TRUSTED DATA PROCESSING IN THE PUBLIC CLOUD
    91.
    发明申请
    TRUSTED DATA PROCESSING IN THE PUBLIC CLOUD 有权
    公共云中的TRUSTED数据处理

    公开(公告)号:US20140281531A1

    公开(公告)日:2014-09-18

    申请号:US13994451

    申请日:2013-03-14

    IPC分类号: H04L9/08

    摘要: Generally, this disclosure describes a system and method for trusted data processing in the public cloud. A system may include a cloud server including a trusted execution environment, the cloud server one of a plurality of cloud servers, a cloud storage device coupled to the cloud server, and a RKM server including a key server module, the RKM server configured to sign the key server module using a private key and a gateway server configured to provide the signed key server module to the cloud server, the trusted execution environment configured to verify the key server module using a public key related to the private key and to launch the key server module, the key server module configured to establish a secure communication channel between the gateway server and the key server module, and the gateway server configured to provide a cryptographic key to the key server module via the secure communication channel.

    摘要翻译: 通常,本公开描述了在公共云中的可信数据处理的系统和方法。 系统可以包括包括可信执行环境的云服务器,云服务器中的多个云服务器之一,耦合到云服务器的云存储设备,以及包括密钥服务器模块的RKM服务器,所述RKM服务器被配置为签署 所述密钥服务器模块使用专用密钥和网关服务器,所述网关服务器被配置为向所述云服务器提供所签署的密钥服务器模块,所述可信执行环境被配置为使用与所述私钥相关联的公开密钥来验证所述密钥服务器模块,并且启动所述密钥 服务器模块,所述密钥服务器模块被配置为在所述网关服务器和所述密钥服务器模块之间建立安全通信信道,所述网关服务器被配置为经由所述安全通信信道向所述密钥服务器模块提供加密密钥。

    Method of anonymous entity authentication using group-based anonymous signatures
    92.
    发明授权
    Method of anonymous entity authentication using group-based anonymous signatures 有权
    使用基于组的匿名签名的匿名实体身份验证方法

    公开(公告)号:US08707046B2

    公开(公告)日:2014-04-22

    申请号:US13100017

    申请日:2011-05-03

    IPC分类号: H04L29/06

    摘要: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

    摘要翻译: 提出匿名认证和密钥交换的方法。 在一个实施例中,一种方法包括在第一实体和第二实体之间发起双向相互认证。 执行验证后,第一个实体对第二个实体保持匿名。 该方法还包括建立相互共享的会话密钥,用于实体之间的安全通信,其中启动和建立结合直接匿名认证(DAA)。

    Secure Peer-to-Peer Network Setup
    93.
    发明申请
    Secure Peer-to-Peer Network Setup 有权
    安全的对等网络设置

    公开(公告)号:US20130276075A1

    公开(公告)日:2013-10-17

    申请号:US13976171

    申请日:2011-09-01

    IPC分类号: H04W12/08

    摘要: Apparatuses for peer-to-peer network setup are presented. In one embodiment, an apparatus comprises a wireless processing unit to communicate with a master device. The wireless processing unit is operable to receive encoded data in a two-dimensional (2D) barcode. The encoded data comprise at least user information associated with the master device including a user identifier, a device identifier, or both. The encoded data further comprise network information including a network identifier, a password, and a profile lifetime value. In one embodiment, the apparatus further comprises a display unit to display at least part of the user information and the network information to a user. The wireless processing unit is operable to initiate a peer-to-peer network setup with the master device based at least on a response from the user.

    摘要翻译: 提出了用于对等网络设置的设备。 在一个实施例中,一种装置包括与主设备进行通信的无线处理单元。 无线处理单元可操作以在二维(2D)条形码中接收编码数据。 编码数据至少包括与主设备相关联的用户信息,包括用户标识符,设备标识符或两者。 编码数据还包括网络信息,包括网络标识符,密码和简档寿命值。 在一个实施例中,该装置还包括显示单元,用于向用户显示至少一部分用户信息和网络信息。 无线处理单元可操作以至少基于来自用户的响应来与主设备发起对等网络建立。

    Efficient key derivation for end-to-end network security with traffic visibility
    94.
    发明授权
    Efficient key derivation for end-to-end network security with traffic visibility 有权
    针对具有流量可见性的端到端网络安全性的高效密钥导出

    公开(公告)号:US08467527B2

    公开(公告)日:2013-06-18

    申请号:US12327137

    申请日:2008-12-03

    IPC分类号: H04L9/00 G06F7/04 G06F21/00

    摘要: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID),  (1) client_key—LSB=AES128(base_key_2, client_ID+pad), and  (2) client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

    摘要翻译: 端到端安全性和流量可见性可以由使用控制器的系统来实现,所述控制器基于在每个数据分组中传送的导出密钥和客户端标识符来导出每个客户端不同的密码密钥。 控制器将派生密钥分发到信息技术监控设备和服务器,以提供流量可视性。 对于较大的密钥大小,密钥可以使用以下推导公式导出:client_key-MSB = AES128(base_key_1,client_ID),(1)client_key-LSB = AES128(base_key_2,client_ID + pad)和(2)cli​​ent_key = client_key_MSB‖client_key_LSB,其中(1)和(2)并行执行。 可以使用客户端密钥和客户端标识符,以便可以实现端到端的安全性。

    Method and system for secure communications on a managed network
    95.
    发明授权
    Method and system for secure communications on a managed network 有权
    用于在受管网络上进行安全通信的方法和系统

    公开(公告)号:US08429404B2

    公开(公告)日:2013-04-23

    申请号:US12570235

    申请日:2009-09-30

    IPC分类号: H04L9/32

    CPC分类号: H04L63/061 H04L63/0823

    摘要: A system and method for discovery and/or authentication of clients to a network, particularly a managed network, substantially without requiring the client and/or access device to transmit an unencrypted address or identification.

    摘要翻译: 用于基本上不需要客户端和/或接入设备发送未加密的地址或标识的用于向网络,特别是被管理网络发现和/或认证客户端的系统和方法。

    NETWORK ACCESS CONTROL FOR MANY-CORE SYSTEMS
    97.
    发明申请
    NETWORK ACCESS CONTROL FOR MANY-CORE SYSTEMS 审中-公开
    多核系统的网络访问控制

    公开(公告)号:US20120226825A1

    公开(公告)日:2012-09-06

    申请号:US13472422

    申请日:2012-05-15

    IPC分类号: G06F15/16

    摘要: In a processor based system comprising a plurality of logical machines, selecting a logical machine of the system to serve as a host; the host communicating with a policy decision point (PDP) of a network to provision a data channel interconnecting the processor based system and the network and to provision a logical data channel interconnecting each logical machine of the system to the network.

    摘要翻译: 在包括多个逻辑机器的基于处理器的系统中,选择系统的逻辑机器用作主机; 主机与网络的策略决策点(PDP)进行通信,以提供互连基于处理器的系统和网络的数据信道,并且提供将系统的每个逻辑机器互连到网络的逻辑数据信道。

    Network access control for many-core systems
    98.
    发明授权
    Network access control for many-core systems 有权
    多核系统的网络访问控制

    公开(公告)号:US08180923B2

    公开(公告)日:2012-05-15

    申请号:US11290408

    申请日:2005-11-29

    IPC分类号: G06F15/16

    摘要: In a processor based system comprising a plurality of logical machines, selecting a logical machine of the system to serve as a host; the host communicating with a policy decision point (PDP) of a network to provision a data channel interconnecting the processor based system and the network and to provision a logical data channel interconnecting each logical machine of the system to the network.

    摘要翻译: 在包括多个逻辑机器的基于处理器的系统中,选择系统的逻辑机器用作主机; 主机与网络的策略决策点(PDP)进行通信,以提供互连基于处理器的系统和网络的数据信道,并且提供将系统的每个逻辑机器互连到网络的逻辑数据信道。

    METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT
    99.
    发明申请
    METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT 有权
    非正式认证和关键协议的方法

    公开(公告)号:US20120023334A1

    公开(公告)日:2012-01-26

    申请号:US12913708

    申请日:2010-10-27

    IPC分类号: H04L9/32

    摘要: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

    摘要翻译: 提出匿名认证和密钥交换的方法。 在一个实施例中,一种方法包括启动设备和远程实体之间的双向相互认证。 执行身份验证后,设备对远程实体保持匿名。 该方法还包括建立用于安全通信的相互共享的会话密钥,其中启动和建立与直接匿名认证(DAA)结合。

    Method and system of secured direct link set-up (DLS) for wireless networks
    100.
    发明授权
    Method and system of secured direct link set-up (DLS) for wireless networks 有权
    用于无线网络的安全直接链路建立(DLS)的方法和系统

    公开(公告)号:US07995546B2

    公开(公告)日:2011-08-09

    申请号:US12590356

    申请日:2009-11-06

    IPC分类号: H04W4/00

    摘要: Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.

    摘要翻译: 用于无线网络的安全直接链路建立(DLS)的方法和系统。 根据该方法的方面,公开了用于以计算上安全的方式在无线网络中的站之间建立计算安全的直接链路的技术。 在由接入点(AP)托管的无线局域网(WLAN)中的第一和第二站之间建立包括新的通信会话的直接链路,该直接链路包括新的通信会话。 AP为新的通信会话生成唯一的会话密钥,并且以只有第一和第二站可以获得会话密钥的方式将会话密钥的安全副本传送到第一和第二站中的每一个。 然后在不安全的直接链路上实现安全机制,以使用从会话密钥导出的安全会话密钥来保护第一和第二站之间的直接链路。