专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08116455B1 System and method for securely initializing and booting a security appliance 有权
标题翻译：用于安全地初始化和引导安全设备的系统和方法
公开(公告)号：US08116455B1
公开(公告)日：2012-02-14
申请号：US11540300
申请日：2006-09-29
申请人： Robert Jan Sussland , Ananthan Subramanian , Lawrence Wen-Hao Chang
发明人： Robert Jan Sussland , Ananthan Subramanian , Lawrence Wen-Hao Chang
IPC分类号： H04L9/00 , H04L9/08 , H04L9/14 , H04L29/06
CPC分类号： H04L9/0822 , G06F21/575 , H04L9/3234 , H04L63/06
摘要： A system and method provides for secure initialization and booting of a security appliance. The security appliance cooperates with a “smart” system card to provide cryptographic information needed to boot the security appliance in accordance with a secure boot procedure. The initialization procedure commences once the security appliance detects the presence of the smart card. The smart card and an encryption processor perform an authentication and key exchange procedure to establish a secure communication channel between them. The system card then loads a twice wrapped master key from a configuration database and decrypts the master key using a key associated with the system card. The wrapped master key is then forwarded via the secure communication channel to the encryption processor, which decrypts the wrapped key using a key associated therewith and enters an operating state using the decrypted master key.
摘要翻译：系统和方法提供安全设备的安全初始化和启动。安全设备与“智能”系统卡协同工作，以根据安全启动过程提供引导安全设备所需的加密信息。一旦安全设备检测到智能卡的存在，则初始化过程开始。智能卡和加密处理器执行认证和密钥交换过程以在它们之间建立安全的通信信道。然后，系统卡从配置数据库加载两次包装的主密钥，并使用与系统卡相关联的密钥解密主密钥。然后将包裹的主密钥通过安全通信信道转发到加密处理器，加密处理器使用与之相关联的密钥对包裹的密钥进行解密，并使用解密的主密钥进入操作状态。

2. 发明授权

US08397083B1 System and method for efficiently deleting a file from secure storage served by a storage system 有权
标题翻译：用于从存储系统服务的安全存储中有效地删除文件的系统和方法
公开(公告)号：US08397083B1
公开(公告)日：2013-03-12
申请号：US11508430
申请日：2006-08-23
申请人： Robert Jan Sussland , Lawrence Wen-Hao Chang , Ananthan Subramanian
发明人： Robert Jan Sussland , Lawrence Wen-Hao Chang , Ananthan Subramanian
IPC分类号： H04L29/06
CPC分类号： H04L67/1097 , H04L9/0894 , H04L63/0478 , H04L63/062 , H04L63/102 , H04L2463/062
摘要： A system and method efficiently deletes a file from secure storage, i.e., a cryptainer, served by a storage system. The cryptainer is configured to store a plurality of files, each of which stores an associated file key within a special metadata portion of the file. Notably, special metadata is created by a security appliance coupled to the storage system and attached to each file to thereby create two portions of the file: the special metadata portion and the main, “file data” portion. The security appliance then stores the file key within the specially-created metadata portion of the file. A cryptainer key is associated with the cryptainer. Each file key is used to encrypt the file data portion within its associated file and the cryptainer key is used to encrypt the part of the special metadata portion of each file. To delete the file from the cryptainer, the file key of the file is deleted and the special metadata portions of all other files stored in the cryptainer are re-keyed using a new cryptainer key. Thereafter, the “old” cryptainer key is deleted.
摘要翻译：系统和方法从存储系统服务的安全存储（即，密码器）中有效地删除文件。密码器被配置为存储多个文件，每个文件在文件的特殊元数据部分内存储相关联的文件密钥。值得注意的是，由耦合到存储系统并附着到每个文件的安全设备创建特殊元数据，从而创建文件的两个部分：特殊元数据部分和主文件数据部分。然后，安全设备将文件密钥存储在文件的特殊创建的元数据部分中。一个密码密钥与密码子相关联。每个文件密钥用于加密其关联文件中的文件数据部分，并且密码密钥用于加密每个文件的特殊元数据部分的一部分。要从cryptainer中删除文件，文件的文件密钥将被删除，并且使用新的密码密钥重新键入存储在cryptainer中的所有其他文件的特殊元数据部分。此后，旧的密码键被删除。

3. 发明授权

US07958356B1 System and method for establishing a shared secret among nodes of a security appliance 有权
标题翻译：在安全设备的节点之间建立共享密钥的系统和方法
公开(公告)号：US07958356B1
公开(公告)日：2011-06-07
申请号：US11540441
申请日：2006-09-29
申请人： Ananthan Subramanian , Robert Jan Sussland , Lawrence Wen-Hao Chang
发明人： Ananthan Subramanian , Robert Jan Sussland , Lawrence Wen-Hao Chang
IPC分类号： H04L9/32 , H04L9/00 , H04L9/08 , H04L9/12
CPC分类号： H04L9/0841
摘要： A system and method securely establishes a shared secret among nodes of a security appliance. The shared secret is established by distributing private keys among the nodes in accordance with a node ring protocol that uses a predetermined encryption algorithm to generate messages containing the keys. Briefly, each node is initially notified as to the number of nodes participating in the shared secret establishment. Each node generates a public-private key-pair, as well as a first message that includes the generated public key and an indication of the source of the generated public key (hereinafter “source generated public key”). The node then sends the first message to an adjacent node of the appliance. Upon receiving the first message, each node extracts the source generated public key from the message and stores the extracted information into a data structure of “partner” public keys. The protocol then continues with each node generating additional messages equal to the number of participating nodes minus one. At that point, each node combines its private key with its partner public keys stored in the data structure to generate a value that is common among all of the participating nodes. This common value is then used to derive the shared secret.
摘要翻译：系统和方法在安全设备的节点之间安全地建立共享秘密。通过根据使用预定加密算法的节点环协议来分发节点之间的私钥以生成包含密钥的消息来建立共享秘密。简而言之，每个节点最初被通知参与共享秘密机构的节点数量。每个节点生成公共 - 私人密钥对，以及包括生成的公钥的第一消息和所生成的公钥的源的指示（以下称为“源生成的公钥”）。节点然后将第一个消息发送到设备的相邻节点。在接收到第一消息时，每个节点从消息中提取源生成的公钥，并将提取的信息存储到“伙伴”公钥的数据结构中。然后，该协议继续，每个节点产生等于参与节点数减去1的附加消息。此时，每个节点将其私有密钥与存储在数据结构中的伙伴公钥相结合，以生成在所有参与节点中共同的值。然后使用这个常用值来导出共享密钥。

4. 发明授权

US08285993B1 System and method for establishing a shared secret among nodes of a security appliance 有权
标题翻译：在安全设备的节点之间建立共享密钥的系统和方法
公开(公告)号：US08285993B1
公开(公告)日：2012-10-09
申请号：US13092371
申请日：2011-04-22
申请人： Ananthan Subramanian , Robert Jan Sussland , Lawrence Wen-Hao Chang
发明人： Ananthan Subramanian , Robert Jan Sussland , Lawrence Wen-Hao Chang
IPC分类号： H04L29/06
CPC分类号： H04L9/0841
摘要： A method for distributing a shared secret key among a plurality of nodes is described. Each node establishes a secret key, the number of nodes being more than two nodes. A node distributes by a ring protocol executing over computer network connections an encrypted version of the secret key of each node to other nodes of the plurality of nodes. Each node decrypts the secret keys of other nodes so that each node has the secret key of other nodes. Each node combines the secret keys of other nodes to form a shared secret key available to other nodes.
摘要翻译：描述了在多个节点之间分配共享秘密密钥的方法。每个节点建立一个密钥，节点数多于两个节点。节点通过环形协议分布，通过计算机网络连接执行每个节点的秘密密钥的加密版本到多个节点的其他节点。每个节点解密其他节点的密钥，使得每个节点具有其他节点的秘密密钥。每个节点组合其他节点的秘密密钥，以形成可用于其他节点的共享密钥。

5. 发明授权

US07865741B1 System and method for securely replicating a configuration database of a security appliance 有权
标题翻译：用于安全复制安全设备的配置数据库的系统和方法
公开(公告)号：US07865741B1
公开(公告)日：2011-01-04
申请号：US11508431
申请日：2006-08-23
申请人： Robert Paul Wood , Robert Jan Sussland
发明人： Robert Paul Wood , Robert Jan Sussland
IPC分类号： G06F11/30
CPC分类号： G06F21/606 , G06F11/2094
摘要： A system and method securely replicates a configuration database of a security appliance. Keys stored on an original configuration database of an original security appliance are organized as a novel key hierarchy. A replica or clone of the original security appliance may be constructed in accordance with a cloning technique of the invention. Construction of the cloned security appliance illustratively involves sharing of data between the appliances, as well as substantially replicating the key hierarchy on a cloned configuration database of the cloned appliance.
摘要翻译：系统和方法安全地复制安全设备的配置数据库。存储在原始安全设备的原始配置数据库上的密钥被组织为新颖的密钥层次结构。可以根据本发明的克隆技术来构建原始安全设备的副本或克隆。构建克隆的安全设备说明性地涉及在设备之间共享数据，以及基本复制克隆设备的克隆配置数据库上的密钥层次结构。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式