Secure storage system and method of use

US 8,607,070 B2
Filed: 12/20/2006
Issued: 12/10/2013
Est. Priority Date: 12/20/2006
Status: Active Grant

First Claim

Patent Images

1. A secure storage system comprising:

a crypto-engine, wherein the crypto-engine includes a random number generator, a hash function, a general encryption engine, and a data encryption engine;

a storage device coupled to the crypto-engine, wherein the storage device includes a storage array comprising a public partition that is accessible to the general public, a secure partition that is accessible only by a two-level password authentication, and a system partition that is accessible only by the secure storage system; and

wherein the secure storage system performs the following functions comprising;

receiving a first user password from a host system;

retrieving a default master password from the secure storage system;

hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system;

generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system;

receiving a second user password from the host system;

hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication;

in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for access gating to the secure storage system which serves as a second level of the two-level password authentication; and

utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure storage system is disclosed. The secure storage system comprises a crypto engine and a storage device. The crypto engine comprises a random number generator; a hash function; a general encryption engine; and a data encryption engine. The secure storage system further includes a storage device coupled to the crypto engine. The storage device includes a storage array. The storage array includes a public partition, a secure partition and a system partition. The public partition is accessible to the public. The secure partition is accessible through the password authentication. The system partition is accessible only by the secure storage system. The password authentication is two-level instead of one, to avoid hash collision or insider tampering. The secure partition is accessed with “access gating through access key” instead of “access control through comparison.” The password can be changed without reformatting the secure storage.

107 Citations

View as Search Results

10 Claims

1. A secure storage system comprising:
- a crypto-engine, wherein the crypto-engine includes a random number generator, a hash function, a general encryption engine, and a data encryption engine;
  
  a storage device coupled to the crypto-engine, wherein the storage device includes a storage array comprising a public partition that is accessible to the general public, a secure partition that is accessible only by a two-level password authentication, and a system partition that is accessible only by the secure storage system; and
  
  wherein the secure storage system performs the following functions comprising;
  
  receiving a first user password from a host system;
  
  retrieving a default master password from the secure storage system;
  
  hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system;
  
  generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system;
  
  receiving a second user password from the host system;
  
  hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication;
  
  in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for access gating to the secure storage system which serves as a second level of the two-level password authentication; and
  
  utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The secure storage system of claim 1 wherein the system partition is utilized to store a hashed password, an encrypted access key, a master hashed password, a master encrypted access key and other data spaces.
  - 3. The secure storage system of claim 2 wherein data can be recovered utilizing the master password.
  - 4. The secure storage system of claim 2 wherein the data encryption engine is further utilized to process data between the host system and the secure storage system and provides protection from a brute force attack of multiple attempts to decrypt the data without a proper access key.
  - 5. The secure storage system of claim 2 wherein a unique and secure access key is associated with a change of password without reformatting the secure storage.
  - 6. The secure storage system of claim 2 wherein a password request utility can be implemented through a standard browser interface on a universal host platform to call home and allow for a change in a user password or the default master password.

7. A computer-implemented method for creating and storing passwords in a secure storage system by utilizing a two-level password authentication to allow a flow of data through access gating, wherein the computer performs the following functions comprising:
- receiving a first user password from a host system;
  
  retrieving a default master password from the secure storage system;
  
  hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system;
  
  generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system;
  
  receiving a second user password from the host system;
  
  hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication;
  
  in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for the access gating to the secure storage system which serves as a second level of the two-level password authentication; and
  
  utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated.
- View Dependent Claims (8, 9)
- - 8. The computer-implemented method of claim 7 wherein the size of a secure partition in the secure storage system is defined by the user.
  - 9. The computer-implemented method of claim 7 wherein a data encryption engine is further utilized to process data between the host system and the secure storage system and provides protection from a brute force attack of multiple elements to decrypt the data without a proper access key.

10. A non-transitory computer readable medium containing program instructions wherein the program instructions are executed by the computer for creating and storing passwords in a secure storage system by utilizing a two-level password authentication to allow a flow of data through access gating, wherein the computer performs the following functions comprising:
- receiving a first user password from a host system;
  
  retrieving a default master password from the secure storage system;
  
  hashing the first user password and the default master password, wherein the hashed first user password and the hashed default master password are stored in the secure storage system;
  
  generating an access key using a random number generator and encrypting the access key with the first user password to create a first encrypted access key and with the default master password to create a second encrypted access key, wherein the first and the second encrypted access keys are stored in the secure storage system;
  
  receiving a second user password from the host system;
  
  hashing the second user password to compare the hashed first user password to the hashed second user password which serves as a first level of the two-level password authentication;
  
  in response to matching hashed first and second user passwords, decrypting the first encrypted access key using the second user password as a key to retrieve and apply the access key for the access gating to the secure storage system which serves as a second level of the two-level password authentication; and
  
  utilizing another encryption/decryption engine to process data between the host system and the secure storage system until a user session is terminated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kingston Technology Company, Inc. (Kingston Technology Corporation), Kingston Technology Corporation
Original Assignee
Kingston Technology Corporation
Inventors
Chen, Ben Wei, Chien, Yungteh
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US11/643,101
Publication Number

US 20080155276A1
Time in Patent Office

2,547 Days
Field of Search

713182-186, 713/193
US Class Current

713/193
CPC Class Codes

G06F 12/1466   Key-lock mechanism

G06F 12/1491   in a hierarchical protectio...

H04L 9/0662   with particular pseudorando...

H04L 9/0863   involving passwords or one-...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

Secure storage system and method of use

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Secure storage system and method of use

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others