公开(公告)号：US20110252236A1

公开(公告)日：2011-10-13

申请号：US12756123

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Paul Andrew Seligman

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Paul Andrew Seligman

IPC分类号： H04L9/32

CPC分类号： H04L9/0822 ,  G06F11/1464 ,  G06F11/1469 ,  G06F17/30174 ,  G06F21/6218 ,  G06F2221/2107 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating data synchronization between devices. The method includes sending a host identifier and pairing record to a second device having a file system encrypted on a per file and on a per class basis for a set of classes, receiving from the second device a sync ticket containing encryption keys for the set of classes, and storing the sync ticket. Also disclosed is a method for synchronizing encrypted data between devices. This method includes receiving, at a first device having a file system encrypted on a per file and on a per class basis, a sync ticket containing encryption keys from a second device, retrieving an escrow key bag containing protection class keys, decrypting protection class keys based on the sync ticket, and synchronizing data with the second device based on the decrypted protection class keys.

摘要翻译： 这里公开了用于启动设备之间的数据同步的系统，方法和非暂时的计算机可读存储介质。 该方法包括将主机标识符和配对记录发送到具有在每个文件上加密的文件系统的第二设备以及针对一组类别的每个类的基础，从第二设备接收包含用于该组的加密密钥的同步票据 课程，并存储同步票。 还公开了一种用于在设备之间同步加密数据的方法。 该方法包括在具有在每个文件上加密的文件系统的第一设备和基于每个类的基础上接收包含来自第二设备的加密密钥的同步票据，检索包含保护类密钥的托管密钥袋，解密保护等级密钥 基于同步票据，并且基于解密的保护等级密钥与第二设备同步数据。

公开(公告)号：US08589680B2

公开(公告)日：2013-11-19

申请号：US12756123

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Paul Andrew Seligman

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Paul Andrew Seligman

IPC分类号： H04L9/00 ,  G06F21/00

CPC分类号： H04L9/0822 ,  G06F11/1464 ,  G06F11/1469 ,  G06F17/30174 ,  G06F21/6218 ,  G06F2221/2107 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating data synchronization between devices. The method includes sending a host identifier and pairing record to a second device having a file system encrypted on a per file and on a per class basis for a set of classes, receiving from the second device a sync ticket containing encryption keys for the set of classes, and storing the sync ticket. Also disclosed is a method for synchronizing encrypted data between devices. This method includes receiving, at a first device having a file system encrypted on a per file and on a per class basis, a sync ticket containing encryption keys from a second device, retrieving an escrow key bag containing protection class keys, decrypting protection class keys based on the sync ticket, and synchronizing data with the second device based on the decrypted protection class keys.

摘要翻译： 这里公开了用于启动设备之间的数据同步的系统，方法和非暂时的计算机可读存储介质。 该方法包括将主机标识符和配对记录发送到具有在每个文件上加密的文件系统的第二设备以及针对一组类别的每个类的基础，从第二设备接收包含用于该组的加密密钥的同步票据 课程，并存储同步票。 还公开了一种用于在设备之间同步加密数据的方法。 该方法包括在具有在每个文件上加密的文件系统的第一设备和基于每个类的基础上接收包含来自第二设备的加密密钥的同步票据，检索包含保护类密钥的托管密钥袋，解密保护等级密钥 基于同步票据，并且基于解密的保护等级密钥与第二设备同步数据。

公开(公告)号：US20110252232A1

公开(公告)日：2011-10-13

申请号：US12756094

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

IPC分类号： G06F21/24

CPC分类号： G06F17/30117 ,  G06F21/575 ,  G06F21/6218 ,  G06F2221/2143

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

摘要翻译： 这里公开了用于擦除存储在文件系统中的用户数据的系统，方法和非暂时性的计算机可读存储介质。 该方法包括在具有每个文件和每个类基础上加密的文件系统的设备上破坏包含加密密钥的所有密钥袋，擦除和重建与用户数据相关联的文件系统的至少一部分，以及创建新的默认密钥袋， 加密密钥。 本文还公开了一种擦除存储在以每个文件和每个类为基础加密的远程文件系统中的用户数据的方法。 该方法包括向远程设备发送闭塞指令，这导致远程设备破坏包含远程设备上的加密密钥的所有密钥袋，擦除并重建与用户数据相关联的文件系统的至少一部分，并在远程设备上创建 一个包含加密密钥的新的默认密钥袋。

公开(公告)号：US08412934B2

公开(公告)日：2013-04-02

申请号：US12756148

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Kenneth Buffalo McNeil ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Kenneth Buffalo McNeil ,  David Rahardja

IPC分类号： H04L29/06 ,  H04L9/00 ,  G06F7/04

CPC分类号： G06F11/1458 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.

摘要翻译： 本文公开了用于发起备份，备份加密数据和恢复备份的加密数据的系统，方法和非暂时的计算机可读存储介质。 用于发起备份的方法包括向具有加密文件系统的备份设备发送备份秘密，从备份设备接收基于备份秘密创建的备份故障单，并存储备份故障单。 用于备份加密数据的方法包括接收备份票据和备份秘密，检索包含保护类密钥的托管密钥袋，用备份凭证解密保护类密钥，生成包含新保护等级密钥的备份密钥袋，选择 一组加密文件进行备份，用相应的解密保护类密钥解密文件加密密钥，用新的保护类密钥重新加密文件加密密钥，并传送所选择的加密文件，备份密钥包和元数据。

公开(公告)号：US20110252233A1

公开(公告)日：2011-10-13

申请号：US12756148

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Kenneth Buffalo McNeil ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Kenneth Buffalo McNeil ,  David Rahardja

IPC分类号： H04L29/06 ,  G06F17/30

CPC分类号： G06F11/1458 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.

摘要翻译： 本文公开了用于发起备份，备份加密数据和恢复备份的加密数据的系统，方法和非暂时的计算机可读存储介质。 用于发起备份的方法包括向具有加密文件系统的备份设备发送备份秘密，从备份设备接收基于备份秘密创建的备份故障单，并存储备份故障单。 用于备份加密数据的方法包括接收备份票据和备份秘密，检索包含保护类密钥的托管密钥袋，用备份凭证解密保护类密钥，生成包含新保护等级密钥的备份密钥袋，选择 一组加密文件进行备份，用相应的解密保护类密钥解密文件加密密钥，用新的保护类密钥重新加密文件加密密钥，并传送所选择的加密文件，备份密钥包和元数据。

公开(公告)号：US08510552B2

公开(公告)日：2013-08-13

申请号：US12756153

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

IPC分类号： H04L29/06 ,  H04L9/00 ,  H04L9/08

CPC分类号： G06F9/4406 ,  G06F9/4401 ,  G06F21/602 ,  H04L9/0816 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/12 ,  H04L9/30 ,  H04L9/3226 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.

摘要翻译： 本文公开了用于加密和密钥管理的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件，用相应的类加密密钥加密每个唯一文件加密密钥，并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密，使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密，以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法，使用来自解密密钥袋的加密密钥从加密文件检索数据，以及通过将检索到的数据与预期数据进行比较来验证密码。

公开(公告)号：US20110252234A1

公开(公告)日：2011-10-13

申请号：US12756153

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

IPC分类号： G06F21/24 ,  H04L9/00

CPC分类号： G06F9/4406 ,  G06F9/4401 ,  G06F21/602 ,  H04L9/0816 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/12 ,  H04L9/30 ,  H04L9/3226 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.

摘要翻译： 本文公开了用于加密和密钥管理的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件，用相应的类加密密钥加密每个唯一文件加密密钥，并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密，使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密，以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法，使用来自解密密钥袋的加密密钥从加密文件检索数据，以及通过将检索到的数据与预期数据进行比较来验证密码。

公开(公告)号：US08433901B2

公开(公告)日：2013-04-30

申请号：US12756094

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

IPC分类号： H04L29/06 ,  G06F11/30 ,  G06F7/04

CPC分类号： G06F17/30117 ,  G06F21/575 ,  G06F21/6218 ,  G06F2221/2143

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

摘要翻译： 这里公开了用于擦除存储在文件系统中的用户数据的系统，方法和非暂时的计算机可读存储介质。 该方法包括在具有每个文件和每个类基础上加密的文件系统的设备上破坏包含加密密钥的所有密钥袋，擦除和重建与用户数据相关联的文件系统的至少一部分，以及创建新的默认密钥袋， 加密密钥。 本文还公开了一种擦除存储在以每个文件和每个类为基础加密的远程文件系统中的用户数据的方法。 该方法包括向远程设备发送闭塞指令，这导致远程设备破坏包含远程设备上的加密密钥的所有密钥袋，擦除并重建与用户数据相关联的文件系统的至少一部分，并在远程设备上创建 一个包含加密密钥的新的默认密钥袋。

公开(公告)号：US20090227274A1

公开(公告)日：2009-09-10

申请号：US12347647

申请日：2008-12-31

申请人： MITCHELL D. ADLER ,  Curtis C. Galloway ,  Christophe Allie ,  Conrad Sauerwald ,  Dallas Blake De Atley ,  Dieter Siegmund ,  Matthew Reda ,  Michael Lambertus Hubertus Brouwer ,  Roberto G. Yepez ,  Stan Jirman ,  Nitin Ganatra

发明人： MITCHELL D. ADLER ,  Curtis C. Galloway ,  Christophe Allie ,  Conrad Sauerwald ,  Dallas Blake De Atley ,  Dieter Siegmund ,  Matthew Reda ,  Michael Lambertus Hubertus Brouwer ,  Roberto G. Yepez ,  Stan Jirman ,  Nitin Ganatra

IPC分类号： H04B7/00 ,  H04W4/00

CPC分类号： H04W8/18 ,  H04L63/0272 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/20

摘要： A method for configuring a device includes receiving a first configuration profile comprising a first configuration and a first certificate and a second certificate, verifying the first configuration profile with the first certificate, receiving a user input indicating to accept the first configuration profile, configuring the device according to the first configuration, receiving a second configuration profile comprising a second configuration, verifying the second configuration profile with the second certificate and updating the device according to the second configuration, wherein the user is unaware of the updating.

摘要翻译： 一种用于配置设备的方法包括接收包括第一配置和第一证书和第二证书的第一配置简档，用第一证书验证第一配置简档，接收指示接受第一配置简档的用户输入，配置设备 根据第一配置，接收包括第二配置的第二配置简档，使用第二证书验证第二配置简档并根据第二配置更新设备，其中用户不知道更新。

公开(公告)号：US20130035065A1

公开(公告)日：2013-02-07

申请号：US13528200

申请日：2012-06-20

申请人： Mitchell D. Adler ,  Curtis C. Galloway ,  Christophe Allie ,  Conrad Sauerwald ,  Dallas Blake De Atley ,  Dieter Siegmund ,  Matthew Reda ,  Michael Lambertus Hubertus Brouwer ,  Roberto G. Yépez ,  Stan Jirman ,  Nitin Ganatra

发明人： Mitchell D. Adler ,  Curtis C. Galloway ,  Christophe Allie ,  Conrad Sauerwald ,  Dallas Blake De Atley ,  Dieter Siegmund ,  Matthew Reda ,  Michael Lambertus Hubertus Brouwer ,  Roberto G. Yépez ,  Stan Jirman ,  Nitin Ganatra

IPC分类号： H04W12/06

CPC分类号： H04W8/18 ,  H04L63/0272 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/20

摘要： A method for configuring a device includes receiving a first configuration profile comprising a first configuration and a first certificate and a second certificate, verifying the first configuration profile with the first certificate, receiving a user input indicating to accept the first configuration profile, configuring the device according to the first configuration, receiving a second configuration profile comprising a second configuration, verifying the second configuration profile with the second certificate and updating the device according to the second configuration, wherein the user is unaware of the updating.