| 发明名称 |
Regulating access using information regarding a host machine of a portable storage drive |
| 摘要 |
Described herein are techniques for regulating access to a portable storage drive, that stores an operating system securely, using information regarding a host machine. In accordance with some of the techniques described herein, when a portable storage drive that stores an operating system securely is to be accessed by a host machine, information regarding the host machine, such as information regarding the hardware of the host machine, may be retrieved and evaluated to determine whether to grant access to the host machine. When the host machine is granted access, the host machine may access secured data stored on the portable storage drive in any suitable manner. In some cases, accessing the secured data may include decrypting the secured data and transferring decrypted data to another storage of the host machine. The decrypted information may include an operating system that is booted by the host machine. |
| 申请公布号 |
US9183415(B2) |
申请公布日期 |
2015.11.10 |
| 申请号 |
US201113309204 |
申请日期 |
2011.12.01 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Adam Preston Derek;Vinayak Sai;Ureche Octavian T.;Thom Stefan;Soni Himanshu;Voicu Nicolae |
| 分类号 |
G06F15/177;G06F1/24;H04L29/06;G06F21/00;G06F7/04;G06F17/30;H04N7/16;G06F12/00;G06F21/78;G06F21/40;G06F21/72;G06F21/73;H04L9/08 |
主分类号 |
G06F15/177 |
| 代理机构 |
|
代理人 |
Churna Timothy;Yee Judy;Minhas Micky |
| 主权项 |
1. A method for enabling a host machine to access a portable storage drive having stored thereon an unencrypted program, an operating system, and a boot sector, the portable storage drive storing encrypted data, the encrypted data comprising the operating system, the method performed by the host machine and comprising:
as part of a boot sequence being performed by the host machine, loading the program from the portable storage device to run on the host machine, the portable storage device storing encrypted keys unique to respective host machines that are particularly authorized to boot the portable storage device; receiving, by the program, a first key from a trusted platform module of the host machine and using, by the program, the first key to attempt a decryption operation to determine if the host machine is permitted access to the portable storage device, and the program: based on a determination that the host machine is permitted access to the portable storage device, responding by using the first key to obtain a decrypted key by decrypting a one of the encrypted keys retrieved from the portable storage drive that corresponds to the host machine; based on a determination that the host machine is not permitted access to the portable storage device, responding by prompting a user of the host machine to provide a credential, and responding to receiving the credential by determining that the credential is valid and in response providing the encrypted key in unencrypted form to the host machine; and performing decryption on the operating system according to the key received from the portable storage device and attempting to boot, as part of the boot sequence, correspondingly decrypted executable code of the operating system from the portable storage device. |
| 地址 |
Redmond WA US |
