TWI497338B - 暫時秘密之保全儲存 - Google Patents

暫時秘密之保全儲存 Download PDF

Info

Publication number
TWI497338B
TWI497338B TW099132069A TW99132069A TWI497338B TW I497338 B TWI497338 B TW I497338B TW 099132069 A TW099132069 A TW 099132069A TW 99132069 A TW99132069 A TW 99132069A TW I497338 B TWI497338 B TW I497338B
Authority
TW
Taiwan
Prior art keywords
key
tpm
storage medium
computing device
storing
Prior art date
Application number
TW099132069A
Other languages
English (en)
Chinese (zh)
Other versions
TW201137663A (en
Inventor
Stefan Thom
Cristian Marius Ilac
Original Assignee
Microsoft Technology Licensing Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing Llc filed Critical Microsoft Technology Licensing Llc
Publication of TW201137663A publication Critical patent/TW201137663A/zh
Application granted granted Critical
Publication of TWI497338B publication Critical patent/TWI497338B/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
TW099132069A 2009-10-13 2010-09-21 暫時秘密之保全儲存 TWI497338B (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/577,846 US8250379B2 (en) 2009-10-13 2009-10-13 Secure storage of temporary secrets

Publications (2)

Publication Number Publication Date
TW201137663A TW201137663A (en) 2011-11-01
TWI497338B true TWI497338B (zh) 2015-08-21

Family

ID=43855773

Family Applications (1)

Application Number Title Priority Date Filing Date
TW099132069A TWI497338B (zh) 2009-10-13 2010-09-21 暫時秘密之保全儲存

Country Status (7)

Country Link
US (1) US8250379B2 (enExample)
EP (1) EP2488987B1 (enExample)
JP (1) JP5643318B2 (enExample)
KR (1) KR101699998B1 (enExample)
CN (1) CN102549594B (enExample)
TW (1) TWI497338B (enExample)
WO (1) WO2011046731A2 (enExample)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8250380B2 (en) * 2009-12-17 2012-08-21 Hitachi Global Storage Technologies Netherlands B.V. Implementing secure erase for solid state drives
US8943329B2 (en) * 2010-03-29 2015-01-27 Lenovo (Singapore) Pte. Ltd. Method and apparatus for sharing an integrity security module in a dual-environment computing device
US8555083B1 (en) * 2010-07-22 2013-10-08 Symantec Corporation Systems and methods for protecting against unauthorized access of encrypted data during power-management modes
WO2012023050A2 (en) 2010-08-20 2012-02-23 Overtis Group Limited Secure cloud computing system and method
JP4966422B1 (ja) * 2011-03-31 2012-07-04 株式会社東芝 情報処理装置及びデータ保護方法
US8375221B1 (en) 2011-07-29 2013-02-12 Microsoft Corporation Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
TWI546695B (zh) * 2011-12-15 2016-08-21 萬國商業機器公司 刪除儲存系統中之內容
US9916456B2 (en) * 2012-04-06 2018-03-13 Security First Corp. Systems and methods for securing and restoring virtual machines
JP5961059B2 (ja) * 2012-07-18 2016-08-02 キヤノン株式会社 情報処理装置およびその起動方法
JP2014096133A (ja) * 2012-10-10 2014-05-22 Ricoh Co Ltd 伝送端末、伝送システム、プログラム
JP6095330B2 (ja) * 2012-11-13 2017-03-15 キヤノン株式会社 情報処理装置及びその制御方法、プログラム
JP5842800B2 (ja) * 2012-12-20 2016-01-13 カシオ計算機株式会社 制御システム、情報処理装置、端末装置、制御方法及び制御プログラム
SG11201508500VA (en) * 2013-04-15 2015-11-27 Amazon Tech Inc Host recovery using a secure store
US10389709B2 (en) * 2014-02-24 2019-08-20 Amazon Technologies, Inc. Securing client-specified credentials at cryptographically attested resources
US9690943B2 (en) * 2014-06-04 2017-06-27 Dell Products L.P. BIOS secure data management system
CN104618096B (zh) * 2014-12-30 2018-10-30 华为技术有限公司 保护密钥授权数据的方法、设备和tpm密钥管理中心
US9565169B2 (en) * 2015-03-30 2017-02-07 Microsoft Technology Licensing, Llc Device theft protection associating a device identifier and a user identifier
CN105847011A (zh) * 2016-03-21 2016-08-10 华为技术有限公司 一种密钥加载方法及设备
CN106295416B (zh) * 2016-08-19 2021-07-16 联想(北京)有限公司 一种唤醒控制方法及电子设备
US11288374B2 (en) 2017-10-31 2022-03-29 Mitsubishi Heavy Industries Machinery Systems. Ltd. Information processing device, method for controlling information processing device, and program
US11431752B2 (en) * 2018-06-22 2022-08-30 Microsoft Technology Licensing, Llc Ex post facto platform configuration attestation
US11652626B2 (en) * 2020-02-18 2023-05-16 International Business Machines Corporation Safeguarding cryptographic keys from modification or deletion
EP4088214A4 (en) * 2020-02-21 2023-08-30 Hewlett-Packard Development Company, L.P. COMPUTING DEVICES FOR ENCRYPTION AND DECRYPTION OF DATA
ES3028669T3 (en) * 2020-09-22 2025-06-19 Keyavi Data Corp Encrypted file control
JP7536630B2 (ja) 2020-12-18 2024-08-20 東芝テック株式会社 制御装置及びその起動方法、ならびに電気機器
TWI783410B (zh) * 2021-03-16 2022-11-11 瑞昱半導體股份有限公司 電子裝置以及其休眠恢復方法
US11960625B2 (en) * 2021-05-06 2024-04-16 Jpmorgan Chase Bank, N.A. Systems and methods for protecting sensitive data in user online activities
US11805108B2 (en) * 2021-05-10 2023-10-31 Vmware, Inc. Secure volume encryption suspension for managed client device updates
US12056496B2 (en) 2022-08-30 2024-08-06 Roku, Inc. Fast boot system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060155988A1 (en) * 2005-01-07 2006-07-13 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
US20080104706A1 (en) * 2006-10-31 2008-05-01 Karp Alan H Transferring a data object between devices

Family Cites Families (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6292899B1 (en) * 1998-09-23 2001-09-18 Mcbride Randall C. Volatile key apparatus for safeguarding confidential data stored in a computer system memory
HK1053916B (zh) * 2000-06-21 2011-07-08 Sony Corporation 信息处理装置及处理方法
DE60228027D1 (de) 2001-07-06 2008-09-18 Texas Instruments Inc Sicherer Bootloader zum Sichern digitaler Geräte
JP2003051819A (ja) * 2001-08-08 2003-02-21 Toshiba Corp マイクロプロセッサ
EP1523705A2 (en) * 2002-03-13 2005-04-20 Matsushita Electric Industrial Co., Ltd. Secure device for preventing unauthorised use of distributed content
US7343493B2 (en) * 2002-03-28 2008-03-11 Lenovo (Singapore) Pte. Ltd. Encrypted file system using TCPA
EP1625470A1 (en) 2003-05-21 2006-02-15 Hewlett-Packard Development Company, L.P. Use of certified secrets in communication
US7210166B2 (en) 2004-10-16 2007-04-24 Lenovo (Singapore) Pte. Ltd. Method and system for secure, one-time password override during password-protected system boot
JP2006197303A (ja) * 2005-01-14 2006-07-27 Matsushita Electric Ind Co Ltd 鍵記録媒体及び再生装置
US7758422B2 (en) * 2005-04-13 2010-07-20 Microsoft Corporation Hard drive authentication
US20070079120A1 (en) 2005-10-03 2007-04-05 Bade Steven A Dynamic creation and hierarchical organization of trusted platform modules
JP2007102450A (ja) * 2005-10-04 2007-04-19 Matsushita Electric Ind Co Ltd コンテンツ記録媒体
US8306918B2 (en) 2005-10-11 2012-11-06 Apple Inc. Use of media storage structure with multiple pieces of content in a content-distribution system
IL171963A0 (en) 2005-11-14 2006-04-10 Nds Ltd Secure read-write storage device
US7444670B2 (en) 2006-03-21 2008-10-28 International Business Machines Corporation Method and apparatus for migrating a virtual TPM instance and preserving uniqueness and completeness of the instance
JP4769608B2 (ja) * 2006-03-22 2011-09-07 富士通株式会社 起動検証機能を有する情報処理装置
JP2008033512A (ja) * 2006-07-27 2008-02-14 Toppan Printing Co Ltd セキュリティチップ及びプラットフォーム
JP2008035449A (ja) * 2006-08-01 2008-02-14 Hitachi Software Eng Co Ltd 自己復号ファイルによるデータ配布方法および該方法を用いた情報処理システム
US7711960B2 (en) 2006-08-29 2010-05-04 Intel Corporation Mechanisms to control access to cryptographic keys and to attest to the approved configurations of computer platforms
US8385551B2 (en) 2006-12-22 2013-02-26 Telefonaktiebolaget L M Ericsson (Publ) Highly available cryptographic key storage (HACKS)
JP2008171487A (ja) * 2007-01-10 2008-07-24 Ricoh Co Ltd データ入力装置、データ出力装置及びデータ処理装置
GB0701518D0 (en) 2007-01-26 2007-03-07 Hewlett Packard Development Co Methods, devices and data structures for protection of data
JP4933946B2 (ja) * 2007-04-18 2012-05-16 株式会社日立製作所 外部記憶装置及び情報漏洩防止方法
US9158920B2 (en) 2007-06-28 2015-10-13 Intel Corporation System and method for out-of-band assisted biometric secure boot
CN101369254A (zh) * 2007-08-15 2009-02-18 联想(北京)有限公司 数据保护方法和设备
US8064605B2 (en) * 2007-09-27 2011-11-22 Intel Corporation Methods and apparatus for providing upgradeable key bindings for trusted platform modules
CN101441601B (zh) * 2007-11-22 2011-03-16 中国长城计算机深圳股份有限公司 一种硬盘ata指令的加密传输的方法及系统
US20100023782A1 (en) 2007-12-21 2010-01-28 Intel Corporation Cryptographic key-to-policy association and enforcement for secure key-management and policy execution
US7971081B2 (en) 2007-12-28 2011-06-28 Intel Corporation System and method for fast platform hibernate and resume
CN101470789A (zh) * 2007-12-28 2009-07-01 中国长城计算机深圳股份有限公司 一种计算机的加解密方法及装置
US20090319772A1 (en) * 2008-04-25 2009-12-24 Netapp, Inc. In-line content based security for data at rest in a network storage system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060155988A1 (en) * 2005-01-07 2006-07-13 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
US20080104706A1 (en) * 2006-10-31 2008-05-01 Karp Alan H Transferring a data object between devices

Also Published As

Publication number Publication date
EP2488987A2 (en) 2012-08-22
JP5643318B2 (ja) 2014-12-17
CN102549594A (zh) 2012-07-04
EP2488987B1 (en) 2020-11-18
EP2488987A4 (en) 2014-06-18
US8250379B2 (en) 2012-08-21
JP2013507715A (ja) 2013-03-04
WO2011046731A2 (en) 2011-04-21
KR20120087128A (ko) 2012-08-06
WO2011046731A3 (en) 2011-07-14
CN102549594B (zh) 2015-04-08
TW201137663A (en) 2011-11-01
US20110087896A1 (en) 2011-04-14
KR101699998B1 (ko) 2017-01-25

Similar Documents

Publication Publication Date Title
TWI497338B (zh) 暫時秘密之保全儲存
JP5837208B2 (ja) 記憶装置のロック解除
US10049215B2 (en) Apparatus and method for preventing access by malware to locally backed up data
US9141815B2 (en) System and method for intelligence based security
JP5475475B2 (ja) プログラム実行装置、制御方法、制御プログラム及び集積回路
US8745386B2 (en) Single-use authentication methods for accessing encrypted data
KR100809977B1 (ko) 집적 시스템 내에서의 보안 운영의 활성화 방법, 보안 운영의 초기화 방법, 암호화된 데이터의 변환 방법 및 집적 시스템 기능의 복원 방법
US9990511B1 (en) Using encrypted backup to protect files from encryption attacks
US10032029B2 (en) Verifying integrity of backup file in a multiple operating system environment
KR101081118B1 (ko) 보안되는 프로그램을 복원하는 컴퓨터 구현 방법, 정보 처리 시스템 및 컴퓨터 판독 가능한 기록 매체
US9378156B2 (en) Information handling system secret protection across multiple memory devices
KR101054981B1 (ko) 프로그램의 콘텍스트를 보안적으로 저장하는 컴퓨터 구현 방법, 정보 처리 시스템 및 컴퓨터 판독 가능한 기록 매체
JP2016025616A (ja) ディスク・ドライブが記憶するデータを保護する方法および携帯式コンピュータ
JP2008072717A (ja) 埋込認証を有するハードディスク・ストリーミング暗号操作
US11231988B1 (en) Systems and methods for secure deletion of information on self correcting secure computer systems
CN113177217A (zh) 拷贝文件的方法及其系统
US11669389B1 (en) Systems and methods for secure deletion of information on self correcting secure computer systems

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees