Processing

Please wait...

Settings

Settings

Goto Application

1. WO2015142970 - RAPID DATA PROTECTION FOR STORAGE DEVICES

Publication Number WO/2015/142970
Publication Date 24.09.2015
International Application No. PCT/US2015/021125
International Filing Date 18.03.2015
Chapter 2 Demand Filed 03.11.2015
IPC
G06F 21/74 2013.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71to assure secure computing or processing of information
74operating in dual or compartmented mode, i.e. at least one secure mode
G06F 21/78 2013.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
78to assure secure storage of data
CPC
G06F 21/602
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
602Providing cryptographic facilities or services
G06F 21/74
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71to assure secure computing or processing of information
74operating in dual or compartmented mode, i.e. at least one secure mode
G06F 21/78
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
78to assure secure storage of data
H04L 2209/24
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2209Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
24Key scheduling, i.e. generating round keys or sub-keys for block encryption
H04L 9/0816
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
Applicants
  • MICROSOFT TECHNOLOGY LICENSING, LLC [US]/[US]
Inventors
  • BASMOV, Innokentiy
  • NYSTRÖM, Magnus Bo Gustaf
  • FERGUSON, Niels T.
  • SEMENKO, Alex M.
Agents
  • GODDAR, Heinz
Priority Data
14/221,10520.03.2014US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) RAPID DATA PROTECTION FOR STORAGE DEVICES
(FR) PROTECTION RAPIDE DE DONNÉES POUR DISPOSITIFS DE STOCKAGE
Abstract
(EN) A computing device uses a data encryption and decryption system that includes a trusted runtime and an inline cryptographic processor. The trusted runtime provides a trusted execution environment, and the inline cryptographic processor provides decryption and encryption of data in-line with storage device read and write operations. When a portion (e.g., partition) of a storage device is defined, the trusted runtime generates an encryption key and provides the encryption key to the inline cryptographic processor, which uses the encryption key to encrypt data written to the portion and decrypt data read from the portion. Access to the portion can be subsequently protected by associating the key with authentication credentials of a user or other entity. The trusted runtime protects the encryption key based on an authentication key associated with the authentication credentials, allowing subsequent access to the encryption key only in response to the proper authentication credentials being provided.
(FR) L'invention concerne un dispositif informatique qui utilise un système de cryptage et décryptage de données qui comprend un moteur d'exécution de confiance et un processeur cryptographique en ligne. Le moteur d'exécution de confiance fournit un environnement d'exécution de confiance, et le processeur cryptographique en ligne assure le décryptage et le cryptage de données en ligne avec des opérations de lecture et d'écriture de dispositif de stockage. Lorsqu'une partie (par exemple, une partition) d'un dispositif de stockage est définie, le moteur d'exécution de confiance génère une clé de cryptage et fournit la clé de cryptage au processeur cryptographique en ligne, qui utilise la clé de cryptage pour crypter des données écrites dans la partie et décrypter des données lues dans la partie. L'accès à la partie peut être ensuite protégé par association de la clé à des justificatifs d'authentification d'un utilisateur ou autre entité. Le moteur d'exécution de confiance protège la clé de cryptage sur la base d'une clé d'authentification associée aux justificatifs d'authentification, autorisant un accès ultérieur à la clé de cryptage seulement en réponse à la fourniture des justificatifs d'authentification corrects.
Latest bibliographic data on file with the International Bureau