公开(公告)号：US20130182841A1

公开(公告)日：2013-07-18

申请号：US13739671

申请日：2013-01-11

Applicant: Research In Motion Limited ,  Certicom Corp.

Inventor： Michael Eoin Buckley ,  Gregory Marc Zaverucha ,  Matthew John Campagna

IPC: H04L9/08

CPC classification number: H04L9/0861 ,  H04L9/083 ,  H04L9/0869 ,  H04L63/061 ,  H04L63/306 ,  H04L2209/80

Abstract: The present disclosure relates to systems and methods for secure communications. In some aspects, an initiator KMS receives, from an initiator UE, one or more values used in generation of an encryption key, which includes obtaining at least one value associated with a RANDRi. The initiator KMS sends the at least one value associated with the RANDRi to a responder KMS. The responder KMS generates the encryption key using the one or more values.

Abstract translation: 本公开涉及用于安全通信的系统和方法。 在一些方面，发起方KMS从发起方UE接收用于生成加密密钥的一个或多个值，其包括获得与RANDRi相关联的至少一个值。 启动器KMS将与RANDRi相关联的至少一个值发送到响应者KMS。 响应者KMS使用一个或多个值生成加密密钥。

公开(公告)号：US20180109374A1

公开(公告)日：2018-04-19

申请号：US15789399

申请日：2017-10-20

Applicant: Certicom Corp.

Inventor： Matthew John Campagna ,  Daniel Richard L. Brown ,  Nevine Maurice Nassif Ebeid

IPC: H04L9/08 ,  H04L9/14 ,  H04W12/04 ,  H04L29/06 ,  H04W12/02 ,  H04W12/10

CPC classification number: H04L9/0819 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3271 ,  H04L63/123 ,  H04L2209/24 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/02 ,  H04W12/04 ,  H04W12/10

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

公开(公告)号：US09678896B2

公开(公告)日：2017-06-13

申请号：US14922962

申请日：2015-10-26

Applicant: Certicom Corp.

Inventor： Daniel Francis O'Loughlin ,  Keelan Smith ,  Jay Scott Fuller ,  William Lundy Lattin ,  Marinus Struik ,  Yuri Poeluev ,  Matthew John Campagna ,  Thomas Rudolf Stiemerling ,  Wei Cheng Joseph Ku

IPC: G06F21/00 ,  G06F12/14 ,  G06F21/57 ,  G06F21/72 ,  G06F21/73 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  G06F21/12 ,  G06F21/76 ,  G06F21/60 ,  G06F21/80

CPC classification number: G06F12/1408 ,  G06F21/123 ,  G06F21/57 ,  G06F21/606 ,  G06F21/72 ,  G06F21/73 ,  G06F21/76 ,  G06F21/80 ,  G06F2212/1052 ,  G06F2221/2101 ,  H04L9/0877 ,  H04L9/3066 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/24

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

公开(公告)号：US09246900B2

公开(公告)日：2016-01-26

申请号：US14252527

申请日：2014-04-14

Applicant: CERTICOM CORP.

Inventor： Matthew John Campagna ,  Robert John Lambert ,  James Robert Alfred

IPC: G06F7/04 ,  H04L29/06 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  G06F17/30 ,  H04W12/04

CPC classification number: H04L63/08 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/0861 ,  H04L9/3066 ,  H04L9/3236 ,  H04L9/3263 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0823 ,  H04W12/04

Abstract: A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

Abstract translation: 公开了一种用于使用单个凭证请求（例如，注册公钥或ECQV证书）在具有多个可信证书机构CA实体和一个或多个订户实体A的安全数字通信系统中获得多个凭证的方法和装置 以这种方式，可以通过利用单个注册公钥或隐式证书作为向一个或多个CA实体的凭证请求来获得附加证书来将实体A提供给多个PKI网络，其中每个附加证书可以用于导出附加公共 实体A的密钥 - 私钥对。

公开(公告)号：US09183158B2

公开(公告)日：2015-11-10

申请号：US14141230

申请日：2013-12-26

Applicant: Certicom Corp.

Inventor： Daniel Francis O'Loughlin ,  Keelan Smith ,  Jay Scott Fuller ,  William Lundy Lattin ,  Marinus Struik ,  Yuri Poeluev ,  Matthew John Campagna ,  Thomas Rudolf Stiemerling ,  Weicheng Joseph Ku

IPC: H04L9/00 ,  G06F21/00 ,  G06F12/14 ,  G06F21/57 ,  G06F21/72 ,  G06F21/73 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  G06F21/12 ,  G06F21/76

CPC classification number: G06F12/1408 ,  G06F21/123 ,  G06F21/57 ,  G06F21/606 ,  G06F21/72 ,  G06F21/73 ,  G06F21/76 ,  G06F21/80 ,  G06F2212/1052 ,  G06F2221/2101 ,  H04L9/0877 ,  H04L9/3066 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/24

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract translation: 提供资产管理系统，其中包括作为资产控制核心运行的硬件模块。 资产控制核心通常包括嵌入在目标片上系统中的小型硬件核心，其在硅芯片上建立基于硬件的信任点。 资产控制核心可以作为消费者设备的信任根源，具有使其难以篡改的特征。 资产控制核心能够为一个设备生成唯一的标识符，并通过与设备的安全通信通道参与设备的跟踪和配置。 该设备通常包括一个安全模块，它将配置数据高速缓存并分配给连接到资产控制核心的许多代理之一，例如， 在生产线上或在售后市场的程序设计会议。

公开(公告)号：US20150319164A1

公开(公告)日：2015-11-05

申请号：US14799392

申请日：2015-07-14

Applicant: Certicom Corp.

Inventor： Matthew John Campagna ,  Daniel Richard L. Brown ,  Gregory Marc Zaverucha

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0823 ,  H04L9/0847 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/08 ,  H04L63/126 ,  H04L63/166 ,  H04L63/18 ,  H04L67/14

Abstract: A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation.

Abstract translation: 提供了一种用于使客户端设备能够连接到网络的系统和方法。 该方法包括：经由与网络不同的通信信道获得授权码，与客户端设备对应的授权码; 并且在检测到客户端设备发起安全协商协议之后，在至少一个安全协商操作中使用授权码。

公开(公告)号：US09106635B2

公开(公告)日：2015-08-11

申请号：US13741598

申请日：2013-01-15

Applicant: Certicom Corp.

Inventor： Matthew John Campagna ,  Daniel Richard L. Brown ,  Gregory Marc Zaverucha

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/30

CPC classification number: H04L63/0823 ,  H04L9/0847 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/08 ,  H04L63/126 ,  H04L63/166 ,  H04L63/18 ,  H04L67/14

Abstract: A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation.

Abstract translation: 提供了一种用于使客户端设备能够连接到网络的系统和方法。 该方法包括：经由与网络不同的通信信道获得授权码，与客户端设备对应的授权码; 并且在检测到客户端设备发起安全协商协议之后，在至少一个安全协商操作中使用授权码。

公开(公告)号：US08971528B2

公开(公告)日：2015-03-03

申请号：US13753126

申请日：2013-01-29

Applicant: Certicom Corp.

Inventor： Matthew John Campagna

IPC: H04L9/00 ,  H04L9/32

CPC classification number: H04L9/3252

Abstract: A modified Chinese State Encryption Management Bureau's SM2 Elliptic Curve Signature Algorithm that offers partial message recovery and lowers the signature size for a given cryptographic strength. The modified SM2 Elliptic Curve Signature Algorithm includes a signature and verification algorithm that modifies a signature generation primitive to compute a key derived from the ephemeral signing key, and a multiple of the signer's public key.

Abstract translation: 经修改的中国国家加密管理局的SM2椭圆曲线签名算法，提供部分消息恢复，降低给定加密强度的签名大小。 经修改的SM2椭圆曲线签名算法包括签名和验证算法，其修改签名生成原语以计算从短暂签名密钥导出的密钥，以及签名者的公钥的倍数。

公开(公告)号：US20140108825A1

公开(公告)日：2014-04-17

申请号：US14141230

申请日：2013-12-26

Applicant: Certicom Corp.

Inventor： Daniel Francis O'Loughlin ,  Keelan Smith ,  Jay Scott Fuller ,  William Lundy Lattin ,  Marinus Struik ,  Yuri Poeluev ,  Matthew John Campagna ,  Thomas Rudolf Stiemerling ,  Weicheng Joseph Ku

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F21/123 ,  G06F21/57 ,  G06F21/606 ,  G06F21/72 ,  G06F21/73 ,  G06F21/76 ,  G06F21/80 ,  G06F2212/1052 ,  G06F2221/2101 ,  H04L9/0877 ,  H04L9/3066 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/24

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract translation: 提供资产管理系统，其中包括作为资产控制核心运行的硬件模块。 资产控制核心通常包括嵌入在目标片上系统中的小型硬件核心，其在硅芯片上建立基于硬件的信任点。 资产控制核心可以作为消费者设备的信任根源，具有使其难以篡改的特征。 资产控制核心能够为一个设备生成唯一的标识符，并通过与设备的安全通信通道参与设备的跟踪和配置。 该设备通常包括一个安全模块，它将配置数据高速缓存并分配给连接到资产控制核心的许多代理之一，例如， 在生产线上或在售后市场的程序设计会议。

公开(公告)号：US20130343542A1

公开(公告)日：2013-12-26

申请号：US13715610

申请日：2012-12-14

Applicant: CERTICOM CORP.

Inventor： Anthony Rosati ,  Matthew John Campagna ,  Gregory Marc Zaverucha

IPC: H04W12/04

CPC classification number: H04W12/04 ,  H04L63/0435 ,  H04L63/0492 ,  H04L63/061 ,  H04L63/101 ,  H04W4/80 ,  H04W12/003 ,  H04W12/08

Abstract: Methods and devices for establishing trust on first use for close proximity communications are disclosed. An example method includes receiving a public key from a device via a close proximity communications connection, obtaining, via a user interface, an indication that the device is trusted, and storing at least one of the public key or an identifier for the device.

Abstract translation: 公开了用于建立近距离通信首次使用信任的方法和设备。 示例性方法包括经由近距离通信连接从设备接收公共密钥，经由用户接口获得设备被信任的指示，以及存储该设备的公开密钥或标识符中的至少一个。