[go: up one dir, main page]

HK1185692A - Methods and devices for authentication and data encryption - Google Patents

Methods and devices for authentication and data encryption Download PDF

Info

Publication number
HK1185692A
HK1185692A HK13113151.3A HK13113151A HK1185692A HK 1185692 A HK1185692 A HK 1185692A HK 13113151 A HK13113151 A HK 13113151A HK 1185692 A HK1185692 A HK 1185692A
Authority
HK
Hong Kong
Prior art keywords
storage device
input password
encrypted
host device
password
Prior art date
Application number
HK13113151.3A
Other languages
Chinese (zh)
Inventor
J.S.林
Original Assignee
西部数据技术公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西部数据技术公司 filed Critical 西部数据技术公司
Publication of HK1185692A publication Critical patent/HK1185692A/en

Links

Description

Method and apparatus for authentication and data encryption
Technical Field
Background
The IEEE1667 passed Silo authentication protocol of microsoft corporation requires that both a host wishing to access data stored on a device and the device prove to each other that they know the Password being authenticated. According to the 1667 protocol, this is done by having each party provide a random challenge to the other party, and then returning a hash of the challenge of the other party combined with the password. In order for the device to verify that the host knows the correct password, the device itself must also know and store a copy of the password. This is a reasonable condition for most unencrypted products: since the user's data is not encrypted, the device may store a copy of the password in non-volatile memory, where the copy of the password is only a little more secure than the user's data.
However, at least the password, Data Encryption Key (DEK), and encrypted data itself of the data encryption product must be secure. If the product is designed so that the access credentials are resident only with the user, the device itself must not contain any passwords or keys that can be used to access the user's data. In fact, the thief should not be able to disassemble and analyze the device and discover the necessary information to enable him or her to decrypt the stored encrypted data. Furthermore, an intruder listening between the host and the device should not be able to capture any information exchanged between the host and the device that would cause the device to later verify him or her and allow it to decrypt the encrypted data stored by the device.
Disclosure of Invention
Drawings
FIG. 1 is a block diagram of a host device and a storage device configured according to one embodiment.
FIG. 2 is a flow diagram of a method of securing a password for accessing data stored on a storage device, according to one embodiment.
FIG. 3 is a flow diagram of a method of authenticating a host device according to one embodiment.
Detailed Description
FIG. 1 is a block diagram of a host device and a storage device configured according to one embodiment. As shown therein, a storage device 102 may be coupled to one or more host devices 104 through an interface 103. In some embodiments, there may be more than one host device 104 coupled to the storage device 102. The host device 104 may be or include a personal computer, a tablet computer, or any device that requests access to encrypted data stored within the storage device 102, such as a Digital Video Recorder (DVR), DNLA television, or wireless device. The storage device 102 may include a non-volatile storage medium 112, such as a magnetic disk or more than one magnetic disk, a non-volatile semiconductor memory (e.g., a flash drive or SSD), a hybrid storage medium containing both magnetic disks and non-volatile semiconductor memory, or any other device capable of storing user data in a non-volatile manner. The storage device 102 may also include volatile memory 108 (e.g., Random Access Memory (RAM)) and a processor 110. The processor may be any combination of hardware, software, and firmware that collectively perform the methods of fig. 2 and 3. The non-volatile storage medium 112 may store at least encrypted user data 114, one or more encrypted user passwords 118, and a first number 116, as described below. The non-volatile storage medium 112 may also include one or more DEKs as described below. As described below, the processor 110 is operable to perform the methods shown in fig. 2 and 3.
FIG. 2 is a flow diagram of a method of securing a password for accessing a data store on a storage device, according to one embodiment. Blocks B201 and B292 may optionally be performed, where both B201 and B202 are included for completeness. Block B201 requires the storage device 102 to receive a drive security status check from the host device 104. This status check may determine whether the password of the storage device 102 has been set. If the password of the storage device 102 has been previously set (affirmative branch of block B202), then the method may proceed to block B31 of fig. 3. However, if the password of the storage device 102 has not been set (negative branch of block B202), then the method proceeds to block B21 of fig. 2. As shown, block B21 calls for the storage device 102 to receive a first input password required to gain future access to data stored on the storage device 102. The first input password may be received from the host device 104 via the interface 103 as shown in fig. 1. The user of the host device 104 may have entered the first entered password, and the first entered password may be sent to the storage device in the clear (i.e., unencrypted) text. Alternatively, the first input password received by the storage device 102 has been previously stored on the host device 104.
In response to the storage device 102 receiving the first input password, the storage device 102 may generate a first number, as shown in block B22. The generated first number may comprise a random number or a pseudo-random number. Then, as shown in block B23, the storage device 102 may combine the received first input password and the generated first number. An encryption key based on the combination of the first input password and the first number may then be generated, as required by block B24. As shown in block B25, the received first input password (and, optionally, other data structures) may be encrypted with the generated encryption key. Then, as shown in block B26, at least the encrypted first input password and the first number may be stored in the non-volatile storage medium 112.
According to one embodiment, the first entered password sent in clear text to the storage device 102 (and received by the storage device 102 at block B21) is only temporarily stored in the volatile memory 108 and not in the non-volatile storage medium 112.
An encryption key may be generated based on a combination of the first input password and the first number. According to one embodiment, the first entered password and the first number may be combined by appending the first entered password to the first number (e.g., a concatenation) or by appending the first number to the first entered password (e.g., a concatenation). According to one embodiment, the first input password and the first number may be combined by hashing the first input password and the first number. Most any secure hashing algorithm can be used to combine the first input password and the first number. For example, a SHA-1 ("secure hash Algorithm 1") cryptographic hash function may be used to combine the first input password and the first number. SHA-1 is specified by the National Security Administration (NSA) and published by the NIST U.S. as the U.S. Federal information processing Standard. Another example of a suitable hashing algorithm is SHA-2, which is also a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) specified by NSA and published by NIST in 2001. SHA-2 is considered to include a number of changes from its predecessor SHA-1. Currently, SHA-2 consists of a set of four hash functions with digests that are 224 bits, 256 bits, or 512 bits in length. As can be appreciated by those skilled in the art, other hashing algorithms may be used to combine the first input password and the first number. According to one embodiment, combining the first input password and the first number may include appending the first input password to the first number (or appending the first number to the first input password), and hashing the resultant first input password and appended first number using SHA-1 and SHA-2 hashing algorithms to generate the key or keys. The generated key may then be used to encrypt the first input password (and thus generate a first encrypted first input password) and the DEK, which is used to encrypt the user data on the storage device 102. The first encrypted first input password(s) and the encrypted DEK(s) may be stored in the non-volatile storage medium 112.
According to one embodiment, there may be more than one first entered password. For example, the storage device 102 may support the simultaneous use of a user password and an administrator password. As described above, the storage device 102 may also support the use of more than one hashing algorithm. For example, the storage device 102 may also support the simultaneous use of SHA-1 and one or more hash functions selected from a SHA-2 protocol-defined set of hash functions, e.g., SHA-256. Thus, according to one embodiment, a total of four separate keys may be generated in order to support both the user password and the administrator password and the use of SHA-1 and SHA-2. The first such key may be a SHA-1 hash of the first input user password appended to the first number or a SHA-1 hash of the first number appended to the first user input password. The second such key may be a SHA-1 hash of the first input administrator password appended to the first number or a SHA-1 hash of the first number appended to the first administrator password. The third such key may be a SHA-2 hash of the first input user password appended to the first number or a SHA-2 hash of the first number appended to the first user input password. Finally, a fourth such key may be a SHA-2 hash of the first entered administrator password appended to the first number or a SHA-2 hash of the first number appended to the first administrator entered password. It is understood, however, that most any string operation, mathematical operation, or logical operation, singly or in combination, may be substituted for the terms "attached to" and/or "combined" as would be recognized by one skilled in the art.
Continuing with the example formed directly above, a first key (generated using SHA-1) may be used to encrypt the first input user password and the DEK, a second key (also generated using SHA-1) may be used to encrypt the first input administrator password and the DEK, a third key (generated using SHA-2) may be used to encrypt the first input user password and the DEK, and a fourth key (generated using SHA-2) may be used to encrypt the first input administrator password and the DEK.
Once the method outlined in fig. 2 and described above has been performed, the storage device 102 stores only the encrypted version of the first input user password (if one hash is used) or more than one encrypted version (if more than one hash is used). If an administrator password is used, the storage device 102 stores an encrypted version of the first input administrator password (if one hash is used) or more than one encrypted version of the first input administrator password (if more than one hash is used) in addition to the encrypted version(s) of the first input user password. The user password and the administrator password are not stored in the storage device 102 in plain text. In this manner, if an unauthorized user owns the storage device 102, such unauthorized user is unable to disassemble and analyze the drive in an attempt to recover the user password and/or the administrator password to access the encrypted user data stored on the storage device 102.
Once the password is set in encrypted form and stored on the storage device 102, the storage device 102 is ready to authenticate the host device (and the user extending to the host device) seeking access to the encrypted user data stored on the non-volatile storage media 112. FIG. 3 is a flow diagram of a method of authenticating a host device according to one embodiment. As shown, block B31 calls for the storage device 102 to receive a verification request through the interface 103 with the host device 104. The host device 104 may have requested and the user provide a second input password that the user of the host device 104 entered when the storage device 102 requested authentication from the host device 104. The term "second entered password" is used to distinguish a password entered during an authentication session from a "first entered password" entered by a user during a password setup or reset session. Having received the authentication request from the host device 104, the storage device 102 may respond to the request by responding to the host device 104 with a first number, as shown at B32. According to one embodiment, the first number may comprise a random number previously generated by the processor 110 or provided to the processor 110 and stored in the non-volatile storage medium 112. Block B33 calls for the storage device 102 to receive a second number based on an encrypted combination of the first number and the second input password provided to the host device at block B32.
The storage device 102 may then read the encrypted first input password (also referred to herein as the first encrypted first input password) from its storage medium 112 and attempt to decrypt the first encrypted first input password using the second number. If the second number successfully decrypts the first encrypted first input password (the positive branch of block B34), then the host device 104 is successfully authenticated, as shown in block B35. After the host has been authenticated, if the user chooses to change the password, a new password may be received and encrypted (according to blocks B21-B26 of FIG. 2). If the second number did not successfully decrypt the first encrypted first input password (negative branch of block B34), then the host device 104 is not authenticated, as shown in block B36. If not, the host device 104 is not allowed to access the user data stored on the non-volatile storage media 112 of the storage device 102. The success or failure of decryption can be determined in a number of ways. For example, to determine whether decryption of the first encrypted first input password was successful, a previously known number (e.g., a predetermined 32-bit number whose value may be set in firmware) and the first input password have been encrypted and stored on the non-volatile storage medium 112. Then, once the previously encrypted number and the first encrypted first input password are decrypted, it may be determined whether the decrypted number matches a value set in the firmware. If so, then the decryption of the first encrypted first input password is deemed to have been successful. If the decrypted number does not match a value set in firmware, the decryption of the first encrypted first input password may be deemed unsuccessful. Alternatively, a Cyclic Redundancy Check (CRC) of the first input password may be determined. The CRC may then be encrypted along with the first input password and stored on the non-volatile storage medium 112. The CRC may also be decrypted once the first encrypted first input password is decrypted and compared to the CRC of the first encrypted first input password that was just decrypted. If the CRC of the first encrypted first input password that was just decrypted matches the decrypted CRC, then the decryption of the first encrypted first input password may be deemed to have been successfully performed. If the CRC of the just-decrypted first encrypted first input password does not match the decrypted CRC, then the decryption of the first encrypted first input password may be deemed to have not been successfully performed. Those skilled in the art will recognize that other methods of determining the success or failure of decryption of the first encrypted first input password are possible.
Upon successful authentication, the processor 110 of the storage device 102 may cause a first message to be generated and provided to the host device 104, the first message indicating that the storage device 102 has successfully authenticated the host device 104. Upon unsuccessful authentication attempts, the processor 110 of the storage device 102 may cause a second message to be generated and provided to the host device 104 indicating that the storage device 102 has not successfully authenticated the host device 104. In this case, the storage device 102 will deny the host device 104 access to the encrypted user data 114 stored thereon.
According to one embodiment, a key generated based on a combination of the first input password and the first number is used to encrypt not only the first input password but also the DEK. If the authentication is successful and the host is authenticated, as shown in B35, then not only the first entered password can be decrypted, but also the DEK can be successfully decrypted. Successful decryption of the DEK is to enable decryption of the encrypted user data 114 and access of the encrypted user data 114 in clear by the host device 104. However, if the authentication fails as shown in B36, neither the first entered password nor the DEK can be successfully decrypted. If not, the DEK is not available to decrypt DEK-encrypted user data stored on the non-volatile storage media 112. This, in turn, prevents the host device from accessing any encrypted user data 114 in the clear.
After successful authentication of the host device 104 at block B35, the storage device may generate a third number that replaces the first number and is stored in the non-volatile storage medium 112. According to one embodiment, this third number replaces first number 116 and may be considered a "new" first number. Having performed the foregoing substitution, the method may then revert to block B23 of fig. 2 to prepare the next authentication request, as indicated by "a" in fig. 2 and 3.
In block B23, the storage device 102 may combine the first input password (the first encrypted first input password from the decryption that was just successfully verified) and the first number (from the third number that was just successfully verified), and generate a key based on the resulting combination, as shown in block B24. Thereafter, the first input password (the first encrypted first input password from the decryption that has just been successfully authenticated) may be encrypted using the generated key, as shown in B25, thereby generating a second encrypted first input password. The DEK may also be encrypted with the generated key. Thus, the re-encrypted first input password (second encrypted first input password), the third number, and the encrypted DEK may be stored in the non-volatile storage medium 112 of the storage device 102, as shown in B26.
Thereafter, the next time authentication is requested by the host device 104, decryption of the re-encrypted first input password and the DEK will be performed using the third number generated at block B37, where the third number is effectively the "new" first number used to encrypt the first input password and the DEK. In fact, the next time the storage device receives an authentication request from the host device 104, the storage device provides the host device 104 with the most recently generated third number, which replaces the first number. Using the third number (the "new" first number), host device 104 generates a new key that is different from the key generated in preparation for the previous authentication attempt. Thus, the third number (the "new" first number) may be stored in the non-volatile storage medium 112.
Generating the new key and subsequently encrypting the first input password and the DEK with the new key ensures that an interloper viewing traffic between the host device 104 and the storage device (e.g., with a signal analyzer) cannot intercept any information that would enable him or her to generate the second number used to decrypt the encrypted first input password and the DEK, even if such interloper successfully intercepted and interpreted all signals exchanged during the authentication session. This is because blocks B23 through B26 may be performed entirely within the storage device 102 immediately after successful verification. Thus, such interlopers are unaware of the "new" first digit (the third digit generated at block B37 in fig. 3), the key is generated from the "new" first digit, and the key is transmitted to the host device 104 once the storage device receives the next subsequent authentication request.
According to one embodiment, to support the case where the storage device supports multiple first-entry passwords and multiple hash algorithms to encrypt the multiple first-entry passwords and the DEK, when the storage device 102 receives the authentication request at block B31 in FIG. 3, the storage device may also receive both a password indicator (e.g., 0x00 for the first-entry administrator password, 0x01 for the first-entry user password) and a hash algorithm indicator (0 x00 for the SHA-1 hash algorithm, 0x01 for the SHA-256 hash algorithm) from the host device 104. Receiving the password indicator and the hash algorithm indicator from the host device 104 allows the storage device 102 to determine which set of encrypted first input password and DEK to attempt to decrypt at block B34 using the second number provided by the host device in block B33.
While certain embodiments of the invention have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the invention. Indeed, the novel methods, devices, and systems described herein may be embodied in a variety of other forms. Also, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions. For example, those skilled in the art will appreciate that the actual configuration may vary from that shown in the figures in different embodiments. Depending on the embodiment, some of the steps described in the above examples may be removed, and other steps may be added. Moreover, the features and attributes of the specific embodiments disclosed above can be combined in different ways to form additional embodiments, all of which are within the scope of the present disclosure. For example, the storage device 102 may support any number of first input passwords and hashing algorithms. While the present disclosure provides certain preferred embodiments and applications, other embodiments will be apparent to those of ordinary skill in the art, including embodiments that do not provide all of the features and advantages set forth herein, and are within the scope of the present disclosure. Accordingly, the scope of the present disclosure is to be limited only by the following claims.

Claims (33)

1. A storage device configured to secure a password and authenticate a host device, the storage device comprising:
a non-volatile storage medium;
an interface coupled to at least one host device, an
A processor operable to receive a first input password required to access data stored in the non-volatile storage medium through an interface with the at least one host device, generate a first number, combine the first input password and the first number, generate a key based on the combination of the first input password and the first number, encrypt the received first input password with the key, and store the encrypted first input password and first number in the non-volatile medium.
2. The memory device of claim 1, wherein the processor is further operable to generate a random number as the first number.
3. The storage device of claim 1, wherein the processor is further operable to encrypt user data to be stored on the non-volatile storage medium.
4. The storage device of claim 1, the processor further operable to combine the first entered password and the first number by one of appending the first entered password to the first number and appending the first number to the first entered password.
5. The storage device of claim 1, wherein the processor is further operable to combine the first input password and the first number by hashing the first input password and the first number.
6. The storage device of claim 1, wherein the processor is further operable to:
receiving an authentication request through the interface with the at least one host device;
providing a reply containing the first number through the interface with the at least one host device;
receiving, through the interface with the at least one host device, a second number calculated based on an encrypted combination of the first number and a second input password, and
authenticating the at least one host device if the second number successfully decrypts the encrypted first input password.
7. The storage device of claim 6, further comprising not authenticating a first host device if the second number did not successfully decrypt the encrypted first input password.
8. The storage device of claim 1, wherein the processor is further operable to encrypt a Data Encryption Key (DEK) with the key, the DEK being used to encrypt user data on the storage device.
9. The storage device of claim 8, wherein the processor is further operable to decrypt the encrypted DEK using the second number.
10. The storage device of claim 1, wherein the non-volatile storage medium comprises a disk, and the storage device further comprises a head for writing data to and reading data from the disk.
11. The storage device of claim 1, wherein the non-volatile storage medium comprises a non-volatile semiconductor memory.
12. A storage device configured to authenticate a host device, the storage device comprising:
a non-volatile storage medium;
an interface coupled to the at least one host device, an
A processor operable to receive an authentication request through an interface with the at least one host device; reading a first number from the non-volatile storage medium; providing a reply containing the first number through the interface with the at least one host device; receiving, by the interface with the at least one host device, a second number calculated based on an encrypted combination of the first number and a second input password; reading a first encrypted first input password from the storage device that has been encrypted with an encrypted combination of the first input password and the first number; and authenticating the at least one host if the second number successfully decrypts the first encrypted first input password.
13. The storage device of claim 12, wherein the processor is further operable to not authenticate the at least one host device if the second number does not successfully decrypt the first encrypted first input password.
14. The storage device of claim 12, wherein the processor is further operable to:
generating a third number and replacing the first number with the third number in the storage device when the at least one host device is successfully authenticated;
generating a second encrypted first input password based on an encrypted combination of the first input password and the third number, an
Storing the second encrypted first input password in the non-volatile storage medium.
15. The memory device of claim 14, wherein the processor is further operable to generate a random number as the third number.
16. The storage device of claim 12, wherein the second number comprises a hash of the first number and the second input password computed by the at least one host device.
17. The storage device of claim 12, wherein the processor is further operable to provide a message through the interface with the at least one host device indicating that the storage device has authenticated the at least one host device.
18. The storage device of claim 12, wherein the non-volatile storage medium comprises a disk, and the storage device further comprises a head for writing data to and reading data from the disk.
19. The storage device of claim 12, wherein the non-volatile storage medium comprises a non-volatile semiconductor memory.
20. A method for a storage device to protect a password and authenticate a host device, the method comprising:
receiving, through an interface with at least one host device, a first input password required to access data stored on the storage device;
generating a first number;
combining the first input password and the first number;
determining a key based on a combination of the first input password and the first number;
encrypting at least the first input password using the key; and
storing the encrypted first input password and the first number in the storage device.
21. The method of claim 20, wherein generating a first number comprises generating a random number.
22. The storage device of claim 20, wherein combining the first entered password and the first number includes one of appending the first entered password to the first number and appending the first number to the first entered password.
23. The method of claim 20, wherein combining the first input password and the first number comprises hashing the first input password and the first number.
24. The method of claim 20, further comprising encrypting a data encryption key with the key, the data encryption key used to encrypt data stored on the storage device.
25. The method of claim 20, wherein storing an encrypted first input password comprises storing the encrypted first input password in a non-volatile medium in the storage device.
26. The method of claim 20, further comprising storing the first number in a non-volatile medium of the storage device.
27. The method of claim 20, further comprising:
receiving an authentication request through the interface with the at least one host device;
reading a first number from the storage device;
providing a reply containing the first number through the interface with the at least one host device;
receiving, through the interface with the at least one host device, a second number calculated based on an encrypted combination of the first number and a second input password, and
reading the encrypted first input password from the storage device; and
authenticating the at least one host device if the second number successfully decrypts the encrypted first input password.
28. A method for a storage device to authenticate a host device, the method comprising:
receiving an authentication request through an interface with the at least one host device;
reading a first number from the storage device;
providing a reply containing the first number through the interface with the at least one host device;
receiving, by the interface with the at least one host device, a second number calculated based on an encrypted combination of the first number and a second input password;
reading a first encrypted first input password from the storage device based on an encrypted combination of the first input password and the first number; and
authenticating the at least one host device if the second number successfully decrypts the first encrypted first input password.
29. The method of claim 28, further comprising not authenticating the at least one host apparatus if the second number did not successfully decrypt the first encrypted first input password.
30. The method of claim 28, further comprising:
generating a third number and replacing the first number with the third number in the storage device when the at least one host device is successfully authenticated, and
generating a second encrypted first input password based on an encrypted combination of the first input password and the third number; and
storing the second encrypted first input password in the storage device.
31. The method of claim 30, wherein generating the third number comprises generating a random number.
32. The method of claim 28, wherein receiving the second number comprises receiving a hash of the first number and the second input password computed by the at least one host device.
33. The method of claim 28, further comprising providing a message through the interface with the at least one host device indicating that the storage device has authenticated the at least one host device.
HK13113151.3A 2012-02-14 2013-11-26 Methods and devices for authentication and data encryption HK1185692A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13/396,546 2012-02-14

Publications (1)

Publication Number Publication Date
HK1185692A true HK1185692A (en) 2014-02-21

Family

ID=

Similar Documents

Publication Publication Date Title
CN103246842B (en) For verifying the method and apparatus with data encryption
CN113545006B (en) Remote authorized access to locked data storage devices
TWI463349B (en) Method and system for secure data access among two devices
US9342701B1 (en) Digital rights management system and methods for provisioning content to an intelligent storage
CN114175574B (en) Wireless Security Protocols
US11831752B2 (en) Initializing a data storage device with a manager device
CN113383335B (en) Security logging of data storage device events
US20070300031A1 (en) Memory data shredder
JP6523967B2 (en) Method and device for authentication and key exchange
US12225111B2 (en) Authorization requests from a data storage device to multiple manager devices
US12175117B2 (en) Multiple authorization requests from a data storage device
US20210216653A1 (en) Multi-role unlocking of a data storage device
US20210218558A1 (en) Enrolment of pre-authorized device
WO2020000491A1 (en) File storage method and apparatus, and storage medium
US12118103B2 (en) Certificates in data storage devices
HK1185692A (en) Methods and devices for authentication and data encryption
US12101418B2 (en) Cryptographic keys for authorization requests from a data storage device
US20250390597A1 (en) Authenticating a host computer system to access a data storage device