Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.

Abstract: A method of avoiding a second login of user information in an encrypted disk computer system includes a communications path for transferring user login information. The login information is acquired and used by a first software module which authenticates the user to decrypt a disk with an encrypted operating system. The same login information is transferred using the communications channel to a second use which logs the user into the decrypted operating system. The method also supports multiple users through maintenance of multiple users credentials.

Abstract: In a storage system, multiple information units are individually associated with an access control policy (ACP) of multiple ACPs. Each respective information unit corresponds to a respective information unit encryption key (IUEK). The multiple information units are grouped into encryption zones based on their associated ACPs. In a described implementation, each ACP is associated with a zone root key (ZRK). In another described implementation, each IUEK corresponding to a given information unit is encrypted by an IUEK corresponding to an information unit at a most-proximate linked node of the storage system.

Abstract: Disclosed herein is a technique for certifying distributable objects. The technique involves creating a certification for each distributable object to indicate properties of the object. Using certifications such as this, it is possible to accept objects having certain properties only from specified entities.

Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.

Abstract: In a storage system, multiple information units are individually associated with an access control policy (ACP) of multiple ACPs. Each respective information unit corresponds to a respective information unit encryption key (IUEK). The multiple information units are grouped into encryption zones based on their associated ACPs. In a described implementation, each ACP is associated with a zone root key (ZRK). In another described implementation, each IUEK corresponding to a given information unit is encrypted by an IUEK corresponding to an information unit at a most-proximate linked node of the storage system.

Abstract: A method of avoiding a second login of user information in an encrypted disk computer system includes a communications path for transferring user login information. The login information is acquired and used by a first software module which authenticates the user to decrypt a disk with an encrypted operating system. The same login information is transferred using the communications channel to a second use which logs the user into the decrypted operating system. The method also supports multiple users through maintenance of multiple users credentials.