1111111111111111 IIIIII IIIII 11111 1111111111 lllll lllll lllll lllll lllll 111111111111111 11111111
`c19) United States
`
`c12) Patent Application Publication
`US 2006/0174352 Al
`
`c10) Pub. No.:
`(43) Pub. Date: Aug. 3, 2006
`Thibadeau
`
`US 20060174352Al
`
`(54)METHOD AND APPARATUS
`FOR
`PROVIDING VERSATILE SERVICES ON
`STORAGE DEVICES
`
`Continuation-in-part of application No. 09/912,931,
`
`
`filed on Jul. 25, 2001, now Pat. No. 7,036,020.
`
`
`
`Publication Classification
`
`
`
`
`
`PA (US)
`
`Correspondence Address:
`
`Robert P. Lenart
`
`Pietragallo, Bosick & Gordon LLP
`
`O ne Oxford Centre, 38th Floor
`3 01 Grant Street
`
`Pittsburgh, PA 15219 (US)
`
`
`
`(75)Inventor: Robert Harwell Thibadeau, Pittsburgh,
`(51)
`Int. Cl.
`H04L 9132 (2006.01)
`G06F 12114 (2006.01)
`G06F 17130 (2006.01)
`G06F 7104 (2006.01)
`G06F 11130 (2006.01)
`G06K 9/00 (2006.01)
`H03M 1168 (2006.01)
`H04K 1100 (2006.01)
`
`
`(73) Assignee: Seagate Technology LLC, Scotts Valley,
`H04L 9/00 (2006.01)
`CA
`H04N 7116 (2006.01)
`(52)
`
`
`U.S. Cl. .............................................. 726/27; 713/193
`
`(21)Appl. No.: 11/343,338
`
`(22)Filed: Jan.31, 2006
`
`(57)
`
`ABSTRACT
`
`
`
`
`
`Related U.S. Application Data
`
`An apparatus comprises a data storage device including a
`
`
`
`
`
`
`
`
`plurality of virtual smart cards in a plurality of security
`
`
`
`
`partitions, and a controller including a card operating system
`(63)Continuation-in-part of application No. 11/178,908,
`
`for controlling access to the smart cards.
`
`
`
`filed on Jul. 11, 2005.
`
`30
`\
`
`---40
`.-- 34
`-- 36
`-38
`
`MASTER AUTHORITY RECORD
`
`
`AUTHORITY RECORD 1
`
`-
`
`-
`
`---
`
`
`
`AUTHORITY RECORD n
`
`-
`
`-
`
`-- 32
`
`SECURITY PARTITION (SP) DATA
`
`-
`
`OS FILE SYSTEM
`
`�42
`
`IPR2022-01240
`Apple EX1028 Page 1
`
`

`

`Aug. 3, 2006 Sheet 1 of 7
`
`Patent Application Publication
`US 2006/0174352 Al
`
`2
`
`NETWORK
`
`OPERATING
`k.---- 10
`SYSTEM
`
`l
`INTERFACE
`L--- 11
`
`l
`
`FIRMWARE
`1----
`12
`\. -
`
`I
`DATA
`16,
`STORAGE
`I
`I
`I
`I
`I
`I
`
`--
`
`L--------------------�
`
`FIG. 1
`
`IPR2022-01240
`Apple EX1028 Page 2
`
`

`

`Patent Application Publication Aug. 3, 2006 Sheet 2 of 7
`
`US 2006/0174352 A1
`
`
`
`FIG. 2
`
`IPR2022-01240
`Apple EX1028 Page 3
`
`

`

`Patent Application Publication Aug. 3, 2006 Sheet 3 of 7
`
`US 2006/0174352 A1
`
`30
`
`MASTER AUTHORITY RECORD
`AUTHORITY RECORD 1
`- - -
`AUTHORITY RECORD in
`
`40
`34
`-36
`38
`
`SECURITY PARTITION (SP) DATA
`)
`
`32
`
`
`
`
`
`OS FILE SYSTEM
`
`42
`
`FIG. 3
`
`IPR2022-01240
`Apple EX1028 Page 4
`
`

`

`Patent Application Publication Aug. 3, 2006 Sheet 4 of 7
`
`US 2006/0174352 A1
`
`
`
`52
`
`//
`SPAuthority - R/W Access Rights
`SPName
`SPPassCOde
`SPPublicKey Pair Out
`SPPublicKey Pair in
`SPSymmetric Key
`Write0nce Write Over WriteAny
`ReadCurl, Read.Any Hidden Read
`Start, End Time, Erase at End
`SPDataBncrypt YES NO
`SPData Start, Record Size, and Number
`
`FIG. 4
`
`IPR2022-01240
`Apple EX1028 Page 5
`
`

`

`Patent Application Publication Aug. 3, 2006 Sheet 5 of 7
`
`
`
`E/\|HO OSIC]
`
`
`
`
`
`
`
`HEST)
`
`IPR2022-01240
`Apple EX1028 Page 6
`
`

`

`Patent Application Publication Aug. 3, 2006 Sheet 6 of 7
`
`US 2006/0174352 A1
`
`122
`
`124
`
`126
`
`128
`
`
`
`CARD
`X
`
`CARD
`Y
`
`CARD
`Z
`
`COMMAND FOR CARDA
`
`140
`
`FIG. 7
`
`
`
`
`
`
`
`144
`
`122
`
`142
`
`CARD A
`CURRENT
`STATE
`
`CARD AFILE SYSTEM
`
`CoS CARD MANAGER
`
`3.
`
`
`
`COMMAND FOR CARD A
`
`140
`
`FIG. 8
`
`-)
`
`120
`
`)
`(H-
`
`COMMAND
`POOL
`
`120
`
`IPR2022-01240
`Apple EX1028 Page 7
`
`

`

`Patent Application Publication
`
`Aug. 3, 2006 Sheet 7 of 7
`
`US 2006/0174352 A1
`
`
`
`
`
`0 | '50/-/HELTld W00 TV1007]HE|| [ld W00 HE/\HBS
`
`
`
`
`
`
`
`0NWWW00
`
`SHBTIC?NWH
`
`ONWIWIN00
`
`SHETONWH
`
`
`
`
`
`
`
`
`
`
`IPR2022-01240
`Apple EX1028 Page 8
`
`

`

`US 2006/0174352 A1
`
`Aug. 3, 2006
`
`METHOD AND APPARATUS FOR PROVIDING
`VERSATILE SERVICES ON STORAGE DEVICES
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`0001. This application is a continuation-in-part applica
`tion of U.S. patent application Ser. No. 09/912,931, filed Jul.
`25, 2001, and U.S. patent application Ser. No. 11/178,908,
`filed Jul. 11, 2005, the disclosures of which are hereby
`incorporated by reference.
`
`FIELD OF THE INVENTION
`0002 The present invention generally relates to methods
`and apparatus for securing data in Storage devices in com
`puter systems.
`
`BACKGROUND OF THE INVENTION
`0003. With the advent and widespread deployment of the
`Internet, conventional computer security systems have been
`found to be deficient. A disadvantage of the Internet is that
`it permits many ways to infiltrate conventional computer
`system perimeter defense systems. Damaging virus pro
`grams, for example, can be injected through firewalls and
`into a computer system. This can compromise data and
`computer programs, and therefore derivative capabilities
`Such as content protection and digital rights management.
`0004. This deficiency in computer system perimeter
`defenses creates the need to position security defense sys
`tems inside the local computer system. A conventional
`example of such localized computer system security is virus
`detection software. Virus detection software, however, can
`be susceptible to many exploits including, but not limited to,
`'spoofing or 'wrappering strategies. Consequently, virus
`detection Software may be made to appear operational when
`it is not properly operating.
`0005 Perhaps the greatest fundamental problem with
`conventional computer security systems is that their opera
`tion is common to the environment of the operating system
`environment. Furthermore, the operating system environ
`ment for many computer systems is also common to the
`Internet environment, for example, or another network com
`munications medium. Because of this common environ
`ment, many means of attack on a computer system are
`available merely by moving computer code from the Internet
`to the computer operating system.
`0006. Some conventional methods of computer protec
`tion may involve special purpose security hardware or
`firmware installed in the BIOS of a computer system. These
`methods can establish secondary lines of defense internal to
`the operation of a computer system but external to the
`complicated and error-prone operating system environment.
`However, these methods often fail to recognize that a better
`line of defense could be realized with non-writeable firm
`ware in the attached storage devices that provide the bulk of
`data and code storage for computer systems.
`0007. Other conventional computer security systems may
`include a security device connected to an SCSI bus that
`protects storage devices on the bus. This type of security
`system recognizes that the storage device is more secure
`while not operating in an environment common to the
`operating system. However, the SCSI bus of this system
`
`exposes all devices on the bus to access (including the
`storage devices), and therefore requires intimate operating
`systems involvement.
`0008. It would be an improvement over this technique to
`put the security measures in the attached storage firmware
`and hardware. The same solution could also then be applied
`in SCSI environments and other environments such as ATA
`storage device environments for hard disk drives, flash
`memory storage, optical storage, and tape storage devices.
`0009 Still other computer security systems recognize the
`benefit of guarding the storage device at the controller level
`but are based on shared private keys. Shared private keys are
`well-known to provide less security than securing and
`concealing elements of public-private key encryption,
`because authentication keys are shared and not private to a
`single device. This type of system is also directed to
`modification of the file management system of the computer
`operating system and therefore Suffers the same problem of
`operating system dependence illustrated above for SCSI
`security. An improved computer security system could leave
`the operating system file management intact while main
`taining separate control over security through a special
`security interface to the attached storage device.
`0010. In another type of computer security system, the
`security perimeter consists of self-contained software that
`exports only a simple storage interface for external access
`and Verifies the integrity of each command before process
`ing the command. By contrast, most file servers and client
`machines execute a multitude of services that are susceptible
`to attack. Since this self-securing storage device is a single
`function device, the task of making it secure is made easier.
`However, the objective of this system is to provide for
`automated recovery to a known good state relying on the
`previous secure storage mechanisms. This type of system
`also requires operating systems modification. It incorporates
`complexity, and therefore Vulnerability, approaching that of
`an operating system, and permits opportunities for the
`introduction of Trojan code, for example, into the system.
`Furthermore, this type of system does not recognize the
`improved security afforded by using the storage device for
`hiding and securing public-private key operations.
`0011 Security afforded to a computer system by the ATA
`Host Protected Area security protocol can be provided by a
`method used in connection with readying a storage device
`during the boot phase of a computer system. In this method,
`the storage device can be declared to the operating system to
`have less storage space than the storage device actually has
`ready for use by the operating system. Special BIOS firm
`ware or other special code can have exclusive access to the
`undeclared portion of storage space. As an additional Secu
`rity measure, the ATA Host Protected Area can require
`passcode access to this additional amount of storage space.
`The ATA Host Protected Area was originally designed to
`provide security assurance in the form of enhanced operat
`ing system and application crash recovery efficiencies. A
`known good version of the system or application software
`could be cached in a location outside the capability of the
`operating system to address. In practice, this restricts access
`to a portion of the storage device to a computer program
`running either in the main device firmware or in the oper
`ating system environment.
`0012 A problem with the ATA Host Protected Area
`protocol is that it is still possible to intercept communica
`
`IPR2022-01240
`Apple EX1028 Page 9
`
`

`

`US 2006/0174352 A1
`
`Aug. 3, 2006
`
`tions with the storage device that contains critical informa
`tion. The hidden ATA Host Protected Area partition of the
`storage device can be revealed, for example, by putting that
`same disc drive into another computer that does not reserve
`the Host Protected Area space. The passcode, if used, is not
`retained across power cycles. The ATA Host Protected Area,
`in practice, is an acceptable place to protect local backup
`code and data from virus-like infections but is typically not
`the best place to conceal data. Furthermore, the only authen
`tication required by the ATA Host Protected Area is a “first
`come first served, winner take all type of device authenti
`cation. Public-private key techniques applied to sections of
`secure data storage would provide an improvement in this
`type of security.
`0013 Most modern storage devices are embedded con
`troller storage devices and therefore have at minimum four
`component parts: a well-defined communications interface,
`a processor, random access electronic memory for enabling
`the processor and buffering data, and a core storage medium
`(such as rotating disc storage or flash memory). An interface
`between the storage device and the host system has a
`well-defined interface protocol such as INCITS T13 ATA or
`INCITS T10 SCSI through which the embedded controller
`storage device provides a fixed set of services to the host.
`0014. The most common services provided to the host are
`writing and reading blocks of data on the core storage
`medium. Since the inception of embedded controller storage
`devices, they have provided other well-defined services to
`the host. For example, one well-known service in ATA is a
`password security service supported by the BIOS on the
`platform host. Interface commands are defined that allow a
`password and a master password to be provided to secure the
`use of the storage device. During host booting and conse
`quent drive initialization and booting, the drive will not
`perform its basic read/write function until the password or
`master password is provided over the interface. Another
`well-known command is a drive erase command that
`instructs the processor on the drive to erase the entire disc.
`0.015 While these services provide some data security, a
`need remains for a method and apparatus that can provide
`improved secure services from the storage device.
`
`SUMMARY OF THE INVENTION
`0016. This invention provides an apparatus comprising a
`data storage device including a plurality of virtual Smart
`cards in a plurality of security partitions, and a controller
`including a card operating system for controlling access to
`the Smart cards.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`0017 FIG. 1 is a diagram showing a system that can be
`used to implement methods and apparatus for promoting
`computer security.
`0018 FIG. 2 is a block diagram showing details of the
`storage device of FIG. 1.
`0.019
`FIG. 3 is a schematic representation of the inter
`action between a storage device and an operating system of
`a computer system.
`0020 FIG. 4 is a schematic representation of the details
`of the authority records and security partition data shown in
`FG, 3.
`
`FIG. 5 is a block diagram of a computer system
`0021
`that includes an embodiment of the invention.
`0022 FIG. 6 is a block diagram of a card operating
`system and associated interfaces.
`0023 FIG. 7 is a block diagram of a card operating
`system and several virtual Smart cards.
`0024 FIG. 8 is a more detailed block diagram of a card
`operating system and several virtual Smart cards.
`0.025 FIG. 9 is a block diagram that illustrates the
`operation of the virtual Smart cards.
`0026 FIG. 10 is a block diagram that illustrates the
`issuance of the virtual Smart cards.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`0027. As used herein, "computer systems’ include, but
`are not limited to, desktop computer systems, laptop com
`puter systems, networked computer systems, wireless sys
`tems such as cellular phones and PDAs, digital cameras
`including self-contained web-cams, and/or any reasonable
`combination of these systems and devices.
`0028. As used herein, the terms “storage device' and
`“disc drive' or “disc' are interchangeable, except where
`otherwise noted, and include any device for persistent Stor
`age of data in a computer system in accordance with the
`computer security methods and apparatus discussed herein.
`Notwithstanding the use of the term “disc', the storage
`device need not necessarily incorporate a physical “disc' but
`preferably incorporates a storage medium or device man
`aged by a controller with firmware.
`0029. It can be appreciated that the term “partition' is
`used in certain embodiments herein to mean a contiguous
`grouping of bytes as allocated by the low-level formatting of
`the storage device.
`0030 Special security partitions and the structures and
`processes that Support these security partitions are included
`in the present computer security methods and apparatus. The
`methods and apparatus of this invention provide a security
`system that is Substantially not dependent on the host
`operating system.
`0031 Referring now to FIG. 1, the architecture of a
`system consistent with the methods and apparatus discussed
`hereinafter is shown. The network 2, which can be the
`Internet or another network communications medium, is
`connected by a wireless or wired (not shown) connection 4
`to the computer system 6 of a user. Inside of the computer
`system 6 is an operating system 10, which relies at least in
`part on Software and data obtained from a storage device 12.
`The operating system communicates with the storage device
`through an interface 11, such as an ATA or SCSI interface.
`0032 Referring now to FIGS. 1 and 2, a more detailed
`schematic of the storage device 12 is shown in FIG. 1. The
`storage device 12 contains firmware 14that reads and writes
`data from a data storage portion 16 of the storage device 12.
`It can be appreciated that at least a portion of the storage
`device firmware 14 can be rewritten by software executed in
`the operating system 10. This portion of the storage device
`firmware 14 that can be written can be considered writeable
`firmware (“WF). In contrast, at least a portion of the storage
`
`IPR2022-01240
`Apple EX1028 Page 10
`
`

`

`US 2006/0174352 A1
`
`Aug. 3, 2006
`
`device firmware 14 is written by using one or more of a
`plurality of conventional hardware methods that prevent this
`firmware from being written by the operating system 10.
`This portion of the storage device firmware 14 that cannot be
`written can be considered non-writeable firmware (“NWF).
`In one embodiment, the storage device 12 can also include
`a separate central processing unit 18 (“CPU”) for accessing
`and otherwise manipulating data in the data storage portion
`16 of the storage device 12. It can be made a requirement
`that no data can be transported to or from the data storage
`portion 16 of the storage device 12, except in connection
`with execution of the NWF or WF.
`0033 For purposes of illustration, some examples of
`NWF and WF firmware can be derived in connection with
`the ATA and SCSI disc controller protocols. At least portions
`of these protocols relate to connectivity between the oper
`ating system and the data storage components of a computer
`system. The ATA protocol, for example, permits customiza
`tion of commands, such as controller commands, by a user.
`In one embodiment, the present computer security methods
`and apparatus offer an addition to the ATA/ATAPI-5 ANSI
`specification, NCITS 340-2000. However, it can be appre
`ciated that parallel, analogous additions can be made by the
`methods and apparatus addressed herein to the SCSI speci
`fication and other suitable disc controller specifications that
`allow, for example, Vendor-specific or standards-driven
`extensions. It can also be understood that the methods and
`apparatus discussed herein can form the basis for a compo
`nent part of a new disc controller specification.
`0034) Data storage, as applied herein, can be provided in
`connection with a conventional disc controller protocol Such
`as ATA or SCSI. One type of security protocol available to
`ATA, in particular, is known to those skilled in the art as ATA
`Host Protected Area. Mapped-out storage, as applied herein,
`is storage space that is mapped-out by tables in the NWF and
`WF to indicate bad sectors. It is understood that other data
`can be mapped-out of the writeable storage by the disc
`controller for the storage device.
`0035) Referring now to FIG. 3, the present computer
`security methods and apparatus can augment existing ATA
`and SCSI protocols, for example, with simple and effective
`enhanced security protocols. The methods and apparatus
`include a storage device 30 having a plurality of security
`partitions (“SP), only one of which is shown in FIG. 3.
`Each security partition contains data 32 and at least one
`authority record, such as authority record 34, associated with
`the security partition data 32. These security partition data
`34 and authority records 34, 36, 38 are contained in a
`security partition of the storage device 30. The present
`methods and apparatus provide a relatively simple file
`system located on the low-level formatting of the storage
`device 30. The growth of data added to each security
`partition of the storage device 30 proceeds from top to
`bottom, as shown in FIG. 3, so that a query of the storage
`device 30 contents can readily reveal how much data storage
`space remains for use.
`0036) Operations involving the authority records 34, 36,
`38 are managed by the firmware of the storage device 30. In
`one embodiment, all authority records 34, 36 and 38 can be
`governed by a single master authority record 40. As shown,
`a host operating system (“OS) 42 is not permitted to access
`the security partition data 32 contained in the storage device
`
`30. This independence of the security partition data 32 from
`the host OS 42 provides an important benefit of the present
`invention security methods and apparatus: to create a loca
`tion on a computer system where information Such as a
`secret can be effectively concealed.
`0037 Referring now to FIG. 4, a schematic representa
`tion of an authority record 52 is presented in accordance
`with the authority records 34, 36, and 38 of FIG. 3. The
`authority record 52 can include data, computer programs,
`and other like information and functionality in association
`with the SP data 54 corresponding to the authority record 52.
`The contents of the authority record 52 and the SP data 54
`(elements 56 through 84) are related to information for
`which concealment is desired and/or functionality that pro
`motes secure data processing in a computer system. Types of
`information that can be stored in SP data 54 and types of
`secure processing functions performed by the authority
`record 52 in connection with the SP data 54, as indicated in
`elements 56 through 84, are presented below as examples.
`0038. It can be seen that there are many advantages to a
`closed, non-expandable, storage and authority system as
`described herein. The storage device can define, for certain
`data on the disc, a structure for authorization and authenti
`cation that can be readily inspected and audited. If authori
`Zation and authentication functions are not provided in a
`closed system, then a computer system is generally more
`Vulnerable to attack and infiltration. It can be appreciated
`that 63 user-definable authority records and one master
`record are likely to Suffice for most practical applications of
`the present computer security methods and apparatus.
`Because these methods and apparatus are storage device
`specific lines of security defense, a single authority can
`translate to a group authority in the operating system envi
`ronment or an entire domain authority. Since the authorities
`can be created and deleted by the user as needed, with the
`understanding that a master authority record can govern
`these user modifications, the present methods and apparatus
`provide an appropriate line of defense for the computer
`system.
`0039. It can be appreciated that the following examples
`are intended primarily for purposes of illustration. No par
`ticular aspect or aspects of the method and apparatus
`embodiments described herein are intended to limit the
`Scope of the present invention. For example, it can be
`appreciated that a particular choice of nomenclature for
`security partition commands executed by the present com
`puter security methods and apparatus are for illustration
`purposes and are not intended to limit the scope of the
`present invention.
`0040. As applied to the present computer security meth
`ods and apparatus, reading and writing data to a secured data
`partition can use conventional read/write mechanisms and
`protocols. In one aspect, if a read or write of a security
`partition is attempted, the security partition can be opened
`using a security partition open call. Such as the SPOpen
`command. Once open, the security partition remains open
`until closed (such as by use of the SPClose command) or
`until expiration of a predetermined time interval. An
`SPOpen command can limit read and write access in many
`ways that are important to security functions needed for the
`storage device. In another embodiment, specialized SP,
`fixed-length and record-oriented, read and write operations
`
`IPR2022-01240
`Apple EX1028 Page 11
`
`

`

`US 2006/0174352 A1
`
`Aug. 3, 2006
`
`are permitted that do not leave open the windows of oppor
`tunity that the global SPOpen command can permit.
`0041. In some embodiments, the SPOpen and SPClose
`commands are not available due to security or efficiency
`considerations and read and write operations are performed
`through the available SPProtRead and SPProtWrite com
`mands. Use of the SPProtRead and SPProtWrite commands
`can perform an internal, hidden, SPOpen functionally
`equivalent action without exposing the secure data to user
`interaction.
`0042. In certain embodiments, the present computer
`security methods and apparatus can use, for example, ANSI
`X.509 certificates that can employ trap-door cryptographic
`algorithms such as the well-known RSA algorithm for
`authentication. Each authority record can contain one pub
`lic-private key pair for authenticating data that originates
`from the security partition of interest. A second public
`private key pair is provided to ensure that data can only be
`sent to the particular security partition and no other location
`for storage. These key pairs are associated with X.509
`Cert-In (i.e., the data are only transmitted to the desired
`partition) and X.509 Cert-Out (the data are signed and
`thereby authenticated to come only from the desired parti
`tion). A symmetric key can be used in a way Substantially
`similar to SSL and other equivalently secure streaming
`protocols to encrypt the data. In this embodiment, the
`public-private keys are used primarily for the hashes asso
`ciated with the certificates, although a private key can
`decode a passcode directed to an authority.
`0043. The methods and apparatus described herein can
`require that the above-mentioned cryptographic operations
`are embedded in the firmware or physical storage of the
`storage device. The cryptographic code is authenticated with
`a root assurance in the NWF of the device. In this manner,
`access to reading or writing SP-protected data cannot be
`Susceptible to attack except by physically modifying the
`storage device. The SP system also provides for encrypting
`data in the data partition. The encryption utilizes the sym
`metric key. If encryption is turned off, then the data in the
`storage device are plain text even though the symmetric
`encryption may not have been employed in transmitting the
`data to and from its storage location. If encryption is turned
`on, then the data in the storage device are encrypted even
`though the symmetric encryption may not have been
`employed in transmitting the data to and from its storage
`location.
`0044) If the SP data are encrypted and the authority
`Source is external, a method and apparatus can be provided
`to encrypt data on the storage device so that only an external
`agent can decrypt the data. The SP DataEncrypt command
`encrypts the SP data so that a key can be acquired and
`applied from an external Source.
`0045. In this example, there is no accessible method for
`decrypting the data from the storage device based on infor
`mation available in the storage device. This method and
`apparatus involves securely transmitting the public key and
`symmetric key. The private key is provided to decrypt the
`symmetric key when the symmetric key is needed for use in
`encrypting or decrypting data. This public key/symmetric
`key/private key arrangement is a conventional method for
`providing file encryption. The present computer security
`methods and apparatus improve this conventional method by
`
`providing for security methods and apparatus contained only
`in the storage device and not as part of an operating system
`or file system.
`0046) Another feature of the authority record that con
`trols the reading and writing of data in a security partition is
`that certain fields of the authority record can be hidden.
`"Hidden' typically means that the values in these fields
`cannot be read by any external process, i.e., the values
`cannot be read either by a call to the firmware or by direct
`examination of the contents of the storage device. There are
`a plurality of known hardware techniques by which storage
`can be protected: for example, mapping out the address
`space of such storage except to the NWF. Another technique
`that can be applied in connection with the passcode field of
`the authority record is to store only a hash of code. This
`technique is possible because there is no requirement to read
`a plain text passcode. In addition, another technique is to
`hide a symmetric key by encrypting the key with an authori
`ty's public key, such that only the hidden private key can
`decode it.
`0047. In practice of the present computer security meth
`ods and apparatus, a distinction can be made between an
`external authority source and an internal authority source. If
`a security partition is an internal authority Source, then the
`public-private key pairs and symmetric keys are generated
`internally by the NWF and WF of the storage device. If a
`security partition is an external authority source, then the
`public-private key pairs and the symmetric key can be
`transmitted by a secure method of transmission (as defined
`by the SPCSet command, for example) to the storage device.
`This means that while certain data, Such as a private key, can
`be written (such as by the SPCSet or by the internal key
`generator), the data are not read by any external process,
`because they are defined as hidden. It is important that the
`same “Write but Not Read' capability can be afforded data
`in any security partition that is a “Write but Not (external)
`Read' partition. Therefore, a user application external to the
`storage device can employ the storage device as a reliable
`place to conceal information and to perform cryptographic
`operations with a relatively high degree of security and
`secrecy.
`0048 One embodiment of the present computer security
`methods and apparatus provides for declaring SP data to be
`write-once. One illustrative use of this embodiment is in PKI
`(public key infrastructure), wherein a problem exists in
`validating public keys for a particular authority. The security
`partition of the present methods and apparatus can verify the
`source of the public key dynamically. This overcomes one of
`the fundamental problems in PKI known as key revocation.
`It is possible with the present methods and apparatus to have
`a secure means of dynamically keeping public keys current
`with a relatively high level of assurance. Another application
`of the write-once embodiment is applied to lock software to
`a system or disc and create logs that cannot be repudiated or
`accessed without authorization. In this embodiment, the
`storage device can be employed to read the log, which may
`contain credit card purchase information, for example.
`0049. The present computer security embodiments typi
`cally use a fixed amount of space associated with each
`authority record and associated data set. In addition, one
`master authority record can contain the authority records for
`all other security partitions. For example, each authority
`
`IPR2022-01240
`Apple EX1028 Page 12
`
`

`

`US 2006/0174352 A1
`
`Aug. 3, 2006
`
`record can use 2633 bytes of a six block (3072 byte) region,
`and there can be 64 possible authority records, for a total of
`196,608 bytes in the security partition which contains the
`authority records for all security partitions. In this illustra
`tive system, there can only be 63 user-definable security
`partitions. No external authority is permitted access in this
`embodiment except as defined by the external source of
`private/public/symmetric keys. This means that only an
`authority record defined on the storage device can be an
`authority permitted to read or write any other authority
`record and/or data set. It can be appreciated that an allow
`ance is made in the publicly-readable, and typically factory
`set, authority record header to expand or reduce this closed
`system of authority to more than or less than 64 total
`authority records.
`0050. In embodiments of the present computer security
`systems that maintain a finite number of authority records
`with a fixed-space utilization for the master authority record,
`the performance penalty associated with having an SP
`enabled storage device can be regulated. In general, any read
`or write operation on the storage device checks to determine
`whether low-level storage addresses (e.g., cylinder, head,
`sector, block and the like) are protected by a security
`partition.
`0051. In another embodiment, the security partition
`region is modeled like an ATA Host Protected Area region.
`The partition containing the master authority record and the
`other authority records has a known, fixed size and uses
`storage hidden even from an AT