-
公开(公告)号:US20130054979A1
公开(公告)日:2013-02-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
-
公开(公告)号:US08874935B2
公开(公告)日:2014-10-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后计算设备写入存储卷的数据被加密,则访问扇区映射。 扇区映射识别存储卷的一个或多个扇区,并且还针对存储卷的一个或多个扇区中的每一个标识扇区内容的签名。 响应于读取扇区的内容的请求,如果扇区是一个或多个扇区中的一个或多个扇区的一个,并且扇区的内容的签名与扇区的签名匹配,则返回扇区的内容而不解密内容 在扇区图中确定。 否则,扇区的内容被解密,并且返回解密的内容。
-
公开(公告)号:US08689279B2
公开(公告)日:2014-04-01
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F17/00
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块是未加密的,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
公开(公告)号:US20130054977A1
公开(公告)日:2013-02-28
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F12/14
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块未被加密,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
5.发明授权Access control state determination based on security policy and secondary access control state 有权基于安全策略和二次访问控制状态的访问控制状态确定公开(公告)号:US08387109B2
公开(公告)日:2013-02-26
申请号:US12256742
申请日:2008-10-23
申请人: Octavian T. Ureche , Alex M. Semenko , Ping Xie , Sai Vinayak
发明人: Octavian T. Ureche , Alex M. Semenko , Ping Xie , Sai Vinayak
CPC分类号: G06F21/6218
摘要: In accordance with one or more aspects, a current security policy for accessing a device or volume of a computing device is identified. A secondary access control state for the device or volume is also identified. An access state for the device is determined based on both the current security policy and the secondary access control state.
摘要翻译: 根据一个或多个方面,识别用于访问计算设备的设备或卷的当前安全策略。 还识别用于设备或卷的辅助访问控制状态。 基于当前的安全策略和次要访问控制状态来确定设备的访问状态。
-
公开(公告)号:US08914874B2
公开(公告)日:2014-12-16
申请号:US12506568
申请日:2009-07-21
CPC分类号: H04L63/205 , G06F21/606 , H04L9/3247 , H04L2209/80
摘要: A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.
摘要翻译: 获得一组用于通信信道的安全权利要求,该组安全权利要求包括一个或多个安全权利要求,每个安全权利要求各自标识通信信道的安全特性。 存储安全声明,以及由实体在该组安全声明上生成的数字签名。 随后当计算设备将数据传送到通信信道和/或从通信信道传送数据时,随后访问安全声明和数字签名。 将该组安全声明与计算设备的安全策略进行比较,并且识别对该组安全声明进行数字签名的实体。 至少部分地基于所述比较和对所述一组安全权利要求进行数字签名的实体来确定所述计算设备将用于向所述通信信道传送数据和/或从所述通信信道传送数据的一个或多个安全预防措施。
-
7.发明申请公开(公告)号:US20100211792A1
公开(公告)日:2010-08-19
申请号:US12372476
申请日:2009-02-17
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略,以及通过信道标识符和使用策略的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
8.发明授权公开(公告)号:US08838981B2
公开(公告)日:2014-09-16
申请号:US13614612
申请日:2012-09-13
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略以及信道标识符和使用策略上的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
9.发明申请公开(公告)号:US20130007463A1
公开(公告)日:2013-01-03
申请号:US13614612
申请日:2012-09-13
IPC分类号: H04L9/30
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略,以及通过信道标识符和使用策略的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
10.发明授权公开(公告)号:US08296564B2
公开(公告)日:2012-10-23
申请号:US12372476
申请日:2009-02-17
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略,以及通过信道标识符和使用策略的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.026 秒)
