JP2013532854A - ドメイン認証を利用したプラットフォームリソースの制御 - Google Patents
ドメイン認証を利用したプラットフォームリソースの制御 Download PDFInfo
- Publication number
- JP2013532854A JP2013532854A JP2013519728A JP2013519728A JP2013532854A JP 2013532854 A JP2013532854 A JP 2013532854A JP 2013519728 A JP2013519728 A JP 2013519728A JP 2013519728 A JP2013519728 A JP 2013519728A JP 2013532854 A JP2013532854 A JP 2013532854A
- Authority
- JP
- Japan
- Prior art keywords
- platform
- resource
- domain
- authentication information
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 47
- 238000004590 computer program Methods 0.000 claims abstract description 12
- 230000008569 process Effects 0.000 claims description 27
- 238000004891 communication Methods 0.000 claims description 25
- 238000005192 partition Methods 0.000 claims description 23
- 230000004044 response Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 15
- 238000007726 management method Methods 0.000 description 49
- 230000006870 function Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 238000005259 measurement Methods 0.000 description 5
- 230000004913 activation Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000009795 derivation Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 239000011022 opal Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 238000007616 round robin method Methods 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2147—Locking files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
【選択図】 図1
Description
本明細書の内容は、著作権保護の対象となる。著作権所有者は、米国特許商標庁の特許ファイルまたは特許記録の特許情報開示を複製することについては異議を唱えないが、それ以外の場合に関しては著作権に関するいかなる権利も有する。
Claims (27)
- コンピュータで実施される方法であって、
プラットフォームのオペレーティングシステムをロードする前に前記プラットフォームのドメイン認証情報を取得する段階と、
前記プラットフォームからリモートのドメインコントローラに対して前記ドメイン認証情報を認証する段階と、
前記ドメイン認証情報がアクセスする権限を持つ前記プラットフォームのリソースを特定する段階と、
前記プラットフォームの前記オペレーティングシステムをロードする前に、前記ドメイン認証情報を利用して前記プラットフォームの前記リソースをアンロックする段階とを備える方法。 - 前記ドメイン認証情報は、前記プラットフォームのユーザの認証情報および前記プラットフォームのセキュアパーティションの認証情報のうち少なくとも1つを含む請求項1に記載の方法。
- 前記ドメイン認証情報を利用して、前記リソースに格納されているデータを復号する鍵を取得する段階と、
前記鍵を利用して前記リソースに格納されている前記データを復号する段階と
をさらに備える請求項1に記載の方法。 - 前記ドメイン認証情報がアクセスする権限を持つ前記プラットフォームの前記リソースを特定する段階は、前記ドメインコントローラが維持している前記プラットフォームのアクセスポリシーを確認する段階を有する請求項1に記載の方法。
- 前記プラットフォームの前記リソースをアンロックする段階は、前記ドメインコントローラと前記リソースとの間でセキュアな通信セッションを構築する段階を有する請求項1に記載の方法。
- 前記リソースをアンロックする段階は、前記リソースに電力を供給する段階を有する請求項1に記載の方法。
- 前記ドメインコントローラからアンロックトークンを取得する段階をさらに備え、
前記リソースをアンロックする段階は、前記アンロックトークンを利用して前記リソースをアンロックする段階を有する請求項1に記載の方法。 - 前記リソースは、ATAデバイスおよびチップセット制御リソースのうち少なくとも1つを含む請求項1に記載の方法。
- 少なくとも1つのプロセッサと、
前記少なくとも1つのプロセッサに結合されており、命令を有するメモリと
を備え、
前記命令は、
プラットフォームのオペレーティングシステムをロードする前に前記プラットフォームのドメイン認証情報を取得する段階と、
前記プラットフォームからリモートのドメインコントローラに対して前記ドメイン認証情報を認証する段階と、
前記ドメイン認証情報がアクセスする権限を持つ前記プラットフォームのリソースを特定する段階と、
前記プラットフォームの前記オペレーティングシステムをロードする前に、前記ドメイン認証情報を利用して前記プラットフォームの前記リソースをアンロックする段階と
を実行するための命令であるシステム。 - 前記ドメイン認証情報は、前記プラットフォームのユーザの認証情報および前記プラットフォームのセキュアパーティションの認証情報のうち少なくとも1つを含む請求項9に記載のシステム。
- 前記命令はさらに、
前記ドメイン認証情報を利用して、前記リソースに格納されているデータを復号する鍵を取得する段階と、
前記鍵を利用して前記リソースに格納されている前記データを復号する段階と
を実行させるための命令を含む請求項9に記載のシステム。 - 前記ドメイン認証情報がアクセスする権限を持つ前記プラットフォームの前記リソースを特定する段階は、前記ドメインコントローラが維持している前記プラットフォームのアクセスポリシーを確認する段階を有する請求項9に記載のシステム。
- 前記プラットフォームの前記リソースをアンロックする段階は、前記ドメインコントローラと前記リソースとの間でセキュアな通信セッションを構築する段階を有する請求項9に記載のシステム。
- 前記リソースをアンロックする段階は、前記リソースに電力を供給する段階を有する請求項9に記載のシステム。
- 前記命令はさらに、
前記ドメインコントローラからアンロックトークンを取得する段階
を実行するための命令を含み、
前記リソースをアンロックする段階は、前記アンロックトークンを利用して前記リソースをアンロックする段階を有する請求項9に記載のシステム。 - 前記リソースは、ATAデバイスおよびチップセット制御リソースのうち少なくとも1つを含む請求項9に記載のシステム。
- コンピュータ可読格納媒体と、
前記コンピュータ可読格納媒体内の命令と
を備え、
前記命令は処理システムに、
プラットフォームのオペレーティングシステムをロードする前に前記プラットフォームのドメイン認証情報を取得する処理と、
前記プラットフォームからリモートのドメインコントローラに対して前記ドメイン認証情報を認証する処理と、
前記ドメイン認証情報がアクセスする権限を持つ前記プラットフォームのリソースを特定する処理と、
前記プラットフォームの前記オペレーティングシステムをロードする前に、前記ドメイン認証情報を利用して前記プラットフォームの前記リソースをアンロックする処理と
を実行させるコンピュータプログラム製品。 - 前記ドメイン認証情報は、前記プラットフォームのユーザの認証情報および前記プラットフォームのセキュアパーティションの認証情報のうち少なくとも1つを含む請求項17に記載のコンピュータプログラム製品。
- 前記命令はさらに、前記処理システムに、
前記ドメイン認証情報を利用して、前記リソースに格納されているデータを復号する鍵を取得する処理と、
前記鍵を利用して前記リソースに格納されている前記データを復号する処理と
を実行させる請求項17に記載のコンピュータプログラム製品。 - 前記ドメイン認証情報がアクセスする権限を持つ前記プラットフォームの前記リソースを特定する処理は、前記ドメインコントローラが維持している前記プラットフォームのアクセスポリシーを確認する処理を有する請求項17に記載のコンピュータプログラム製品。
- 前記プラットフォームの前記リソースをアンロックする処理は、前記ドメインコントローラと前記リソースとの間でセキュアな通信セッションを構築する処理を有する請求項17に記載のコンピュータプログラム製品。
- 前記リソースをアンロックする処理は、前記リソースに電力を供給する処理を有する請求項17に記載のコンピュータプログラム製品。
- 前記命令はさらに、前記処理システムに、
前記ドメインコントローラからアンロックトークンを取得する処理を備える処理を実行させ、
前記リソースをアンロックする処理は、前記アンロックトークンを利用して前記リソースをアンロックする処理を有する請求項17に記載のコンピュータプログラム製品。 - 前記リソースは、ATAデバイスおよびチップセット制御リソースのうち少なくとも1つを含む請求項17に記載のコンピュータプログラム製品。
- プラットフォームのドメイン認証情報を、前記プラットフォームからリモートのドメインコントローラで受信する段階と、
前記ドメイン認証情報を認証する段階と、
前記ドメイン認証情報を認証することに応じて前記プラットフォームにアクセスポリシーを供給する段階と
を備え、
前記アクセスポリシーは、前記ドメイン認証情報がアクセスする権限を持つ前記プラットフォームのリソースを特定するために利用され、前記アクセスポリシーは、前記リソースをアンロックする為のトークンを含むコンピュータで実施される方法。 - 前記ドメイン認証情報は、前記プラットフォームのユーザの認証情報および前記プラットフォームのセキュアパーティションの認証情報のうち少なくとも1つを含む請求項25に記載の方法。
- 前記リソースは、ATAデバイスおよびチップセット制御リソースのうち少なくとも1つを含む請求項25に記載の方法。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/836,156 | 2010-07-14 | ||
US12/836,156 US10482254B2 (en) | 2010-07-14 | 2010-07-14 | Domain-authenticated control of platform resources |
PCT/US2011/043411 WO2012009231A2 (en) | 2010-07-14 | 2011-07-08 | Domain-authenticated control of platform resources |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2013532854A true JP2013532854A (ja) | 2013-08-19 |
JP5592565B2 JP5592565B2 (ja) | 2014-09-17 |
Family
ID=45467912
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2013519728A Expired - Fee Related JP5592565B2 (ja) | 2010-07-14 | 2011-07-08 | ドメイン認証を利用したプラットフォームリソースの制御 |
Country Status (7)
Country | Link |
---|---|
US (2) | US10482254B2 (ja) |
EP (1) | EP2593898B1 (ja) |
JP (1) | JP5592565B2 (ja) |
KR (1) | KR101471379B1 (ja) |
CN (1) | CN103003822B (ja) |
TW (1) | TWI450559B (ja) |
WO (1) | WO2012009231A2 (ja) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016540295A (ja) * | 2013-11-11 | 2016-12-22 | アマゾン テクノロジーズ インコーポレイテッド | 複数のコンピューティング・リソース・サービスにアクセスするための単一の資格認定セット |
US10375013B2 (en) | 2013-11-11 | 2019-08-06 | Amazon Technologies, Inc. | Managed directory service connection |
US10509663B1 (en) | 2015-02-04 | 2019-12-17 | Amazon Technologies, Inc. | Automatic domain join for virtual machine instances |
US10908937B2 (en) | 2013-11-11 | 2021-02-02 | Amazon Technologies, Inc. | Automatic directory join for virtual machine instances |
US12061920B2 (en) | 2019-12-16 | 2024-08-13 | Amazon Technologies, Inc. | Automatic domain join for virtual machine instances |
Families Citing this family (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8312267B2 (en) | 2004-07-20 | 2012-11-13 | Time Warner Cable Inc. | Technique for securely communicating programming content |
US8266429B2 (en) | 2004-07-20 | 2012-09-11 | Time Warner Cable, Inc. | Technique for securely communicating and storing programming material in a trusted domain |
US8520850B2 (en) | 2006-10-20 | 2013-08-27 | Time Warner Cable Enterprises Llc | Downloadable security and protection methods and apparatus |
US8621540B2 (en) | 2007-01-24 | 2013-12-31 | Time Warner Cable Enterprises Llc | Apparatus and methods for provisioning in a download-enabled system |
US8909940B2 (en) * | 2008-06-23 | 2014-12-09 | Intel Corporation | Extensible pre-boot authentication |
US9602864B2 (en) | 2009-06-08 | 2017-03-21 | Time Warner Cable Enterprises Llc | Media bridge apparatus and methods |
US10482254B2 (en) | 2010-07-14 | 2019-11-19 | Intel Corporation | Domain-authenticated control of platform resources |
US8910295B2 (en) * | 2010-11-30 | 2014-12-09 | Comcast Cable Communications, Llc | Secure content access authorization |
US9100188B2 (en) | 2011-04-18 | 2015-08-04 | Bank Of America Corporation | Hardware-based root of trust for cloud environments |
US8918862B2 (en) * | 2011-08-31 | 2014-12-23 | International Business Machines Corporation | Managing access to storage media |
US8839350B1 (en) * | 2012-01-25 | 2014-09-16 | Symantec Corporation | Sending out-of-band notifications |
EP2810205A4 (en) * | 2012-01-30 | 2015-07-15 | Hewlett Packard Development Co | ACCESS TO SECURE INFORMATION ON A NETWORK |
US8732456B2 (en) * | 2012-04-13 | 2014-05-20 | General Electric Company | Enterprise environment disk encryption |
US8782768B2 (en) * | 2012-06-15 | 2014-07-15 | Vmware, Inc. | Systems and methods for accessing a virtual desktop |
US10771448B2 (en) | 2012-08-10 | 2020-09-08 | Cryptography Research, Inc. | Secure feature and key management in integrated circuits |
US9276942B2 (en) | 2012-09-07 | 2016-03-01 | Oracle International Corporation | Multi-tenancy identity management system |
US9069979B2 (en) * | 2012-09-07 | 2015-06-30 | Oracle International Corporation | LDAP-based multi-tenant in-cloud identity management system |
US9336357B2 (en) | 2012-09-28 | 2016-05-10 | Intel Corporation | Secure access management of devices |
US9565472B2 (en) | 2012-12-10 | 2017-02-07 | Time Warner Cable Enterprises Llc | Apparatus and methods for content transfer protection |
US9705869B2 (en) | 2013-06-27 | 2017-07-11 | Intel Corporation | Continuous multi-factor authentication |
WO2015030742A1 (en) * | 2013-08-28 | 2015-03-05 | Intel Corporation | Systems and methods for authenticating access to an operating system by a user before the operating system is booted using a wireless communication token |
CN104601529B (zh) * | 2013-10-31 | 2019-12-17 | 腾讯科技(深圳)有限公司 | 终端账号管理方法及装置 |
US9736159B2 (en) | 2013-11-11 | 2017-08-15 | Amazon Technologies, Inc. | Identity pool bridging for managed directory services |
US9846584B1 (en) * | 2014-01-29 | 2017-12-19 | Phoenix Technologies Ltd. | Promoting a secure operating environment through oversight and provisioning of BIOS activity |
CN105934751B (zh) | 2014-01-30 | 2020-02-07 | 惠普发展公司,有限责任合伙企业 | 目标设备的数据擦除 |
KR102204247B1 (ko) * | 2014-02-19 | 2021-01-18 | 삼성전자 주식회사 | 전자 장치의 생체 정보 처리 방법 및 장치 |
US10389709B2 (en) | 2014-02-24 | 2019-08-20 | Amazon Technologies, Inc. | Securing client-specified credentials at cryptographically attested resources |
US9411975B2 (en) | 2014-03-31 | 2016-08-09 | Intel Corporation | Methods and apparatus to securely share data |
US9621940B2 (en) | 2014-05-29 | 2017-04-11 | Time Warner Cable Enterprises Llc | Apparatus and methods for recording, accessing, and delivering packetized content |
US20160105400A1 (en) * | 2014-10-08 | 2016-04-14 | Time Warner Cable Enterprises Llc | Apparatus and methods for data transfer beteween a plurality of user devices |
US10303879B1 (en) | 2014-11-06 | 2019-05-28 | Amazon Technologies, Inc. | Multi-tenant trusted platform modules |
CN105678117B (zh) * | 2014-11-19 | 2019-12-20 | 比亚迪股份有限公司 | 单片机闪存程序的安全性保护方法及保护装置及单片机 |
US9525672B2 (en) * | 2014-12-19 | 2016-12-20 | Amazon Technologies, Inc. | Multi-faceted compute instance identity |
US9659170B2 (en) * | 2015-01-02 | 2017-05-23 | Senteon LLC | Securing data on untrusted devices |
US9749310B2 (en) * | 2015-03-27 | 2017-08-29 | Intel Corporation | Technologies for authentication and single-sign-on using device security assertions |
US9565169B2 (en) * | 2015-03-30 | 2017-02-07 | Microsoft Technology Licensing, Llc | Device theft protection associating a device identifier and a user identifier |
US20160364553A1 (en) * | 2015-06-09 | 2016-12-15 | Intel Corporation | System, Apparatus And Method For Providing Protected Content In An Internet Of Things (IOT) Network |
US10073964B2 (en) | 2015-09-25 | 2018-09-11 | Intel Corporation | Secure authentication protocol systems and methods |
US9509684B1 (en) * | 2015-10-14 | 2016-11-29 | FullArmor Corporation | System and method for resource access with identity impersonation |
US9762563B2 (en) | 2015-10-14 | 2017-09-12 | FullArmor Corporation | Resource access system and method |
US9450944B1 (en) | 2015-10-14 | 2016-09-20 | FullArmor Corporation | System and method for pass-through authentication |
US10037418B2 (en) * | 2015-11-25 | 2018-07-31 | Dell Products L.P. | Pre-boot authentication credential sharing system |
US10459751B2 (en) | 2017-06-30 | 2019-10-29 | ATI Technologies ULC. | Varying firmware for virtualized device |
US11107068B2 (en) | 2017-08-31 | 2021-08-31 | Bank Of America Corporation | Inline authorization structuring for activity data transmission |
EP3585084A1 (de) * | 2018-06-18 | 2019-12-25 | Siemens Aktiengesellschaft | Einrichtung einer zugangsberechtigung zu einem teilnetzwerk eines mobilfunknetzes |
CN109347831A (zh) * | 2018-10-24 | 2019-02-15 | 国家电网有限公司 | 一种基于UKey认证的双重认证安全接入系统及方法 |
US11669602B2 (en) | 2019-07-29 | 2023-06-06 | International Business Machines Corporation | Management of securable computing resources |
US11341278B2 (en) | 2019-07-29 | 2022-05-24 | International Business Machines Corporation | Management of securable computing resources |
US11531787B2 (en) | 2019-07-29 | 2022-12-20 | International Business Machines Corporation | Management of securable computing resources |
US11341279B2 (en) | 2019-07-29 | 2022-05-24 | International Business Machines Corporation | Management of securable computing resources |
US10916889B1 (en) | 2019-07-29 | 2021-02-09 | International Business Machines Corporation | Management of securable computing resources |
US11210427B2 (en) | 2019-07-29 | 2021-12-28 | International Business Machines Corporation | Management of securable computing resources |
KR102308511B1 (ko) * | 2020-02-04 | 2021-10-06 | (주) 씨이랩 | 빅데이터 및 인공지능을 이용한 사용자 정보 통합 플랫폼 및 이의 운용방법 |
US11392705B1 (en) * | 2021-07-29 | 2022-07-19 | Netskope, Inc. | Disk encryption key management for booting of a device |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004070875A (ja) * | 2002-08-09 | 2004-03-04 | Alpine Electronics Inc | セキュアシステム |
JP2004355137A (ja) * | 2003-05-27 | 2004-12-16 | Canon Inc | 情報処理システム、情報処理装置、情報処理装置の制御方法、ディスクアレイ装置、ディスクアレイ装置の制御方法、及び制御プログラム |
JP2006268861A (ja) * | 2005-03-24 | 2006-10-05 | Utimaco Safeware Ag | ユーザーデータに対するコンピュータのアクセスを制御する方法および制御装置 |
JP2007066123A (ja) * | 2005-09-01 | 2007-03-15 | Yokogawa Electric Corp | Os起動方法及びこれを用いた装置 |
JP2007148466A (ja) * | 2005-11-24 | 2007-06-14 | Hitachi Software Eng Co Ltd | 可搬型記憶装置及びos |
JP2008052704A (ja) * | 2006-08-28 | 2008-03-06 | Lenovo Singapore Pte Ltd | コンピュータおよび共有パスワードの管理方法 |
US20100169640A1 (en) * | 2008-12-30 | 2010-07-01 | Ned Smith | Method and system for enterprise network single-sign-on by a manageability engine |
Family Cites Families (48)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6484262B1 (en) | 1999-01-26 | 2002-11-19 | Dell Usa, L.P. | Network controlled computer system security |
US6834351B1 (en) * | 1999-10-29 | 2004-12-21 | Gateway, Inc. | Secure information handling system |
US6999912B2 (en) * | 2001-03-13 | 2006-02-14 | Microsoft Corporation | Provisioning computing services via an on-line networked computing environment |
US7149854B2 (en) * | 2001-05-10 | 2006-12-12 | Advanced Micro Devices, Inc. | External locking mechanism for personal computer memory locations |
US7590684B2 (en) | 2001-07-06 | 2009-09-15 | Check Point Software Technologies, Inc. | System providing methodology for access control with cooperative enforcement |
US7043587B2 (en) * | 2001-09-20 | 2006-05-09 | Lenovo (Singapore) Pte. Ltd. | System and method for connecting a universal serial bus device to a host computer system |
US7167919B2 (en) * | 2001-12-05 | 2007-01-23 | Canon Kabushiki Kaisha | Two-pass device access management |
US20030177388A1 (en) * | 2002-03-15 | 2003-09-18 | International Business Machines Corporation | Authenticated identity translation within a multiple computing unit environment |
US7096333B2 (en) | 2002-07-18 | 2006-08-22 | International Business Machines Corporation | Limited concurrent host access in a logical volume management data storage environment |
US7546452B2 (en) * | 2002-08-20 | 2009-06-09 | Intel Corporation | Hardware-based credential management |
US8065717B2 (en) * | 2002-11-27 | 2011-11-22 | Activcard | Automated security token administrative services |
US20040215650A1 (en) * | 2003-04-09 | 2004-10-28 | Ullattil Shaji | Interfaces and methods for group policy management |
JP4719150B2 (ja) * | 2003-09-17 | 2011-07-06 | パナソニック株式会社 | アプリケーション実行装置、アプリケーション実行方法、集積回路およびプログラム |
US7424610B2 (en) * | 2003-12-23 | 2008-09-09 | Intel Corporation | Remote provisioning of secure systems for mandatory control |
US20050246529A1 (en) * | 2004-04-30 | 2005-11-03 | Microsoft Corporation | Isolated persistent identity storage for authentication of computing devies |
US20050262361A1 (en) | 2004-05-24 | 2005-11-24 | Seagate Technology Llc | System and method for magnetic storage disposal |
US7774824B2 (en) * | 2004-06-09 | 2010-08-10 | Intel Corporation | Multifactor device authentication |
US20070136581A1 (en) * | 2005-02-15 | 2007-06-14 | Sig-Tec | Secure authentication facility |
US7546632B2 (en) * | 2005-02-17 | 2009-06-09 | Cisco Technology, Inc. | Methods and apparatus to configure a network device via an authentication protocol |
US7540014B2 (en) * | 2005-02-23 | 2009-05-26 | Microsoft Corporation | Automated policy change alert in a distributed enterprise |
US7451301B2 (en) * | 2005-03-30 | 2008-11-11 | Intel Corporation | OS independent device management methods and apparatuses having a map providing codes for various activations of keys |
US8619971B2 (en) * | 2005-04-01 | 2013-12-31 | Microsoft Corporation | Local secure service partitions for operating system security |
US7350074B2 (en) * | 2005-04-20 | 2008-03-25 | Microsoft Corporation | Peer-to-peer authentication and authorization |
US7657746B2 (en) | 2005-04-22 | 2010-02-02 | Microsoft Corporation | Supporting statements for credential based access control |
US8972743B2 (en) * | 2005-05-16 | 2015-03-03 | Hewlett-Packard Development Company, L.P. | Computer security system and method |
US8549592B2 (en) | 2005-07-12 | 2013-10-01 | International Business Machines Corporation | Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform |
US7693838B2 (en) * | 2005-11-12 | 2010-04-06 | Intel Corporation | Method and apparatus for securely accessing data |
WO2008046101A2 (en) * | 2006-10-13 | 2008-04-17 | Ariel Silverstone | Client authentication and data management system |
US8166515B2 (en) * | 2006-10-30 | 2012-04-24 | Microsoft Corporation | Group policy for unique class identifier devices |
US7971232B2 (en) * | 2006-10-30 | 2011-06-28 | Microsoft Corporation | Setting group policy by device ownership |
US20080162809A1 (en) * | 2006-12-28 | 2008-07-03 | Rothman Michael A | Operating system-independent remote accessibility to disk storage |
US20080288782A1 (en) * | 2007-05-18 | 2008-11-20 | Technology Properties Limited | Method and Apparatus of Providing Security to an External Attachment Device |
US8467527B2 (en) * | 2008-12-03 | 2013-06-18 | Intel Corporation | Efficient key derivation for end-to-end network security with traffic visibility |
US8453142B2 (en) | 2007-04-26 | 2013-05-28 | Hewlett-Packard Development Company, L.P. | Virtual machine control |
US9178884B2 (en) * | 2007-09-07 | 2015-11-03 | Intel Corporation | Enabling access to remote entities in access controlled networks |
US8078713B1 (en) * | 2008-03-05 | 2011-12-13 | Full Armor Corporation | Delivering policy settings with virtualized applications |
US8543799B2 (en) * | 2008-05-02 | 2013-09-24 | Microsoft Corporation | Client authentication during network boot |
US8909940B2 (en) * | 2008-06-23 | 2014-12-09 | Intel Corporation | Extensible pre-boot authentication |
US20090327702A1 (en) * | 2008-06-27 | 2009-12-31 | Microsoft Corporation | Key Escrow Service |
US9131008B2 (en) * | 2008-09-30 | 2015-09-08 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Discovery profile based unified credential processing for disparate security domains |
US8196177B2 (en) * | 2008-10-16 | 2012-06-05 | International Business Machines Corporation | Digital rights management (DRM)-enabled policy management for a service provider in a federated environment |
US8863268B2 (en) * | 2008-10-29 | 2014-10-14 | Dell Products, Lp | Security module and method within an information handling system |
US8219792B2 (en) * | 2009-10-06 | 2012-07-10 | Dell Products L.P. | System and method for safe information handling system boot |
US20110154023A1 (en) * | 2009-12-21 | 2011-06-23 | Smith Ned M | Protected device management |
US8250638B2 (en) * | 2010-02-01 | 2012-08-21 | Vmware, Inc. | Maintaining the domain access of a virtual machine |
US8370905B2 (en) * | 2010-05-11 | 2013-02-05 | Microsoft Corporation | Domain access system |
US10482254B2 (en) | 2010-07-14 | 2019-11-19 | Intel Corporation | Domain-authenticated control of platform resources |
US9172538B2 (en) * | 2012-04-20 | 2015-10-27 | T-Mobile Usa, Inc. | Secure lock for mobile device |
-
2010
- 2010-07-14 US US12/836,156 patent/US10482254B2/en not_active Expired - Fee Related
-
2011
- 2011-07-08 KR KR1020137000796A patent/KR101471379B1/ko active IP Right Grant
- 2011-07-08 CN CN201180034621.6A patent/CN103003822B/zh not_active Expired - Fee Related
- 2011-07-08 WO PCT/US2011/043411 patent/WO2012009231A2/en active Application Filing
- 2011-07-08 EP EP11807321.2A patent/EP2593898B1/en not_active Not-in-force
- 2011-07-08 JP JP2013519728A patent/JP5592565B2/ja not_active Expired - Fee Related
- 2011-07-12 TW TW100124610A patent/TWI450559B/zh not_active IP Right Cessation
-
2019
- 2019-10-28 US US16/665,656 patent/US11366906B2/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004070875A (ja) * | 2002-08-09 | 2004-03-04 | Alpine Electronics Inc | セキュアシステム |
JP2004355137A (ja) * | 2003-05-27 | 2004-12-16 | Canon Inc | 情報処理システム、情報処理装置、情報処理装置の制御方法、ディスクアレイ装置、ディスクアレイ装置の制御方法、及び制御プログラム |
JP2006268861A (ja) * | 2005-03-24 | 2006-10-05 | Utimaco Safeware Ag | ユーザーデータに対するコンピュータのアクセスを制御する方法および制御装置 |
JP2007066123A (ja) * | 2005-09-01 | 2007-03-15 | Yokogawa Electric Corp | Os起動方法及びこれを用いた装置 |
JP2007148466A (ja) * | 2005-11-24 | 2007-06-14 | Hitachi Software Eng Co Ltd | 可搬型記憶装置及びos |
JP2008052704A (ja) * | 2006-08-28 | 2008-03-06 | Lenovo Singapore Pte Ltd | コンピュータおよび共有パスワードの管理方法 |
US20100169640A1 (en) * | 2008-12-30 | 2010-07-01 | Ned Smith | Method and system for enterprise network single-sign-on by a manageability engine |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016540295A (ja) * | 2013-11-11 | 2016-12-22 | アマゾン テクノロジーズ インコーポレイテッド | 複数のコンピューティング・リソース・サービスにアクセスするための単一の資格認定セット |
US10375013B2 (en) | 2013-11-11 | 2019-08-06 | Amazon Technologies, Inc. | Managed directory service connection |
US10447610B1 (en) | 2013-11-11 | 2019-10-15 | Amazon Technologies, Inc. | Techniques for network redirection |
US10511566B2 (en) | 2013-11-11 | 2019-12-17 | Amazon Technologies, Inc. | Managed directory service with extension |
US10530742B2 (en) | 2013-11-11 | 2020-01-07 | Amazon Technologies Inc. | Managed directory service |
US10908937B2 (en) | 2013-11-11 | 2021-02-02 | Amazon Technologies, Inc. | Automatic directory join for virtual machine instances |
US10509663B1 (en) | 2015-02-04 | 2019-12-17 | Amazon Technologies, Inc. | Automatic domain join for virtual machine instances |
US12061920B2 (en) | 2019-12-16 | 2024-08-13 | Amazon Technologies, Inc. | Automatic domain join for virtual machine instances |
Also Published As
Publication number | Publication date |
---|---|
WO2012009231A3 (en) | 2012-03-29 |
EP2593898B1 (en) | 2017-01-11 |
KR101471379B1 (ko) | 2014-12-24 |
CN103003822A (zh) | 2013-03-27 |
US20200065496A1 (en) | 2020-02-27 |
WO2012009231A2 (en) | 2012-01-19 |
JP5592565B2 (ja) | 2014-09-17 |
EP2593898A2 (en) | 2013-05-22 |
TWI450559B (zh) | 2014-08-21 |
US20120017271A1 (en) | 2012-01-19 |
KR20130044293A (ko) | 2013-05-02 |
TW201225617A (en) | 2012-06-16 |
US10482254B2 (en) | 2019-11-19 |
US11366906B2 (en) | 2022-06-21 |
CN103003822B (zh) | 2016-01-27 |
EP2593898A4 (en) | 2014-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11366906B2 (en) | Domain-authenticated control of platform resources | |
US10489574B2 (en) | Method and system for enterprise network single-sign-on by a manageability engine | |
JP6526181B2 (ja) | スマートカードによるログオンおよび連携されたフルドメインログオン | |
EP2948864B1 (en) | Secure virtual machine migration | |
JP5724118B2 (ja) | 保護デバイス管理 | |
US20070266421A1 (en) | System, method and computer program product for centrally managing policies assignable to a plurality of portable end-point security devices over a network | |
US20130019281A1 (en) | Server Based Remote Authentication for BIOS | |
US9529733B1 (en) | Systems and methods for securely accessing encrypted data stores | |
JP2008171076A (ja) | ジョブ実行装置及びその制御方法 | |
JP6792647B2 (ja) | 監査能力を備えた仮想スマートカード |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20131218 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20131224 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20140319 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20140603 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20140702 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20140707 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20140731 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5592565 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |