公开(公告)号：US06336186B1

公开(公告)日：2002-01-01

申请号：US09156266

申请日：1998-09-16

申请人： Marc David Dyksterhouse ,  Jonathan David Callas ,  Mark James McArdle

发明人： Marc David Dyksterhouse ,  Jonathan David Callas ,  Mark James McArdle

IPC分类号： H04L900

CPC分类号： G06F21/602 ,  G06F21/6218 ,  G06F2221/2141

摘要： A cryptosystem having a Certificate (Key) Server for storing and maintaining certificate or key information in a certificate database is described. The Certificate Server allows clients to submit and retrieve keys from a database based on a set of policy constraints which are set for one's particular site (e.g., company). Access to the Certificate Server is maintained by a Certificate Policy Agent, which makes sure that the policy is enforced for a given site based on the information supplied during the configuration. During operation, the Certificate Server responds to client requests to add, search for, and retrieve certificates. The server accepts or rejects certificates based on configurable parameters enforced by a Certificate Policy Agent. When a certificate is submitted to the server, the Certificate Policy Agent checks to see if it meets the criteria for a given site based on the settings specified during the configuration. Exemplary types of checks that the Certificate Policy Agent can enforce include checking to see if the key has been signed by the appropriate entities and checking to see if the signatures or User IDs associated with a key are approved for submission. If the submission criteria established during the configuration are met, the key is accepted by the server. If the key being submitted does not pass the policy requirements, it is rejected and (optionally) a copy is placed in a “pending bucket” where the key can subsequently be examined by the system administrator to determine if the key should be allowed on the server.

摘要翻译： 描述了具有用于在证书数据库中存储和维护证书或密钥信息的证书（密钥）服务器的密码系统。 证书服务器允许客户端基于为特定站点（例如公司）设置的一组策略约束，从数据库提交和检索密钥。 证书服务器的访问由证书策略代理维护，这将确保根据配置期间提供的信息为给定站点强制实施该策略。 在运行期间，证书服务器响应客户端请求以添加，搜索和检索证书。 服务器根据证书策略代理执行的可配置参数接受或拒绝证书。 当证书提交给服务器时，证书策略代理将根据配置中指定的设置来检查是否符合给定站点的条件。 证书策略代理可以执行的示例性类型的检查包括检查密钥是否已被相应实体签名，并检查与密钥相关联的签名或用户ID是否被批准提交。 如果在配置期间建立的提交标准得到满足，则该密钥将被服务器接受。 如果提交的密钥没有通过策略要求，则它被拒绝，并且（可选地）将副本放置在“挂起的桶”中，其中密钥随后可被系统管理员检查以确定是否应该允许密钥在 服务器。

公开(公告)号：US20120179915A1

公开(公告)日：2012-07-12

申请号：US12986895

申请日：2011-01-07

申请人： Deric S. Horn ,  Soren Carlson Spies ,  Bradley David Strand ,  Russell Dean Reece ,  Jonathan David Callas

发明人： Deric S. Horn ,  Soren Carlson Spies ,  Bradley David Strand ,  Russell Dean Reece ,  Jonathan David Callas

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： G06F21/80

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for authenticating a user logging in to an operating system stored on an encrypted drive. A system configured to practice the method presents a login prompt and receives credentials from a user. The system accesses the operating system on the encrypted drive based on the credentials and starts the operating system. Then the system authenticates the user on the operating system based on the credentials, such as via login forwarding. The system can set up a unified login by receiving a request to encrypt a storage device, and based on received user credentials, generating user data associated with logging in to an operating system on the computing device and user data for encrypting the storage device. The system stores the user data in a manner to enable a unified login boot prompt.

摘要翻译： 本文公开了用于认证登录到加密驱动器上存储的操作系统的用户的系统，方法和非暂时性的计算机可读存储介质。 配置为练习该方法的系统呈现登录提示并从用户接收凭证。 系统根据凭据访问加密驱动器上的操作系统并启动操作系统。 然后，系统将基于凭证（例如通过登录转发）对操作系统上的用户进行认证。 该系统可以通过接收对存储设备进行加密的请求，并且基于接收的用户凭证，生成与登录到计算设备上的操作系统相关联的用户数据以及用于加密存储设备的用户数据来设置统一登录。 该系统以允许统一登录启动提示的方式存储用户数据。