公开(公告)号：US09544304B2

公开(公告)日：2017-01-10

申请号：US14535202

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev ,  Ambuj Kumar

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

公开(公告)号：US12229272B2

公开(公告)日：2025-02-18

申请号：US17650544

申请日：2022-02-10

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/44 ,  G06F21/51 ,  H04L9/32

Abstract: A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.

公开(公告)号：US12050719B2

公开(公告)日：2024-07-30

申请号：US17321089

申请日：2021-05-14

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael Alexander Hamburg ,  Paul Kocher

IPC: G06F21/62 ,  G06F9/4401 ,  G06F21/44 ,  G06F21/45 ,  G06F21/52 ,  G06F21/57 ,  G06F21/60

CPC classification number: G06F21/6281 ,  G06F9/4418 ,  G06F21/44 ,  G06F21/45 ,  G06F21/52 ,  G06F21/57 ,  G06F21/602

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US11811908B2

公开(公告)日：2023-11-07

申请号：US16786796

申请日：2020-02-10

Applicant: Cryptography Research, Inc.

Inventor： Megan Anneke Wachs ,  Ambuj Kumar ,  Benjamin Che-Ming Jun

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/40 ,  H04L9/32

CPC classification number: H04L9/0631 ,  H04L9/0643 ,  H04L9/0861 ,  H04L9/3236 ,  H04L63/06

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

公开(公告)号：US11706026B2

公开(公告)日：2023-07-18

申请号：US17389746

申请日：2021-07-30

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  Mark Evan Marson ,  Daniel Robert Beitel

IPC: H04L9/30 ,  H04L9/32 ,  H04W12/02 ,  G06F21/60 ,  H04L9/08 ,  H04L9/40 ,  H04W12/63 ,  H04W4/40 ,  H04W4/46

CPC classification number: H04L9/3066 ,  G06F21/606 ,  H04L9/0872 ,  H04L9/3263 ,  H04W12/02 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L63/0442 ,  H04L63/107 ,  H04W4/40 ,  H04W4/46 ,  H04W12/63

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

公开(公告)号：US20210357532A1

公开(公告)日：2021-11-18

申请号：US17321089

申请日：2021-05-14

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael Alexander Hamburg ,  Paul Kocher

IPC: G06F21/62 ,  G06F21/45 ,  G06F21/60 ,  G06F9/4401 ,  G06F21/52 ,  G06F21/44 ,  G06F21/57

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US11082224B2

公开(公告)日：2021-08-03

申请号：US16445708

申请日：2019-06-19

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  Mark Evan Marson ,  Daniel Robert Beitel

IPC: H04L9/30 ,  H04L9/32 ,  H04W12/02 ,  G06F21/60 ,  H04L9/08 ,  H04L29/06 ,  H04W12/63 ,  H04W4/40 ,  H04W4/46

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

公开(公告)号：US10341106B2

公开(公告)日：2019-07-02

申请号：US15900722

申请日：2018-02-20

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  Mark Evan Marson ,  Daniel Robert Beitel

IPC: H04K1/00 ,  H04L9/00 ,  H04L9/08 ,  H04L9/32 ,  H04L9/30 ,  H04W12/02 ,  G06F21/60 ,  H04L29/06 ,  H04W4/04 ,  H04W4/40

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

公开(公告)号：US20170169254A1

公开(公告)日：2017-06-15

申请号：US15372307

申请日：2016-12-07

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  William Craig Rawlings ,  Ronald Perez ,  Denis Alexandrovich Pochuev ,  Michael A. Hamburg ,  Paul Carl Kocher

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/45

CPC classification number: G06F21/6281 ,  G06F9/4418 ,  G06F21/45 ,  G06F21/52 ,  G06F21/602

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

公开(公告)号：US20170011394A1

公开(公告)日：2017-01-12

申请号：US15203722

申请日：2016-07-06

Applicant: Cryptography Research, Inc.

Inventor： Ambuj Kumar ,  Philippe Martineau ,  William Craig Rawlings ,  Helena Handschuh

IPC: G06Q20/38 ,  H04W12/06 ,  H04W12/04 ,  G06Q20/32 ,  G06Q20/40

CPC classification number: G06Q20/3829 ,  G06Q20/3227 ,  G06Q20/401 ,  G06Q2220/00 ,  H04L9/3242 ,  H04L2209/56 ,  H04W12/04 ,  H04W12/06

Abstract: A base key that is stored at a mobile device may be received. A first dynamic key that is based on the base key may be generated. First transaction data corresponding to a first transaction associated with the mobile device may be received. Furthermore, the first dynamic key may be updated to generate a second dynamic key based on a combination of the first dynamic key and the first transaction data corresponding to the first transaction. Authentication of a second transaction associated with the mobile device may be requested based on the second dynamic key.

Abstract translation: 可以接收存储在移动设备处的基本密钥。 可以生成基于基本密钥的第一动态密钥。 可以接收对应于与移动设备相关联的第一事务的第一交易数据。 此外，可以基于第一动态密钥和对应于第一事务的第一事务数据的组合来更新第一动态密钥以生成第二动态密钥。 可以基于第二动态密钥来请求与移动设备相关联的第二事务的认证。