| Patent application number | Description | Published |
|---|
| 20090063108 | Compatible trust in a computing device - A method and apparatus for executing a first executable code image having a first version number into a memory of a device in an attempt to establish an operating environment of the device are described. The first executable code image retrieves a second version number from the second executable code image after successfully authenticating the second executable code image. If the first version number and the second version number do not satisfy a predetermined relationship, the second executable code image is prevented from being loaded by the first executable code image. | 03-05-2009 |
| 20090257595 | Single Security Model In Booting A Computing Device - A method and apparatus for securely booting software components in an electronic device to establish an operating environment are described herein. According to an aspect of the invention, software components are to be executed in sequence in order to establish an operating environment of a device. For each software component, a security code is executed to authenticate and verify an executable code image associated with each software component using one or more keys embedded within a secure ROM (read-only memory) of the device and one or more hardware configuration settings of the device. The security code for each software component includes a common functionality to authenticate and verify the executable code image associated with each software component. In response to successfully authenticating and verifying the executable code image, the executable code image is then executed in a main memory of the device to launch the associated software component. | 10-15-2009 |
| 20090259855 | Code Image Personalization For A Computing Device - A method and apparatus for personalizing a software component to be executed in particular environment are described herein. According to an aspect of the invention, in response to an executable code image representing a software component to be installed in an electronic device, the executable code image is encrypted using an encryption key. The encryption key is then wrapped with a UID that uniquely identifies the electronic device, where the UID is embedded within a secure ROM of the electronic device. The wrapped encryption key and the encrypted executable code image are then encapsulated into a data object to be stored in a storage of the electronic device, such that when the electronic device is subsequently initialized for operation, the executable code image can only be recovered using the UID of the electronic device to retrieve a decryption key in order to decrypt the executable code image. | 10-15-2009 |
| 20110252232 | SYSTEM AND METHOD FOR WIPING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys. | 10-13-2011 |
| 20110252233 | SYSTEM AND METHOD FOR BACKING UP AND RESTORING FILES ENCRYPTED WITH FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata. | 10-13-2011 |
| 20110252234 | SYSTEM AND METHOD FOR FILE-LEVEL DATA PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data. | 10-13-2011 |
| 20110252236 | SYSTEM AND METHOD FOR SYNCHRONIZING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating data synchronization between devices. The method includes sending a host identifier and pairing record to a second device having a file system encrypted on a per file and on a per class basis for a set of classes, receiving from the second device a sync ticket containing encryption keys for the set of classes, and storing the sync ticket. Also disclosed is a method for synchronizing encrypted data between devices. This method includes receiving, at a first device having a file system encrypted on a per file and on a per class basis, a sync ticket containing encryption keys from a second device, retrieving an escrow key bag containing protection class keys, decrypting protection class keys based on the sync ticket, and synchronizing data with the second device based on the decrypted protection class keys. | 10-13-2011 |
