-
1.发明申请PROTECTED VOLUME ON A DATA STORAGE DEVICE WITH DUAL OPERATING SYSTEMS AND CONFIGURABLE ACCESS AND ENCRYPTION CONTROLS 有权具有双操作系统和可配置访问和加密控制的数据存储设备的保护量公开(公告)号:US20080263371A1
公开(公告)日:2008-10-23
申请号:US12126759
申请日:2008-05-23
申请人: Gregg D. Weissman , Hon Tran , Gregory W. Dalcher , Jay H. Hoffmeier , James E. Zmuda , Mark J. Sutherland , Michael T. Guttman
发明人: Gregg D. Weissman , Hon Tran , Gregory W. Dalcher , Jay H. Hoffmeier , James E. Zmuda , Mark J. Sutherland , Michael T. Guttman
IPC分类号: G06F12/14
CPC分类号: G06F21/575 , G06F21/74 , G06F21/78
摘要: A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. In a further embodiment of the method, the second operating system optionally provides a second level of security by preventing decryption of data stored in the protected region without decryption authorization.
摘要翻译: 一种方法提供与计算设备相关联的数据存储设备的保护区域,其中受保护区域中的数据主要通过在没有适当访问授权的情况下阻止访问来保护。 该方法包括以下步骤:在数据存储设备的未受保护区域中提供第一操作系统和相关联的操作系统数据; 监视由计算设备访问的操作系统数据,直到预定功能变得可用; 在受保护的区域中存储所监视的操作系统数据; 在受保护区域中提供第二操作系统; 将所述计算设备的控制从所述第一操作系统传送到所述第二操作系统; 将数据存储在受保护区域中; 并且在没有访问权限的情况下阻止对受保护区域中存储的数据的访问。 在该方法的另一实施例中,第二操作系统可选地通过防止在没有解密授权的情况下解密存储在受保护区域中的数据来提供第二级别的安全性。
-
2.发明授权Protected volume on a data storage device with dual operating systems and configurable access and encryption controls 有权具有双操作系统和可配置访问和加密控制的数据存储设备上的受保护卷公开(公告)号:US07757100B2
公开(公告)日:2010-07-13
申请号:US12126759
申请日:2008-05-23
申请人: Gregg D. Weissman , Hon Tran , Gregory W. Dalcher , Jay H. Hoffmeier , James E. Zmuda , Mark J. Sutherland , Michael T. Guttman
发明人: Gregg D. Weissman , Hon Tran , Gregory W. Dalcher , Jay H. Hoffmeier , James E. Zmuda , Mark J. Sutherland , Michael T. Guttman
IPC分类号: G06F11/30 , G06F12/14 , G06F9/00 , G06F15/177 , H04L9/32 , H04L9/00 , G06F12/00 , G06F13/00 , G06F13/28 , G06F15/167
CPC分类号: G06F21/575 , G06F21/74 , G06F21/78
摘要: A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. In a further embodiment of the method, the second operating system optionally provides a second level of security by preventing decryption of data stored in the protected region without decryption authorization.
摘要翻译: 一种方法提供与计算设备相关联的数据存储设备的保护区域,其中受保护区域中的数据主要通过在没有适当访问授权的情况下阻止访问来保护。 该方法包括以下步骤:在数据存储设备的未受保护区域中提供第一操作系统和相关联的操作系统数据; 监视由计算设备访问的操作系统数据,直到预定功能变得可用; 在受保护的区域中存储所监视的操作系统数据; 在受保护区域中提供第二操作系统; 将所述计算设备的控制从所述第一操作系统传送到所述第二操作系统; 将数据存储在受保护区域中; 并且在没有访问权限的情况下阻止对受保护区域中存储的数据的访问。 在该方法的另一实施例中,第二操作系统可选地通过防止在没有解密授权的情况下解密存储在受保护区域中的数据来提供第二级别的安全性。
-
公开(公告)号:US07380140B1
公开(公告)日:2008-05-27
申请号:US11085777
申请日:2005-03-21
申请人: Gregg D. Weissman , Hon Tran , Gregory W. Dalcher , Jay H. Hoffmeier , James E. Zmuda , Mark J. Sutherland , Michael T. Guttman
发明人: Gregg D. Weissman , Hon Tran , Gregory W. Dalcher , Jay H. Hoffmeier , James E. Zmuda , Mark J. Sutherland , Michael T. Guttman
IPC分类号: G06F11/30 , G06F12/14 , G06F9/00 , G06F15/177 , H04L9/32 , H04L9/00 , G06F12/00 , G06F13/00 , G06F13/28 , G06F15/167
CPC分类号: G06F21/575 , G06F21/74 , G06F21/78
摘要: The invention establishes a protected volume on a data storage device associated with a computational device by allowing an operating system of the computational device to boot up to a point (the volume conversion crossover point) at which predetermined functionality of the operating system becomes available, then establishing the protected volume. A copy of the operating system data (cleartext operating system data) that is accessed during boot up prior to the volume conversion crossover point (which can be known by monitoring and recording access to operating system data during boot-up) is stored in an unprotected region of the data storage device. A copy of the cleartext operating system data is also stored in the protected volume. After the protected volume is established, the computational device is reset, causing the operating system to boot up again. During each boot-up of the operating system after the protected volume has been established, the cleartext operating system data is used until the volume conversion crossover point, at which time operation of the computational device converts to a secure mode (if authorized) in which data stored on the data storage device can be accessed from the protected volume (including the copy of the cleartext operating system data that is stored in the protected volume).
摘要翻译: 本发明通过允许计算设备的操作系统引导到操作系统的预定功能变得可用的点(音量转换交叉点)来建立与计算设备相关联的数据存储设备上的受保护卷,然后 建立受保护的卷。 在卷转换交叉点之前启动期间访问的操作系统数据(明文操作系统数据)的副本(通过在启动期间监视和记录对操作系统数据的访问可以知道)存储在未受保护的 数据存储设备的区域。 明文操作系统数据的副本也存储在受保护的卷中。 保护卷建立后,计算设备复位,使操作系统再次启动。 在保护卷建立后的操作系统启动期间,使用明文操作系统数据直到音量转换交叉点,此时计算设备的操作转换为安全模式(如果授权),其中 可以从受保护的卷(包括存储在受保护卷中的明文操作系统数据的副本)访问存储在数据存储设备上的数据。
-
公开(公告)号:US07848251B2
公开(公告)日:2010-12-07
申请号:US12506602
申请日:2009-07-21
CPC分类号: H04L47/10 , H04L47/263
摘要: Techniques are given for determining the data transmission or sending rates in a router or switch of two or more input queues in one or more input ports sharing an output port, which may optionally include an output queue. The output port receives desired or requested data from each input queue sharing the output port. The output port analyzes this data and sends feedback to each input port so that, if needed, the input port can adjust its transmission or sending rate.
摘要翻译: 给出了用于确定共享输出端口的一个或多个输入端口中的两个或多个输入队列的路由器或交换机中的数据传输或发送速率的技术,其可以可选地包括输出队列。 输出端口从共享输出端口的每个输入队列接收所需或请求的数据。 输出端口分析此数据,并向每个输入端口发送反馈,以便在需要时,输入端口可以调整其传输或发送速率。
-
公开(公告)号:US08213322B2
公开(公告)日:2012-07-03
申请号:US09962056
申请日:2001-09-24
CPC分类号: H04L47/10 , H04L47/263
摘要: Techniques are given for determining the data transmission or sending rates in a router or switch of two or more input queues in one or more input ports sharing an output port, which may optionally include an output queue. The output port receives desired or requested data from each input queue sharing the output port. The output port analyzes this data and sends feedback to each input port so that, if needed, the input port can adjust its transmission or sending rate.
摘要翻译: 给出了用于确定共享输出端口的一个或多个输入端口中的两个或多个输入队列的路由器或交换机中的数据传输或发送速率的技术,其可以可选地包括输出队列。 输出端口从共享输出端口的每个输入队列接收所需或请求的数据。 输出端口分析此数据,并向每个输入端口发送反馈,以便在需要时,输入端口可以调整其传输或发送速率。
-
公开(公告)号:US20090279560A1
公开(公告)日:2009-11-12
申请号:US12506602
申请日:2009-07-21
IPC分类号: H04L12/56
CPC分类号: H04L47/10 , H04L47/263
摘要: Techniques are given for determining the data transmission or sending rates in a router or switch of two or more input queues in one or more input ports sharing an output port, which may optionally include an output queue. The output port receives desired or requested data from each input queue sharing the output port. The output port analyzes this data and sends feedback to each input port so that, if needed, the input port can adjust its transmission or sending rate.
摘要翻译: 给出了用于确定共享输出端口的一个或多个输入端口中的两个或多个输入队列的路由器或交换机中的数据传输或发送速率的技术,其可以可选地包括输出队列。 输出端口从共享输出端口的每个输入队列接收所需或请求的数据。 输出端口分析此数据,并向每个输入端口发送反馈,以便在需要时,输入端口可以调整其传输或发送速率。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.026 秒)