-
公开(公告)号:US20100086134A1
公开(公告)日:2010-04-08
申请号:US12244888
申请日:2008-10-03
IPC分类号: H04L9/06
CPC分类号: H04L9/08 , G06F21/80 , H04L9/0891
摘要: Full volume encryption can be applied to volumes in a clustering environment. To simplify the maintenance of keys relevant to such encrypted volumes, a cluster key table construct can be utilized, where each entry of the cluster key table corresponds to an encrypted volume and comprises an identification of the encrypted volume and a key needed to access that volume. Keys can be protected by encrypting them with a key specific to each computing device storing the cluster key table. Updates can be propagated among the computing devices in the cluster by first decrypting the keys and then reencrypting them with a key specific to each computing device as they are stored on those computing devices. Access control requirements can also be added to the entries in the cluster key table. Alternative access control requirements can be accommodated by assigning multiple independent entries to a single encrypted volume.
摘要翻译: 完整卷加密可以应用于群集环境中的卷。 为了简化与这种加密卷相关的密钥的维护,可以利用集群密钥表结构,其中集群密钥表的每个条目对应于加密卷,并且包括加密卷的标识和访问该卷所需的密钥 。 可以使用特定于存储群集密钥表的每个计算设备的密钥对密钥进行加密来保护密钥。 可以通过首先对密钥进行解密,然后在每个计算设备存储在这些计算设备上的每个计算设备特定的密钥来重新加密,从而可以在群集中的计算设备之间传播更新。 访问控制要求也可以添加到群集密钥表中的条目。 可以通过将多个独立条目分配给单个加密卷来实现替代的访问控制要求。
-
公开(公告)号:US08411863B2
公开(公告)日:2013-04-02
申请号:US12244888
申请日:2008-10-03
IPC分类号: H04L9/00
CPC分类号: H04L9/08 , G06F21/80 , H04L9/0891
摘要: Full volume encryption can be applied to volumes in a clustering environment. To simplify the maintenance of keys relevant to such encrypted volumes, a cluster key table construct can be utilized, where each entry of the cluster key table corresponds to an encrypted volume and comprises an identification of the encrypted volume and a key needed to access that volume. Keys can be protected by encrypting them with a key specific to each computing device storing the cluster key table. Updates can be propagated among the computing devices in the cluster by first decrypting the keys and then reencrypting them with a key specific to each computing device as they are stored on those computing devices. Access control requirements can also be added to the entries in the cluster key table. Alternative access control requirements can be accommodated by assigning multiple independent entries to a single encrypted volume.
摘要翻译: 完整卷加密可以应用于群集环境中的卷。 为了简化与这种加密卷相关的密钥的维护,可以利用集群密钥表结构,其中集群密钥表的每个条目对应于加密卷,并且包括加密卷的标识和访问该卷所需的密钥 。 可以使用特定于存储群集密钥表的每个计算设备的密钥对密钥进行加密来保护密钥。 可以通过首先对密钥进行解密,然后在每个计算设备存储在这些计算设备上的每个计算设备特定的密钥来重新加密,从而可以在群集中的计算设备之间传播更新。 访问控制要求也可以添加到群集密钥表中的条目。 可以通过将多个独立条目分配给单个加密卷来实现替代的访问控制要求。
-
3.发明授权External encryption and recovery management with hardware encrypted storage devices 有权使用硬件加密存储设备进行外部加密和恢复管理公开(公告)号:US08341430B2
公开(公告)日:2012-12-25
申请号:US12245064
申请日:2008-10-03
IPC分类号: G06F12/14
摘要: Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device.
摘要翻译: 硬件加密存储设备可以提供对正被写入这种存储设备的存储介质的数据的硬件加密以及从该存储介质读取的数据的硬件解密。 为了利用可以更灵活和容纳的现有密钥管理资源,可以开发用于存储由现有资源保护的密钥但不是存储设备的硬件加密的机制。 不具有对应的加密频带的专用分区可用于以非硬件加密的方式存储密钥。 同样,分区可以定义为大于其相关联的加密频带,为非硬件加密存储留下开始和结束的空间。 或者可以使用单独的位来单独指定哪些数据应该是硬件加密的。 另外,自动化过程可以保持计算设备的分区表与硬件加密存储设备的频带表之间的同步。
-
4.发明申请EXTERNAL ENCRYPTION AND RECOVERY MANAGEMENT WITH HARDWARE ENCRYPTED STORAGE DEVICES 有权硬件加密存储设备的外部加密和恢复管理公开(公告)号:US20100088525A1
公开(公告)日:2010-04-08
申请号:US12245064
申请日:2008-10-03
IPC分类号: G06F12/14
摘要: Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device.
摘要翻译: 硬件加密存储设备可以提供对正被写入这种存储设备的存储介质的数据的硬件加密以及从该存储介质读取的数据的硬件解密。 为了利用可以更灵活和容纳的现有密钥管理资源,可以开发用于存储由现有资源保护的密钥但不是存储设备的硬件加密的机制。 不具有对应的加密频带的专用分区可用于以非硬件加密的方式存储密钥。 同样,分区可以定义为大于其相关联的加密频带,为非硬件加密存储留下开始和结束的空间。 或者可以使用单独的位来单独指定哪些数据应该是硬件加密的。 另外,自动化过程可以保持计算设备的分区表与硬件加密存储设备的频带表之间的同步。
-
公开(公告)号:US09245143B2
公开(公告)日:2016-01-26
申请号:US13370232
申请日:2012-02-09
申请人: Dustin Michael Ingalls , Nathan J. Ide , Christopher R. Macaulay , Octavian T. Ureche , Michael J. Grass , Sai Vinayak , Preston Derek Adam
发明人: Dustin Michael Ingalls , Nathan J. Ide , Christopher R. Macaulay , Octavian T. Ureche , Michael J. Grass , Sai Vinayak , Preston Derek Adam
CPC分类号: G06F21/6218 , G06F21/88 , H04L9/0894
摘要: Techniques for providing security policy for device data are described. In implementations, data on a device is stored in an encrypted form. To protect the encrypted data from being decrypted by an unauthorized entity, techniques enable a decryption key to be occluded if an attempt to gain unauthorized access to device data is detected. In implementations, a decryption key can be occluded in a variety of ways, such as by deleting the decryption key, overwriting the encryption key in memory, encrypting the encryption key, and so on. Embodiments enable an occluded decryption key to be recovered via a recovery experience. For example, a recovery experience can include an authentication procedure that requests a recovery password. If a correct recovery password is provided, the occluded decryption key can be provided.
摘要翻译: 描述了为设备数据提供安全策略的技术。 在实现中,设备上的数据以加密形式存储。 为了保护加密的数据不被未经授权的实体解密,如果检测到尝试获得对设备数据的未经授权的访问,技术使解密密钥被遮挡。 在实现中,解密密钥可以以各种方式封闭,例如通过删除解密密钥,覆盖存储器中的加密密钥,加密加密密钥等等。 实施例能够通过恢复体验恢复闭塞的解密密钥。 例如,恢复体验可以包括请求恢复密码的身份验证过程。 如果提供了正确的恢复密码,则可以提供闭塞解密密钥。
-
公开(公告)号:US20130212367A1
公开(公告)日:2013-08-15
申请号:US13370232
申请日:2012-02-09
申请人: Dustin Michael Ingalls , Nathan J. Ide , Christopher R. Macaulay , Octavian T. Ureche , Michael J. Grass , Sai Vinayak , Preston Derek Adam
发明人: Dustin Michael Ingalls , Nathan J. Ide , Christopher R. Macaulay , Octavian T. Ureche , Michael J. Grass , Sai Vinayak , Preston Derek Adam
CPC分类号: G06F21/6218 , G06F21/88 , H04L9/0894
摘要: Techniques for providing security policy for device data are described. In implementations, data on a device is stored in an encrypted form. To protect the encrypted data from being decrypted by an unauthorized entity, techniques enable a decryption key to be occluded if an attempt to gain unauthorized access to device data is detected. In implementations, a decryption key can be occluded in a variety of ways, such as by deleting the decryption key, overwriting the encryption key in memory, encrypting the encryption key, and so on. Embodiments enable an occluded decryption key to be recovered via a recovery experience. For example, a recovery experience can include an authentication procedure that requests a recovery password. If a correct recovery password is provided, the occluded decryption key can be provided.
摘要翻译: 描述了为设备数据提供安全策略的技术。 在实现中,设备上的数据以加密形式存储。 为了保护加密的数据不被未经授权的实体解密,如果检测到尝试获得对设备数据的未经授权的访问,技术使解密密钥被遮挡。 在实现中,解密密钥可以以各种方式封闭,例如通过删除解密密钥,覆盖存储器中的加密密钥,加密加密密钥等等。 实施例能够通过恢复体验恢复闭塞的解密密钥。 例如,恢复体验可以包括请求恢复密码的身份验证过程。 如果提供了正确的恢复密码,则可以提供闭塞解密密钥。
-
公开(公告)号:US08364598B2
公开(公告)日:2013-01-29
申请号:US12578533
申请日:2009-10-13
IPC分类号: G06F21/00
CPC分类号: G06F8/61 , G06F8/65 , G06F9/44505
摘要: A portable device may be roamed from one host to another. In one example, the portable device stores software that is to be executed by a host. The host may maintain a policy that governs which software may be executed on the host. When the portable device is connected to a host, the host checks the software version installed on the guest to determine whether that software version is compatible with the host's policy. If the guest's software does not comply with the host's policy, then the host installs a compatible version. If the guest's version complies with the policy and is newer than the host's version, then the host copies the guest's version to the host and propagates it to other guests. In this way, newer versions of software propagate between hosts and guests, while also respecting specific execution policies of the various hosts.
摘要翻译: 便携式设备可以从一个主机漫游到另一个主机。 在一个示例中,便携式设备存储要由主机执行的软件。 主机可以维护一个管理可以在主机上执行哪个软件的策略。 当便携式设备连接到主机时,主机将检查安装在客户机上的软件版本,以确定该软件版本是否与主机策略兼容。 如果客人的软件不符合主机的策略,则主机将安装兼容版本。 如果客人的版本符合该策略,并且比主机版本更新,则主机会将客人的版本复制到主机,并将其传播给其他来宾。 这样,较新版本的软件在主机和客户端之间传播,同时也遵守各种主机的特定执行策略。
-
公开(公告)号:US08135135B2
公开(公告)日:2012-03-13
申请号:US11635897
申请日:2006-12-08
申请人: Peter N. Biddle , Kenneth D. Ray , Octavian T. Ureche , Erik Holt
发明人: Peter N. Biddle , Kenneth D. Ray , Octavian T. Ureche , Erik Holt
IPC分类号: H04L9/14
CPC分类号: G06F11/1415 , G06F21/6218 , H04L9/0897
摘要: In situations, such as disasters, where the physical protection of data may be compromised, algorithmic protection of such data can be increased in anticipation of the disaster. An off-site mechanism can send a disaster preparation script to computing devices expected to be affected, resulting in the deletion of decryption keys from those computing devices. Once the disaster passes, the off-site mechanism, upon receiving confirmation of the physical integrity of the computing devices, can return one or more decryption keys to the computing devices, enabling access algorithmically protected data. The off-site mechanism can also optionally provide access information that can be used to obtain access to the algorithmically protected data via at least one returned decryption key.
摘要翻译: 在诸如灾害等数据的物理保护可能受到损害的情况下,可以在预测灾难时增加对这些数据的算法保护。 异地机制可以向预期受影响的计算设备发送灾难准备脚本,导致从这些计算设备中删除解密密钥。 一旦灾难通过,异地机制在接收到计算设备的物理完整性的确认之后,可以向计算设备返回一个或多个解密密钥,从而实现对算法保护的数据的访问。 站外机制还可以选择性地提供访问信息,该访问信息可以用于经由至少一个返回的解密密钥来获得对算法保护数据的访问。
-
公开(公告)号:US20100211802A1
公开(公告)日:2010-08-19
申请号:US12388811
申请日:2009-02-19
CPC分类号: G06F21/78
摘要: A storage volume is encrypted using a particular encryption technique, the storage volume including an access application and one or more cover files. The access application can be executed by a computing device having an operating system lacking support for the particular encryption technique, and allows the computing device to access data on the storage volume encrypted using the particular encryption technique.
摘要翻译: 使用特定的加密技术对存储卷进行加密,存储卷包括访问应用和一个或多个封面文件。 访问应用可以由具有对特定加密技术的支持不足的操作系统的计算设备来执行,并且允许计算设备访问使用特定加密技术加密的存储卷上的数据。
-
公开(公告)号:US20080141040A1
公开(公告)日:2008-06-12
申请号:US11635897
申请日:2006-12-08
申请人: Peter N. Biddle , Kenneth D. Ray , Octavian T. Ureche , Erik Holt
发明人: Peter N. Biddle , Kenneth D. Ray , Octavian T. Ureche , Erik Holt
CPC分类号: G06F11/1415 , G06F21/6218 , H04L9/0897
摘要: In situations, such as disasters, where the physical protection of data may be compromised, algorithmic protection of such data can be increased in anticipation of the disaster. An off-site mechanism can send a disaster preparation script to computing devices expected to be affected, resulting in the deletion of decryption keys from those computing devices. Once the disaster passes, the off-site mechanism, upon receiving confirmation of the physical integrity of the computing devices, can return one or more decryption keys to the computing devices, enabling access algorithmically protected data. The off-site mechanism can also optionally provide access information that can be used to obtain access to the algorithmically protected data via at least one returned decryption key.
摘要翻译: 在诸如灾害等数据的物理保护可能受到损害的情况下,可以在预测灾难时增加对这些数据的算法保护。 异地机制可以向预期受影响的计算设备发送灾难准备脚本,导致从这些计算设备中删除解密密钥。 一旦灾难通过,异地机制在接收到计算设备的物理完整性的确认之后,可以向计算设备返回一个或多个解密密钥,从而实现对算法保护的数据的访问。 站外机制还可以选择性地提供访问信息,该访问信息可以用于经由至少一个返回的解密密钥来获得对算法保护数据的访问。
-
-
-
-
-
-
-
-
-
搜索结果
41 条记录 (耗时 0.021 秒)
