-
公开(公告)号:US08566913B2
公开(公告)日:2013-10-22
申请号:US13100357
申请日:2011-05-04
申请人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Kenneth B. Kerr , Richard V. Kisley , Michael J. Kelly , Eric D. Rossman , Eric B. Smith
发明人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Kenneth B. Kerr , Richard V. Kisley , Michael J. Kelly , Eric D. Rossman , Eric B. Smith
IPC分类号: H04L29/06
CPC分类号: H04L9/088 , H04L9/0897 , H04L2209/56
摘要: A system for secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.
摘要翻译: 提供了一种用于安全密钥管理的系统。 该系统包括计算机处理器和被配置为在计算机处理器上执行实施方法的应用的应用。 该方法包括填充与密钥相关联的一部分信息,该部分的信息被填充有与随时间累积的密钥的保护级别相关的信息。 安全密钥管理还包括将该部分信息安全地绑定到密钥,其中密钥被加密。
-
公开(公告)号:US20120308001A1
公开(公告)日:2012-12-06
申请号:US13150592
申请日:2011-06-01
IPC分类号: H04L9/06
CPC分类号: H04L9/0841 , H04L9/0877 , H04L9/088 , H04L2209/20
摘要: Key creation includes sending a first public key part from a first system to a second system, receiving a second public key part sent by the second system to the first system and establishing a first secret material in the first system using the first and second public key parts, wherein the first secret material is identical to a second secret material established on the second system using the first and second key parts. Key creation also includes binding key control information to the first secret material in the first system, wherein the key control information includes information relating to key type and key management and deriving a first key material from the combination of the key control information and the first secret material, wherein the first key material is identical to a second key material derived by the second system.
摘要翻译: 密钥创建包括将第一公钥部分从第一系统发送到第二系统,接收由第二系统发送给第一系统的第二公共密钥部分,并使用第一和第二公钥在第一系统中建立第一秘密资料 其中所述第一秘密材料与使用所述第一和第二关键部分在所述第二系统上建立的第二秘密材料相同。 密钥创建还包括将密钥控制信息绑定到第一系统中的第一秘密资料,其中密钥控制信息包括与密钥类型和密钥管理有关的信息,并从密钥控制信息和第一密钥的组合中导出第一密钥资料 材料,其中所述第一密钥材料与由所述第二系统导出的第二密钥材料相同。
-
公开(公告)号:US20120281836A1
公开(公告)日:2012-11-08
申请号:US13100354
申请日:2011-05-04
申请人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
发明人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
IPC分类号: H04L9/00
CPC分类号: H04L9/088 , H04L9/0897 , H04L2209/56
摘要: A system for implementing secure key management is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.
摘要翻译: 提供了一种实现安全密钥管理的系统。 该系统包括计算机处理器和被配置为在计算机处理器上执行实施方法的应用的应用。 该方法包括填充与密钥相关联的一部分信息,该部分填充与如何创建密钥相关的信息。 该方法还包括使用与安全模块如何获取密钥有关的信息来填充该部分; 以及将所述部分绑定到所述密钥,其中所述密钥被加密。
-
4.发明授权Combining key control information in common cryptographic architecture services 有权将密钥控制信息结合在通用的密码体系结构服务中公开(公告)号:US08953789B2
公开(公告)日:2015-02-10
申请号:US13150448
申请日:2011-06-01
IPC分类号: H04L9/00
CPC分类号: H04L9/088 , H04L9/0877 , H04L2209/56
摘要: A system includes a processor configured to perform a method, the method comprising receiving a first key token, second key token and a request to combine the first key token with the second key token, identifying a key type of the first key token and a key type of the second key token, determining whether the key type of the first key token may be combined with the key type of the second key token, combining the first key token with the second key token to create a third key token responsive to determining that the key type of the first key token may be combined with the key type of the second key token, and outputting the third key token.
摘要翻译: 系统包括被配置为执行方法的处理器,该方法包括:接收第一密钥令牌,第二密钥令牌和将第一密钥令牌与第二密钥令牌组合的请求,识别第一密钥令牌的密钥类型和密钥 类型的第二密钥令牌,确定第一密钥令牌的密钥类型是否可以与第二密钥令牌的密钥类型组合,将第一密钥令牌与第二密钥令牌组合以创建第三密钥令牌,以响应于确定 可以将第一密钥令牌的密钥类型与第二密钥令牌的密钥类型组合,并输出第三密钥令牌。
-
公开(公告)号:US08789210B2
公开(公告)日:2014-07-22
申请号:US13100693
申请日:2011-05-04
申请人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
发明人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
IPC分类号: G06F11/00
CPC分类号: G06F21/602 , H04L9/088 , H04L9/0897
摘要: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.
摘要翻译: 提供了一种用于安全密钥管理的计算机程序产品。 计算机程序产品包括可由处理电路读取的有形存储介质,并且存储用于由处理电路执行的用于创建令牌并用密钥材料填充令牌的指令,以及将密钥控制信息绑定到密钥材料的指令。 密钥控制信息包括关于填充一个或多个密钥使用字段的密钥材料的使用的信息,所述密钥使用字段定义限制可以用密钥材料执行的动作的属性。
-
公开(公告)号:US20120237023A1
公开(公告)日:2012-09-20
申请号:US13047344
申请日:2011-03-14
申请人: Todd W. Arnold , Elizabeth A. Dames , Thomas J. Dewkett , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
发明人: Todd W. Arnold , Elizabeth A. Dames , Thomas J. Dewkett , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
IPC分类号: H04L9/00
CPC分类号: H04L9/0897
摘要: A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.
摘要翻译: 提供了一种实现计算机安全的系统。 该系统包括计算机处理器和被配置为在计算机处理器上执行的应用程序,该应用程序实现一种方法,该方法包括使用密钥材料创建令牌和填充令牌的有效载荷部分,并且选择包装方法,该方法指定密钥材料 安全地绑定到关键控制信息。 令牌中的关键控制信息的结构与包装方法无关。 实施计算机安全还包括将密钥材料和密钥控制信息绑定到令牌中的密钥材料。 关键控制信息包括与密钥材料的使用和管理有关的信息。
-
公开(公告)号:US08755527B2
公开(公告)日:2014-06-17
申请号:US13100639
申请日:2011-05-04
申请人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
发明人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Michael J. Kelly , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
IPC分类号: H04L9/08
CPC分类号: H04L9/0822 , H04L9/088 , H04L9/0897
摘要: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.
摘要翻译: 提供了用于安全密钥管理的计算机程序产品。 计算机程序产品包括可由处理电路读取的有形存储介质,并且存储用于由处理电路执行的用于创建令牌并用密钥材料填充令牌的指令,以及将密钥控制信息绑定到密钥材料的指令。 密钥控制信息包括关于填充一个或多个密钥管理字段的密钥材料的管理的信息,所述密钥管理字段定义限制密钥资料分发的属性。
-
8.发明授权公开(公告)号:US08675871B2
公开(公告)日:2014-03-18
申请号:US13118951
申请日:2011-05-31
IPC分类号: H04L9/00
CPC分类号: H04L9/0894
摘要: A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block.
摘要翻译: 提供了一种计算机程序产品,并且包括可由处理电路读取的有形存储介质,并在其上存储指令以供处理电路执行以验证传递给参数数据库的参数,计算控制向量CV数据所需的长度, 根据计算结果将可选块转换为标准化密钥块的格式,同时将转换的CV复制到可选块中并更新标准化密钥块中的可选块数据。
-
公开(公告)号:US08619990B2
公开(公告)日:2013-12-31
申请号:US13095226
申请日:2011-04-27
申请人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
发明人: Todd W. Arnold , Elizabeth A. Dames , Carsten D. Frehr , Kenneth B. Kerr , Richard V. Kisley , Eric D. Rossman , Eric B. Smith
CPC分类号: H04L9/08 , H04L9/083 , H04L9/0877 , H04L9/30
摘要: A system for creating a secure key is provided that includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a key control information section of the token with a value to indicate a minimum number of key parts used to form a key. Creating the secure key also includes populating a payload section of the token with a first key part, binding the key control information section to the payload section, adding a second key part to the first key part and iterating the value and binding the key control information section to the payload section after the second key part has been added. Creating the secure key further includes indicating the key is complete, wherein the key comprises a combination of the first and second key parts.
摘要翻译: 提供了一种用于创建安全密钥的系统,其包括计算机处理器和被配置为在计算机处理器上执行的应用程序,所述应用程序实现包括创建令牌的方法,并且以指示值的值填充令牌的密钥控制信息部分 用于形成钥匙的最少数量的关键部件。 创建安全密钥还包括用第一密钥部分填充令牌的有效载荷部分,将密钥控制信息部分绑定到有效负载部分,向第一密钥部分添加第二密钥部分,并迭代该值并绑定密钥控制信息 在添加第二个关键部分之后的部分到有效载荷部分。 创建安全密钥还包括指示密钥是完整的,其中密钥包括第一和第二密钥部分的组合。
-
公开(公告)号:US20120311324A1
公开(公告)日:2012-12-06
申请号:US13118978
申请日:2011-05-31
IPC分类号: H04L9/32
CPC分类号: H04L9/0894
摘要: A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes checking whether information to be translated between a key token and a key block is valid and, in an event a result of the checking is affirmative, preparing an output by translating the information between the key token and the key block such that the key token and the key block each include key control information cryptographically bound to key material via a wrapping method of the key token and the key block, respectively. The key control information of the key block is related to the key control information of the key token following the translation and disambiguation information for guiding the translation specified prior to or during the translation.
摘要翻译: 提供了一种计算机程序产品,并且包括可由处理电路读取的有形存储介质,并且其上存储有用于执行方法的处理电路执行的指令。 该方法包括检查在密钥令牌和密钥块之间要翻译的信息是否有效,并且在检查结果是肯定的情况下,通过在密钥令牌和密钥块之间翻译信息来准备输出,使得 密钥令牌和密钥块各自包括通过密钥令牌和密钥块的包装方法密钥地绑定到密钥材料的密钥控制信息。 密钥块的密钥控制信息与用于指导在翻译之前或期间指定的翻译的翻译和消歧信息之后的密钥令牌的密钥控制信息相关。
-
-
-
-
-
-
-
-
-
搜索结果
26 条记录 (耗时 0.014 秒)
