| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a mechanism that, when an operating system copies data from a memory page into a paging file on a disk in order to free up a space in a memory, protects paged data from unauthorized (or otherwise undesirable) observation by encrypting the copied data. <P>SOLUTION: The data stored in the paging file are encrypted by a session key, and the session key is generated immediately after a machine in which the paging file exists is started. The session key, which is used both for the encryption and decryption of the paging file data, is stored in a volatile memory, so that the session key is not persisted across boots of the machine. Since the session key is not persisted across boots, old paging file data that have been stored prior to the most recent boot cannot be recovered in clear text, thereby protecting the data from observation. <P>COPYRIGHT: (C)2005,JPO&NCIPI</p> |
