Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low
Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.
대표청구항▼
1. A method for validating a piece of data stored in a partition of an untrusted data store, the method being performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the
1. A method for validating a piece of data stored in a partition of an untrusted data store, the method being performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the method, the method comprising: retrieving a descriptor associated with the piece of data, the descriptor specifying a location of the piece of data on the untrusted data store and an expected hash value of the piece of data;retrieving the piece of data from the location specified by the descriptor;decrypting the piece of data using a cryptographic key associated with the partition;computing a hash value of the decrypted piece of data;comparing the computed hash value with an expected hash value; anddetermining whether the piece of data is valid based on the comparison. 2. The method of claim 1, wherein determining whether the piece of data is valid comprises determining that the piece of data is valid based on the computed hash value equaling the expected hash value. 3. The method of claim 1, wherein determining whether the piece of data is valid comprises determining that the piece of data is not valid based on the computed hash value being different from the expected hash value. 4. The method of claim 3, wherein the method further comprises: implementing a protective action based on the determination that the piece of data is not valid. 5. The method of claim 4, wherein the protective action comprises restricting access to at least some data stored in the partition. 6. The method of claim 4, wherein the protective action comprises transmitting a response to a tamper detection system. 7. The method of claim 1, wherein computing the hash value of the decrypted piece of data comprises computing the hash value using parameters associated with the partition. 8. The method of claim 7, wherein the partition is associated with a partition leader, the partition leader comprising the cryptographic key. 9. The method of claim 8, wherein the partition leader further comprises the parameters used, at least in part, to compute the hash value. 10. The method of claim 1, wherein the partition comprises one partition of a plurality of partitions, each partition of the plurality of partitions being associated with different security parameters. 11. A non-transitory computer-readable storage medium storing executable instructions that, when executed by a processor of a computer system, cause the computer system to perform a method for validating a piece of data stored in a partition of an untrusted data store, the method comprising: retrieving a descriptor associated with the piece of data, the descriptor specifying a location of the piece of data on the untrusted data store and an expected hash value of the piece of data;retrieving the piece of data from the location specified by the descriptor;decrypting the piece of data using a cryptographic key associated with the partition;computing a hash value of the decrypted piece of data;comparing the computed hash value with an expected hash value; anddetermining whether the piece of data is valid based on the comparison. 12. The non-transitory computer-readable storage medium of claim 11, wherein determining whether the piece of data is valid comprises determining that the piece of data is valid based on the computed hash value equaling the expected hash value. 13. The non-transitory computer-readable storage medium of claim 11, wherein determining whether the piece of data is valid comprises determining that the piece of data is not valid based on the computed hash value being different from the expected hash value. 14. The non-transitory computer-readable storage medium of claim 13, wherein the method further comprises: implementing a protective action based on the determination that the piece of data is not valid. 15. The non-transitory computer-readable storage medium of claim 14, wherein the protective action comprises restricting access to at least some data stored in the partition. 16. The non-transitory computer-readable storage medium of claim 14, wherein the protective action comprises transmitting a response to a tamper detection system. 17. The non-transitory computer-readable storage medium of claim 11, wherein computing the hash value of the decrypted piece of data comprises computing the hash value using parameters associated with the partition. 18. The non-transitory computer-readable storage medium of claim 17, wherein the partition is associated with a partition leader, the partition leader comprising the cryptographic key. 19. The non-transitory computer-readable storage medium of claim 18, wherein the partition leader further comprises the parameters used, at least in part, to compute the hash value. 20. The non-transitory computer-readable storage medium of claim 11, wherein the partition comprises one partition of a plurality of partitions, each partition of the plurality of partitions being associated with different security parameters.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (41)
Ober, Timothy; Reed, Peter; Doud, Robert W., Apparatus and method for implementing IPSEC transforms within an integrated circuit.
Halter Bernard J. (Longmont CO) Bracco Alphonse M. (Reston VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Prymak ; deceased Rostislaw (late of Dumfries VA , Method and system for multimedia access control enablement.
Asokan,Nadarajah; Ekberg,Jan Erik; Paatero,Lauri, Method, system and computer program product for a trusted counter in an external security element for securing a personal communication device.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.