-
公开(公告)号:US08885833B2
公开(公告)日:2014-11-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US20120257759A1
公开(公告)日:2012-10-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
IPC分类号: H04L9/00
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US08462955B2
公开(公告)日:2013-06-11
申请号:US12793455
申请日:2010-06-03
申请人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
发明人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
CPC分类号: H04L9/0894 , H04L9/0822 , H04L63/061 , H04L2463/062
摘要: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
摘要翻译: 生成或以其他方式获得由远程服务存储的在线密钥,以及存储介质(适用于存储物理或虚拟存储介质上的数据)主密钥,用于加密和解密物理或虚拟存储介质或加密和 至少部分地基于在线密钥来加密用于加密物理或虚拟存储介质的一个或多个存储介质加密密钥的解密。 存储存储介质的密钥保护器,密钥保护器包括加密的主密钥。 随后可以访问密钥保护器,并从远程服务获取在线密钥。 主密钥基于在线密钥解密,允许用于解密存储介质的一个或多个存储介质加密密钥被解密。
-
公开(公告)号:US20140108814A1
公开(公告)日:2014-04-17
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
IPC分类号: G06F21/60
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
公开(公告)号:US09058497B2
公开(公告)日:2015-06-16
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
公开(公告)号:US20110302398A1
公开(公告)日:2011-12-08
申请号:US12793455
申请日:2010-06-03
申请人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Bo Gustaf Magnus Nystr+e,uml o+ee m , Niels T. Ferguson
发明人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Bo Gustaf Magnus Nystr+e,uml o+ee m , Niels T. Ferguson
CPC分类号: H04L9/0894 , H04L9/0822 , H04L63/061 , H04L2463/062
摘要: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
摘要翻译: 生成或以其他方式获得由远程服务存储的在线密钥,以及存储介质(适用于存储物理或虚拟存储介质上的数据)主密钥,用于加密和解密物理或虚拟存储介质或加密和 至少部分地基于在线密钥来加密用于加密物理或虚拟存储介质的一个或多个存储介质加密密钥的解密。 存储存储介质的密钥保护器,密钥保护器包括加密的主密钥。 随后可以访问密钥保护器,并从远程服务获取在线密钥。 主密钥基于在线密钥解密,允许用于解密存储介质的一个或多个存储介质加密密钥被解密。
-
公开(公告)号:US08745386B2
公开(公告)日:2014-06-03
申请号:US12819883
申请日:2010-06-21
申请人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
发明人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2131 , H04L9/3228 , H04L9/3234 , H04L63/067
摘要: Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.
摘要翻译: 描述用于访问存储在计算机的受保护卷上的加密数据的一次验证方法,其中对加密数据的访问涉及解密存储在计算机上的密钥保护器,其保存解密受保护卷所需的特定于卷的加密密钥。 这种一次性认证方法依赖于提供只能使用一次的密钥保护器和/或需要每次使用的新的访问凭证。 在某些实施例中,质询 - 响应过程也被用作认证方法的一部分,以将密钥保护器的发行和/或访问凭证与可以唯一地标识用户的特定信息片段相关联。
-
公开(公告)号:US20110314279A1
公开(公告)日:2011-12-22
申请号:US12819883
申请日:2010-06-21
申请人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
发明人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
CPC分类号: H04L63/08 , G06F21/31 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2131 , H04L9/3228 , H04L9/3234 , H04L63/067
摘要: Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.
摘要翻译: 描述用于访问存储在计算机的受保护卷上的加密数据的一次验证方法,其中对加密数据的访问涉及解密存储在计算机上的密钥保护器,其保存解密受保护卷所需的特定于卷的加密密钥。 这种一次性认证方法依赖于提供只能使用一次的密钥保护器和/或需要每次使用的新的访问凭证。 在某些实施例中,质询 - 响应过程也被用作认证方法的一部分,以将密钥保护器的发行和/或访问凭证与可以唯一地标识用户的特定信息片段相关联。
-
公开(公告)号:US09203613B2
公开(公告)日:2015-12-01
申请号:US13248953
申请日:2011-09-29
CPC分类号: H04L63/102 , G06F21/335 , G06F2221/2137 , H04L9/083 , H04L9/0861 , H04L9/088 , H04L9/32 , H04L9/3242 , H04L9/3247 , H04L63/06 , H04L63/08 , H04L2209/38
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用专用信息,作为用于生成密钥的结果,使生成的密钥可用于比秘密凭证更小的使用范围。 此外,密钥生成可以涉及功能的多次调用,其中函数的调用的至少一个子集中的每一个导致具有比从先前调用该函数产生的密钥更小的允许使用范围的密钥。 生成的密钥可以用作签名密钥来签名消息。 取决于消息和/或提交消息的方式是否符合密钥使用的限制,可以采取一个或多个动作。
-
公开(公告)号:US08892865B1
公开(公告)日:2014-11-18
申请号:US13431760
申请日:2012-03-27
申请人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
发明人: Gregory B. Roth , Marc R. Barbour , Bradley Jeffery Behm , Cristian M. Ilac , Eric Jason Brandwine
CPC分类号: H04L9/0822 , G06F21/602 , H04L9/0836 , H04L9/14 , H04L63/064 , H04L2209/24
摘要: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
摘要翻译: 用于认证的系统和方法从认证方和认证者之间共享的秘密凭证生成密钥。 密钥的生成可以涉及利用用于专门化密钥的参数形式的专门信息。 可以使用由多个机构保存的密钥导出的密钥和/或信息来生成其他密钥,使得可以在不访问密钥的情况下验证需要这样的密钥和/或信息的签名。 还可以导出密钥以形成分布的密钥的层次结构,使得密钥持有者解密数据的能力取决于密钥在层级中相对于用于加密数据的密钥的位置的位置。 密钥层次也可以用于将密钥集分配给内容处理设备,以使得设备能够解密内容,使得未经授权的内容的源或潜在来源可以从解密的内容中识别。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.033 秒)
