Secure storage access using third party capability tokens

Assignee

• Symantec Operating Corporation · US

Inventors

• Ronald Karr · Palo Alto, US
• John R. Finlay · Eastsound, US
• Ramana Jonnala · Sunnyvale, US
• Dhanesh Joshi · Santa Clara, US
• Narasimha R. Valiveti · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/123
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method for revocable token identifiers may be employed in a shared storage environment. An access server may generate access tokens and include revocable token identifiers previously obtained from storage devices. When clients present access tokens to storage devices during storage requests, storage devices may check the validity of access tokens by verifying that the revocable token identifiers were previously issued to the access server. An access server may request that the storage device revoke revocable token identifiers. Storage devices may deny any future storage requests including revoked token identifiers. Additionally, an access token may include instructions specifying operations for a storage device to perform in conjunction with a storage request. A trusted server may issue grantor tokens granting permissions for access servers to use when issuing access tokens. An access server may then include such a grantor token in access tokens that it generates and issues to clients.