| 发明名称 | Techniques for security management provisioning at a data storage device | ||
| 摘要 | Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device. | ||
| 申请公布号 | US9064116(B2) | 申请公布日期 | 2015.06.23 |
| 申请号 | US201012941915 | 申请日期 | 2010.11.08 |
| 申请人 | Intel Corporation | 发明人 | Triantafillou Nicholas D.;Saxena Paritosh;Strong Robert W.;Heiler Richard J.;Tamir Eliezer;Ben-Michael Simoni;Stewart Brad W.;Kadam Akshay R.;Long Men;Doyle James T.;Khosravi Hormuzd M.;Mosur Lokpraveen B.;Pullin Edward J.;Schmitz Paul S.;Barrett Carol L.;Thadikaran Paul J. |
| 分类号 | G06F12/00;G06F21/56 | 主分类号 | G06F12/00 |
| 代理机构 | Blakely, Sokoloff, Taylor & Zafman LLP | 代理人 | Blakely, Sokoloff, Taylor & Zafman LLP |
| 主权项 | 1. A data storage device comprising: a non-volatile storage media to store data; an execution engine coupled to the non-volatile storage media, the execution engine comprising circuitry configured to execute a security management process to detect whether an access of the non-volatile storage media is authorized; and a bus interface coupled to the execution engine, the bus interface to connect the data storage device to a bus of a host platform, wherein the data storage device is to operate as a peripheral of the host platform during execution of the security management process, wherein the execution engine further to execute an input/output (I/O) process for a message exchange between the execution engine and a storage driver of the host platform, wherein based on the message exchange, the execution engine further to access the non-volatile storage media on behalf of a host operating system executing with a host processor and a chipset of the host platform; wherein the execution engine further to participate in communications, via the host processor and the chipset of the host platform, with a remote entity coupled to the host platform and the data storage device via a network, the communications including a first communication exchanged from the execution engine to the remote entity via the host platform, wherein the execution engine to encrypt the first communication to prevent an access to the first communication by the host operating system, wherein the execution engine further to restrict access by the host operating system of the host platform to a secure region of the non-volatile storage media, the secure region to store information received by the data storage device from the remote entity during the communications, wherein the execution engine to execute the security management process based on the information. | ||
| 地址 | Santa Clara CA US | ||