Secure storage system and method of use
First Claim
1. A secure storage system comprising:
- a crypto-engine, wherein the crypto-engine includes a random number generator, a hash function, a general encryption engine, and a data encryption engine;
a storage device coupled to the crypto-engine, wherein the storage device includes a storage array comprising a public partition that is accessible to the general public, a secure partition that is accessible only by a two-level password authentication, and a system partition that is accessible only by the secure storage system; and
wherein the secure storage system performs the following functions comprising;
receiving a first user password from a host system;
retrieving a default master password from the secure storage system;
hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system;
generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system;
receiving a second user password from the host system;
hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication;
in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for access gating to the secure storage system which serves as a second level of the two-level password authentication; and
utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure storage system is disclosed. The secure storage system comprises a crypto engine and a storage device. The crypto engine comprises a random number generator; a hash function; a general encryption engine; and a data encryption engine. The secure storage system further includes a storage device coupled to the crypto engine. The storage device includes a storage array. The storage array includes a public partition, a secure partition and a system partition. The public partition is accessible to the public. The secure partition is accessible through the password authentication. The system partition is accessible only by the secure storage system. The password authentication is two-level instead of one, to avoid hash collision or insider tampering. The secure partition is accessed with “access gating through access key” instead of “access control through comparison.” The password can be changed without reformatting the secure storage.
-
Citations
10 Claims
-
1. A secure storage system comprising:
-
a crypto-engine, wherein the crypto-engine includes a random number generator, a hash function, a general encryption engine, and a data encryption engine; a storage device coupled to the crypto-engine, wherein the storage device includes a storage array comprising a public partition that is accessible to the general public, a secure partition that is accessible only by a two-level password authentication, and a system partition that is accessible only by the secure storage system; and wherein the secure storage system performs the following functions comprising; receiving a first user password from a host system; retrieving a default master password from the secure storage system; hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system; generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system; receiving a second user password from the host system; hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication; in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for access gating to the secure storage system which serves as a second level of the two-level password authentication; and utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for creating and storing passwords in a secure storage system by utilizing a two-level password authentication to allow a flow of data through access gating, wherein the computer performs the following functions comprising:
-
receiving a first user password from a host system; retrieving a default master password from the secure storage system; hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system; generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system; receiving a second user password from the host system; hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication; in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for the access gating to the secure storage system which serves as a second level of the two-level password authentication; and utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated. - View Dependent Claims (8, 9)
-
-
10. A non-transitory computer readable medium containing program instructions wherein the program instructions are executed by the computer for creating and storing passwords in a secure storage system by utilizing a two-level password authentication to allow a flow of data through access gating, wherein the computer performs the following functions comprising:
-
receiving a first user password from a host system; retrieving a default master password from the secure storage system; hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system; generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system; receiving a second user password from the host system; hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication; in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for the access gating to the secure storage system which serves as a second level of the two-level password authentication; and utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated.
-
Specification