-
公开(公告)号:US08510552B2
公开(公告)日:2013-08-13
申请号:US12756153
申请日:2010-04-07
申请人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, Jr. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
发明人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, Jr. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
CPC分类号: G06F9/4406 , G06F9/4401 , G06F21/602 , H04L9/0816 , H04L9/0891 , H04L9/0894 , H04L9/12 , H04L9/30 , H04L9/3226 , H04L2209/80 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.
摘要翻译: 本文公开了用于加密和密钥管理的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件,用相应的类加密密钥加密每个唯一文件加密密钥,并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密,使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密,以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法,使用来自解密密钥袋的加密密钥从加密文件检索数据,以及通过将检索到的数据与预期数据进行比较来验证密码。
-
公开(公告)号:US20110252234A1
公开(公告)日:2011-10-13
申请号:US12756153
申请日:2010-04-07
申请人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, JR. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
发明人: Dallas Blake De Atley , Gordon Freedman , Thomas Brogan Duffy, JR. , John Andrew Wright , Vrajesh Rajesh Bhavsar , Lucia Elena Ballard , Michael Lambertus Hubertus Brouwer , Conrad Sauerwald , Mitchell David Adler , Eric Brandon Tamura , David Rahardja , Carsten Guenther
CPC分类号: G06F9/4406 , G06F9/4401 , G06F21/602 , H04L9/0816 , H04L9/0891 , H04L9/0894 , H04L9/12 , H04L9/30 , H04L9/3226 , H04L2209/80 , H04W12/02 , H04W12/04 , H04W12/06
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.
摘要翻译: 本文公开了用于加密和密钥管理的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件,用相应的类加密密钥加密每个唯一文件加密密钥,并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密,使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密,以及用附加加密密钥加密每个类加密密钥。 还公开了一种通过解密密钥袋来验证密码的方法,使用来自解密密钥袋的加密密钥从加密文件检索数据,以及通过将检索到的数据与预期数据进行比较来验证密码。
-
公开(公告)号:US20130034229A1
公开(公告)日:2013-02-07
申请号:US13204171
申请日:2011-08-05
申请人: Conrad Sauerwald , Vrajesh Rajesh Bhavsar , Kenneth Buffalo McNeil , Thomas Brogan Duffy, JR. , Michael Lambertus Hubertus Brouwer , Matthew John Byom , Mitchell David Adler , Eric Brandon Tamura
发明人: Conrad Sauerwald , Vrajesh Rajesh Bhavsar , Kenneth Buffalo McNeil , Thomas Brogan Duffy, JR. , Michael Lambertus Hubertus Brouwer , Matthew John Byom , Mitchell David Adler , Eric Brandon Tamura
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , G06F11/1458 , G06F11/1464 , H04L9/0637 , H04L9/0822 , H04L9/0825 , H04L9/0863 , H04L9/0894 , H04L63/0435 , H04L63/061 , H04L2463/062 , H04W12/04 , H04W12/08
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.
摘要翻译: 这里公开的是用于在主设备和备用设备上利用密码密钥管理的无线数据保护的系统,方法和非暂时的计算机可读存储介质。 系统使用文件密钥加密文件,并对文件密钥进行两次加密,从而产生两个加密的文件密钥。 该系统对每个文件密钥进行不同的加密,并将第一个文件密钥存储在主设备上,并将加密的文件密钥之一加到备份设备上以进行存储。 在备份设备上,系统将加密的文件密钥与受用户密码保护的一组备份密钥相关联。 在一个实施例中,系统基于文件密钥生成用于加密操作的初始化向量。 在另一个实施例中,系统在用户密码改变期间管理备份设备上的密码密钥。
-
公开(公告)号:US20090227274A1
公开(公告)日:2009-09-10
申请号:US12347647
申请日:2008-12-31
申请人: MITCHELL D. ADLER , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yepez , Stan Jirman , Nitin Ganatra
发明人: MITCHELL D. ADLER , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yepez , Stan Jirman , Nitin Ganatra
CPC分类号: H04W8/18 , H04L63/0272 , H04L63/0823 , H04L63/083 , H04L63/20
摘要: A method for configuring a device includes receiving a first configuration profile comprising a first configuration and a first certificate and a second certificate, verifying the first configuration profile with the first certificate, receiving a user input indicating to accept the first configuration profile, configuring the device according to the first configuration, receiving a second configuration profile comprising a second configuration, verifying the second configuration profile with the second certificate and updating the device according to the second configuration, wherein the user is unaware of the updating.
摘要翻译: 一种用于配置设备的方法包括接收包括第一配置和第一证书和第二证书的第一配置简档,用第一证书验证第一配置简档,接收指示接受第一配置简档的用户输入,配置设备 根据第一配置,接收包括第二配置的第二配置简档,使用第二证书验证第二配置简档并根据第二配置更新设备,其中用户不知道更新。
-
公开(公告)号:US08208900B2
公开(公告)日:2012-06-26
申请号:US12347647
申请日:2008-12-31
申请人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
发明人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
IPC分类号: H04M1/66
CPC分类号: H04W8/18 , H04L63/0272 , H04L63/0823 , H04L63/083 , H04L63/20
摘要: A method for configuring a device includes receiving a first configuration profile comprising a first configuration and a first certificate and a second certificate, verifying the first configuration profile with the first certificate, receiving a user input indicating to accept the first configuration profile, configuring the device according to the first configuration, receiving a second configuration profile comprising a second configuration, verifying the second configuration profile with the second certificate and updating the device according to the second configuration, wherein the user is unaware of the updating.
摘要翻译: 一种用于配置设备的方法包括接收包括第一配置和第一证书和第二证书的第一配置简档,用第一证书验证第一配置简档,接收指示接受第一配置简档的用户输入,配置设备 根据第一配置,接收包括第二配置的第二配置简档,使用第二证书验证第二配置简档并根据第二配置更新设备,其中用户不知道更新。
-
公开(公告)号:US20130035065A1
公开(公告)日:2013-02-07
申请号:US13528200
申请日:2012-06-20
申请人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
发明人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
IPC分类号: H04W12/06
CPC分类号: H04W8/18 , H04L63/0272 , H04L63/0823 , H04L63/083 , H04L63/20
摘要: A method for configuring a device includes receiving a first configuration profile comprising a first configuration and a first certificate and a second certificate, verifying the first configuration profile with the first certificate, receiving a user input indicating to accept the first configuration profile, configuring the device according to the first configuration, receiving a second configuration profile comprising a second configuration, verifying the second configuration profile with the second certificate and updating the device according to the second configuration, wherein the user is unaware of the updating.
-
公开(公告)号:US08948729B2
公开(公告)日:2015-02-03
申请号:US13528200
申请日:2012-06-20
申请人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
发明人: Mitchell D. Adler , Curtis C. Galloway , Christophe Allie , Conrad Sauerwald , Dallas Blake De Atley , Dieter Siegmund , Matthew Reda , Michael Lambertus Hubertus Brouwer , Roberto G. Yépez , Stan Jirman , Nitin Ganatra
CPC分类号: H04W8/18 , H04L63/0272 , H04L63/0823 , H04L63/083 , H04L63/20
摘要: A method for configuring a device includes receiving a first configuration profile comprising a first configuration and a first certificate and a second certificate, verifying the first configuration profile with the first certificate, receiving a user input indicating to accept the first configuration profile, configuring the device according to the first configuration, receiving a second configuration profile comprising a second configuration, verifying the second configuration profile with the second certificate and updating the device according to the second configuration, wherein the user is unaware of the updating.
摘要翻译: 一种用于配置设备的方法包括接收包括第一配置和第一证书和第二证书的第一配置简档,用第一证书验证第一配置简档,接收指示接受第一配置简档的用户输入,配置设备 根据第一配置,接收包括第二配置的第二配置简档,使用第二证书验证第二配置简档并根据第二配置更新设备,其中用户不知道更新。
-
公开(公告)号:US20090228986A1
公开(公告)日:2009-09-10
申请号:US12347691
申请日:2008-12-31
IPC分类号: G06F21/00
CPC分类号: G06F21/10 , G06F21/33 , G06F21/57 , G06F2211/009
摘要: A machine implemented method includes storing a first data representing a prior exception to a first trust failure (e.g., expired certificate). The prior exception may be stored as part of establishing a first communication with a data processing system (e.g., a handheld device). The first communication may not be trustworthy. The method may determine, as part of establishing a second communication with the data processing system, that a second trust failure has occurred. The second trust failure (e.g., revoked certificate) indicates that the second communication may not be trustworthy. The method may determine whether the prior exception applies to the second trust failure. If the prior exception does not apply, the data processing system determines, automatically, whether to create a new exception for the second trust failure.
摘要翻译: 机器实现的方法包括将表示先前异常的第一数据存储到第一信任失败(例如,过期证书)。 可以将先前的例外存储为与数据处理系统(例如,手持设备)建立第一通信的一部分。 第一个通信可能不值得信赖。 作为与数据处理系统建立第二通信的一部分,该方法可以确定发生了第二信任故障。 第二信任失败(例如撤销的证书)指示第二通信可能不可信。 该方法可以确定先前的异常是否适用于第二信任失败。 如果先前的异常不适用,则数据处理系统自动确定是否为第二个信任失败创建新的异常。
-
公开(公告)号:US08739292B2
公开(公告)日:2014-05-27
申请号:US12347691
申请日:2008-12-31
CPC分类号: G06F21/10 , G06F21/33 , G06F21/57 , G06F2211/009
摘要: A machine implemented method includes storing a first data representing a prior exception to a first trust failure (e.g., expired certificate). The prior exception may be stored as part of establishing a first communication with a data processing system (e.g., a handheld device). The first communication may not be trustworthy. The method may determine, as part of establishing a second communication with the data processing system, that a second trust failure has occurred. The second trust failure (e.g., revoked certificate) indicates that the second communication may not be trustworthy. The method may determine whether the prior exception applies to the second trust failure. If the prior exception does not apply, the data processing system determines, automatically, whether to create a new exception for the second trust failure.
摘要翻译: 机器实现的方法包括将表示先前异常的第一数据存储到第一信任失败(例如,过期证书)。 可以将先前的例外存储为与数据处理系统(例如,手持设备)建立第一通信的一部分。 第一个通信可能不值得信赖。 作为与数据处理系统建立第二通信的一部分,该方法可以确定发生了第二信任故障。 第二信任失败(例如撤销的证书)指示第二通信可能不可信。 该方法可以确定先前的异常是否适用于第二信任失败。 如果先前的异常不适用,则数据处理系统自动确定是否为第二个信任失败创建新的异常。
-
10.发明申请SYSTEM AND METHOD FOR CONTENT PROTECTION BASED ON A COMBINATION OF A USER PIN AND A DEVICE SPECIFIC IDENTIFIER 有权基于用户PIN和设备特定标识符的组合的内容保护系统和方法公开(公告)号:US20110252243A1
公开(公告)日:2011-10-13
申请号:US12797587
申请日:2010-06-09
CPC分类号: H04L9/0863 , G06F21/62 , H04L9/0643 , H04L9/0838 , H04L9/0861 , H04L9/0866 , H04L9/0869 , H04L9/0894 , H04L9/14 , H04L9/30 , H04L9/3231 , H04L2209/80
摘要: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed.
摘要翻译: 本文公开了用于加密和密钥管理的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一文件加密密钥加密计算设备上的每个文件,用相应的类加密密钥加密每个唯一文件加密密钥,并用附加的加密密钥加密每个类加密密钥。 还公开了用于加密证书密钥链的系统,方法和非暂时的计算机可读存储介质。 该方法包括使用唯一凭证加密密钥对计算设备上的每个凭证进行加密,使用相应的凭证类加密密钥对每个唯一凭证加密密钥进行加密,以及用附加加密密钥加密每个类加密密钥。 此外,公开了一种基于用户输入密码生成密码密钥的方法和利用加密算法的设备特定标识符秘密。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.059 秒)
