Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method to enable a value-added storage service of a storage system coupled to a client, comprising: establishing a secure root of trust for the client, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a provider of the value-added storage service; establishing a secure tunnel between an application of the client and the storage system of the client, wherein the secure tunnel uses an action and results mailbox; securely downloading the license for the value-added storage service from the provider to the storage system, wherein the storage system includes secure storage that is used to store the license; and securely providing the license from the storage system to the application via the secure tunnel.
2. The method of claim 1 , wherein the storage system includes secure storage that is used to store the license.
3. The method of claim 1 , wherein the license stored in the secure storage is accessible via a private interface.
4. The method of claim 1 , wherein establishing of the secure root of trust comprises: provisioning a public key into the storage system.
5. The method of claim 1 , wherein securely downloading the license comprises: authenticating with a service that manages the license.
6. The method of claim 1 , wherein the securely downloading the license comprises: receiving the license; and storing the license in the storage system.
7. A device to enable a value-added storage service of a storage system coupled to a device, comprising: the storage system, including, an agent to establish a secure root of trust for the device, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a service provider of the value-added storage service, physical storage that includes a secure storage to establish a secure tunnel with the service provider, to securely download a license for the value-added storage service from the service provider, and to securely provide the license from the storage system to an application via the secure tunnel, wherein the secure tunnel to use an action and results mailbox.
8. The device of claim 7 , wherein the secure storage is not accessible to an operating system of the device.
9. The device of claim 7 , wherein the license stored in the secure storage is accessible via a private interface.
10. The device of claim 7 , wherein the agent is further configured to authenticate with service provider.
11. The device of claim 10 , wherein the agent, to securely download the license, is configured to receive the license and to store the license in the storage system.
12. A system to enable a value-added storage service of a storage system coupled to a device, comprising: a service provider that manages and stores a license for the value-added storage service; and the storage system, including, an agent that establishes a secure root of trust for the device with the service provider, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a service provider of the value-added storage service, and physical storage including a secure storage that establishes a secure tunnel with the service provider, securely downloads the license for the value-added storage service from the service provider, and securely provides the license from the storage system to an application via the secure tunnel, wherein the secure tunnel to use an action and results mailbox.
13. The device of claim 12 , wherein the secure storage is not accessible to an operating system of the device.
14. The device of claim 12 , wherein the license stored in the secure storage is accessible via a private interface.
15. The system of claim 12 , wherein the service provider provisions a public key for the agent.
16. The system of claim 12 , wherein the agent further authenticates with service provider.
17. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method to enable a value-added storage service of a storage system coupled to a client, the method comprising: establishing a secure root of trust for the client, wherein the secure root of trust establishes a secure path to download a license for the value-added secure storage from a provider of the value-added storage service; establishing a secure tunnel between an application of the client and the storage system of the client, wherein the secure tunnel uses an action and results mailbox; securely downloading the license for the value-added storage service from the provider to the storage system, wherein the storage system includes secure storage that is used to store the license; and securely providing the license from the storage system to the application via the secure tunnel.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 22, 2011
February 23, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.