-
公开(公告)号:US08462955B2
公开(公告)日:2013-06-11
申请号:US12793455
申请日:2010-06-03
申请人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
发明人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
CPC分类号: H04L9/0894 , H04L9/0822 , H04L63/061 , H04L2463/062
摘要: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
摘要翻译: 生成或以其他方式获得由远程服务存储的在线密钥,以及存储介质(适用于存储物理或虚拟存储介质上的数据)主密钥,用于加密和解密物理或虚拟存储介质或加密和 至少部分地基于在线密钥来加密用于加密物理或虚拟存储介质的一个或多个存储介质加密密钥的解密。 存储存储介质的密钥保护器,密钥保护器包括加密的主密钥。 随后可以访问密钥保护器,并从远程服务获取在线密钥。 主密钥基于在线密钥解密,允许用于解密存储介质的一个或多个存储介质加密密钥被解密。
-
公开(公告)号:US20140108814A1
公开(公告)日:2014-04-17
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
IPC分类号: G06F21/60
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
公开(公告)号:US09058497B2
公开(公告)日:2015-06-16
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
公开(公告)号:US08885833B2
公开(公告)日:2014-11-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US20120257759A1
公开(公告)日:2012-10-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
IPC分类号: H04L9/00
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US20130054979A1
公开(公告)日:2013-02-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
-
公开(公告)号:US20130054977A1
公开(公告)日:2013-02-28
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F12/14
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块未被加密,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
公开(公告)号:US08874935B2
公开(公告)日:2014-10-28
申请号:US13221629
申请日:2011-08-30
申请人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
发明人: Innokentiy Basmov , Magnus Bo Gustaf Nyström , Alex M. Semenko , Douglas M. MacIver , Donghui Li
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0644 , G06F3/0659 , G06F3/0673 , G06F12/14 , G06F17/30324 , G06F21/602 , G06F21/6218
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后计算设备写入存储卷的数据被加密,则访问扇区映射。 扇区映射识别存储卷的一个或多个扇区,并且还针对存储卷的一个或多个扇区中的每一个标识扇区内容的签名。 响应于读取扇区的内容的请求,如果扇区是一个或多个扇区中的一个或多个扇区的一个,并且扇区的内容的签名与扇区的签名匹配,则返回扇区的内容而不解密内容 在扇区图中确定。 否则,扇区的内容被解密,并且返回解密的内容。
-
公开(公告)号:US08689279B2
公开(公告)日:2014-04-01
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F17/00
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块是未加密的,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
公开(公告)号:US09281948B2
公开(公告)日:2016-03-08
申请号:US13370185
申请日:2012-02-09
CPC分类号: H04L9/3268 , G06F21/6209 , H04L63/0823 , H04L63/20
摘要: Techniques for providing revocation information for revocable items are described. In implementations, a revocation service is employed to manage revocation information for various revocable items. For example, the revocation service can maintain a revoked list that includes revoked revocable items, such as revoked digital certificates, revoked files (e.g., files that are considered to the unsafe), unsafe network resources (e.g., a website that is determined to be unsafe), and so on. In implementations, the revocation service can communicate a revoked list to a client device to enable the client device to maintain an updated list of revocation information.
摘要翻译: 描述了可撤销项目的撤销信息提供技术。 在实现中,使用撤销服务来管理各种可撤销项目的撤销信息。 例如,撤销服务可以维护撤销的列表,其中包括撤销的可撤销项目,例如撤销的数字证书,撤销的文件(例如,被认为是不安全的文件),不安全的网络资源(例如,确定为 不安全),等等。 在实现中,撤销服务可以将撤销的列表传送到客户端设备,以使客户端设备能够维护更新的撤销信息列表。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.033 秒)
