公开(公告)号：US10963167B2

公开(公告)日：2021-03-30

申请号：US15858882

申请日：2017-12-29

Applicant: GEMALTO SA ,  SafeNet Inc.

Inventor： Didier Hugot ,  Asad Ali ,  Gorav Arora

IPC: G06F21/79 ,  G06F3/06 ,  G06F21/62 ,  G06F21/60 ,  H04L29/06 ,  G06F21/44 ,  G06F21/31

Abstract: The invention relates to a method for managing data access. The method includes receiving at least one request for accessing data; capturing data relating to at least one current context signal during each data access request; comparing, as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; determining, based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and issuing the data access decision. The invention also relates to corresponding first device, second device and system.

公开(公告)号：US20160085975A1

公开(公告)日：2016-03-24

申请号：US14490093

申请日：2014-09-18

Applicant: SafeNet, Inc.

Inventor： Iqbal Dar ,  Chao Jiang ,  Chris Dunn ,  Shailesh Gajera

IPC: G06F21/62 ,  H04L29/08

CPC classification number: G06F21/62 ,  H04L67/12 ,  H04W12/00522 ,  H04W12/02

Abstract: A secure processing facility has a plurality of workstations, with associated computers to provide data to, and/or receive data from, the workstations. The computers are provided with a visual display unit, and display machine-readable data codes on the display. The computers are provided with a scanner to read the machine-readable data codes on the display of another of the computers. The computers have no other connection to receive or transmit machine readable data. A method of operating the facility includes processing a workpiece at a first workstation. A display of the computer of the first workstation displays a data code containing data related to the processing of the workpiece. The scanner of the computer associated with a second workstation scans the data code. The workpiece is transferred from the first workstation to the second workstation. The workpiece is processed at the second workstation.

Abstract translation: 安全处理设备具有多个工作站，其中相关联的计算机向工作站提供数据和/或从工作站接收数据。 这些计算机设置有可视显示单元，并且在显示器上显示机器可读数据代码。 这些计算机设有扫描仪，用于读取另一台计算机的显示器上的机器可读数据代码。 计算机没有其他连接来接收或发送机器可读数据。 操作该设备的方法包括在第一工作站处处理工件。 第一工作站的计算机的显示器显示包含与工件的处理相关的数据的数据代码。 与第二工作站相关联的计算机的扫描器扫描数据代码。 工件从第一个工作站传送到第二个工作站。 工件在第二个工作站处理。

公开(公告)号：US08935771B2

公开(公告)日：2015-01-13

申请号：US11593170

申请日：2006-11-06

Applicant: Mehdi Sotoodeh

Inventor： Mehdi Sotoodeh

IPC: G06F21/00 ,  G06F21/34 ,  G06F21/79

CPC classification number: G06F21/34 ,  G06F21/79

Abstract: A computer security system may include a removable security device adapted to connect to the input/output port of a computer. The security device may include: a random access memory (RAM) cell; and a processor. The security system may further include: at least one encrypted update packet stored remotely from the security device and adapted to modify the contents of the RAM cell; and a private key located on the security device and adapted to decrypt the update packet; and at least one of a device driver, a software application, and/or a library stored remotely from, and in communication with, the security device and adapted to cause the contents of the at least one cell to be switched out of the cell, stored remotely from the cell, and loaded back into the cell.

Abstract translation: 计算机安全系统可以包括适于连接到计算机的输入/输出端口的可拆卸安全装置。 安全设备可以包括：随机存取存储器（RAM）单元; 和处理器。 所述安全系统还可以包括：至少一个加密的更新包，其从所述安全设备远程存储并适于修改所述RAM单元的内容; 以及私钥，其位于所述安全设备上并且适于对所述更新分组进行解密; 以及从安全设备远程和与之通信的设备驱动程序，软件应用程序和/或库中的至少一个，并且适于使所述至少一个单元的内容被切换出该单元， 从单元远程存储，并加载回单元格。

公开(公告)号：US08379865B2

公开(公告)日：2013-02-19

申请号：US11927228

申请日：2007-10-29

Applicant: Alan H. Frindell ,  Dan Hill ,  Venkitachalam Gopalakrishnan ,  Abdesalam Laqtib ,  Eric Murray

Inventor： Alan H. Frindell ,  Dan Hill ,  Venkitachalam Gopalakrishnan ,  Abdesalam Laqtib ,  Eric Murray

IPC: H04L9/08

CPC classification number: H04L9/14 ,  G06Q10/10 ,  H04L9/083 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/20

Abstract: A novel approach is proposed for centralized administration of a multikey for a plurality of clients at a set of remote office/branch offices (ROBOs). A multikey having a set of properties, permissions, and policies is first associated with a secure item present at one or more of the ROBOs. A set of respective instances of the multikey are then generated for the ROBOs having the secure item, and the set of properties, permissions, and policies are associated with each of the respective instances of the multikey automatically. The instances of the multikey are then provided to the set of ROBOs for the encryption or decryption of the secure item present at the ROBOs.

Abstract translation: 提出了一种用于在一组远程办公室/分支机构（ROBO）上为多个客户端集中管理多键的新颖方法。 具有一组属性，权限和策略的多键头首先与存在于一个或多个ROBO上的安全项相关联。 然后，为具有安全项目的ROBO生成多个密钥的相应实例的集合，并且该组属性，许可和策略自动与多个密钥的各自实例相关联。 然后将多键的实例提供给用于加密或解密存在于ROBO上的安全项目的ROBO组。

公开(公告)号：US20120233378A1

公开(公告)日：2012-09-13

申请号：US13045232

申请日：2011-03-10

Applicant: Laszlo Elteto

Inventor： Laszlo Elteto

IPC: G06F12/00

CPC classification number: G06F9/45558 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: A hypervisor runs on a host computer system and defines at least one virtual machine. An address space of the virtual machine resides on physical memory of the host computer system under control of the hypervisor. A guest operating system runs in the virtual machine. At least one of a host operating system and the hypervisor sets parts of the address space of the host computer system corresponding to parts of the address space of the virtual machine to a locked state in which those parts can be read but not written to.

Abstract translation: 虚拟机管理程序在主机计算机系统上运行，并定义至少一个虚拟机。 虚拟机的地址空间驻留在主机计算机系统的物理内存上，在管理程序的控制下。 客户机操作系统在虚拟机中运行。 主机操作系统和管理程序中的至少一个将与虚拟机的地址空间的一部分相对应的主计算机系统的地址空间的部分设置为可以读取但不写入的部分的锁定状态。

公开(公告)号：US20120179904A1

公开(公告)日：2012-07-12

申请号：US13295602

申请日：2011-11-14

Applicant: Chris Dunn ,  Russell Dietz ,  Philip Snyder ,  Alan H. Frindell

Inventor： Chris Dunn ,  Russell Dietz ,  Philip Snyder ,  Alan H. Frindell

IPC: H04L9/00 ,  H04L9/08

CPC classification number: G06F21/6209 ,  G06F21/575

Abstract: A host computer cloud has a processor and supports a virtual machine. An agent under control of a user is in communication with the cloud over a network. A key management server is in communication with the cloud over a network. The cloud stores the virtual machine in the form of a virtual encrypted disk on a non-volatile storage medium. When commanded by the agent, the cloud requests a disk-wrapping key from the key management server and decrypts the encrypted disk using the disk-wrapping key.

Abstract translation: 主机云具有处理器并支持虚拟机。 在用户控制下的代理通过网络与云通信。 密钥管理服务器通过网络与云通信。 云将虚拟机以虚拟加密磁盘的形式存储在非易失性存储介质上。 当代理人指令时，云从密钥管理服务器请求一个磁盘包装密钥，并使用磁盘包装密钥解密加密的磁盘。

公开(公告)号：US08117221B2

公开(公告)日：2012-02-14

申请号：US12616247

申请日：2009-11-11

Applicant: Laszlo Elteto ,  Henry W. Snyder

Inventor： Laszlo Elteto ,  Henry W. Snyder

IPC: G06F17/30

CPC classification number: G06F21/6227 ,  G06F21/105

Abstract: A system and method for obfuscating a database's schema while preserving its functionality by modifying the original table names, column names, table order, column order, and/or data character set such that the standard order of the original characters is maintained.

Abstract translation: 一种用于模糊数据库模式的系统和方法，同时通过修改原始表名，列名，表顺序，列顺序和/或数据字符集来保持其功能，从而保持原始字符的标准顺序。

公开(公告)号：US08078725B2

公开(公告)日：2011-12-13

申请号：US11906887

申请日：2007-10-04

Applicant: Kaijun Tan ,  Michael L. Cochran ,  Logan Badia

Inventor： Kaijun Tan ,  Michael L. Cochran ,  Logan Badia

IPC: G06F15/173 ,  G06F15/16 ,  G06F21/00

CPC classification number: H04L63/0823 ,  G06F21/10 ,  G06F21/6218 ,  G06F2221/0737 ,  G06F2221/0797 ,  G06F2221/2137 ,  H04L63/04 ,  H04L63/126

Abstract: A method for distributing data over a network includes the steps of establishing a secure connection between a client and a server; issuing a certificate and a private key to the client for identifying the client in a transaction; storing the certificate and the private key in a portable token of the client and used by the client during a transaction, the portable token including a unique distinguishing number and being a physical device removeably coupleable to a client computer; and generating a message linking the data being distributed to the client with at least part of the distinguishing number for the token used by the client during a transaction.

Abstract translation: 一种通过网络分发数据的方法包括以下步骤：在客户端与服务器之间建立安全连接; 向客户发放证书和私钥以识别交易中的客户端; 将证书和私钥存储在客户端的便携式令牌中并且在交易期间由客户端使用，便携式令牌包括唯一的区分号码，并且是可移除地耦合到客户端计算机的物理设备; 以及生成在事务期间用客户端使用的令牌的至少部分区分号码来链接分发给客户端的数据的消息。

公开(公告)号：US08055769B2

公开(公告)日：2011-11-08

申请号：US11906928

申请日：2007-10-04

Applicant: Kaijun Tan ,  Michael L. Cochran ,  Logan Badia

Inventor： Kaijun Tan ,  Michael L. Cochran ,  Logan Badia

IPC: G06F15/173 ,  G06F15/16 ,  G06F21/00

CPC classification number: H04L63/0823 ,  G06F21/10 ,  G06F21/6218 ,  G06F2221/0737 ,  G06F2221/0797 ,  G06F2221/2137 ,  H04L63/04 ,  H04L63/126

Abstract: A method of securely utilizing downloaded data includes the steps of opening a media player; opening a data file; requesting a portable token from and used by a client, the portable token being a physical device removeably coupleable to a client computer; reading a distinguishing number from the token; and verifying a digital message linking the data file to the token using the media player, the distinguishing number, and a private key in the token. The digital message is required to access the data.

Abstract translation: 一种安全地利用下载数据的方法包括打开媒体播放器的步骤; 打开一个数据文件; 从客户端请求便携式令牌并由其使用，该便携式令牌是可移除地耦合到客户端计算机的物理设备; 从令牌读取一个区别的数字; 以及使用所述媒体播放器，所述区分号码和所述令牌中的私钥来验证将所述数据文件链接到所述令牌的数字消息。 需要数字消息才能访问数据。

公开(公告)号：US07895443B2

公开(公告)日：2011-02-22

申请号：US10701029

申请日：2003-11-04

Applicant: Brian Grove ,  Reed H. Tibbetts ,  James Khalaf ,  Laszlo Elteto

Inventor： Brian Grove ,  Reed H. Tibbetts ,  James Khalaf ,  Laszlo Elteto

IPC: H04L9/00 ,  H04L9/32

CPC classification number: G06F21/31 ,  G06F21/34 ,  G06F2221/2129 ,  H04L9/3234 ,  H04L9/3236 ,  H04L9/3271

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.