Methods and devices for authentication and data encryption

US 8,819,443 B2
Filed: 02/14/2012
Issued: 08/26/2014
Est. Priority Date: 02/14/2012
Status: Active Grant

First Claim

Patent Images

1. A storage device configured to secure a password and to authenticate a host device, comprising:

a non-volatile storage media;

an interface coupled to at least one host device; and

a processor, the processor being operative to;

receive, via the interface with the at least one host device, a first entered password needed for accessing data stored in the non-volatile storage media;

generate a first number;

combine the first entered password and the first number;

generate a cryptographic key based on the combination of the first entered password and the first number;

encrypt the received first entered password using the cryptographic key;

store the encrypted first entered password and the first number in the non-volatile media;

receive, via the interface, a request for authentication;

responsive to the received request for authentication, provide to the at least one host device, via the interface, a reply comprising the first number with which the cryptographic key was generated;

receive, via the interface, a second number calculated by the at least one host device, the second number being based on a cryptographic combination of the first number provided to the at least one host device and a second entered password; and

authenticate the at least one host device if the second number successfully decrypts the encrypted first entered password.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage device comprises a non-volatile storage media and a processor that is operative to receive, via an interface with one or more host devices, a first entered password needed for accessing data stored in the non-volatile storage media, generate a first number, combine the first entered password and the first number, generate a cryptographic key based on the combination of the first entered password and the first number, encrypt the received first entered password using the cryptographic key, and store the encrypted first entered password and the first number in the non-volatile media. The processor may be further operative to receive a request for authentication; provide a reply comprising the first number; receive a second number calculated based on a cryptographic combination of the first number and a second entered password, and authenticate the host device if the second number successfully decrypts the encrypted first entered password.

72 Citations

View as Search Results

31 Claims

1. A storage device configured to secure a password and to authenticate a host device, comprising:
- a non-volatile storage media;
  
  an interface coupled to at least one host device; and
  
  a processor, the processor being operative to;
  
  receive, via the interface with the at least one host device, a first entered password needed for accessing data stored in the non-volatile storage media;
  
  generate a first number;
  
  combine the first entered password and the first number;
  
  generate a cryptographic key based on the combination of the first entered password and the first number;
  
  encrypt the received first entered password using the cryptographic key;
  
  store the encrypted first entered password and the first number in the non-volatile media;
  
  receive, via the interface, a request for authentication;
  
  responsive to the received request for authentication, provide to the at least one host device, via the interface, a reply comprising the first number with which the cryptographic key was generated;
  
  receive, via the interface, a second number calculated by the at least one host device, the second number being based on a cryptographic combination of the first number provided to the at least one host device and a second entered password; and
  
  authenticate the at least one host device if the second number successfully decrypts the encrypted first entered password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The storage device of claim 1, wherein the processor is further operative to generate a random number as the first number.
  - 3. The storage device of claim 1, wherein the processor is further operative to encrypt user data to be stored on the non-volatile storage media.
  - 4. The storage device of claim 1, wherein the processor is further operative to combine the first entered password and the first number by one of appending the first entered password to the first number and appending the first number to the first entered password.
  - 5. The storage device of claim 1, wherein the processor is further operative to combine the first entered password and the first number by hashing the first entered password and the first number.
  - 6. The storage device of claim 1, further comprising not authenticating a first host device if the second number does not successfully decrypt the encrypted first entered password.
  - 7. The storage device of claim 1, wherein the processor is further operative to encrypt a data encryption key (DEK) used to encrypt user data on the storage device, using the cryptographic key.
  - 8. The storage device of claim 7, wherein the processor is further configured to decrypt the encrypted DEK using the second number.
  - 9. The storage device of claim 1, wherein the non-volatile storage media comprises a disk and the storage device further comprises a head for writing data to the disk and for reading data from the disk.
  - 10. Tire storage device of claim 1, wherein the non-volatile storage media comprises a non-volatile semiconductor memory.

11. A storage device configured to authenticate a host device, comprising:
- a non-volatile storage media;
  
  an interface coupled to the at least one host device; and
  
  a processor, the processor being operative to;
  
  receive, via an interface with the at least one host device, a request for authentication;
  
  read, from the non-volatile storage media, a first number;
  
  responsive to the received request for authentication, provide to the at least one host device, via the interface, a reply comprising the first number with which a cryptographic key was generated;
  
  receive, via the interface, a second number calculated by the at least one host device, the second number being calculated based on a cryptographic combination of the first number provided to the at least one host device and a second entered password;
  
  read, from the storage device, a first encrypted first entered password that has been encrypted with a cryptographic combination of a first entered password and the first number; and
  
  authenticate the at least one host device if the second number successfully decrypts the first encrypted first entered password.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The storage device of claim 11, wherein the processor is further operative to not authenticate the at least one host device if the second number does not successfully decrypt the first encrypted first entered password.
  - 13. The storage device of claim 11, wherein the processor is farther operative to:
    - generate a third number and to replace the first number with the third number in the storage device when the at least one host device is successfully authenticated;
      
      generating a second encrypted first entered password based on a cryptographic combination of the first entered password and the third number; and
      
      storing the second encrypted first entered password in the non-volatile storage media.
  - 14. The storage device of claim 13, wherein the processor is further operative to generate a random number as the third number.
  - 15. The storage device of claim 11, wherein the second number comprises a hash, calculated by the at least one host device, of the first number and the second entered password.
  - 16. The storage device of claim 11, wherein the processor is further operative to provide, via the interface, a message indicating that the at least one host device has been authenticated by the storage device.
  - 17. The storage device of claim 11, wherein the non-volatile storage media comprises a disk and the storage device further comprises a head for writing data to the disk and for reading data from the disk.
  - 18. The storage device of claim 11, wherein the non-volatile storage media comprises a non-volatile semiconductor memory.

19. A method for a storage device to secure a password and authenticate a host device, the method comprising:
- receiving, via, an interface with at least one host device, a first entered password needed for accessing data stored on the storage device;
  
  generating a first number;
  
  combining the first entered password and the first number;
  
  determining a cryptographic key based on the combination of the first entered password and the first number;
  
  encrypting at least the first entered password using the cryptographic key;
  
  storing the encrypted first entered password and the first number in the storage device;
  
  receiving, via the interface, a request for authentication;
  
  reading, from the storage device, a first number;
  
  responsive to the received request for authentication, providing to the at least one host device, via the interface, a reply comprising the first number with which the cryptographic key was generated;
  
  receiving, via the interface, a second number calculated by the at least one host device, the second number being calculated based on a cryptographic combination of the first number provided to the at least one host device and a second entered password;
  
  reading the encrypted first entered password from the storage device; and
  
  authenticating the at least one host device if the second number successfully decrypts the encrypted first entered password.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19, wherein generating a first number comprises generating a random number.
  - 21. The method of claim 19, wherein combining the first entered password and the first number comprises one of appending the first entered password to the first number and appending the first number to the first entered password.
  - 22. The method of claim 19, wherein combining the first entered password and the first number comprises hashing the first entered password and the first number.
  - 23. The method of claim 19, further comprising encrypting, using the cryptographic key, a data encryption key (DEK) used to encrypt data stored on the storage device.
  - 24. The method of claim 19, wherein storing the encrypted first entered password comprises storing the encrypted first entered password in a non-volatile media in the storage device.
  - 25. The method of claim 19, further comprising storing the first number in a non-volatile media in the storage device.

26. A method for a storage device to authenticate a host device, comprising:
- receiving, via an interface with the at least one host device, a request for authentication;
  
  reading, from the storage device, a first number;
  
  responsive to the received request for authentication, providing to the at least one host device, via the interface, a reply comprising the first number with which a cryptographic key was generated;
  
  receiving, via the interface, a second number calculated by the at least one host device, the second number being calculated based on a cryptographic combination of the first number provided to the at least one host device and a second entered password;
  
  reading, from the storage device, a first encrypted first entered password based on a cryptographic combination of a first entered password and the first number; and
  
  authenticating the at least one host device if the second number successfully decrypts the first encrypted first entered password.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The method of claim 26, further comprising not authenticating the at least one host device if the second number does not successfully decrypt the first encrypted first entered password.
  - 28. The method of claim 26, further comprising;
    - generating a third number and replacing the first number with the third number in the storage device when the at least one host device is successfully authenticated, andgenerating a second encrypted first entered password based on a cryptographic combination of the first entered password and the third number, andstoring the second encrypted first entered password in the storage device.
  - 29. The method of claim 28, wherein generating the third number comprises generating a random number.
  - 30. The method of claim 26, wherein receiving the second number comprises receiving a hash, calculated by the at least one host device, of the first number and the second entered password.
  - 31. The method of claim 26, further comprising providing, via the interface, a message indicating that the at least one host device has been authenticated by the storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
Lin, James S.
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US13/396,546
Publication Number

US 20130212401A1
Time in Patent Office

924 Days
Field of Search

713180-186
US Class Current

713/182
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/6209   to a single file or object,...

H04L 9/0863   involving passwords or one-...

H04L 9/3271   using challenge-response

Methods and devices for authentication and data encryption

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Methods and devices for authentication and data encryption

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others