-
公开(公告)号:US08165300B2
公开(公告)日:2012-04-24
申请号:US12717401
申请日:2010-03-04
CPC分类号: G06F21/34 , G06F21/32 , H04L9/0822 , H04L9/0897 , H04L9/14 , H04L9/3231 , H04L9/3271
摘要: A system, method, and program product is provided that uses environments to control access to encryption keys. A request for an encryption key and an environment identifier is received. If the encryption key is not associated with the environment identifier, the request is denied. If they are associated, the system receives user-supplied environment authentication data items from a user. Examples of environment authentication data include passwords, user identifiers, user biometric data (e.g., fingerprint scan, etc.), smart cards, and the like. The system retrieves stored environment authentication data items from a secure (e.g., encrypted) storage location. The retrieved stored environment authentication data items correspond to the environment identifier that was received. The received environment authentication data items are authenticated using the retrieved stored environment authentication data items. If the authentication is successful, the user is allowed use of the requested encryption key, otherwise, the request is denied.
摘要翻译: 提供了一种使用环境来控制对加密密钥的访问的系统,方法和程序产品。 接收到加密密钥和环境标识符的请求。 如果加密密钥与环境标识符不相关联,则请求被拒绝。 如果它们相关联,则系统从用户接收用户提供的环境认证数据项。 环境认证数据的示例包括密码,用户标识符,用户生物特征数据(例如,指纹扫描等),智能卡等。 系统从安全(例如,加密的)存储位置检索存储的环境认证数据项。 检索到的存储环境认证数据项对应于接收到的环境标识符。 接收到的环境认证数据项使用检索到的存储环境认证数据项进行认证。 如果认证成功,则允许用户使用所请求的加密密钥,否则请求被拒绝。
-
92.发明授权Method for securely creating an endorsement certificate in an insecure environment 有权在不安全的环境中安全地创建背书证书的方法公开(公告)号:US07861079B2
公开(公告)日:2010-12-28
申请号:US11858977
申请日:2007-09-21
IPC分类号: H04L29/06
CPC分类号: G06F21/602 , G06F21/57 , G06F2221/2117 , H04L9/0877 , H04L9/3236 , H04L9/3263
摘要: A method and system for ensuring security-compliant creation and signing of endorsement keys of manufactured TPMs. The endorsement keys are generated for the TPM. The TPM vendor selects an N-byte secret and stores the N-byte secret in the TPM along with the endorsement keys. The secret number cannot be read outside of the TPM. The secret number is also provided to the OEM's credential server. During the endorsement key (EK) credential process, the TPM generates an endorsement key, which comprises both the public key and a hash of the secret and the public key. The credential server matches the hash within the endorsement key with a second hash of the received public key (from the endorsement key) and the vendor provided secret. The EK certificate is generated and inserted into the TPM only when a match is confirmed.
摘要翻译: 一种用于确保制造TPM的签注密钥的安全兼容创建和签名的方法和系统。 为TPM生成认可密钥。 TPM供应商选择一个N字节的秘密,并将N字节的秘密与支持密钥一起存储在TPM中。 无法在TPM之外读取密码。 秘密编号也提供给OEM的凭据服务器。 在认可密钥(EK)凭证处理过程中,TPM产生一个签名密钥,其包括公开密钥和密钥的散列以及公开密钥。 凭证服务器将签名密钥内的散列与接收到的公钥(来自认可密钥)和供应商提供的秘密的第二散列进行匹配。 仅当匹配确认时,EK证书才会生成并插入到TPM中。
-
93.发明申请公开(公告)号:US20090241164A1
公开(公告)日:2009-09-24
申请号:US12051271
申请日:2008-03-19
CPC分类号: G06F21/57
摘要: A system, method, and program product is provided that detects whether a network adapter has been removed from a computer system. If the network adapter, such as a wireless network adapter, has been removed from the computer system, then a tamper evident indicator (e.g., bit) is set in a nonvolatile memory area of the computer system. In addition, a hard drive password is set to a different password according to a hard drive password policy. The hard drive password controls access to files stored on the hard drive. In one embodiment, the power-on password is also changed to a new password so that the user has to enter the new power-on password when initializing the computer system in order to access the files stored on the computer system.
摘要翻译: 提供了一种检测网络适配器是否已从计算机系统中移除的系统,方法和程序产品。 如果诸如无线网络适配器的网络适配器已经从计算机系统移除,则在计算机系统的非易失性存储器区域中设置防窃启指示符(例如位)。 此外,根据硬盘驱动器密码策略,将硬盘驱动器密码设置为不同的密码。 硬盘驱动器密码控制对存储在硬盘驱动器上的文件的访问。 在一个实施例中,开机密码也被改变为新的密码,使得当初始化计算机系统以便访问存储在计算机系统上的文件时,用户必须输入新的开机密码。
-
公开(公告)号:US07581252B2
公开(公告)日:2009-08-25
申请号:US10894565
申请日:2004-07-20
IPC分类号: G06F11/00
CPC分类号: G06F21/80 , G06F21/567 , G06F2221/2151
摘要: A computer system includes a security subsystem which is able to trustfully track which files or storage areas of a storage device have been altered since a last virus scan. The trusted information can then be used to accelerate scans for undesirable code or data such as viruses and invalid or corrupt registry entries. In the case of viruses, files or storage areas which have been altered are scanned against a super-set of virus definitions. Unaltered files or storage areas are scanned against a subset of virus definitions.
摘要翻译: 计算机系统包括安全子系统,该子系统能够信任地跟踪自上次病毒扫描以来存储设备的哪些文件或存储区域被改变。 然后,可信信息可用于加速扫描不期望的代码或数据,如病毒和无效或损坏的注册表项。 在病毒的情况下,已经被更改的文件或存储区域被扫描超过一组病毒定义。 未修改的文件或存储区域将针对病毒定义的一部分进行扫描。
-
公开(公告)号:US07523319B2
公开(公告)日:2009-04-21
申请号:US11282055
申请日:2005-11-16
IPC分类号: G06F12/00
CPC分类号: G06F3/064 , G06F3/0623 , G06F3/0676 , G06F3/0677 , G06F12/0866 , G06F21/64 , G06F21/80
摘要: When data changes in LBAs of a disk storage, the IDs of changed LBAs are written to a cache, with the LBAs being hashed to render a hash result. The hash result and contents of the cache are written to a file on the disk, the cache flushed, and the hash result written back to the cache for hashing together with subsequent changed LBAs. The process repeats. In this way, the hash result in the most current file on the disk can be compared with the hash result in cache, and if the two match, it indicates that the files on the disk contain an accurate record of changed LBAs.
摘要翻译: 当磁盘存储器的LBA中的数据更改时,更改的LBA的ID被写入高速缓存,其中LBA被散列以呈现散列结果。 哈希结果和缓存的内容被写入磁盘上的一个文件,缓冲区被刷新,哈希结果被写回高速缓存,以及随后改变的LBA的散列。 该过程重复。 以这种方式,可以将磁盘上最新文件的哈希结果与缓存中的哈希结果进行比较,如果两者匹配,则表示磁盘上的文件包含已更改的LBA的准确记录。
-
96.发明申请公开(公告)号:US20080244569A1
公开(公告)日:2008-10-02
申请号:US11693927
申请日:2007-03-30
IPC分类号: G06F9/455
CPC分类号: G06F21/57 , G06F9/45558 , G06F2009/4557 , G06F2009/45587
摘要: A system, method, and program product is provided that executes a start sequence of an information handling system that includes a hardware based TPM. Multiple PCRs are stored in the TPM and are initialized to a predetermined state when the start sequence commences. During execution of the start sequence, software modules, including a hypervisor, are loaded the system's memory. PCR values resulting from the loading of the software modules are calculated. The resulting PCR values are compared with expected PCR values. If the PCR values match the expected PCR values, then a virtual environment is created under the hypervisor. The virtual environment includes a VM and a virtual trust platform module (vTPM) that is used by the virtual machine to satisfy the virtual machines TPM requests.
摘要翻译: 提供了一种执行包括基于硬件的TPM的信息处理系统的起始序列的系统,方法和程序产品。 多个PCR存储在TPM中,并且当开始序列开始时被初始化为预定状态。 在执行启动序列期间,软件模块(包括管理程序)将加载系统的内存。 计算由加载软件模块产生的PCR值。 将所得PCR值与预期的PCR值进行比较。 如果PCR值与预期PCR值匹配,则在管理程序下创建虚拟环境。 虚拟环境包括虚拟机和虚拟信托平台模块(vTPM),虚拟机用于满足虚拟机TPM请求。
-
97.发明授权System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer 有权用于通过便携式计算机限制访问安全数据到与连接到基本计算机的便携式计算机设定的时间的系统和装置公开(公告)号:US07389536B2
公开(公告)日:2008-06-17
申请号:US09993135
申请日:2001-11-14
CPC分类号: G06F21/88 , G06F21/606 , G06F21/62 , G06F2221/2137
摘要: Access to secure data through a portable computing system is provided only when a timer within the system is running. The timer is reset with the portable system connected to a base system, either directly, as by a cable, or indirectly, as through a telephone network. In an initialization process, the portable and base systems exchange data, such as public cryptographic keys, which are later used to confirm that the portable system is connected to the same base system. In one embodiment, the initialization process also includes storing a password transmitted from the portable system within the base system, with this password later being required within the reset process.
摘要翻译: 只有当系统中的计时器正在运行时才能通过便携式计算系统访问安全数据。 定时器被重置,便携式系统通过电缆直接连接到基本系统,或通过电话网络间接连接。 在初始化过程中,便携式和基本系统交换诸如公共密码密钥的数据,这些密钥稍后用于确认便携式系统连接到相同的基本系统。 在一个实施例中,初始化过程还包括将从便携式系统发送的密码存储在基本系统内,随后在复位过程中需要该密码。
-
公开(公告)号:US20080022412A1
公开(公告)日:2008-01-24
申请号:US11477062
申请日:2006-06-28
IPC分类号: H04L9/32
CPC分类号: G06F21/62 , G06F21/57 , G06F21/602
摘要: A trusted platform module (TPM) key is assigned a numerical limit for the number of times the key can be used, and once the key has been used the assigned number of times, it is rendered unusable.
摘要翻译: 为可信平台模块(TPM)密钥分配了密钥可以使用的次数的数值限制,一旦密钥被使用了分配的次数,它将被使用不可用。
-
公开(公告)号:US07242768B2
公开(公告)日:2007-07-10
申请号:US10046437
申请日:2002-01-14
IPC分类号: H04L9/00
摘要: A method for providing security with a secure chip, includes: creating a migratable keyblob using a first random number, where the migratable keyblob contains a key; wrapping the migratable keyblob with a public key of the key's parent key; encrypting the first random number with a pass phrase for a user of the key; storing the encrypted first random number; and migrating the migratable keyblob from the computer to itself. If the private key of the secure chip is stolen, the thief can only unwrap keys which are ancestors of the key in the migratable keyblob. To obtain the key in the migratable keyblob, the random number used to create it is required. However, the pass phrase of the user is required to decrypt it. This increases the security of the key stored in the migratable keyblob and its children keys.
摘要翻译: 一种用于向安全芯片提供安全性的方法,包括:使用第一随机数创建可迁移密钥块,其中所述可迁移密钥块包含密钥; 使用密钥的父密钥的公钥来包装可迁移的keyblob; 用密钥的用户的密码加密第一随机数; 存储加密的第一随机数; 并将可迁移的键盘从计算机迁移到自身。 如果安全芯片的私钥被盗,小偷只能打开可移植键盘中的键的祖先的密钥。 要获取可迁移keyblob中的密钥,需要用于创建它的随机数。 然而,用户的密码短语需要解密。 这增加了存储在可迁移键区及其子键中的密钥的安全性。
-
100.发明授权公开(公告)号:US07194762B2
公开(公告)日:2007-03-20
申请号:US09998484
申请日:2001-11-30
IPC分类号: H04L9/14
CPC分类号: G06F21/46
摘要: A method for providing security in password-based access to computer networks, the network including a server and a remote user, includes: signing a phrase by a security chip of the server using an encryption key; associating the signed phrase with the remote user; signing the phrase with an encryption key obtained by the security chip when a request for access to the computer network is received from the remote user; comparing the phrase signed with the obtained encryption key with the signed phrase associated with the remote user; and granting access to the remote user if the phrase signed with the obtained encryption key is the same as the stored signed phrase associated with the remote user. The use of the encryption key protects against “dictionary attacks”. Use of the security chip protects against offline attacks. These provide greater security for the computer network.
摘要翻译: 一种用于提供对计算机网络的基于密码的访问中的安全性的方法,所述网络包括服务器和远程用户,包括:使用加密密钥由所述服务器的安全芯片签名短语; 将有符号短语与远程用户相关联; 当从远程用户接收到访问计算机网络的请求时,利用由安全芯片获得的加密密钥来签名该短语; 将与获得的加密密钥签名的短语与与远程用户相关联的有符号短语进行比较; 以及如果使用获得的加密密钥签名的短语与与远程用户相关联的所存储的已签名短语相同,则允许对远程用户的访问。 使用加密密钥可防止“字典攻击”。 使用安全芯片可防止脱机攻击。 这些为计算机网络提供了更大的安全性。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.037 秒)
