[특허]Trusted storage systems and methods

Trusted storage systems and methods 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-012/14 G06F-011/30 H04L-009/32 H04L-009/00
출원번호	US-0617148 (2000-07-17)
발명자 / 주소	Maheshwari,Umesh Vingralek,Radek Sibert,W. Olin
출원인 / 주소	Intertrust Technologies Corp.
대리인 / 주소	Finnegan, Henderson, Farabow, Garrett &
인용정보	피인용 횟수 : 78 인용 특허 : 27

초록 ▼

Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

대표청구항 ▼

What is claimed is: 1. A method for protecting the secrecy and integrity of data stored on a non-volatile storage medium, the method comprising: receiving a block of data for storage on the non-volatile storage medium; generating at least one piece of meta-data relating to the block of data; calculating a first cryptographic hash of at least a portion of the block of data; calculating a second cryptographic hash of the meta-data; encrypting the block of data and encrypting the meta-data to form one or more uniform blocks of encrypted data; storing a cryptographic key in a substantially secret storage medium, the key being operable to decrypt the one or more uniform blocks of encrypted data; storing the one or more uniform blocks of encrypted data on the non-volatile storage medium. 2. A method as in claim 1, further comprising: receiving a request for the block of data; retrieving the cryptographic key from the secret storage medium; retrieving the one or more uniform blocks of encrypted data from the non-volatile storage medium; decrypting the one or more uniform blocks of encrypted data to yield a decrypted version of the block of data and a decrypted version of the meta-data; calculating a third cryptographic hash by hashing the decrypted version of the block of data; calculating a fourth cryptographic hash by hashing the decrypted version of the meta-data; comparing the third cryptographic hash with the first cryptographic hash; and granting the request for the block of data if the third cryptographic hash is equal to the first cryptographic hash. 3. A method as in claim 1, wherein the one or more uniform blocks of data are stored on the non-volatile storage medium in a log-structured file. 4. A method as in claim 1, further comprising: generating a hierarchical location map for use in locating the one or more uniform blocks of encrypted data on the non-volatile storage medium, the location map comprising one or more nodes, a first node of which contains the first cryptographic hash and an indicator specifying the location on the non-volatile storage medium of the portion of the block of data to which the first cryptographic hash corresponds. 5. A method as in claim 4, further comprising: computing a third cryptographic hash by hashing data contained in said first node; encrypting the data contained in said first node; storing the data contained in said first node on the non-volatile storage medium. 6. A method as in claim 5, further comprising: storing the third cryptographic hash in a second node of said hierarchical location map; storing in said second node of said hierarchical location map an indicator specifying the location on the non-volatile storage medium of the first node. 7. A method of managing the storage of a plurality of data blocks on a storage medium, the method comprising: storing the plurality of data blocks on the storage medium; generating a hierarchical location map for locating individual ones of said plurality of blocks, the hierarchical location map including a plurality of nodes, wherein a first node type includes: one or more hash values of subordinate nodes or data blocks; and one or more location indicators specifying the location at which subordinate nodes or data blocks are stored on said storage medium; and wherein a second node type includes: a hash value of a subordinate node; a location indicator specifying the location at which the subordinate node is stored on said storage medium; a cryptographic key for decrypting data contained in one or more subordinate nodes. 8. A method as in claim 7, in which the plurality of data blocks are stored on the storage medium in a log-structured file. 9. A method as in claim 7, in which the second node type further includes: an indicator of the type of cryptographic algorithm used to encrypt the data contained in one or more subordinate nodes. 10. A method as in claim 9, in which the location map contains at least a first and second node of the second node type, and in which the first and second nodes of the second node type contain different cryptographic keys, and indicators specifying different cryptographic algorithms. 11. A secure database system, the system comprising: an interface module for receiving data to be stored in the secure database; a data management module for generating indexing information relating to the data to be store in the secure database; a validation module operable to compute a hash of at least a portion of the data to be stored in the secure database and to compute a hash of at least a portion of the indexing information; a cryptographic module operable to encrypt at least a portion of the data to be stored in the secure database and to encrypt at least a portion of the indexing information; a storage medium operable to receive chunks of encrypted data and encrypted indexing information, and to store the chunks. 12. A data storage system, comprising: a bulk storage device; a trusted processing environment; a computer-implemented database management system, comprising: computer code for authenticating an application program that attempts to interface with the database management system; computer code for receiving requests to store or retrieve data from an authenticated application program; computer code for generating indexing information pertaining to data received from the authenticated application program; computer code for generating hash values by hashing the data received from the authenticated application program, and for hashing the indexing information pertaining to the data received from the authenticated application program; computer code for encrypting the data received from the authenticated application program, and for encrypting the indexing information pertaining to the data received from the authenticated application program; computer code for storing the encrypted data and the encrypted indexing information on the bulk storage medium; computer code for retrieving the encrypted data and the encrypted indexing information from the bulk storage medium; computer code for decrypting the encrypted data and the encrypted indexing information; computer code for authenticating the decrypted data and the decrypted indexing information using said hash values; wherein the computer codes for said database management system are loaded into the trusted processing environment, and are used to manage the storage and retrieval of data received from the authenticated application program. 13. A system as in claim 12, in which the trusted processing environment comprises an integrated circuit contained in a tamper-resistant case, and in which the integrated circuit includes: a volatile memory unit for storing at least a portion of the computer codes of said computer-implemented database management system. 14. A computer program product for managing data received from an application program, the computer program product including: computer code for receiving requests to store or retrieve data from the application program; computer code for generating indexing information pertaining to data received from the application program; computer code for generating hash values by hashing the data received from the application program, and for hashing the indexing information pertaining to the data received from the application program; computer code for encrypting the data received from the application program, and for encrypting the indexing information pertaining to the data received from the application program; computer code for storing the encrypted data and the encrypted indexing information on a storage medium; computer code for retrieving the encrypted data and the encrypted indexing information from the storage medium; computer code for decrypting the encrypted data and the encrypted indexing information; computer code for authenticating the decrypted data and the decrypted indexing information using said hash values; and a computer readable storage medium for containing said computer codes. 15. A computer program product as in claim 14, in which the computer readable medium is one of: CD-ROM, DVD, MINIDISC, floppy disk, magnetic tape, flash memory, ROM, RAM, system memory, hard drive, optical storage, and a data signal embodied in a carrier wave.

이 특허에 인용된 특허 (27)

Watanabe Yoshiki,JPX ; Tanaka Kei,JPX ; Hayata Hiroshi,JPX, Database management system.
상세보기
Anfindsen Ole J.o slashed.rgen,NOX, Database management system and method for combining meta-data of varying degrees of reliability.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Shear Victor H. (Bethesda MD), Database usage metering and protection system and method.
상세보기
Hagersten Erik E. ; Hill Mark D., Hierarchical SMP computer system.
상세보기
Sprague Peter J. (249 Undermountain Rd. Lenox MA 02140) Lipscomb Thomas H. (145 E. 74th St. New York NY 10021), Information distribution system.
상세보기
Griswold Gary N., Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a.
상세보기
Honsinger Chris W. ; Jones Paul W. ; Rabbani Majid ; Stoffel James C., Lossless recovery of an original image containing embedded data.
상세보기
Olson Peter D. (Santa Clara CA) Taylor Holley (Gainesville FL) Mandey Thomas (Sunnyvale CA), Message storage security system.
상세보기
Katznelson Ron D. (San Diego CA), Metering retrieval of encrypted data stored in customer data retrieval terminal.
상세보기
Barton James M. (101 Sund Ave. Los Gatos CA 95032), Method and apparatus for embedding authentication information within digital data.
상세보기
Nagel Robert (New York NY) Lipscomb Thomas H. (New York NY), Method and apparatus for retrieving secure information from mass storage media.
상세보기
Halter Bernard J. (Longmont CO) Bracco Alphonse M. (Reston VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Prymak ; deceased Rostislaw (late of Dumfries VA , Method and system for multimedia access control enablement.
상세보기
Merkle Ralph C. (Mountain View CA), Method of providing digital signatures.
상세보기
Bailey Bruce W. ; Mosher ; Jr. Malcolm, Remote duplicate database facility featuring safe master audit trail (safeMAT) checkpointing.
상세보기
Schaefer Marvin ; Martel Paul A. ; Kanawati Antoun J. ; Wade Sandra A., Secure multilevel object oriented database management system.
상세보기
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
상세보기
Chan Patrick P., System and method for providing safe SQL-level access to a database.
상세보기
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Shear Victor H. ; Sibert W. Olin ; Van Wie David M., Systems and methods using cryptography to protect secure computing environments.
상세보기
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
상세보기
Crandall Gary E., Text file compression system utilizing word terminators.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
상세보기

이 특허를 인용한 특허 (78)

Hillis, W. Daniel, Anti-item for deletion of content in a distributed datastore.
상세보기
Hillis, W. Daniel, Anti-item for deletion of content in a distributed datastore.
상세보기
Jakobsson, Bjorn Markus, Cloud authentication.
상세보기
McCarty, Richard James, Computer program products and systems for transparent data encryption and decryption.
상세보기
Griffin, Robert W.; Bailey, Daniel V., Credential-based application programming interface keys.
상세보기
Colgrove,John A., Data protection mechanism.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and method with multiple independent levels of security.
상세보기
Redlich, Ron M.; Nemzow, Martin A., Data security system and with territorial, geographic and triggering event protocol.
상세보기
Hillis, W. Daniel; Bax, Eric; Callejas, Augusto; Kao, Harry; Kolehmainen, Mathias L., Data store with lock-free stateless paging capability.
상세보기
Swett, Ian; Hillis, W. Daniel, Distributed data store with a designated master to ensure consistency.
상세보기
Swett, Ian; Hillis, W. Daniel, Distributed data store with a designated master to ensure consistency.
상세보기
Hillis, W. Daniel; Bax, Eric; Kolehmainen, Mathias L., Distributed data store with an orderstamp to ensure progress.
상세보기
Douceur, John R.; Adya, Atul; Bolosky, William J.; Theimer, Marvin M., Encrypted key cache.
상세보기
Douceur,John R.; Adya,Atul; Bolosky,William J.; Theimer,Marvin M., Encrypted key cache.
상세보기
Ducharme, Paul D., Encrypted memory device and methods for use therewith.
상세보기
Vingralek, Radek, Estimating data availability on managed storage devices.
상세보기
Douceur, John R.; Adya, Atul; Benaloh, Josh D.; Yuval, Gideon A., Exclusive encryption.
상세보기
Douceur, John R.; Benaloh, Josh D.; Yuval, Gideon A.; Adya, Atul, Exclusive encryption.
상세보기
Douceur, John R.; Benaloh, Josh D.; Yuval, Gideon A.; Adya, Atul, Exclusive encryption.
상세보기
Douceur, John R.; Benaloh, Josh D.; Yuval, Gideon A.; Adya, Atul, Exclusive encryption.
상세보기
Douceur,John R.; Benaloh,Josh D.; Yuval,Gideon A.; Adya,Atul, Exclusive encryption.
상세보기
Per,Yuri S.; Tsypliaev,Maxim V.; Lyadvinsky,Maxim V.; Tormasov,Alexander G.; Beloussov,Serguei M., Fast incremental backup method and system.
상세보기
Perng, Chang-shing; Wang, Haixun; Yin, Jian; Yu, Philip S., Integrity assurance of query result from database service provider.
상세보기
Schlafly, Roger, License tracking system.
상세보기
Douceur, John R.; Theimer, Marvin M.; Adya, Atul; Bolosky, William J., Locating potentially identical objects across multiple computers based on stochastic partitioning of workload.
상세보기
Douceur, John R.; Theimer, Marvin M.; Adya, Atul; Bolosky, William J., Locating potentially identical objects across multiple computers based on stochastic partitioning of workload.
상세보기
Douceur,John R.; Theimer,Marvin M.; Adya,Atul; Bolosky,William J., Locating potentially identical objects across multiple computers based on stochastic partitioning of workload.
상세보기
Douceur,John R.; Theimer,Marvin M.; Adya,Atul; Bolosky,William J., Locating potentially identical objects across multiple computers based on stochastic partitioning of workload.
상세보기
Douceur,John R.; Theimer,Marvin M.; Adya,Atul; Bolosky,William J., Locating potentially identical objects across multiple computers based on stochastic partitioning of workload.
상세보기
Douceur,John R.; Theimer,Marvin M.; Adya,Atul; Bolosky,William J., Locating potentially identical objects across multiple computers based on stochastic partitioning of workload.
상세보기
Xu, Mingkang; Wong, Daniel ManHung, Method and apparatus for detecting data tampering within a database.
상세보기
Hazra, Amitava, Method and apparatus for protecting a software application against a virus.
상세보기
Balachandran, Subashini; Constantinescu, Mihail Corneliu, Method and apparatus to minimize metadata in de-duplication.
상세보기
Zhou, Nianjun; Meliksetian, Dikran S.; Sun, Yang; Yang, Chuan, Method and system for employing a multiple layer cache mechanism to enhance performance of a multi-user information retrieval system.
상세보기
Moffat, Darren J.; Bonwick, Jeffrey S.; Moore, William H.; Ahrens, Matthew A.; Maybee, Mark J.; Wilson, George; Perrin, Neil V., Method and system for encrypting data.
상세보기
Moffat, Darren James; Hughes, James Prescott, Method and system for making information in a data set of a copy-on-write file system inaccessible.
상세보기
Chang, Chih-Chung, Method for decrypting an encrypted instruction and system thereof.
상세보기
McCarty,Richard James, Methods and systems for transparent data encryption and decryption.
상세보기
Bolosky, William J.; Cermak, Gerald; Adya, Atul; Douceur, John R., On-disk file format for a serverless distributed file system.
상세보기
Bolosky,William J.; Cermak,Gerald; Adya,Atul; Douceur,John R., On-disk file format for a serverless distributed file system.
상세보기
Bolosky,William J.; Cermak,Gerald; Adya,Atul; Douceur,John R., On-disk file format for a serverless distributed file system.
상세보기
Bolosky,William J.; Cermak,Gerald; Adya,Atul; Douceur,John R., On-disk file format for a serverless distributed file system.
상세보기
Jakobsson, Bjorn Markus, Performing authentication.
상세보기
Barsness, Eric Lawrence; Beuch, Daniel E.; Euler, Theresa Renee; Nelsestuen, Paul Stuart; Santosuosso, John Matthew, Processing of deterministic user-defined functions using multiple corresponding hash tables.
상세보기
Willman, Bryan Mark; England, Paul; Ray, Kenneth D.; Kaplan, Keith; Kurien, Varugis; Marr, Michael David, Projection of trustworthiness from a trusted environment to an untrusted environment.
상세보기
Bailey, Daniel V.; Duane, William M.; Young, Eric, Protected resource access control utilizing intermediate values of a hash chain.
상세보기
Bailey, Daniel V.; Duane, William M.; Young, Eric, Protected resource access control utilizing intermediate values of a hash chain.
상세보기
Dillaway, Blair B., Protection of application secrets.
상세보기
Alkove, James M.; Grigorovitch, Alexandre V.; Barde, Sumedh N.; Schnell, Patrik, Provisioning a computing system for digital rights management.
상세보기
Alkove, James M.; Grigorovitch, Alexandre V.; Barde, Sumedh N.; Schnell, Patrik, Provisioning a computing system for digital rights management.
상세보기
Bailey, Daniel V.; Berg, Bradley, Remote management interface using credentials associated with respective access control intervals.
상세보기
Bumpus, Winston; Agarwal, Ajay; Curtis, William A.; Pratt, Thomas L., Removable hard disk with display information.
상세보기
Bumpus, Winston; Agarwal, Ajay; Curtis, William A.; Pratt, Thomas L., Removable hard disk with embedded security card.
상세보기
Pratt, Thomas L.; Agarwal, Ajay; Bumpus, Winston; Curtis, William A., Removable hard disk with front panel input.
상세보기
Khan, Salahuddin Christopher Jules; Abzarian, David, Safe hashing for network traffic.
상세보기
Boccon-Gibod, Gilles; Ellison, Gary, Secure processing systems and methods.
상세보기
Boccon-Gibod, Gilles; Ellison, Gary F., Secure processing systems and methods.
상세보기
Boccon-Gibod, Gilles; Ellison, Gary F., Secure processing systems and methods.
상세보기
Alkove, James M.; Grigorovitch, Alexandre V.; Schnell, Patrik, Secure storage for digital rights management.
상세보기
Alkove, James M.; Grigorovitch, Alexandre V.; Schnell, Patrik, Secure time source operations for digital rights management.
상세보기
Vingralek, Radek, Selecting optimal repair strategy for mirrored files.
상세보기
Waldspurger, Carl A.; Eccleston, Matthew, Selective encryption system and method for I/O operations.
상세보기
Waldspurger,Carl A.; Eccleston,Matthew, Selective encryption system and method for I/O operations.
상세보기
Adya, Atul; Cermak, Gerald; Douceur, John R.; Theimer, Marvin M.; Wattenhofer, Roger P.; Bolosky, William J., Serverless distributed file system.
상세보기
Adya,Atul; Bolosky,William J.; Cermak,Gerald; Douceur,John R.; Theimer,Marvin M.; Wattenhofer,Roger P., Serverless distributed file system.
상세보기
Jakobsson, Bjorn Markus, System access determination based on classification of stimuli.
상세보기
Borthakur,Dhrubajyoti; Pashenkov,Serge, System and method for chunk-based indexing of file system content.
상세보기
Lee, John; Levy, Nir, System, method, and computer program for validating receipt of digital content by a client device.
상세보기
MacKay, Michael K.; Maher, David P., Systems and methods for governing content rendering, protection, and management applications.
상세보기
MacKay, Michael K.; Maher, David P., Systems and methods for governing content rendering, protection, and management applications.
상세보기
Maheshwari, Umesh; Vingralek, Radek; Sibert, W. Olin, Trusted storage systems and methods.
상세보기
Maheshwari, Umesh; Vingralek, Radek; Sibert, W. Olin, Trusted storage systems and methods.
상세보기
Maheshwari, Umesh; Vingralek, Radek; Sibert, W. Olin, Trusted storage systems and methods.
상세보기
Maheshwari, Umesh; Vingralek, Radek; Sibert, W. Olin, Trusted storage systems and methods.
상세보기
Maheshwari, Umesh; Vingralek, Radek; Sibert, W. Olin, Trusted storage systems and methods.
상세보기
Maheshwari, Umesh; Vingralek, Radek; Sibert, W. Olin, Trusted storage systems and methods.
상세보기
Maheshwari, Umesh; Vingralek, Radek; Sibert, W. Olin, Trusted storage systems and methods.
상세보기
Waldspurger, Carl A.; Bugnion, Edouard, Undefeatable transformation for virtual machine I/O operations.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Trusted storage systems and methods 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (27)

이 특허를 인용한 특허 (78)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Trusted storage systems and methods 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (27)

이 특허를 인용한 특허 (78)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트