(12) United States Patent
`Kikuchi et al.
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 6,219,771 B1
`*Apr. 17, 2001
`
`US006219771B1
`
`(54) DATA STORAGE APPARATUS WITH
`IMPROVED SECURITY PROCESS AND
`PARTITION ALLOCATION FUNCTIONS
`
`.
`-
`-
`-
`-,
`-
`(75) Inventors‘ lf°f§mflilrelflm?m Masanobu Akagl’
`0 O 0 yo (
`)
`
`(73> Assignee: NEC 90909911109061’)
`_
`_
`_
`_
`(*) Notice:
`This patent issued on a continued pros
`ecution application ?led under 37 CFR
`1.53(d), and is subject to the twenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by0 days.
`
`21 A l. N .: 08 912 791
`(
`)
`pp
`0
`/
`’
`(22) Filed:
`Aug. 18, 1997
`(30)
`Foreign Application Priority Data
`
`5,757,916 * 5/1998 MacDoran etal. .................. .. 380/25
`5,778,068 * 7/1998 Johnson et al. ...................... .. 380/25
`5,799,206 * 8/1998 Kitagawa et al.
`710/36
`5,802,590 * 9/1998 Draves ............... ..
`.. 711/164
`
`5,813,006 * 9/1998 Polnerow et al.
`707/10
`5,913,025 * 6/1999 Higley 618.1. .......................... .. 707/9
`5,940,589 * 8/1999 Donovan et al. ................. .. 455/26.1
`*
`
`233353;‘ * 215333 25532? 6.531‘
`
`323%?
`
`6,088,451 * 7/2000 He et al. .............................. .. 380/25
`
`FOREIGN PATENT DOCUMENTS
`63412861
`5/1988 (JP) _
`64_66729
`3/1989 (JP) _
`4-58349
`2/1992 (JP) .
`4-64985
`2/1992 (JP) .
`4-324542
`11/1992 (JP) .
`5-274210
`10/1993 (JP) .
`7-44481
`2/1995 (JP)
`* cited by examiner
`Primary Examiner—MattheW Kim
`Assistant Examiner—Pierre-Michel Bataille
`74 Art
`A t
`F ' —S h
`halpealfrgeg’eas gg?’Lcor Wm ug rue’
`
`M'
`Ion’
`
`Z'
`Inn’
`
`Aug. 30, 1996
`
`(JP) ................................................. .. 8-230895
`
`(57)
`
`ABSTRACT
`
`7
`......... .. G06F 12/00
`(51) Int. Cl. ........................................
`(52) US. Cl. ........................ .. 711/164, 711/173, 714/200,
`_
`714/202
`(58) Fleld of Search ................................... .. 711/152, 151,
`711/173, 163, 164, 112, 710/261, 264,
`36, 28; 709/225, 713/200, 201, 202, 705/18
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,371,929 : 2/1983 Brann et al. ......................... .. 710/45
`5’O18’O96
`5/1991 Aoyama """" "
`711/164
`5,237,658
`8/1993 Walker et al.
`710/38
`5 263 158 * 11/1993 Janis
`7O7/1
`5’469’564 * 11/1995 Junya'"
`380M
`_____ __
`575377543 * 7/1996 Itoh et
`_'_m714/48
`576107981 * 3/1997 Mooney et a1_
`380/25
`5,659,756 * 8/1997 Hefferon et al.
`710/200
`5,734,718 * 3/1998 Prafullchandra ..
`...... .. 380/4
`5,745,555 * 4/1998 Mark ............................... .. 379/93.03
`
`The apparatus enables access authorization to be assigned
`solely to Speci?c host devices~ Acontrol device Comprises,
`an address registration unit, in Which the host address of
`each host device has been registered for authorizing access,
`a command interpretation and execution unit Which on
`receipt of a command from a host device via a host device
`interface outputs the host address of the host device based on
`the command, and an address veri?cation unit for verifying
`the host address output from a command interpretation and
`execution unit against the host address registered in the
`address registration unit, as Well as determining Whether or
`not the particular host device has access authorization. The
`-
`-
`-
`-
`-
`command interpretation and execution umt incorporates an
`authorization pending function, so that on receipt of a
`command from a host device, the command is interpreted
`and executed only after access is authoriZed by the address
`veri?cation unit.
`
`5 Claims, 5 Drawing Sheets
`
`;
`[/- 1 1 3 :DISK APPARATUS
`I" EEEEEEE ‘ML _________________________ "T __________________ "TI
`
`1
`
`j
`1
`l
`1
`l
`
`1 1 6
`
`1
`
`1 5
`
`1
`
`1 4
`
`HOST INFORMATION
`STORAGE UNIT
`
`HOST CHECK
`UNIT
`
`COMMAND INTERPRETATION
`AND EXECUTION UNIT
`
`1 1 8
`
`1
`
`1 7
`
`i
`
`i
`l
`l
`1
`
`!
`T
`l
`‘
`'
`!
`l
`1
`L ____________________________________________________________ "n
`
`j
`[
`1
`'1
`
`ADDRESS REGISTRATION ___ ADDRESS VERIFICATION
`UNIT
`UNIT
`
`1 O 5
`\ UNIT
`
`DATA STORAGE
`
`Oracle Ex. 1006, pg. 1
`
`

`
`U.S. Patent
`
`Apr. 17, 2001
`
`Sheet 1 015
`
`US 6,219,771 B1
`
`
`
`_ :2: 22586 Qz<
`
`M 2225552 2,228 1 v zoww<mo?aqm> 1 wage‘
`
`_ N o P K m o F \ q o P K
`
`
`
`
`
` ||l,_ M :2: ZSQSPEM
`
`1 | ! 1 | I 1 | I 1 1 I 1 l | | | n | l 1 1 I | | | | | I 1 1 1 | 1 I a 1 I | 1 i l 1 I | | l u 1 l
`
`TUE
`
`For
`
`Oracle Ex. 1006, pg. 2
`
`

`
`U.S. Patent
`
`Apr. 17, 2001
`
`Sheet 2 015
`
`US 6,219,771 B1
`
`
`
`mmii $76725
`
`
`
`mmsi Qz<zzou
`
`
`mw<zn_ 55mm:
`mmsi 8Z5
`mwsi <55
`
`2322125
`
`QUE
`
`wwsi
`
`mwsi $5 mam
`
`Oracle Ex. 1006, pg. 3
`
`

`
`U.S. Patent
`
`Apr. 17, 2001
`
`Sheet 3 015
`
`US 6,219,771 B1
`
`Oracle Ex. 1006, pg. 4
`
`

`
`U.S. Patent
`
`Apr. 17, 2001
`
`Sheet 4 015
`
`US 6,219,771 B1
`
`_
`
`w
`
`w
`
`w
`
`:2:
`
`$565 is /m o P
`
`M :2: 55
`
`
`
`m 20:55; magma A 222E281 wage‘
`
`
`
`
`
`F lllllllllllllllll 11 i ........................... 1|\ 11111111 1
`
`n w P F\ m F T\ w F P\
`
`
`
`_ v 222E555 @2528 v V55 50: 1 222525 5%
`
`
`_ :2: 22555 e2 55 :2: $25
`
`v.65
`
`552% E? m P F \\
`
`Oracle Ex. 1006, pg. 5
`
`

`
`U.S. Patent
`
`Apr. 17, 2001
`
`Sheet 5 015
`
`US 6,219,771 B1
`
`FIG.5
`1 9 : DISK APPARATUS
`
`1
`
`'.
`
`1 2 O ’\/ COMMAND
`INTERPRETATION
`AND EXECUTION
`UNIT
`
`121
`
`ADDRESS OFFSET
`INFORMATION
`CONVERSION UNIT
`
`I
`
`122
`/
`ACTUAL PARTITION
`ADDRESS CONVERSION
`UNIT
`
`Y
`1 O 5 ’\/ DATA STORAGE
`UNIT
`
`1.
`a
`i
`a
`A i
`g
`a
`1
`@
`
`: CONVENTIONAL
`DISK APPARATUS
`
`i
`i
`‘I
`2 O 3
`'
`N 1
`'2
`DATA STORAGE
`UNIT
`1
`
`COMMAND
`INTERPRETATION AND
`EXECUTION UNIT
`
`l
`2 O 1
`'
`"J
`‘- ------------ + K
`1
`g
`i
`'
`!
`i
`i
`
`I
`
`Oracle Ex. 1006, pg. 6
`
`

`
`US 6,219,771 B1
`
`1
`DATA STORAGE APPARATUS WITH
`IMPROVED SECURITY PROCESS AND
`PARTITION ALLOCATION FUNCTIONS
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to a disk apparatus, and in
`particular to a disk apparatus Which can be accessed by a
`plurality of host devices.
`2. Description of the Related Art
`With conventional disk apparatus, each host controls the
`disk or disk array directly, and disk security is controlled by
`the host device to Which the disk is connected. File sharing
`With this type of ?le server client system is disclosed for
`example in Japanese Patent Application, First Publication
`No. Hei-4-58349.
`Ablock diagram shoWing the con?guration of a conven
`tional disk apparatus is shoWn in FIG. 6. Aconventional disk
`apparatus 201 comprises a command interpretation and
`execution unit 202 Which interprets commands from a host
`device as Well as executing those commands, and a data
`storage unit 203 in Which data is stored. The command
`interpretation and execution unit 202, in the case of a read
`command for example, interprets the command, and recog
`niZing the command as a read command directs the data
`storage unit 203 to read. The data storage unit 203 reads the
`stored data based on the read directions from the command
`interpretation and execution unit 202, and then transfers the
`data to the host device.
`Common Ways of connecting the host device and the disk
`apparatus include a SCSI (Small Computer System
`Interface) and Fibre Channel. Consequently, the command
`interpretation and execution unit 202 interprets commands
`from the SCSI or Fibre Channel and then outputs commands
`such as read and/or Write, to the disk data storage unit 203.
`With this type of conventional disk apparatus, usually a
`single host device is connected to the disk apparatus.
`Furthermore, even in those cases Where a plurality of host
`devices are connected to a common disk interface, With
`current technology it is possible for any of the host devices
`to access the disk.
`With advances in technology relating to the interface
`betWeen the host device and the disk apparatus hoWever, it
`has become feasible to connect a plurality of host devices.
`Using Fibre Channel, it is possible for example to use loops
`(FC-AL) to connect together more than 100 devices includ
`ing both host devices and disk apparatus. Moreover, if
`sWitching fabric is employed the number of devices Which
`can be connected together increases even further. Utilizing
`the high speed of interfaces, it is also possible to connect a
`plurality of host devices and disk apparatus to a single
`interface. With conventional disk apparatus, a problem
`arises that in the case Where a single disk is able to be
`accessed by a plurality of hosts devices, access authoriZation
`can not be restricted to speci?c host devices.
`Furthermore, With the move to large volume disk
`apparatus, it is possible to consider partitioning a single disk
`and then having each host use a different partition, but With
`conventional disk apparatus it has not been possible, While
`using a single interface, to identify a host device and then
`have each host device use a different partition.
`
`15
`
`25
`
`35
`
`45
`
`55
`
`SUMMARY OF THE INVENTION
`It is an object of the present invention to improve the
`de?ciencies inherent in the conventional devices discussed
`
`65
`
`2
`above, and in particular to provide a disk apparatus in Which
`each host device can be treated differently, so that for
`example access authoriZation can be assigned solely to
`speci?c host devices, or furthermore, each host device can
`gain access to a different partition While using the same
`interface.
`A ?rst apparatus according to the present invention com
`prises: a host device interface for sending and receiving data
`to and from a plurality of host devices, a data storage device
`for storing data to be sent to a host device, and a control
`device for controlling the Writing of data to, and the reading
`of data from, the data storage device.
`The control device comprises an address registration unit,
`in Which the host address of each host device has been
`registered in advance, for the purpose of authoriZing access,
`a command interpretation and execution unit Which on
`receipt of a command from a host device via the host device
`interface outputs the host address of the host device based on
`the command, and an address veri?cation unit for verifying
`the host address output from the command interpretation and
`execution unit against the host address registered in the
`address registration unit, and for determining Whether or not
`the particular host device has access authoriZation. The
`command interpretation and execution unit is con?gured to
`include an authoriZation pending function, so that on receipt
`of a command from a host device, the command is inter
`preted and executed only after access is authoriZed by the
`address veri?cation unit.
`With this ?rst apparatus, the host address is extracted from
`the command sent from a host device and veri?ed against
`those host addresses registered in the address registration
`unit for the purpose of determining access authoriZation. As
`a result, if access is authoriZed, the disk apparatus accepts
`the command Which has been sent and disk read/Write
`functions are performed. In this Way, only authoriZed host
`devices gain access to the data storage unit.
`As a second apparatus according to the present invention
`a construction is adopted Where, in addition to the items
`Which characteriZe the ?rst apparatus, a host information
`storage unit in Which information about the hosts such as
`host names and passWords is stored, is incorporated into the
`address registration unit, and a host check unit Which, on
`receipt of host information from a host, determines Whether
`or not that particular host has access authoriZation based on
`the host information received from the host and the host
`information stored in the host information storage unit, is
`incorporated into the command interpretation and execution
`unit, and this host check unit incorporates an address reg
`istration function Which registers the access authoriZation
`based on the host information, and the host address deter
`mined for the host device, in the address registration unit.
`With this second apparatus, When a host device logs in to
`the disk apparatus seeking authoriZation to use the disk, the
`address is registered in the address registration unit, and
`subsequently, the host address is extracted from any com
`mands sent from the host device and veri?ed against the host
`address registered in the address registration unit, and in
`those cases Where access is authoriZed the command inter
`pretation and execution unit transmits the command from
`the host device to the data storage unit and executes the
`command. In this Way, any alterations in host address can be
`easily accommodated.
`With a third apparatus, a construction is adopted Where in
`addition to the items Which characteriZe the second
`apparatus, the host check unit incorporates a startup setting
`function Which requests host information from a plurality of
`host devices When the control device is activated.
`
`Oracle Ex. 1006, pg. 7
`
`

`
`US 6,219,771 B1
`
`3
`With this third apparatus, host information relating to
`access authorization is not stored internally beforehand, but
`rather is sent from the host devices Which control the disk at
`the point of disk startup. Consequently, the amount of non
`volatile memory set aside for data storage can be reduced.
`As a fourth apparatus according to the present invention
`a construction is adopted Where, in addition to the items
`Which characteriZe the ?rst apparatus, the control device
`comprises: an offset information generation unit, Which on
`the basis of a host address output from the command
`interpretation and execution unit generates offset informa
`tion for the disk partition for that particular host device, and
`an actual partition address generation unit Which on the basis
`of the address for reading and Writing to the disk apparatus,
`and the offset information, generates an actual disk partition
`address and then outputs that actual partition address to the
`command interpretation and execution unit.
`With this fourth apparatus, the disk capacity is partitioned
`amongst the various host devices, and the various host
`addresses and the offset information for each partition are
`coordinated beforehand. When a command is received from
`a host device, the command interpretation and execution
`unit extracts the host address from the command and sends
`it to the offset information generation unit. The offset
`information generation unit then uses a correlation chart of
`host devices and offset information Which has been stored in
`advance, and generates offset information Which corre
`sponds to the particular host device and sends this informa
`tion to the actual partition address generation unit. The
`actual partition address generation unit combines the theo
`retical disk address included in the command from the host
`device and the offset information, and generates an actual
`disk partition address. In this Way, the disk partition corre
`sponding to the host device from Which the command Was
`sent is accessed.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a block diagram shoWing the con?guration of a
`?rst embodiment of the present invention;
`FIG. 2 is an explanatory diagram displaying a phase
`transition state of a SCSI bus;
`FIG. 3 is a block diagram shoWing an example con?gu
`ration of hardWare resources of a disk apparatus according
`to the ?rst embodiment shoWn in FIG. 1;
`FIG. 4 is a block diagram shoWing the con?guration of a
`second embodiment of the present invention;
`FIG. 5 is a block diagram shoWing the con?guration of a
`third embodiment of the present invention; and
`FIG. 6 is a block diagram shoWing a con?guration based
`on current technology.
`
`10
`
`15
`
`25
`
`35
`
`45
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`Next is a description of the preferred embodiments of the
`present invention, With reference to the draWings.
`
`55
`
`First Embodiment
`A block diagram shoWing the con?guration of a disk
`apparatus according to a ?rst embodiment of the present
`invention is shoWn in FIG. 1. As is shoWn in FIG. 1, a disk
`apparatus 101 comprises a host device interface 112 for
`sending and receiving data to and from a plurality of host
`devices, a data storage device (data storage unit) 105 for
`storing data to be sent to a host device, and a control device
`106 for controlling the Writing of data to, and the reading of
`data from, the data storage device 105.
`
`65
`
`4
`The control device 106 comprises: an address registration
`unit 104, in Which the host address of each host device has
`been registered for authoriZing access, a command interpre
`tation and execution unit 102 Which on receipt of a com
`mand from a host device via the host device interface
`outputs the host address of the host device based on the
`command, and an address veri?cation unit 103 for verifying
`the host address output from the command interpretation and
`execution unit 102 against the host address registered in the
`address registration unit 104, and for determining Whether or
`not the particular host device has access authoriZation.
`The command interpretation and execution unit 102
`incorporates an authoriZation pending function, so that on
`receipt of a command from a host device, the command is
`interpreted and executed only after access is authoriZed by
`the address veri?cation unit 103.
`The command interpretation and execution unit 102 ?rst
`receives a command from a host device, extracts the host
`address from the command and outputs it to the address
`veri?cation unit 103. The address veri?cation unit 103 reads
`the host addresses stored in the address registration unit 104
`for the purpose of determining access authoriZation and
`veri?es the host address sent from the command interpre
`tation and execution unit 102. The access authoriZation
`information generated as a result of this veri?cation process
`is then relayed back to the command interpretation and
`execution unit 102 by the address veri?cation unit 103.
`In those cases Where access is authoriZed, the command
`interpretation and execution unit 102 sends the command
`received from the host device to the data storage unit 105,
`and the disk apparatus command, such as a data read/Write
`command, is carried out in the same manner as for conven
`tional disks.
`The technique for determining access authoriZation could
`for example involve the registration of the host addresses of
`those host devices for Which access is authoriZed in the
`address registration unit 104 and comparison of these
`address With the host address extracted from each command,
`With authoriZation being given in the case of a matching
`address. Alternatively, the host addresses of those host
`devices for Which access is not authoriZed could be regis
`tered in the address registration unit 104, and authoriZation
`given if the host address extracted from the command did
`not match any of the registered addresses.
`With the above example it Was assumed that the host
`address Was imbedded in the command, but in practice, the
`host address can sometimes be identi?ed in exchanges prior
`to, or after the command. An example is presented in Way of
`an explanation beloW.
`For example in the case of a SCSI, the bus phase can be
`roughly divided up as shoWn in FIG. 2. With a SCSI
`generally the host device interface is the initiator and the
`disk apparatus interface the target. When sending a com
`mand to the disk apparatus, the host device interface, the
`initiator, secures the bus in the arbitration phase, selects the
`disk apparatus in the selection phase, and then enters the
`information transfer phase for sending the command or data.
`Within this series of phases, the initiator outputs its oWn
`ID and the ID of the target it is aiming to select in the
`selection phase. The speci?ed disk apparatus, namely the
`target, on con?rming it has been selected corresponds by
`sWitching the bus BSY signal to “true”. At this point, the
`target samples the data bus and identi?es the ID of the
`initiator.
`In this Way, the disk apparatus is able to ascertain the
`SCSI ID, namely the host address, of the other device.
`
`Oracle Ex. 1006, pg. 8
`
`

`
`US 6,219,771 B1
`
`5
`Further details are given in “Open design No. 1” (Published
`by CO, 1994), pages 4 to 19.
`In the case of a Fibre Channel, because communication is
`serial, the host address is recorded Within the frame and so
`once again the disk apparatus is able to ascertain the host
`address of the other device.
`Furthermore noWadays, in addition to those mentioned
`above, there are other protocols (such as IP (Internet
`Protocol)) Which although not Widely used as disk
`interfaces, do include a host address Which becomes the
`transmission source.
`An example con?guration of the above embodiment
`Which uses a general purpose CPU (central processing unit)
`is shoWn in FIG. 3. A disk apparatus 101 comprises a CPU
`106 Which performs the centraliZed function of controlling
`reading and Writing. The CPU 106 is connected to various
`circuit devices via a bus 107. Of these devices, a ROM (read
`only memory) 108 is memory solely for reading, and stores
`various programs and ?xed data.
`A RAM (random access memory) 109 is memory Which
`is used, as required, for temporarily storing data during
`execution of a program.
`A non volatile memory 110 is memory Which can be
`Written to by the CPU, and the content of Which is saved
`When the poWer is turned off. A disk interface 111 is an
`interface for exchanging data and commands betWeen the
`CPU and a data storage unit 105 Which Will be either a disk
`or some other storage medium.
`Ahost device interface 112 is an interface for exchanging
`commands and data from a host device With the disk
`apparatus 101. In the case of a disk array, a SCSI is used for
`both the host device interface 112 and for the disk interface
`111, but generally it is acceptable for the host device
`interface 112 and the disk interface 111 to be of different
`types.
`For example, a Fibre Channel could be used for the host
`device interface 112 and a SCSI used for the disk interface
`111. In small apparatus the disk storage medium itself is
`used as the data storage unit 105, but in large apparatus such
`as disk arrays the disk drive itself can be used as the data
`storage unit 105.
`Next is a description of the use of the hardWare resources
`shoWn in FIG. 3 to bring to realiZation the function blocks
`of FIG. 1. The command interpretation and execution unit
`102 of FIG. 1 is con?gured using the CPU 106, the bus 107,
`the ROM 108, the RAM 109, the disk interface 111 and the
`host device interface 112 of FIG. 3. Similarly, the address
`veri?cation unit 103 is con?gured using the CPU 106, the
`bus 107, the ROM 108, and the RAM 109.
`The address registration unit 104 can be con?gured using
`the non volatile memory 110. Moreover, a read/Write
`capable disk drive can be used as the data storage unit 105.
`In those instances Where a disk drive With a SCSI interface
`is used as the data storage unit, the commands Which can be
`sent from the command interpretation and execution unit
`102 to the data storage unit 105 are not limited to just read
`and Write commands for data, but can also indicate com
`mands in general retained by the SCSI interface.
`Furthermore, the disk drive can comprise any form Which
`alloWs data storage, and can therefore be con?gured from
`memory With a poWer backup function or from non volatile
`memory.
`Next is a description of the operation of a disk apparatus
`con?gured as shoWn in FIG. 3. First, host addresses are
`stored in advance in the non volatile memory 110. The stored
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`6
`host addresses can be reWritten by the CPU 106, but Will not
`be erased When the poWer is sWitched off. Consequently,
`When poWer is supplied to the disk apparatus 101, the host
`addresses Which have been previously stored are able to be
`read out.
`The command interpretation and execution unit 102 of
`FIG. 1 receives commands from the host devices at the host
`device interface 112 and stores them temporarily in the
`RAM 109. The CPU 106 uses the programs stored in the
`ROM 108 for interpreting a command from a host device
`and extracting the host address. The thus extracted host
`address is then veri?ed against the host addresses stored in
`the non volatile memory 110 by the CPU 106. In the method
`Where the host addresses for those devices Which are autho
`riZed for access are stored in the non volatile memory 110,
`access is authoriZed When the host address extracted from
`the command from the host device matches one of the host
`addresses stored in advance in the non volatile memory.
`In those cases Where access is authoriZed, the CPU 106
`sends a command to the disk interface 111 in order to
`execute the command from the host device, Which had been
`temporarily stored in the RAM 109. The disk interface 111
`executes the command by sending it to the data storage unit
`105. In those cases Where information needs to be relayed to
`the host device as a result of the command being executed,
`the disk interface informs the CPU 106 that it has received
`a result.
`On receiving this noti?cation the CPU 106 receives the
`result from the disk interface 111, stores it temporarily in the
`RAM 109, and then transfers the result to the host device
`interface. In this Way, commands from a host device are ?rst
`judged as to Whether access is possible, and then folloWing
`execution, any result of the execution is returned to the host
`device.
`With the above example, the host address stored tempo
`rarily in the RAM 109 and the access authoriZation deter
`mining host addresses stored in the non volatile memory 110
`Were compared, but in some cases the reading of non volatile
`memory is time consuming, and so it is possible to imagine
`a technique Where on startup of the disk apparatus the access
`authoriZation determining host addresses stored in the non
`volatile memory 110 are transferred to the RAM 109.
`Furthermore as With the invention of the ?rst apparatus, it
`is possible to imagine a technique Where on startup of the
`disk apparatus the access authoriZation determining host
`addresses are transferred from the host device Which con
`trols the disk, and then stored in the RAM 109. With this
`technique, the amount of non volatile memory 110 can be
`greatly reduced.
`
`Second Embodiment
`A block diagram shoWing the con?guration of a disk
`apparatus according to a second embodiment of the present
`invention is shoWn in FIG. 4. This is an embodiment Which
`alloWs the setting of the host address afterWards. This
`embodiment Will be explained in terms of the login opera
`tion from a host device to obtain authoriZation for using the
`disk apparatus, and the normal access operation.
`First, in the login operation, the host information sent
`from a host device is used to determine Whether that
`particular host device should be authoriZed. Adisk apparatus
`113 of this embodiment comprises a command interpretation
`and execution unit 114 for interpreting and executing com
`mands from host devices. The command interpretation and
`execution unit 114 receives a command from a host device
`and extracts the necessary host information required to
`
`Oracle Ex. 1006, pg. 9
`
`

`
`US 6,219,771 B1
`
`7
`authorize usage of the disk apparatus as Well as the host
`address accompanying that host information, and sends it all
`to a host check unit 115.
`In the host check unit 115, this information is veri?ed
`against access authoriZation determining host information
`Which has been stored in advance in a host information
`storage unit 116. Examples of host information include the
`host device name, and a passWord. In those cases Where the
`comparison results in a match, the host address sent from the
`command interpretation and execution unit 114 is registered
`in an address registration unit 118 as an access authoriZation
`determining address.
`Once the host address has been registered in the address
`registration unit 118 in this Way, the remaining operation is
`the same as for the ?rst embodiment. Upon receiving a
`command from a host device the command interpretation
`and execution unit 114 extracts the host address from the
`command. It then sends this address to an address veri?ca
`tion unit 117 and the address veri?cation unit 117 veri?es the
`address against the access authoriZation determining host
`addresses stored in the address registration unit 118 and then
`relays an access authoriZed or access denied message back
`to the command interpretation and execution unit 114. In the
`case Where access is authoriZed, the command interpretation
`and execution unit 114 sends a command to the data storage
`unit 105 in order to execute the command.
`With the second embodiment, the actual circuit con?gu
`ration could take the form shoWn in FIG. 3, as Was the case
`With the ?rst embodiment. The command interpretation and
`execution unit 114 of FIG. 4 could then be con?gured
`comprising the CPU 106, the bus 107, the ROM 108, the
`RAM 109, the disk interface 111, and the host device
`interface 112 of FIG. 3. Similarly, the host check unit 115
`and the address veri?cation unit 117 can be con?gured
`comprising the CPU 106, the bus 107, the ROM 108, and the
`RAM 109. Furthermore, the host information unit 116 and
`the address registration unit 104 can be con?gured using the
`non volatile memory 110.
`
`Third Embodiment
`A block diagram shoWing the con?guration of a disk
`apparatus according to a third embodiment of the present
`invention is shoWn in FIG. 5. A disk apparatus 119 of this
`embodiment comprises a command interpretation and
`execution unit 120 for interpreting and executing commands
`from a host device. The command interpretation and execu
`tion unit 120 extracts a host address from any disk read/Write
`command sent from a host device and outputs it to an
`address offset information conversion unit 121, and also
`outputs a disk partition address extracted from the read/Write
`command to an actual partition address conversion unit 122.
`The technique used by the command interpretation and
`execution unit 120 for extracting a host address is as Was
`outlined for the ?rst embodiment. The host address output
`from the command interpretation and execution unit 120 is
`input into the address offset information conversion unit
`121. Offset information Which indicates a disk partition
`corresponding to each host device, has been stored in
`advance in the address offset information conversion unit
`121, and the host address input from the command inter
`pretation and execution unit 120 is converted to this offset
`information.
`The actual partition address conversion unit 122 combines
`the disk partition address output from the command inter
`pretation and execution unit 120 With the offset information
`output from the address offset information conversion unit
`
`10
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`8
`121, and generates an actual disk partition address Which it
`then outputs to the command interpretation and execution
`unit 120. The command interpretation and execution unit
`120 outputs a read/Write command to the data storage unit
`105 based on the actual disk partition address. The data
`storage unit 105 executes the command output from the
`actual partition address conversion unit 122 by, for example,
`reading out data to the host device, or receiving and storing
`data from the host device.
`The present invention is con?gured and functions in the
`manner outlined above, With the invention of the ?rst
`apparatus enabling the provision of a highly secure and
`advanced disk apparatus of a type not currently available,
`Wherein determination of access authoriZation for a host
`device is based on the host address imbedded in the com
`mand sent from that particular host device, thus enabling
`commands to be accepted only from speci?ed host devices.
`With the invention of the second apparatus, the informa
`tion registered in advance in the disk apparatus by the user
`is not host addresses, but rather host information. Each host
`address is registered prior to that host device using the disk
`apparatus, so that once registered, subsequent recognition of
`the host device can be based on the host address imbedded
`in normal commands. Therefore procedures can be vastly
`simpli?ed in comparison With the technique Where host
`information is exchanged each time the disk apparatus is
`accessed. Furthermore, because the information registered
`in advance in the disk apparatus does not include host
`addresses, even if the interface con?guration or address is
`changed there is little effect, alloWing high security to be
`maintained.
`With the invention o