Trusted Time Stamping Storage System

US 20080229113A1
Filed: 01/18/2008
Published: 09/18/2008
Est. Priority Date: 08/31/2004
Status: Active Grant

First Claim

Patent Images

1. A method for providing trusted time stamping in a data storage system, the method comprising:

determining data being stored in the data storage system;

hashing the data to generate a hash value;

sending the hash value and a request for a time stamp to a time stamping authority;

receiving a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value;

storing the time stamp token and the time stamping authority certificate in the data storage system, the time stamp and hash value providing trusted time stamping for the determined data in data storage system; and

validating the time stamp token stored in the data storage system, including;

accessing the data stored in the data storage system,hashing the accessed data to generate a second hash value;

retrieving the hash value of the time stamp token;

comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and

validating the time stamp token based on the comparison.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data stored in a data storage system is hashed to generate a hash value. The hash value and a request for a time stamp are then sent to a time stamping authority. A time stamp token and/or a time stamp certificate is received from the time stamping authority. The time stamp token includes a time stamp and the hash value, and may be encrypted using a private key of the time stamping authority. The time stamp token and/or time stamp certificate is then stored with, for example, a reference to the data being stored in the data storage system. The time stamp token and/or time stamp certificate may then be used to validate the data being stored and the time stamp.

24 Citations

View as Search Results

94 Claims

1. A method for providing trusted time stamping in a data storage system, the method comprising:
- determining data being stored in the data storage system;
  
  hashing the data to generate a hash value;
  
  sending the hash value and a request for a time stamp to a time stamping authority;
  
  receiving a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value;
  
  storing the time stamp token and the time stamping authority certificate in the data storage system, the time stamp and hash value providing trusted time stamping for the determined data in data storage system; and
  
  validating the time stamp token stored in the data storage system, including;
  
  accessing the data stored in the data storage system,hashing the accessed data to generate a second hash value;
  
  retrieving the hash value of the time stamp token;
  
  comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 14, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein storing the time stamp token comprises storing the time stamp token in a device that is storing the data.
  - 3. The method of claim 2, wherein the device comprises a redundant array of independent disks (RAID).
  - 4. The method of claim 1, wherein storing the time stamp token comprises storing the time stamp token in metadata for the data storage system, the metadata including a reference to the stored data.
  - 5. The method of claim 4, wherein the reference comprises an address to where the data is being stored and a size of the data.
  - 6. The method of claim 1, wherein storing the time stamp token comprises storing the time stamp token with the stored data.
  - 7. The method of claim 1, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 8. The method of claim 7, further comprising:
    - validating the time stamp token, wherein validating comprises decrypting the time stamp token using a public key of the time stamping authority.
  - 9. The method of claim 8, wherein the public key is received from a certification authority.
  - 10. The method of claim 1, wherein hashing the data comprises hashing the data using a keyed hashing method.
  - 12. The method of claim 1, wherein validating the time stamp token further comprises:
    - contacting a party that can provide information needed to validate the time stamping authority certificate.
  - 14. The method of claim 1, wherein validating the time stamp token based on the comparison comprises affirmatively validating the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 16. The method of claim 1, further comprising checking if the time stamping authority certificate is valid.
  - 17. The method of claim 1, wherein the step of checking comprises:
    - determining a time using an internal timer of the data storage system; and
      
      using the time to determine if the time stamping authority certificate has expired.
  - 18. The method of claim 1, wherein the determined data is fixed.
  - 19. The method of claim 1, wherein the data comprises at least one of data being stored in the data storage system, an I/O command for the data storage system, and a management command for the data storage system.

11. (canceled)

13. (canceled)

15. (canceled)

20. A storage system for providing trusted time stamping, the system comprising:
- a storage device configured to store data;
  
  a data determiner configured to determine data in the storage device;
  
  a hasher configured to hash the determined data to generate a hash value;
  
  a time stamp requestor configured to send the hash value and a request for a time stamp to a time stamping authority;
  
  a receiver configured to receive a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value, wherein the storage device is configured to store the time stamp token, the time stamp token providing trusted time stamping for the determined data in the data storage system; and
  
  a validator configured to validate the time stamp token stored in the data storage system including;
  
  accessing the data stored in the data storage system,hashing the accessed data to generate a second hash value;
  
  retrieving the hash value of the time stamp token,comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 31, 33, 34, 35, 36)
- - 21. The system of claim 20, wherein the storage device comprises a metadata table, the metadata table storing the time stamp token and a reference to the determined data.
  - 22. The system of claim 21, wherein the reference comprises an address to where the determined data is being stored and a size of the data.
  - 23. The system of claim 20, wherein the storage device stores the time stamp token with the determined data.
  - 24. The system of claim 20, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 25. The system of claim 24,wherein the validator is configured to decrypt the time stamp token using a public key of the time stamping authority.
  - 26. The system of claim 25, wherein the public key is received from a certification authority.
  - 27. The system of claim 20, wherein the hasher is configured to hash the data using a keyed hashing method.
  - 31. The system of claim 20, wherein the validator is configured to affirmatively validate the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 33. The system of claim 20, further comprising a certificate checker configured to check if the time stamping authority certificate is valid.
  - 34. The system of claim 33, wherein the certificate checker is configured to:
    - determine a time using an internal timer of the data storage system; and
      
      use the time to determine if the time stamping authority certificate has expired.
  - 35. The system of claim 20, wherein the determined data is fixed.
  - 36. The system of claim 20, wherein the determined data comprises at least one of data being stored in the data storage system, an I/O command for the data storage system, and a management command for the data storage system.

28. (canceled)
- View Dependent Claims (29)
- - 29. The system of claim 28, wherein the validator is further configured tocontact a party that can provide information needed to validate the time stamp certificate.

30. (canceled)

32. (canceled)

37. A method for validating a time stamp generated for data being stored in a data storage system, the method comprising:
- receiving a request to validate a time stamp token received from a time stamping authority;
  
  accessing the time stamp token being stored in the data storage system;
  
  validating the time stamp token;
  
  determining a hash value associated with the time stamp token;
  
  accessing data being stored in the data storage system that was time stamped using the time stamp token;
  
  hashing the data to generate a second hash value;
  
  comparing the hash value included in the time stamp token with the second hash value;
  
  validating the data based on the comparison; and
  
  if the time stamp token and the data are validated, validating the time stamp.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 38. The method of claim 37, wherein accessing the data comprises using a reference to the data being stored with the time stamp token in a metadata table in the data storage system.
  - 39. The method of claim 37, wherein accessing the time stamp token comprises accessing the time stamp token being stored in a metadata table with a reference to the data that was time stamped.
  - 40. The method of claim 37, wherein accessing the time stamp token comprises:
    - accessing the data that was time stamped; and
      
      determining the time stamp token, wherein the time stamp token is attached to the data being stored in the data storage device.
  - 41. The method of claim 37, further comprising:
    - receiving a time stamp certificate from the time stamping authority;
      
      wherein validating the time stamp token comprising;
      
      contacting a party that can provide information needed to validate the time stamp certificate.
  - 42. The method of claim 37, wherein validating the time stamp token based on the comparison comprises affirmatively validating the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 43. The method of claim 37, further comprising receiving a time stamp certificate from the time stamping authority.
  - 44. The method of claim 37, wherein the time stamp token is encrypted using a private key of the time stamping authority, and validating the time stamp token further comprises decrypting the time stamp token using a public key of the time stamping authority.
  - 45. The method of claim 44, wherein the public key is received from a certification authority.
  - 46. The method of claim 37, wherein hashing the data comprises hashing the data using a keyed hashing method.
  - 47. The method of claim 43, further comprising checking if the time stamp certificate is valid.
  - 48. The method of claim 47, wherein the checking comprises:
    - determining a time using an internal timer of the data storage system; and
      
      using the time to determine if the time stamp certificate has expired.
  - 49. The method of claim 37, wherein the accessed data comprises at least one of data being stored in the data storage system, an I/O command for the data storage system, and a management command for the data storage system.

50. A method for providing trusted time stamping for commands for a data storage system, the method comprising:
- determining a command executed in the data storage system;
  
  hashing information for the command to generate a hash value;
  
  sending the hash value and a request for a time stamp to a time stamping authority;
  
  receiving a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value;
  
  storing the time stamp token in the data storage system, the time stamp and hash value providing trusted time stamping mechanism for the command in the data storage system; and
  
  validating the time stamp token stored in the data storage system, including;
  
  accessing the information for the command;
  
  hashing the accessed information to generate a second hash value;
  
  retrieving the hash value of the time stamp token;
  
  comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison.
- View Dependent Claims (51, 52, 53, 55, 57, 58, 59, 60, 61, 63, 64, 65, 66)
- - 51. The method of claim 50, wherein storing the time stamp token comprises storing the time stamp token in a device that is storing the information for the command.
  - 52. The method of claim 51, wherein the device comprises a redundant array of independent disks (RAID).
  - 53. The method of claim 50, wherein storing the time stamp token comprises storing the time stamp token in a command log for the data storage system, the command log including the information for the command.
  - 55. The method of claim 50, wherein the step of validating further comprisescontacting a party that can provide information needed to validate the time stamping authority certificate.
  - 57. The method of claim 50, wherein validating the time stamp token based on the comparison comprises affirmatively validating the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 58. The method of claim 50, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 59. The method of claim 58, further comprising:
    - validating the time stamp token, wherein validating comprises decrypting the time stamp token using a public key of the time stamping authority.
  - 60. The method of claim 59, wherein the public key is received from a certification authority.
  - 61. The method of claim 50, wherein hashing the data comprises hashing the data using a keyed hashing method.
  - 63. The method of claim 50, further comprising checking if the time stamping authority certificate is valid.
  - 64. The method of claim 63, wherein the checking comprisesdetermining a time using an internal timer of the data storage system;
    - andusing the time to determine if the time stamping authority certificate has expired.
  - 65. The method of claim 50, wherein the information being hashed is fixed.
  - 66. The method of claim 50, wherein the command comprises at least one of an I/O command for the data storage system and a management command for the data storage system.

54. (canceled)

56. (canceled)

62. (canceled)

67. A storage system for providing trusted time stamping for commands being executed in the storage system, the system comprising:
- a command determiner configured to determine a command being executed in the storage device;
  
  a hasher configured to hash information for the command to generate a hash value;
  
  a time stamp requester configured to send the hash value and a request for a time stamp to a time stamping authority;
  
  a receiver configured to receive a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value, wherein the storage device is configured to store the time stamp token, the time stamp token providing trusted time stamping for the command in the data storage system; and
  
  a validator configured to validate the time stamp token stored in the data storage system, including;
  
  accessing the information for the command;
  
  hashing the accessed information to generate a second hash value;
  
  retrieving the hash value of the time stamp token,comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison.
- View Dependent Claims (68, 70, 72, 73, 74, 75, 76, 78, 79, 80, 81)
- - 68. The system of claim 67, wherein the storage device comprises a command log, the command log storing the time stamp token and hashed information for the command.
  - 70. The system of claim 67, wherein the validator is further configured:
    - to contact a party that can provide information needed to validate the time stamp certificate.
  - 72. The system of claim 67, wherein the validator is configured to affirmatively validate the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 73. The system of claim 67, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 74. The system of claim 73,wherein the validator is further configured to decrypt the time stamp token using a public key of the time stamping authority.
  - 75. The system of claim 74, wherein the public key is received from a certification authority.
  - 76. The system of claim 67, wherein the hasher is configured to hash the data using a keyed hashing method.
  - 78. The system of claim 67, further comprising a certificate checker configured to check if the time stamping authority certificate is valid.
  - 79. The system of claim 67, wherein the certificate checker is configured to:
    - determine a time using an internal timer of the data storage system; and
      
      use the time to determine if the time stamping authority certificate has expired.
  - 80. The system of claim 67, wherein the hashed information for the command is fixed.
  - 81. The system of claim 67, wherein the information for the command comprises at least one of an I/O command for the data storage system and a management command for the data storage system.

69. (canceled)

71. (canceled)

77. (canceled)

82. A method for validating a time stamp generated for a command being executed in a data storage system, the method comprising:
- receiving a request to validate a time stamp token received from a time stamping authority;
  
  accessing the time stamp token being stored in the data storage system;
  
  validating the time stamp token;
  
  determining a hash value included with the time stamp token;
  
  accessing information for the command being stored in the data storage system that was time stamped using the time stamp token;
  
  hashing the information for the command to generate a second hash value;
  
  comparing the hash value included in the time stamp token with the second hash value;
  
  validating the information for the command based on the comparison; and
  
  if the time stamp token and the data are validated, validating the time stamp.
- View Dependent Claims (83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94)
- - 83. The method of claim 82, wherein accessing the information for the command comprises accessing the information for the command in a command log metadata table in the data storage system.
  - 84. The method of claim 82, wherein accessing the time stamp token comprises accessing the time stamp token being stored in a command log metadata table with information for the command that was time stamped.
  - 85. The method of claim 82, further comprising:
    - receiving a time stamp certificate from the time stamping authority;
      
      wherein validating the time stamp token comprising;
      
      contacting a party that can provide information needed to validate the time stamp certificate.
  - 86. The method of claim 82, wherein validating the time stamp token based on the comparison comprises affirmatively validating the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 87. The method of claim 82, further comprising receiving a time stamp certificate from the time stamping authority.
  - 88. The method of claim 87, further comprising checking if the time stamp certificate is valid.
  - 89. The method of claim 87, wherein checking comprising:
    - determining a time using an internal timer of the data storage system; and
      
      using the time to determine if the time stamp certificate has expired.
  - 90. The method of claim 82, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 91. The method of claim 90, further comprising:
    - validating the time stamp token, wherein validating comprises decrypting the time stamp token using a public key of the time stamping authority.
  - 92. The method of claim 91, wherein the public key is received from a certification authority.
  - 93. The method of claim 82, wherein hashing the data comprises hashing the data using a keyed hashing method.
  - 94. The method of claim 82, wherein the accessed data comprises at least one of data being stored in the data storage system, an I/O command for the data storage system, and a management command for the data storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
YAGAWA, Yuichi

Granted Patent

US 7,716,488 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

H04L 9/3236 using cryptographic hash fu...

H04L 9/3297 involving time stamps, e.g....

Trusted Time Stamping Storage System

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

94 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted Time Stamping Storage System

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

94 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links