公开(公告)号：WO2023028282A1

公开(公告)日：2023-03-02

申请号：PCT/US2022/041616

申请日：2022-08-26

Applicant: THALES DIS CPL USA, INC.

Inventor： GUPTA, Rajesh ,  SCOTT, Peter ,  BROMBERGER, Jeff ,  NANDODE, Rohan

IPC: G06F21/62 ,  G06F21/78

Abstract: The present invention provides a method for controlling access to a disk device (7) connected to an execution platform (1), the method comprising - reserving a first region (9) of the disk device (7) and storing an unique disk label (11) in said first region (9), wherein said first region (9) is not encrypted, - encrypting a second region (10) of the disk device (7), wherein the second region (10) includes user data and file information, said method further comprises providing a cipher agent (12) running on said execution platform (1) and carrying out the following steps in case an opening of the disk device (7) is requested, - reading the unique disk label (11) stored in the first region (9), - retrieving a protection policy for the disk device (7) based on the unique disk label (11) and - handling the further access to the disk device (7) based on the protection policy.

公开(公告)号：WO2022259012A1

公开(公告)日：2022-12-15

申请号：PCT/IB2021/054982

申请日：2021-06-07

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)

Inventor： LINDSKOG, Niklas ,  ENGLUND, Håkan

IPC: G06F21/78 ,  G06F21/30 ,  G06F21/62 ,  H04L9/08 ,  H04L9/32

Abstract: Systems and methods are disclosed herein for protecting data in a storage device by encrypting or decrypting the data with a Data Encryption Key (DEK). The storage device is communicatively coupled to a host. In one example, the storage device receives a credential from the host and authenticates the credential with a transformed credential. A Physically Unclonable Function (PUF) generates a PUF response based on a challenge, responsive to successful authentication of the credential from the host. Based on the PUF response, a DEK generation module in the storage device generates a DEK. A crypto module in the storage device uses the DEK and performs encryption of data to be stored in the storage device and/or decryption of data being assessed by the host.

公开(公告)号：WO2022211663A1

公开(公告)日：2022-10-06

申请号：PCT/RU2021/000218

申请日：2021-05-27

Applicant: ПУБЛИЧНОЕ АКЦИОНЕРНОЕ ОБЩЕСТВО "СБЕРБАНК РОССИИ"

Inventor： ВАСИЛЬЕВ, Артем Васильевич ,  БОРИСОВ, Дмитрий Алексеевич ,  ЯСТРЕМБСКИЙ, Андрей Николаевич ,  КРЫЛОВ, Максим Андреевич ,  ЕРМОЛЮК, Антон Олегович

IPC: G06F21/16 ,  G06F21/60 ,  G06T1/00 ,  G06F21/78 ,  G06T9/00

Abstract: Заявленное техническое решение относится к области защиты цифровых данных, в частности конфиденциальной и чувствительной информации, отображаемой на экране электронного устройства, с помощью внедрения цифровых меток (ЦМ). Заявленный способ защиты информации, отображаемой на мониторе вычислительного устройства (ВУ), выполняемого с помощью процессор, содержит этапы, на которых: получают информацию для кодирования, содержащую по меньшей мере данные о времени и дате, а также идентификатор пользователя и/или ВУ; кодируют полученную информацию в цифровую метку (ЦМ), при этом ЦМ представляет собой блок, состоящий из графических элементов, которые размещаются геометрическим паттерном, причем цвет элементов ЦМ формируется в цветовой схеме монитора, представляющей собой ортогональный базис; формируют подложку с установленным уровнем прозрачности, выводимую на экран монитора ВУ, на которой располагаются цифровые метки, конфигурация, схема размещения и количество которых определяется параметрами, содержащими по меньшей мере цветовую схему монитора и его разрешающую способность.

公开(公告)号：WO2022156588A1

公开(公告)日：2022-07-28

申请号：PCT/CN2022/071757

申请日：2022-01-13

Applicant: 华为技术有限公司

Inventor： 刘佳阳 ,  郭亮 ,  朱金伟

IPC: G06F21/60 ,  G06F21/62 ,  G06F21/78 ,  G06F16/22

Abstract: 本申请公开了一种数据管理的方法，该方法包括客户端可以根据明文数据的信息确定密文索引值，并将该密文索引值发送给云设备，云设备可以在索引结构(如:B-tree)中建立密文索引值与该明文数据对应的密文数据的存储位置的信息之间的对应关系，或者根据密文索引值从索引结构中查找该密文数据的存储位置，进而执行对密文数据的操作。本申请中，以密文索引值代替数据列中的字段作为常规有序索引中的键值实现对密文数据的查找，无需增加数据表字段就可以对表格中存储的密文数据进行基于顺序的查询，从而减少因用于存储密文数据的表格膨胀而占用的空间，提高了云设备中对存储数据的可扩展性。

公开(公告)号：WO2022067168A1

公开(公告)日：2022-03-31

申请号：PCT/US2021/052168

申请日：2021-09-27

Applicant: SAUDI ARABIAN OIL COMPANY ,  ARAMCO SERVICES COMPANY

Inventor： AL-ISMAIL, Adnan M.

IPC: G06F21/57 ,  G06F21/62 ,  G06F21/78 ,  H04L29/06 ,  H04L29/08

Abstract: Systems and methods include a computer-implemented method: A number of process information (PI) tags are mapped to data elements of a local PI server of an isolated network. At a first time, a first application is executed at the isolated network to read and concatenate data on the isolated network corresponding to the tags and to replicate the data elements corresponding to temporary storage on the local PI server. A replicated data package is generated by the first application using the temporary storage. The replicated data package is transmissible through a firewall of a corporate network different from the isolated network. At a second time after the first time, a second application is executed at the corporate network to read data elements from the replicated data package corresponding to counterpart tags of the tags and to replicate the data elements according to instructions in the counterpart tags.

公开(公告)号：WO2022038360A1

公开(公告)日：2022-02-24

申请号：PCT/GB2021/052153

申请日：2021-08-19

Applicant: UNIVERSITY OF HERTFORDSHIRE HIGHER EDUCATION CORPORATION

Inventor： CHRISTIANSON, Bruce Donald ,  SHAFARENKO, Alex

IPC: G06F21/78 ,  G09C1/00 ,  G06F12/14 ,  G06F21/52 ,  H04L9/00 ,  H04L9/32 ,  G06F21/79

Abstract: This invention provides a probabilistically digital tamper proof container for data, a method for loading the data onto the container and a method for subsequently reading the data from the container whilst simultaneously verifying that the data loaded onto the container hasn't been read previously.

公开(公告)号：WO2022001879A1

公开(公告)日：2022-01-06

申请号：PCT/CN2021/102413

申请日：2021-06-25

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM (CHINA) CO., LIMITED

Inventor： BRODIE, Rob ,  ALCORN, John, William ,  CAINE, Jeremy ,  HINTERMEISTER, Gregory, R. ,  VEIT, Max

IPC: G06F21/00 ,  G06F16/17 ,  G06F21/6209 ,  G06F21/78 ,  G06F2221/2143

Abstract: A method can include receiving a read request from a client program. The method can further include obtaining, in response to receiving the read request, one or more secrets from a secrets store. The obtaining can include storing the one or more secrets in a storage location. The method can further include initiating, in response to the read request, a transmission of the one or more secrets to the client program. The method can further include deleting the one or more secrets from the storage location.

公开(公告)号：WO2021191578A1

公开(公告)日：2021-09-30

申请号：PCT/GB2021/050253

申请日：2021-02-05

Applicant: ARM LIMITED

Inventor： ELAD, Yuval ,  PARKER, Jason

IPC: G06F21/60 ,  G06F11/22 ,  G06F12/14 ,  H04L29/06 ,  G06F21/78 ,  G06F12/1416 ,  G06F21/57 ,  G06F21/606 ,  G06F21/71 ,  G06F2212/1052 ,  G11C2029/4402 ,  G11C29/022 ,  G11C29/025 ,  G11C29/24 ,  G11C29/44 ,  H04L63/0428 ,  H04L63/062

Abstract: There is provided a data processing apparatus, which is suitable for verifying memory systems. Processing circuitry issues a plurality of memory access requests to a plurality of addresses in a memory. Point-of-trust circuitry receives the memory access requests from the processing circuitry via a first set of intermediate circuits. Secure channel circuitry enables secure communication of a correspondence between the plurality of addresses from the processing circuitry to the point-of-trust circuitry. The point-of-trust circuitry determines whether the addresses in the memory of the memory access requests received via the first set of intermediate circuits have a predetermined relationship based on the correspondence.

公开(公告)号：WO2021164167A1

公开(公告)日：2021-08-26

申请号：PCT/CN2020/098033

申请日：2020-06-24

Applicant: 苏州浪潮智能科技有限公司

Inventor： 邢希双

IPC: G06F21/78

Abstract: 一种密钥存取方法、装置、系统、设备和存储介质，当接收到业务数据时，按照预先设定的密钥生成规则，生成与业务数据相对应的应用标识和密钥数据；按照设定的算法对密钥数据进行格式转换。将应用标识和格式转换后的密钥数据保存至内核内存以及设定的物理硬盘中，实现了密钥数据的持久性保存；当获取到业务应用程序发送的携带有目标应用标识的密钥获取请求时，从内核内存中获取相对应的目标密钥数据。操作系统启动时，内核空间的启动先于所有应用程序启动，通过将密钥数据保存至内核内存，能够很好的保护密钥数据不被破坏。无需借助额外的硬件设备，在保证密钥数据的机密性和可用性的同时，降低了对密钥数据进行安全保护的成本。

公开(公告)号：WO2021162792A1

公开(公告)日：2021-08-19

申请号：PCT/US2020/067072

申请日：2020-12-26

Applicant: INTEL CORPORATION

Inventor： DURHAM, David M. ,  LEMAY, Michael D. ,  SULTANA, Salmin ,  GREWAL, Karanvir S. ,  KOUNAVIS, Michael E. ,  DEUTSCH, Sergej ,  WEILER, Andrew James ,  BASAK, Abhishek ,  BAUM, Dan ,  GHOSH, Santosh

IPC: G06F21/78 ,  G06F21/72 ,  G06F12/14 ,  H04L9/06 ,  H04L9/08

Abstract: A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system running on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.