| 发明名称 |
Securing Encrypted Virtual Hard Disks |
| 摘要 |
Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key. |
| 申请公布号 |
US2016004885(A1) |
申请公布日期 |
2016.01.07 |
| 申请号 |
US201514855824 |
申请日期 |
2015.09.16 |
| 申请人 |
Citrix Systems, Inc. |
发明人 |
Nord Joseph;Gaylor Timothy;Tucker Benjamin Elliot |
| 分类号 |
G06F21/79;G06F21/60;H04L9/08;H04L9/14 |
主分类号 |
G06F21/79 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
receiving, by a computing device, a request to decrypt at least a first portion of a data storage encrypted using a first key; retrieving, by the computing device, a first encryption secret from a first location and a second encryption secret from a second location; generating, by the computing device, a second key using the first and second encryption secrets, the second key being different from the first key; decrypting, by the computing device, a second portion of the data storage using the second key, wherein the second portion of the data storage stores the first key; and decrypting, by the computing device, the at least a first portion of the data storage using the first key. |
| 地址 |
Fort Lauderdale FL US |
