Methods of operating storage systems including encrypting a key salt

US 10,049,207 B2
Filed: 01/06/2017
Issued: 08/14/2018
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method of operating a storage system, comprising:

receiving a password at a device driver of the storage system from a host of the storage system, wherein the host is in communication with a removable storage device of the storage system through the device driver, and wherein the device driver is configured to enable a software program of the host to communicate to the removable storage device;

using the device driver to combine the password, a key salt, and a number of iterations to generate a primary key;

using the device driver to generate a key schedule from the primary key;

receiving an encrypted master key at the device driver from the removable storage device; and

using the device driver to decrypt the encrypted master key with the key schedule.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of operating a storage system includes using the device driver to combine a password, the key salt, and the number of iterations to generate a primary key, using the device driver to generate a key schedule from the primary key, receiving an encrypted master key at the device driver, and using the device driver to decrypt the encrypted master key with the key schedule.

Citations

20 Claims

1. A method of operating a storage system, comprising:
- receiving a password at a device driver of the storage system from a host of the storage system, wherein the host is in communication with a removable storage device of the storage system through the device driver, and wherein the device driver is configured to enable a software program of the host to communicate to the removable storage device;
  
  using the device driver to combine the password, a key salt, and a number of iterations to generate a primary key;
  
  using the device driver to generate a key schedule from the primary key;
  
  receiving an encrypted master key at the device driver from the removable storage device; and
  
  using the device driver to decrypt the encrypted master key with the key schedule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein using the device driver to combine the password, the key salt, and the number of iterations comprises the device driver using an exclusive “
    - OR”
      
      or Boolean functions.
  - 3. The method of claim 1, further comprising storing a portion of the primary key in a secure storage area of the removable storage device.
  - 4. The method of claim 1, wherein receiving the encrypted master key at the device driver from the removable storage device comprises receiving the encrypted master key at the device driver from a secure area of the removable storage device.
  - 5. The method of claim 1, wherein the primary key is used by the device driver to determine whether a user is allowed to change the password.
  - 6. The method of claim 5, wherein the primary key being used by the device driver to determine whether the user is allowed to change the password comprises using the device driver to determine whether a portion of the primary key matches a portion of a primary key that is stored in a secure storage area of the removable storage device.
  - 7. The method of claim 6, further comprising allowing the user to change the password when the portion of the primary key matches the portion of the primary key that is stored in the secure storage area of the removable storage device.
  - 8. The method of claim 1, further comprising using the device driver to compare a portion of the primary key to a portion of a primary key that is stored in a secure storage area of the removable storage device before using the device driver to generate the key schedule from the primary key.
  - 9. The method of claim 8, further comprising using the device driver to generate the key schedule from the primary key only when the portion of the primary key matches the portion of the primary key that is stored in the secure storage area of the removable storage device.
  - 10. The method of claim 8, wherein the secure storage area of the removable storage device is only accessible and/or readable by use of vendor unique commands.
  - 11. The method of claim 1, wherein the removable storage device comprises a read only master boot record.
  - 12. The method of claim 1, wherein the password is an old password, and further comprising using the device driver to combine the decrypted master key with a new password.
  - 13. The method of claim 1, wherein the password is an old password, and further comprising using the device driver to encrypt the decrypted master key in response to receiving a new password at the host.
  - 14. The method of claim 13, wherein the key salt is a first key salt, the primary key is a first primary key, and the key schedule is a first key schedule, and wherein using the device driver to encrypt the decrypted master key in response to receiving a new password at the host comprises:
    - using the device driver to combine the new password, a second key salt, and the number of iterations to generate a second primary key;
      
      using the device driver to generate a second key schedule from the second primary key; and
      
      using the device driver to encrypt the decrypted master key with the second key schedule.

15. A method of operating a storage system, comprising:
- receiving a password at a device driver of the storage system from a host of the storage system, wherein the host is in communication with a removable storage device of the storage system through the device driver, and wherein the device driver is configured to enable a software program of the host to communicate to the removable storage device;
  
  using the device driver to combine the password, a key salt, and a number of iterations to generate a first primary key;
  
  using the device driver to determine whether a portion of the first primary key matches a portion of a second primary key stored in a secure storage area of the removable storage device;
  
  using the device driver to generate a key schedule from the first primary key in response to the portion of the first primary key matching the portion of the second primary key;
  
  receiving an encrypted master key at the device driver from the removable storage device; and
  
  using the device driver to decrypt the encrypted master key with the key schedule.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein using the device driver to combine the password, the key salt, and the number of iteration comprises the device driver using an exclusive “
    - OR”
      
      or Boolean functions.
  - 17. The method of claim 15, wherein the password is an old password, and further comprising using the device driver to combine a new password with the decrypted master key to encrypt the decrypted master key.

18. A method of operating a storage system, comprising:
- receiving an old password at a device driver of the storage system from a host of the storage system, wherein the host is in communication with a removable storage device of the storage system through the device driver, and wherein the device driver is configured to enable a software program of the host to communicate to the removable storage device;
  
  using the device driver to combine the old password, a first key salt, and a number of iterations to generate a first primary key;
  
  using the device driver to determine whether a portion of the first primary key matches a portion of a second primary key stored in a secure storage area of the storage device;
  
  using the device driver to generate a first key schedule from the first primary key in response to the portion of the first primary key matching the portion of the second primary key;
  
  receiving an encrypted master key at the device driver from the removable storage device;
  
  using the device driver to decrypt the master key with the first key schedule;
  
  receiving a new pass word at the device driver;
  
  using the device driver to combine the new password, a second key salt, and the number of iterations to generate a third primary key;
  
  using the device driver to generate a second key schedule from the third primary key; and
  
  using the device driver to encrypt the decrypted master key with the second key schedule.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the secure storage area of the removable storage device is only accessible and/or readable by use of vendor unique commands.
  - 20. The method of claim 18, wherein the removable storage device comprises a read only master boot record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Ramesh, Ahuja Gurmukhsingh, Chellamuthu, Senthil Kumar
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Sarker, Sanchit

Application Number

US15/399,779
Publication Number

US 20170124318A1
Time in Patent Office

585 Days
Field of Search

713189, 380277
US Class Current
CPC Class Codes

G06F 12/1433   for a module or a part of a...

G06F 21/45   Structures or tools for the...

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2153   Using hardware token as a s...

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/14   using a plurality of keys o...

Methods of operating storage systems including encrypting a key salt

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods of operating storage systems including encrypting a key salt

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links