-
公开(公告)号:US08510552B2
公开(公告)日:2013-08-13
申请号:US12756153
申请日:2010-04-07
申请人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, Jr. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
发明人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, Jr. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
CPC分类号: G06F9/4406 , G06F9/4401 , G06F21/602 , H04L9/0816 , H04L9/0891 , H04L9/0894 , H04L9/12 , H04L9/30 , H04L9/3226 , H04L2209/80 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.
摘要翻译: 本文公开了用于加密和密钥管理的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件,用相应的类加密密钥加密每个唯一文件加密密钥,并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密,使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密,以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法,使用来自解密密钥袋的加密密钥从加密文件检索数据,以及通过将检索到的数据与预期数据进行比较来验证密码。
-
公开(公告)号:US20110252234A1
公开(公告)日:2011-10-13
申请号:US12756153
申请日:2010-04-07
申请人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, JR. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
发明人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, JR. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
CPC分类号: G06F9/4406 , G06F9/4401 , G06F21/602 , H04L9/0816 , H04L9/0891 , H04L9/0894 , H04L9/12 , H04L9/30 , H04L9/3226 , H04L2209/80 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.
摘要翻译: 本文公开了用于加密和密钥管理的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件,用相应的类加密密钥加密每个唯一文件加密密钥,并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密,使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密,以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法,使用来自解密密钥袋的加密密钥从加密文件检索数据,以及通过将检索到的数据与预期数据进行比较来验证密码。
-
公开(公告)号:US08291480B2
公开(公告)日:2012-10-16
申请号:US11620699
申请日:2007-01-07
IPC分类号: G06F7/04
CPC分类号: G06F21/00 , G06F21/575
摘要: A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.
摘要翻译: 描述了一种用于配置存储在装置的安全存储区域(例如,ROM)中的密钥的方法和装置,包括根据预定条件启用和禁用密钥以执行代码图像之一的设备。 密钥可以唯一标识设备。 可以从满足预定条件的提供商加载代码图像以建立设备的操作环境的至少一个组件。 根据密钥的配置,验证码图像可以是可选的。 未经验证的代码图像的安全执行可能基于禁用该键的配置。
-
公开(公告)号:US08826405B2
公开(公告)日:2014-09-02
申请号:US13621183
申请日:2012-09-15
CPC分类号: G06F21/00 , G06F21/575
摘要: A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.
摘要翻译: 描述了一种用于配置存储在装置的安全存储区域(例如,ROM)中的密钥的方法和装置,包括根据预定条件启用和禁用密钥以执行代码图像之一的设备。 密钥可以唯一标识设备。 可以从满足预定条件的提供商加载代码图像以建立设备的操作环境的至少一个组件。 根据密钥的配置,验证码图像可以是可选的。 未经验证的代码图像的安全执行可能基于禁用该键的配置。
-
公开(公告)号:US08688967B2
公开(公告)日:2014-04-01
申请号:US13558249
申请日:2012-07-25
IPC分类号: H04L29/00
CPC分类号: G06F21/57 , G06F21/575 , G06F2221/2129
摘要: A method and an apparatus for executing codes embedded inside a device to verify a code image loaded in a memory of the device are described. A code image may be executed after being verified as a trusted code image. The embedded codes may be stored in a secure ROM (read only memory) chip of the device. In one embodiment, the verification of the code image is based on a key stored within the secure ROM chip. The key may be unique to each device. Access to the key may be controlled by the associated secure ROM chip. The device may complete establishing an operating environment subsequent to executing the verified code image.
摘要翻译: 描述用于执行嵌入在设备内的代码以验证加载在设备的存储器中的代码图像的方法和装置。 可以在验证为可信代码图像之后执行代码图像。 嵌入代码可以存储在设备的安全ROM(只读存储器)芯片中。 在一个实施例中,代码图像的验证基于存储在安全ROM芯片内的密钥。 每个设备的密钥可能是唯一的。 访问密钥可以由相关的安全ROM芯片来控制。 设备可以在执行验证的代码图像之后完成建立操作环境。
-
公开(公告)号:US20080168275A1
公开(公告)日:2008-07-10
申请号:US11620697
申请日:2007-01-07
申请人: Dallas Blake De Atley , Joshua de Cesare , Michael Smith , Matthew Reda , Shantonu Sen , John Andrew Wright
发明人: Dallas Blake De Atley , Joshua de Cesare , Michael Smith , Matthew Reda , Shantonu Sen , John Andrew Wright
CPC分类号: H04L9/302 , G06F11/1417 , G06F21/51 , G06F21/572 , G06F21/575 , G06F21/64 , H04L9/14 , H04L9/3239 , H04L9/3247 , H04L9/3249 , H04L63/06 , H04L63/08
摘要: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.
摘要翻译: 描述了通过通过通信链路验证从主机接收的代码图像来建立操作环境的方法和装置。 代码图像可以通过中央授权服务器进行数字签名。 代码图像的认证可以由嵌入在诸如便携式设备的ROM(只读存储器)的安全存储区域内的指纹基于公开密钥认证过程来确定。 可以向经认证的代码图像分配要存储在便携式设备的存储器中的散列签名。 可以在执行认证代码之后建立便携式设备的操作环境。
-
公开(公告)号:US20080165971A1
公开(公告)日:2008-07-10
申请号:US11620699
申请日:2007-01-07
IPC分类号: H04L9/00
CPC分类号: G06F21/00 , G06F21/575
摘要: A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.
摘要翻译: 描述了一种用于配置存储在装置的安全存储区域(例如,ROM)中的密钥的方法和装置,包括根据预定条件启用和禁用密钥以执行代码图像之一的设备。 密钥可以唯一标识设备。 可以从满足预定条件的提供商加载代码图像以建立设备的操作环境的至少一个组件。 根据密钥的配置,验证码图像可以是可选的。 未经验证的代码图像的安全执行可能基于禁用该键的配置。
-
公开(公告)号:US20080165952A1
公开(公告)日:2008-07-10
申请号:US11620689
申请日:2007-01-07
IPC分类号: H04L9/28 , G06F21/00 , H04L9/00 , G06F15/177
CPC分类号: G06F21/57 , G06F21/575 , G06F2221/2129
摘要: A method and an apparatus for executing codes embedded inside a device to verify a code image loaded in a memory of the device are described. A code image may be executed after being verified as a trusted code image. The embedded codes may be stored in a secure ROM (read only memory) chip of the device. In one embodiment, the verification of the code image is based on a key stored within the secure ROM chip. The key may be unique to each device. Access to the key may be controlled by the associated secure ROM chip. The device may complete establishing an operating environment subsequent to executing the verified code image.
摘要翻译: 描述用于执行嵌入在设备内的代码以验证加载在设备的存储器中的代码图像的方法和装置。 可以在验证为可信代码图像之后执行代码图像。 嵌入代码可以存储在设备的安全ROM(只读存储器)芯片中。 在一个实施例中,代码图像的验证基于存储在安全ROM芯片内的密钥。 每个设备的密钥可能是唯一的。 访问密钥可以由相关的安全ROM芯片来控制。 设备可以在执行验证的代码图像之后完成建立操作环境。
-
公开(公告)号:US20130081124A1
公开(公告)日:2013-03-28
申请号:US13621183
申请日:2012-09-15
IPC分类号: G06F21/00
CPC分类号: G06F21/00 , G06F21/575
摘要: A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.
摘要翻译: 描述了一种用于配置存储在装置的安全存储区域(例如,ROM)中的密钥的方法和装置,包括根据预定条件启用和禁用密钥以执行代码图像之一的设备。 密钥可以唯一标识设备。 可以从满足预定条件的提供商加载代码图像以建立设备的操作环境的至少一个组件。 根据密钥的配置,验证码图像可以是可选的。 未经验证的代码图像的安全执行可能基于禁用该键的配置。
-
公开(公告)号:US20130036298A1
公开(公告)日:2013-02-07
申请号:US13566969
申请日:2012-08-03
申请人: Dallas Blake De Atley , Joshua de Cesare , Michael Smith , Matthew Reda , Shantonu Sen , John Andrew Wright
发明人: Dallas Blake De Atley , Joshua de Cesare , Michael Smith , Matthew Reda , Shantonu Sen , John Andrew Wright
IPC分类号: H04L9/32 , G06F21/00 , G06F15/177
CPC分类号: H04L9/302 , G06F11/1417 , G06F21/51 , G06F21/572 , G06F21/575 , G06F21/64 , H04L9/14 , H04L9/3239 , H04L9/3247 , H04L9/3249 , H04L63/06 , H04L63/08
摘要: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.
摘要翻译: 描述了通过通过通信链路验证从主机接收的代码图像来建立操作环境的方法和装置。 代码图像可以通过中央授权服务器进行数字签名。 代码图像的认证可以由嵌入在诸如便携式设备的ROM(只读存储器)的安全存储区域内的指纹基于公开密钥认证过程来确定。 可以向经认证的代码图像分配要存储在便携式设备的存储器中的散列签名。 可以在执行认证代码之后建立便携式设备的操作环境。
-
-
-
-
-
-
-
-
-