P
US9270657B2ActiveUtilityPatentIndex 44

Activation and monetization of features built into storage subsystems using a trusted connect service back end infrastructure

Assignee: TRIANTAFILLOU NICHOLAS DPriority: Dec 22, 2011Filed: Dec 22, 2011Granted: Feb 23, 2016
Est. expiryDec 22, 2031(~5.5 yrs left)· nominal 20-yr term from priority
Inventors:TRIANTAFILLOU NICHOLAS DBRADFIELD TERRY RYUNSAXENA PARITOSHTHADIKARAN PAUL JNOVICK DAVID OWEN
G06F 21/12H04L 2463/101G06F 21/56H04L 63/08G06F 21/606G06F 21/78
44
PatentIndex Score
0
Cited by
162
References
17
Claims

Abstract

Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method to enable a value-added storage service of a storage system coupled to a client, comprising:
 establishing a secure root of trust for the client, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a provider of the value-added storage service; 
 establishing a secure tunnel between an application of the client and the storage system of the client, wherein the secure tunnel uses an action and results mailbox; 
 securely downloading the license for the value-added storage service from the provider to the storage system, wherein the storage system includes secure storage that is used to store the license; and 
 securely providing the license from the storage system to the application via the secure tunnel. 
 
     
     
       2. The method of  claim 1 , wherein the storage system includes secure storage that is used to store the license. 
     
     
       3. The method of  claim 1 , wherein the license stored in the secure storage is accessible via a private interface. 
     
     
       4. The method of  claim 1 , wherein establishing of the secure root of trust comprises:
 provisioning a public key into the storage system. 
 
     
     
       5. The method of  claim 1 , wherein securely downloading the license comprises:
 authenticating with a service that manages the license. 
 
     
     
       6. The method of  claim 1 , wherein the securely downloading the license comprises:
 receiving the license; and 
 storing the license in the storage system. 
 
     
     
       7. A device to enable a value-added storage service of a storage system coupled to a device, comprising:
 the storage system, including,
 an agent to establish a secure root of trust for the device, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a service provider of the value-added storage service, 
 physical storage that includes a secure storage to establish a secure tunnel with the service provider, to securely download a license for the value-added storage service from the service provider, and to securely provide the license from the storage system to an application via the secure tunnel, wherein the secure tunnel to use an action and results mailbox. 
 
 
     
     
       8. The device of  claim 7 , wherein the secure storage is not accessible to an operating system of the device. 
     
     
       9. The device of  claim 7 , wherein the license stored in the secure storage is accessible via a private interface. 
     
     
       10. The device of  claim 7 , wherein the agent is further configured to authenticate with service provider. 
     
     
       11. The device of  claim 10 , wherein the agent, to securely download the license, is configured to receive the license and to store the license in the storage system. 
     
     
       12. A system to enable a value-added storage service of a storage system coupled to a device, comprising:
 a service provider that manages and stores a license for the value-added storage service; and 
 the storage system, including,
 an agent that establishes a secure root of trust for the device with the service provider, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a service provider of the value-added storage service, and 
 physical storage including a secure storage that establishes a secure tunnel with the service provider, securely downloads the license for the value-added storage service from the service provider, and securely provides the license from the storage system to an application via the secure tunnel, wherein the secure tunnel to use an action and results mailbox. 
 
 
     
     
       13. The device of  claim 12 , wherein the secure storage is not accessible to an operating system of the device. 
     
     
       14. The device of  claim 12 , wherein the license stored in the secure storage is accessible via a private interface. 
     
     
       15. The system of  claim 12 , wherein the service provider provisions a public key for the agent. 
     
     
       16. The system of  claim 12 , wherein the agent further authenticates with service provider. 
     
     
       17. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method to enable a value-added storage service of a storage system coupled to a client, the method comprising:
 establishing a secure root of trust for the client, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a provider of the value-added storage service; 
 establishing a secure tunnel between an application of the client and the storage system of the client, wherein the secure tunnel uses an action and results mailbox; 
 securely downloading the license for the value-added storage service from the provider to the storage system, wherein the storage system includes secure storage that is used to store the license; and 
 securely providing the license from the storage system to the application via the secure tunnel.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.