Method and apparatus for authenticated data storage
First Claim
Patent Images
1. A method comprising:
- computing a first message authentication code (MAC) for a set of data blocks of a data storage medium, wherein the first MAC is calculated based on data in the data blocks which are selected to be included in the calculation of the first MAC based on a physical arrangement of the data blocks in the data storage medium;
storing the set of data blocks and the first MAC to a data storage medium;
retrieving the set of data blocks and the first MAC from the data storage medium;
computing a second MAC for the set of data blocks, the second MAC calculated based on data in the data blocks retrieved from the data storage medium;
comparing the first MAC and second MAC;
determining if data in the set of data blocks has been changed based on the comparing the first MAC to a second MAC; and
providing access to data in the set of data blocks when the first MAC and the second MAC match.
5 Assignments
0 Petitions
Accused Products
Abstract
A method includes: computing a first message authentication code for each of a plurality of sets of data blocks on a data storage medium, and authenticating the sets of data blocks by computing a second message authentication code for each of the sets of data blocks to be authenticated and comparing the first and second message authentication codes. An apparatus that performs the method is also provided.
62 Citations
19 Claims
-
1. A method comprising:
-
computing a first message authentication code (MAC) for a set of data blocks of a data storage medium, wherein the first MAC is calculated based on data in the data blocks which are selected to be included in the calculation of the first MAC based on a physical arrangement of the data blocks in the data storage medium; storing the set of data blocks and the first MAC to a data storage medium; retrieving the set of data blocks and the first MAC from the data storage medium; computing a second MAC for the set of data blocks, the second MAC calculated based on data in the data blocks retrieved from the data storage medium; comparing the first MAC and second MAC; determining if data in the set of data blocks has been changed based on the comparing the first MAC to a second MAC; and providing access to data in the set of data blocks when the first MAC and the second MAC match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
retrieving a selected set of data blocks from a data storage medium, the selected set of data blocks having a corresponding message authentication code (MAC); determining if the selected set of data blocks has been changed based on comparing a generated MAC with the corresponding MAC; storing in a table an indicator corresponding to the selected set of data blocks when the selected set of data blocks is determined not to have been changed; and upon a later request for data within the selected set of data blocks, providing access to the selected set of data blocks without comparing a stored MAC to another MAC when the indicator associated with the selected set of data blocks is in the table. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A device comprising:
a processor adapted to; retrieve a specific set of data blocks from a data storage medium; retrieve a stored authentication code associated with the specific set of data blocks; determine a second authentication code based on data stored in the specific set of data blocks; store in a table an indicator of whether the specific set of data blocks has been changed based on comparing the stored authentication code and the second authentication code; receive a read request to access data within the specific set of data blocks; and provide access to the data associated with the read request based on an indicator in the table without making another MAC comparison. - View Dependent Claims (17, 18, 19)
Specification