US20060095553A1 - Storage system - Google Patents
Storage system Download PDFInfo
- Publication number
- US20060095553A1 US20060095553A1 US11/007,093 US709304A US2006095553A1 US 20060095553 A1 US20060095553 A1 US 20060095553A1 US 709304 A US709304 A US 709304A US 2006095553 A1 US2006095553 A1 US 2006095553A1
- Authority
- US
- United States
- Prior art keywords
- time
- time information
- clock
- servers
- worm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000004321 preservation Methods 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 148
- 238000010586 diagram Methods 0.000 description 20
- 238000000034 method Methods 0.000 description 5
- 238000006243 chemical reaction Methods 0.000 description 4
- 230000003111 delayed effect Effects 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
- G06F21/725—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits operating on a secure reference time value
Definitions
- This invention relates to a storage system, in particular, management of data whose preservation period is determined.
- a computer system comprising plural devices such as computers
- it is required to establish synchronization of a time held by each device constituting the system.
- the time is used to create logs to be obtained in the computer system.
- various situations such as an influence exerted by an operation of a certain device on another device, are grasped.
- an NTP (Network Time Protocol) server is used.
- one of the devices in the computer system is set as the NTP server and transmits time information to each of the other devices, thereby allowing every device in the computer system to obtain the same time.
- data stored in a storage system there is data whose preservation for a certain period of time is obligated.
- data is, for instance, audit target data in a specific category of business.
- the WORM is a property possessed by write-once optical disks and the like (CD-Rs, for instance). Therefore, by storing data on such write-once media, the WORM attribute is realized with ease.
- JP 07-13705 A a method is disclosed with which overwriting of data on a disk is prevented by providing a writing prohibition flag or the like on the disk.
- WORM guarantee term a term for the WORM attribute.
- the WORM attribute can be reset when the set term expires.
- the WORM attribute is maintained by the property of the media
- the WORM attribute may be changed before the designated period of time expires.
- time synchronization can not be established in a computer system that the users use.
- This invention provides a storage system coupled to at least one of time servers through a network, including: a first time information holding unit that holds first time information to be used to manage an update prohibition attribute of data; a second time information holding unit that holds second time information to be used to establish time synchronization with a device coupled to the network; and a time update unit that manages the first time information and the second time information, in which the time update unit receives third time information from the at least one of the time servers and judges whether the third time information satisfies a predetermined condition, and updates the first time information based on the third time information when the third time information satisfies the predetermined condition.
- FIG. 1 is a block diagram showing a configuration of a computer system according to a first embodiment of this invention.
- FIG. 2 is a block diagram showing a configuration of a storage system according to the first embodiment of this invention.
- FIG. 3 is an explanatory diagram of a memory according to the first embodiment of this invention.
- FIG. 4 is an explanatory diagram of WORM management clock management information according to the first embodiment of this invention.
- FIG. 5 is an explanatory diagram of time update at check times according to the first embodiment of this invention.
- FIG. 6 is a flowchart of processing executed at the time of update of a WORM management clock and a site clock according to the first embodiment of this invention.
- FIG. 7 is a block diagram showing a configuration of a computer system according to a second embodiment of this invention.
- FIG. 8 is an explanatory diagram of a memory according to the second embodiment of this invention.
- FIG. 9 is an explanatory diagram of WORM management clock management information according to the second embodiment of this invention.
- FIG. 10 is an explanatory diagram of time update according to the second embodiment of this invention.
- FIG. 11 is a flowchart of processing executed at the time of update of a WORM management clock according to the second embodiment of this invention.
- FIG. 12 is an explanatory diagram of a management screen according to the second embodiment of this invention.
- FIG. 1 is a block diagram showing a configuration of a computer system according to a first embodiment of this invention.
- Each host 2 is a computer that is connected to each storage system 4 through a storage area network (SAN) 3 .
- the host 2 accesses data stored in the storage system 4 using a block I/O interface or a file I/O interface.
- the host 2 is connected to the storage system 4 through an IP network 1 .
- the host 2 may access the data stored in the storage system 4 through the IP network 1 .
- WORM Write Once Read Many
- a term (WORM guarantee term) can be set in which the WORM attribute should be maintained.
- An in-site NTP server 5 is a computer that is connected to the host 2 , the storage system 4 , and a management host 6 through the IP network 1 .
- the in-site NTP server 5 functions as a time server that transmits time information to each of the devices connected to the IP network 1 using an NTP.
- Each of the devices connected to the IP network 1 synchronizes the time of its internal clock to the time information received from the in-site NTP server 5 .
- the management host 6 is a computer comprising an input/output device (not shown).
- the management host 6 is connected to the host 2 , the storage system 4 , and the in-site NTP server 5 through the IP network 1 and manages those devices.
- FIG. 2 is a block diagram showing a configuration of the storage system 4 according to the first embodiment of this invention.
- the storage system 4 comprises disk drives 111 to 113 and a controller 101 .
- the controller 101 manages the data stored in the disk drives 111 to 113 .
- the controller 101 comprises a host input/output control unit 121 , a data transfer control unit 122 , a cache memory 123 , a disk input/output control unit 124 , a CPU 125 , a management I/F 126 , a memory 127 , a WORM management clock 128 , a site clock 129 , and an internal bus 130 .
- the host input/output control unit 121 is an interface that communicates with the host 2 through the SAN 3 . For instance, the host input/output control unit 121 exchanges data and a control signal with the host 2 and the like using a fibre-channel protocol or an iSCSI protocol. In addition, the host input/output control unit 121 performs conversion of protocols used outside and inside the storage system 4 .
- the cache memory 123 is, for instance, a semiconductor memory and temporarily stores data to be exchanged between the host input/output control unit 121 and the disk input/output control unit 122 .
- the data transfer control unit 122 controls data transfer between the CPU 125 , the host input/output control unit 121 , the disk input/output control unit 124 , and the cache memory 123 . In addition, for data guarantee, the data transfer control unit 122 adds a guarantee code to data to be transferred.
- the disk input/output control unit 124 is an interface with respect to the disk drives 111 to 113 .
- the disk input/output control unit 124 exchanges data and a control signal with the disk drive 111 and the like using an interface of ATA, SAS (Serial Attached SCSI), fibre channel, or the like.
- the disk input/output control unit 124 performs conversion of protocols used outside and inside the controller 101 .
- the data transfer control unit 122 transfers data to be read/written from/into the disk drive 111 or the like by the host 2 between the host input/output control unit 121 and the disk input/output control unit 124 .
- the data transfer control unit 122 transfers the data to the cache memory 123 .
- the management interface (I/F) 126 is an interface with respect to the IP network 1 .
- the management I/F 126 exchanges data and a control signal with the management host 6 and the like using a TCP/IP protocol.
- a control program is stored in the memory 127 .
- the CPU 125 reads the control program from the memory 127 and executes it, thereby realizing various kinds of processing.
- management information to be used at the time of execution of the control program is stored in the memory 127 .
- the WORM management clock 128 is used to manage the WORM attribute given to the data stored in the storage system 4 . More specifically, the WORM management clock 128 is referred to at the time when judging whether the WORM guarantee term has expired.
- the site clock 129 manages a time (in-site time) used to establish synchronization of the respective devices in the computer system.
- the WORM management clock 128 and the site clock 129 are mutually independent clocks.
- this invention is not limited to such mutually independent clocks and it is sufficient that these clocks each hold time information.
- the WORM management clock 128 may be a clock and the site clock 129 may be a storage area on the cache memory 123 in which information showing a difference between a time indicated by the WORM management clock 128 and the in-site time is stored.
- the time indicated by the site clock 129 is a value obtained by adding the difference stored in the storage area to the time indicated by the WORM management clock 128 .
- the site clock 129 may be a clock and the WORM management clock 128 may be a storage area on the cache memory 123 .
- the internal bus 130 connects the units, such as the CPU 125 , in the controller 101 to each other in a communicable manner.
- the disk drives 111 to 113 constitute a disk array.
- the disk drives 111 to 113 constitute a disk array.
- only three disk drives are provided, although it is possible to provide the storage system 4 with an arbitrary number of disk drives.
- FIG. 3 is an explanatory diagram of the memory 127 according to the first embodiment of this invention.
- the control program and the management information are stored. Various kinds of processing are realized through execution of the control program by the CPU 125 . More specifically, in the memory 127 , an operating system 201 , a disk array control program 202 , a data transfer control program 203 , an NTP client program 204 , an input/output control unit driver program 205 , a site clock management program 206 , a WORM management clock management program 211 , a time update program 212 , and WORM management clock management information 213 are stored.
- the operating system 201 is a basic program that causes each control program to operate.
- the disk array control program 202 controls input/output of data into/from the disk drive 111 or the like according to a data input/output request from the host 2 or the like. More specifically, the disk array control program 202 performs control of the disk array such as RAID conversion or logical-physical address conversion.
- the data transfer control program 203 performs data transfer by controlling the data transfer control unit 122 .
- the NTP client program 204 interprets data issued from the in-site NTP server 5 using the NTP, thereby obtaining time information.
- the obtained time information is used to update the WORM management clock 128 and the site clock 129 .
- the input/output control unit driver program 205 controls the host input/output control unit 121 and the disk input/output control unit 124 .
- the site clock management program 206 updates the site clock 129 according to an instruction from the time update program 212 or an instruction from an administrator.
- the WORM management clock management program 211 judges whether the requested update should be permitted or prohibited by referring to the WORM management clock management information 213 . Following this, when it is judged that the update should be permitted, the WORM management clock management program 211 updates the WORM management clock 128 .
- the time update program 212 updates the site clock 129 and the WORM management clock 128 by controlling the NTP client program 204 , the site clock management program 206 , and the WORM management clock management program 211 with reference to the WORM management clock management information 213 .
- An operation of the time update program 212 will be described in detail later with reference to FIG. 6 .
- FIG. 4 is an explanatory diagram of the WORM management clock management information 213 according to the first embodiment of this invention.
- the WORM management clock management information 213 contains various items named “check interval” 221 showing intervals at which the WORM management clock is updated, “allowable correction degree” 222 showing an allowable correction degree at the time of the update, “time of the last update” 223 showing a time at which the last update was made, “correction at the time of the last update” 224 showing a correction degree at the time of the last update, “time of the update before last” 225 showing a time at which the update before last was made, and “correction at the time of the update before last” 226 showing a correction degree at the time of the update before last.
- the WORM management clock management information 213 may contain an update time and a correction degree of an update further preceding the update before last.
- the check interval 211 is fixed (at 10 minutes) and the WORM management clock 128 is updated at regular intervals, although the WORM management clock 128 may be updated at random intervals.
- the random update intervals robustness against time tampering by a malicious administrator is improved.
- the allowable correction degree 222 is set in a range of from ⁇ 2 seconds to +0 second per 10 minutes. In other words, it is prohibited that the time is delayed by more than 2 seconds per 10 minutes. Also, regardless of the correction degree, it is prohibited that the time is advanced.
- the correction degree is a degree by which the time is advanced (or delayed) at the time of update. For instance, when the time is advanced by 1 second, the correction degree is +1 second. Also, when the time is delayed by 2 seconds, the correction degree is ⁇ 2 seconds.
- the allowable correction degree 222 is an allowable range of correction.
- the allowable correction degree in the direction, in which the time is delayed, is determined in accordance with the accuracy of the embedded clocks.
- FIG. 5 is an explanatory diagram of time update at check times according to the first embodiment of this invention.
- a standard time 401 is the actual time (for instance, Japanese Standard Time).
- a time of the in-site NTP server 402 is a time held by the in-site NTP server 5 .
- the time of the in-site NTP server 402 is transmitted to each of the devices in the computer system using the NTP.
- the in-site NTP server 5 can not directly obtain the standard time 401 . Therefore, the time of the in-site NTP server 402 may deviate from the standard time 401 .
- a time of the site clock 403 is a time held by the site clock 129 .
- a time of the WORM management clock 404 is a time held by the WORM management clock 128 .
- a check time 1 is reached (in other words, the time of the site clock becomes “12:00:00”).
- the standard time 401 the time of the in-site NTP server 402 , the time of the site clock 403 , and the time of the WORM management clock 404 all indicate “12:00:00”. Therefore, it is not required to perform correction on each of the clocks.
- a check time 2 is reached (in other words, the time of the site clock becomes “12:10:00”).
- the standard time 401 and the time of the in-site NTP server 402 both indicate “12:09:59”.
- the time of the site clock 403 and the time of the WORM management clock 404 are each “12:10:00” and are 1 second earlier than the time of the in-site NTP server 402 .
- the time “12:09:59” is transmitted from the in-site NTP server 5 .
- the time of the site clock 403 is unconditionally updated to the time as “12:09:59”.
- the time of the WORM management clock 404 also receives the time “12:09:59” in a like manner and it is found that the correction degree is ⁇ 1 second.
- the allowable correction degree 222 in the WORM management clock management information 213 is set in a range of from ⁇ 2 seconds to +0 second.
- the correction degree “ ⁇ 1 second” is within the range of the allowable correction degree 222 , so this time correction is regarded as not time tampering but correction of a time deviation occurred due to a hardware reason.
- the time correction is permitted and the time of the WORM management clock 404 is updated to “12:09:59”.
- a check time 3 is reached (in other words, the time of the site clock becomes “12:10:00”).
- the time of the in-site NTP server 402 indicates “12:20:03”.
- the time of the site clock 403 and the time of the WORM management clock 404 both indicate “12:20:00”.
- the standard time 401 is “12:20:00”.
- the time of the site clock 403 is unconditionally synchronized to the time of the in-site NTP server 402 and is updated to “12:20:03”.
- the time of the WORM management clock 404 also receives the time “12:20:03” from the in-site NTP server 5 .
- the correction degree is +3 seconds, which is outside the range of the allowable correction degree 222 . Therefore, this update is regarded as improper update and the time correction is not permitted.
- the standard time 401 is “12:20:00”. In other words, the time of the in-site NTP server 402 is 3 seconds earlier than the standard time 401 . If the time of the WORM management clock 404 is corrected so as to coincide with the time of the in-site NTP server 402 , the time of the WORM management clock 404 becomes 3 seconds earlier than the standard time 401 . In this case, the end of the WORM guarantee term is reached 3 seconds earlier with respect to the actual time (in other words, the standard time 401 ). Accordingly, there arises a danger that data, whose WORM guarantee term has not yet expired in actuality, may be tampered.
- FIG. 6 is a flowchart of processing executed at the time of update of the WORM management clock 128 and the site clock 129 according to the first embodiment of this invention.
- the flowchart shown in FIG. 6 is executed by the time update program 212 .
- the NTP client program 204 , the site clock management program 206 , and the WORM management clock management program 211 each operate as a subroutine of the time update program 212 .
- a step 501 the update processing is started. Then, in a step 502 , the site clock management program 206 judges whether the current time has reached a check time.
- the site clock management program 206 may refer to the time indicated by the site clock 129 as the current time or may refer to the time indicated by the WORM management clock 128 as the current time.
- the time indicated by the site clock 129 is referred to as the current time.
- intervals between check times are set with reference to the check interval 221 in the WORM management clock management information 213 .
- the check intervals for update of the site clock 129 and the check intervals for update of the WORM management clock 128 may be different from each other.
- the check intervals for the update of the WORM management clock 128 may be set as irregular intervals. For instance, by updating the time of the WORM management clock 128 at random intervals, robustness against time tampering is improved.
- the processing returns to the step 502 and it is judged again whether a check time is reached.
- step 502 when it is judged in the step 502 that the current time has reached a check time, the processing proceeds to a step 503 in which the NTP client program 204 obtains time information at that point in time from the in-site NTP server 5 .
- the site clock management program 206 unconditionally reflects the time obtained in the step 503 in the site clock 129 . More specifically, the site clock management program 206 corrects the time of the site clock 129 so as to coincide with the time obtained in the step 503 .
- the WORM management clock management program 211 computes a difference between the time obtained in the step 503 and the time of the WORM management clock 128 at that point in time and judges whether the computed difference is within the range of the allowable correction degree 222 in the WORM management clock management information 213 .
- the WORM management clock management program 211 updates the WORM management clock 128 to the time obtained from the in-site NTP server 5 . Then, in a step 507 , the processing is ended.
- the processing is ended without updating the WORM management clock 128 .
- FIG. 7 is a block diagram showing a configuration of a computer system according to a second embodiment of this invention.
- the configuration of the computer system according to the second embodiment is the same as the configuration of the computer system according to the first embodiment shown in FIG. 1 except that the Internet 601 is connected to an IP network 1 and one or more authentication function-equipped NTP servers 602 are connected to the Internet 601 .
- Devices connected to the IP network 1 are capable of communicating with the authentication function-equipped NTP servers 602 through the IP network 1 and the Internet 601 .
- storage systems 4 communicate with the authentication function-equipped NTP servers 602 and obtain time information therefrom.
- the authentication function-equipped NTP servers 602 will be described later with reference to FIG. 10 .
- IP network 1 hosts 2 , a SAN 3 , an in-site NTP server 5 , and a management host 6 are completely the same as those shown in FIG. 1 and therefore the detailed description thereof will be omitted.
- a configuration of each storage system 4 is the same as the configuration of the storage system 4 according to the first embodiment shown in FIG. 2 .
- programs and management information stored in a memory 127 are partially different from those according to the first embodiment.
- FIG. 8 is an explanatory diagram of the memory 127 according to the second embodiment of this invention.
- a configuration of the memory 127 according to the second embodiment is the same as the configuration of the memory 127 according to the first embodiment shown in FIG. 3 except that an external NTP server authentication program 701 for confirming the authentication of the authentication function-equipped NTP servers 602 from the storage system 4 is added.
- the contents of a time update program 702 and the contents of WORM management clock management information 703 are respectively different from the contents of the time update program 212 and the contents of the WORM management clock management information 213 according to the first embodiment.
- a WORM management clock management program 211 a site clock management program 206 , an NTP client program 204 , an input/output control unit driver program 205 , a disk array control program 202 , a data transfer control program 203 , and an operating system 201 are the same as those according to the first embodiment shown in FIG. 3 and therefore the detailed description thereof will be omitted.
- FIG. 9 is an explanatory diagram of the WORM management clock management information 703 according to the second embodiment of this invention.
- the WORM management clock management information 703 contains various items named “check interval” 711 , “authentication function-equipped NTP server IP address” 712 , and “authentication function-equipped NTP server public key” 713 .
- the check interval 711 shows the intervals of update of the WORM management clock 128 .
- the authentication function-equipped NTP server IP address 712 shows the IP address of the authentication function-equipped NTP server 602 connected to the Internet 601 .
- the authentication function-equipped NTP server public key 713 shows the public key set in the authentication function-equipped NTP server 602 .
- FIG. 9 shows a state where two authentication function-equipped NTP servers 602 (first authentication function-equipped NTP server 602 and second authentication function-equipped NTP server 602 ) are registered.
- more authentication function-equipped NTP servers 602 may be registered. By registering plural authentication function-equipped NTP servers 602 , when one authentication function-equipped NTP server 602 is stopped, another authentication function-equipped NTP server 602 can be used.
- An administrator can select reliable authentication function-equipped NTP servers 602 and register them in the WORM management clock management information 703 in advance. When doing so, it is possible to register an authentication function-equipped NTP server 602 having higher reliability in a higher place.
- the reliability of the first authentication function-equipped NTP server 602 is the highest and the reliability of the second authentication function-equipped NTP server 602 is the next highest.
- each of the authentication function-equipped NTP servers 602 is authenticated using its public key.
- the authentication function-equipped NTP server 602 may be authenticated using another method.
- the WORM management clock management information 703 information for authenticating the authentication function-equipped NTP server 602 is stored.
- the check interval 711 is fixed and each clock is updated at regular intervals, although the clock update may be performed at random intervals.
- the allowable correction degree 222 is stored in the WORM management clock management information 703 .
- FIG. 10 is an explanatory diagram of time update according to the second embodiment of this invention.
- the storage system 4 comprises a WORM management clock 128 and a site clock 129 .
- the WORM management clock 128 is updated only by the authentication function-equipped NTP server 602 connected through the Internet 601 .
- WORM management clock management information 703 information concerning the authentication function-equipped NTP server 602 is registered in advance.
- the storage system 4 judges whether the authentication function-equipped NTP server 602 is registered in the WORM management clock management information 703 . When a result of this judgment is positive, the WORM management clock 128 is updated in the manner shown in FIG. 11 .
- the site clock 129 it is more important that the clock 129 is synchronized with the clocks of other devices in the site than that the clock 129 is adjusted to the correct time given by the authentication function-equipped NTP server 602 . Consequently, the site clock 129 is updated with reference to a time given by the in-site NTP server 5 .
- every device or the in-site NTP server 5 in the computer system may obtain a time from the authentication function-equipped NTP server 602 , thereby having the site clock 129 indicate a time that is the same as the time of the WORM management clock 128 .
- the time in the computer system may be synchronized with the time of the WORM management clock 128 that holds the correct time obtained from the authentication function-equipped NTP server 602 .
- FIG. 11 is a flowchart of processing executed at the time of update of the WORM management clock 128 according to the second embodiment of this invention.
- processing executed by the storage system 4 is shown on the left side and processing executed by the authentication function-equipped NTP server 602 is shown on the right side.
- the processing shown in FIG. 11 on the left side with respect to the broken line is executed by the time update program 702 .
- the NTP client program 204 the WORM management clock management program 211 , and the external NTP server authentication program 701 each operate as a subroutine of the time update program 702 .
- a step 1001 the processing for updating the WORM management clock 129 is started. Then, in a step 1002 , the NTP client program 204 issues a time information transmission request to a target authentication function-equipped NTP server 602 among the authentication function-equipped NTP servers 602 registered in the WORM management clock management information 703 .
- the authentication function-equipped NTP server 602 that received the time information transmission request encrypts the current time and a specific character string using a secret key and transmits the encrypted current time and specific character string to the storage system 4 .
- the NTP server is authenticated using its public key, although another method may be used to confirm that the NTP server is a server registered in advance.
- the specific character string used here may be a character string transmitted from the storage system 4 or may be another character string determined in advance (character string or the like indicating the authentication function-equipped NTP server 602 , for instance).
- the storage system 4 receives a signal transmitted in the step 1003 from the target authentication function-equipped NTP server 602 .
- the external NTP server authentication program 701 decrypts the received signal using the public key of the target authentication function-equipped NTP server 602 .
- the public key of the target authentication function-equipped NTP server 602 is registered in the WORM management clock management information 703 in advance.
- the external NTP server authentication program 701 judges whether the specific character string has been decrypted with reference to a result of the decryption in the step 1004 .
- the processing proceeds to a step 1007 in which the external NTP server authentication program 701 judges whether an authentication function-equipped NTP server that can be selected as the next processing target is registered in the WORM management clock management information 703 . More specifically, for instance, the external NTP server authentication program 701 judges whether an authentication function-equipped NTP server 602 that is not yet processed exists in the WORM management clock management information 703 .
- step 1007 When it is judged in the step 1007 that every authentication function-equipped NTP server 602 registered has been processed, this means that there exists no authentication function-equipped NTP server that can be selected as the next processing target. Therefor, the processing proceeds to a step 1009 in which the processing for updating the WORM management clock 128 is ended.
- the processing proceeds to a step 1008 in which the external NTP server authentication program 701 sets the authentication function-equipped NTP server 602 as a new target authentication function-equipped NTP server 602 . Then, the processing returns to the step 1002 .
- the processing proceeds to a step 1006 in which the WORM management clock management program 211 updates the WORM management clock 128 to the time transmitted from the target authentication function-equipped NTP server 602 . Then, in the step 1009 , the processing for updating the WORM management clock 128 is ended.
- FIG. 12 is an explanatory diagram of a management screen according to the second embodiment of this invention.
- the management screen 1101 is a screen displayed on an input/output device (not shown) of the management host 6 .
- the administrator of the computer system according to this embodiment is capable of making settings concerning the update of the WORM management clock 128 by operating the management screen 1101 and inputting information thereinto.
- the management screen 1101 is composed of a check button 1102 , an update interval setting field 1103 , and usage NTP server setting fields 1104 and 1105 .
- the check button 1102 is used to make a setting as to whether the WORM management clock 128 is to be managed using the external authentication function-equipped NTP server 602 .
- FIG. 12 shows a state where the check button 1102 is set “ON”.
- the authentication function-equipped NTP server 602 is used to update the WORM management clock and the flowchart shown in FIG. 11 is executed.
- the update interval setting field 1103 is used to set intervals of update of the WORM management clock 128 .
- FIG. 12 shows a state where the intervals, at which the WORM management clock 128 is updated, are set to 10 minutes.
- the administrator is capable of setting arbitrary update intervals by operating the update interval setting field 1103 .
- the set update intervals are registered as the check interval 711 in the WORM management clock management information 703 .
- the usage NTP server setting fields 1104 and 1105 are used to register the authentication function-equipped NTP servers 602 that are to be used at the time of the update of the WORM management clock 128 .
- the IP addresses of the authentication function-equipped NTP servers 602 are inputted.
- the IP addresses inputted here are each registered as the authentication function-equipped NTP server IP address 712 in the WORM management clock management information 703 .
- the usage NTP server setting field 1104 corresponds to an NTP server first candidate and the usage NTP server setting field 1105 corresponds to an NTP server second candidate.
- the authentication function-equipped NTP servers 602 are processed in order, with the authentication function-equipped NTP server 602 registered as the NTP server first candidate (in other words, the authentication function-equipped NTP server in the highest place) being processed first. For instance, the authentication function-equipped NTP server 602 closer to the computer system on the Internet 601 is set as a candidate in a higher place.
- the IP address set in the usage NTP server setting field 1104 for the NTP server first candidate is registered as the first authentication function-equipped NTP server IP address 712 A and the IP address set in the usage NTP server setting field 1105 for the NTP server second candidate is registered as the second authentication function-equipped NTP server IP address 712 B.
- authentication function-equipped NTP servers 602 may be selected from among authentication function-equipped NTP servers 602 determined in advance.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
In a storage system that manages update prohibition (WORM) information, when time management is not performed with precision, there arises a possibility that an update prohibition (WORM) attribute may be erased before a preservation period expires. This invention provides a storage system coupled to at least one of time servers through a network, including: a first time information holding unit that holds first time information to be used to manage an update prohibition attribute of data; a second time information holding unit that holds second time information to be used to establish time synchronization with a device coupled to the network; and a time update unit that manages the first time information and the second time information, in which the time update unit receives third time information from the at least one of the time servers and judges whether the third time information satisfies a predetermined condition, and updates the first time information based on the third time information when the third time information satisfies the predetermined condition.
Description
- The present application claims priority from Japanese application P2004-298776 filed on Oct. 13, 2004, the content of which is hereby incorporated by reference into this application.
- This invention relates to a storage system, in particular, management of data whose preservation period is determined.
- In a computer system comprising plural devices such as computers, it is required to establish synchronization of a time held by each device constituting the system. For instance, the time is used to create logs to be obtained in the computer system. With the logs, various situations, such as an influence exerted by an operation of a certain device on another device, are grasped.
- In general, in order to establish time synchronization in the computer system, an NTP (Network Time Protocol) server is used. In other words, one of the devices in the computer system is set as the NTP server and transmits time information to each of the other devices, thereby allowing every device in the computer system to obtain the same time.
- Meanwhile, among data stored in a storage system, there is data whose preservation for a certain period of time is obligated. Such data is, for instance, audit target data in a specific category of business.
- There is a method with which a WORM (Write Once Read Many) attribute, in other words, an update prohibition attribute is given to such data at the time of storage, thereby proving that the data determined once is not erased or tampered and ensuring the correctness of the data.
- In general, the WORM is a property possessed by write-once optical disks and the like (CD-Rs, for instance). Therefore, by storing data on such write-once media, the WORM attribute is realized with ease.
- Aside from this, from the viewpoint of performance and the like, a method is also proposed with which the WORM is realized in a storage system comprising a magnetic disk.
- In JP 07-13705 A, a method is disclosed with which overwriting of data on a disk is prevented by providing a writing prohibition flag or the like on the disk.
- When a WORM attribute is virtually given to a medium, such as a magnetic disk, that does not originally possess a WORM attribute, it is possible to set a term (WORM guarantee term) for the WORM attribute. In this case, the WORM attribute can be reset when the set term expires.
- In the case of data whose preservation for a certain period of time is obligated, for instance, once the period of time ends, an area used to store the data can be used for another purpose. Therefore, it becomes possible to use the storage area with efficiency.
- On the other hand, as is different from the case of the write-once optical disks and the like where the WORM attribute is maintained by the property of the media, when a cyber attack is made by a person on a portion that manages the WORM attribute, in particular, a portion that manages a time relating to a designated period of time, the WORM attribute may be changed before the designated period of time expires.
- When the time of a clock that is referred to at the time of the management of the WORM attribute is intentionally or erroneously advanced, for instance, there arises a danger that data, whose WORM guarantee term has not yet expired in actuality, may be updated.
- In order to solve such a problem, it is possible to manage the time for the WORM management by completely hiding the time from users. In this case, however, time synchronization can not be established in a computer system that the users use.
- Also, in this case, an innocent administrator can not correct a time deviation occurred due to a hardware reason.
- This invention provides a storage system coupled to at least one of time servers through a network, including: a first time information holding unit that holds first time information to be used to manage an update prohibition attribute of data; a second time information holding unit that holds second time information to be used to establish time synchronization with a device coupled to the network; and a time update unit that manages the first time information and the second time information, in which the time update unit receives third time information from the at least one of the time servers and judges whether the third time information satisfies a predetermined condition, and updates the first time information based on the third time information when the third time information satisfies the predetermined condition.
- According to this invention, it becomes possible to realize a storage system that reliably protects data, whose WORM guarantee term has not yet expired.
-
FIG. 1 is a block diagram showing a configuration of a computer system according to a first embodiment of this invention. -
FIG. 2 is a block diagram showing a configuration of a storage system according to the first embodiment of this invention. -
FIG. 3 is an explanatory diagram of a memory according to the first embodiment of this invention. -
FIG. 4 is an explanatory diagram of WORM management clock management information according to the first embodiment of this invention. -
FIG. 5 is an explanatory diagram of time update at check times according to the first embodiment of this invention. -
FIG. 6 is a flowchart of processing executed at the time of update of a WORM management clock and a site clock according to the first embodiment of this invention. -
FIG. 7 is a block diagram showing a configuration of a computer system according to a second embodiment of this invention. -
FIG. 8 is an explanatory diagram of a memory according to the second embodiment of this invention. -
FIG. 9 is an explanatory diagram of WORM management clock management information according to the second embodiment of this invention. -
FIG. 10 is an explanatory diagram of time update according to the second embodiment of this invention. -
FIG. 11 is a flowchart of processing executed at the time of update of a WORM management clock according to the second embodiment of this invention. -
FIG. 12 is an explanatory diagram of a management screen according to the second embodiment of this invention. -
FIG. 1 is a block diagram showing a configuration of a computer system according to a first embodiment of this invention. - Each
host 2 is a computer that is connected to each storage system 4 through a storage area network (SAN) 3. Thehost 2 accesses data stored in the storage system 4 using a block I/O interface or a file I/O interface. - In addition, the
host 2 is connected to the storage system 4 through anIP network 1. Thehost 2 may access the data stored in the storage system 4 through theIP network 1. - In the storage system 4, data is stored. To the data stored in the storage system 4, a WORM (Write Once Read Many) attribute or an update prohibition attribute may be given. Further, a term (WORM guarantee term) can be set in which the WORM attribute should be maintained. When the WORM guarantee term is set for data, the
host 2 or the like can not update the data before the WORM guarantee term expires. - An in-site NTP server 5 is a computer that is connected to the
host 2, the storage system 4, and a management host 6 through theIP network 1. The in-site NTP server 5 functions as a time server that transmits time information to each of the devices connected to theIP network 1 using an NTP. Each of the devices connected to theIP network 1 synchronizes the time of its internal clock to the time information received from the in-site NTP server 5. - The management host 6 is a computer comprising an input/output device (not shown). The management host 6 is connected to the
host 2, the storage system 4, and the in-site NTP server 5 through theIP network 1 and manages those devices. -
FIG. 2 is a block diagram showing a configuration of the storage system 4 according to the first embodiment of this invention. - The storage system 4 comprises
disk drives 111 to 113 and acontroller 101. - In the
disk drives 111 to 113, data is stored. - The
controller 101 manages the data stored in thedisk drives 111 to 113. Thecontroller 101 comprises a host input/output control unit 121, a datatransfer control unit 122, acache memory 123, a disk input/output control unit 124, aCPU 125, a management I/F 126, amemory 127, aWORM management clock 128, asite clock 129, and aninternal bus 130. - The host input/
output control unit 121 is an interface that communicates with thehost 2 through theSAN 3. For instance, the host input/output control unit 121 exchanges data and a control signal with thehost 2 and the like using a fibre-channel protocol or an iSCSI protocol. In addition, the host input/output control unit 121 performs conversion of protocols used outside and inside the storage system 4. - The
cache memory 123 is, for instance, a semiconductor memory and temporarily stores data to be exchanged between the host input/output control unit 121 and the disk input/output control unit 122. - The data
transfer control unit 122 controls data transfer between theCPU 125, the host input/output control unit 121, the disk input/output control unit 124, and thecache memory 123. In addition, for data guarantee, the datatransfer control unit 122 adds a guarantee code to data to be transferred. - The disk input/
output control unit 124 is an interface with respect to the disk drives 111 to 113. For instance, the disk input/output control unit 124 exchanges data and a control signal with thedisk drive 111 and the like using an interface of ATA, SAS (Serial Attached SCSI), fibre channel, or the like. In addition, the disk input/output control unit 124 performs conversion of protocols used outside and inside thecontroller 101. - In other words, the data
transfer control unit 122 transfers data to be read/written from/into thedisk drive 111 or the like by thehost 2 between the host input/output control unit 121 and the disk input/output control unit 124. In addition, the datatransfer control unit 122 transfers the data to thecache memory 123. - The management interface (I/F) 126 is an interface with respect to the
IP network 1. The management I/F 126 exchanges data and a control signal with the management host 6 and the like using a TCP/IP protocol. - In the
memory 127, a control program is stored. TheCPU 125 reads the control program from thememory 127 and executes it, thereby realizing various kinds of processing. In addition, in thememory 127, management information to be used at the time of execution of the control program is stored. - The
WORM management clock 128 is used to manage the WORM attribute given to the data stored in the storage system 4. More specifically, theWORM management clock 128 is referred to at the time when judging whether the WORM guarantee term has expired. - The
site clock 129 manages a time (in-site time) used to establish synchronization of the respective devices in the computer system. - In this embodiment, the
WORM management clock 128 and thesite clock 129 are mutually independent clocks. However, this invention is not limited to such mutually independent clocks and it is sufficient that these clocks each hold time information. - For instance, the
WORM management clock 128 may be a clock and thesite clock 129 may be a storage area on thecache memory 123 in which information showing a difference between a time indicated by theWORM management clock 128 and the in-site time is stored. In this case, the time indicated by thesite clock 129 is a value obtained by adding the difference stored in the storage area to the time indicated by theWORM management clock 128. - Alternatively, the
site clock 129 may be a clock and theWORM management clock 128 may be a storage area on thecache memory 123. - The
internal bus 130 connects the units, such as theCPU 125, in thecontroller 101 to each other in a communicable manner. - The disk drives 111 to 113 constitute a disk array. In the example shown in
FIG. 2 , only three disk drives are provided, although it is possible to provide the storage system 4 with an arbitrary number of disk drives. -
FIG. 3 is an explanatory diagram of thememory 127 according to the first embodiment of this invention. - In the
memory 127, the control program and the management information are stored. Various kinds of processing are realized through execution of the control program by theCPU 125. More specifically, in thememory 127, anoperating system 201, a diskarray control program 202, a datatransfer control program 203, anNTP client program 204, an input/output controlunit driver program 205, a siteclock management program 206, a WORM managementclock management program 211, atime update program 212, and WORM managementclock management information 213 are stored. - The
operating system 201 is a basic program that causes each control program to operate. - The disk
array control program 202 controls input/output of data into/from thedisk drive 111 or the like according to a data input/output request from thehost 2 or the like. More specifically, the diskarray control program 202 performs control of the disk array such as RAID conversion or logical-physical address conversion. - The data
transfer control program 203 performs data transfer by controlling the datatransfer control unit 122. - The
NTP client program 204 interprets data issued from the in-site NTP server 5 using the NTP, thereby obtaining time information. The obtained time information is used to update theWORM management clock 128 and thesite clock 129. - The input/output control
unit driver program 205 controls the host input/output control unit 121 and the disk input/output control unit 124. - The site
clock management program 206 updates thesite clock 129 according to an instruction from thetime update program 212 or an instruction from an administrator. - When time update is requested by the
time update program 212 or the like, the WORM managementclock management program 211 judges whether the requested update should be permitted or prohibited by referring to the WORM managementclock management information 213. Following this, when it is judged that the update should be permitted, the WORM managementclock management program 211 updates theWORM management clock 128. - The
time update program 212 updates thesite clock 129 and theWORM management clock 128 by controlling theNTP client program 204, the siteclock management program 206, and the WORM managementclock management program 211 with reference to the WORM managementclock management information 213. An operation of thetime update program 212 will be described in detail later with reference toFIG. 6 . -
FIG. 4 is an explanatory diagram of the WORM managementclock management information 213 according to the first embodiment of this invention. - The WORM management
clock management information 213 contains various items named “check interval” 221 showing intervals at which the WORM management clock is updated, “allowable correction degree” 222 showing an allowable correction degree at the time of the update, “time of the last update” 223 showing a time at which the last update was made, “correction at the time of the last update” 224 showing a correction degree at the time of the last update, “time of the update before last” 225 showing a time at which the update before last was made, and “correction at the time of the update before last” 226 showing a correction degree at the time of the update before last. The WORM managementclock management information 213 may contain an update time and a correction degree of an update further preceding the update before last. - In this embodiment, the
check interval 211 is fixed (at 10 minutes) and theWORM management clock 128 is updated at regular intervals, although theWORM management clock 128 may be updated at random intervals. With the random update intervals, robustness against time tampering by a malicious administrator is improved. - In the example shown in
FIG. 4 , theallowable correction degree 222 is set in a range of from −2 seconds to +0 second per 10 minutes. In other words, it is prohibited that the time is delayed by more than 2 seconds per 10 minutes. Also, regardless of the correction degree, it is prohibited that the time is advanced. - Here, the correction degree is a degree by which the time is advanced (or delayed) at the time of update. For instance, when the time is advanced by 1 second, the correction degree is +1 second. Also, when the time is delayed by 2 seconds, the correction degree is −2 seconds. The
allowable correction degree 222 is an allowable range of correction. - In the example shown in
FIG. 4 , correction in a direction in which the time advances is prohibited in order to reliably protect data, whose WORM guarantee term has not yet expired. When the time of theWORM management clock 128 is advanced, the WORM guarantee term will expire early. When the time of theWORM management clock 128 is intentionally or erroneously set earlier than the actual time, this may result in a situation where data, whose WORM guarantee term has not yet expired in actuality, is recognized as data whose WORM guarantee term has expired, and the WORM attribute is reset. In order to prevent such a situation, the correction in the direction in which the time advances is prohibited. - The allowable correction degree in the direction, in which the time is delayed, is determined in accordance with the accuracy of the embedded clocks.
-
FIG. 5 is an explanatory diagram of time update at check times according to the first embodiment of this invention. - A
standard time 401 is the actual time (for instance, Japanese Standard Time). - A time of the in-
site NTP server 402 is a time held by the in-site NTP server 5. The time of the in-site NTP server 402 is transmitted to each of the devices in the computer system using the NTP. The in-site NTP server 5 can not directly obtain thestandard time 401. Therefore, the time of the in-site NTP server 402 may deviate from thestandard time 401. - A time of the
site clock 403 is a time held by thesite clock 129. - A time of the
WORM management clock 404 is a time held by theWORM management clock 128. - First, a
check time 1 is reached (in other words, the time of the site clock becomes “12:00:00”). In the example shown inFIG. 5 , at this point in time, thestandard time 401, the time of the in-site NTP server 402, the time of thesite clock 403, and the time of theWORM management clock 404 all indicate “12:00:00”. Therefore, it is not required to perform correction on each of the clocks. - Next, a
check time 2 is reached (in other words, the time of the site clock becomes “12:10:00”). - At this point in time, the
standard time 401 and the time of the in-site NTP server 402 both indicate “12:09:59”. - On the other hand, the time of the
site clock 403 and the time of theWORM management clock 404 are each “12:10:00” and are 1 second earlier than the time of the in-site NTP server 402. - In this state, the time “12:09:59” is transmitted from the in-site NTP server 5.
- The time of the
site clock 403 is unconditionally updated to the time as “12:09:59”. - The time of the
WORM management clock 404 also receives the time “12:09:59” in a like manner and it is found that the correction degree is −1 second. As described above, in this example, theallowable correction degree 222 in the WORM managementclock management information 213 is set in a range of from −2 seconds to +0 second. In other words, the correction degree “−1 second” is within the range of theallowable correction degree 222, so this time correction is regarded as not time tampering but correction of a time deviation occurred due to a hardware reason. As a result, the time correction is permitted and the time of theWORM management clock 404 is updated to “12:09:59”. - Next, a
check time 3 is reached (in other words, the time of the site clock becomes “12:10:00”). - At this point in time, the time of the in-
site NTP server 402 indicates “12:20:03”. On the other hand, the time of thesite clock 403 and the time of theWORM management clock 404 both indicate “12:20:00”. Also, thestandard time 401 is “12:20:00”. - Like in the case of the
check time 2, the time of thesite clock 403 is unconditionally synchronized to the time of the in-site NTP server 402 and is updated to “12:20:03”. - On the other hand, the time of the
WORM management clock 404 also receives the time “12:20:03” from the in-site NTP server 5. In this case, however, the correction degree is +3 seconds, which is outside the range of theallowable correction degree 222. Therefore, this update is regarded as improper update and the time correction is not permitted. - In
FIG. 5 , at thecheck time 3, thestandard time 401 is “12:20:00”. In other words, the time of the in-site NTP server 402 is 3 seconds earlier than thestandard time 401. If the time of theWORM management clock 404 is corrected so as to coincide with the time of the in-site NTP server 402, the time of theWORM management clock 404 becomes 3 seconds earlier than thestandard time 401. In this case, the end of the WORM guarantee term is reached 3 seconds earlier with respect to the actual time (in other words, the standard time 401). Accordingly, there arises a danger that data, whose WORM guarantee term has not yet expired in actuality, may be tampered. - According to this embodiment, however, correction to advance the time of the
WORM management clock 404 is prohibited. Therefore, the time of theWORM management clock 404 is prevented from becoming earlier than thestandard time 401. As a result, there will never arise a danger that data, whose WORM guarantee term has not yet expired, may be tampered. -
FIG. 6 is a flowchart of processing executed at the time of update of theWORM management clock 128 and thesite clock 129 according to the first embodiment of this invention. - The flowchart shown in
FIG. 6 is executed by thetime update program 212. InFIG. 6 , theNTP client program 204, the siteclock management program 206, and the WORM managementclock management program 211 each operate as a subroutine of thetime update program 212. - In a
step 501, the update processing is started. Then, in astep 502, the siteclock management program 206 judges whether the current time has reached a check time. - When doing so, the site
clock management program 206 may refer to the time indicated by thesite clock 129 as the current time or may refer to the time indicated by theWORM management clock 128 as the current time. - In this embodiment, the time indicated by the
site clock 129 is referred to as the current time. - Also, in this embodiment, intervals between check times are set with reference to the
check interval 221 in the WORM managementclock management information 213. However, the check intervals for update of thesite clock 129 and the check intervals for update of theWORM management clock 128 may be different from each other. - Also, the check intervals for the update of the
WORM management clock 128 may be set as irregular intervals. For instance, by updating the time of theWORM management clock 128 at random intervals, robustness against time tampering is improved. - When it is judged in the
step 502 that the current time has not reached a check time, the processing returns to thestep 502 and it is judged again whether a check time is reached. - On the other hand, when it is judged in the
step 502 that the current time has reached a check time, the processing proceeds to astep 503 in which theNTP client program 204 obtains time information at that point in time from the in-site NTP server 5. - Next, in a
step 504, the siteclock management program 206 unconditionally reflects the time obtained in thestep 503 in thesite clock 129. More specifically, the siteclock management program 206 corrects the time of thesite clock 129 so as to coincide with the time obtained in thestep 503. - Next, in a
step 505, the WORM managementclock management program 211 computes a difference between the time obtained in thestep 503 and the time of theWORM management clock 128 at that point in time and judges whether the computed difference is within the range of theallowable correction degree 222 in the WORM managementclock management information 213. - When it is judged in the
step 505 that the time difference is within the range of theallowable correction degree 222, the time correction is permitted. Therefore, in astep 506, the WORM managementclock management program 211 updates theWORM management clock 128 to the time obtained from the in-site NTP server 5. Then, in astep 507, the processing is ended. - On the other hand, when it is judged in the
step 505 that the time difference is outside the range of the allowable correction degree, the time correction is prohibited. Therefore, in thestep 507, the processing is ended without updating theWORM management clock 128. -
FIG. 7 is a block diagram showing a configuration of a computer system according to a second embodiment of this invention. - The configuration of the computer system according to the second embodiment is the same as the configuration of the computer system according to the first embodiment shown in
FIG. 1 except that theInternet 601 is connected to anIP network 1 and one or more authentication function-equippedNTP servers 602 are connected to theInternet 601. - Devices connected to the
IP network 1 are capable of communicating with the authentication function-equippedNTP servers 602 through theIP network 1 and theInternet 601. In this embodiment, storage systems 4 communicate with the authentication function-equippedNTP servers 602 and obtain time information therefrom. - The authentication function-equipped
NTP servers 602 will be described later with reference toFIG. 10 . - The
IP network 1, hosts 2, aSAN 3, an in-site NTP server 5, and a management host 6 are completely the same as those shown inFIG. 1 and therefore the detailed description thereof will be omitted. - A configuration of each storage system 4 is the same as the configuration of the storage system 4 according to the first embodiment shown in
FIG. 2 . However, programs and management information stored in amemory 127 are partially different from those according to the first embodiment. -
FIG. 8 is an explanatory diagram of thememory 127 according to the second embodiment of this invention. - A configuration of the
memory 127 according to the second embodiment is the same as the configuration of thememory 127 according to the first embodiment shown inFIG. 3 except that an external NTPserver authentication program 701 for confirming the authentication of the authentication function-equippedNTP servers 602 from the storage system 4 is added. However, the contents of atime update program 702 and the contents of WORM managementclock management information 703 are respectively different from the contents of thetime update program 212 and the contents of the WORM managementclock management information 213 according to the first embodiment. - A WORM management
clock management program 211, a siteclock management program 206, anNTP client program 204, an input/output controlunit driver program 205, a diskarray control program 202, a datatransfer control program 203, and anoperating system 201 are the same as those according to the first embodiment shown inFIG. 3 and therefore the detailed description thereof will be omitted. -
FIG. 9 is an explanatory diagram of the WORM managementclock management information 703 according to the second embodiment of this invention. - The WORM management
clock management information 703 contains various items named “check interval” 711, “authentication function-equipped NTP server IP address” 712, and “authentication function-equipped NTP server public key” 713. - The
check interval 711 shows the intervals of update of theWORM management clock 128. - The authentication function-equipped NTP server IP address 712 shows the IP address of the authentication function-equipped
NTP server 602 connected to theInternet 601. - The authentication function-equipped NTP server public key 713 shows the public key set in the authentication function-equipped
NTP server 602. - When plural authentication function-equipped
NTP servers 602 are connected to theInternet 601, plural authentication function-equippedNTP servers 602 may be registered in the WORM managementclock management information 703.FIG. 9 shows a state where two authentication function-equipped NTP servers 602 (first authentication function-equippedNTP server 602 and second authentication function-equipped NTP server 602) are registered. - In the WORM management
clock management information 703, more authentication function-equippedNTP servers 602 may be registered. By registering plural authentication function-equippedNTP servers 602, when one authentication function-equippedNTP server 602 is stopped, another authentication function-equippedNTP server 602 can be used. - An administrator can select reliable authentication function-equipped
NTP servers 602 and register them in the WORM managementclock management information 703 in advance. When doing so, it is possible to register an authentication function-equippedNTP server 602 having higher reliability in a higher place. In the example shown inFIG. 9 , the reliability of the first authentication function-equippedNTP server 602 is the highest and the reliability of the second authentication function-equippedNTP server 602 is the next highest. - In this embodiment, each of the authentication function-equipped
NTP servers 602 is authenticated using its public key. However, the authentication function-equippedNTP server 602 may be authenticated using another method. In this case, in the WORM managementclock management information 703, information for authenticating the authentication function-equippedNTP server 602 is stored. - In this embodiment, the
check interval 711 is fixed and each clock is updated at regular intervals, although the clock update may be performed at random intervals. - Also, although not shown in
FIG. 9 , by setting anallowable correction degree 222 like in the first embodiment of this invention, it becomes possible to make the system more robust. In this case, theallowable correction degree 222 is stored in the WORM managementclock management information 703. -
FIG. 10 is an explanatory diagram of time update according to the second embodiment of this invention. - The storage system 4 comprises a
WORM management clock 128 and asite clock 129. - Among those clocks, the
WORM management clock 128 is updated only by the authentication function-equippedNTP server 602 connected through theInternet 601. - In the WORM management
clock management information 703, information concerning the authentication function-equippedNTP server 602 is registered in advance. - When obtaining a time from the authentication function-equipped
NTP server 602, the storage system 4 judges whether the authentication function-equippedNTP server 602 is registered in the WORM managementclock management information 703. When a result of this judgment is positive, theWORM management clock 128 is updated in the manner shown inFIG. 11 . - As to the
site clock 129, it is more important that theclock 129 is synchronized with the clocks of other devices in the site than that theclock 129 is adjusted to the correct time given by the authentication function-equippedNTP server 602. Consequently, thesite clock 129 is updated with reference to a time given by the in-site NTP server 5. - When doing so, like the storage system 4, every device or the in-site NTP server 5 in the computer system may obtain a time from the authentication function-equipped
NTP server 602, thereby having thesite clock 129 indicate a time that is the same as the time of theWORM management clock 128. - Also, the time in the computer system may be synchronized with the time of the
WORM management clock 128 that holds the correct time obtained from the authentication function-equippedNTP server 602. -
FIG. 11 is a flowchart of processing executed at the time of update of theWORM management clock 128 according to the second embodiment of this invention. - In
FIG. 11 , with respect to a broken line, processing executed by the storage system 4 is shown on the left side and processing executed by the authentication function-equippedNTP server 602 is shown on the right side. - The processing shown in
FIG. 11 on the left side with respect to the broken line is executed by thetime update program 702. InFIG. 11 , theNTP client program 204, the WORM managementclock management program 211, and the external NTPserver authentication program 701 each operate as a subroutine of thetime update program 702. - In a
step 1001, the processing for updating theWORM management clock 129 is started. Then, in astep 1002, theNTP client program 204 issues a time information transmission request to a target authentication function-equippedNTP server 602 among the authentication function-equippedNTP servers 602 registered in the WORM managementclock management information 703. - Then, in a
step 1003, the authentication function-equippedNTP server 602 that received the time information transmission request encrypts the current time and a specific character string using a secret key and transmits the encrypted current time and specific character string to the storage system 4. - In this embodiment, as described above, the NTP server is authenticated using its public key, although another method may be used to confirm that the NTP server is a server registered in advance.
- Also, the specific character string used here may be a character string transmitted from the storage system 4 or may be another character string determined in advance (character string or the like indicating the authentication function-equipped
NTP server 602, for instance). - Then, the storage system 4 receives a signal transmitted in the
step 1003 from the target authentication function-equippedNTP server 602. Then, in astep 1004, the external NTPserver authentication program 701 decrypts the received signal using the public key of the target authentication function-equippedNTP server 602. Here, the public key of the target authentication function-equippedNTP server 602 is registered in the WORM managementclock management information 703 in advance. - Next, in a
step 1005, the external NTPserver authentication program 701 judges whether the specific character string has been decrypted with reference to a result of the decryption in thestep 1004. - When it is judged in the
step 1005 that the specific character string has not been decrypted, this means that the public key registered in the WORM managementclock management information 703 and the secret key possessed by the authentication function-equippedNTP server 602 that is currently under processing do not correspond to each other, in other words, the authentication for confirming that the target authentication function-equippedNTP server 602 is a server registered has ended in failure. - In this case, the processing proceeds to a
step 1007 in which the external NTPserver authentication program 701 judges whether an authentication function-equipped NTP server that can be selected as the next processing target is registered in the WORM managementclock management information 703. More specifically, for instance, the external NTPserver authentication program 701 judges whether an authentication function-equippedNTP server 602 that is not yet processed exists in the WORM managementclock management information 703. - When it is judged in the
step 1007 that every authentication function-equippedNTP server 602 registered has been processed, this means that there exists no authentication function-equipped NTP server that can be selected as the next processing target. Therefor, the processing proceeds to astep 1009 in which the processing for updating theWORM management clock 128 is ended. - On the other hand, when it is judged in the
step 1007 that an authentication function-equippedNTP server 602 that can be selected as the next processing target is registered in the WORM managementclock management information 703, the processing proceeds to astep 1008 in which the external NTPserver authentication program 701 sets the authentication function-equippedNTP server 602 as a new target authentication function-equippedNTP server 602. Then, the processing returns to thestep 1002. - On the other hand, when it is judged in the
step 1005 that the specific character string has been decrypted, this means that the target authentication function-equippedNTP server 602 is confirmed to be a server registered in the WORM managementclock management information 703. Therefore, the processing proceeds to astep 1006 in which the WORM managementclock management program 211 updates theWORM management clock 128 to the time transmitted from the target authentication function-equippedNTP server 602. Then, in thestep 1009, the processing for updating theWORM management clock 128 is ended. -
FIG. 12 is an explanatory diagram of a management screen according to the second embodiment of this invention. - The
management screen 1101 is a screen displayed on an input/output device (not shown) of the management host 6. The administrator of the computer system according to this embodiment is capable of making settings concerning the update of theWORM management clock 128 by operating themanagement screen 1101 and inputting information thereinto. - The
management screen 1101 is composed of acheck button 1102, an updateinterval setting field 1103, and usage NTPserver setting fields - The
check button 1102 is used to make a setting as to whether theWORM management clock 128 is to be managed using the external authentication function-equippedNTP server 602. - For instance, by operating the
check button 1102 with a mouse (not shown), it is possible to perform switching between “ON” and “OFF” of thecheck button 1102. For instance, when thecheck button 1102 is set “ON”, a check mark is displayed on thecheck button 1102.FIG. 12 shows a state where thecheck button 1102 is set “ON”. - When the
check button 1102 is set “ON”, the authentication function-equippedNTP server 602 is used to update the WORM management clock and the flowchart shown inFIG. 11 is executed. - When the computer system according to this embodiment is not connected to the
Internet 601 or when there exists no authentication function-equippedNTP server 602 that is reliable, for instance, it is possible to set thecheck button 1102 “OFF”. - The update
interval setting field 1103 is used to set intervals of update of theWORM management clock 128.FIG. 12 shows a state where the intervals, at which theWORM management clock 128 is updated, are set to 10 minutes. The administrator is capable of setting arbitrary update intervals by operating the updateinterval setting field 1103. The set update intervals are registered as thecheck interval 711 in the WORM managementclock management information 703. - The usage NTP
server setting fields NTP servers 602 that are to be used at the time of the update of theWORM management clock 128. In the usage NTPserver setting fields NTP servers 602 are inputted. The IP addresses inputted here are each registered as the authentication function-equipped NTP server IP address 712 in the WORM managementclock management information 703. - In
FIG. 12 , the usage NTPserver setting field 1104 corresponds to an NTP server first candidate and the usage NTPserver setting field 1105 corresponds to an NTP server second candidate. In the flowchart shown inFIG. 11 , the authentication function-equippedNTP servers 602 are processed in order, with the authentication function-equippedNTP server 602 registered as the NTP server first candidate (in other words, the authentication function-equipped NTP server in the highest place) being processed first. For instance, the authentication function-equippedNTP server 602 closer to the computer system on theInternet 601 is set as a candidate in a higher place. - For instance, the IP address set in the usage NTP
server setting field 1104 for the NTP server first candidate is registered as the first authentication function-equipped NTPserver IP address 712 A and the IP address set in the usage NTPserver setting field 1105 for the NTP server second candidate is registered as the second authentication function-equipped NTPserver IP address 712 B. - It should be noted that in the
management screen 1101, more usage NTP server setting fields may be provided. - Also, authentication function-equipped
NTP servers 602 may be selected from among authentication function-equippedNTP servers 602 determined in advance.
Claims (16)
1. A storage system coupled to at least one of time servers through a network, comprising:
a first time information holding unit that holds first time information to be used to manage an update prohibition attribute of data;
a second time information holding unit that holds second time information to be used to establish time synchronization with a device coupled to the network; and
a time update unit that manages the first time information and the second time information,
wherein the time update unit
receives third time information from the at least one of the time servers and judges whether the third time information satisfies a predetermined condition, and
updates the first time information based on the third time information when the third time information satisfies the predetermined condition.
2. The storage system according to claim 1 ,
wherein the first time information holding unit is a first clock, and
the second time information holding unit is a second clock that is independent of the first clock.
3. The storage system according to claim 1 ,
wherein one of the first time information holding unit and the second time information holding unit is a clock and the other thereof is a storage area in which a difference between the first time information and the second time information is held.
4. The storage system according to claim 1 ,
wherein the time update unit
judges that the third time information satisfies the predetermined condition when a difference between the third time information and the first time information is within a predetermined range, and
updates the second time information based on the third time information regardless of whether the third time information satisfies the predetermined condition.
5. The storage system according to claim 4 ,
wherein the time update unit judges that the third time information does not satisfy the predetermined condition when a time shown by the first time information is earlier than a time shown by the third time information.
6. The storage system according to claim 1 ,
wherein the time update unit
authenticates the at least one of the time servers that transmitted the third time information when receiving the third time information, and
judges that the third time information satisfies the predetermined condition when the authentication of the at least one of the time servers ends in success.
7. The storage system according to claim 6 ,
wherein the time update unit
receives third time information from another one of the time servers when the authentication of the at least one of the time servers ends in failure, and
authenticates the another one of the time servers that transmitted the third time information.
8. The storage system according to claim 6 ,
wherein the third time information is encrypted using a secret key corresponding to a predetermined public key, and
the time update unit
decrypts the third time information using the predetermined public key when receiving the third time information, and
judges that the authentication of the at least one of the time servers that transmitted the third time information ends in success when the decryption ends in success.
9. A computer system comprising:
a storage system;
at least one of time servers; and
a network that couples the storage system and at least one of the time servers to each other,
the storage system comprising:
a first time information holding unit that holds first time information to be used to manage an update prohibition attribute of data;
a second time information holding unit that holds second time information to be used to establish time synchronization with a device coupled to the network; and
a time update unit that manages the first time information and the second time information,
wherein the at least one of the time servers transmits third time information to the storage system, and
the time update unit
receives the third time information from the at least one of the time servers and judges whether the third time information satisfies a predetermined condition, and
updates the first time information based on the third time information when the third time information satisfies the predetermined condition.
10. The computer system according to claim 9 ,
wherein the first time information holding unit is a first clock, and
the second time information holding unit is a second clock that is independent of the first clock.
11. The computer system according to claim 9 ,
wherein one of the first time information holding unit and the second time information holding unit is a clock and the other thereof is a storage area in which a difference between the first time information and the second time information is held.
12. The computer system according to claim 9 ,
wherein the time update unit
judges that the third time information satisfies the predetermined condition when a difference between the third time information and the first time information is within a predetermined range, and
updates the second time information based on the third time information regardless of whether the third time information satisfies the predetermined condition.
13. The computer system according to claim 12 ,
wherein the time update unit judges that the third time information does not satisfy the predetermined condition when a time shown by the first time information is earlier than a time shown by the third time information.
14. The computer system according to claim 9 ,
wherein the time update unit
authenticates the at least one of the time servers that transmitted the third time information when receiving the third time information, and
judges that the third time information satisfies the predetermined condition when the authentication of the at least one of the time servers ends in success.
15. The computer system according to claim 14 ,
wherein the time update unit
receives third time information from another one of the time servers when the authentication of the at least one of the time servers ends in failure, and
authenticates the another one of the time servers that transmitted the third time information.
16. The computer system according to claim 14 ,
wherein the third time information is encrypted using a secret key corresponding to a predetermined public key, and
the time update unit
decrypts the third time information using the predetermined public key when receiving the third time information, and
judges that the authentication of the at least one of the time servers that transmitted the third time information ends in success when the decryption ends in success.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/342,918 US8122154B2 (en) | 2004-10-13 | 2008-12-23 | Storage system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-298776 | 2004-10-13 | ||
JP2004298776A JP4481141B2 (en) | 2004-10-13 | 2004-10-13 | Storage system and computer system |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/342,918 Continuation US8122154B2 (en) | 2004-10-13 | 2008-12-23 | Storage system |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060095553A1 true US20060095553A1 (en) | 2006-05-04 |
Family
ID=35079462
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/007,093 Abandoned US20060095553A1 (en) | 2004-10-13 | 2004-12-07 | Storage system |
US12/342,918 Expired - Fee Related US8122154B2 (en) | 2004-10-13 | 2008-12-23 | Storage system |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/342,918 Expired - Fee Related US8122154B2 (en) | 2004-10-13 | 2008-12-23 | Storage system |
Country Status (3)
Country | Link |
---|---|
US (2) | US20060095553A1 (en) |
EP (1) | EP1647915A1 (en) |
JP (1) | JP4481141B2 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080049743A1 (en) * | 2006-02-01 | 2008-02-28 | Zampetti George P | Enhanced clock control in packet networks |
US20080306710A1 (en) * | 2007-06-08 | 2008-12-11 | Michael Holtzman | Method for improving accuracy of a time estimate from a memory device |
US20080307508A1 (en) * | 2007-06-08 | 2008-12-11 | Conley Kevin M | Method for using time from a trusted host device |
US20080307237A1 (en) * | 2007-06-08 | 2008-12-11 | Michael Holtzman | Method for improving accuracy of a time estimate used to authenticate an entity to a memory device |
US8688588B2 (en) | 2007-06-08 | 2014-04-01 | Sandisk Technologies Inc. | Method for improving accuracy of a time estimate used in digital rights management (DRM) license validation |
US20150302024A1 (en) * | 2013-09-05 | 2015-10-22 | Huawei Technologies Co., Ltd | Storage System and Method for Processing Data Operation Request |
US20150317478A1 (en) * | 2014-05-05 | 2015-11-05 | Citrix Systems, Inc. | Clock Rollback Security |
US20200364181A1 (en) * | 2015-08-31 | 2020-11-19 | Netapp Inc. | Event based retention of read only files |
US11374751B2 (en) * | 2016-11-26 | 2022-06-28 | Huawei Technologies Co., Ltd. | Password based key derivation function for NTP |
US11522626B2 (en) * | 2020-04-02 | 2022-12-06 | Hitachi Energy Switzerland Ag | Acquiring current time in a network |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB0606962D0 (en) * | 2006-04-06 | 2006-05-17 | Vodafone Plc | Secure Module |
JP2011081764A (en) * | 2009-09-14 | 2011-04-21 | Panasonic Corp | Content receiver, content reproducer, content reproducing system, content writing method, expiration date determining method, program, and recording medium |
EP2518634A1 (en) * | 2009-12-25 | 2012-10-31 | Kabushiki Kaisha Toshiba | Communication apparatus and time synchronization system |
JP5649555B2 (en) * | 2011-11-22 | 2015-01-07 | 株式会社日立製作所 | Control system and time synchronization method |
US9853949B1 (en) | 2013-04-19 | 2017-12-26 | Amazon Technologies, Inc. | Secure time service |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5444780A (en) * | 1993-07-22 | 1995-08-22 | International Business Machines Corporation | Client/server based secure timekeeping system |
US6185661B1 (en) * | 1998-01-02 | 2001-02-06 | Emc Corporation | Worm magnetic storage device |
US6530023B1 (en) * | 1995-09-04 | 2003-03-04 | Timesafe Trustcenter Gmbh | Method and device that validates time of an internal source using an external source |
US20030172145A1 (en) * | 2002-03-11 | 2003-09-11 | Nguyen John V. | System and method for designing, developing and implementing internet service provider architectures |
US20030233553A1 (en) * | 2002-06-13 | 2003-12-18 | Microsoft Corporation | Secure clock on computing device such as may be required in connection with a trust-based system |
US20050177591A1 (en) * | 2004-02-06 | 2005-08-11 | Akitsugu Kanda | Storage system for managing data with predetermined retention periods |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06348660A (en) | 1993-06-08 | 1994-12-22 | Fuji Xerox Co Ltd | Distributed processing network |
JPH0713705A (en) | 1993-06-16 | 1995-01-17 | Hitachi Ltd | Disk device |
US5689688A (en) | 1993-11-16 | 1997-11-18 | International Business Machines Corporation | Probabilistic anonymous clock synchronization method and apparatus for synchronizing a local time scale with a reference time scale |
US5907685A (en) | 1995-08-04 | 1999-05-25 | Microsoft Corporation | System and method for synchronizing clocks in distributed computer nodes |
US6199169B1 (en) | 1998-03-31 | 2001-03-06 | Compaq Computer Corporation | System and method for synchronizing time across a computer cluster |
US6311283B1 (en) * | 1998-09-17 | 2001-10-30 | Apple Computer, Inc. | Need based synchronization of computer system time clock to reduce loading on network server |
US6581110B1 (en) | 1999-12-07 | 2003-06-17 | International Business Machines Corporation | Method and system for reading and propagating authenticated time throughout a worldwide enterprise system |
JP2001282105A (en) | 2000-03-27 | 2001-10-12 | Internatl Business Mach Corp <Ibm> | Certification method for electronic contents, system and medium with recorded program |
JP2002183325A (en) | 2000-12-11 | 2002-06-28 | Daiwa Securities Group Inc | Data control device |
JP2002312737A (en) | 2001-04-11 | 2002-10-25 | Nippon Telegr & Teleph Corp <Ntt> | Time information acquisition method and expiration time processing method by ic card |
US20030149746A1 (en) | 2001-10-15 | 2003-08-07 | Ensoport Internetworks | Ensobox: an internet services provider appliance that enables an operator thereof to offer a full range of internet services |
JP2003169377A (en) | 2001-11-30 | 2003-06-13 | Toshiba Corp | Information terminal equipment |
US7146559B2 (en) * | 2001-11-30 | 2006-12-05 | Kabushiki Kaisha Toshiba | Information terminal device |
JP2003345773A (en) * | 2002-05-27 | 2003-12-05 | Nec Corp | Time correcting system for cluster system |
US7139346B2 (en) | 2002-08-09 | 2006-11-21 | The Boeing Company | Mobile network time distribution |
US20050208803A1 (en) | 2004-03-19 | 2005-09-22 | Ceelox, Inc. | Method for real time synchronization of a computing device user-definable profile to an external storage device |
US7065679B2 (en) | 2004-03-24 | 2006-06-20 | Hitachi, Ltd. | Reasonable clock adjustment for storage system |
US7266714B2 (en) | 2004-06-15 | 2007-09-04 | Dolby Laboratories Licensing Corporation | Method an apparatus for adjusting the time of a clock if it is determined that the degree of adjustment is within a limit based on the clocks initial time |
-
2004
- 2004-10-13 JP JP2004298776A patent/JP4481141B2/en not_active Expired - Fee Related
- 2004-12-07 US US11/007,093 patent/US20060095553A1/en not_active Abandoned
-
2005
- 2005-05-25 EP EP05253222A patent/EP1647915A1/en not_active Withdrawn
-
2008
- 2008-12-23 US US12/342,918 patent/US8122154B2/en not_active Expired - Fee Related
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5444780A (en) * | 1993-07-22 | 1995-08-22 | International Business Machines Corporation | Client/server based secure timekeeping system |
US5500897A (en) * | 1993-07-22 | 1996-03-19 | International Business Machines Corporation | Client/server based secure timekeeping system |
US6530023B1 (en) * | 1995-09-04 | 2003-03-04 | Timesafe Trustcenter Gmbh | Method and device that validates time of an internal source using an external source |
US6185661B1 (en) * | 1998-01-02 | 2001-02-06 | Emc Corporation | Worm magnetic storage device |
US20030172145A1 (en) * | 2002-03-11 | 2003-09-11 | Nguyen John V. | System and method for designing, developing and implementing internet service provider architectures |
US20030233553A1 (en) * | 2002-06-13 | 2003-12-18 | Microsoft Corporation | Secure clock on computing device such as may be required in connection with a trust-based system |
US20050177591A1 (en) * | 2004-02-06 | 2005-08-11 | Akitsugu Kanda | Storage system for managing data with predetermined retention periods |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080049743A1 (en) * | 2006-02-01 | 2008-02-28 | Zampetti George P | Enhanced clock control in packet networks |
US8064484B2 (en) * | 2006-02-01 | 2011-11-22 | Symmetricom, Inc. | Enhanced clock control in packet networks |
US20080306710A1 (en) * | 2007-06-08 | 2008-12-11 | Michael Holtzman | Method for improving accuracy of a time estimate from a memory device |
US20080307508A1 (en) * | 2007-06-08 | 2008-12-11 | Conley Kevin M | Method for using time from a trusted host device |
US20080307237A1 (en) * | 2007-06-08 | 2008-12-11 | Michael Holtzman | Method for improving accuracy of a time estimate used to authenticate an entity to a memory device |
US8688924B2 (en) | 2007-06-08 | 2014-04-01 | Sandisk Technologies Inc. | Method for improving accuracy of a time estimate from a memory device |
US8688588B2 (en) | 2007-06-08 | 2014-04-01 | Sandisk Technologies Inc. | Method for improving accuracy of a time estimate used in digital rights management (DRM) license validation |
US8869288B2 (en) * | 2007-06-08 | 2014-10-21 | Sandisk Technologies Inc. | Method for using time from a trusted host device |
US20150302024A1 (en) * | 2013-09-05 | 2015-10-22 | Huawei Technologies Co., Ltd | Storage System and Method for Processing Data Operation Request |
US9753941B2 (en) * | 2013-09-05 | 2017-09-05 | Huawei Technologies Co., Ltd. | Storage system and method for processing data operation request |
US20150317478A1 (en) * | 2014-05-05 | 2015-11-05 | Citrix Systems, Inc. | Clock Rollback Security |
US10114945B2 (en) * | 2014-05-05 | 2018-10-30 | Citrix Systems, Inc. | Clock rollback security |
US20200364181A1 (en) * | 2015-08-31 | 2020-11-19 | Netapp Inc. | Event based retention of read only files |
US11880335B2 (en) * | 2015-08-31 | 2024-01-23 | Netapp, Inc. | Event based retention of read only files |
US11374751B2 (en) * | 2016-11-26 | 2022-06-28 | Huawei Technologies Co., Ltd. | Password based key derivation function for NTP |
EP3535951B1 (en) * | 2016-11-26 | 2023-05-24 | Huawei Technologies Co., Ltd. | Password based key derivation function for ntp |
US11522626B2 (en) * | 2020-04-02 | 2022-12-06 | Hitachi Energy Switzerland Ag | Acquiring current time in a network |
Also Published As
Publication number | Publication date |
---|---|
JP2006113720A (en) | 2006-04-27 |
EP1647915A1 (en) | 2006-04-19 |
US20090157862A1 (en) | 2009-06-18 |
JP4481141B2 (en) | 2010-06-16 |
US8122154B2 (en) | 2012-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8122154B2 (en) | Storage system | |
US10102356B1 (en) | Securing storage control path against unauthorized access | |
CN103262090B (en) | Protecting data integrity with storage leases | |
US8510572B2 (en) | Remote access system, gateway, client device, program, and storage medium | |
US7200756B2 (en) | Base cryptographic service provider (CSP) methods and apparatuses | |
US7716488B2 (en) | Trusted time stamping storage system | |
US20120110343A1 (en) | Trustworthy timestamps on data storage devices | |
JP4219965B2 (en) | One-time ID authentication | |
US7562230B2 (en) | Data security | |
JP2009230741A (en) | Method and apparatus for verifying archived data integrity in integrated storage system | |
US20070219917A1 (en) | Digital License Sharing System and Method | |
US20060015946A1 (en) | Method and apparatus for secure data mirroring a storage system | |
US20090106549A1 (en) | Method and system for extending encrypting file system | |
US20060130154A1 (en) | Method and system for protecting and verifying stored data | |
JP2009517785A (en) | Digital rights management using reliable time | |
JP4704780B2 (en) | Computer system, storage device, computer software, and administrator authentication method in storage control | |
US8850563B2 (en) | Portable computer accounts | |
US20110314245A1 (en) | Secure media system | |
US7346599B2 (en) | Storage system and method of managing data stored in a storage system | |
JP4760232B2 (en) | Time setting device and time setting method | |
US20210192023A1 (en) | Authenticating an entity | |
GB2574024A (en) | Authenticating an entity | |
CN117113394A (en) | Software encryption method based on solid state disk | |
CN118535279A (en) | Data storage method, system, electronic device and storage medium | |
JP2009049554A (en) | Clock-hard module and digital signature system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: HITACHI, LTD., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:OGAWA, JUNJI;NONAKA, YUSUKE;REEL/FRAME:016443/0060 Effective date: 20041206 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |