CA2358980A1 - Distributed security architecture for storage area networks (san) - Google Patents

Distributed security architecture for storage area networks (san) Download PDF

Info

Publication number
CA2358980A1
CA2358980A1 CA002358980A CA2358980A CA2358980A1 CA 2358980 A1 CA2358980 A1 CA 2358980A1 CA 002358980 A CA002358980 A CA 002358980A CA 2358980 A CA2358980 A CA 2358980A CA 2358980 A1 CA2358980 A1 CA 2358980A1
Authority
CA
Canada
Prior art keywords
host
key
san
ssa
hsed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002358980A
Other languages
French (fr)
Inventor
Kumar Murty
Vladimir Kolesnikov
Daniel Thanos
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KARTHIKA TECHNOLOGIES Inc
Original Assignee
KARTHIKA TECHNOLOGIES Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by KARTHIKA TECHNOLOGIES Inc filed Critical KARTHIKA TECHNOLOGIES Inc
Priority to CA002358980A priority Critical patent/CA2358980A1/en
Priority to PCT/CA2002/001518 priority patent/WO2003032133A2/en
Priority to AU2002328750A priority patent/AU2002328750A1/en
Priority to US10/269,934 priority patent/US20030084290A1/en
Publication of CA2358980A1 publication Critical patent/CA2358980A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Description

DISTRIBUTED SECURITY ARCHITECTURE FOR STORAGE AREA
NETWORKS (SAN) The present invention relates to an architecture that provides a comprehensive and transparent implementation of security for SANs while preserving the required performance characteristics of the system.
There are five main requirements of this architecture:
a) Security does not degrade the performance of the SAN.
b) The solution is transparent to the end user and SAN
c) The security is easy to manage.
d) The system is able to protect itself from malicious use(rs).
e) The system is disaster resistant, in the sense that there is no chance that an encryption key will become lost or destroyed that would render all data on the SAN useless.
I. Novelty of the Architecture The security presently relies on zoning protocols that govern access through passwords, and certificates alone. However, it does not protect against malicious users or their coalitions (organized groups of attackers). By malicious users, we mean any motivated and/or sophisticated entity that attempts to gain access to data that it should not have, or attempts to modify data that it should not.
As SANs are deployed in more public network environments, the possibility of malicious attacks becomes real and inevitable.
Currently there is no transparent and comprehensive storage security that has acceptable performance characteristics. Note that in a managed service environment, communication as well as storage encryption is required for total service integrity.
II. Unipue Aspects of Storage Security There are certain aspects of securing storage that are different from securing communications. Firstly, data is encrypted by a key, which has to be retrievable after a long period of time. Secondly, only the cipher text is available.
Thus, the key-management scheme has to be disaster resistant and secure. While fulfilling all these requirements, the security solution has to preserve the high performance environment of a SAN.
III. Components of Security There are many components that are required to ensure a secure installation.

Public Key Infrastructure (PKI), which allows for authentication, is only one component, and at present most SAN security exclusively relies on this. In addition, if we wish to ensure confidentiality, integrity and non-repudiation, a complete security solution is necessary. Namely, in addition to PKI, an encryption protocol for storage and communication has to be implemented between the Host system and the SAN.
IV. Proposed Architecture Components 1. Host Storage Encryption Driver (HSED) 1-1. Description The HSED is located between the Host operating system and the SAN attached drive. When the Host writes data on the SAN attached drive, the HSED
intercepts it and encrypts it using a symmetric storage key and forwards it to the drive. When the Host requests data from a SAN attached drive, the HSED
intercepts the request and decrypts (using a symmetric storage key) what it reads from the drive and delivers it to the Host.
2 HSED Operation Fig 1-1 HSED
V
O'~~~
~c a Host Operating System ~°
w HBA/NIC
Driver Host Terms SAN - Storage Area Network Host - Any computer w in comunication with the SAN

HSED - Host Storage Encryption Driver HBA - Host Bus Adapter NIC - Network Interface Card The idea behind this component is to enable high performance distributed bulk encryption between the SAN and the Host, in a manner that is transparent to both the SAN and the Host. The functions outlined below are performed in the sequence they are presented.
3 1-2. Functions 1-2-1. Self-Verification Self-verification is required to prevent the possibility of a rogue or altered HSED
from stealing the storage key it should destroy when the session is over.
1. The HSED picks a random offset O and byte length L (This should be at least 1 KB): We require that O + L s size of HSED
2. The HSED then takes a hash (using a function like SHA-1 ) of its contents from the memory location O to O + L. This hash will be called H.
3. The HSED then encrypts (using a session communication key) O, L, and H and sends it to the SSA.
4. The SSA decrypts O and L and takes a hash (using a function like SHA-1 ) of a stored trusted copy of a HSED from location O to location O + L. This hash will be called H'.
5. If H and H' are equal then the SSA randomly decides whether steps 1 to 5 are to be performed again, or if the HSED is to be declared valid.
6. If H and H' are not equal the HSED takes remedial action. This could include notification of a system administrator and/or logging the mismatch and generating and distributing a new HSED to the Host using the method outlined in section 2-2-2.

HSED Self Verffication Fig 1-2 Host Memory HSED O offset Valld HASH FUNCTION~ I"I

(i.e.
SHA-1) V
O + L
(Length) YeS Re No 1 FFFFF H = /./~ S
~ d Invalid Randon Memo HSED O (offset) HASH FUNCTION ~ I"Ir (i.e. SHA-1 ) V
O + L (Length) Redo Steps 1-5 FFFFF
It is important to note that step 5 prevents attackers from exploiting race conditions, namely switching a legitimate HSED with a rogue one in between steps 3 and 4.
Also note that in an implementation step 5 could be bounded not to repeat more than a specific number of times. These steps could also be performed at any random time after the HSED has been given the storage key to challenge its validity. Finally, the HSED may run on a hard coded fixed port address to eliminate the possibility that a valid HSED is running at the same time as a rogue HSED is communicating with the SSA.
SSA Controled & Trusted 1-2-2. Key Destruction 1. After a predetermined timeout period or when the Host indicates a termination of communication with the SAN attached drive, the HSED
must destroy the storage key.
2. The HSED then executes the key destruction phase of the Key Management Protocol (KMP: see section 3-2-2).
2. Key Distribution Protocol (KDP) 2-1. Description The primary purpose of this protocol is to generate and securely store a symmetric storage encryption/decryption key for later retrieval and use. The general method by which this is done is described by Shamir in 1979; it is known as the secret sharing scheme [1 ]. We will adapt this method for a SAN
environment. First we will give a description of the mathematics that Shamir developed. Shamir proposed an easy and efficient (t,n) secret sharing scheme.
By definition of (t,n) secret sharing, the secret S is distributed among n participants, such that any t shares of the total n give no information about the secret, but any t+1 allow complete secret reconstruction. The secret holder constructs a monic polynomial of degree t+1, where each coefficient, except the constant term (and, of course, the highest degree term), is uniformly random.
The constant term of the polynomial is set equal to the secret. The polynomial is then evaluated at n different non-zero points; each of the n participants is sent exactly one of the n values, so that all the values are distributed between the participants. Now, any number of polynomial evaluations at up to and including t points is insufficient to gain any information about the constant term of the polynomial, while t+1 points allow to uniquely determine the polynomial (by solving a system of t+1 linear equations), and thus its constant term, which is the secret.
We will now describe how the above method can be adapted for use in a SAN.
The secret S will be the symmetric key used for the storage encryption. The participants could be switches, storages arrays, or any other device that can store key fragments (n shares) on the storage network. It is now clear how Shamir's method would work with a SAN. We will now give a description of the protocol.

2-2. Functions 2-2-1. Initialization 1. We assume the Host has been authenticated, using any of the many authentication methods like RADIUS, Kerberos, etc....
2. A key exchange protocol (i.e. ECC Diffie-Hellman) is executed to establish a secure communication key between the Host and the SSA.
3. The SSA generates a random storage key for the Host 4. The SSA fragments and distributes the key among n devices found on the storage network using Shamir's sharing scheme. It associates the storage key with the Host (by updating its database) and stores where the key fragments have gone.
5. It destroys the key it just generated by overwriting it in its memory.
2-2-2. Host Software Distribution 1. Cryptographically Sign HSED (using an algorithm like DSA) 2. Distribute the signed HSED to the Host securely using the established communication key.
3. The Host verifies (using the same signature algorithm that the SSA signed the HSED with) the signed HSED using the SSA's certificate.
4. The HSED now installs itself on the Host.
3. Key Management Protocol (KMP) Amongst other things, this protocol is designed to protect against denial-of-service attacks.
3-1. Description The Key-Management Protocol encapsulates the assembly of a fragmented storage key and the destruction of a storage key once it is no longer needed.
We also assume some sort of PKI is in place to authenticate the various entities in the SAN.
3-2. Functions 3-2-1. Key Assembly 1. We assume the host has gone through the authentication process.
2. SSA verifies that the Host does not have a key that has already been checked out.
7 3. A key exchange protocol is performed (like DH) between the SSA and Host to produce a symmetric session communication key.
4. The SSA assembles the storage key (using Shamir's secret sharing scheme outlined earlier) and encrypts it using the previously established communication key. The storage key is then sent to the Host.
5. The Host decrypts (using the communication key) the storage key and acknowledges successful receipt to the SSA.
6. If SSA does not receive acknowledgement (after some timeout value) it resends until it does.
7. The SSA destroys its copy of the assembled storage key.
8. The SSA records that the Host has checked out the key 3-2-2. Key Destruction 1. Host transmits to SSA that storage key has been destroyed 2. SSA transmits acknowledgement 3. If Host does not receive acknowledgement go to step 1 4. SSA checks the key in for the Host 4. SAN Security Appliance (SSA) 4-1. Description The SSA functions as a security gateway. It fulfills the requirements outlined earlier. It is connected to the Host through a secured channel/link (e.g.
IPSec) and is connected to the SAN using a dedicated and secure channel/link. It is the single point of management for the security of the SAN. Multiple appliances can be clustered together for scalability, fault tolerance and separation of security tasks.
This is the relationship between the SSA and the various components of the architecture:
Host Storage Encryption Driver (HSED): The SSA distributes and sets this up.
II. SSA Security Manager (SAM): This is the SSA's primary interface and management tool.
III. Key-Distribution Protocol (KDP): The SSA uses this to create and distribute a storage key for a host IV. Key Management Protocol (KMP): The SSA uses this to assemble the storage key and then distribute it to the host. It is also used by the SSA to ensure the destruction of the storage key once it is no longer being used by the host.
These are the duties an SSA performs for its SAN:

1. Authentication of Hosts 2. Creation and initialization of Host accounts through SAM
3. Initialization and distribution of necessary Host software through KDP.
4. Key distribution and management through KDP and KMP
5. Security management of the entire SAN through SAM.
4-2. Functions 4-2-1. Authentication of Host 1. The Host contacts the SSA
2. The SSA proves its identity through certificate 3. The Host verifies the SSA identity.
4. The Host authenticates (using any preferred method like RADIUS, Kerberos, etc..) itself through logon, password and certificate 5. The SSA determines the Host access rights and what storage keys (if any) it is allowed access to by consulting the SAM.
6. If the Host needs a new storage key the KDP is executed 7. If the Host has access rights to any particular storage key, it requests that storage key.
8. The SSA instructs the Host's HSED software to perform its Self-Validation (see section 1-2-1 ) function. If the HSED is declared valid we progress to step 9.
9. The KMP is performed.
4-2-2. Initialization of Host Initialization of Host involves setting up an account with logon, password and certificate. This would be done through the administrative functions of the SAM.
4-2-3. Distribution of Host Software See section 2-2-2.
4-2-4. General Security Management Tasks These are accomplished through the SAM (see section 5).

5. SAN Security Appliance Manager (SAM) Description This is the administrative interface to the SSA. It implements the administrative functions and provides access to all the security services than the SAN
offers.
The administrator uses this tool to set up accounts, policies, tolerances, logging, connections, etc... The SAM also manages and stores any tables or stored values used in the SSA's operation. The nature of how the SAM will be implemented is tied to specific SAN implementations.
10

Claims
CA002358980A 2001-10-12 2001-10-12 Distributed security architecture for storage area networks (san) Abandoned CA2358980A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CA002358980A CA2358980A1 (en) 2001-10-12 2001-10-12 Distributed security architecture for storage area networks (san)
PCT/CA2002/001518 WO2003032133A2 (en) 2001-10-12 2002-10-11 Distributed security architecture for storage area networks (san)
AU2002328750A AU2002328750A1 (en) 2001-10-12 2002-10-11 Distributed security architecture for storage area networks (san)
US10/269,934 US20030084290A1 (en) 2001-10-12 2002-10-11 Distributed security architecture for storage area networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA002358980A CA2358980A1 (en) 2001-10-12 2001-10-12 Distributed security architecture for storage area networks (san)

Publications (1)

Publication Number Publication Date
CA2358980A1 true CA2358980A1 (en) 2003-04-12

Family

ID=4170251

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002358980A Abandoned CA2358980A1 (en) 2001-10-12 2001-10-12 Distributed security architecture for storage area networks (san)

Country Status (4)

Country Link
US (1) US20030084290A1 (en)
AU (1) AU2002328750A1 (en)
CA (1) CA2358980A1 (en)
WO (1) WO2003032133A2 (en)

Families Citing this family (79)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7391865B2 (en) * 1999-09-20 2008-06-24 Security First Corporation Secure data parser method and system
US7773754B2 (en) * 2002-07-08 2010-08-10 Broadcom Corporation Key management system and method
WO2004064350A2 (en) * 2003-01-13 2004-07-29 Cloverleaf Communication Co. System and method for secure network data storage
JP4123365B2 (en) * 2003-04-03 2008-07-23 ソニー株式会社 Server apparatus and digital data backup and restoration method
US20050108518A1 (en) * 2003-06-10 2005-05-19 Pandya Ashish A. Runtime adaptable security processor
DE10326462A1 (en) * 2003-06-12 2005-01-05 Deutsche Telekom Ag Providing subkeys of an event encrypted by visual cryptography
US20060149962A1 (en) * 2003-07-11 2006-07-06 Ingrian Networks, Inc. Network attached encryption
EP1650671B1 (en) * 2003-07-28 2016-05-11 Sony Corporation Information processing device and method, recording medium, and program
US7562230B2 (en) * 2003-10-14 2009-07-14 Intel Corporation Data security
EP2881872A3 (en) * 2003-12-22 2015-07-15 IDPA Holdings, Inc. Storage service
JP3976324B2 (en) 2004-02-27 2007-09-19 株式会社日立製作所 A system that allocates storage areas to computers according to security levels
US7711965B2 (en) * 2004-10-20 2010-05-04 Intel Corporation Data security
CA2584525C (en) * 2004-10-25 2012-09-25 Rick L. Orsini Secure data parser method and system
US20060112267A1 (en) * 2004-11-23 2006-05-25 Zimmer Vincent J Trusted platform storage controller
US7899189B2 (en) * 2004-12-09 2011-03-01 International Business Machines Corporation Apparatus, system, and method for transparent end-to-end security of storage data in a client-server environment
US9384149B2 (en) * 2005-01-31 2016-07-05 Unisys Corporation Block-level data storage security system
US20060218413A1 (en) * 2005-03-22 2006-09-28 International Business Machines Corporation Method of introducing physical device security for digitally encoded data
CA2629015A1 (en) 2005-11-18 2008-05-08 Rick L. Orsini Secure data parser method and system
US7945816B1 (en) 2005-11-30 2011-05-17 At&T Intellectual Property Ii, L.P. Comprehensive end-to-end storage area network (SAN) application transport service
US7769176B2 (en) * 2006-06-30 2010-08-03 Verint Americas Inc. Systems and methods for a secure recording environment
US7882354B2 (en) 2006-09-07 2011-02-01 International Business Machines Corporation Use of device driver to function as a proxy between an encryption capable tape drive and a key manager
US8661263B2 (en) * 2006-09-29 2014-02-25 Protegrity Corporation Meta-complete data storage
US7860246B2 (en) 2006-11-01 2010-12-28 International Business Machines Corporation System and method for protecting data in a secure system
EP2100404B1 (en) * 2006-11-07 2016-01-27 Security First Corp. Systems and methods for distributing and securing data
US8984280B2 (en) * 2007-02-16 2015-03-17 Tibco Software Inc. Systems and methods for automating certification authority practices
CA2686498C (en) * 2007-05-07 2016-01-26 Archivas, Inc. Method for data privacy in a fixed content distributed data storage
US8656167B2 (en) * 2008-02-22 2014-02-18 Security First Corp. Systems and methods for secure workgroup management and communication
US8989388B2 (en) 2008-04-02 2015-03-24 Cisco Technology, Inc. Distribution of storage area network encryption keys across data centers
US20100162032A1 (en) * 2008-12-23 2010-06-24 David Dodgson Storage availability using cryptographic splitting
US20100161981A1 (en) * 2008-12-23 2010-06-24 David Dodgson Storage communities of interest using cryptographic splitting
US20100153740A1 (en) * 2008-12-17 2010-06-17 David Dodgson Data recovery using error strip identifiers
EP2359297A2 (en) * 2008-11-17 2011-08-24 Unisys Corporation Storage security using cryptographic splitting
US20100162001A1 (en) * 2008-12-23 2010-06-24 David Dodgson Secure network attached storage device using cryptographic settings
US20100150341A1 (en) * 2008-12-17 2010-06-17 David Dodgson Storage security using cryptographic splitting
US20100125730A1 (en) * 2008-11-17 2010-05-20 David Dodgson Block-level data storage security system
US8151333B2 (en) 2008-11-24 2012-04-03 Microsoft Corporation Distributed single sign on technologies including privacy protection and proactive updating
CN106411909A (en) 2009-11-25 2017-02-15 安全第公司 Systems and methods for securing data in motion
US8250380B2 (en) * 2009-12-17 2012-08-21 Hitachi Global Storage Technologies Netherlands B.V. Implementing secure erase for solid state drives
US8555342B1 (en) * 2009-12-23 2013-10-08 Emc Corporation Providing secure access to a set of credentials within a data security mechanism of a data storage system
KR20110103747A (en) * 2010-03-15 2011-09-21 삼성전자주식회사 Storing device having security function and method of securing the storing device
JP5663083B2 (en) 2010-03-31 2015-02-04 セキュリティー ファースト コープ. System and method for securing data in motion
CA2800809A1 (en) 2010-05-28 2011-12-01 Lawrence A. Laurich Accelerator system for use with secure data storage
CA2812986C (en) 2010-09-20 2015-12-08 Security First Corp. Systems and methods for secure data sharing
US20120069995A1 (en) * 2010-09-22 2012-03-22 Seagate Technology Llc Controller chip with zeroizable root key
US9069940B2 (en) * 2010-09-23 2015-06-30 Seagate Technology Llc Secure host authentication using symmetric key cryptography
US8683286B2 (en) * 2011-11-01 2014-03-25 Cleversafe, Inc. Storing data in a dispersed storage network
US8719594B2 (en) * 2012-02-15 2014-05-06 Unisys Corporation Storage availability using cryptographic splitting
US10075471B2 (en) 2012-06-07 2018-09-11 Amazon Technologies, Inc. Data loss prevention techniques
US9590959B2 (en) 2013-02-12 2017-03-07 Amazon Technologies, Inc. Data security service
US10084818B1 (en) 2012-06-07 2018-09-25 Amazon Technologies, Inc. Flexibly configurable data modification services
US9286491B2 (en) 2012-06-07 2016-03-15 Amazon Technologies, Inc. Virtual service provider zones
US10623386B1 (en) * 2012-09-26 2020-04-14 Pure Storage, Inc. Secret sharing data protection in a storage system
US8745415B2 (en) * 2012-09-26 2014-06-03 Pure Storage, Inc. Multi-drive cooperation to generate an encryption key
US11032259B1 (en) 2012-09-26 2021-06-08 Pure Storage, Inc. Data protection in a storage system
US10210341B2 (en) 2013-02-12 2019-02-19 Amazon Technologies, Inc. Delayed data access
US9367697B1 (en) 2013-02-12 2016-06-14 Amazon Technologies, Inc. Data security with a security module
US10211977B1 (en) 2013-02-12 2019-02-19 Amazon Technologies, Inc. Secure management of information using a security module
US9608813B1 (en) 2013-06-13 2017-03-28 Amazon Technologies, Inc. Key rotation techniques
US9705674B2 (en) 2013-02-12 2017-07-11 Amazon Technologies, Inc. Federated key management
US9300464B1 (en) 2013-02-12 2016-03-29 Amazon Technologies, Inc. Probabilistic key rotation
US10467422B1 (en) 2013-02-12 2019-11-05 Amazon Technologies, Inc. Automatic key rotation
CA2900504A1 (en) 2013-02-13 2014-08-21 Security First Corp. Systems and methods for a cryptographic file system layer
US10263770B2 (en) * 2013-11-06 2019-04-16 Pure Storage, Inc. Data protection in a storage system using external secrets
US11128448B1 (en) * 2013-11-06 2021-09-21 Pure Storage, Inc. Quorum-aware secret sharing
US9516016B2 (en) 2013-11-11 2016-12-06 Pure Storage, Inc. Storage array password management
SG10201803986RA (en) * 2013-12-02 2018-06-28 Mastercard International Inc Method and system for secure transmission of remote notification service messages to mobile devices without secure elements
US9397835B1 (en) 2014-05-21 2016-07-19 Amazon Technologies, Inc. Web of trust management in a distributed system
US9767692B1 (en) * 2014-06-25 2017-09-19 Louvena Vaudreuil Vehicle and environmental data acquisition and conditioned response system
US9438421B1 (en) 2014-06-27 2016-09-06 Amazon Technologies, Inc. Supporting a fixed transaction rate with a variably-backed logical cryptographic key
US9866392B1 (en) 2014-09-15 2018-01-09 Amazon Technologies, Inc. Distributed system web of trust provisioning
US10275767B2 (en) 2014-10-21 2019-04-30 Mastercard International Incorporated Method and system for generating cryptograms for validation in a webservice environment
WO2016081942A2 (en) 2014-11-21 2016-05-26 Security First Corp. Gateway for cloud-based secure storage
US9413735B1 (en) * 2015-01-20 2016-08-09 Ca, Inc. Managing distribution and retrieval of security key fragments among proxy storage devices
US10110572B2 (en) * 2015-01-21 2018-10-23 Oracle International Corporation Tape drive encryption in the data path
US10104522B2 (en) * 2015-07-02 2018-10-16 Gn Hearing A/S Hearing device and method of hearing device communication
CN106712943A (en) * 2017-01-20 2017-05-24 郑州云海信息技术有限公司 Secure storage system
US10572683B2 (en) 2018-05-13 2020-02-25 Richard Jay Langley Individual data unit and methods and systems for enhancing the security of user data
CN110830242A (en) * 2019-10-16 2020-02-21 聚好看科技股份有限公司 Key generation and management method and server
CN117032908B (en) * 2023-10-10 2023-12-08 中国船舶集团有限公司第七〇七研究所 Integrated computing device deployment operation method and system based on redundancy architecture

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4980913A (en) * 1988-04-19 1990-12-25 Vindicator Corporation Security system network
US6405315B1 (en) * 1997-09-11 2002-06-11 International Business Machines Corporation Decentralized remotely encrypted file system
US5931947A (en) * 1997-09-11 1999-08-03 International Business Machines Corporation Secure array of remotely encrypted storage devices
US5991414A (en) * 1997-09-12 1999-11-23 International Business Machines Corporation Method and apparatus for the secure distributed storage and retrieval of information
US6289450B1 (en) * 1999-05-28 2001-09-11 Authentica, Inc. Information security architecture for encrypting documents for remote access while maintaining access control

Also Published As

Publication number Publication date
US20030084290A1 (en) 2003-05-01
WO2003032133A2 (en) 2003-04-17
AU2002328750A1 (en) 2003-04-22
WO2003032133A3 (en) 2003-09-04

Similar Documents

Publication Publication Date Title
CA2358980A1 (en) Distributed security architecture for storage area networks (san)
US6754678B2 (en) Securely and autonomously synchronizing data in a distributed computing environment
US8306228B2 (en) Universal secure messaging for cryptographic modules
Haller et al. On internet authentication
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
US20130227286A1 (en) Dynamic Identity Verification and Authentication, Dynamic Distributed Key Infrastructures, Dynamic Distributed Key Systems and Method for Identity Management, Authentication Servers, Data Security and Preventing Man-in-the-Middle Attacks, Side Channel Attacks, Botnet Attacks, and Credit Card and Financial Transaction Fraud, Mitigating Biometric False Positives and False Negatives, and Controlling Life of Accessible Data in the Cloud
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
US20070028090A1 (en) Method and system for providing strong security in insecure networks
JP2014529238A (en) System and method for providing secure multicast intra-cluster communication
US20030217148A1 (en) Method and apparatus for LAN authentication on switch
US20020073322A1 (en) Countermeasure against denial-of-service attack on authentication protocols using public key encryption
JP2001511982A (en) Method for executing confidential remote instructions
US8196182B2 (en) Distributed management of crypto module white lists
EP1374474A2 (en) Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
US11595203B2 (en) Systems and methods for encrypted content management
WO2008039582A2 (en) System and method for securing software applications
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
WO2005088892A1 (en) A method of virtual challenge response authentication
WO2002054644A1 (en) Security breach management
Chattaraj et al. HEAP: an efficient and fault-tolerant authentication and key exchange protocol for Hadoop-assisted big data platform
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
US8788825B1 (en) Method and apparatus for key management for various device-server configurations
Faisal et al. Graphene: a secure cloud communication architecture
CN110519223B (en) Anti-quantum computing data isolation method and system based on asymmetric key pair
JPH09130376A (en) User password authentication method

Legal Events

Date Code Title Description
FZDE Discontinued
FZDE Discontinued

Effective date: 20040722