-
公开(公告)号:US20140108814A1
公开(公告)日:2014-04-17
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
IPC分类号: G06F21/60
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
公开(公告)号:US09058497B2
公开(公告)日:2015-06-16
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
3.发明授权公开(公告)号:US08838981B2
公开(公告)日:2014-09-16
申请号:US13614612
申请日:2012-09-13
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略以及信道标识符和使用策略上的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
4.发明申请公开(公告)号:US20130007463A1
公开(公告)日:2013-01-03
申请号:US13614612
申请日:2012-09-13
IPC分类号: H04L9/30
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略,以及通过信道标识符和使用策略的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
5.发明授权公开(公告)号:US08296564B2
公开(公告)日:2012-10-23
申请号:US12372476
申请日:2009-02-17
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略,以及通过信道标识符和使用策略的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
公开(公告)号:US20110019820A1
公开(公告)日:2011-01-27
申请号:US12506568
申请日:2009-07-21
CPC分类号: H04L63/205 , G06F21/606 , H04L9/3247 , H04L2209/80
摘要: A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.
摘要翻译: 获得一组用于通信信道的安全权利要求,该组安全权利要求包括一个或多个安全权利要求,每个安全权利要求各自标识通信信道的安全特性。 存储安全声明,以及由实体在该组安全声明上生成的数字签名。 随后当计算设备将数据传送到通信信道和/或从通信信道传送数据时,随后访问安全声明和数字签名。 将该组安全声明与计算设备的安全策略进行比较,并且识别对该组安全声明进行数字签名的实体。 至少部分地基于所述比较和对所述一组安全权利要求进行数字签名的实体来确定所述计算设备将用于向所述通信信道传送数据和/或从所述通信信道传送数据的一个或多个安全预防措施。
-
公开(公告)号:US08914874B2
公开(公告)日:2014-12-16
申请号:US12506568
申请日:2009-07-21
CPC分类号: H04L63/205 , G06F21/606 , H04L9/3247 , H04L2209/80
摘要: A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.
摘要翻译: 获得一组用于通信信道的安全权利要求,该组安全权利要求包括一个或多个安全权利要求,每个安全权利要求各自标识通信信道的安全特性。 存储安全声明,以及由实体在该组安全声明上生成的数字签名。 随后当计算设备将数据传送到通信信道和/或从通信信道传送数据时,随后访问安全声明和数字签名。 将该组安全声明与计算设备的安全策略进行比较,并且识别对该组安全声明进行数字签名的实体。 至少部分地基于所述比较和对所述一组安全权利要求进行数字签名的实体来确定所述计算设备将用于向所述通信信道传送数据和/或从所述通信信道传送数据的一个或多个安全预防措施。
-
8.发明申请公开(公告)号:US20100211792A1
公开(公告)日:2010-08-19
申请号:US12372476
申请日:2009-02-17
CPC分类号: H04L9/3247 , H04L63/102 , H04L63/126
摘要: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
摘要翻译: 通信信道具有关联的信道认证器,其包括信道标识符,识别通信信道的所有者如何指示通信信道的使用策略,以及通过信道标识符和使用策略的数字签名。 可以由计算设备来验证通信信道的标识符和使用策略,并且通过使用策略来检查计算设备的当前安全策略是否被满足。 至少部分地基于使用策略来满足当前安全策略以及通信信道的标识符和使用策略是否被验证,允许计算设备被允许对通信信道的访问。
-
公开(公告)号:US08364984B2
公开(公告)日:2013-01-29
申请号:US12404007
申请日:2009-03-13
申请人: Charles G. Jeffries , Vijay G. Bharadwaj , Michael J. Grass , Matthew C. Setzer , Gaurav Sinha , Carl M. Ellison
发明人: Charles G. Jeffries , Vijay G. Bharadwaj , Michael J. Grass , Matthew C. Setzer , Gaurav Sinha , Carl M. Ellison
CPC分类号: G06F21/6209 , G06F2221/2107 , G06F2221/2115 , G06F2221/2151
摘要: A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion.
摘要翻译: 便携式安全数据文件包括加密数据部分和元数据部分。 当接收到与用于访问便携式安全数据文件的设备的当前用户相关联的请求时,访问元数据部分中的一个或多个记录以确定当前用户是否被允许访问加密数据部分中的文件数据。 如果记录指示用户被允许访问文件数据,则使用该记录中的内容加密密钥对加密的数据部分进行解密。
-
公开(公告)号:US20100235649A1
公开(公告)日:2010-09-16
申请号:US12404007
申请日:2009-03-13
申请人: Charles G. Jeffries , Vijay G. Bharadwaj , Michael J. Grass , Matthew C. Setzer , Gaurav Sinha , Carl M. Ellison
发明人: Charles G. Jeffries , Vijay G. Bharadwaj , Michael J. Grass , Matthew C. Setzer , Gaurav Sinha , Carl M. Ellison
CPC分类号: G06F21/6209 , G06F2221/2107 , G06F2221/2115 , G06F2221/2151
摘要: A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion.
摘要翻译: 便携式安全数据文件包括加密数据部分和元数据部分。 当接收到与用于访问便携式安全数据文件的设备的当前用户相关联的请求时,访问元数据部分中的一个或多个记录以确定当前用户是否被允许访问加密数据部分中的文件数据。 如果记录指示用户被允许访问文件数据,则使用该记录中的内容加密密钥对加密的数据部分进行解密。
-
-
-
-
-
-
-
-
-
搜索结果
81 条记录 (耗时 0.039 秒)
