Methods of operating storage systems including using a key to determine whether a password can be changed

US 9,576,154 B2
Filed: 11/15/2013
Issued: 02/21/2017
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method of operating a storage system, comprising:

using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations;

storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device;

using the device driver to combine a password, the first key salt, and the first number of iterations to produce a first key;

encrypting the first key using the device driver;

receiving a second key at the device driver;

using the device driver to encrypt the second key with the first key to produce an encrypted second key; and

storing a portion of the first key in the secure storage area of the storage device;

wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the password;

wherein the portion of the first key being used by the device driver to determine whether the user is allowed to change the password comprises the device driver comparing the portion of the first key in the secure storage area of the storage device to a portion of a third key that is generated by the device driver combining the password, a second number of iterations, and a second key salt; and

using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of a method of operating a storage system includes combining a password, a first number, and a number of iterations to produce a first key, encrypting the first key, receiving a second number, and encrypting the second number with the first key to produce an encrypted second key.

Citations

15 Claims

1. A method of operating a storage system, comprising:
- using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations;
  
  storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device;
  
  using the device driver to combine a password, the first key salt, and the first number of iterations to produce a first key;
  
  encrypting the first key using the device driver;
  
  receiving a second key at the device driver;
  
  using the device driver to encrypt the second key with the first key to produce an encrypted second key; and
  
  storing a portion of the first key in the secure storage area of the storage device;
  
  wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the password;
  
  wherein the portion of the first key being used by the device driver to determine whether the user is allowed to change the password comprises the device driver comparing the portion of the first key in the secure storage area of the storage device to a portion of a third key that is generated by the device driver combining the password, a second number of iterations, and a second key salt; and
  
  using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein combining the password, the first key salt, and the first number of iterations comprises using an exclusive “
    - OR”
      
      or Boolean functions.
  - 3. The method of claim 1, further comprising storing the encrypted second key in the secure storage area of the storage device using a storage driver coupled between the device driver and the storage device.
  - 4. The method of claim 1, wherein the secure storage area of the storage device is only accessible and/or readable by use of vendor unique commands.
  - 5. The method of claim 1, wherein the storage device comprises a read only master boot record.
  - 6. The method of claim 1, wherein the first key salt and the second key are random numbers.
  - 7. The method of claim 1, wherein storing the encrypted first key salt and the encrypted first number of iterations in the secure storage area of the storage device comprises using a storage driver coupled between the device driver and the storage device to store the encrypted first key salt and the encrypted first number of iterations in the secure storage area of the storage device.

8. A method of operating a storage system, comprising:
- using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations;
  
  storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device;
  
  using the device driver to combine a password, the first key salt, and the first number of iterations to produce a first key;
  
  encrypting the first key using the device driver;
  
  receiving a second key at the device driver;
  
  using the device driver to encrypt the second key with the first key to produce an encrypted second key;
  
  storing a portion of the first key in the secure storage area of the storage device;
  
  wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the password; and
  
  allowing the user to change the password when the portion of the first key in the secure storage area of the storage device is equal to a portion of a third key that is generated from the device driver by combining the password, a second number of iterations, and a second key salt; and
  
  using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key.
- View Dependent Claims (9)
- - 9. The method of claim 8, wherein storing the encrypted first key salt and the encrypted first number of iterations in the secure storage area of the storage device comprises using a storage driver coupled between the device driver and the storage device to store the encrypted first key salt and the encrypted first number of iterations in the secure storage area of the storage device.

10. A method of operating a storage system, comprising:
- using a device driver coupled to a storage device to encrypt a first key salt and a first number of iterations;
  
  storing the encrypted first key salt and the encrypted first number of iterations in a secure storage area of the storage device;
  
  using the device driver to combine a first password, the first key salt, and the first number of iterations to produce a first key;
  
  encrypting the first key using the device driver;
  
  receiving a second key at the device driver;
  
  using the device driver to encrypt the second key with the first key to produce an encrypted second key;
  
  storing a portion of the first key in the secure storage area of the storage device;
  
  wherein the portion of the first key in the secure storage area of the storage device is used by the device driver to determine whether a user is allowed to change the first password;
  
  wherein the portion of the first key being used by the device driver to determine whether the user is allowed to change the password comprises the device driver comparing the portion of the first key in the secure storage area of the storage device to a portion of a third key that is generated by the device driver combining the first password, a second number of iterations, and a second key salt;
  
  using the device driver to determine whether the portion of the first key in the secure storage area of the storage device is equal to a portion of the third key that is generated from the device driver by combining the first password, the second number of iterations, and the second key salt;
  
  using the device driver to generate a key schedule from the third key in response to the device driver determining that the portion of the first key in the secure storage area of the storage device is equal to the portion of the third key;
  
  using the device driver to decrypt the encrypted second key with the key schedule to obtain a decrypted second key; and
  
  using the device driver to combine a second password with the decrypted second key to encrypt the decrypted second key to obtain an encrypted fourth key.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, further comprising storing the encrypted second key in the secure storage area of the storage device using a storage driver coupled between the device driver and the storage device.
  - 12. The method of claim 10, wherein using the device driver to combine the second password with the decrypted second key to encrypt the decrypted second key to obtain the encrypted fourth key comprises:
    - using the device driver to combine the second password, a third key salt, and a third number of iterations to produce a fifth key;
      
      encrypting the fifth key using the device driver;
      
      receiving the fourth key at the device driver; and
      
      using the device driver to encrypt the fourth key with the fifth key to produce the encrypted fourth key.
  - 13. The method of claim 10, wherein the secure storage area of the storage device is only accessible and/or readable by use of vendor unique commands.
  - 14. The method of claim 10, wherein the storage device comprises a read only master boot record.
  - 15. The method of claim 11, further comprising retrieving the encrypted second key from the secure area of the storage system using the storage driver and sending the encrypted second key to the device driver from the storage driver for decryption by the device driver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micron Technology, Inc.
Original Assignee
Micron Technology, Inc.
Inventors
Ramesh, Ahuja Gurmukhsingh, Chellamutha, Senthil Kumar
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Sarker, Sanchit

Application Number

US14/081,124
Publication Number

US 20140075204A1
Time in Patent Office

1,194 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1433   for a module or a part of a...

G06F 21/45   Structures or tools for the...

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

G06F 21/78   to assure secure storage of...

G06F 2212/1052   Security improvement

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2153   Using hardware token as a s...

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/14   using a plurality of keys o...

Methods of operating storage systems including using a key to determine whether a password can be changed

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods of operating storage systems including using a key to determine whether a password can be changed

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links