-01-09 엘에스산전 주식회사 Event input module
US9052938B1 (en) * 2014-04-15 2015-06-09 Splunk Inc. Correlation and associated display of virtual machine data and storage performance data
US10185824B2 (en) * 2014-05-23 2019-01-22 The George Washington University System and method for uncovering covert timing channels
US10257192B2 (en) * 2014-05-29 2019-04-09 Samsung Electronics Co., Ltd. Storage system and method for performing secure write protect thereof
US10025530B2 (en) * 2014-09-29 2018-07-17 Western Digital Technologies, Inc. Optimized garbage collection for solid-state storage devices
US9734787B2 (en) * 2014-12-31 2017-08-15 Htc Corporation Method for operating mobile electronic device, mobile electronic device, and computer readable medium using the same
JP2016134050A (en) * 2015-01-21 2016-07-25 株式会社日立エルジーデータストレージ Data library system
US9817610B1 (en) * 2015-12-08 2017-11-14 Inphi Corporation Hybrid memory systems for autonomous non-volatile memory save and restore operations
US10572399B2 (en) * 2016-07-13 2020-02-25 Qualcomm Incorporated Memory request arbitration

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030177379A1 (en) * 2002-03-14 2003-09-18 Sanyo Electric Co., Ltd. Storing device allowing arbitrary setting of storage region of classified data
US20070011747A1 (en) * 2005-07-08 2007-01-11 Whitfield Lloyd T Jr Methods, systems, and devices for securing content
US20080168247A1 (en) * 2007-01-05 2008-07-10 Seagate Technology Llc Method and apparatus for controlling access to a data storage device
US7973607B1 (en) * 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
US20140281244A1 (en) * 2012-11-14 2014-09-18 Hitachi, Ltd. Storage apparatus and control method for storage apparatus
US20150280959A1 (en) * 2014-03-31 2015-10-01 Amazon Technologies, Inc. Session management in distributed storage systems

Also Published As

Publication number Publication date
US20160371478A1 (en) 2016-12-22
US10282117B2 (en) 2019-05-07
US20160371488A1 (en) 2016-12-22
US10095431B2 (en) 2018-10-09
US20180373448A1 (en) 2018-12-27

Similar Documents

Publication Publication Date Title
TWI709986B (en) Thermal monitoring of memory resources
US11741100B2 (en) Providing matching security between data stores in a database system
EP2997459B1 (en) System and method for high performance and low cost flash translation layer
US9933976B2 (en) Storage apparatus and data processing method thereof, and storage system
US8341729B2 (en) Hardware access and monitoring control
US8161128B2 (en) Sharing of data across disjoint clusters
US9760725B2 (en) Content transfer control
US8695104B2 (en) System and method for creating conditional immutable objects in a storage device
US9218288B2 (en) Monitoring a value in storage without repeated storage access
CN113806253A (en) Detection of compromised storage device firmware
KR102285275B1 (en) Hybrid memory drives, computer systems, and related methods for operating multi-mode hybrid drives
US7587543B2 (en) Apparatus, method and computer program product for dynamic arbitration control
US10282117B2 (en) Device controller and method of enforcing time based sector level security
US20150235025A1 (en) Process to prevent malicious changes to electronic files on an electronic storage device
US11768701B2 (en) Exception analysis for data storage devices
US11188239B2 (en) Host-trusted module in data storage device
WO2015170702A1 (en) Storage device, information processing system, storage control method and program
US20150234775A1 (en) Enabling file oriented access on storage devices
US9305142B1 (en) Buffer memory protection unit
EP3504627B1 (en) Read operation redirect
US20160098306A1 (en) Hardware queue automation for hardware engines
TW201324155A (en) Flash memory storage system and data protection method thereof
WO2016094990A1 (en) Self-protecting file protection
WO2014118651A1 (en) Method and apparatus for limiting the execution of background management operations in drive array

Legal Events

Date Code Title Description
STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION