Protected resource access control utilizing intermediate values of a hash chain
First Claim
1. A method comprising:
- associating intermediate values of a hash chain with respective access control intervals;
providing a given one of the intermediate values to a user in order to allow the user to access a protected resource in the corresponding access control interval;
providing a final value of the hash chain to an access control module associated with the protected resource; and
storing an initial value of the hash chain in a secure manner inaccessible to the access control module;
wherein the final value of the hash chain is further provided to each of one or more additional access control modules associated with respective protected resources; and
wherein said associating, providing the given one of the intermediate values, providing the final value and storing are performed by at least one processing device comprising a processor coupled to a memory.
9 Assignments
0 Petitions
Accused Products
Abstract
A processing device comprises a processor coupled to a memory and is configured to associate intermediate values of a hash chain with respective access control intervals, and to provide a given one of the intermediate values to user in order to allow the user to access a protected resource in the corresponding access control interval. A final value of the hash chain is provided to an access control module associated with the protected resource, and an initial value of the hash chain is stored in a secure manner. The hash chain may be generated by applying a one-way hash function to the initial value a designated number of times in order to obtain the intermediate values and the final value. The protected resource may comprise, for example, a storage array or other processing platform component, with the intermediate values controlling service technician access to that component.
341 Citations
29 Claims
-
1. A method comprising:
-
associating intermediate values of a hash chain with respective access control intervals; providing a given one of the intermediate values to a user in order to allow the user to access a protected resource in the corresponding access control interval; providing a final value of the hash chain to an access control module associated with the protected resource; and storing an initial value of the hash chain in a secure manner inaccessible to the access control module; wherein the final value of the hash chain is further provided to each of one or more additional access control modules associated with respective protected resources; and wherein said associating, providing the given one of the intermediate values, providing the final value and storing are performed by at least one processing device comprising a processor coupled to a memory. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 13, 14, 15, 16)
-
-
5. A method comprising:
-
associating intermediate values of a hash chain with respective access control intervals; providing a given one of the intermediate values to a user in order to allow the user to access a protected resource in the corresponding access control interval; providing a final value of the hash chain to an access control module associated with the protected resource; storing an initial value of the hash chain in a secure manner inaccessible to the access control module; generating one or more additional final values for one or more respective additional hash chains having respective distinct initial values; and providing the one or more additional final values to respective additional access control modules associated with respective protected resources; wherein said associating, providing the given one of the intermediate values, providing the final value, storing, generating and providing the one or more additional final values are performed by at least one processing device comprising a processor coupled to a memory. - View Dependent Claims (11, 12)
-
-
17. An apparatus comprising:
-
at least one processing device comprising a processor coupled to a memory; the processing device being configured to associate intermediate values of a hash chain with respective access control intervals, to provide a given one of the intermediate values to a user in order to allow the user to access a protected resource in the corresponding access control interval, to provide a final value of the hash chain to an access control module associated with the protected resource, and to store an initial value of the hash chain in a secure manner inaccessible to the access control module; wherein the processing device is further configured to provide the final value of the hash chain to each of one or more additional access control modules associated with respective protected resources. - View Dependent Claims (18, 19)
-
-
20. A method comprising:
-
receiving a given intermediate value of a hash chain from a user attempting to access a corresponding protected resource; hashing the intermediate value a particular number of times determined based on a current access control interval in order to obtain a result; and if the result matches a final value of the hash chain, granting the user access to the protected resource; wherein the hash chain comprises an initial value, the final value and a plurality of intermediate values including the given intermediate value; wherein the final value is provided to each of a plurality of access control modules associated with respective protected resources and the initial value is stored in a secure manner inaccessible to the access control modules; wherein the intermediate values of the hash chain are associated with respective access control intervals; and wherein said receiving, hashing, and granting are performed by at least one processing device comprising a processor coupled to a memory. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. An apparatus comprising:
-
at least one processing device comprising a processor coupled to a memory; the processing device being configured to receive a given intermediate value of a hash chain from a user attempting to access a corresponding protected resource, to hash the intermediate value a particular number of times determined based on a current access control interval in order to obtain a result, and if the result matches a final value of the hash chain, to grant the user access to the protected resource; wherein the hash chain comprises an initial value, the final value and a plurality of intermediate values including the given intermediate value; wherein the final value is provided to each of a plurality of access control modules associated with respective protected resources and the initial value is stored in a secure manner inaccessible to the access control modules; and wherein the intermediate values of the hash chain are associated with respective access control intervals. - View Dependent Claims (27, 28)
-
-
29. An apparatus comprising:
-
at least one processing device comprising a processor coupled to a memory; the processing device being configured to; associate intermediate values of a hash chain with respective access control intervals; provide a given one of the intermediate values to a user in order to allow the user to access a protected resource in the corresponding access control interval; provide a final value of the hash chain to an access control module associated with the protected resource; store an initial value of the hash chain in a secure manner inaccessible to the access control module; generate one or more additional final values for one or more respective additional hash chains having respective distinct initial values; and provide the one or more additional final values to respective additional access control modules associated with respective protected resources.
-
Specification