One-time recovery credentials for encrypted data access
    5.
    发明授权
    One-time recovery credentials for encrypted data access 有权
    加密数据访问的一次性恢复凭据

    公开(公告)号:US08885833B2

    公开(公告)日:2014-11-11

    申请号:US13084207

    申请日:2011-04-11

    IPC分类号: H04L9/08 G06F21/62 H04L9/00

    摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.

    摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。

    ONE-TIME RECOVERY CREDENTIALS FOR ENCRYPTED DATA ACCESS
    6.
    发明申请
    ONE-TIME RECOVERY CREDENTIALS FOR ENCRYPTED DATA ACCESS 有权
    加密数据访问的一次性恢复凭证

    公开(公告)号:US20120257759A1

    公开(公告)日:2012-10-11

    申请号:US13084207

    申请日:2011-04-11

    IPC分类号: H04L9/00

    摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.

    摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。

    Key Protectors Based On Public Keys
    7.
    发明申请
    Key Protectors Based On Public Keys 有权
    基于公钥的主要保护者

    公开(公告)号:US20110022856A1

    公开(公告)日:2011-01-27

    申请号:US12509255

    申请日:2009-07-24

    IPC分类号: G06F12/14

    摘要: In accordance with one or more aspects, a key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key.

    摘要翻译: 根据一个或多个方面,通过生成中间密钥并至少部分地基于公共/私人密钥对来保护中间密钥来创建用于存储卷的密钥保护器。 用于加密和解密用于加密存储卷的一个或多个卷加密密钥的卷主密钥可以以不同的方式加密,包括至少部分地基于中间密钥进行加密。 存储存储卷的密钥保护器,其包括加密的卷主密钥和指示如何获得中间密钥的信息。 随后,可以访问密钥保护器,并且至少部分地基于与密钥保护器相关联的实体的私钥,中间密钥可以被解密。 然后可以使用中间密钥来解密卷主密钥。

    Key protector for a storage volume using multiple keys
    8.
    发明授权
    Key protector for a storage volume using multiple keys 有权
    使用多个键的存储卷的密钥保护器

    公开(公告)号:US08509449B2

    公开(公告)日:2013-08-13

    申请号:US12509255

    申请日:2009-07-24

    IPC分类号: H04L9/16 H04L9/08 H04L9/34

    摘要: A key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key.

    摘要翻译: 通过生成中间密钥并至少部分地基于公共/私人密钥对来保护中间密钥来创建用于存储卷的密钥保护器。 用于加密和解密用于加密存储卷的一个或多个卷加密密钥的卷主密钥可以以不同的方式加密,包括至少部分地基于中间密钥进行加密。 存储存储卷的密钥保护器,其包括加密的卷主密钥和指示如何获得中间密钥的信息。 随后,可以访问密钥保护器,并且至少部分地基于与密钥保护器相关联的实体的私钥,中间密钥可以被解密。 然后可以使用中间密钥来解密卷主密钥。

    Security system with compliance checking and remediation
    9.
    发明授权
    Security system with compliance checking and remediation 有权
    具有合规性检查和修复的安全系统

    公开(公告)号:US08661534B2

    公开(公告)日:2014-02-25

    申请号:US11768596

    申请日:2007-06-26

    IPC分类号: H04L29/06

    CPC分类号: G06F21/577

    摘要: A security system is provided for use with computer systems. In various embodiments, the security system can analyze the state of security of one or more computer systems to determine whether the computer systems comply with expressed security policies and to remediate the computer systems so that they conform with the expressed security policies. In various embodiments, the security system can receive compliance documents, determine whether one or more computer systems comply with portions of security policies specified in the compliance documents, and take actions specified in the compliance documents to cause the computer systems to comply with the specified security policies. The security system may provide a common, unified programming interface that applications or tools can employ to verify or enforce security policies.

    摘要翻译: 提供了一种用于计算机系统的安全系统。 在各种实施例中,安全系统可以分析一个或多个计算机系统的安全状态,以确定计算机系统是否符合所表达的安全策略并修复计算机系统,使得它们符合所表达的安全策略。 在各种实施例中,安全系统可以接收合规文件,确定一个或多个计算机系统是否符合合规文件中指定的安全策略的一部分,并采取合规文件中指定的措施,使计算机系统符合指定的安全性 政策。 安全系统可以提供一个通用的,统一的编程接口,应用程序或工具可以用来验证或执行安全策略。

    SECURITY SYSTEM WITH COMPLIANCE CHECKING AND REMEDIATION
    10.
    发明申请
    SECURITY SYSTEM WITH COMPLIANCE CHECKING AND REMEDIATION 有权
    具有合规检查和补救的安全系统

    公开(公告)号:US20090007264A1

    公开(公告)日:2009-01-01

    申请号:US11768596

    申请日:2007-06-26

    IPC分类号: G06F11/00

    CPC分类号: G06F21/577

    摘要: A security system is provided for use with computer systems. In various embodiments, the security system can analyze the state of security of one or more computer systems to determine whether the computer systems comply with expressed security policies and to remediate the computer systems so that they conform with the expressed security policies. In various embodiments, the security system can receive compliance documents, determine whether one or more computer systems comply with portions of security policies specified in the compliance documents, and take actions specified in the compliance documents to cause the computer systems to comply with the specified security policies. The security system may provide a common, unified programming interface that applications or tools can employ to verify or enforce security policies.

    摘要翻译: 提供了一种用于计算机系统的安全系统。 在各种实施例中,安全系统可以分析一个或多个计算机系统的安全状态,以确定计算机系统是否符合所表达的安全策略并修复计算机系统,使得它们符合所表达的安全策略。 在各种实施例中,安全系统可以接收合规文件,确定一个或多个计算机系统是否符合合规文件中指定的安全策略的一部分,并采取合规文件中指定的措施,使计算机系统符合指定的安全性 政策。 安全系统可以提供一个通用的,统一的编程接口,应用程序或工具可以用来验证或执行安全策略。