Browse Prior Art Database

Remote-Controlled Write-Lock in Hard Disk (HD) Controllers Disclosure Number: IPCOM000014977D
Original Publication Date: 2001-Jun-10
Included in the Prior Art Database: 2003-Jun-20
Document File: 1 page(s) / 39K

Publishing Venue



The idea relates to a remote-controlled write-lock in hard disk (HD) controllers.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 1

Remote-Controlled Write-Lock in Hard Disk (HD) Controllers

The idea relates to a remote-controlled write-lock in hard disk (HD) controllers.

It is difficult to maintain securely machine's in corporate networks or public terminals. Even if we disregard physical tampering we are in deep trouble. Most operating systems are easily tamperable in software and secure ones are not in sight. In particular for shared machines it is difficult to maintain such machines remotely and keep them in a safe state, in particular given the regular need to patch such system after discovered vulnerabilities.

The disk-controller (DC) is extended in a way which allows access control on writes, i.e., each write has to be bundled with an authorization code (MAC) using a key which is contained in the DC. To further enhance security these writes can be limited to the boot-time and combined with a secure boot-loaders which queries a secure server for security patches. The area of protection would either have to be the whole disk or particular partitions (e.g., all bootable partitions and partitions containing the main operating system). Key management would either be by pre- or one-time-install of shared-keys or one-time install of public keys which can then be used with stream signatures.

A machine with a write-lock controlled operating system could be a low-cost enhancement of secure remote management. A user who comes to a machine and reboots it is sure that it will run the most up-to-dat...