利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

20 条记录 (耗时 0.069 秒)

    SECURE KEY DERIVATION AND CRYPTOGRAPHY LOGIC FOR INTEGRATED CIRCUITS
    2.
    发明申请
    SECURE KEY DERIVATION AND CRYPTOGRAPHY LOGIC FOR INTEGRATED CIRCUITS 有权
    集成电路的安全关键衍生和拼接逻辑

    公开(公告)号:US20140189365A1

    公开(公告)日:2014-07-03

    申请号:US13730829

    申请日:2012-12-29

    申请人: George W. Cox David Johnston Jiangtao Li Anand Rajan

    发明人: George W. Cox David Johnston Jiangtao Li Anand Rajan

    IPC分类号: G06F21/72

    CPC分类号: G06F21/72 G06F21/52 G06F21/73 G09C1/00 H04L9/0866 H04L2209/12

    摘要: A processor of an aspect includes root key generation logic to generate a root key. The root key generation logic includes a source of static and entropic bits. The processor also includes key derivation logic coupled with the root key generation logic. The key derivation logic is to derive one or more keys from the root key. The processor also includes cryptographic primitive logic coupled with the root key generation logic. The cryptographic primitive logic is to perform cryptographic operations. The processor also includes a security boundary containing the root key generation logic, the key derivation logic, and the cryptographic primitive logic. Other processors, methods, and systems are also disclosed.

    摘要翻译: 一方面的处理器包括生成根密钥的根密钥生成逻辑。 根密钥生成逻辑包括静态和熵位的源。 处理器还包括与根密钥生成逻辑耦合的密钥导出逻辑。 密钥推导逻辑是从根密钥导出一个或多个密钥。 处理器还包括与根密钥生成逻辑耦合的加密原语逻辑。 加密原语逻辑是执行加密操作。 处理器还包括包含根密钥生成逻辑,密钥导出逻辑和密码原语逻辑的安全边界。 还公开了其他处理器,方法和系统。

    METHOD AND APPARATUS FOR A NON-DETERMINISTIC RANDOM BIT GENERATOR (NRBG)
    4.
    发明申请
    METHOD AND APPARATUS FOR A NON-DETERMINISTIC RANDOM BIT GENERATOR (NRBG) 有权
    非确定性随机位发生器(NRBG)的方法和装置

    公开(公告)号:US20150055778A1

    公开(公告)日:2015-02-26

    申请号:US13976175

    申请日:2011-12-29

    申请人: George W. Cox David Johnston Martin G. Dixon Stephen A. Fischer Jason W. Brandt

    发明人: George W. Cox David Johnston Martin G. Dixon Stephen A. Fischer Jason W. Brandt

    IPC分类号: H04L9/08 G06F7/58

    CPC分类号: H04L9/0869 G06F7/588 G06F9/30007 H04L9/0662 H04L2209/24

    摘要: A hardware-based digital random number generator is provided. In one embodiment, a processor includes a digital random number generator (DRNG) to condition entropy data provided by an entropy source, to generate a plurality of deterministic random bit (DRB) strings, and to generate a plurality of nondeterministic random bit (NRB) strings, and an execution unit coupled to the DRNG, in response to a first instruction to read a seed value, to retrieve one of the NRB strings from the DRNG and to store the NRB string in a destination register specified by the first instruction.

    摘要翻译: 提供了一种基于硬件的数字随机数发生器。 在一个实施例中,处理器包括数字随机数发生器(DRNG),用于对熵源提供的熵数据进行条件生成,以产生多个确定性随机位(DRB)串,并产生多个非确定性随机位(NRB) 响应于读取种子值的第一指令,从DRNG检索NRB字符串中的一个并将NRB字符串存储在由第一指令指定的目的地寄存器中,耦合到DRNG的执行单元。

    Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
    5.
    发明授权
    Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware 有权
    使用防篡改硬件的安全信任锚配置和保护的设备,方法和系统

    公开(公告)号:US08954735B2

    公开(公告)日:2015-02-10

    申请号:US13631562

    申请日:2012-09-28

    申请人: Ned M. Smith David Johnston George W. Cox Adi Shaliv

    发明人: Ned M. Smith David Johnston George W. Cox Adi Shaliv

    IPC分类号: H04L29/06

    CPC分类号: H04L63/061 H04L9/0822 H04L9/0866 H04L9/3231 H04L63/0861 H04L2209/127

    摘要: A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.

    摘要翻译: 用于安全地配置信任锚的方法和设备包括生成作为计算设备硬件的函数的数据库包装密钥。 数据库包装器密钥在密钥数据库不被可信执行环境使用时加密,并且可以使用物理不可克隆功能(PUF)生成密钥数据库。 本地计算设备与远程计算设备建立安全连接和安全协议。 在建立安全连接时,本地计算设备和远程计算设备可以交换和/或验证密码密钥,包括增强型隐私标识(EPID)密钥,并建立会话密钥和设备标识符。 根据单方面,双边或多边信托是否建立了一个或多个信托基金。 本地计算设备可以充当组或域控制器来建立多边信任。 任何设备也可能要求验证用户存在。

    DEVICE, METHOD, AND SYSTEM FOR SECURE TRUST ANCHOR PROVISIONING AND PROTECTION USING TAMPER-RESISTANT HARDWARE
    8.
    发明申请
    DEVICE, METHOD, AND SYSTEM FOR SECURE TRUST ANCHOR PROVISIONING AND PROTECTION USING TAMPER-RESISTANT HARDWARE 有权
    使用防潮硬件安全信赖锚定器和保护的装置,方法和系统

    公开(公告)号:US20140095867A1

    公开(公告)日:2014-04-03

    申请号:US13631562

    申请日:2012-09-28

    申请人: Ned M. Smith David Johnston George W. Cox Adi Shaliv

    发明人: Ned M. Smith David Johnston George W. Cox Adi Shaliv

    IPC分类号: H04L29/06 H04L9/32 G06F17/30 H04L9/00 H04L9/08

    CPC分类号: H04L63/061 H04L9/0822 H04L9/0866 H04L9/3231 H04L63/0861 H04L2209/127

    摘要: A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.

    摘要翻译: 用于安全地配置信任锚的方法和设备包括生成作为计算设备硬件的函数的数据库包装密钥。 数据库包装器密钥在密钥数据库不被可信执行环境使用时加密,并且可以使用物理不可克隆功能(PUF)生成密钥数据库。 本地计算设备与远程计算设备建立安全连接和安全协议。 在建立安全连接时,本地计算设备和远程计算设备可以交换和/或验证密码密钥,包括增强型隐私标识(EPID)密钥,并建立会话密钥和设备标识符。 根据单方面,双边或多边信托是否建立了一个或多个信托基金。 本地计算设备可以充当组或域控制器来建立多边信任。 任何设备也可能要求验证用户存在。

    PROVIDING ACCESS TO ENCRYPTED DATA
    9.
    发明申请
    PROVIDING ACCESS TO ENCRYPTED DATA 审中-公开
    提供访问加密数据

    公开(公告)号:US20140032933A1

    公开(公告)日:2014-01-30

    申请号:US13557079

    申请日:2012-07-24

    申请人: Ned M. Smith George W. Cox David Johnston

    发明人: Ned M. Smith George W. Cox David Johnston

    IPC分类号: G06F21/24

    CPC分类号: H04L9/0866 G06F21/31 G06F21/6209 G06F21/74 G06F2221/2107 H04L9/0822 H04L9/3226

    摘要: Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed.

    摘要翻译: 这里公开了与为授权用户提供对加密数据的访问相关联的方法,系统和存储介质的实施例。 在一个实例中,该方法可以包括基于认证用户的用户个性化数据获得经认证的用户的导出值,并且基于导出的值生成用户特定加密密钥。 导出值可能具有超过预定水平的熵。 用户专用加密密钥可以使经认证的用户能够访问存储在存储设备上的加密数据。 可以描述和/或要求保护其他实施例。