-
公开(公告)号:US08689279B2
公开(公告)日:2014-04-01
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F17/00
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块是未加密的,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
公开(公告)号:US20130054977A1
公开(公告)日:2013-02-28
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F12/14
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块未被加密,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
公开(公告)号:US20130054979A1
公开(公告)日:2013-02-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
-
公开(公告)号:US08874935B2
公开(公告)日:2014-10-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后计算设备写入存储卷的数据被加密,则访问扇区映射。 扇区映射识别存储卷的一个或多个扇区,并且还针对存储卷的一个或多个扇区中的每一个标识扇区内容的签名。 响应于读取扇区的内容的请求,如果扇区是一个或多个扇区中的一个或多个扇区的一个,并且扇区的内容的签名与扇区的签名匹配,则返回扇区的内容而不解密内容 在扇区图中确定。 否则,扇区的内容被解密,并且返回解密的内容。
-
公开(公告)号:US08462955B2
公开(公告)日:2013-06-11
申请号:US12793455
申请日:2010-06-03
申请人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
发明人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
CPC分类号: H04L9/0894 , H04L9/0822 , H04L63/061 , H04L2463/062
摘要: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
摘要翻译: 生成或以其他方式获得由远程服务存储的在线密钥,以及存储介质(适用于存储物理或虚拟存储介质上的数据)主密钥,用于加密和解密物理或虚拟存储介质或加密和 至少部分地基于在线密钥来加密用于加密物理或虚拟存储介质的一个或多个存储介质加密密钥的解密。 存储存储介质的密钥保护器,密钥保护器包括加密的主密钥。 随后可以访问密钥保护器,并从远程服务获取在线密钥。 主密钥基于在线密钥解密,允许用于解密存储介质的一个或多个存储介质加密密钥被解密。
-
公开(公告)号:US09984250B2
公开(公告)日:2018-05-29
申请号:US13531481
申请日:2012-06-22
CPC分类号: G06F21/6245 , G06F21/554
摘要: In one embodiment, an encryption system may protect user login metadata from hammering attacks. A data storage 140 may store an integrity protected data set 602 for an operating system in a storage location. A processor 120 may register a counter reading from a remote counter 202 in a secure location 204 separate from the storage location. The processor 120 may determine a lockout state of the integrity protected data set 602 based on the counter reading.
-
公开(公告)号:US08364598B2
公开(公告)日:2013-01-29
申请号:US12578533
申请日:2009-10-13
IPC分类号: G06F21/00
CPC分类号: G06F8/61 , G06F8/65 , G06F9/44505
摘要: A portable device may be roamed from one host to another. In one example, the portable device stores software that is to be executed by a host. The host may maintain a policy that governs which software may be executed on the host. When the portable device is connected to a host, the host checks the software version installed on the guest to determine whether that software version is compatible with the host's policy. If the guest's software does not comply with the host's policy, then the host installs a compatible version. If the guest's version complies with the policy and is newer than the host's version, then the host copies the guest's version to the host and propagates it to other guests. In this way, newer versions of software propagate between hosts and guests, while also respecting specific execution policies of the various hosts.
摘要翻译: 便携式设备可以从一个主机漫游到另一个主机。 在一个示例中,便携式设备存储要由主机执行的软件。 主机可以维护一个管理可以在主机上执行哪个软件的策略。 当便携式设备连接到主机时,主机将检查安装在客户机上的软件版本,以确定该软件版本是否与主机策略兼容。 如果客人的软件不符合主机的策略,则主机将安装兼容版本。 如果客人的版本符合该策略,并且比主机版本更新,则主机会将客人的版本复制到主机,并将其传播给其他来宾。 这样,较新版本的软件在主机和客户端之间传播,同时也遵守各种主机的特定执行策略。
-
公开(公告)号:US08503674B2
公开(公告)日:2013-08-06
申请号:US13097035
申请日:2011-04-28
IPC分类号: H04L9/00
CPC分类号: G06F21/60 , H04L9/002 , H04L9/0822 , H04L9/0877 , H04L9/0897
摘要: Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data.
摘要翻译: 使用各种系统和方法来保护加密密钥以及随后保护的数据免受无理的攻击,这些系统和方法旨在最小化可访问存储器中存在有意义的密码密钥版本的时间段,因此易受攻击。 加密密钥以及因此它们旨在保护的数据可以替代地或也可以利用系统和使用可移动存储设备提供加密和解密处理中使用的认证因子的方法来防止攻击者。 加密密钥和受保护数据可以替代地或者也可以通过支持计算设备的存储设备上的数据分离的系统和方法进行保护。 可以使用虚拟分区的系统和方法来保护加密密钥及其旨在保护的数据,或者也可以使用有效地将密钥管理与受保护数据隔离的虚拟分区的方法进行保护。
-
公开(公告)号:US20110314279A1
公开(公告)日:2011-12-22
申请号:US12819883
申请日:2010-06-21
申请人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
发明人: Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
CPC分类号: H04L63/08 , G06F21/31 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2131 , H04L9/3228 , H04L9/3234 , H04L63/067
摘要: Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.
摘要翻译: 描述用于访问存储在计算机的受保护卷上的加密数据的一次验证方法,其中对加密数据的访问涉及解密存储在计算机上的密钥保护器,其保存解密受保护卷所需的特定于卷的加密密钥。 这种一次性认证方法依赖于提供只能使用一次的密钥保护器和/或需要每次使用的新的访问凭证。 在某些实施例中,质询 - 响应过程也被用作认证方法的一部分,以将密钥保护器的发行和/或访问凭证与可以唯一地标识用户的特定信息片段相关联。
-
公开(公告)号:US20110088025A1
公开(公告)日:2011-04-14
申请号:US12578533
申请日:2009-10-13
IPC分类号: G06F9/44
CPC分类号: G06F8/61 , G06F8/65 , G06F9/44505
摘要: A portable device may be roamed from one host to another. In one example, the portable device stores software that is to be executed by a host. The host may maintain a policy that governs which software may be executed on the host. When the portable device is connected to a host, the host checks the software version installed on the guest to determine whether that software version is compatible with the host's policy. If the guest's software does not comply with the host's policy, then the host installs a compatible version. If the guest's version complies with the policy and is newer than the host's version, then the host copies the guest's version to the host and propagates it to other guests. In this way, newer versions of software propagate between hosts and guests, while also respecting specific execution policies of the various hosts.
摘要翻译: 便携式设备可以从一个主机漫游到另一个主机。 在一个示例中,便携式设备存储要由主机执行的软件。 主机可以维护一个管理可以在主机上执行哪个软件的策略。 当便携式设备连接到主机时,主机将检查安装在客户机上的软件版本,以确定该软件版本是否与主机策略兼容。 如果客人的软件不符合主机的策略,则主机将安装兼容版本。 如果客人的版本符合该策略,并且比主机版本更新,则主机会将客人的版本复制到主机,并将其传播给其他来宾。 这样,较新版本的软件在主机和客户端之间传播,同时也遵守各种主机的特定执行策略。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.029 秒)
