公开(公告)号：US08412934B2

公开(公告)日：2013-04-02

申请号：US12756148

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Kenneth Buffalo McNeil ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, Jr. ,  Kenneth Buffalo McNeil ,  David Rahardja

IPC分类号： H04L29/06 ,  H04L9/00 ,  G06F7/04

CPC分类号： G06F11/1458 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.

摘要翻译： 本文公开了用于发起备份，备份加密数据和恢复备份的加密数据的系统，方法和非暂时的计算机可读存储介质。 用于发起备份的方法包括向具有加密文件系统的备份设备发送备份秘密，从备份设备接收基于备份秘密创建的备份故障单，并存储备份故障单。 用于备份加密数据的方法包括接收备份票据和备份秘密，检索包含保护类密钥的托管密钥袋，用备份凭证解密保护类密钥，生成包含新保护等级密钥的备份密钥袋，选择 一组加密文件进行备份，用相应的解密保护类密钥解密文件加密密钥，用新的保护类密钥重新加密文件加密密钥，并传送所选择的加密文件，备份密钥包和元数据。

公开(公告)号：US20110252233A1

公开(公告)日：2011-10-13

申请号：US12756148

申请日：2010-04-07

申请人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Kenneth Buffalo McNeil ,  David Rahardja

发明人： Dallas Blake De Atley ,  Gordon Freedman ,  Thomas Brogan Duffy, JR. ,  Kenneth Buffalo McNeil ,  David Rahardja

IPC分类号： H04L29/06 ,  G06F17/30

CPC分类号： G06F11/1458 ,  G06F11/1469 ,  G06F21/6218 ,  H04L9/0822 ,  H04L9/0894

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.

摘要翻译： 本文公开了用于发起备份，备份加密数据和恢复备份的加密数据的系统，方法和非暂时的计算机可读存储介质。 用于发起备份的方法包括向具有加密文件系统的备份设备发送备份秘密，从备份设备接收基于备份秘密创建的备份故障单，并存储备份故障单。 用于备份加密数据的方法包括接收备份票据和备份秘密，检索包含保护类密钥的托管密钥袋，用备份凭证解密保护类密钥，生成包含新保护等级密钥的备份密钥袋，选择 一组加密文件进行备份，用相应的解密保护类密钥解密文件加密密钥，用新的保护类密钥重新加密文件加密密钥，并传送所选择的加密文件，备份密钥包和元数据。

公开(公告)号：US20130034229A1

公开(公告)日：2013-02-07

申请号：US13204171

申请日：2011-08-05

申请人： Conrad Sauerwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy, JR. ,  Michael Lambertus Hubertus Brouwer ,  Matthew John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

发明人： Conrad Sauerwald ,  Vrajesh Rajesh Bhavsar ,  Kenneth Buffalo McNeil ,  Thomas Brogan Duffy, JR. ,  Michael Lambertus Hubertus Brouwer ,  Matthew John Byom ,  Mitchell David Adler ,  Eric Brandon Tamura

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  G06F11/1458 ,  G06F11/1464 ,  H04L9/0637 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0894 ,  H04L63/0435 ,  H04L63/061 ,  H04L2463/062 ,  H04W12/04 ,  H04W12/08

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

摘要翻译： 这里公开的是用于在主设备和备用设备上利用密码密钥管理的无线数据保护的系统，方法和非暂时的计算机可读存储介质。 系统使用文件密钥加密文件，并对文件密钥进行两次加密，从而产生两个加密的文件密钥。 该系统对每个文件密钥进行不同的加密，并将第一个文件密钥存储在主设备上，并将加密的文件密钥之一加到备份设备上以进行存储。 在备份设备上，系统将加密的文件密钥与受用户密码保护的一组备份密钥相关联。 在一个实施例中，系统基于文件密钥生成用于加密操作的初始化向量。 在另一个实施例中，系统在用户密码改变期间管理备份设备上的密码密钥。