585 results about "Disk encryption" patented technology

A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed.

A relational database system for encryption of individual data elements comprising a encryption devices of at least two different types, the types being tamper-proof hardware and software implemented. The encryption processes of the system are of at least two different security levels, differing in the type of encryption device holding the process keys for at least one of the process key categories and also differing in which type of device executing the algorithm of the process. Each data element to be protected is assigned an attribute indicating the usage of encryption process of a certain security level.

The invention refers to a system, apparatus and method for carrying out a SIM-based authentication of a user accessing a WLAN, without having provided yet an IP connectivity, along with a layer-2 encryption mechanism for protecting the path between the Terminal Equipment and the Mobile network. Therefore, the invention provides a method for establishing a PPP-tunnelling for AKA dialogues between the terminal and an Access Controller for accessing the mobile network owning the SIM. The invention also provides an Access Controller (AC) comprising a Point-to-Point over Ethernet (PPPOE) server for tunnelling AKA dialogues from a PPP-client installed in the terminal for the same purpose, and also comprising a Traffic Router and a RADIUS-client. The AC thus including a RADIUS-client is interposed between a RADIUS-proxy accessed from the access points (AP) in the WLAN and the mobile network where SIM-based authentication is carried out.

An encryption method that is largely transparent to a user is accomplished by intercepting a change document or open document command, carrying out an encryption or decryption process, and then completing the command on an encrypted or decrypted file. The encryption method can be used in a wide variety of environments, such as an individual computer program, a database or electronic messaging over the Internet. The encryption method can select from a plurality of encryption algorithms. The encryption method can also allow just a portion of a document to be encrypted, placed in a container, and then be represented by an object linking and embedding (“OLE”) container object or other representation supported by the file.

According to one embodiment, an encryption system (500) includes an input buffer (504) that can provide data blocks from different contexts (522-1 to 522-n) to a selected encryption circuit (524-1 to 524-m) according to a scheduling section (502). A scheduling section (502) can include a register array (510) having rows that each correspond to a context and columns that correspond to an encryption circuit. Each register array (510) row can store one “hot” bit that designates a context with a particular encryption circuit. A column can be selected by a multiplexer (514) and its values prioritized and encoded by a priority encoder (518) to generate an address that results in the selection of a data block from a particular context. Priority may be varied by shifting a column value with a rotate circuit (516) according to an offset value (OFFSET).

Systems and methods for security hardening of a file in transit and at rest via segmentation, shuffling and multi-key encryption are presented. The method including segmenting at a first computer system a file into a plurality of file segments, and encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys. Additionally included is bidirectional data transformation of a file by obfuscating at a first computer system digital values of the file in order to generate corresponding obfuscated digital values of the file, wherein the obfuscated digital values of the file retain their contextual integrity and referential integrity

Provided are a method, system, and article of manufacture for configuring a storage drive to communicate with encryption and key managers. A storage drive receives a request to access a coupled removable storage media for drive operations. The storage drive obtains encryption status for the coupled removable storage media from an encryption manager. The storage drive determines from the obtained encryption status whether to encrypt the coupled removable storage media to access. The storage drive obtains at least one key from a key manager in response to determining to encrypt with respect to the coupled removable storage media. The storage drive performs data operations using the at least one key to encrypt data.

One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.

There is disclosed a system and method for file encryption and decryption. In an embodiment, a method of encrypting a file on backup media involves encrypting clear data using a data encryption key applied to a data encryption algorithm and outputting encrypted data; storing the encrypted data on the backup media; encrypting the data encryption key using a reference cryptographic key applied to a key encryption algorithm and outputting an encrypted data encryption key; and storing the encrypted data encryption key and reconstitution data in a header of the backup media. The encrypted data may be subsequently decrypted by identifying the reference cryptographic key using the reference cryptographic key name; applying the reference cryptographic key to a key decryption algorithm to decrypt the encrypted data encryption key; and applying the decrypted data encryption key to a data decryption algorithm to decrypt the encrypted data.

It is sometimes desirable to protect a design used in a PLD from being copied. If the design is stored in a different device from the PLD and read into the PLD through a bitstream, an unencrypted bitstream could be observed and copied as it is being loaded. According to the invention, a bitstream for configuring a PLD with an encrypted design includes unencrypted words for controlling loading of the configuration bitstream and encrypted words that actually specify the design.

An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.

The invention relates to a method for encrypting or decrypting a sequence of successive data words in a data communications device, the method comprising executing an algorithm in which a sequence of quasi-random encryption words is generated from predetermined start values by performing operations in a finite group, and in which a respective one of the encryption words is combined with a respective one of the data words.

An encryption method includes displaying encryption target data on a display screen as an image, performing first acceptance in which designation of an at least partial region of the displayed image is accepted, performing second acceptance in which designation regarding splitting of the designated at least partial region is accepted, and splitting data that is included in the encryption target data and corresponds to the designated at least partial region in accordance with the designation regarding the splitting under a secret sharing scheme.

A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.

The invention discloses a data encryption mobile storage management method based on a virtual disk. The method includes the following steps: 1) writing an encryption roll identification in the head portion of the mobile storage device and building a virtual magnetic disc encryption roll in the mobile storage device; 2) checking the encryption roll identification when the mobile storage device is inserted in a designated computer and processing as a common mobile storage device if the encryption roll identification is not correct and executing the next step otherwise; 3) checking encryption roll information head of the virtual disc according to a mounting command and executing the next step if the check passes; 4) mounting the encryption roll of the virtual disk, calling virtual disk drive program with an encryption and decryption module to read and write the virtual disk encryption roll, enabling the encryption and decryption module to encrypt and decrypt in real time automatically and finally automatically unloading the virtual disk encryption roll when discharging the mobile storage device. The method has the advantages of being safe and reliable in information storage, flexible in security policy configuration, capable of simply and conveniently managing the portable storage device and high-efficient and transparent in data encryption and decryption processing.

The invention discloses a system and method for full disk encryption based on hardware. The method comprises the following steps: (1) performing registration and binding on a blank encryption hard disk of a host and a certification UKey through a registration center; storing a certification program and an identity key to a reserved area of the encryption hard disk; storing the identity key, an encryption Key and the certification program through the UKey; (2) prior to electrification of the host, inserting the UKey in the host; (3) after electrification, executing encryption hard disk and UKey mutual authentication; (4) after the authentication is successful, through the encryption hard disk, storing the Key obtained from the UKey in a buffer area memory undergoing power down loss; through an encryption and decryption module, using the Key to decrypt data and starting an operating system of the host; and (5) after the operating system is started, through the encryption and decryption module, utilizing the Key to decrypt read data, encrypt read-in data and then store the read-in data to an encrypted data storage area of the encryption hard disk. The system and method for full disk encryption based on the hardware greatly improves hard disk data security.

The invention discloses a file encryption and decryption method based on cloud storage. The file encryption and decryption method comprises the following steps of starting file write to a cloud storage platform by an application terminal, and conducting fragmentation storing on a file by the cloud storage platform; conducting distributed encryption on the file which is stored in the cloud storage platform in a fragmentation mode by an encryption and decryption platform; conducting distributed decryption on the file which is stored in the cloud storage platform in the fragmentation mode by the encryption and decryption platform. The invention further provides a file encryption and decryption system based on the cloud storage. According to the technical scheme, repeated file fragmentation and aggregation processes are reduced, waste of computing capability is avoided, and meanwhile the processing speed of encryption and decryption is improved.