公开(公告)号：US09853816B2

公开(公告)日：2017-12-26

申请号：US14995917

申请日：2016-01-14

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Liqun Chen ,  Graeme John Proudler

IPC: G06F21/00 ,  H04L9/32 ,  H04L9/30 ,  G06F21/64

CPC classification number: H04L9/3234 ,  G06F21/64 ,  H04L9/3073 ,  H04L9/3247

Abstract: A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message.

公开(公告)号：US20170262546A1

公开(公告)日：2017-09-14

申请号：US15500028

申请日：2014-07-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Liqun Chen ,  Stuart Haber Haber ,  Kate Mallichan ,  Simon Kai-Ying Shiu

IPC: G06F17/30 ,  H04L29/06 ,  H04L9/08

CPC classification number: G06F16/9535 ,  G06F21/602 ,  H04L9/0861 ,  H04L63/0428

Abstract: Implementations are directed, for example, to a method that includes receiving, at a data storage system from a client, a key search token that has not been used to encrypt data records or keywords associated with the data records. The key search token is independent of an encryption key used to encrypt the data records associated with the key search token. The method further includes determining an encrypted data record associated with the key search token, and transmitting the determined encrypted data record to the client. Implementations of the client are also provided.

公开(公告)号：US20160344553A1

公开(公告)日：2016-11-24

申请号：US15114921

申请日：2014-04-04

Applicant: HEWLETT-PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Liqun Chen ,  Peter T. Camble ,  Jonathan P. Bucklngham ,  Simon Pelly ,  Simon Kai-Ying Shiu ,  Joseph S. Ficara ,  Hendrik Radon

IPC: H04L9/32 ,  G06F17/30 ,  G06F21/60

CPC classification number: H04L9/3242 ,  G06F11/1453 ,  G06F16/2365 ,  G06F16/278 ,  G06F21/602 ,  G06F21/79 ,  G06F2201/83 ,  G06F2221/2107 ,  H04L9/0894

Abstract: Storing and retrieving ciphertext in data storage can include determining a first ciphertext value for a first data chunk to be saved to a client-server data storage system using an encrypted chunk hash value associated with the first data chunk as an initial value, and storing the first data chunk on a server in the client-server data storage system in response to determining that the first ciphertext value is a unique ciphertext value. Also, storing and retrieving ciphertext in data storage can include decrypting a ciphertext value for a second data chunk received from a client in the client-server data storage system and based on an encrypted chunk hash value associated with the second data chunk, and sending the second data chunk to the client in response to determining that the decrypted ciphertext value corresponds to an original data chunk saved to the server by the client.

Abstract translation: 在数据存储中存储和检索密文可以包括使用与第一数据块相关联的加密块哈希值作为初始值来确定要保存到客户端 - 服务器数据存储系统的第一数据块的第一密文值，并存储 响应于确定第一密文值是唯一的密文值，在客户机 - 服务器数据存储系统中的服务器上的第一数据块。 此外，在数据存储中存储和检索密文可以包括解密从客户机 - 服务器数据存储系统中的客户端接收的第二数据块的密文值，并且基于与第二数据块相关联的加密块哈希值， 响应于确定解密的密文值对应于由客户端保存到服务器的原始数据块，向客户端发送第二数据块。

公开(公告)号：US10742400B2

公开(公告)日：2020-08-11

申请号：US15505671

申请日：2015-03-20

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Liqun Chen ,  Peter Thomas Camble ,  Michael Wendland

IPC: H04L9/06 ,  H04L9/14 ,  H04L29/06

Abstract: In some examples, a non-transitory machine readable storage medium has machine readable instructions to cause a computer processor to segment a datastream into a plurality of equal length blocks each of which has a fixed length, separately encrypt each equal length block using a first encryption key, swap a subset of bits of a first encrypted equal length block with a subset of bits of a second encrypted equal length block such that both of the blocks each have a length equal to the fixed length, and separately encrypt each block using a second encryption key.

公开(公告)号：US10721062B2

公开(公告)日：2020-07-21

申请号：US15329997

申请日：2014-09-24

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Liqun Chen ,  Peter Thomas Camble ,  Mark Robert Watkins ,  Ieuan James Henry

IPC: H04L9/08 ,  H04L9/30 ,  G06F7/58

Abstract: Utilizing error correction (ECC) for secure secret sharing includes computing an encrypted key using a key and a number of random values, computing, based on a first ECC scheme, a key ECC for the encrypted key and the random values, and storing a number of key fragments on a number of storage servers, the number of key fragments includes the encrypted key, the random values, and the key ECC.

公开(公告)号：US10715332B2

公开(公告)日：2020-07-14

申请号：US15515707

申请日：2014-10-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Liqun Chen ,  Chris I. Dalton

IPC: G06F12/14 ,  H04L9/32 ,  G06F21/79 ,  G06F21/64 ,  G06F21/60 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14

Abstract: In an example, memory address encryption is facilitated for transactions between electronic circuits in a memory fabric. An electronic circuit may obtain a transaction integrity key and a transaction encryption key. The electronic circuit may encrypt an address using the transaction encryption key and a compute a truncated message authentication code (MAC) using the transaction integrity key.

公开(公告)号：US10650169B2

公开(公告)日：2020-05-12

申请号：US15573081

申请日：2015-09-14

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Liqun Chen ,  Chris I. Dalton ,  Fraser Dickin ,  Mark Lillibridge ,  Simon Kai Ying Shiu

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/79 ,  H04L9/08 ,  G06F21/60

Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.

公开(公告)号：US20180165479A1

公开(公告)日：2018-06-14

申请号：US15573081

申请日：2015-09-14

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Liqun Chen ,  Chris I. Dalton ,  Fraser Dickin ,  Mark Lillibridge ,  Simon Kai Ying Shiu

IPC: G06F21/79 ,  G06F12/14 ,  G06F21/60 ,  H04L9/08

CPC classification number: G06F21/79 ,  G06F12/1408 ,  G06F21/602 ,  H04L9/0819 ,  H04L9/0836 ,  H04L9/0894

Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.

公开(公告)号：US10938553B2

公开(公告)日：2021-03-02

申请号：US15573565

申请日：2015-11-27

Applicant: Hewlett Packard Enterprise Development LP ,  Liqun Chen ,  Nigel Edwards

Inventor： Liqun Chen ,  Nigel Edwards

IPC: H04L9/00 ,  H04L9/08 ,  H04L9/06 ,  H04L9/32

Abstract: The present disclosure relates to generating an identifier, an encrypted value that is an original value encrypted, and a Message Authentication Code (MAC) at a server device, and to generating a message including a message header and a message body, said message header including the identifier and the MAC, and said message body including the encrypted value, and said that the MAC key used to compute the message authentication code is included in the original value to be encrypted, and further relates to transmitting the message to a client device.

公开(公告)号：US10699031B2

公开(公告)日：2020-06-30

申请号：US15328408

申请日：2014-10-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Liqun Chen ,  Chris I. Dalton ,  Fraser John Dickin ,  Nigel Edwards ,  Simon Kai-Ying Shiu

IPC: G06F21/60 ,  G06F21/79 ,  G06F21/64 ,  H04L9/08

Abstract: In an example, transactions are secured between electronic circuits in a memory fabric. An electronic circuit may receive a transaction integrity key. The electronic circuit may compute a truncated message authentication code (MAC) using the received transaction integrity key and attach the truncated MAC to a security message header (SMH) of the transaction.