Protected resource access control utilizing intermediate values of a hash chain

US 9,064,094 B1
Filed: 05/29/2014
Issued: 06/23/2015
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

obtaining an intermediate value of a hash chain associated with a given access control interval;

utilizing at least a portion of the intermediate value to access a protected resource via an access control module during the given access control interval, an initial value of the hash chain being stored in a secure manner inaccessible to the access control module; and

repeating the obtaining and utilizing for one or more additional access control intervals using respective different intermediate values of the hash chain;

wherein the method is performed at least in part by a processing device comprising a processor coupled to a memory.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing device comprises a processor coupled to a memory and is configured to obtain an intermediate value of a hash chain associated with a given access control interval, to utilize at least a portion of the intermediate value to access a protected resource during the given access control interval, and to repeat the obtaining and utilizing for one or more additional access control intervals using respective different intermediate values of the hash chain. The hash chain may comprise one of a plurality of hash chains derived from a common key, where the plurality of hash chains are associated with corresponding distinct resources and initial values of the plurality of hash chains are determined as respective functions of the common key and identifying information for corresponding ones of the protected resources.

Citations

20 Claims

1. A method comprising:
- obtaining an intermediate value of a hash chain associated with a given access control interval;
  
  utilizing at least a portion of the intermediate value to access a protected resource via an access control module during the given access control interval, an initial value of the hash chain being stored in a secure manner inaccessible to the access control module; and
  
  repeating the obtaining and utilizing for one or more additional access control intervals using respective different intermediate values of the hash chain;
  
  wherein the method is performed at least in part by a processing device comprising a processor coupled to a memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 further comprising determining authentication information based at least in part on the intermediate value, wherein utilizing the at least a portion of the intermediate value to access the protected resource comprises utilizing the authentication information to access the protected resource.
  - 3. The method of claim 2 wherein the authentication information comprises the intermediate value in combination with additional authentication information.
  - 4. The method of claim 1 wherein utilizing the at least a portion of the intermediate value to access the protected resource comprises utilizing possession of the intermediate value as one factor in a multi-factor authentication process.
  - 5. The method of claim 1 wherein obtaining the intermediate value comprises:
    - determining the initial value of the hash chain;
      
      hashing the initial value a designated number of times to obtain a final value of the hash chain;
      
      associating intermediate values of the hash chain with respective ones of the access control intervals; and
      
      selecting the intermediate value associated with the given access control interval.
  - 6. The method of claim 5 further comprising providing the final value of the hash chain to an entity which controls access to the protected resource.
  - 7. The method of claim 5 wherein associating intermediate values of the hash chain with respective ones of the access control intervals comprises associating at least a portion of the intermediate values with respective ones of the access control intervals in accordance with a reverse sequential ordering.
  - 8. The method of claim 1 wherein the hash chain comprises one of a plurality of different hash chains derived from a common key.
  - 9. The method of claim 8 wherein the plurality of different hash chains are associated with corresponding distinct protected resources, and wherein the plurality of different hash chains have different initial values determined as respective functions of the common key and identifying information for corresponding ones of the protected resources.
  - 10. The method of claim 1 wherein the hash chain comprises a tree having one or more interior branches each defined by application of a one-way hash function to a common key and identifying information.
  - 11. The method of claim 10 wherein the interior branch is of the form:
    - H⁽ⁿ⁾(H(H(K),ID)),where n denotes a particular number of applications of hash function H, K denotes the common key and ID denotes the identifying information.
  - 12. The method of claim 10 wherein the interior branch is of the form:
    - H⁽ⁿ⁾(H(H(H(K),ID₁),ID₂)),where n denotes a particular number of applications of hash function H, K denotes the common key, ID₁denotes identifying information of a protected resource and ID₂denotes identifying information of a user.
  - 13. An article of manufacture comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by said at least one processing device causes the method of claim 1 to be performed.

14. An apparatus comprising:
- at least one processing device comprising a processor coupled to a memory;
  
  the processing device being configured;
  
  to obtain an intermediate value of a hash chain associated with a given access control interval;
  
  to utilize at least a portion of the intermediate value to access a protected resource via an access control module during the given access control interval, an initial value of the hash chain being stored in a secure manner inaccessible to the access control module; and
  
  to repeat the obtaining and utilizing for one or more additional access control intervals using respective different intermediate values of the hash chain.
- View Dependent Claims (15, 16)
- - 15. The apparatus of claim 14 wherein the processing device is further configured to determine authentication information based at least in part on the intermediate value, wherein utilizing the at least a portion of the intermediate value to access the protected resource comprises utilizing the authentication information to access the protected resource.
  - 16. The apparatus of claim 14 wherein:
    - the hash chain comprises one of a plurality of different hash chains derived from a common key;
      
      the plurality of different hash chains are associated with corresponding distinct protected resources; and
      
      the plurality of different hash chains have different initial values determined as respective functions of the common key and identifying information for corresponding ones of the protected resources.

17. A method comprising:
- receiving at least a portion of an intermediate value of a hash chain associated with a given access control interval in an access control module, an initial value of the hash chain being stored in a secure manner inaccessible to the access control module;
  
  authenticating the at least a portion of the intermediate value to control access to a protected resource via the access control module during the given access control interval; and
  
  repeating the receiving and authenticating for one or more additional access control intervals using respective different intermediate values of the hash chain;
  
  wherein the method is performed at least in part by a processing device comprising a processor coupled to a memory.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 further comprising obtaining a final value of the hash chain, wherein authenticating the at least a portion of the intermediate value comprises:
    - hashing the intermediate value a designated number of times to obtain a given value; and
      
      permitting or denying access to the protected resource responsive to determining whether the given value matches the final value.
  - 19. An article of manufacture comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by said at least one processing device causes the method of claim 17 to be performed.

20. An apparatus comprising:
- at least one processing device comprising a processor coupled to a memory;
  
  the processing device being configured;
  
  to receive at least a portion of an intermediate value of a hash chain associated with a given access control interval in an access control module, an initial value of the hash chain being stored in a secure manner inaccessible to the access control module;
  
  to authenticate the at least a portion of the intermediate value to control access to a protected resource via the access control module during the given access control interval; and
  
  to repeat the receiving and authenticating for one or more additional access control intervals using respective different intermediate values of the hash chain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Bailey, Daniel V., Duane, William M., Young, Eric
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US14/289,831
Time in Patent Office

390 Days
Field of Search

726/9
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/6218   to a system of files or obj...

H04L 9/3228   One-time or temporary data,...

H04L 9/50   using hash chains, e.g. blo...

Protected resource access control utilizing intermediate values of a hash chain

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protected resource access control utilizing intermediate values of a hash chain

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links