MY150362A - A system and method for securing data storage - Google Patents
A system and method for securing data storageInfo
- Publication number
- MY150362A MY150362A MYPI2010005168A MYPI2010005168A MY150362A MY 150362 A MY150362 A MY 150362A MY PI2010005168 A MYPI2010005168 A MY PI2010005168A MY PI2010005168 A MYPI2010005168 A MY PI2010005168A MY 150362 A MY150362 A MY 150362A
- Authority
- MY
- Malaysia
- Prior art keywords
- sealing
- integrity
- data
- manager
- verifying
- Prior art date
Links
- 238000000034 method Methods 0.000 title abstract 5
- 238000013500 data storage Methods 0.000 title abstract 4
- 238000007789 sealing Methods 0.000 abstract 16
- 238000012795 verification Methods 0.000 abstract 8
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
ONE EMBODIMENT OF THE PRESENT INVENTION PROVIDES A SYSTEM (100) FOR SECURING DATA STORAGE THAT ASSURES AVAILABILITY OF SEALED DATA UTILIZING MACHINE READABLE INSTRUCTIONS TO PERFORM PROPERTY-BASED SEALING. THE SYSTEM COMPRISING TRUSTED PLATFORM MODULE (TPM) (20), AT LEAST ONE ADMINISTRATOR, A, AND AT LEAST ONE SEALING MANAGER (SM) (10). THE AT LEAST ONE SEALING MANAGER (SM) (10) COMPRISING AT LEAST ONE CONFIGURATION TABLE (CT) (14), AT LEAST ONE VERIFICATION AGENT (VA) (12) AND AT LEAST ONE SEALING SERVICE (SS) (16). ANOTHER EMBODIMENT OF THE PRESENT INVENTION PROVIDES A METHOD (200) FOR SECURING DATA STORAGE THAT ASSURES AVAILABILITY OF SEALED DATA UTILIZING MACHINE READABLE INSTRUCTIONS TO PERFORM PROPERTY-BASED SEALING. THE METHOD COMPRISING STEPS OF ISSUING SEALING COMMAND TO SEALING MANAGER (SM) (10) TO SEAL DATA D AGAINST AT LEAST ONE PREDETERMINED PROPERTY OF MACHINE READABLE INSTRUCTIONS A (202), REQUESTING SEALING MANAGER (SM) (10) TO USE SECRET KEY SK TO ENCRYPT BINDING TOKEN BT (202), VERIFYING INTEGRITY OF CONFIGURATION TABLE (CT) (14) (204), DETERMINING INTEGRITY OF CONFIGURATION TABLE (CT) (14) (206), VERIFYING INTEGRITY OF VERIFICATION AGENT (VA) (12) WHEN INTEGRITY OF CONFIGURATION TABLE (CT) IS VALID (208), DETERMINING INTEGRITY OF VERIFICATION AGENT (VA) (12) (210), VERIFYING MACHINE READABLE INSTRUCTIONS FOR THE AT LEAST ONE PREDETERMINED PROPERTY (212), TRANSMITTING VERIFICATION RESULT TO SEALING MANAGER (SM) (10) (214), CONSTRUCTING AND ENCRYPTING BINDING TOKEN (BT) USING SECRET KEY SK (216); VERIFYING INTEGRITY OF SEALING SERVICE (SS) (16) (218), DETERMINING INTEGRITY OF SEALING SERVICE (SS) (16) (220), SEALING DATA D WITH BINDING TOKEN BT (222) AND TRANSMITTING SEALED DATA Ds TO ADMINISTRATOR, A (224). A FURTHER EMBODIMENT OF THE PRESENT INVENTION PROVIDES A METHOD (300) FOR UNSEALING SECURED DATA IN DATA STORAGE. THE METHOD COMPRISING STEPS OF ISSUING UNSEALING COMMAND TO UNSEAL SEALED DATA Ds (302), REQUESTING SEALING MANAGER (SM) (10) TO USE SECRET KEY SK TO ENCRYPT BINDING TOKEN BT (302), VERIFYING INTEGRITY OF CONFIGURATION TABLE (CT) (14) (304), DETERMINING INTEGRITY OF CONFIGURATION TABLE (CT) (14) (306), VERIFYING INTEGRITY OF VERIFICATION AGENT (VA) (12) WHEN INTEGRITY OF CONFIGURATION TABLE (CT) (14) IS VALID (308), DETERMINING INTEGRITY OF VERIFICATION AGENT (VA) (12) (310), VERIFYING MACHINE READABLE INSTRUCTIONS WHEN INTEGRITY OF VERIFICATION AGENT (VA) (12) IS VALID (312), TRANSMITTING RESULT OF VERIFICATION OF MACHINE READABLE INSTRUCTIONS TO SEALING MANAGER (SM) (10) (314), CONSTRUCTING AND ENCRYPTING BINDING TOKEN (BT) USING SECRET KEY SK (316), VERIFYING INTEGRITY OF SEALING SERVICE (SS) (16) (318), DETERMINING INTEGRITY OF SEALING SERVICE (SS) (16) (320), UNSEALING SEALED DATA Ds USING BINDING TOKEN (BT) TO PRODUCE UNSEALED DATA D (322) AND RETURNING UNSEALED DATA D TO ADMINISTRATOR (A) (324).
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| MYPI2010005168A MY150362A (en) | 2010-11-02 | 2010-11-02 | A system and method for securing data storage |
| PCT/MY2011/000103 WO2012060683A1 (en) | 2010-11-02 | 2011-06-17 | A system and method for securing data storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| MYPI2010005168A MY150362A (en) | 2010-11-02 | 2010-11-02 | A system and method for securing data storage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| MY150362A true MY150362A (en) | 2013-12-31 |
Family
ID=46024653
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| MYPI2010005168A MY150362A (en) | 2010-11-02 | 2010-11-02 | A system and method for securing data storage |
Country Status (2)
| Country | Link |
|---|---|
| MY (1) | MY150362A (en) |
| WO (1) | WO2012060683A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2016025616A (en) | 2014-07-24 | 2016-02-08 | レノボ・シンガポール・プライベート・リミテッド | Method for protecting data stored in disk drive, and portable computer |
| US10177910B2 (en) | 2016-08-31 | 2019-01-08 | Microsoft Technology Licensing, Llc | Preserving protected secrets across a secure boot update |
-
2010
- 2010-11-02 MY MYPI2010005168A patent/MY150362A/en unknown
-
2011
- 2011-06-17 WO PCT/MY2011/000103 patent/WO2012060683A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012060683A1 (en) | 2012-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104320257B (en) | Electronic record verification method and device | |
| US8700893B2 (en) | Key certification in one round trip | |
| CN102427449B (en) | Trusted mobile storage method based on security chips | |
| CN103634114B (en) | The verification method and system of intelligent code key | |
| WO2017062128A3 (en) | Technologies for end-to-end biometric-based authentication and platform locality assertion | |
| BR112015026372B8 (en) | Communication device that enforces security for a file stored on a virtual drive | |
| WO2013068843A3 (en) | Multi-key cryptography for encrypting file system acceleration | |
| WO2017019201A3 (en) | Cryptographic assurances of data integrity for data crossing trust boundaries | |
| Gürgens et al. | Security evaluation of scenarios based on the TCG’s TPM specification | |
| WO2012092423A3 (en) | Extending data confidentiality into a player application | |
| WO2011083343A3 (en) | System and method of enforcing a computer policy | |
| GB2533727A (en) | Registry apparatus, agent device, application providing apparatus and corresponding methods | |
| CN104268477B (en) | A kind of method of controlling security and the network equipment | |
| CN107294710B (en) | Key migration method and device for vTPM2.0 | |
| US8571210B2 (en) | Content protection apparatus and method using binding of additional information to encryption key | |
| CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
| CN106022145A (en) | Cryptograph index-based data query method | |
| CN103812862A (en) | Dependable security cloud computing composition method | |
| CN104954137A (en) | Method of virtual machine security certification based on domestic password technique | |
| CN108491215A (en) | A kind of unmanned plane firmware protection system | |
| CN102957541B (en) | A kind of cipher encrypting method based on SAAS | |
| MY151315A (en) | System and method for issuing endorsement key credential in trusted computing environment using local certificate authority | |
| MY150362A (en) | A system and method for securing data storage | |
| EP3720042B1 (en) | Method and device for determining trust state of tpm, and storage medium | |
| GB201108816D0 (en) | A secure computer network |