-
公开(公告)号:US20140108814A1
公开(公告)日:2014-04-17
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T. Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
IPC分类号: G06F21/60
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
公开(公告)号:US09058497B2
公开(公告)日:2015-06-16
申请号:US12978266
申请日:2010-12-23
申请人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
发明人: Vijay G. Bharadwaj , Niels T Ferguson , Carl M. Ellison , Magnus Bo Gustaf Nyström , Dayi Zhou , Denis Issoupov , Octavian T. Ureche , Peter J. Novotney , Cristian M. Ilac
CPC分类号: G06F21/602 , G06F2221/2141 , H04L9/0836 , H04L9/0866
摘要: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.
摘要翻译: 描述密码密钥管理技术。 在一个或多个实现中,读取包括具有多个原子的布尔表达式的访问控制规则。 请求与访问控制规则中的多个原子对应的密码密钥。 然后使用一个或多个密码密钥对数据执行一个或多个加密操作。
-
公开(公告)号:US08462955B2
公开(公告)日:2013-06-11
申请号:US12793455
申请日:2010-06-03
申请人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
发明人: Octavian T. Ureche , Nils Dussart , Michael A. Halcrow , Charles G. Jeffries , Nathan T. Lewis , Cristian M. Ilac , Innokentiy Basmov , Magnus Bo Gustaf Nyström , Niels T. Ferguson
CPC分类号: H04L9/0894 , H04L9/0822 , H04L63/061 , H04L2463/062
摘要: An online key stored by a remote service is generated or otherwise obtained, and a storage media (as it applies to the storage of data on a physical or virtual storage media) master key for encrypting and decrypting a physical or virtual storage media or encrypting and decrypting one or more storage media encryption keys that are used to encrypt a physical or virtual storage media is encrypted based at least in part on the online key. A key protector for the storage media is stored, the key protector including the encrypted master key. The key protector can be subsequently accessed, and the online key obtained from the remote service. The master key is decrypted based on the online key, allowing the one or more storage media encryption keys that are used to decrypt the storage media to be decrypted.
摘要翻译: 生成或以其他方式获得由远程服务存储的在线密钥,以及存储介质(适用于存储物理或虚拟存储介质上的数据)主密钥,用于加密和解密物理或虚拟存储介质或加密和 至少部分地基于在线密钥来加密用于加密物理或虚拟存储介质的一个或多个存储介质加密密钥的解密。 存储存储介质的密钥保护器,密钥保护器包括加密的主密钥。 随后可以访问密钥保护器,并从远程服务获取在线密钥。 主密钥基于在线密钥解密,允许用于解密存储介质的一个或多个存储介质加密密钥被解密。
-
公开(公告)号:US08885833B2
公开(公告)日:2014-11-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US20120257759A1
公开(公告)日:2012-10-11
申请号:US13084207
申请日:2011-04-11
申请人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
发明人: Benjamin E. Nick , Magnus Bo Gustaf Nyström , Cristian M. Ilac , Niels T. Ferguson , Nils Dussart
IPC分类号: H04L9/00
CPC分类号: H04L9/0894 , G06F21/6209 , H04L9/0822
摘要: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
摘要翻译: 在密钥恢复服务处接收到对设备的关键恢复请求,并且识别出多个一次性恢复凭证的序列中的特定一次性恢复凭证。 在多次一次性恢复凭据的顺序中,序列中的以前的一次性恢复凭证在序列中的后续一次恢复凭证中是不可确定的。 还识别与该设备相关联的恢复密钥。 序列中特定的一次性恢复凭证基于恢复密钥生成,并响应于密钥恢复请求而返回。 然后,设备可以使用特定的一次性恢复凭证来解密存储在设备的存储介质上的加密数据。
-
公开(公告)号:US20120294445A1
公开(公告)日:2012-11-22
申请号:US13108883
申请日:2011-05-16
CPC分类号: H04L9/083 , H04L9/0863 , H04L9/0894 , H04L9/3263
摘要: In accordance with one or more aspects, a storage structure including both an encrypted credential and an encrypted password is obtained. A key can be obtained from a key distribution service and the encrypted password decrypted, based on the key, to obtain a password. The encrypted credential is decrypted, based on the password to obtain the credential. Both devices able to obtain the key from the key distribution service, and devices otherwise able to obtain the password, are able to obtain the credential by decrypting the encrypted credential.
摘要翻译: 根据一个或多个方面,获得包括加密凭证和加密密码的存储结构。 可以从密钥分发服务和密钥解密的密钥获得密钥以获得密码。 加密凭证根据密码进行解密以获取凭据。 能够从密钥分发服务获得密钥的两个设备以及能够获得密码的设备能够通过解密加密的凭证来获取凭证。
-
公开(公告)号:US09281948B2
公开(公告)日:2016-03-08
申请号:US13370185
申请日:2012-02-09
CPC分类号: H04L9/3268 , G06F21/6209 , H04L63/0823 , H04L63/20
摘要: Techniques for providing revocation information for revocable items are described. In implementations, a revocation service is employed to manage revocation information for various revocable items. For example, the revocation service can maintain a revoked list that includes revoked revocable items, such as revoked digital certificates, revoked files (e.g., files that are considered to the unsafe), unsafe network resources (e.g., a website that is determined to be unsafe), and so on. In implementations, the revocation service can communicate a revoked list to a client device to enable the client device to maintain an updated list of revocation information.
摘要翻译: 描述了可撤销项目的撤销信息提供技术。 在实现中,使用撤销服务来管理各种可撤销项目的撤销信息。 例如,撤销服务可以维护撤销的列表,其中包括撤销的可撤销项目,例如撤销的数字证书,撤销的文件(例如,被认为是不安全的文件),不安全的网络资源(例如,确定为 不安全),等等。 在实现中,撤销服务可以将撤销的列表传送到客户端设备,以使客户端设备能够维护更新的撤销信息列表。
-
公开(公告)号:US20130054977A1
公开(公告)日:2013-02-28
申请号:US13221699
申请日:2011-08-30
IPC分类号: G06F12/14
CPC分类号: G06F21/6218 , G06F3/062 , G06F3/0638
摘要: To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, an encrypted chunks map is accessed. The encrypted chunks map identifies whether, for each chunk of sectors of a storage volume, the sectors in the chunk are unencrypted. In response to a request to write content to a sector, the encrypted chunks map is checked to determine whether a chunk that includes the sector is unencrypted. If the chunk that includes the sector is unencrypted, then the sectors in the chunk are encrypted, and the content is encrypted and written to the sector. If the chunk that includes the sector is encrypted or not in use, then the content is encrypted and written to the sector.
摘要翻译: 为了遵守计算设备的策略,指示在激活策略之后由计算设备写入存储卷的数据被加密,则访问加密的块映射。 加密的块映射识别对于存储卷的扇区的每个块,是否未加密块中的扇区。 响应于将内容写入扇区的请求,检查加密的块映射以确定包括扇区的块是否未被加密。 如果包含扇区的块未被加密,则块中的扇区被加密,并且内容被加密并写入扇区。 如果包含扇区的块被加密或不被使用,则内容被加密并写入扇区。
-
公开(公告)号:US08984597B2
公开(公告)日:2015-03-17
申请号:US12789160
申请日:2010-05-27
CPC分类号: G06F21/6218 , G06F21/6263 , G06F2221/2105 , G06F2221/2115 , G06F2221/2141 , H04L9/3226 , H04L63/08 , H04L63/0884 , H04L63/166 , H04L67/142 , H04L2209/80
摘要: An access component sends an access request to an intermediary component, the access request being a request to access a service or resource without credentials of a current user of the intermediary component being revealed to the access component. The intermediary component obtains user credentials, for the current user, that are associated with the service or resource. The access request and the user credentials are sent to the service or resource, and in response session state information is received from the service or resource. The session state information is returned to the access component, which allows the access component and the service or resource to communicate with one another based on the session state information and independently of the first component.
摘要翻译: 访问组件向中间组件发送访问请求,所述访问请求是访问服务或资源的请求,而没有中继组件的当前用户的凭证被显示给访问组件。 中间组件获得与服务或资源相关联的当前用户的用户凭证。 访问请求和用户凭证被发送到服务或资源,并且响应于从服务或资源接收会话状态信息。 会话状态信息被返回到访问组件,其允许访问组件和服务或资源基于会话状态信息彼此通信并且独立于第一组件。
-
公开(公告)号:US20130212383A1
公开(公告)日:2013-08-15
申请号:US13370185
申请日:2012-02-09
IPC分类号: H04L29/06
CPC分类号: H04L9/3268 , G06F21/6209 , H04L63/0823 , H04L63/20
摘要: Techniques for providing revocation information for revocable items are described. In implementations, a revocation service is employed to manage revocation information for various revocable items. For example, the revocation service can maintain a revoked list that includes revoked revocable items, such as revoked digital certificates, revoked files (e.g., files that are considered to the unsafe), unsafe network resources (e.g., a website that is determined to be unsafe), and so on. In implementations, the revocation service can communicate a revoked list to a client device to enable the client device to maintain an updated list of revocation information.
摘要翻译: 描述了可撤销项目的撤销信息提供技术。 在实现中,使用撤销服务来管理各种可撤销项目的撤销信息。 例如,撤销服务可以维护撤销的列表,其中包括撤销的可撤销项目,例如撤销的数字证书,撤销的文件(例如,被认为是不安全的文件),不安全的网络资源(例如,确定为 不安全),等等。 在实现中,撤销服务可以将撤销的列表传送到客户端设备,以使客户端设备能够维护更新的撤销信息列表。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.048 秒)
