System and method for computer storage security
First Claim
Patent Images
1. A method carried out in a computer for providing periodic verification of the computer during requests from the computer to a second computer over a communications system, the method comprising:
- establishing an authentication handshake with the second computer; and
periodically sending messages to the second computer,wherein the second computer services the requests if the messages are valid and are received within a predetermined time interval.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method that improves security of a computer storage system by requiring an initiating computer to periodically reaffirm its identity by transmitting a message to a servicing computer. The message contains a previously established authentication message and a sequence value, established by and known only to the original participants. A message must be received by the servicing computer within a predetermined time interval in order to maintain data communications between the original participants.
-
Citations
67 Claims
-
1. A method carried out in a computer for providing periodic verification of the computer during requests from the computer to a second computer over a communications system, the method comprising:
-
establishing an authentication handshake with the second computer; and periodically sending messages to the second computer, wherein the second computer services the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method carried out in a computer for providing periodic verification of a second computer during requests from the second computer to the computer over a communications system, the method comprising:
-
establishing an authentication handshake with the second computer; periodically receiving messages from the second computer; and servicing the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer storage system comprising:
-
a first computer coupled to a communications system; and a second computer coupled to the communications system, wherein; the first computer establishes an authentication handshake with the second computer and periodically sends messages to the second computer; the first computer sends requests to the second computer; and the second computer services the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer storage system comprising:
-
a first computer coupled to a communications system; and a second computer coupled to the communications system, wherein; the first computer establishes an authentication handshake with the second computer and periodically receives messages from the second computer; and the first computer receives requests from the second computer and services the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A method carried out in a computer for providing periodic verification of at least two second computers during requests from the at least two second computers to the computer over a communications system, the method comprising:
-
establishing authentication handshakes with each of the at least two second computers; periodically receiving messages from the at least two second computers, wherein the messages are different from each other; and servicing the requests from the at least two second computers if their corresponding messages are valid and received within a predetermined time interval. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A method carried out in a computer for providing periodic verification of the computer during requests from the computer to a second computer over a communications system, the method comprising:
-
establishing an authentication handshake with the second computer, wherein the authentication handshake includes a session key and a sequence value; and periodically sending messages to the second computer, wherein the messages include the session key and the sequence value, wherein the second computer services the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (31, 32)
-
-
33. A method carried out in a computer for providing periodic verification of the computer during requests from the computer to a second computer over a communications system, the method comprising:
-
establishing an authentication handshake with the second computer, wherein the authentication handshake includes a session key and a sequence value; and periodically sending messages to the second computer, wherein the messages include the session key and the sequence value which are processed through a one-way hash function, wherein the second computer services the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (34, 35)
-
-
36. A method carried out in a computer for providing periodic verification of a second computer during requests from the second computer to the computer over a communications system, the method comprising:
-
establishing an authentication handshake with the second computer, wherein the authentication handshake includes a session key and a sequence value; periodically receiving messages from the second computer, wherein the messages include the session key and the sequence value; and servicing the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (37, 38)
-
-
39. A method carried out in a computer for providing periodic verification of a second computer during requests from the second computer to the computer over a communications system, the method comprising:
-
establishing an authentication handshake with the second computer, wherein the authentication handshake includes a session key and a sequence value; periodically receiving messages from the second computer, wherein the messages include the session key and the sequence value which are processed through a one-way hash function; and servicing the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (40, 41)
-
-
42. A computer-executable process stored on a computer-readable medium, the computer-executable process generating periodic verification of a computer during requests from the computer to a second computer over a communications system, the computer-executable process comprising:
-
code to establish by the computer an authentication handshake with the second computer, wherein the authentication handshake includes a session key and a sequence value; and code to periodically generate and send messages to the second computer, wherein the messages include the session key and the sequence value which are processed through a one-way hash function.
-
-
43. A computer-executable process stored on a computer-readable medium, the computer-executable process generating periodic verification of a computer during requests from a second computer over a communications system, the computer-executable process comprising:
-
code to establish by the computer an authentication handshake with the second computer; code to periodically receive messages from the second computer messages; and code to service the requests if the messages are valid and are received within a predetermined time interval. - View Dependent Claims (44, 45)
-
-
46. A method carried out in an intelligent storage device for providing periodic verification of a computer during requests from the computer to the intelligent storage device over a communications system, the method comprising:
-
establishing an authentication handshake with the computer, wherein the authentication handshake includes a session key and a sequence value; periodically receiving messages from the computer, wherein the messages include the session key and the sequence value which are processed through a one-way hash function; and servicing the requests if the messages are valid and are received within a predetermined time interval.
-
-
47. A method carried out in a computer for providing periodic verification of the computer during requests from the computer to an intelligent storage device over a communications system, the method comprising:
-
establishing an authentication handshake with the intelligent storage device, wherein the authentication handshake includes a session key and a sequence value; and periodically sending messages to the intelligent storage device, wherein the messages include the session key and the sequence value which are processed through a one-way hash function, wherein the intelligent storage device services the requests if the messages are valid and are received within a predetermined time interval.
-
-
48. A method to protect stored data, comprising:
-
receiving from a device verification information verifying the identity of the device; verifying the validity of the verification information using common information known to the device and to the processor; determining an authorization status of the device based on (1) the validity of the verification information and (2) a time the verification information is received by the processor; receiving a request from the device to access the stored data; and allowing the device to access the stored data based, at least in part, on the authorization status at the time the request is received. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
-
62. A method to protect stored data, comprising:
-
providing authentication information to a processor responsible for managing data processing requests relating to stored data; performing, at least once during one or more time intervals having predetermined durations, the following actions; retrieving from memory a value previously received from the processor; applying a predetermined algorithm to the value to generate an encoded value; and transmitting the encoded value to the processor; and transmitting to the processor at least one data processing request relating to the stored data. - View Dependent Claims (63, 64, 65, 66)
-
-
67. A system to protect stored data, comprising:
a device configured to; transmit verification information verifying the identity of the device; and transmit at least one request to access stored data; and
a processor configured to;receive from the device the verification information; verify the validity of the verification information using common information known to the device and to the processor; determine an authorization status of the device based on (1) the validity of the verification information and (2) a time the verification information is received by the processor; receive the at least one request from the device; and allow the device to access the stored data based, at least in part, on the authorization status at the time the request is received.
Specification