摘要:
Systems and methods for managing multiple keys for file encryption and decryption may provide an encrypted list of previously used keys. The list itself may be encrypted using a current key. To decrypt files that are encrypted in one or more of the previous keys, the list can be decrypted, and the appropriate previous key can be retrieved. To re-key files, an automated process can decrypt any files using previous keys and encrypt them using the current key. If a new current key is introduced, the prior current key can be used to decrypt the list of keys, the prior current key can be added to the list, and the list can be re-encrypted using the new current key.
摘要:
An operating system copies data from memory pages into a paging file on disk, in order to free up space in the memory. A mechanism is disclosed that causes the data to be encrypted as it is copied into the paging file, thereby protecting the paged data from unauthorized (or otherwise undesired) observation. The data that is stored in the paging file is encrypted with a session key, that is generated shortly after the machine on which the paging file exists is started. The session key, which is used both for encryption and decryption of the paging file data, is stored in volatile memory, so that the key is not persisted across boots of the machine. Since the key is not persisted across boots, old paging file data that was stored prior to the most recent boot cannot be recovered in clear text, thereby protecting the data from observation.
摘要:
A system and method for facilitating BIOS integrated encryption is provided. An interface is defined between the operating system and the BIOS. The operating system employs this interface to provide BIOS code information to facilitate decryption of data that is encrypted on the system. In the pre-operating system boot phase, the BIOS employs the decryption information provided from this interface in order to decrypt the data. The decrypted information can be employed to facilitate secure rebooting of a computer system from hibernate mode and/or secure access to device(s).
摘要:
An encrypted file system (EFS) and an underlying file transfer protocol to permit a client to encrypt, decrypt, and transfer file(s) resident on a server are disclosed. A user at a client computer can open, read, and write to encrypted files, including header information associated with encrypted files, and can add users to or remove users from an encrypted file.
摘要:
One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.
摘要:
An efficient protocol for retrieving cryptographic evidence may be selected by evaluating a local policy and a number of relevant factors. Furthermore, updated cryptographic evidence may be prefetched during a time period in which there is a low volume of requests for cryptographic evidence. This low volume time period may be defined, approximately, as an overlapping window in which both a first cryptographic evidence publication and a second cryptographic evidence publication are valid.
摘要:
An electrochemical cell has an inner, titanium-rod electrode (1) mounted coaxially within an outer, titanium-tube electrode (2) with a porous, ceramic tube (3) mounted coaxially between them to define coaxial, annular passageways (4,5) for liquid flow in separate streams lengthwise of the cell between respective pairs of inlet/outlet ports (6, 6; 7, 7). A cup-shape fitting (8) having a stepped-down internal diameter is clamped onto the rod electrode (1) at each end of the cell, with the tubular electrode (2) at that end held tightly sealed in the mouth (14) of the fitting (8). Each end of the ceramic tube (3) projects into the larger-diameter cavity-part (10) of the fitting (8) at that end and has a radial flange (17) that provides a sliding seal within this cavity-part (10) for keeping the inlet/outlet ports (6,7) for the respective liquid streams at that end, divided off from one another as well as allowing the ceramic tube (3) limited freedom for longitudinal sliding relative to the electrodes (1, 2).
摘要:
A storage surface assembly is provided for use as a shelf for holding storage items. This storage surface assembly is well suited for use in many industrial and/or commercial applications, where storage shelves must bear heavy loads and maintain their structural integrity while complying with fire codes requiring some amount of open area along the surface of the shelf. Therefore, there is provided a storage surface assembly for use in a standard commercial racking assembly, the storage surface assembly comprising a pair of extension members, and a plurality of traverse members extending between the pair of extension members, wherein the traverse members can be attached to the extension members by various methods, based on the requirements dictated by a particular storage environment.
摘要:
A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.
摘要:
This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.