公开(公告)号：US08595493B2

公开(公告)日：2013-11-26

申请号：US12759406

申请日：2010-04-13

申请人： Octavian T. Ureche ,  Alex M. Semenko ,  Hui Huang

发明人： Octavian T. Ureche ,  Alex M. Semenko ,  Hui Huang

IPC分类号： H04L9/32

CPC分类号： G06F21/6218

摘要： In accordance with one or more aspects, a storage volume is transformed into an encrypted storage volume or an unencrypted storage volume using a multi-phase process. One or more parts of the storage volume that have not yet been transformed are identified, and one or more parts of the storage volume that are allocated for use are identified. In a first phase of the multi-phase process, one or more parts of the storage volume that have not yet been transformed and that are allocated for use are transformed. In a second phase of the multi-phase process, after the first phase is finished, one or more parts of the storage volume that have not yet been transformed and are not allocated for use are transformed.

摘要翻译： 根据一个或多个方面，使用多阶段过程将存储卷转换成加密的存储卷或未加密的存储卷。 识别尚未变换的存储卷的一个或多个部分，并且识别分配供使用的存储卷的一个或多个部分。 在多阶段过程的第一阶段，存储卷的尚未被转换并被分配供使用的一个或多个部分被转换。 在多相处理的第二阶段中，在第一阶段完成之后，转换尚未被转换并且不被分配使用的存储卷的一个或多个部分。

公开(公告)号：US20110252242A1

公开(公告)日：2011-10-13

申请号：US12759406

申请日：2010-04-13

申请人： Octavian T. Ureche ,  Alex M. Semenko ,  Hui Huang

发明人： Octavian T. Ureche ,  Alex M. Semenko ,  Hui Huang

IPC分类号： G06F12/14 ,  G06F12/02

CPC分类号： G06F21/6218

摘要： In accordance with one or more aspects, a storage volume is transformed into an encrypted storage volume or an unencrypted storage volume using a multi-phase process. One or more parts of the storage volume that have not yet been transformed are identified, and one or more parts of the storage volume that are allocated for use are identified. In a first phase of the multi-phase process, one or more parts of the storage volume that have not yet been transformed and that are allocated for use are transformed. In a second phase of the multi-phase process, after the first phase is finished, one or more parts of the storage volume that have not yet been transformed and are not allocated for use are transformed.

摘要翻译： 根据一个或多个方面，使用多阶段过程将存储卷转换成加密的存储卷或未加密的存储卷。 识别尚未变换的存储卷的一个或多个部分，并且识别分配供使用的存储卷的一个或多个部分。 在多阶段过程的第一阶段，存储卷的尚未被转换并被分配供使用的一个或多个部分被转换。 在多相处理的第二阶段中，在第一阶段完成之后，转换尚未被转换并且不被分配使用的存储卷的一个或多个部分。

公开(公告)号：US20110019820A1

公开(公告)日：2011-01-27

申请号：US12506568

申请日：2009-07-21

申请人： Octavian T. Ureche ,  Alex M. Semenko ,  Sai Vinayak ,  Carl M. Ellison

发明人： Octavian T. Ureche ,  Alex M. Semenko ,  Sai Vinayak ,  Carl M. Ellison

IPC分类号： H04L9/00 ,  G06F12/14

CPC分类号： H04L63/205 ,  G06F21/606 ,  H04L9/3247 ,  H04L2209/80

摘要： A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.

摘要翻译： 获得一组用于通信信道的安全权利要求，该组安全权利要求包括一个或多个安全权利要求，每个安全权利要求各自标识通信信道的安全特性。 存储安全声明，以及由实体在该组安全声明上生成的数字签名。 随后当计算设备将数据传送到通信信道和/或从通信信道传送数据时，随后访问安全声明和数字签名。 将该组安全声明与计算设备的安全策略进行比较，并且识别对该组安全声明进行数字签名的实体。 至少部分地基于所述比较和对所述一组安全权利要求进行数字签名的实体来确定所述计算设备将用于向所述通信信道传送数据和/或从所述通信信道传送数据的一个或多个安全预防措施。

公开(公告)号：US20100107213A1

公开(公告)日：2010-04-29

申请号：US12256742

申请日：2008-10-23

申请人： Octavian T. Ureche ,  Alex M. Semenko ,  Ping Xie ,  Sai Vinayak

发明人： Octavian T. Ureche ,  Alex M. Semenko ,  Ping Xie ,  Sai Vinayak

IPC分类号： G06F21/00

CPC分类号： G06F21/6218

摘要： In accordance with one or more aspects, a current security policy for accessing a device or volume of a computing device is identified. A secondary access control state for the device or volume is also identified. An access state for the device is determined based on both the current security policy and the secondary access control state.

摘要翻译： 根据一个或多个方面，识别用于访问计算设备的设备或卷的当前安全策略。 还识别用于设备或卷的辅助访问控制状态。 基于当前的安全策略和次要访问控制状态来确定设备的访问状态。