CN102549594B - 临时秘密的安全存储 - Google Patents

临时秘密的安全存储 Download PDF

Info

Publication number
CN102549594B
CN102549594B CN201080046403.XA CN201080046403A CN102549594B CN 102549594 B CN102549594 B CN 102549594B CN 201080046403 A CN201080046403 A CN 201080046403A CN 102549594 B CN102549594 B CN 102549594B
Authority
CN
China
Prior art keywords
key
tpm
storage medium
computing device
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201080046403.XA
Other languages
English (en)
Chinese (zh)
Other versions
CN102549594A (zh
Inventor
S.索姆
C.M.伊拉克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN102549594A publication Critical patent/CN102549594A/zh
Application granted granted Critical
Publication of CN102549594B publication Critical patent/CN102549594B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
CN201080046403.XA 2009-10-13 2010-09-24 临时秘密的安全存储 Expired - Fee Related CN102549594B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/577,846 US8250379B2 (en) 2009-10-13 2009-10-13 Secure storage of temporary secrets
US12/577846 2009-10-13
PCT/US2010/050275 WO2011046731A2 (en) 2009-10-13 2010-09-24 Secure storage of temporary secrets

Publications (2)

Publication Number Publication Date
CN102549594A CN102549594A (zh) 2012-07-04
CN102549594B true CN102549594B (zh) 2015-04-08

Family

ID=43855773

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201080046403.XA Expired - Fee Related CN102549594B (zh) 2009-10-13 2010-09-24 临时秘密的安全存储

Country Status (7)

Country Link
US (1) US8250379B2 (enExample)
EP (1) EP2488987B1 (enExample)
JP (1) JP5643318B2 (enExample)
KR (1) KR101699998B1 (enExample)
CN (1) CN102549594B (enExample)
TW (1) TWI497338B (enExample)
WO (1) WO2011046731A2 (enExample)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8250380B2 (en) * 2009-12-17 2012-08-21 Hitachi Global Storage Technologies Netherlands B.V. Implementing secure erase for solid state drives
US8943329B2 (en) * 2010-03-29 2015-01-27 Lenovo (Singapore) Pte. Ltd. Method and apparatus for sharing an integrity security module in a dual-environment computing device
US8555083B1 (en) * 2010-07-22 2013-10-08 Symantec Corporation Systems and methods for protecting against unauthorized access of encrypted data during power-management modes
WO2012023050A2 (en) 2010-08-20 2012-02-23 Overtis Group Limited Secure cloud computing system and method
JP4966422B1 (ja) * 2011-03-31 2012-07-04 株式会社東芝 情報処理装置及びデータ保護方法
US8375221B1 (en) 2011-07-29 2013-02-12 Microsoft Corporation Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
TWI546695B (zh) * 2011-12-15 2016-08-21 萬國商業機器公司 刪除儲存系統中之內容
AU2013243923A1 (en) * 2012-04-06 2014-10-30 Security First Corp. Systems and methods for securing and restoring virtual machines
JP5961059B2 (ja) * 2012-07-18 2016-08-02 キヤノン株式会社 情報処理装置およびその起動方法
JP2014096133A (ja) * 2012-10-10 2014-05-22 Ricoh Co Ltd 伝送端末、伝送システム、プログラム
JP6095330B2 (ja) * 2012-11-13 2017-03-15 キヤノン株式会社 情報処理装置及びその制御方法、プログラム
JP5842800B2 (ja) * 2012-12-20 2016-01-13 カシオ計算機株式会社 制御システム、情報処理装置、端末装置、制御方法及び制御プログラム
EP2987107B1 (en) * 2013-04-15 2019-03-27 Amazon Technologies, Inc. Host recovery using a secure store
US10389709B2 (en) * 2014-02-24 2019-08-20 Amazon Technologies, Inc. Securing client-specified credentials at cryptographically attested resources
US9690943B2 (en) * 2014-06-04 2017-06-27 Dell Products L.P. BIOS secure data management system
CN104618096B (zh) * 2014-12-30 2018-10-30 华为技术有限公司 保护密钥授权数据的方法、设备和tpm密钥管理中心
US9565169B2 (en) * 2015-03-30 2017-02-07 Microsoft Technology Licensing, Llc Device theft protection associating a device identifier and a user identifier
CN105847011A (zh) * 2016-03-21 2016-08-10 华为技术有限公司 一种密钥加载方法及设备
CN106295416B (zh) * 2016-08-19 2021-07-16 联想(北京)有限公司 一种唤醒控制方法及电子设备
WO2019087309A1 (ja) * 2017-10-31 2019-05-09 三菱重工機械システム株式会社 情報処理装置、情報処理装置の制御方法及びプログラム
US11431752B2 (en) * 2018-06-22 2022-08-30 Microsoft Technology Licensing, Llc Ex post facto platform configuration attestation
US11652626B2 (en) * 2020-02-18 2023-05-16 International Business Machines Corporation Safeguarding cryptographic keys from modification or deletion
EP4088214A4 (en) * 2020-02-21 2023-08-30 Hewlett-Packard Development Company, L.P. COMPUTING DEVICES FOR ENCRYPTION AND DECRYPTION OF DATA
WO2022066775A1 (en) * 2020-09-22 2022-03-31 Keyavi Data Corp. Encrypted file control
JP7536630B2 (ja) 2020-12-18 2024-08-20 東芝テック株式会社 制御装置及びその起動方法、ならびに電気機器
TWI783410B (zh) * 2021-03-16 2022-11-11 瑞昱半導體股份有限公司 電子裝置以及其休眠恢復方法
US11960625B2 (en) * 2021-05-06 2024-04-16 Jpmorgan Chase Bank, N.A. Systems and methods for protecting sensitive data in user online activities
US11805108B2 (en) * 2021-05-10 2023-10-31 Vmware, Inc. Secure volume encryption suspension for managed client device updates
US12056496B2 (en) 2022-08-30 2024-08-06 Roku, Inc. Fast boot system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1474279A (zh) * 2001-08-08 2004-02-11 ��ʽ���綫֥ 微处理器
CN101369254A (zh) * 2007-08-15 2009-02-18 联想(北京)有限公司 数据保护方法和设备
CN101441601A (zh) * 2007-11-22 2009-05-27 中国长城计算机深圳股份有限公司 一种硬盘ata指令的加密传输的方法
CN101470789A (zh) * 2007-12-28 2009-07-01 中国长城计算机深圳股份有限公司 一种计算机的加解密方法及装置
CN101496337A (zh) * 2005-04-13 2009-07-29 微软公司 硬盘驱动器认证

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6292899B1 (en) * 1998-09-23 2001-09-18 Mcbride Randall C. Volatile key apparatus for safeguarding confidential data stored in a computer system memory
DE60136861D1 (de) * 2000-06-21 2009-01-15 Sony Corp Vorrichtung und Verfahren zur Schlüsselerneuerung in einer hierarchischen Baumschlüsselstruktur
DE60228027D1 (de) 2001-07-06 2008-09-18 Texas Instruments Inc Sicherer Bootloader zum Sichern digitaler Geräte
KR20040101293A (ko) * 2002-03-13 2004-12-02 마츠시타 덴끼 산교 가부시키가이샤 보안장치
US7343493B2 (en) * 2002-03-28 2008-03-11 Lenovo (Singapore) Pte. Ltd. Encrypted file system using TCPA
EP1625470A1 (en) * 2003-05-21 2006-02-15 Hewlett-Packard Development Company, L.P. Use of certified secrets in communication
US7210166B2 (en) * 2004-10-16 2007-04-24 Lenovo (Singapore) Pte. Ltd. Method and system for secure, one-time password override during password-protected system boot
US7725703B2 (en) * 2005-01-07 2010-05-25 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
JP2006197303A (ja) * 2005-01-14 2006-07-27 Matsushita Electric Ind Co Ltd 鍵記録媒体及び再生装置
US20070079120A1 (en) * 2005-10-03 2007-04-05 Bade Steven A Dynamic creation and hierarchical organization of trusted platform modules
JP2007102450A (ja) * 2005-10-04 2007-04-19 Matsushita Electric Ind Co Ltd コンテンツ記録媒体
US8306918B2 (en) 2005-10-11 2012-11-06 Apple Inc. Use of media storage structure with multiple pieces of content in a content-distribution system
IL171963A0 (en) * 2005-11-14 2006-04-10 Nds Ltd Secure read-write storage device
US7444670B2 (en) * 2006-03-21 2008-10-28 International Business Machines Corporation Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance
JP4769608B2 (ja) * 2006-03-22 2011-09-07 富士通株式会社 起動検証機能を有する情報処理装置
JP2008033512A (ja) * 2006-07-27 2008-02-14 Toppan Printing Co Ltd セキュリティチップ及びプラットフォーム
JP2008035449A (ja) * 2006-08-01 2008-02-14 Hitachi Software Eng Co Ltd 自己復号ファイルによるデータ配布方法および該方法を用いた情報処理システム
US7711960B2 (en) * 2006-08-29 2010-05-04 Intel Corporation Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms
US8091137B2 (en) * 2006-10-31 2012-01-03 Hewlett-Packard Development Company, L.P. Transferring a data object between devices
US8385551B2 (en) * 2006-12-22 2013-02-26 Telefonaktiebolaget L M Ericsson (Publ) Highly available cryptographic key storage (HACKS)
JP2008171487A (ja) * 2007-01-10 2008-07-24 Ricoh Co Ltd データ入力装置、データ出力装置及びデータ処理装置
GB0701518D0 (en) 2007-01-26 2007-03-07 Hewlett Packard Development Co Methods, devices and data structures for protection of data
JP4933946B2 (ja) * 2007-04-18 2012-05-16 株式会社日立製作所 外部記憶装置及び情報漏洩防止方法
US9158920B2 (en) * 2007-06-28 2015-10-13 Intel Corporation System and method for out-of-band assisted biometric secure boot
US8064605B2 (en) * 2007-09-27 2011-11-22 Intel Corporation Methods and apparatus for providing upgradeable key bindings for trusted platform modules
US20100023782A1 (en) * 2007-12-21 2010-01-28 Intel Corporation Cryptographic key-to-policy association and enforcement for secure key-management and policy execution
US7971081B2 (en) * 2007-12-28 2011-06-28 Intel Corporation System and method for fast platform hibernate and resume
US20090319772A1 (en) * 2008-04-25 2009-12-24 Netapp, Inc. In-line content based security for data at rest in a network storage system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1474279A (zh) * 2001-08-08 2004-02-11 ��ʽ���綫֥ 微处理器
CN101496337A (zh) * 2005-04-13 2009-07-29 微软公司 硬盘驱动器认证
CN101369254A (zh) * 2007-08-15 2009-02-18 联想(北京)有限公司 数据保护方法和设备
CN101441601A (zh) * 2007-11-22 2009-05-27 中国长城计算机深圳股份有限公司 一种硬盘ata指令的加密传输的方法
CN101470789A (zh) * 2007-12-28 2009-07-01 中国长城计算机深圳股份有限公司 一种计算机的加解密方法及装置

Also Published As

Publication number Publication date
TW201137663A (en) 2011-11-01
WO2011046731A2 (en) 2011-04-21
EP2488987A4 (en) 2014-06-18
TWI497338B (zh) 2015-08-21
US8250379B2 (en) 2012-08-21
WO2011046731A3 (en) 2011-07-14
EP2488987B1 (en) 2020-11-18
EP2488987A2 (en) 2012-08-22
KR101699998B1 (ko) 2017-01-25
JP5643318B2 (ja) 2014-12-17
KR20120087128A (ko) 2012-08-06
US20110087896A1 (en) 2011-04-14
JP2013507715A (ja) 2013-03-04
CN102549594A (zh) 2012-07-04

Similar Documents

Publication Publication Date Title
CN102549594B (zh) 临时秘密的安全存储
US10049215B2 (en) Apparatus and method for preventing access by malware to locally backed up data
US8375437B2 (en) Hardware supported virtualized cryptographic service
US9735960B2 (en) Method for protecting data stored within a disk drive of a portable computer
US8745386B2 (en) Single-use authentication methods for accessing encrypted data
EP2335181B1 (en) External encryption and recovery management with hardware encrypted storage devices
JP4837985B2 (ja) 信頼できる処理モジュールを有するコンピュータを安全にブートするためのシステムおよび方法
KR101081118B1 (ko) 보안되는 프로그램을 복원하는 컴퓨터 구현 방법, 정보 처리 시스템 및 컴퓨터 판독 가능한 기록 매체
US20120151199A1 (en) Secure Encrypted Boot With Simplified Firmware Update
CN112269547B (zh) 无需操作系统的、主动、可控硬盘数据删除方法及装置
US20160012233A1 (en) Verifying integrity of backup file in a multiple operating system environment
JP5689429B2 (ja) 認証装置、および、認証方法
RU2580014C2 (ru) Система и способ изменения маски зашифрованной области при возникновении сбоя в компьютерной системе
CN113177217A (zh) 拷贝文件的方法及其系统
RU2580018C2 (ru) Способ определения маски зашифрованной области диска
EP4367593A1 (en) Method and apparatus for securely backing up and restoring a computer system
Painter A Computer Forensic Response to Hard Drive Encryption
Lang Analysis of Android Factory Resets

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150618

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150618

Address after: Washington State

Patentee after: MICROSOFT TECHNOLOGY LICENSING, LLC

Address before: Washington State

Patentee before: Microsoft Corp.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150408

CF01 Termination of patent right due to non-payment of annual fee