The present invention relates to systems and methods for limiting access, to data in a storage device, only to privileged resident-program files that have been launched from the storage device.
Software security is a well-known area in the art of computer engineering, especially in systems having a host system and a storage device. In many cases, there is a need to protect the storage device from damage to the data caused by programs, running on the host system, accessing the storage device without authority due to innocent errors, negligence, or malicious intent (e.g. computer viruses and worms).
One well-known implementation of software-security technology is code authentication (known in the industry as “signed code”). Signed code does not provide protection against data being damaged in the storage device because:                (1) a signed program does not necessarily comply with regulations regarding access to the storage device; and        (2) since the host system may run signed and unsigned programs with different levels of access permissions, a malicious unsigned program can “take over” a signed program and use the permissions of the signed program to cause damage to the storage device.        
All prior-art methods for software security are based on a decision point made prior to program launch, whereby the host system determines whether a given application should be trusted by the storage device.
Although the computing power and information-security measures of the host system are typically adequate, the storage device's security remains completely dependent on the host system. The storage device has no way to recognize unauthorized commands sneaking through the host system's security protection.
In the prior art, Rothman et al, US Patent Publication No. 20070174897 (hereinafter referred to as Rothman '897), teaches a method and apparatus for protecting data stored in data storage devices. Sprigg et al., US Patent Publication No. 20030061504 (hereinafter referred to as Sprigg '504), teaches application-level access-privilege to a storage area on a computer device. Ramezani et al, US Patent Publication No. 20060265605 (hereinafter referred to as Ramezani '605), teaches a system and method for managing security of a memory device.
Lee et al., U.S. Pat. No. 6,823,398 (hereinafter referred to as Lee '398), teaches file-system management embedded in a storage device. Yoshida et al, U.S. Pat. No. 6,622,220 (hereinafter referred to as Yoshida '220), teaches a security-enhanced network-attached storage device. Blumenau et al. U.S. Pat. No. 7,165,152 (hereinafter referred to as Blumenau '152), teaches a method and apparatus for managing access to storage devices in a storage system with access control. Faulkner, U.S. Pat. No. 6,389,427 (hereinafter referred to as Faulkner '427), teaches a file-system performance enhancement.
Junya, U.S. Pat. No. 5,469,564 (hereinafter referred to as Junya '564), teaches a data storage device with enhanced data security. Tsuchiya, JP2000137581 (hereinafter referred to as Tsuchiya '581), teaches a storage-device control system. Hara, JP2007102761 (hereinafter referred to as Hara '761), teaches a system and method for limiting access to a storage device.
All the prior-art references cited above do not teach methods for the storage device to independently control the access to data in the storage device at a command-by-command level, and to limit access only to commands originating from privileged resident-program files.
It would be desirable to have systems and methods for limiting access, to data in a storage device, only to privileged resident-program files that have been launched from the storage device.