-
公开(公告)号:US20140129847A1
公开(公告)日:2014-05-08
申请号:US13669273
申请日:2012-11-05
申请人: Lane W. Lee , Mark J. Gurkowski , Randal Hines
发明人: Lane W. Lee , Mark J. Gurkowski , Randal Hines
IPC分类号: G06F21/24
CPC分类号: G06F21/10 , H04L9/0844
摘要: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key.
摘要翻译: 在一个实施例中,一种用于认证对存储介质上的加密内容的访问的方法,其中根据全盘加密(FDE)密钥对加密的内容进行加密,该存储介质包括FDE密钥的加密版本和加密版本的 保护存储区域(PSA)密钥,并且其中根据PSA密钥加密FDE密钥的加密版本,该方法包括:在与存储介质相关联的主机和存储引擎之间提供经认证的通信信道; 在存储引擎处,通过认证通信信道从主机接收密码; 散列所述密码以形成导出密钥,其中所述PSA密钥的加密版本根据导出的密钥被加密; 验证密码的真实性; 如果密码是真实的,解密PSA密钥的加密版本以恢复PSA密钥; 使用恢复的PSA密钥解密加密的FDE密钥来恢复FDE密钥; 并使用FDE密钥解密加密的内容。
-
公开(公告)号:US08307217B2
公开(公告)日:2012-11-06
申请号:US12025777
申请日:2008-02-05
申请人: Lane W. Lee , Mark J. Gurkowski , Randal Hines
发明人: Lane W. Lee , Mark J. Gurkowski , Randal Hines
CPC分类号: G06F21/40 , G06F21/10 , G06F2221/0755 , H04L9/0822 , H04L9/0894 , H04L9/3226 , H04L2209/603
摘要: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key.
摘要翻译: 在一个实施例中,一种用于认证对存储介质上的加密内容的访问的方法,其中根据全盘加密(FDE)密钥对加密的内容进行加密,该存储介质包括FDE密钥的加密版本和加密版本的 保护存储区域(PSA)密钥,并且其中根据PSA密钥加密FDE密钥的加密版本,该方法包括:在与存储介质相关联的主机和存储引擎之间提供经认证的通信信道; 在存储引擎处,通过认证通信信道从主机接收密码; 散列所述密码以形成导出密钥,其中所述PSA密钥的加密版本根据导出的密钥被加密; 验证密码的真实性; 如果密码是真实的,解密PSA密钥的加密版本以恢复PSA密钥; 使用恢复的PSA密钥解密加密的FDE密钥来恢复FDE密钥; 并使用FDE密钥解密加密的内容。
-
公开(公告)号:US20080294914A1
公开(公告)日:2008-11-27
申请号:US12025777
申请日:2008-02-05
申请人: Lane W. Lee , Mark J. Gurkowski , Randal Hines
发明人: Lane W. Lee , Mark J. Gurkowski , Randal Hines
CPC分类号: G06F21/40 , G06F21/10 , G06F2221/0755 , H04L9/0822 , H04L9/0894 , H04L9/3226 , H04L2209/603
摘要: In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key.
摘要翻译: 在一个实施例中,一种用于认证对存储介质上的加密内容的访问的方法,其中根据全盘加密(FDE)密钥对加密的内容进行加密,该存储介质包括FDE密钥的加密版本和加密版本的 保护存储区域(PSA)密钥,并且其中根据PSA密钥加密FDE密钥的加密版本,该方法包括:在与存储介质相关联的主机和存储引擎之间提供经认证的通信信道; 在存储引擎处,通过认证通信信道从主机接收密码; 散列所述密码以形成导出密钥,其中所述PSA密钥的加密版本根据导出的密钥被加密; 验证密码的真实性; 如果密码是真实的,解密PSA密钥的加密版本以恢复PSA密钥; 使用恢复的PSA密钥解密加密的FDE密钥来恢复FDE密钥; 并使用FDE密钥解密加密的内容。
-
公开(公告)号:US20050091491A1
公开(公告)日:2005-04-28
申请号:US10696077
申请日:2003-10-28
申请人: Lane Lee , Randal Hines , Mark Gurkowski , David Blankenbeckler
发明人: Lane Lee , Randal Hines , Mark Gurkowski , David Blankenbeckler
CPC分类号: G06F21/80 , G06F21/10 , G06F21/6218 , G06F2221/2115 , G06F2221/2129 , G11B20/00086 , G11B20/00195 , G11B20/0021 , G11B20/00224 , G11B20/00253 , G11B20/00492 , G11B20/00536 , G11B20/00855 , H04L9/0825 , H04L2209/603
摘要: A block-level storage device is provided that implements a digital rights management (DRM) system. In response to receiving a public key from an associated host system, the storage device challenges the host system to prove it has the corresponding private key to establish trust. This trust is established by encrypting a secure session key using the public key. The host system uses its private key to recover the secure session key. The storage device may store content that has been encrypted according to a content key. In addition, the storage device may encrypt the content key using the secure session key.
摘要翻译: 提供了一种实现数字版权管理(DRM)系统的块级存储设备。 响应于从相关联的主机系统接收到公共密钥,存储设备挑战主机系统以证明其具有相应的私钥以建立信任。 该信任是通过使用公钥加密安全会话密钥来建立的。 主机系统使用其私钥来恢复安全会话密钥。 存储装置可以存储根据内容密钥被加密的内容。 此外,存储装置可以使用安全会话密钥对内容密钥进行加密。
-
-
-