-
公开(公告)号:US08885833B2
公开(公告)日:2014-11-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US20120257759A1
公开(公告)日:2012-10-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
IPC分类号: H04L9/00
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US08462955B2
公开(公告)日:2013-06-11
申请号:US12793455
申请日:2010-06-03
申请人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
发明人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
CPC分类号: H04L9/0894 , H04L9/0822 , H04L63/061 , H04L2463/062
摘要: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
摘要翻译: 生成或以其他方式获得由远程服务存储的在线密钥,以及存储介质(适用于存储物理或虚拟存储介质上的数据)主密钥,用于加密和解密物理或虚拟存储介质或加密和 至少部分地基于在线密钥来加密用于加密物理或虚拟存储介质的一个或多个存储介质加密密钥的解密。 存储存储介质的密钥保护器,密钥保护器包括加密的主密钥。 随后可以访问密钥保护器,并从远程服务获取在线密钥。 主密钥基于在线密钥解密,允许用于解密存储介质的一个或多个存储介质加密密钥被解密。
-
公开(公告)号:US20110302398A1
公开(公告)日:2011-12-08
申请号:US12793455
申请日:2010-06-03
申请人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Bo Gustaf Magnus Nystr+e,uml o+ee m , Niels T. Ferguson
发明人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Bo Gustaf Magnus Nystr+e,uml o+ee m , Niels T. Ferguson
CPC分类号: H04L9/0894 , H04L9/0822 , H04L63/061 , H04L2463/062
摘要: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
摘要翻译: 生成或以其他方式获得由远程服务存储的在线密钥,以及存储介质(适用于存储物理或虚拟存储介质上的数据)主密钥,用于加密和解密物理或虚拟存储介质或加密和 至少部分地基于在线密钥来加密用于加密物理或虚拟存储介质的一个或多个存储介质加密密钥的解密。 存储存储介质的密钥保护器,密钥保护器包括加密的主密钥。 随后可以访问密钥保护器,并从远程服务获取在线密钥。 主密钥基于在线密钥解密,允许用于解密存储介质的一个或多个存储介质加密密钥被解密。
-
公开(公告)号:US08745386B2
公开(公告)日:2014-06-03
申请号:US12819883
申请日:2010-06-21
申请人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
发明人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2131 , H04L9/3228 , H04L9/3234 , H04L63/067
摘要: Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.
摘要翻译: 描述用于访问存储在计算机的受保护卷上的加密数据的一次验证方法,其中对加密数据的访问涉及解密存储在计算机上的密钥保护器,其保存解密受保护卷所需的特定于卷的加密密钥。 这种一次性认证方法依赖于提供只能使用一次的密钥保护器和/或需要每次使用的新的访问凭证。 在某些实施例中,质询 - 响应过程也被用作认证方法的一部分,以将密钥保护器的发行和/或访问凭证与可以唯一地标识用户的特定信息片段相关联。
-
公开(公告)号:US20110314279A1
公开(公告)日:2011-12-22
申请号:US12819883
申请日:2010-06-21
申请人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
发明人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
CPC分类号: H04L63/08 , G06F21/31 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2131 , H04L9/3228 , H04L9/3234 , H04L63/067
摘要: Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.
摘要翻译: 描述用于访问存储在计算机的受保护卷上的加密数据的一次验证方法,其中对加密数据的访问涉及解密存储在计算机上的密钥保护器,其保存解密受保护卷所需的特定于卷的加密密钥。 这种一次性认证方法依赖于提供只能使用一次的密钥保护器和/或需要每次使用的新的访问凭证。 在某些实施例中,质询 - 响应过程也被用作认证方法的一部分,以将密钥保护器的发行和/或访问凭证与可以唯一地标识用户的特定信息片段相关联。
-
公开(公告)号:US20110022856A1
公开(公告)日:2011-01-27
申请号:US12509255
申请日:2009-07-24
申请人: Octavian T. Ureche , Gaurav Sinha , Nils Dussart , Yi Liu , Vijay G. Bharadwaj , Niels T. Ferguson
发明人: Octavian T. Ureche , Gaurav Sinha , Nils Dussart , Yi Liu , Vijay G. Bharadwaj , Niels T. Ferguson
IPC分类号: G06F12/14
CPC分类号: H04L9/0822 , G06F21/602 , G06F21/62 , G06F21/78 , H04L9/0844 , H04L9/0894 , H04L9/14 , H04L2463/062
摘要: In accordance with one or more aspects, a key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key.
摘要翻译: 根据一个或多个方面,通过生成中间密钥并至少部分地基于公共/私人密钥对来保护中间密钥来创建用于存储卷的密钥保护器。 用于加密和解密用于加密存储卷的一个或多个卷加密密钥的卷主密钥可以以不同的方式加密,包括至少部分地基于中间密钥进行加密。 存储存储卷的密钥保护器,其包括加密的卷主密钥和指示如何获得中间密钥的信息。 随后,可以访问密钥保护器,并且至少部分地基于与密钥保护器相关联的实体的私钥,中间密钥可以被解密。 然后可以使用中间密钥来解密卷主密钥。
-
公开(公告)号:US08509449B2
公开(公告)日:2013-08-13
申请号:US12509255
申请日:2009-07-24
申请人: Octavian T. Ureche , Gaurav Sinha , Nils Dussart , Yi Liu , Vijay G. Bharadwaj , Niels T. Ferguson
发明人: Octavian T. Ureche , Gaurav Sinha , Nils Dussart , Yi Liu , Vijay G. Bharadwaj , Niels T. Ferguson
CPC分类号: H04L9/0822 , G06F21/602 , G06F21/62 , G06F21/78 , H04L9/0844 , H04L9/0894 , H04L9/14 , H04L2463/062
摘要: A key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key.
摘要翻译: 通过生成中间密钥并至少部分地基于公共/私人密钥对来保护中间密钥来创建用于存储卷的密钥保护器。 用于加密和解密用于加密存储卷的一个或多个卷加密密钥的卷主密钥可以以不同的方式加密,包括至少部分地基于中间密钥进行加密。 存储存储卷的密钥保护器,其包括加密的卷主密钥和指示如何获得中间密钥的信息。 随后,可以访问密钥保护器,并且至少部分地基于与密钥保护器相关联的实体的私钥,中间密钥可以被解密。 然后可以使用中间密钥来解密卷主密钥。
-
公开(公告)号:US08661534B2
公开(公告)日:2014-02-25
申请号:US11768596
申请日:2007-06-26
IPC分类号: H04L29/06
CPC分类号: G06F21/577
摘要: A security system is provided for use with computer systems. In various embodiments, the security system can analyze the state of security of one or more computer systems to determine whether the computer systems comply with expressed security policies and to remediate the computer systems so that they conform with the expressed security policies. In various embodiments, the security system can receive compliance documents, determine whether one or more computer systems comply with portions of security policies specified in the compliance documents, and take actions specified in the compliance documents to cause the computer systems to comply with the specified security policies. The security system may provide a common, unified programming interface that applications or tools can employ to verify or enforce security policies.
摘要翻译: 提供了一种用于计算机系统的安全系统。 在各种实施例中,安全系统可以分析一个或多个计算机系统的安全状态,以确定计算机系统是否符合所表达的安全策略并修复计算机系统,使得它们符合所表达的安全策略。 在各种实施例中,安全系统可以接收合规文件,确定一个或多个计算机系统是否符合合规文件中指定的安全策略的一部分,并采取合规文件中指定的措施,使计算机系统符合指定的安全性 政策。 安全系统可以提供一个通用的,统一的编程接口,应用程序或工具可以用来验证或执行安全策略。
-
公开(公告)号:US20090007264A1
公开(公告)日:2009-01-01
申请号:US11768596
申请日:2007-06-26
IPC分类号: G06F11/00
CPC分类号: G06F21/577
摘要: A security system is provided for use with computer systems. In various embodiments, the security system can analyze the state of security of one or more computer systems to determine whether the computer systems comply with expressed security policies and to remediate the computer systems so that they conform with the expressed security policies. In various embodiments, the security system can receive compliance documents, determine whether one or more computer systems comply with portions of security policies specified in the compliance documents, and take actions specified in the compliance documents to cause the computer systems to comply with the specified security policies. The security system may provide a common, unified programming interface that applications or tools can employ to verify or enforce security policies.
摘要翻译: 提供了一种用于计算机系统的安全系统。 在各种实施例中,安全系统可以分析一个或多个计算机系统的安全状态,以确定计算机系统是否符合所表达的安全策略并修复计算机系统,使得它们符合所表达的安全策略。 在各种实施例中,安全系统可以接收合规文件,确定一个或多个计算机系统是否符合合规文件中指定的安全策略的一部分,并采取合规文件中指定的措施,使计算机系统符合指定的安全性 政策。 安全系统可以提供一个通用的,统一的编程接口,应用程序或工具可以用来验证或执行安全策略。
-
-
-
-
-
-
-
-
-