Computer network comprising network authentication facilities implemented in a disk drive

US 7,155,616 B1
Filed: 07/31/2000
Issued: 12/26/2006
Est. Priority Date: 07/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. A computer network comprising a plurality of interconnected network devices including:

(a) a plurality of client computers;

(b) an authentication server computer operated by a system administrator; and

(c) a disk drive connected to the authentication server computer, the disk drive comprising;

an interface for receiving personal authentication data and user access data from the system administrator;

a disk for storing data;

a disk controller for controlling access to the disk;

an authenticator, responsive to the personal authentication data, for enabling the disk controller; and

cryptographic circuitry for encrypting the user access data received from the system administrator into encrypted data stored on the disk;

wherein;

the user access data comprises a plurality of user identifiers and corresponding access rights to the plurality of network devices;

the disk stores encrypted device access data associated with the network devices;

the device access data for use in authenticating device access requests transmitted from client computers to the network devices; and

the encrypted device access data is stored on the disk during manufacture of the disk drive.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network is disclosed comprising a plurality of interconnected network devices including a plurality of client computers, an authentication server computer operated by a system administrator, and a disk drive connected to the authentication server computer. The disk drive comprises an interface for receiving the personal authentication data and user access data from the system administrator, a disk for storing data, and a disk controller for controlling access to the disk. An authenticator within the disk drive, responsive to the personal authentication data, enables the disk controller, and cryptographic circuitry encrypts the user access data received from the system administrator into encrypted data stored on the disk.

202 Citations

23 Claims

1. A computer network comprising a plurality of interconnected network devices including:
- (a) a plurality of client computers;
  
  (b) an authentication server computer operated by a system administrator; and
  
  (c) a disk drive connected to the authentication server computer, the disk drive comprising;
  
  an interface for receiving personal authentication data and user access data from the system administrator;
  
  a disk for storing data;
  
  a disk controller for controlling access to the disk;
  
  an authenticator, responsive to the personal authentication data, for enabling the disk controller; and
  
  cryptographic circuitry for encrypting the user access data received from the system administrator into encrypted data stored on the disk;
  
  wherein;
  
  the user access data comprises a plurality of user identifiers and corresponding access rights to the plurality of network devices;
  
  the disk stores encrypted device access data associated with the network devices;
  
  the device access data for use in authenticating device access requests transmitted from client computers to the network devices; and
  
  the encrypted device access data is stored on the disk during manufacture of the disk drive.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer network as recited in claim 1, wherein the user access data further comprises user authentication data.
  - 3. The computer network as recited in claim 2, wherein the user authentication data comprises a user password.
  - 4. The computer network as recited in claim 1, wherein the personal authentication data comprises a user password.
  - 5. The computer network as recited in claim 1, wherein:
    - (a) the cryptographic circuitry comprises an immutable secret drive key configured during manufacture of the disk drive; and
      
      (b) the secret drive key for use in encrypting the user access data.
  - 6. The computer network as recited in claim 1, wherein the encrypted device access data comprises an encrypted secret device key shared with a corresponding network device.
  - 7. The computer network as recited in claim 1, wherein:
    - (a) the interface receives unencrypted device access data; and
      
      (b) the cryptographic circuitry encrypts the unencrypted device access data into the encrypted device access data stored on the disk.
  - 8. The computer network as recited in claim 1, wherein the encrypted device access data is transmitted from the network devices to the disk drive.

9. A computer network comprising a plurality of interconnected network devices including:
- (a) a plurality of client computers;
  
  (b) an authentication server computer; and
  
  (c) a disk drive connected to the authentication server computer, the disk drive comprising;
  
  an interface for receiving from a client computer a user ID and a user access request to access a network device, and for transmitting device access data to the client computer;
  
  a disk for storing encrypted data;
  
  a disk controller, responsive to the user ID and user access request, for controlling access to the disk; and
  
  cryptographic circuitry for decrypting the encrypted data stored on the disk to generate decrypted data;
  
  wherein the disk controller uses the decrypted data to generate the device access data transmitted to the client computer.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The computer network as recited in claim 9, wherein:
    - (a) the encrypted data comprises encrypted user authentication data corresponding to the user ID; and
      
      (b) the cryptographic circuitry decrypts the encrypted user authentication data to generate decrypted user authentication data.
  - 11. The computer network as recited in claim 10, wherein the decrypted user authentication data comprises a user password.
  - 12. The computer network as recited in claim 9, wherein the cryptographic circuitry encrypts the device access data before transmission to the client computer.
  - 13. The computer network as recited in claim 10, wherein:
    - (a) the cryptographic circuitry encrypts the device access data before transmission to the client computer; and
      
      (b) the cryptographic circuitry encrypts the device access data using a cryptographic user key extracted from the decrypted user authentication data.
  - 14. The computer network as recited in claim 13, wherein the cryptographic user key is generated by the cryptographic circuitry using the decrypted user authentication data.
  - 15. The computer network as recited in claim 13, wherein the cryptographic user key is a public key for use in a public key encryption algorithm.
  - 16. The computer network as recited in claim 9, wherein:
    - (a) the cryptographic circuitry encrypts the device access data using a secret device key shared with the network device; and
      
      (b) the secret device key is used by the network device to authenticate device access requests received from client computers.
  - 17. The computer network as recited in claim 16, wherein the secret device key shared with the network device is stored in encrypted form on the disk and decrypted by the cryptography circuitry.
  - 18. The computer network as recited in claim 9, wherein:
    - (a) the cryptographic circuitry comprises an immutable secret drive key configured during manufacture of the disk drive; and
      
      (b) the secret drive key for use in decrypting the encrypted data stored on the disk.

19. A computer network comprising a plurality of interconnected network devices including:
- (a) a plurality of client computers;
  
  (b) an authentication server; and
  
  (c) a disk drive comprising;
  
  an interface for receiving an encrypted device access request and for inputting/outputting user data from/to a client computer;
  
  a disk for storing data;
  
  a disk controller for controlling access to the disk;
  
  an internal drive key;
  
  a secret device key shared with the authentication server, the secret device key stored in encrypted form;
  
  cryptographic circuitry, responsive to the internal drive key, for decrypting the encrypted secret device key to generate a decrypted secret device key; and
  
  an authenticator, responsive to the decrypted secret device key, for authenticating the device access request.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The computer network as recited in claim 19, wherein the encrypted secret device key is stored on the disk.
  - 21. The computer network as recited in claim 19, wherein the encrypted secret device key is configured during manufacture of the disk drive.
  - 22. The computer network as recited in claim 19, wherein the disk drive transmits the encrypted secret device key to the authentication server.
  - 23. The computer network as recited in claim 19, wherein the internal drive key comprises tamper-resistant circuitry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Original Assignee
Western Digital Ventures Incorporated (Western Digital Corporation)
Inventors
Hamlin, Christopher L.
Primary Examiner(s)
Louis-Jacques, Jacques H.
Assistant Examiner(s)
Tran, Ellen C

Application Number

US09/630,069
Time in Patent Office

2,339 Days
Field of Search

380 20- 50, 705/35, 709/229, 713/169, 713/200, 713/193, 711/111, 711/112, 711/113, 711/114
US Class Current

713/193
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/3226   using a predetermined code,...

Computer network comprising network authentication facilities implemented in a disk drive

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

202 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Computer network comprising network authentication facilities implemented in a disk drive

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

202 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others