Methods of operating storage systems including using a key to determine whether a password can be changed
First Claim
Patent Images
1. A method of operating a storage system, comprising:
- using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations;
storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device;
using the device driver to combine a password, the first key salt, and the first number of iterations to produce a first key;
encrypting the first key using the device driver;
receiving a second key at the device driver;
using the device driver to encrypt the second key with the first key to produce an encrypted second key; and
storing a portion of the first key in the secure storage area of the storage device;
wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the password;
wherein the portion of the first key being used by the device driver to determine whether the user is allowed to change the password comprises the device driver comparing the portion of the first key in the secure storage area of the storage device to a portion of a third key that is generated by the device driver combining the password, a second number of iterations, and a second key salt; and
using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key.
7 Assignments
0 Petitions
Accused Products
Abstract
An embodiment of a method of operating a storage system includes combining a password, a first number, and a number of iterations to produce a first key, encrypting the first key, receiving a second number, and encrypting the second number with the first key to produce an encrypted second key.
-
Citations
15 Claims
-
1. A method of operating a storage system, comprising:
-
using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations; storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device; using the device driver to combine a password, the first key salt, and the first number of iterations to produce a first key; encrypting the first key using the device driver; receiving a second key at the device driver; using the device driver to encrypt the second key with the first key to produce an encrypted second key; and storing a portion of the first key in the secure storage area of the storage device; wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the password; wherein the portion of the first key being used by the device driver to determine whether the user is allowed to change the password comprises the device driver comparing the portion of the first key in the secure storage area of the storage device to a portion of a third key that is generated by the device driver combining the password, a second number of iterations, and a second key salt; and using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of operating a storage system, comprising:
-
using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations; storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device; using the device driver to combine a password, the first key salt, and the first number of iterations to produce a first key; encrypting the first key using the device driver; receiving a second key at the device driver; using the device driver to encrypt the second key with the first key to produce an encrypted second key; storing a portion of the first key in the secure storage area of the storage device; wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the password; and allowing the user to change the password when the portion of the first key in the secure storage area of the storage device is equal to a portion of a third key that is generated from the device driver by combining the password, a second number of iterations, and a second key salt; and using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key. - View Dependent Claims (9)
-
-
10. A method of operating a storage system, comprising:
-
using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations; storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device; using the device driver to combine a first password, the first key salt, and the first number of iterations to produce a first key; encrypting the first key using the device driver; receiving a second key at the device driver; using the device driver to encrypt the second key with the first key to produce an encrypted second key; storing a portion of the first key in the secure storage area of the storage device; wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the first password; wherein the portion of the first key being used by the device driver to determine whether the user is allowed to change the password comprises the device driver comparing the portion of the first key in the secure storage area of the storage device to a portion of a third key that is generated by the device driver combining the first password, a second number of iterations, and a second key salt; using the device driver to determine whether the portion of the first key in the secure storage area of the storage device is equal to a portion of the third key that is generated from the device driver by combining the first password, the second number of iterations, and the second key salt; using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key; using the device driver to decrypt the encrypted second key with the key schedule to obtain a decrypted second key; and using the device driver to combine a second password with the decrypted second key to encrypt the decrypted second key to obtain an encrypted fourth key. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification