公开(公告)号：US08510552B2

公开(公告)日：2013-08-13

申请号：US12756153

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

IPC分类号： H04L29/06 ,  H04L9/00 ,  H04L9/08

CPC分类号： G06F9/4406 ,  G06F9/4401 ,  G06F21/602 ,  H04L9/0816 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/12 ,  H04L9/30 ,  H04L9/3226 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.

摘要翻译： 本文公开了用于加密和密钥管理的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件，用相应的类加密密钥加密每个唯一文件加密密钥，并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密，使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密，以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法，使用来自解密密钥袋的加密密钥从加密文件检索数据，以及通过将检索到的数据与预期数据进行比较来验证密码。

公开(公告)号：US20110252234A1

公开(公告)日：2011-10-13

申请号：US12756153

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  John Andrew Wright ,  Vrajesh Rajesh Bhavsar ,  Lucia Elena Ballard ,  Michael Lambertus Hubertus Brouwer ,  Conrad Sauerwald ,  Mitchell David Adler ,  Eric Brandon Tamura ,  David Rahardja ,  Carsten Guenther

IPC分类号： G06F21/24 ,  H04L9/00

CPC分类号： G06F9/4406 ,  G06F9/4401 ,  G06F21/602 ,  H04L9/0816 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/12 ,  H04L9/30 ,  H04L9/3226 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.

摘要翻译： 本文公开了用于加密和密钥管理的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件，用相应的类加密密钥加密每个唯一文件加密密钥，并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统，方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密，使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密，以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法，使用来自解密密钥袋的加密密钥从加密文件检索数据，以及通过将检索到的数据与预期数据进行比较来验证密码。

公开(公告)号：US08412934B2

公开(公告)日：2013-04-02

申请号：US12756148

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Kenneth Buffalo McNeil ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Kenneth Buffalo McNeil ,  David Rahardja

IPC分类号： H04L29/06 ,  H04L9/00 ,  G06F7/04

CPC分类号： G06F11/1458 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.

摘要翻译： 本文公开了用于发起备份，备份加密数据和恢复备份的加密数据的系统，方法和非暂时的计算机可读存储介质。 用于发起备份的方法包括向具有加密文件系统的备份设备发送备份秘密，从备份设备接收基于备份秘密创建的备份故障单，并存储备份故障单。 用于备份加密数据的方法包括接收备份票据和备份秘密，检索包含保护类密钥的托管密钥袋，用备份凭证解密保护类密钥，生成包含新保护等级密钥的备份密钥袋，选择 一组加密文件进行备份，用相应的解密保护类密钥解密文件加密密钥，用新的保护类密钥重新加密文件加密密钥，并传送所选择的加密文件，备份密钥包和元数据。

公开(公告)号：US20110252233A1

公开(公告)日：2011-10-13

申请号：US12756148

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Kenneth Buffalo McNeil ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Kenneth Buffalo McNeil ,  David Rahardja

IPC分类号： H04L29/06 ,  G06F17/30

CPC分类号： G06F11/1458 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.

摘要翻译： 本文公开了用于发起备份，备份加密数据和恢复备份的加密数据的系统，方法和非暂时的计算机可读存储介质。 用于发起备份的方法包括向具有加密文件系统的备份设备发送备份秘密，从备份设备接收基于备份秘密创建的备份故障单，并存储备份故障单。 用于备份加密数据的方法包括接收备份票据和备份秘密，检索包含保护类密钥的托管密钥袋，用备份凭证解密保护类密钥，生成包含新保护等级密钥的备份密钥袋，选择 一组加密文件进行备份，用相应的解密保护类密钥解密文件加密密钥，用新的保护类密钥重新加密文件加密密钥，并传送所选择的加密文件，备份密钥包和元数据。

公开(公告)号：US20110252232A1

公开(公告)日：2011-10-13

申请号：US12756094

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

IPC分类号： G06F21/24

CPC分类号： G06F17/30117 ,  G06F21/575 ,  G06F21/6218 ,  G06F2221/2143

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

摘要翻译： 这里公开了用于擦除存储在文件系统中的用户数据的系统，方法和非暂时性的计算机可读存储介质。 该方法包括在具有每个文件和每个类基础上加密的文件系统的设备上破坏包含加密密钥的所有密钥袋，擦除和重建与用户数据相关联的文件系统的至少一部分，以及创建新的默认密钥袋， 加密密钥。 本文还公开了一种擦除存储在以每个文件和每个类为基础加密的远程文件系统中的用户数据的方法。 该方法包括向远程设备发送闭塞指令，这导致远程设备破坏包含远程设备上的加密密钥的所有密钥袋，擦除并重建与用户数据相关联的文件系统的至少一部分，并在远程设备上创建 一个包含加密密钥的新的默认密钥袋。

公开(公告)号：US08433901B2

公开(公告)日：2013-04-30

申请号：US12756094

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Tahoma Madrone Toelkes ,  Michael John Smith ,  Paul William Chinn ,  David Rahardja

IPC分类号： H04L29/06 ,  G06F11/30 ,  G06F7/04

CPC分类号： G06F17/30117 ,  G06F21/575 ,  G06F21/6218 ,  G06F2221/2143

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

摘要翻译： 这里公开了用于擦除存储在文件系统中的用户数据的系统，方法和非暂时的计算机可读存储介质。 该方法包括在具有每个文件和每个类基础上加密的文件系统的设备上破坏包含加密密钥的所有密钥袋，擦除和重建与用户数据相关联的文件系统的至少一部分，以及创建新的默认密钥袋， 加密密钥。 本文还公开了一种擦除存储在以每个文件和每个类为基础加密的远程文件系统中的用户数据的方法。 该方法包括向远程设备发送闭塞指令，这导致远程设备破坏包含远程设备上的加密密钥的所有密钥袋，擦除并重建与用户数据相关联的文件系统的至少一部分，并在远程设备上创建 一个包含加密密钥的新的默认密钥袋。

公开(公告)号：US20110252240A1

公开(公告)日：2011-10-13

申请号：US12756146

申请日：2010-04-07

申请人： Gordie Freedman ,  David Rahardja

发明人： Gordie Freedman ,  David Rahardja

IPC分类号： H04W12/06 ,  G06F21/20 ,  G06F15/177

CPC分类号： H04W12/08 ,  H04L63/02 ,  H04L63/0823 ,  H04W4/50 ,  H04W8/22 ,  H04W12/06

摘要： Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.

摘要翻译： 描述了使用管理简档中寻址的管理服务器将无线设备注册到企业服务中的方法和装置。 注册可以通过管理简档向管理服务器授予对无线设备的配置的控制。 响应于从管理服务器接收到通知，可以针对管理简档来验证通知的信任。 如果信任被验证，则可以与管理服务器建立网络会话。 可以通过管理简档中的证书来保护网络会话。 可以对通过安全网络会话接收的管理命令执行管理操作，以根据该控制向无线设备的用户透明地管理配置。

公开(公告)号：US20120311095A1

公开(公告)日：2012-12-06

申请号：US13225533

申请日：2011-09-05

申请人： David Rahardja ,  Hernan R. Eguiluz ,  Miguel S. Sanchez-Sandoval ,  Stan Jirman

发明人： David Rahardja ,  Hernan R. Eguiluz ,  Miguel S. Sanchez-Sandoval ,  Stan Jirman

IPC分类号： G06F15/16

CPC分类号： H04L63/08 ,  H04L63/108 ,  H04L67/2804 ,  H04L67/36 ,  H04W4/60

摘要： A device streams assets to network-based storage, and servers administering the network-based storage operate to notify other authorized devices that the assets are available to download, including initiating the download of assets automatically or in response to user input. With streaming enabled on their device, a user is able to make assets, such as digital photograph, video or other type of media file, data file, or other type of electronic content, available immediately to all of their other devices and to other users having permission to follow assets streamed by their device. Servers secure access to the stream of assets, on both an account level and an asset level in accordance with asset metadata registered for the assets during streaming.

摘要翻译： 设备将资源转移到基于网络的存储，并且管理基于网络的存储的服务器操作以通知其他授权设备资产可用于下载，包括自动启动资产下载或响应于用户输入。 通过在其设备上启用流式传输，用户能够制作资源，例如数字照片，视频或其他类型的媒体文件，数据文件或其他类型的电子内容，可以立即到达所有其他设备和其他用户 有权遵守其设备流传的资产。 服务器根据在流媒体资源中注册的资产元数据，在帐户级别和资产级别上安全地访问资产流。

公开(公告)号：US09118642B2

公开(公告)日：2015-08-25

申请号：US13225533

申请日：2011-09-05

申请人： David Rahardja ,  Hernan R. Eguiluz ,  Miguel S. Sanchez-Sandoval ,  Stan Jirman

发明人： David Rahardja ,  Hernan R. Eguiluz ,  Miguel S. Sanchez-Sandoval ,  Stan Jirman

IPC分类号： G06F15/16 ,  H04L29/06 ,  H04W4/00 ,  H04L29/08

CPC分类号： H04L63/08 ,  H04L63/108 ,  H04L67/2804 ,  H04L67/36 ,  H04W4/60

摘要： A device streams assets to network-based storage, and servers administering the network-based storage operate to notify other authorized devices that the assets are available to download, including initiating the download of assets automatically or in response to user input. With streaming enabled on their device, a user is able to make assets, such as digital photograph, video or other type of media file, data file, or other type of electronic content, available immediately to all of their other devices and to other users having permission to follow assets streamed by their device. Servers secure access to the stream of assets, on both an account level and an asset level in accordance with asset metadata registered for the assets during streaming.

摘要翻译： 设备将资源转移到基于网络的存储，并且管理基于网络的存储的服务器操作以通知其他授权设备资产可用于下载，包括自动启动资产下载或响应于用户输入。 通过在其设备上启用流式传输，用户能够制作资源，例如数字照片，视频或其他类型的媒体文件，数据文件或其他类型的电子内容，可以立即发送到所有其他设备和其他用户 有权遵守其设备流传的资产。 服务器根据在流媒体资源中注册的资产元数据，在帐户级别和资产级别上安全地访问资产流。

公开(公告)号：US08473743B2

公开(公告)日：2013-06-25

申请号：US12756146

申请日：2010-04-07

申请人： Gordie Freedman ,  David Rahardja

发明人： Gordie Freedman ,  David Rahardja

IPC分类号： H04L9/32

CPC分类号： H04W12/08 ,  H04L63/02 ,  H04L63/0823 ,  H04W4/50 ,  H04W8/22 ,  H04W12/06

摘要： Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.