-
公开(公告)号:US20140164792A1
公开(公告)日:2014-06-12
申请号:US14178598
申请日:2014-02-12
Applicant: CITRIX SYSTEMS, INC.
Inventor: Joseph Harry Nord , Timothy Gaylor , Benjamin Elliot Tucker
IPC: H04L9/14
CPC classification number: G06F21/79 , G06F3/0623 , G06F3/0664 , G06F21/602 , G06F21/78 , G06F21/80 , G06F2221/2107 , H04L9/0822 , H04L9/0861 , H04L9/0886 , H04L9/0894 , H04L9/14 , H04L9/3234 , H04L63/0428
Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.
Abstract translation: 保护加密的虚拟硬盘可能包括各种进程。 在一个示例中,为用户创建虚拟硬盘,并使用卷密钥进行加密,并将卷密钥放置在管理员头文件中。 可以使用保护密钥来加密管理员头部,从与用户对应的用户标识符创建的保护密钥,对应于虚拟硬盘的卷标识符以及两个密码秘密。 然后,在加密管理员头文件后,保护密钥可能会被破坏,因此可能永远不会离开加密引擎。 两个加密秘密可以存储在单独的存储位置,一个可访问用户,另一个可访问的管理员。 因此,保护密钥可能永远不会被传输或被拦截,并且没有一个实体可能被泄露以获得对重新创建保护密钥所需的所有信息的访问。
-
公开(公告)号:US09166787B2
公开(公告)日:2015-10-20
申请号:US14178598
申请日:2014-02-12
Applicant: Citrix Systems, Inc.
Inventor: Joseph Harry Nord , Timothy Gaylor , Benjamin Elliot Tucker
CPC classification number: G06F21/79 , G06F3/0623 , G06F3/0664 , G06F21/602 , G06F21/78 , G06F21/80 , G06F2221/2107 , H04L9/0822 , H04L9/0861 , H04L9/0886 , H04L9/0894 , H04L9/14 , H04L9/3234 , H04L63/0428
Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.
Abstract translation: 保护加密的虚拟硬盘可能包括各种进程。 在一个示例中,为用户创建虚拟硬盘,并使用卷密钥进行加密,并将卷密钥放置在管理员头文件中。 可以使用保护密钥来加密管理员头部,从与用户对应的用户标识符创建的保护密钥,对应于虚拟硬盘的卷标识符以及两个密码秘密。 然后,在加密管理员头文件后,保护密钥可能会被破坏,因此可能永远不会离开加密引擎。 两个加密秘密可以存储在单独的存储位置,一个可访问用户,另一个可访问的管理员。 因此,保护密钥可能永远不会被传输或被拦截,并且没有一个实体可能被泄露以获得对重新创建保护密钥所需的所有信息的访问。
-
Search Results
2
records
(took 0.011 seconds)
