Method and system for improving storage security in a cloud computing environment
First Claim
1. A method of improving storage security in a cloud environment comprising:
- interfacing a secure microcontroller with a storage controller associated with a client device in the cloud environment to authenticate a platform associated with the storage controller;
registering the storage controller with an authentication server configured to be set up in the cloud environment;
authenticating the storage controller based on a communication protocol between the client device, the authentication server and the storage controller; and
obtaining, at the client device, a signature data of the storage controller following the authentication thereof, the signature data being configured to be stored in the secure microcontroller interfaced with the storage controller,wherein authenticating the storage controller includes;
requesting the authentication server to attest the storage controller through a cloud manager of the cloud environment configured to provision storage therein;
transmitting an authentication request from the authentication server to the storage controller with a nonce and the signature data of the authentication server encrypted using a private key;
decrypting the encrypted nonce and the signature data of the authentication server at the storage controller using a public portion of a key shared between the authentication server and the storage controller;
transmitting the signature data of the storage controller from the authentication server to the cloud manager when the signature data of the storage controller is matched in a database associated with the authentication server, and when the nonce is matched in decrypted content at the authentication server; and
transmitting the signature data of the storage controller from the cloud manager to the client device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of improving storage security in a cloud environment includes interfacing a secure microcontroller with a storage controller associated with a client device in the cloud environment to authenticate a platform associated with the storage controller and registering the storage controller with an authentication server configured to be set up in the cloud environment. The method also includes authenticating the storage controller based on a communication protocol between the client device, the authentication server and the storage controller, and obtaining, at the client device, a signature data of the storage controller following the authentication thereof. The signature data is configured to be stored in the secure microcontroller interfaced with the storage controller.
-
Citations
26 Claims
-
1. A method of improving storage security in a cloud environment comprising:
-
interfacing a secure microcontroller with a storage controller associated with a client device in the cloud environment to authenticate a platform associated with the storage controller; registering the storage controller with an authentication server configured to be set up in the cloud environment; authenticating the storage controller based on a communication protocol between the client device, the authentication server and the storage controller; and obtaining, at the client device, a signature data of the storage controller following the authentication thereof, the signature data being configured to be stored in the secure microcontroller interfaced with the storage controller, wherein authenticating the storage controller includes; requesting the authentication server to attest the storage controller through a cloud manager of the cloud environment configured to provision storage therein; transmitting an authentication request from the authentication server to the storage controller with a nonce and the signature data of the authentication server encrypted using a private key; decrypting the encrypted nonce and the signature data of the authentication server at the storage controller using a public portion of a key shared between the authentication server and the storage controller; transmitting the signature data of the storage controller from the authentication server to the cloud manager when the signature data of the storage controller is matched in a database associated with the authentication server, and when the nonce is matched in decrypted content at the authentication server; and transmitting the signature data of the storage controller from the cloud manager to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of verifying integrity of a storage controller associated with a client device in a cloud environment comprising:
configuring the storage controller with information associated with an authentication server set up in the cloud environment, the information being associated with a signature data of the authentication server; configuring the authentication server with a signature data associated with the storage controller;
registering the storage controller with the authentication server to establish a trusted key pair therebetween;attesting the storage controller through the authentication server based on the established trusted key pair; and obtaining, at the client device, the signature data of the storage controller following the attestation thereof; wherein attesting the storage controller includes; requesting the authentication server to attest the storage controller through a cloud manager of the cloud environment configured to provision storage therein; transmitting an authentication request from the authentication server to the storage controller with a nonce and the signature data of the authentication server encrypted using a private key; decrypting the encrypted nonce and the signature data of the authentication server at the storage controller using a public portion of a key shared between the authentication server and the storage controller; transmitting the signature data of the storage controller from the authentication server to the cloud manager when the signature data of the storage controller is matched in a database associated with the authentication server, and when the nonce is matched in decrypted content at the authentication server; and transmitting the signature data of the storage controller from the cloud manager to the client device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
18. A cloud environment with improved storage security device;
-
a processor coupled to the storage device configured to execute programmed instructions stored in the storage device comprising; a client device;
a cloud manager configured to provision storage associated with the client device in the cloud environment;
a storage controller associated with the client device, the storage controller comprising a secure microcontroller interfaced therewith to authenticate a platform associated therewith; and
an authentication server configured to register the storage controller and to authenticate the storage controller based on a communication protocol between the client device, the storage controller and the authentication server, wherein the client device is at least one of;
automatically configured to obtain a signature data of the storage controller following the authentication thereof, and configured to obtain the signature data of the storage controller following the authentication thereof upon querying the storage controller, wherein the secure microcontroller is configured to store the signature data of the storage controller therein and wherein during authentication of the storage controller based on the communication protocol, the cloud manager is configured to request the authentication server to attest the storage controller, the authentication server is further configured to transmit an authentication request to the storage controller with a nonce and the signature data of the authentication server encrypted using a private key, and the storage controller is further configured to decrypt the encrypted third nonce and the signature data of the authentication server using a public portion of the key shared between the authentication server and the storage controller;
transmit the signature data of the storage controller from the authentication server to the cloud manager when the signature data of the storage controller is matched in a database associated with the authentication server, and when the nonce is matched in decrypted content at the authentication server; and
transmit the signature data of the storage controller from the cloud manager to the client device.- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
Specification