-
公开(公告)号:US08886963B2
公开(公告)日:2014-11-11
申请号:US13233090
申请日:2011-09-15
CPC分类号: G06F21/6218
摘要: Systems and methods are disclosed for secure relocation of encrypted files for a system having non-volatile memory (“NVM”). A system can include an encryption module that is configured to use a temporary encryption seed (e.g., a randomly generated key and a corresponding initialization vector) to decrypt and encrypt data files in an NVM. These data files may have originally been encrypted with different encryption seeds. Using such an approach, data files can be securely relocated even if the system does not have access to the original encryption seeds. In addition, the temporary encryption seed allows the system to bypass a default key scheme.
摘要翻译: 公开了用于具有非易失性存储器(“NVM”)的系统的加密文件的安全重定位的系统和方法。 系统可以包括被配置为使用临时加密种子(例如,随机生成的密钥和相应的初始化向量)来加密NVM中的数据文件的加密模块。 这些数据文件最初可能用不同的加密种子加密。 使用这种方法,即使系统无法访问原始加密种子,也可以安全地重新定位数据文件。 此外,临时加密种子允许系统绕过默认密钥方案。
-
公开(公告)号:US20130073870A1
公开(公告)日:2013-03-21
申请号:US13233090
申请日:2011-09-15
IPC分类号: G06F12/14
CPC分类号: G06F21/6218
摘要: Systems and methods are disclosed for secure relocation of encrypted files for a system having non-volatile memory (“NVM”). A system can include an encryption module that is configured to use a temporary encryption seed (e.g., a randomly generated key and a corresponding initialization vector) to decrypt and encrypt data files in an NVM. These data files may have originally been encrypted with different encryption seeds. Using such an approach, data files can be securely relocated even if the system does not have access to the original encryption seeds. In addition, the temporary encryption seed allows the system to bypass a default key scheme.
摘要翻译: 公开了用于具有非易失性存储器(NVM)的系统的加密文件的安全重定位的系统和方法。 系统可以包括被配置为使用临时加密种子(例如,随机生成的密钥和相应的初始化向量)来加密NVM中的数据文件的加密模块。 这些数据文件最初可能用不同的加密种子加密。 使用这种方法,即使系统无法访问原始加密种子,也可以安全地重新定位数据文件。 此外,临时加密种子允许系统绕过默认密钥方案。
-
公开(公告)号:US20130034229A1
公开(公告)日:2013-02-07
申请号:US13204171
申请日:2011-08-05
申请人: Conrad Sauerwald , Vrajesh Rajesh Bhavsar , Kenneth Buffalo McNeil , Thomas Brogan Duffy, JR. , Michael Lambertus Hubertus Brouwer , Matthew John Byom , Mitchell David Adler , Eric Brandon Tamura
发明人: Conrad Sauerwald , Vrajesh Rajesh Bhavsar , Kenneth Buffalo McNeil , Thomas Brogan Duffy, JR. , Michael Lambertus Hubertus Brouwer , Matthew John Byom , Mitchell David Adler , Eric Brandon Tamura
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , G06F11/1458 , G06F11/1464 , H04L9/0637 , H04L9/0822 , H04L9/0825 , H04L9/0863 , H04L9/0894 , H04L63/0435 , H04L63/061 , H04L2463/062 , H04W12/04 , H04W12/08
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.
摘要翻译: 这里公开的是用于在主设备和备用设备上利用密码密钥管理的无线数据保护的系统,方法和非暂时的计算机可读存储介质。 系统使用文件密钥加密文件,并对文件密钥进行两次加密,从而产生两个加密的文件密钥。 该系统对每个文件密钥进行不同的加密,并将第一个文件密钥存储在主设备上,并将加密的文件密钥之一加到备份设备上以进行存储。 在备份设备上,系统将加密的文件密钥与受用户密码保护的一组备份密钥相关联。 在一个实施例中,系统基于文件密钥生成用于加密操作的初始化向量。 在另一个实施例中,系统在用户密码改变期间管理备份设备上的密码密钥。
-
公开(公告)号:US08510552B2
公开(公告)日:2013-08-13
申请号:US12756153
申请日:2010-04-07
申请人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, Jr. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
发明人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, Jr. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
CPC分类号: G06F9/4406 , G06F9/4401 , G06F21/602 , H04L9/0816 , H04L9/0891 , H04L9/0894 , H04L9/12 , H04L9/30 , H04L9/3226 , H04L2209/80 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.
摘要翻译: 本文公开了用于加密和密钥管理的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件,用相应的类加密密钥加密每个唯一文件加密密钥,并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密,使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密,以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法,使用来自解密密钥袋的加密密钥从加密文件检索数据,以及通过将检索到的数据与预期数据进行比较来验证密码。
-
公开(公告)号:US20110252234A1
公开(公告)日:2011-10-13
申请号:US12756153
申请日:2010-04-07
申请人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, JR. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
发明人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, JR. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
CPC分类号: G06F9/4406 , G06F9/4401 , G06F21/602 , H04L9/0816 , H04L9/0891 , H04L9/0894 , H04L9/12 , H04L9/30 , H04L9/3226 , H04L2209/80 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.
摘要翻译: 本文公开了用于加密和密钥管理的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件,用相应的类加密密钥加密每个唯一文件加密密钥,并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密,使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密,以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法,使用来自解密密钥袋的加密密钥从加密文件检索数据,以及通过将检索到的数据与预期数据进行比较来验证密码。
-
6.发明授权公开(公告)号:US09667713B2
公开(公告)日:2017-05-30
申请号:US13410232
申请日:2012-03-01
申请人: Andrew H. Vyrros , Justin N. Wood , Mitch Adler , Joe S. Abuan , Conrad Sauerwald , Hyeonkuk Jeong , Roberto Garcia
发明人: Andrew H. Vyrros , Justin N. Wood , Mitch Adler , Joe S. Abuan , Conrad Sauerwald , Hyeonkuk Jeong , Roberto Garcia
IPC分类号: G06F15/173 , H04L29/08 , A63F13/71 , A63F13/34 , A63F13/335 , H04L12/741 , H04L29/12
CPC分类号: H04L67/104 , A63F13/335 , A63F13/34 , A63F13/71 , A63F2300/407 , A63F2300/408 , A63F2300/532 , A63F2300/5546 , A63F2300/5566 , A63F2300/5573 , H04L29/12509 , H04L45/745 , H04L61/2567 , H04L67/04 , H04L67/141 , H04L67/26
摘要: In one embodiment of the invention, service providers generate bloom filters with the user ID codes of registered users and exchange the bloom filters with one another. In response to a request to locate a first user, a first service provider will query its own registration database to determine if the first user is registered with the first service provider. If the first user is not registered with the first service provider, then the first service provider will query its bloom filters to identify other service providers with which the first user may be registered. A positive response from a bloom filter indicates that the first user may or may not be registered with the service provider associated with that bloom filter, and a negative response indicates with certainty that the first user is not registered with the service provider associated with that bloom filter.
-
7.发明授权公开(公告)号:US08681976B2
公开(公告)日:2014-03-25
申请号:US13106268
申请日:2011-05-12
申请人: Conrad Sauerwald , Joseph P. Bratt , Joshua Phillips de Cesare , Timothy John Millet , Weihua Mao
发明人: Conrad Sauerwald , Joseph P. Bratt , Joshua Phillips de Cesare , Timothy John Millet , Weihua Mao
IPC分类号: H04L29/06
CPC分类号: H04L9/0863 , H04L9/0866
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating a device dependent cryptographic key in a rate-limited way. A system configured to practice the method first receives data associated with a user. The data associated with the user can be a password, a personal identification number (PIN), or a hash of the password. Then the system performs a first encryption operation on the user data based on a device-specific value to yield first intermediate data and performs a second encryption operation on the first intermediate data based on the device-specific value to yield second intermediate data. Then the system iteratively repeats the second encryption operation until a threshold is met, wherein each second encryption operation is performed on the second intermediate data from a previous second encryption operation. The iterations produce a final cryptographic key which the system can then output or use for a cryptographic operation.
摘要翻译: 本文公开了用于以速率限制的方式生成依赖于设备的加密密钥的系统,方法和非暂时的计算机可读存储介质。 被配置为练习该方法的系统首先接收与用户相关联的数据。 与用户相关联的数据可以是密码,个人识别码(PIN)或密码的散列。 然后,系统基于设备特定值对用户数据执行第一加密操作,以产生第一中间数据,并且基于设备特定值对第一中间数据执行第二加密操作以产生第二中间数据。 然后,系统迭代地重复第二加密操作,直到满足阈值,其中从先前的第二加密操作对第二中间数据执行每个第二加密操作。 迭代产生最终的加密密钥,系统然后可以输出或用于加密操作。
-
公开(公告)号:US08208900B2
公开(公告)日:2012-06-26
申请号:US12347647
申请日:2008-12-31
申请人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
发明人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
IPC分类号: H04M1/66
CPC分类号: H04W8/18 , H04L63/0272 , H04L63/0823 , H04L63/083 , H04L63/20
摘要: A method for configuring a device includes receiving a first configuration profile comprising a first configuration and a first certificate and a second certificate, verifying the first configuration profile with the first certificate, receiving a user input indicating to accept the first configuration profile, configuring the device according to the first configuration, receiving a second configuration profile comprising a second configuration, verifying the second configuration profile with the second certificate and updating the device according to the second configuration, wherein the user is unaware of the updating.
摘要翻译: 一种用于配置设备的方法包括接收包括第一配置和第一证书和第二证书的第一配置简档,用第一证书验证第一配置简档,接收指示接受第一配置简档的用户输入,配置设备 根据第一配置,接收包括第二配置的第二配置简档,使用第二证书验证第二配置简档并根据第二配置更新设备,其中用户不知道更新。
-
公开(公告)号:US20090228986A1
公开(公告)日:2009-09-10
申请号:US12347691
申请日:2008-12-31
IPC分类号: G06F21/00
CPC分类号: G06F21/10 , G06F21/33 , G06F21/57 , G06F2211/009
摘要: A machine implemented method includes storing a first data representing a prior exception to a first trust failure (e.g., expired certificate). The prior exception may be stored as part of establishing a first communication with a data processing system (e.g., a handheld device). The first communication may not be trustworthy. The method may determine, as part of establishing a second communication with the data processing system, that a second trust failure has occurred. The second trust failure (e.g., revoked certificate) indicates that the second communication may not be trustworthy. The method may determine whether the prior exception applies to the second trust failure. If the prior exception does not apply, the data processing system determines, automatically, whether to create a new exception for the second trust failure.
摘要翻译: 机器实现的方法包括将表示先前异常的第一数据存储到第一信任失败(例如,过期证书)。 可以将先前的例外存储为与数据处理系统(例如,手持设备)建立第一通信的一部分。 第一个通信可能不值得信赖。 作为与数据处理系统建立第二通信的一部分,该方法可以确定发生了第二信任故障。 第二信任失败(例如撤销的证书)指示第二通信可能不可信。 该方法可以确定先前的异常是否适用于第二信任失败。 如果先前的异常不适用,则数据处理系统自动确定是否为第二个信任失败创建新的异常。
-
10.发明申请公开(公告)号:US20120288089A1
公开(公告)日:2012-11-15
申请号:US13106268
申请日:2011-05-12
申请人: Conrad Sauerwald , Joseph P. Bratt , Joshua Phillips de Cesare , Timothy John Millet , Weihua Mao
发明人: Conrad Sauerwald , Joseph P. Bratt , Joshua Phillips de Cesare , Timothy John Millet , Weihua Mao
IPC分类号: H04L9/06
CPC分类号: H04L9/0863 , H04L9/0866
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for generating a device dependent cryptographic key in a rate-limited way. A system configured to practice the method first receives data associated with a user. The data associated with the user can be a password, a personal identification number (PIN), or a hash of the password. Then the system performs a first encryption operation on the user data based on a device-specific value to yield first intermediate data and performs a second encryption operation on the first intermediate data based on the device-specific value to yield second intermediate data. Then the system iteratively repeats the second encryption operation until a threshold is met, wherein each second encryption operation is performed on the second intermediate data from a previous second encryption operation. The iterations produce a final cryptographic key which the system can then output or use for a cryptographic operation.
摘要翻译: 本文公开了用于以速率限制的方式生成依赖于设备的加密密钥的系统,方法和非暂时的计算机可读存储介质。 被配置为练习该方法的系统首先接收与用户相关联的数据。 与用户相关联的数据可以是密码,个人识别码(PIN)或密码的散列。 然后,系统基于设备特定值对用户数据执行第一加密操作,以产生第一中间数据,并且基于设备特定值对第一中间数据执行第二加密操作以产生第二中间数据。 然后,系统迭代地重复第二加密操作,直到满足阈值,其中从先前的第二加密操作对第二中间数据执行每个第二加密操作。 迭代产生最终的加密密钥,系统然后可以输出或用于加密操作。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.03 秒)
