METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION
    1.
    发明申请
    METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION 有权
    用于启动设备和用户认证的方法,设备和计算机程序产品

    公开(公告)号:US20110093938A1

    公开(公告)日:2011-04-21

    申请号:US12123135

    申请日:2008-05-19

    IPC分类号: H04L9/32

    摘要: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device

    摘要翻译: 设备可以包括处理器,其被配置为从包括远程设备的公开密钥的远程设备接收安全证书请求,以及基于远程设备的遗留认证机制的认证证书。 处理器还可以被配置为根据传统认证机制来验证所接收的认证证书。 处理器可以被额外地配置为生成用于公钥的安全证书。 处理器可以被进一步配置为向远程设备提供生成的安全证书

    Methods, apparatuses, and computer program products for bootstrapping device and user authentication
    2.
    发明授权
    Methods, apparatuses, and computer program products for bootstrapping device and user authentication 有权
    用于自举设备和用户认证的方法,设备和计算机程序产品

    公开(公告)号:US08869252B2

    公开(公告)日:2014-10-21

    申请号:US12123135

    申请日:2008-05-19

    IPC分类号: H04L9/32 G06F21/31 H04L29/06

    摘要: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device.

    摘要翻译: 设备可以包括处理器,其被配置为从包括远程设备的公开密钥的远程设备接收安全证书请求,以及基于远程设备的遗留认证机制的认证证书。 处理器还可以被配置为根据传统认证机制来验证所接收的认证证书。 处理器可以被额外地配置为生成用于公钥的安全证书。 处理器可以被进一步配置为向远程设备提供生成的安全证书。

    Implementation of an integrity-protected secure storage
    4.
    发明授权
    Implementation of an integrity-protected secure storage 有权
    实施完整性保护的安全存储

    公开(公告)号:US09171187B2

    公开(公告)日:2015-10-27

    申请号:US11128676

    申请日:2005-05-13

    IPC分类号: G06F21/78 G06F21/71 G06F21/62

    摘要: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.

    摘要翻译: 为包括包括安全处理器的第一集成电路的设备提供内部但未集成的安全令牌。 安全令牌由与第一电路分开的第二集成电路提供。 第二集成电路包括安全的非易失性存储器。 安全处理器以安全的方式将信息传送到第二电路,以将安全信息安全地存储在安全的非易失性存储器中,并且第二集成电路将存储在其安全非易失性存储器中的信息传送到安全处理器 安全的方式。 通信是通过密码保护的。 第一集成电路和第二集成电路是器件的内部部件。 还公开了一种用于分发要在电路之间共享并将用于密码学中的安全密钥的初始化方法。

    Method and Apparatus to Reset Platform Configuration Register in Mobile Trusted Module
    5.
    发明申请
    Method and Apparatus to Reset Platform Configuration Register in Mobile Trusted Module 有权
    移动可信任模块中重置平台配置寄存器的方法和装置

    公开(公告)号:US20120311315A1

    公开(公告)日:2012-12-06

    申请号:US13578955

    申请日:2011-02-14

    IPC分类号: G06F15/177

    CPC分类号: G06F21/57

    摘要: In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting (2) a value of a platform configuration register identified by a reference integrity metric to reflect a measurement value provided by the reference integrity metric, and responding to an attestation request (0) with an attestation response (5) including dynamic information from the platform configuration register that was reset and system state information from a non-resettable platform configuration register.

    摘要翻译: 根据本发明的示例性实施例,至少有一种计算机指令的方法,装置和可执行程序,用于执行建立和初始化一组平台配置寄存器的操作,其中平台配置寄存器的第一子集被定义为 不可复位,并且平台配置寄存器的第二子集被定义为可重置,将初始启动系统状态信息存储在一个或多个不可重置的平台配置寄存器中,动态地重置(2)平台配置寄存器的值 由参考完整性度量标识,以反映由参考完整性度量提供的测量值,以及响应具有认证响应(5)的认证请求(5),该证明响应(5)包括来自重置的平台配置寄存器的动态信息,以及来自 一个不可重置的平台配置寄存器。

    METHOD AND APPARATUS FOR IDENTITY BASED TICKETING
    6.
    发明申请
    METHOD AND APPARATUS FOR IDENTITY BASED TICKETING 审中-公开
    基于身份识别的方法和装置

    公开(公告)号:US20140298016A1

    公开(公告)日:2014-10-02

    申请号:US14111007

    申请日:2011-04-13

    IPC分类号: H04L9/14 H04L9/30

    摘要: A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.

    摘要翻译: 一种装置存储用户特定凭证的方法,装置,系统和计算机程序,经由通信接口从证书机构接收证书并将证书存储在存储器中。 该设备还将私有密钥和公共密钥存储在存储器中,并尝试通过发送一个或多个消息来向售票机读取器认证该设备以访问服务,其中消息包含认证器,该认证器具有至少一个 以下:证书或其加密衍生物; 由证书或其加密派生物包含的一个或多个数据项。 消息准备好使得公钥不能从认证者的外面恢复。

    CREDENTIAL PROVISIONING
    7.
    发明申请
    CREDENTIAL PROVISIONING 有权
    资格认证

    公开(公告)号:US20100266128A1

    公开(公告)日:2010-10-21

    申请号:US12738616

    申请日:2007-10-16

    IPC分类号: H04L9/08

    摘要: Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (2-2); using the family key for securing credential data; submitting said secured credential data to the security element (2-4); using the family key for binding an application to the family; and submitting said binding to the security element (2-5). Also a method in a related security element and related apparatuses, systems and computer programs are disclosed.

    摘要翻译: 公开了一种供应装置中的方法。 该方法包括获得家庭密钥,定义家庭的家庭密钥; 以安全的方式将家庭密钥提交给安全要素(2-2); 使用家庭密钥来确保凭证数据; 将所述安全凭证数据提交给安全元件(2-4); 使用家庭密钥将申请绑定到家庭; 并将所述绑定提交给安全元件(2-5)。 还公开了相关安全元件和相关装置,系统和计算机程序中的方法。

    System and method for dynamically enforcing digital rights management rules
    8.
    发明授权
    System and method for dynamically enforcing digital rights management rules 有权
    动态执行数字版权管理规则的系统和方法

    公开(公告)号:US07529929B2

    公开(公告)日:2009-05-05

    申请号:US10161082

    申请日:2002-05-30

    摘要: A system and method for enforcing digital rights management (DRM) rules in a terminal, even when the requesting rendering application is already operating. Content, which may be encrypted, is received at the terminal and securely stored. On-demand authorization is effected for the rendering application that is requesting access to the content, using secure communications between a DRM engine within the terminal and an operating system within the terminal that is augmented with a security manager adapted to engage in such secure communications. If the rendering application is found to be authorized, the DRM rules are applied to determine whether the rendering application may access the content, and if so, the content is made available to the rendering application.

    摘要翻译: 一种用于在终端中执行数字权限管理(DRM)规则的系统和方法,即使当请求的呈现应用程序已经在运行时。 可以加密的内容在终端处被接收并被安全地存储。 对正在请求访问内容的呈现应用程序进行按需授权,使用终端内的DRM引擎与终端内的操作系统之间的安全通信,所述操作系统用适于参与这种安全通信的安全管理器来增强。 如果发现渲染应用程序被授权,则应用DRM规则来确定呈现应用程序是否可以访问该内容,如果是,那么该内容可用于呈现应用程序。

    Method and Apparatus to Provide Attestation with PCR Reuse and Existing Infrastructure
    10.
    发明申请
    Method and Apparatus to Provide Attestation with PCR Reuse and Existing Infrastructure 审中-公开
    提供PCR再利用和现有基础设施认证的方法和设备

    公开(公告)号:US20120324214A1

    公开(公告)日:2012-12-20

    申请号:US13579013

    申请日:2011-02-16

    IPC分类号: G06F21/00

    摘要: The exemplary embodiments or the invention provide at least a method, apparatus, and program of computer instructions to perform operations including receiving a challenge from a prover device, reading and saving an old value of a selected platform configuration register, obtaining at least one measurement or property and forming a new platform configuration register value, where the forming includes calculating a cryptographic hash over the old value of the platform configuration register and the obtained at least one measurement or property, triggering, with the trusted software, an attestation by sending a challenge to a trusted platform module/mobile platform module, and sending by the prover device a device certificate, attestation, at least one measurement or property, and old platform configuration register value to the verifier. Further, the exemplary embodiments or the invention teach sending a challenge to a trusted software of a prover device, and receiving by the verifier device a device certificate, attestation, at least one measurement or property, and an old platform configuration register value from the prover device, checking by the verifier device that extending the old platform configuration register value with the at least one measurement or property results in a new platform configuration register value that has been attested, and using the new platform configuration register value in attestation of the prover device.

    摘要翻译: 示例性实施例或本发明提供至少一种计算机指令的方法,装置和程序,以执行操作,包括从证明者设备接收挑战,读取和保存所选择的平台配置寄存器的旧值,获得至少一个测量或 属性并形成新的平台配置寄存器值,其中形成包括计算平台配置寄存器的旧值和所获得的至少一个测量或属性的加密散列,通过发送挑战触发与可信软件的认证 到可信任的平台模块/移动平台模块,并且由验证者设备向验证者发送设备证书,认证,至少一个测量或属性以及旧平台配置寄存器值。 此外,示例性实施例或本发明教导了向验证器设备的可信软件发送挑战,并且由验证器设备从验证器接收设备证书,认证,至少一个测量或属性以及旧平台配置寄存器值 设备,由验证者设备检查扩展旧的平台配置寄存器值与至少一个测量或属性导致已经被证明的新的平台配置寄存器值,并且使用新的平台配置寄存器值来证明证明器设备 。