CREDENTIAL EQUIVALENCY AND CONTROL
    1.
    发明申请
    CREDENTIAL EQUIVALENCY AND CONTROL 审中-公开
    认可等效和控制

    公开(公告)号:US20090276837A1

    公开(公告)日:2009-11-05

    申请号:US12113191

    申请日:2008-04-30

    IPC分类号: H04L9/32

    CPC分类号: G06F21/31 H04L9/3226

    摘要: A number of equivalent credentials may be associated with at least one entity. Each of the equivalent credentials may be of one of a number of types, such as, for example, a cryptographic key pair, a password, a biometric, or other types or combinations thereof. When one of the equivalent credentials is authenticated by an authentication control system, the at least one entity may be permitted access to a hardware device, software, or a service associated with the authentication control system. The authentication control system may include a number of authentication endpoints and blocking controls, each of which may be associated with a respective equivalent credential. After the authentication control system authenticates one of the equivalent credentials, a parameter of a blocking control and/or configurable credential-related attributes of an authentication endpoint associated with another of the equivalent credentials may be changed or reset.

    摘要翻译: 许多等效凭证可以与至少一个实体相关联。 每个等效凭证可以是多种类型中的一种,例如密码密钥对,密码,生物特征或其他类型或其组合。 当其中一个等效凭证被认证控制系统认证时,可允许至少一个实体访问与认证控制系统相关联的硬件设备,软件或服务。 认证控制系统可以包括多个认证端点和阻塞控制,每个认证端点可以与相应的等效证书相关联。 在认证控制系统认证等同证书之一之后,可以改变或重置与另一个等效证书相关联的认证端点的阻塞控制和/或可配置凭证相关属性的参数。

    Device-side inline pattern matching and policy enforcement
    2.
    发明授权
    Device-side inline pattern matching and policy enforcement 有权
    设备端内联模式匹配和策略执行

    公开(公告)号:US08091115B2

    公开(公告)日:2012-01-03

    申请号:US12245060

    申请日:2008-10-03

    IPC分类号: H04L29/06

    摘要: Inline pattern matching and policy enforcement may be implemented by a memory storage device. In an example embodiment, a device-implemented method includes acts of receiving, intercepting, and performing and conditional acts of invoking or permitting. A request from a host to perform a memory access operation is received at a memory storage device. Data flowing between an I/O channel and physical storage of the memory storage device is intercepted. A pattern matching procedure is performed on the data with reference to multiple target patterns in real-time while the data is being intercepted. If a pattern match is detected between the data and a target pattern, a policy enforcement mechanism is invoked. If a pattern match is not detected between the data and the multiple target patterns, the request from the host to perform the memory access operation is permitted.

    摘要翻译: 内联模式匹配和策略实施可以由存储器存储设备实现。 在示例实施例中,设备实现的方法包括接收,拦截和执行以及调用或许可的条件动作的动作。 在存储器存储设备处接收来自主机执行存储器访问操作的请求。 在I / O通道和存储器存储设备的物理存储之间流动的数据被截取。 在数据被截获的同时,实时参照多个目标模式对数据执行模式匹配过程。 如果在数据和目标模式之间检测到模式匹配,则调用策略实施机制。 如果在数据和多个目标模式之间未检测到模式匹配,则允许来自主机执行存储器访问操作的请求。

    Device Enforced File Level Protection
    3.
    发明申请
    Device Enforced File Level Protection 有权
    设备强制文件级保护

    公开(公告)号:US20100199108A1

    公开(公告)日:2010-08-05

    申请号:US12364523

    申请日:2009-02-03

    IPC分类号: G06F12/14

    CPC分类号: G06F21/805

    摘要: Described is a technology by which files that are hardware protected on a storage device, such as a USB flash drive, are managed on a host, including by integration with an existing file system. Each file maintained on a storage device is associated with a protection attribute that corresponds to that file's device hardware protection level. Requests directed towards accessing metadata or actual file data are processed based upon the protection attribute and a state of authentication, e.g., to allow or deny access, show file icons along with their level of protection, change levels, and so forth. Also described is splitting a file system file table into multiple file tables, one file table for each level of protection. Entries in the split file tables are maintained based on each file's current level; space allocation tracking entries are also maintained to track the space used by other split tables.

    摘要翻译: 描述了通过在主机上管理诸如USB闪存驱动器的存储设备上被硬件保护的文件的技术,包括通过与现有文件系统的集成。 存储设备上维护的每个文件都与保护属性相关联,该属性对应于该文件的设备硬件保护级别。 基于保护属性和认证状态(例如,允许或拒绝访问)显示文件图标以及其保护级别,改变级别等来处理针对访问元数据或实际文件数据的请求。 还描述了将文件系统文件表分割成多个文件表,一个文件表用于每个级别的保护。 分割文件表中的条目将根据每个文件的当前级别进行维护; 还维护空间分配跟踪条目以跟踪其他拆分表使用的空间。

    PROVIDING A SINGLE DRIVE LETTER USER EXPERIENCE AND REGIONAL BASED ACCESS CONTROL WITH RESPECT TO A STORAGE DEVICE
    4.
    发明申请
    PROVIDING A SINGLE DRIVE LETTER USER EXPERIENCE AND REGIONAL BASED ACCESS CONTROL WITH RESPECT TO A STORAGE DEVICE 有权
    提供单一驱动器用户体验和基于区域的访问控制与存储设备

    公开(公告)号:US20090276595A1

    公开(公告)日:2009-11-05

    申请号:US12113199

    申请日:2008-04-30

    IPC分类号: G06F12/16 G06F12/00

    摘要: A method and a storage device may be provided. The storage device may include physical storage subdivided into a number of regions. The regions may start and end based on logical block addresses specified in a region table. At least one of the regions may be mapped to a logical drive letter. One or more others of the regions may be mapped to a subfolder with respect to the logical drive letter. The storage device may include an access control table. Each entry of the access control table may correspond to a respective region of the physical storage. Each of the entries of the access control table may indicate whether the respective region is protected and whether at least one entity is permitted protected access to the respective region after being successfully authenticated.

    摘要翻译: 可以提供一种方法和存储装置。 存储设备可以包括细分为多个区域的物理存储器。 区域可以基于区域表中指定的逻辑块地址开始和结束。 至少一个区域可以被映射到逻辑驱动器盘符。 可以将该区域中的一个或多个其他区域映射到相对于逻辑驱动器盘符的子文件夹。 存储装置可以包括访问控制表。 访问控制表的每个条目可以对应于物理存储器的相应区域。 访问控制表的每个条目可以指示相应区域是否受到保护,以及是否允许至少一个实体在被成功认证之后被保护对相应区域的访问。

    Device enforced file level protection
    5.
    发明授权
    Device enforced file level protection 有权
    设备强制执行文件级别保护

    公开(公告)号:US08898460B2

    公开(公告)日:2014-11-25

    申请号:US12364523

    申请日:2009-02-03

    IPC分类号: H04L29/06

    CPC分类号: G06F21/805

    摘要: Described is a technology by which files that are hardware protected on a storage device, such as a USB flash drive, are managed on a host, including by integration with an existing file system. Each file maintained on a storage device is associated with a protection attribute that corresponds to that file's device hardware protection level. Requests directed towards accessing metadata or actual file data are processed based upon the protection attribute and a state of authentication, e.g., to allow or deny access, show file icons along with their level of protection, change levels, and so forth. Also described is splitting a file system file table into multiple file tables, one file table for each level of protection. Entries in the split file tables are maintained based on each file's current level; space allocation tracking entries are also maintained to track the space used by other split tables.

    摘要翻译: 描述了通过在主机上管理诸如USB闪存驱动器的存储设备上被硬件保护的文件的技术,包括通过与现有文件系统的集成。 存储设备上维护的每个文件都与保护属性相关联,该属性对应于该文件的设备硬件保护级别。 基于保护属性和认证状态(例如,允许或拒绝访问)显示文件图标以及其保护级别,改变级别等来处理针对访问元数据或实际文件数据的请求。 还描述了将文件系统文件表分割成多个文件表,一个文件表用于每个级别的保护。 分割文件表中的条目将根据每个文件的当前级别进行维护; 还维护空间分配跟踪条目以跟踪其他拆分表使用的空间。

    Device side host integrity validation
    6.
    发明授权
    Device side host integrity validation 有权
    设备端主机完整性验证

    公开(公告)号:US08806220B2

    公开(公告)日:2014-08-12

    申请号:US12349516

    申请日:2009-01-07

    IPC分类号: G06F11/30 G06F21/00

    摘要: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.

    摘要翻译: 描述了一种瞬态存储设备或基于安全执行环境(例如,包括嵌入式处理器)设备验证主计算机系统的技术。 该设备将主机系统数据的哈希值与在设备的受保护存储中维护的有效散列进行比较。 主机数据可以是文件,数据块和/或存储器内容。 当主机系统数据与受保护存储器中的信息不匹配时,该装置采取行动,例如记录关于不匹配的信息和/或提供验证失败的指示,例如经由LED和/或显示屏幕输出。 此外,比较可以是引导过程验证的一部分,并且该操作可以阻止引导过程继续或替换无效文件。 或者,验证可以在任何时间进行。

    Capturing and loading operating system states
    7.
    发明授权
    Capturing and loading operating system states 有权
    捕获和加载操作系统状态

    公开(公告)号:US08209501B2

    公开(公告)日:2012-06-26

    申请号:US12435737

    申请日:2009-05-05

    IPC分类号: G06F13/00

    CPC分类号: G06F17/3007 G06F9/4418

    摘要: Operating system states capture and loading technique embodiments are presented that involve the capture and loading of baseline system states. This is accomplished, in one embodiment, by storing the states of a computer's operating system memory that it is desired to restore at a future time. No changes are permitted to the persisted storage associated with the computer. Instead, changes that would have been made to the persisted storage during an ensuing computing session, had they not been prevented, are stored in a separate computing session file. Whenever it is desired to return the operating system to its baseline condition, the stored baseline system memory states are loaded into the operating system memory, in lieu of the operating system memory's current states.

    摘要翻译: 提出了涉及捕获和加载基线系统状态的操作系统状态捕获和加载技术实施例。 这在一个实施例中通过存储希望在将来的时间恢复的计算机的操作系统存储器的状态来实现。 与计算机相关联的持久存储器不允许更改。 相反,如果没有阻止在随后的计算会话期间对持久存储进行的更改将被存储在单独的计算会话文件中。 无论何时需要将操作系统恢复到其基准状态,存储的基线系统存储器状态将被加载到操作系统存储器中,以代替操作系统存储器的当前状态。

    DYNAMIC LOGICAL UNIT NUMBER CREATION AND PROTECTION FOR A TRANSIENT STORAGE DEVICE
    8.
    发明申请
    DYNAMIC LOGICAL UNIT NUMBER CREATION AND PROTECTION FOR A TRANSIENT STORAGE DEVICE 审中-公开
    动态逻辑单元创建和保护瞬态存储设备

    公开(公告)号:US20090307451A1

    公开(公告)日:2009-12-10

    申请号:US12262134

    申请日:2008-10-30

    IPC分类号: G06F12/14 G06F12/00

    CPC分类号: G06F12/1483

    摘要: A dynamic logical unit number system is implemented as a storage device that includes processing logic and storage functionality. A storage device may be configured to provide a first logical unit number when the storage device is attached to a computer system or other computing device. The storage device through its dynamic logical unit number system provides a configuration interface through which the computer system can configure additional logical unit numbers and reconfigure existing logical unit numbers of the storage device. After the redefinition of the logical unit numbers, the dynamic logical unit number system may cause a reestablishment of the connection between the storage device and the computer system. Upon establishing the new connection, the computer system recognizes the redefined logical unit numbers and treats each logical unit number as a separate storage device, including assigning a different number to each logical unit number.

    摘要翻译: 动态逻辑单元号系统被实现为包括处理逻辑和存储功能的存储设备。 存储设备可以被配置为当存储设备附接到计算机系统或其他计算设备时提供第一逻辑单元号。 存储设备通过其动态逻辑单元号系统提供配置接口,计算机系统可通过该配置接口配置附加的逻辑单元号,并重新配置存储设备的现有逻辑单元号。 在重新定义逻辑单元号之后,动态逻辑单元号系统可能导致重新建立​​存储设备和计算机系统之间的连接。 在建立新的连接之后,计算机系统识别重新定义的逻辑单元号码,并将每个逻辑单元号码视为单独的存储设备,包括为每个逻辑单元号码分配不同的号码。

    DEVICE SIDE HOST INTEGRITY VALIDATION
    10.
    发明申请
    DEVICE SIDE HOST INTEGRITY VALIDATION 有权
    设备侧主机完整性验证

    公开(公告)号:US20140351544A1

    公开(公告)日:2014-11-27

    申请号:US14458223

    申请日:2014-08-12

    IPC分类号: G06F12/14

    摘要: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.

    摘要翻译: 描述了一种瞬态存储设备或基于安全执行环境(例如,包括嵌入式处理器)设备验证主计算机系统的技术。 该设备将主机系统数据的哈希值与在设备的受保护存储中维护的有效散列进行比较。 主机数据可以是文件,数据块和/或存储器内容。 当主机系统数据与受保护存储器中的信息不匹配时,该装置采取行动,例如记录关于不匹配的信息和/或提供验证失败的指示,例如经由LED和/或显示屏幕输出。 此外,比较可以是引导过程验证的一部分,并且该操作可以阻止引导过程继续或替换无效文件。 或者,验证可以在任何时间进行。