CN102948114B - 用于访问加密数据的单次使用认证方法及系统 - Google Patents

用于访问加密数据的单次使用认证方法及系统 Download PDF

Info

Publication number
CN102948114B
CN102948114B CN201180030456.7A CN201180030456A CN102948114B CN 102948114 B CN102948114 B CN 102948114B CN 201180030456 A CN201180030456 A CN 201180030456A CN 102948114 B CN102948114 B CN 102948114B
Authority
CN
China
Prior art keywords
computer
volume
key
protector
tpm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201180030456.7A
Other languages
English (en)
Chinese (zh)
Other versions
CN102948114A (zh
Inventor
O·T·乌雷彻
N·迪萨尔
C·G·杰弗里斯
C·M·伊拉茨
V·G·巴拉德瓦杰
I·巴斯莫夫
S·汤姆
S·沃巴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN102948114A publication Critical patent/CN102948114A/zh
Application granted granted Critical
Publication of CN102948114B publication Critical patent/CN102948114B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2131Lost password, e.g. recovery of lost or forgotten passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
CN201180030456.7A 2010-06-21 2011-06-10 用于访问加密数据的单次使用认证方法及系统 Active CN102948114B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/819,883 2010-06-21
US12/819,883 US8745386B2 (en) 2010-06-21 2010-06-21 Single-use authentication methods for accessing encrypted data
PCT/US2011/040063 WO2011162990A2 (en) 2010-06-21 2011-06-10 Single-use authentication methods for accessing encrypted data

Publications (2)

Publication Number Publication Date
CN102948114A CN102948114A (zh) 2013-02-27
CN102948114B true CN102948114B (zh) 2015-08-05

Family

ID=45329734

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201180030456.7A Active CN102948114B (zh) 2010-06-21 2011-06-10 用于访问加密数据的单次使用认证方法及系统

Country Status (5)

Country Link
US (1) US8745386B2 (https=)
EP (2) EP4006763B1 (https=)
JP (1) JP5922113B2 (https=)
CN (1) CN102948114B (https=)
WO (1) WO2011162990A2 (https=)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1920305A4 (en) 2005-07-21 2011-01-19 Clevx Llc MEMORY LOCKING SYSTEM
US20100174913A1 (en) * 2009-01-03 2010-07-08 Johnson Simon B Multi-factor authentication system for encryption key storage and method of operation therefor
US9286493B2 (en) 2009-01-07 2016-03-15 Clevx, Llc Encryption bridge system and method of operation thereof
WO2012033496A1 (en) * 2010-09-10 2012-03-15 Hewlett-Packard Development Company, L.P. Unlock a storage device
WO2012162128A1 (en) * 2011-05-20 2012-11-29 Citrix Systems, Inc. Securing encrypted virtual hard disks
US8856553B2 (en) * 2011-09-12 2014-10-07 Microsoft Corporation Managing self-encrypting drives in decentralized environments
GB201204950D0 (en) * 2012-03-21 2012-05-02 Becrypt Ltd Encryption System and method of encrypting a device
US9703482B2 (en) * 2012-06-29 2017-07-11 Vmware, Inc. Filter appliance for object-based storage system
GB2505211B (en) * 2012-08-22 2014-10-29 Vodafone Ip Licensing Ltd Communications device authentication
US12024568B2 (en) 2012-09-13 2024-07-02 Cornell University Treatment of brain cancers using central nervous system mediated gene transfer of monoclonal antibodies
US20140351364A1 (en) * 2013-02-26 2014-11-27 Einar Rosenberg System, method, and apparatus for using a virtual bucket to transfer electronic data
US20150046557A1 (en) * 2013-02-10 2015-02-12 Einar Rosenberg System, method and apparatus for using a virtual bucket to transfer electronic data
US9331964B2 (en) * 2013-02-26 2016-05-03 Creating Revolutions Llc System, method, and apparatus for using a virtual bucket to transfer electronic data
US9779245B2 (en) 2013-03-20 2017-10-03 Becrypt Limited System, method, and device having an encrypted operating system
AU2014254276B2 (en) * 2013-04-15 2016-11-17 Amazon Technologies, Inc. Host recovery using a secure store
US9619238B2 (en) 2013-04-15 2017-04-11 Amazon Technologies, Inc. Remote attestation of host devices
EP2947811A4 (en) * 2013-06-05 2016-04-06 Huawei Tech Co Ltd METHOD, SERVER, HOST, AND SYSTEM FOR PROTECTING DATA SECURITY
JP6211818B2 (ja) * 2013-06-11 2017-10-11 株式会社東芝 通信装置、通信方法、プログラムおよび通信システム
CN103686714B (zh) * 2013-11-13 2017-01-04 安徽云盾信息技术有限公司 一种基于离线硬件设备的移动加密设备间建立信任的实现方法
US9256725B2 (en) * 2014-02-26 2016-02-09 Emc Corporation Credential recovery with the assistance of trusted entities
EP2913772A1 (de) * 2014-02-28 2015-09-02 Wibu-Systems AG Verfahren und Computersystem zum Schutz eines Computerprogramms gegen Beeinflussung
US10148669B2 (en) * 2014-05-07 2018-12-04 Dell Products, L.P. Out-of-band encryption key management system
US9634833B2 (en) * 2014-06-20 2017-04-25 Google Inc. Gesture-based password entry to unlock an encrypted device
WO2016145377A1 (en) * 2015-03-12 2016-09-15 Visa International Service Association Mutual authentication of software layers
US10078748B2 (en) 2015-11-13 2018-09-18 Microsoft Technology Licensing, Llc Unlock and recovery for encrypted devices
KR101748627B1 (ko) * 2016-06-29 2017-06-20 주식회사 한글과컴퓨터 문서 편집에 대한 인증이 가능한 웹 기반의 전자 문서 서비스 장치 및 그 동작 방법
US10467429B2 (en) * 2016-09-14 2019-11-05 Faraday & Future Inc. Systems and methods for secure user profiles
CN106657214A (zh) * 2016-09-14 2017-05-10 广东欧珀移动通信有限公司 一种数据迁移的方法及终端
US10515226B2 (en) * 2016-11-21 2019-12-24 Dell Products, L.P. Systems and methods for protected local backup
US10565382B1 (en) * 2016-12-22 2020-02-18 Amazon Technologies, Inc. Maintaining keys for trusted boot code
US10387661B2 (en) * 2017-01-09 2019-08-20 Pure Storage, Inc. Data reduction with end-to-end security
CN109891823B (zh) * 2017-02-13 2022-02-11 惠普发展公司,有限责任合伙企业 用于凭证加密的方法、系统以及非暂态计算机可读介质
EP3631670B1 (en) * 2017-05-31 2023-07-26 Crypto4A Technologies Inc. Hardware security module
US10691837B1 (en) * 2017-06-02 2020-06-23 Apple Inc. Multi-user storage volume encryption via secure enclave
US11216411B2 (en) * 2019-08-06 2022-01-04 Micro Focus Llc Transforming data associated with a file based on file system attributes
CN114651251A (zh) * 2019-11-22 2022-06-21 惠普发展公司,有限责任合伙企业 恢复密钥
US11606206B2 (en) * 2020-01-09 2023-03-14 Western Digital Technologies, Inc. Recovery key for unlocking a data storage device
CN111277696A (zh) * 2020-01-21 2020-06-12 上海悦易网络信息技术有限公司 检测苹果手机隐私的方法及设备
CN111695166B (zh) * 2020-06-11 2023-06-06 阿波罗智联(北京)科技有限公司 磁盘加密保护方法及装置
CN113347144A (zh) * 2021-04-14 2021-09-03 西安慧博文定信息技术有限公司 一种互逆加密数据的方法、系统、设备及存储介质
CN113239378B (zh) * 2021-05-17 2022-03-18 中国电子科技集团公司第三十研究所 BitLocker加密卷的口令恢复方法、设备及介质
US11706221B1 (en) * 2021-05-25 2023-07-18 Two Six Labs, LLC Unidirectional atomic messaging
CN113918969B (zh) * 2021-09-28 2023-02-21 厦门市美亚柏科信息股份有限公司 一种基于内存数据搜索Bitlocker解密密钥的方法
CN114301596A (zh) * 2021-11-18 2022-04-08 成都市卡蛙科技有限公司 车内网ota安全通讯方法、装置、车载系统及存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1249587A (zh) * 1998-07-31 2000-04-05 朗迅科技公司 双方认证和密钥协定的方法
US20070300080A1 (en) * 2006-06-22 2007-12-27 Research In Motion Limited Two-Factor Content Protection

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE9600321D0 (sv) * 1996-01-30 1996-01-30 Bjoern Heed Antenn
PT885417E (pt) * 1996-02-09 2002-11-29 Digital Privacy Inc Sistema de controlo/criptografia de acesso
US7228437B2 (en) * 1998-08-13 2007-06-05 International Business Machines Corporation Method and system for securing local database file of local content stored on end-user system
EP1076279A1 (en) 1999-08-13 2001-02-14 Hewlett-Packard Company Computer platforms and their methods of operation
US7434065B2 (en) * 2003-09-29 2008-10-07 Broadcom Corporation Secure verification using a set-top-box chip
KR20050059347A (ko) 2003-12-13 2005-06-20 주식회사 드림인테크 디지털 만화 콘텐츠 보호 및 유통을 위한 피투피통합구현방법
EP2267625A3 (en) 2004-04-19 2015-08-05 Lumension Security S.A. On-line centralized and local authorization of executable files
US7571489B2 (en) 2004-10-20 2009-08-04 International Business Machines Corporation One time passcode system
US7506380B2 (en) 2005-01-14 2009-03-17 Microsoft Corporation Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
US7743409B2 (en) * 2005-07-08 2010-06-22 Sandisk Corporation Methods used in a mass storage device with automated credentials loading
US7958544B2 (en) 2006-07-21 2011-06-07 Google Inc. Device authentication
JP2009004901A (ja) * 2007-06-19 2009-01-08 Ricoh Co Ltd 多機能入出力装置
US7853804B2 (en) * 2007-09-10 2010-12-14 Lenovo (Singapore) Pte. Ltd. System and method for secure data disposal
US8127146B2 (en) 2008-09-30 2012-02-28 Microsoft Corporation Transparent trust validation of an unknown platform

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1249587A (zh) * 1998-07-31 2000-04-05 朗迅科技公司 双方认证和密钥协定的方法
US20070300080A1 (en) * 2006-06-22 2007-12-27 Research In Motion Limited Two-Factor Content Protection

Also Published As

Publication number Publication date
EP4006763B1 (en) 2026-02-18
EP2583410A4 (en) 2018-04-18
CN102948114A (zh) 2013-02-27
EP2583410B1 (en) 2022-04-13
EP4006763A1 (en) 2022-06-01
US20110314279A1 (en) 2011-12-22
JP5922113B2 (ja) 2016-05-24
WO2011162990A2 (en) 2011-12-29
WO2011162990A3 (en) 2012-04-19
EP2583410A2 (en) 2013-04-24
JP2013531436A (ja) 2013-08-01
US8745386B2 (en) 2014-06-03

Similar Documents

Publication Publication Date Title
CN102948114B (zh) 用于访问加密数据的单次使用认证方法及系统
England et al. A trusted open platform
EP2913956B1 (en) Management control method and device for virtual machines
US8171295B2 (en) Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable process
CN106462718B (zh) 存储设备的快速数据保护
US8103883B2 (en) Method and apparatus for enforcing use of danbury key management services for software applied full volume encryption
CN101488170B (zh) 向受信任平台模块提供可更新密钥绑定的方法和装置
CN1801091B (zh) 用可信处理模块安全地引导计算机的系统和方法
CN113168476A (zh) 操作系统中个性化密码学安全的访问控制
KR102030858B1 (ko) 디지털 서명 권한자 의존형 플랫폼 기밀 생성 기법
WO2021164166A1 (zh) 一种业务数据保护方法、装置、设备及可读存储介质
WO2013107362A1 (zh) 一种保护数据的方法和系统
US20190042756A1 (en) Technologies for pre-boot biometric authentication
CN101441601A (zh) 一种硬盘ata指令的加密传输的方法
Zhou et al. KISS:“key it simple and secure” corporate key management
Zhang et al. Security enforcement model for distributed usage control
Loftus et al. Android 7 file based encryption and the attacks against it
US7694154B2 (en) Method and apparatus for securely executing a background process
JP6741236B2 (ja) 情報処理装置
CN118504005A (zh) 密钥管理方法、装置、片上系统、计算设备及存储介质
CN118550647A (zh) 安全虚拟机的数据共享方法及相关装置
CN116633618A (zh) 秘钥加密和解密方法及存储、应用控制系统、电子设备
Ming-wei et al. A trusted portable computing device
HK1181146A (en) Protected device management
HK1181146B (en) Protected device management

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150727

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150727

Address after: Washington State

Patentee after: Micro soft technique license Co., Ltd

Address before: Washington State

Patentee before: Microsoft Corp.