| 发明名称 |
Method and system for contained cryptographic separation |
| 摘要 |
To provide for cryptographic separation, embodiments of the invention employ containment mechanisms provided by trusted operating systems to ensure that plaintext data which must be encrypted in accordance with a security policy (or, in reverse, ciphertext data which is to be decrypted) is processed by a suitable encryption routine before being sent onwards for transmission, storage, or the like. Such containment mechanisms usually include mandatory system access control rules which specify to which system resources the output of a system resource (such as an application) may be supplied. By specifying a suitable set of such rules, mandatory encryption can be enforced at the operating system kernel level. |
| 申请公布号 |
US8806222(B2) |
申请公布日期 |
2014.08.12 |
| 申请号 |
US200611335824 |
申请日期 |
2006.01.20 |
| 申请人 |
Hewlett-Packard Development Company, L.P. |
发明人 |
Rees Robert Thomas Owen |
| 分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for data encryption comprising:
a computer containing one or more programs implementing: an encryption engine; a plaintext data system resource and a ciphertext data system resource both of which run on a single operating system; and operating system elements that ensure that data passing between said plaintext data system resource and said ciphertext data system resource is processed by the encryption engine so as to be encrypted or decrypted, as appropriate and that ensure transfer of data via other data paths between said plaintext data system resource and said ciphertext data system resource that avoid the encryption engine be prevented, wherein the operating system elements comprise a set of the communications rules that define a mandatory path along which data must be routed between the plaintext system resource and the ciphertext system resource. |
| 地址 |
Houston TX US |
