-
公开(公告)号:US20110087896A1
公开(公告)日:2011-04-14
申请号:US12577846
申请日:2009-10-13
申请人: Stefan Thom , Cristian Marius Ilac
发明人: Stefan Thom , Cristian Marius Ilac
IPC分类号: G06F12/14
CPC分类号: G06F21/34 , G06F21/57 , G06F21/72 , G06F2221/2105 , G06F2221/2141 , G06F2221/2143
摘要: Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation.
摘要翻译: 临时敏感信息可以存储在TPM的非易失性存储器中,从而可以安全地,不可避免地删除TPM。 此外,存储在TPM中的信息可以保护存储在可通信可断开的存储介质上的信息,使得当通信地断开时,存储在这样的介质上的信息是不可访问的。 可以通过存储在TPM中的密钥来保护整个卷加密服务密钥,并且即使保护器仍然可访问,TPM的密钥的安全删除防止未经授权的泄漏整个卷加密服务密钥。 另外,TPM存储的数据只有当计算设备处于特定状态时才被释放,如PCR所确定的。 休眠图像可以被加密,并且与TPM一起存储的密钥使得它被释放以解密图像,并且仅在休眠期间状态没有重大变化时恢复活动计算。
-
公开(公告)号:US08250379B2
公开(公告)日:2012-08-21
申请号:US12577846
申请日:2009-10-13
申请人: Stefan Thom , Cristian Marius Ilac
发明人: Stefan Thom , Cristian Marius Ilac
IPC分类号: G06F21/00
CPC分类号: G06F21/34 , G06F21/57 , G06F21/72 , G06F2221/2105 , G06F2221/2141 , G06F2221/2143
摘要: Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation.
摘要翻译: 临时敏感信息可以存储在TPM的非易失性存储器中,从而可以安全地,不可避免地删除TPM。 此外,存储在TPM中的信息可以保护存储在可通信可断开的存储介质上的信息,使得当通信地断开时,存储在这样的介质上的信息是不可访问的。 可以通过存储在TPM中的密钥来保护整个卷加密服务密钥,并且即使保护器仍然可访问,TPM的密钥的安全删除防止未经授权的泄漏整个卷加密服务密钥。 另外,TPM存储的数据只有当计算设备处于特定状态时才被释放,如PCR所确定的。 休眠图像可以被加密,并且与TPM一起存储的密钥使得它被释放以解密图像,并且仅在休眠期间状态没有重大变化时恢复活动计算。
-
公开(公告)号:US07895590B2
公开(公告)日:2011-02-22
申请号:US10934343
申请日:2004-09-03
申请人: Gary S Henderson , David Switzer , Chung Yiu Chow , Cristian Marius Ilac , Cathelijne Bertels , Richard J Swaney
发明人: Gary S Henderson , David Switzer , Chung Yiu Chow , Cristian Marius Ilac , Cathelijne Bertels , Richard J Swaney
IPC分类号: G06F9/44 , G06F9/445 , G06F15/177
摘要: An update at shutdown process is disclosed that installs software updates on a computer during the computer's shutdown procedures. On a computing device with an automated shutdown procedure, during the shutdown procedure an update at shutdown process is executed. The update at shutdown process evaluates whether any software updates are currently stored, or are locally available, on the computing device. If there are software updates to be installed, a further evaluation determines whether any of the software updates may be installed without any user interaction. Accordingly, each downloaded/locally available software update that is identified as being installable without user interaction, is installed during the shutdown procedure, thus minimizing the impact that the software updates have on the computer user's use time.
摘要翻译: 披露了在关机过程中的更新,在计算机关机过程中,在计算机上安装软件更新。 在具有自动关机过程的计算设备上,在关机过程中,执行关机过程中的更新。 关机过程中的更新会评估计算设备上是否存在任何软件更新或本地可用。 如果要安装软件更新,则进一步的评估可确定是否可以在没有任何用户交互的情况下安装任何软件更新。 因此,在关闭过程期间安装被识别为可安装而无用户交互的每个下载/本地可用的软件更新,从而最小化软件更新对计算机用户的使用时间的影响。
-
公开(公告)号:US07571311B2
公开(公告)日:2009-08-04
申请号:US11096829
申请日:2005-04-01
申请人: Cristian Marius Ilac , Karthik Jaganathan , Murli D. Satagopan , Tarek Bahna El-Din Mahmoud Kamel , Todd F. Stecher
发明人: Cristian Marius Ilac , Karthik Jaganathan , Murli D. Satagopan , Tarek Bahna El-Din Mahmoud Kamel , Todd F. Stecher
IPC分类号: H04L9/32
CPC分类号: H04L9/3213 , H04L9/0833
摘要: Branch domain controllers (DCs) contain read only replicas of the data in a normal domain DC. This includes information about the groups a user belongs to so it can be used to determine authorization information. Password information, however, is desirably replicated to the branch DCs only for users and services (including machines) designated for that particular branch. Moreover, all write operations are desirably handled by hub DCs, the primary domain controller (PDC), or other DCs trusted by the corporate office. Rapid authentication and authorization in branch offices is supported using Kerberos sub-realms in which each branch office operates as a virtual realm. The Kerberos protocol employs different key version numbers to distinguish between the virtual realms of the head and branch key distribution centers (KDCs). Accounts may be named krbtgt_ where is carried in the kvno field of the ticket granting ticket (TGT) to indicate to the hub KDC which krbtgt′ key was used to encrypt the TGT.
摘要翻译: 分支域控制器(DC)包含正常域DC中数据的只读副本。 这包括有关用户所属组的信息,因此可用于确定授权信息。 然而,密码信息仅适用于指定用于该特定分支的用户和服务(包括机器)的分支DC。 而且,所有的写入操作都希望由集线器DC,主域控制器(PDC)或公司办公室信任的其他DC来处理。 使用Kerberos子域支持分支机构的快速身份验证和授权,每个分支机构都将其作为虚拟领域运行。 Kerberos协议使用不同的密钥版本号来区分头部和分支密钥分发中心(KDC)的虚拟领域。 账户可以被命名为krbtgt_
,其中 被携带在票据授予票据(TGT)的kvno字段中,以向集线器KDC指示哪个krbtgt'密钥用于加密TGT。
-
-
-
搜索结果
4 条记录 (耗时 0.015 秒)