-
公开(公告)号:US08874935B2
公开(公告)日:2014-10-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后计算设备写入存储卷的数据被加密,则访问扇区映射。 扇区映射识别存储卷的一个或多个扇区,并且还针对存储卷的一个或多个扇区中的每一个标识扇区内容的签名。 响应于读取扇区的内容的请求,如果扇区是一个或多个扇区中的一个或多个扇区的一个,并且扇区的内容的签名与扇区的签名匹配,则返回扇区的内容而不解密内容 在扇区图中确定。 否则,扇区的内容被解密,并且返回解密的内容。
-
公开(公告)号:US08689279B2
公开(公告)日:2014-04-01
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F17/00
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块是未加密的,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
公开(公告)号:US09256745B2
公开(公告)日:2016-02-09
申请号:US13037962
申请日:2011-03-01
申请人: Scott D. Anderson , David J. Linsley , Magnus Bo Gustaf Nyström , Douglas M. MacIver , Robert Karl Spiger
发明人: Scott D. Anderson , David J. Linsley , Magnus Bo Gustaf Nyström , Douglas M. MacIver , Robert Karl Spiger
IPC分类号: G06F9/00 , G06F15/177 , G06F21/57
CPC分类号: G06F21/575
摘要: In a pre-operating system environment on a device prior to loading and running an operating system on the device, a policy identifying configuration settings for the operating system is obtained. The operating system itself is prevented from changing this policy, but the policy can be changed under certain circumstances by components of the pre-operating system environment. The policy is compared to configuration values used by the operating system, and the operating system is allowed to boot with the configuration values if the configuration values satisfy the policy. However, if the configuration values do not satisfy the policy, then a responsive action is taken.
-
公开(公告)号:US08924737B2
公开(公告)日:2014-12-30
申请号:US13218029
申请日:2011-08-25
CPC分类号: G06F21/575 , G06F21/602 , G06F21/73
摘要: In accordance with one or more aspects, a representation of a configuration of a firmware environment of a device is generated. A secret of the device is obtained, and a platform secret is generated based on both the firmware environment configuration representation and the secret of the device. One or more keys can be generated based on the platform secret.
摘要翻译: 根据一个或多个方面,生成设备的固件环境的配置的表示。 获得设备的秘密,并且基于固件环境配置表示和设备的秘密生成平台秘密。 可以基于平台秘密生成一个或多个密钥。
-
公开(公告)号:US20130054979A1
公开(公告)日:2013-02-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
-
公开(公告)号:US20130054946A1
公开(公告)日:2013-02-28
申请号:US13218029
申请日:2011-08-25
CPC分类号: G06F21/575 , G06F21/602 , G06F21/73
摘要: In accordance with one or more aspects, a representation of a configuration of a firmware environment of a device is generated. A secret of the device is obtained, and a platform secret is generated based on both the firmware environment configuration representation and the secret of the device. One or more keys can be generated based on the platform secret.
摘要翻译: 根据一个或多个方面,生成设备的固件环境的配置的表示。 获得设备的秘密,并且基于固件环境配置表示和设备的秘密生成平台秘密。 可以基于平台秘密生成一个或多个密钥。
-
公开(公告)号:US20120226895A1
公开(公告)日:2012-09-06
申请号:US13037962
申请日:2011-03-01
申请人: Scott D. Anderson , David J. Linsley , Magnus Bo Gustaf Nyström , Douglas M. MacIver , Robert Karl Spiger
发明人: Scott D. Anderson , David J. Linsley , Magnus Bo Gustaf Nyström , Douglas M. MacIver , Robert Karl Spiger
IPC分类号: G06F9/00
CPC分类号: G06F21/575
摘要: In a pre-operating system environment on a device prior to loading and running an operating system on the device, a policy identifying configuration settings for the operating system is obtained. The operating system itself is prevented from changing this policy, but the policy can be changed under certain circumstances by components of the pre-operating system environment. The policy is compared to configuration values used by the operating system, and the operating system is allowed to boot with the configuration values if the configuration values satisfy the policy. However, if the configuration values do not satisfy the policy, then a responsive action is taken.
摘要翻译: 在装置上装载和运行操作系统之前的设备上的预操作系统环境中,获得识别操作系统的配置设置的策略。 操作系统本身被阻止更改此策略,但在特定情况下可以通过操作前系统环境的组件来更改策略。 该策略与操作系统使用的配置值进行比较,如果配置值满足策略,则允许操作系统使用配置值进行引导。 但是,如果配置值不符合策略,则执行响应动作。
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.04 秒)
