Managing keys used for encrypting data
    1.
    发明授权
    Managing keys used for encrypting data 有权
    管理用于加密数据的密钥

    公开(公告)号:US09378388B2

    公开(公告)日:2016-06-28

    申请号:US12763811

    申请日:2010-04-20

    摘要: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.

    摘要翻译: 一种用于管理加密信息的方法,数据处理系统和计算机程序产品。 响应于从请求者接收到对密码信息的请求,确定是否创建加密信息时的第一时间戳是否比密码信息的备份的第二时间戳更新。 加密信息用于加密数据。 响应于密码信息创建的第一时间戳比密码信息的备份的第二时间戳更新的确定,防止加密信息被提供给请求者。

    Optimizing Use of Hardware Security Modules
    2.
    发明申请
    Optimizing Use of Hardware Security Modules 有权
    优化使用硬件安全模块

    公开(公告)号:US20120159192A1

    公开(公告)日:2012-06-21

    申请号:US13409717

    申请日:2012-03-01

    IPC分类号: G06F12/14

    摘要: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

    摘要翻译: 加密密钥存储硬件安全模块的使用在具有第一稀缺的高安全密钥存储设备和第二更多的低安全密钥存储设备的系统中被优化,包括通过初始地存储密钥来将密码密钥保护到较高的安全级别 在所述第一存储装置中,响应于事件,针对一个或多个规则评估所述存储的密钥,并且在所述评估之后,重新分类存储的密钥进行重新定位,使用密钥加密密钥加密重分类密钥; 将重分类密钥重定位到第二低安全性存储设备中,并将密钥加密密钥存储在第一存储设备中。

    UTILITY FOR TASKS TO FOLLOW A USER FROM DEVICE TO DEVICE
    3.
    发明申请
    UTILITY FOR TASKS TO FOLLOW A USER FROM DEVICE TO DEVICE 审中-公开
    将用户从设备到设备的任务应用于实用程序

    公开(公告)号:US20090204966A1

    公开(公告)日:2009-08-13

    申请号:US12029490

    申请日:2008-02-12

    IPC分类号: G06F9/46

    摘要: A “follow-me” utility runs on each of a plurality devices a person may typically use. This utility monitors applications running on a device and intelligently saves the state of tasks a user is performing. When the follow-me utility detects that the user has initialized another device having the follow-me utility and connectivity to the original device, the utility automatically and transparently creates an environment on the new device so that the user may continue the task at the same point as when he or she last performed the task on the original device. When the user continues a task or starts a new task, the follow-me utility automatically and transparently updates files and task states on any devices having the follow-me utility and connectivity. The follow-me utility may make intelligent task migration decisions based on conditions such as network bandwidth, security policy, location, and device capability.

    摘要翻译: “跟随”实用程序在人可能通常使用的多个设备中的每一个上运行。 此实用程序监视在设备上运行的应用程序,并智能地保存用户正在执行的任务状态。 当follow-me实用程序检测到用户初始化了具有跟随实用程序的另一个设备和与原始设备的连接时,该实用程序将在新设备上自动且透明地创建环境,以便用户可以在同一个环境中继续执行任务 当他或她最后一次在原始设备上执行任务时。 当用户继续执行任务或启动新任务时,随机应用程序会自动透明地更新任何具有跟随功能和连接的设备上的文件和任务状态。 后续实用程序可以基于诸如网络带宽,安全策略,位置和设备能力等条件来实现智能任务迁移决策。

    System and method for maintaining replicated data coherency in a data
processing system
    4.
    发明授权
    System and method for maintaining replicated data coherency in a data processing system 失效
    用于在数据处理系统中维护复制数据一致性的系统和方法

    公开(公告)号:US5434994A

    公开(公告)日:1995-07-18

    申请号:US247422

    申请日:1994-05-23

    摘要: A system and method for maintaining data coherency in a system in which data is replicated on two or more servers. Each server is able to update the data replica present on the server. Updates are logged for each server. Reconciliation of server data replicas is aggressively initiated upon the occurrence of predefined events. These events include arrival at a scheduled time, a request for data by a client system, server and network failure recovery. Reconciliation is managed by a coordinator server selected to ensure that at most one coordinator server per network partition is selected. Logged updates are merged and transmitted to each server containing a data replica. The logged updates are applied unless a conflict is detected. Conflicts are collected and distributed for resolution. Reconciliation is managed between servers without regard to operating system or physical file system type.

    摘要翻译: 用于在数据在两个或多个服务器上复制的系统中维护数据一致性的系统和方法。 每个服务器都能够更新服务器上存在的数据副本。 每个服务器都记录更新。 服务器数据副本的协调在发生预定义事件时积极地启动。 这些事件包括到达预定的时间,客户端系统的数据请求,服务器和网络故障恢复。 协调由所选择的协调器服务器管理,以确保每个网络分区最多选择一个协调器服务器。 记录的更新被合并并发送到包含数据副本的每个服务器。 应用所记录的更新,除非检测到冲突。 收集和分发冲突以解决。 协调在服务器之间进行管理,而不考虑操作系统或物理文件系统类型。

    Optimizing use of hardware security modules
    5.
    发明授权
    Optimizing use of hardware security modules 有权
    优化使用硬件安全模块

    公开(公告)号:US08675875B2

    公开(公告)日:2014-03-18

    申请号:US12782551

    申请日:2010-05-18

    IPC分类号: H04L9/00

    摘要: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

    摘要翻译: 加密密钥存储硬件安全模块的使用在具有第一稀缺的高安全密钥存储设备和第二更多的低安全密钥存储设备的系统中被优化,包括通过初始地存储密钥来将密码密钥保护到较高的安全级别 在所述第一存储装置中,响应于事件,针对一个或多个规则评估所述存储的密钥,并且在所述评估之后,重新分类存储的密钥进行重新定位,使用密钥加密密钥加密重分类密钥; 将重分类密钥重定位到第二低安全性存储设备中,并将密钥加密密钥存储在第一存储设备中。

    Optimizing Use of Hardware Security Modules
    6.
    发明申请
    Optimizing Use of Hardware Security Modules 有权
    优化使用硬件安全模块

    公开(公告)号:US20110289324A1

    公开(公告)日:2011-11-24

    申请号:US12782551

    申请日:2010-05-18

    IPC分类号: G06F12/14

    摘要: Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.

    摘要翻译: 加密密钥存储硬件安全模块的使用在具有第一稀缺的高安全密钥存储设备和第二更多的低安全密钥存储设备的系统中被优化,包括通过初始地存储密钥来将密码密钥保护到较高的安全级别 在所述第一存储装置中,响应于事件,针对一个或多个规则评估所述存储的密钥,并且在所述评估之后,重新分类存储的密钥进行重新定位,使用密钥加密密钥加密重分类密钥; 将重分类密钥重定位到第二低安全性存储设备中,并将密钥加密密钥存储在第一存储设备中。

    METHOD AND APPARATUS FOR MANAGING KEYS USED FOR ENCRYPTING DATA
    7.
    发明申请
    METHOD AND APPARATUS FOR MANAGING KEYS USED FOR ENCRYPTING DATA 有权
    用于管理用于加密数据的密钥的方法和装置

    公开(公告)号:US20110258458A1

    公开(公告)日:2011-10-20

    申请号:US12763811

    申请日:2010-04-20

    IPC分类号: G06F21/00

    摘要: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.

    摘要翻译: 一种用于管理加密信息的方法,数据处理系统和计算机程序产品。 响应于从请求者接收到对密码信息的请求,确定是否创建加密信息时的第一时间戳是否比密码信息的备份的第二时间戳更新。 加密信息用于加密数据。 响应于密码信息创建的第一时间戳比密码信息的备份的第二时间戳更新的确定,防止加密信息被提供给请求者。

    Method and system for configuring highly available online certificate status protocol
    8.
    发明授权
    Method and system for configuring highly available online certificate status protocol 失效
    配置高可用性在线证书状态协议的方法和系统

    公开(公告)号:US07865721B2

    公开(公告)日:2011-01-04

    申请号:US11866549

    申请日:2007-10-03

    IPC分类号: H04L29/06

    摘要: A method and system is presented for configuring a group of OCSP (Online Certificate Status Protocol) responders so that they are highly available. Each of the grouped OCSP responders share a common public key. When responding to an OCSP request, an OCSP responder generates an OCSP response that is signed with a group digital signature; the certificate for the common or group public key can be attached to the OCSP response. An OCSP client uses the group public key to verify the group digital signature on an OCSP response from any of the OCSP responders. For an OCSP client, the availability of this group of responders is greater than the availability of any one member of the group.

    摘要翻译: 提出了一种方法和系统,用于配置一组OCSP(在线证书状态协议)响应者,使其高度可用。 每个分组的OCSP响应者共享一个公共密钥。 当响应OCSP请求时,OCSP响应者产生用组数字签名签名的OCSP响应; 公共或组公钥的证书可以附加到OCSP响应。 OCSP客户端使用组公钥来验证来自任何OCSP响应者的OCSP响应的组数字签名。 对于OCSP客户端,这组响应者的可用性大于组中任何一个成员的可用性。

    Method and system for configuring highly available online certificate status protocol
    9.
    发明申请
    Method and system for configuring highly available online certificate status protocol 失效
    配置高可用性在线证书状态协议的方法和系统

    公开(公告)号:US20080172559A1

    公开(公告)日:2008-07-17

    申请号:US11866549

    申请日:2007-10-03

    IPC分类号: H04L9/00

    摘要: A method and system is presented for configuring a group of OCSP (Online Certificate Status Protocol) responders so that they are highly available. Each of the grouped OCSP responders share a common public key. When responding to an OCSP request, an OCSP responder generates an OCSP response that is signed with a group digital signature; the certificate for the common or group public key can be attached to the OCSP response. An OCSP client uses the group public key to verify the group digital signature on an OCSP response from any of the OCSP responders. For an OCSP client, the availability of this group of responders is greater than the availability of any one member of the group.

    摘要翻译: 提出了一种方法和系统,用于配置一组OCSP(在线证书状态协议)响应者,使其高度可用。 每个分组的OCSP响应者共享一个公共密钥。 当响应OCSP请求时,OCSP响应者产生用组数字签名签名的OCSP响应; 公共或组公钥的证书可以附加到OCSP响应。 OCSP客户端使用组公钥来验证来自任何OCSP响应者的OCSP响应的组数字签名。 对于OCSP客户端,这组响应者的可用性大于组中任何一个成员的可用性。

    Managing keys used for encrypting data
    10.
    发明授权
    Managing keys used for encrypting data 有权
    管理用于加密数据的密钥

    公开(公告)号:US09594920B2

    公开(公告)日:2017-03-14

    申请号:US13424428

    申请日:2012-03-20

    摘要: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.

    摘要翻译: 一种用于管理加密信息的方法,数据处理系统和计算机程序产品。 响应于从请求者接收到对密码信息的请求,确定是否创建加密信息时的第一时间戳是否比密码信息的备份的第二时间戳更新。 加密信息用于加密数据。 响应于密码信息创建的第一时间戳比密码信息的备份的第二时间戳更新的确定,防止加密信息被提供给请求者。