利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

19 条记录 (耗时 0.015 秒)

    End-to-end network security with traffic visibility
    2.
    发明公开
    End-to-end network security with traffic visibility 有权
    与流量可视性终端到端到端的网络安全

    公开(公告)号:EP2068526A3

    公开(公告)日:2012-07-11

    申请号:EP08253608.7

    申请日:2008-11-05

    申请人: Intel Corporation

    发明人: Long, Men Walker, Jesse Durham, David Millier, Marc Grewal, Karanvir

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0428 H04L9/0631 H04L9/3242 H04L63/08 H04L63/1466 H04L63/168 H04L2209/12 H04L2209/38

    摘要: End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.

    Efficient key derivation for end-to-end network security with traffic visibility
    3.
    发明公开
    Efficient key derivation for end-to-end network security with traffic visibility 有权
    EffizienteSchlüsselableitungfürEnd-to-End-Netzwerksicherheit mit Verkehrssichtbarkeit

    公开(公告)号:EP2194671A2

    公开(公告)日:2010-06-09

    申请号:EP09252688.8

    申请日:2009-11-27

    申请人: Intel Corporation (INTEL)

    发明人: Long, Men Walker, Jesse Grewal, Karanvir

    IPC分类号: H04L9/08 H04L9/06

    CPC分类号: H04L9/0866 H04L9/0631 H04L63/0428 H04L63/06 H04L2209/125

    摘要: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: c ⁢ l ⁢ i ⁢ e ⁢ n ⁢ t _ k ⁢ e ⁢ y _ M ⁢ S ⁢ B = A ⁢ E ⁢ S ⁢ 128 b ⁢ a ⁢ s ⁢ e _ k ⁢ e ⁢ y _ 1 , c ⁢ l ⁢ i ⁢ e ⁢ n ⁢ t _ ID , c ⁢ l ⁢ i ⁢ e ⁢ n ⁢ t _ k ⁢ e ⁢ y _ L ⁢ S ⁢ B = A ⁢ E ⁢ S ⁢ 128 ⁢ b ⁢ a ⁢ s ⁢ e _ k ⁢ e ⁢ y _ 2 , c ⁢ l ⁢ i ⁢ e ⁢ n ⁢ t _ I ⁢ D + p ⁢ ad , a ⁢ n ⁢ d client_key = client_key_MSB ∥ client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

    摘要翻译: 端到端安全性和流量可视性可以通过使用控制器的系统来实现,所述控制器基于在每个数据分组中传送的导出密钥和客户端标识符来导出每个客户端不同的密码密钥。 控制器将派生密钥分发给信息技术监控设备和服务器,以提供流量可视性。 对于较大的密钥大小,密钥可以使用以下推导公式得出:c ¢l ¢ ¢ ¢¢ ¢¢ ¢¢y ¢ ¢¢¢¢¢¢¢¢¢ ¢ ¢ ¢¢¢¢¢¢ ¢¢¢ ¢¢¢y¢¢¢¢¢¢ ¢¢¢,,,,,,,,,,,,, ¢ ¢ ¢ ¢ ¢¢ ¢L ¢ ¢¢¢¢¢¢¢¢¢¢¢ ¢ ¢¢k ¢ ¢¢¢¢¢¢¢¢¢¢¢¢ ¢ ¢¢¢¢¢¢d d d d d d d d d d d d d client_key = client_key_MSB¥client_key_LSB,其中(1)和(2)并行执行。 可以使用客户端密钥和客户端标识符,以便可以实现端到端的安全性。

    End-to-end network security with traffic visibility
    6.
    发明公开
    End-to-end network security with traffic visibility 有权
    端到端Netzwerksicherheit mit Verkehrssichtbarkeit

    公开(公告)号:EP2068526A2

    公开(公告)日:2009-06-10

    申请号:EP08253608.7

    申请日:2008-11-05

    申请人: Intel Corporation

    发明人: Long, Men Walker, Jesse Durham, David Millier, Marc Grewal, Karanvir

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0428 H04L9/0631 H04L9/3242 H04L63/08 H04L63/1466 H04L63/168 H04L2209/12 H04L2209/38

    摘要: End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.

    摘要翻译: 公开了客户端与服务器之间的端到端安全性,以及通过组合模式,单通道加密和使用两个密钥的认证实现的中间网络设备的流量可见性。 在各种实施例中,组合加密认证单元包括密码单元和与密码单元并行耦合的认证单元,并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签,其中 认证和加密密钥具有不同的密钥值。 在各种实施例中,密码单元以AES计数器模式操作,并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能,同时允许 中间设备访问用于解密数据的加密密钥,而不提供该设备损害在端到端设备之间保留的数据完整性的能力。

    Apparatus and method for deriving keys for securing peer links
    7.
    发明公开
    Apparatus and method for deriving keys for securing peer links 审中-公开
    装置和方法,用于导出密钥来保护对等链路

    公开(公告)号:EP2034659A2

    公开(公告)日:2009-03-11

    申请号:EP08251114.8

    申请日:2008-03-27

    申请人: Intel Corporation (INTEL)

    发明人: Zhao, Meiyusan Walker, Jesse

    IPC分类号: H04L9/08

    CPC分类号: H04L9/0844 H04L2209/80

    摘要: Apparatus and methods to establish a secure peer-to-peer link in which the construction of a link authentication and key encryption keys are separated from the session encryption key are described herein. In an embodiment, a secure peer-to-peer link is established in a wireless mesh network.

    摘要翻译: 仪器和方法来建立,其中链路认证和密钥加密密钥的建设是从会话加密密钥中描述分离的安全对等网络连接。 ,实施例中的安全的对等链路被建立在无线网状网络。

    Using authenticated manifests to enable external certification of multi-processor platforms
    9.
    发明公开
    Using authenticated manifests to enable external certification of multi-processor platforms 有权
    Verwendung authentifizierter Manifestefürdie Aktivierung externer Zertifizierungen von Multiprozessorplattformen

    公开(公告)号:EP2889800A1

    公开(公告)日:2015-07-01

    申请号:EP14192166.8

    申请日:2014-11-06

    申请人: Intel Corporation

    发明人: Scarlata, Vincent R. Johnson, Simon P. Beker, Vladimir Walker, Jesse Rozas, Carlos V. Santoni, Amy L. Anati, Ittai Makaram, Raghunandan Mckeen, Francis X. Savagaonkar, Uday R.

    IPC分类号: G06F21/74

    CPC分类号: G06F12/1466 G06F21/74 G06F2212/1052

    摘要: Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a plurality of processing devices communicatively coupled to the architecturally protected memory, each processing device comprising a first processing logic to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory, or preventing an unauthorized access to the architecturally protected memory; wherein each processing device further comprises a second processing logic to establish a secure communication channel with a second processing device of the processing system, employ the secure communication channel to synchronize a platform identity key representing the processing system, and transmit a platform manifest comprising the platform identity key to a certification system.

    摘要翻译: 用于将输出表面位图安全传送到显示引擎的系统和方法。 一个示例处理系统包括:架构受保护的存储器; 以及多个处理设备,通信地耦合到架构保护的存储器,每个处理设备包括第一处理逻辑,以通过执行驻留在架构受保护的存储器中的指令中的至少一个来执行架构保护的执行环境,或者防止未授权的 访问架构保护的内存; 其中每个处理设备还包括第二处理逻辑,用于与所述处理系统的第二处理设备建立安全通信信道,使用所述安全通信信道来同步代表所述处理系统的平台标识密钥,并发送包括所述平台的平台清单 认证系统的身份密钥。

    Efficient key derivation for end-to-end network security with traffic visibility
    10.
    发明授权
    Efficient key derivation for end-to-end network security with traffic visibility 有权
    最终到终端的网络安全高效的密钥推导与流量可视性

    公开(公告)号:EP2194671B1

    公开(公告)日:2014-10-22

    申请号:EP09252688.8

    申请日:2009-11-27

    申请人: Intel Corporation

    发明人: Long, Men Walker, Jesse Grewal, Karanvir

    IPC分类号: H04L9/08 H04L9/06

    CPC分类号: H04L9/0866 H04L9/0631 H04L63/0428 H04L63/06 H04L2209/125

    摘要: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: c �¢ l �¢ i �¢ e �¢ n �¢ t _ k �¢ e �¢ y _ M �¢ S �¢ B = A �¢ E �¢ S �¢ 128 b �¢ a �¢ s �¢ e _ k �¢ e �¢ y _ 1 , c �¢ l �¢ i �¢ e �¢ n �¢ t _ ID , c �¢ l �¢ i �¢ e �¢ n �¢ t _ k �¢ e �¢ y _ L �¢ S �¢ B = A �¢ E �¢ S �¢ 128 �¢ b �¢ a �¢ s �¢ e _ k �¢ e �¢ y _ 2 , c �¢ l �¢ i �¢ e �¢ n �¢ t _ I �¢ D + p �¢ ad , a �¢ n �¢ d client_key = client_key_MSB ˆ¥ client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.