Trusted time stamping storage system

US 7,716,488 B2
Filed: 01/18/2008
Issued: 05/11/2010
Est. Priority Date: 08/31/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing trusted time stamping for commands for a data storage system, the method comprising:

determining a command executed in the data storage system;

hashing information for the command to generate a hash value;

sending the hash value and a request for a time stamp to a time stamping authority;

receiving a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value, the time stamp and hash value providing trusted time stamping mechanism for the command;

storing the time stamp token command and the command in a command log in the data storage system; and

validating the time stamp token stored in the data storage system, including;

accessing the information for the command;

hashing the accessed information to generate a second hash value;

retrieving the hash value of the time stamp token by utilizing information associated with the time stamping authority certificate;

comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and

validating the time stamp token based on the comparison;

wherein determining a command includes determining whether the command should be time stamped based on a predetermined rule; and

wherein the predetermined rule is to which logical volume of the data storage system the command is directed.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data stored in a data storage system is hashed to generate a hash value. The hash value and a request for a time stamp are then sent to a time stamping authority. A time stamp token and/or a time stamp certificate is received from the time stamping authority. The time stamp token includes a time stamp and the hash value, and may be encrypted using a private key of the time stamping authority. The time stamp token and/or time stamp certificate is then stored with, for example, a reference to the data being stored in the data storage system. The time stamp token and/or time stamp certificate may then be used to validate the data being stored and the time stamp.

40 Citations

View as Search Results

60 Claims

1. A method for providing trusted time stamping for commands for a data storage system, the method comprising:
- determining a command executed in the data storage system;
  
  hashing information for the command to generate a hash value;
  
  sending the hash value and a request for a time stamp to a time stamping authority;
  
  receiving a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value, the time stamp and hash value providing trusted time stamping mechanism for the command;
  
  storing the time stamp token command and the command in a command log in the data storage system; and
  
  validating the time stamp token stored in the data storage system, including;
  
  accessing the information for the command;
  
  hashing the accessed information to generate a second hash value;
  
  retrieving the hash value of the time stamp token by utilizing information associated with the time stamping authority certificate;
  
  comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison;
  
  wherein determining a command includes determining whether the command should be time stamped based on a predetermined rule; and
  
  wherein the predetermined rule is to which logical volume of the data storage system the command is directed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 40, 41, 54, 55, 56)
- - 2. The method of claim 1, wherein storing the time stamp token comprises storing the time stamp token in a device that is storing the information for the command.
  - 3. The method of claim 2, wherein the device comprises a redundant array of independent disks (RAID).
  - 4. The method of claim 1, wherein the command log includes the information for the command.
  - 5. The method of claim 1, wherein the step of validating further comprisescontacting a party that can provide information needed to validate the time stamping authority certificate.
  - 6. The method of claim 1, wherein validating the time stamp token based on the comparison comprises affirmatively validating the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 7. The method of claim 1, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 8. The method of claim 7, further comprising:
    - validating the time stamp token, wherein validating comprises decrypting the time stamp token using a public key of the time stamping authority.
  - 9. The method of claim 8, wherein the public key is received from a certification authority.
  - 10. The method of claim 1, wherein hashing the data comprises hashing the data using a keyed hashing method.
  - 11. The method of claim 1, further comprising checking if the time stamping authority certificate is valid.
  - 12. The method of claim 11, wherein the checking comprisesdetermining a time using an internal timer of the data storage system;
    - andusing the time to determine if the time stamping authority certificate has expired.
  - 13. The method of claim 1, wherein the information being hashed is fixed.
  - 14. The method of claim 1, wherein the command comprises at least one of an I/O command for the data storage system and a management command for the data storage system.
  - 40. The method of claim 1, wherein the predetermined rule is used to determine which command should be time stamped based on which logical volume of the data storage system to which the command is directed.
  - 41. The method of claim 1, wherein the predetermined rule is used to determine which command should be time stamped by matching an operation code of the command with a predefined code that indicates a time stamp should be requested.
  - 54. The method of claim 1, further comprising:
    - storing the time stamping authority certificate in the command log.
  - 55. The method of claim 54, further comprising:
    - performing verification of a command based on information in the command log.
  - 56. The method of claim 55, wherein verification of the command includes verifying when the command was executed based on time stamp information in the command log.

15. A storage system for providing trusted time stamping for commands being executed in the storage system, the storage system comprisinga processor and a memory which has modules to be executed by the processor, the modules including:
- a command determiner configured to determine a command being executed in the storage system;
  
  a hasher configured to hash information for the command to generate a hash value;
  
  a time stamp requester configured to send the hash value and a request for a time stamp to a time stamping authority;
  
  a receiver configured to receive a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value, the time stamp token providing trusted time stamping for the command, wherein the storage system is configured to store the time stamp token and the command in a command log in the data storage system; and
  
  a validator configured to validate the time stamp token stored in the data storage system, including;
  
  accessing the information for the command;
  
  hashing the accessed information to generate a second hash value;
  
  retrieving the hash value of the time stamp token by utilizing information associated with the time stamping authority certificate,comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison;
  
  wherein the command determiner is configured to determine whether the command should be time stamped based on a predetermined rule; and
  
  wherein the predetermined rule is to which logical volume of the data storage system the command is directed.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 42, 43, 57)
- - 16. The system of claim 15, wherein the command log stores the time stamp token and hashed information for the command.
  - 17. The system of claim 15, wherein the validator is further configured to contact a party that can provide information needed to validate the time stamp certificate.
  - 18. The system of claim 15, wherein the validator is configured to affirmatively validate the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 19. The system of claim 15, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 20. The system of claim 19, wherein the validator is further configured to decrypt the time stamp token using a public key of the time stamping authority.
  - 21. The system of claim 20, wherein the public key is received from a certification authority.
  - 22. The system of claim 15, wherein the hasher is configured to hash the data using a keyed hashing method.
  - 23. The system of claim 15, further comprising a certificate checker configured to check if the time stamping authority certificate is valid.
  - 24. The system of claim 15, wherein the certificate checker is configured to:
    - determine a time using an internal timer of the data storage system; and
      
      use the time to determine if the time stamping authority certificate has expired.
  - 25. The system of claim 15, wherein the hashed information for the command is fixed.
  - 26. The system of claim 15, wherein the information for the command comprises at least one of an I/O command for the data storage system and a management command for the data storage system.
  - 42. The system of claim 15, wherein the predetermined rule is used to determine which command should be time stamped based on which logical volume of the data storage system to which the command is directed.
  - 43. The system of claim 15, wherein the predetermined rule is used to determine which command should be time stamped by matching an operation code of the command with a predefined code that indicates a time stamp should be requested.
  - 57. The system of claim 15, wherein the command log stores the time stamping authority certificate.

27. A method for validating a time stamp generated for a command being executed in a data storage system, the method comprising:
- receiving a request to validate a time stamp token received from a time stamping authority;
  
  receiving a time stamping authority certificate from the time stamping authority;
  
  accessing the time stamp token being stored in a command log in the data storage system;
  
  validating the time stamp token;
  
  determining a hash value included with the time stamp token by utilizing information associated with the time stamping authority certificate;
  
  accessing the command being stored in the command log in the data storage system that was time stamped using the time stamp token;
  
  hashing the information for the command to generate a second hash value;
  
  comparing the hash value included in the time stamp token with the second hash value;
  
  validating the information for the command based on the comparison; and
  
  if the time stamp token and the data are validated, validating the time stamp;
  
  wherein, before the time stamp is generated for the command, a predetermined rule is used to determine whether the command should be time stamped; and
  
  wherein the predetermined rule is to which logical volume of the data storage system the command is directed.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 44, 45, 58, 59, 60)
- - 28. The method of claim 27, wherein accessing the command comprises accessing the command in a command log metadata table in the command log in the data storage system.
  - 29. The method of claim 27, wherein accessing the time stamp token comprises accessing the time stamp token being stored in a command log metadata table in the command log with information for the command that was time stamped.
  - 30. The method of claim 27, further comprising:
    - receiving a time stamp certificate from the time stamping authority;
      
      wherein validating the time stamp token comprises contacting a party that can provide information needed to validate the time stamp certificate.
  - 31. The method of claim 27, wherein validating the time stamp token based on the comparison comprises affirmatively validating the time stamp token if the second hash value matches the hash value found in the time stamp token.
  - 32. The method of claim 27, further comprising receiving a time stamp certificate from the time stamping authority.
  - 33. The method of claim 32, further comprising checking if the time stamp certificate is valid.
  - 34. The method of claim 32, wherein checking comprising:
    - determining a time using an internal timer of the data storage system; and
      
      using the time to determine if the time stamp certificate has expired.
  - 35. The method of claim 27, wherein the time stamp token is encrypted using a private key of the time stamping authority.
  - 36. The method of claim 35, further comprising:
    - validating the time stamp token, wherein validating comprises decrypting the time stamp token using a public key of the time stamping authority.
  - 37. The method of claim 36, wherein the public key is received from a certification authority.
  - 38. The method of claim 27, wherein hashing the data comprises hashing the data using a keyed hashing method.
  - 39. The method of claim 27, wherein the accessed data comprises at least one of data being stored in the data storage system, an I/O command for the data storage system, and a management command for the data storage system.
  - 44. The method of claim 27, wherein the predetermined rule is used to determine which command should be time stamped based on which logical volume of the data storage system to which the command is directed.
  - 45. The method of claim 27, wherein the predetermined rule is used to determine which command should be time stamped by matching an operation code of the command with a predefined code that indicates a time stamp should be requested.
  - 58. The method of claim 27, further comprising:
    - storing the time stamping authority certificate in the command log.
  - 59. The method of claim 58, further comprising:
    - performing verification of a command based on information in the command log.
  - 60. The method of claim 59, wherein verification of the command includes verifying when the command was executed based on time stamp information in the command log.

46. A method for providing trusted time stamping for commands for a data storage system, the method comprising:
- determining a command executed in the data storage system;
  
  hashing information for the command to generate a hash value;
  
  sending the hash value and a request for a time stamp to a time stamping authority;
  
  receiving a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value;
  
  storing the time stamp token, the time stamp and hash value providing trusted time stamping mechanism for the command, and the command in a command log in the data storage system; and
  
  validating the time stamp token stored in the data storage system, including;
  
  accessing the information for the command;
  
  hashing the accessed information to generate a second hash value;
  
  retrieving the hash value of the time stamp token by utilizing information associated with the time stamping authority certificate;
  
  comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison;
  
  wherein determining a command includes determining whether command should be time stamped based on a predetermined rule; and
  
  wherein the predetermined rule is whether the command is a command that proves when the data storage system starts to be used.
- View Dependent Claims (47, 48, 49)
- - 47. The method of claim 46, further comprising:
    - storing the time stamping authority certificate in the command log.
  - 48. The method of claim 47, further comprising:
    - performing verification of a command based on information in the command log.
  - 49. The method of claim 48, wherein verification of the command includes verifying when the command was executed based on time stamp information in the command log.

50. A method for providing trusted time stamping for commands for a data storage system, the method comprising:
- determining a command executed in the data storage system;
  
  hashing information for the command to generate a hash value;
  
  sending the hash value and a request for a time stamp to a time stamping authority;
  
  receiving a time stamp token and a time stamping authority certificate from the time stamping authority, the time stamp token comprising a time stamp and the hash value;
  
  storing the time stamp token, the time stamp and hash value providing trusted time stamping mechanism for the command, and the command in a command log in the data storage system; and
  
  validating the time stamp token stored in the data storage system, including;
  
  accessing the information for the command;
  
  hashing the accessed information to generate a second hash value;
  
  retrieving the hash value of the time stamp token by utilizing information associated with the time stamping authority certificate;
  
  comparing the second hash value to the hash value found in the time stamp token which is stored in the data storage system; and
  
  validating the time stamp token based on the comparison;
  
  wherein determining a command includes determining whether command should be time stamped based on a predetermined rule; and
  
  wherein the predetermined rule is whether the command is a specific storage management command.
- View Dependent Claims (51, 52, 53)
- - 51. The method of claim 50, further comprising:
    - storing the time stamping authority certificate in the command log.
  - 52. The method of claim 51, further comprising:
    - performing verification of a command based on information in the command log.
  - 53. The method of claim 52, wherein verification of the command includes verifying when the command was executed based on time stamp information in the command log.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Yagawa, Yuichi
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
SHAW, YIN CHEN

Application Number

US12/016,626
Publication Number

US 20080229113A1
Time in Patent Office

844 Days
Field of Search

713/155, 713/176, 713/189, 713/193, 726/2, 726/26, 726/27, 726/30, 711/100, 711/114
US Class Current

713/178
CPC Class Codes

H04L 9/3236 using cryptographic hash fu...

H04L 9/3297 involving time stamps, e.g....

Trusted time stamping storage system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted time stamping storage system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links