公开(公告)号：US20090265776A1

公开(公告)日：2009-10-22

申请号：US12425805

申请日：2009-04-17

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Thorsten Kramp ,  Michael Peter Kuyper-Hammond ,  Michael Charles Osborne ,  Tamas Visegrady

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Thorsten Kramp ,  Michael Peter Kuyper-Hammond ,  Michael Charles Osborne ,  Tamas Visegrady

IPC分类号： G06F21/20 ,  H04L9/32

CPC分类号： H04L63/08 ,  G06F21/34 ,  H04L63/0853 ,  H04L63/18 ,  H04W8/245 ,  H04W12/06 ,  H04W88/02

摘要： Methods and apparatus are provided for authenticating communications between a user computer and a server via a data communications network. A security device has memory containing security data, and security logic to use the security data to generate an authentication response to an authentication message received from the server in use. An interface device communicates with the security device. The interface device has a receiver for receiving from the user computer an authentication output containing the authentication message sent by the server to the user computer in use, and interface logic adapted to extract the authentication message from the authentication output and to send the authentication message to the security device. Includes a communications interface for connecting to the server via a communications channel bypassing the user computer. Either the security device or interface device sends the authentication response to the server via the communications channel bypassing the user computer.

摘要翻译： 提供了用于通过数据通信网络认证用户计算机和服务器之间的通信的方法和装置。 安全设备具有包含安全数据的存储器，以及安全逻辑，用于使用安全数据来生成对从正在使用的服务器接收的认证消息的认证响应。 接口设备与安全设备通信。 接口装置具有用于从用户计算机接收包含由服务器发送到使用中的用户计算机的认证消息的认证输出，以及适于从认证输出提取认证消息并将认证消息发送到 安全设备。 包括用于通过绕过用户计算机的通信通道连接到服务器的通信接口。 安全设备或接口设备通过绕过用户计算机的通信信道向服务器发送认证响应。

公开(公告)号：US07412480B2

公开(公告)日：2008-08-12

申请号：US09894035

申请日：2001-06-28

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

IPC分类号： G06F15/16

CPC分类号： G06F21/51 ,  G06F8/658 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/033 ,  G06F2221/2107 ,  Y10S707/99953

摘要： The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

摘要翻译： 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码，该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合，以生成第二签名代码片段。 为此，第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。

公开(公告)号：US06339820B1

公开(公告)日：2002-01-15

申请号：US09302153

申请日：1999-04-29

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

IPC分类号： G06F930

CPC分类号： G06F9/3017 ,  G06F9/30181 ,  G06F9/45504

摘要： A space-efficient and flexible mechanism for implementing a virtual machine in a resource-constrained environment such as a smartcard is proposed. The virtual machine is designed for interpreting or carrying out instructions which are identified by an instruction code, also called opcode. Both, the addresses, respectively identifiers, of the functions implementing the instruction codes, respectively opcodes, which the virtual machine interprets, as well as parameters to those functions are kept within lookup tables.

摘要翻译： 提出了一种在资源有限的环境（如智能卡）中实现虚拟机的节省空间的灵活机制。 虚拟机设计用于解释或执行由指令代码（也称为操作码）标识的指令。 执行指令代码的功能，虚拟机解释的各个操作码的地址，分别标识符以及这些功能的参数都保存在查找表中。

公开(公告)号：US07543159B2

公开(公告)日：2009-06-02

申请号：US10495345

申请日：2002-11-05

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher ,  Thomas D. Weigold

IPC分类号： G06F12/14

CPC分类号： H04L63/04 ,  G06F21/76 ,  H04L9/003 ,  H04L9/0625 ,  H04L2209/12

摘要： Provides a data processing system comprising a processor and encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. The second persistent memory stores a cryptographic key for decrypting the encrypted information, generating therefrom unencrypted information that is usable by the processor for executing an operation. The cryptographic key may be used for encrypting the unencrypted information, generating the encrypted information. Also provided is a method of processing such a data-processing system with an operating system, comprising writing unencrypted information into the first persistent memory, encrypting the unencrypted information under use of the first cryptographic key, creating therefrom encrypted information in the first persistent memory, and setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system.

摘要翻译： 提供包括处理器和加密信息的数据处理系统，其中第一持久存储器的信息泄漏级别高于第二持久存储器。 第二持久存储器存储用于对加密信息进行解密的加密密钥，从而生成由处理器可用于执行操作的未加密信息。 加密密钥可以用于加密未加密的信息，生成加密的信息。 还提供了一种处理具有操作系统的这种数据处理系统的方法，包括将未加密的信息写入到第一持久存储器中，对使用第一加密密钥的未加密信息进行加密，从而在第一永久存储器中创建加密信息， 并且将数据处理系统设置为由操作系统控制对第一永久存储器的写入的状态。

公开(公告)号：US07970821B2

公开(公告)日：2011-06-28

申请号：US12145966

申请日：2008-06-25

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

IPC分类号： G06F15/16

CPC分类号： G06F21/51 ,  G06F8/658 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/033 ,  G06F2221/2107 ,  Y10S707/99953

摘要： The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

摘要翻译： 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码，该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合，以生成第二签名代码片段。 为此，第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。

公开(公告)号：US06772171B1

公开(公告)日：2004-08-03

申请号：US09302152

申请日：1999-04-29

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

IPC分类号： G06F1700

CPC分类号： G06F9/45504 ,  G06F9/4493 ,  Y10S707/99944 ,  Y10S707/99953

摘要： A method for creating an object in a non-persistent memory is proposed. From an instruction code sequence, a first instruction code is read out which effects the execution of a first function which effects the choice of a non-persistent memory as the location for the next object to be created. This object creation is effected by the execution of a second function which is effected by reading out a second instruction code. Furthermore it is proposed to store a pointer to a transient object in the stack memory and to provide a mechanism for writing this pointer to and reading it from a persistent memory.

摘要翻译： 提出了一种用于在非持久存储器中创建对象的方法。 从指令代码序列读出第一指令代码，该第一指令代码影响执行非永久存储器的第一功能的执行作为要创建的下一个对象的位置。 通过执行通过读出第二指令代码来实现的第二函数来实现该对象创建。 此外，建议将指针存储到堆栈存储器中的瞬态对象，并且提供用于将该指针写入并从永久存储器读取它的机制。

公开(公告)号：US06272607B1

公开(公告)日：2001-08-07

申请号：US09382100

申请日：1999-08-24

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

IPC分类号： G06F1216

CPC分类号： G06K1/128 ,  G06F12/023

摘要： A method for transactional writing of data into a data space in a persistent memory. The data space has a data space header which signals that the data space is free. A data header is generated when there is a writing transaction in the data space. After successful completion of the transactional writing, the data header signals that the data space is occupied by the written data. The data is written directly to the persistent memory, and in the case the transactional writing is not successfully completed, the data space header is valid for the data space. If the transactional writing is successfully completed, the data header is valid for the written data in the data space. A persistent buffer serves for storing validity information for ensuring the validity of the data header or the data space header as appropriate.

摘要翻译： 一种将数据事务写入持久存储器中的数据空间的方法。 数据空间具有数据空间标题，表示数据空间是空闲的。 当在数据空间中存在写入事务时，生成数据头。 在成功完成事务写入之后，数据头表示数据空间被写入的数据占用。 将数据直接写入持久存储器，在事务写入未成功完成的情况下，数据空间头对数据空间有效。 如果事务写入成功完成，则数据头对数据空间中的写入数据有效。 持久缓冲器用于存储用于确保数据头或数据空间头的合法性的有效性信息。

公开(公告)号：US20100017459A1

公开(公告)日：2010-01-21

申请号：US12145966

申请日：2008-06-25

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

IPC分类号： G06F15/16

CPC分类号： G06F21/51 ,  G06F8/658 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/033 ,  G06F2221/2107 ,  Y10S707/99953

摘要： The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

摘要翻译： 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码，该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合，以生成第二签名代码片段。 为此，第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。

公开(公告)号：US06272504B1

公开(公告)日：2001-08-07

申请号：US09289530

申请日：1999-04-09

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher

IPC分类号： G06F1730

CPC分类号： G06F12/023 ,  G06F12/0253 ,  Y10S707/99957

摘要： Scheme for the distinguishing of reachable objects and non-reachable objects used by an object-based application in a system with volatile memory of limited size. The object-based application operates on n objects whereby Z objects thereof are root objects. The following steps are carried out for each root object: (a) traversing from said root object to any other object that can be reached from said root object; (b) marking all objects that were reached from said root object and storing, while marking, in said volatile memory a description of the path from said root object to the currently visited object; if the marking phase reaches an object and the respective path does not fit into said volatile memory, then this object is not marked but identified as an object which has to be processed later; and continuing the marking phase until all root objects identified as objects which have to be processed later are processed.

摘要翻译： 用于区分由具有有限大小的易失性存储器的系统中的基于对象的应用程序使用的可达对象和不可达对象的方案。 基于对象的应用程序对n个对象进行操作，其中Z对象是根对象。 对每个根对象执行以下步骤：（a）从所述根对象遍历到可以从所述根对象到达的任何其他对象; （b）标记从所述根对象到达的所有对象，并且在所述易失性存储器中标记从所述根对象到当前访问对象的路径的描述的同时存储; 如果标记阶段到达对象并且相应的路径不适合所述易失性存储器，则该对象未被标记，但被标识为必须稍后处理的对象; 并继续标记阶段，直到所有被识别为稍后处理的对象的根对象被处理。

公开(公告)号：US07506175B2

公开(公告)日：2009-03-17

申请号：US09992984

申请日：2001-11-05

申请人： Michael Baentsch ,  Thomas Eirich ,  Peter Buhler ,  Frank Hoering ,  Marcus Oestreicher ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Thomas Eirich ,  Peter Buhler ,  Frank Hoering ,  Marcus Oestreicher ,  Thomas D. Weigold

IPC分类号： G06F11/30

CPC分类号： G06F9/44589 ,  G11B20/00086

摘要： A technique for language verification of a Java® card CAP file is provided. The Java® card CAP file is converted from an original Java® code file while conserving its original Java® semantics. The Java® card CAP file is converted into a corresponding converted Java® code file that is semantically identical to the Java® card CAP file. In a language-verification step, the converted Java® code file is then verified if it has been found to comply with a predetermined language specification.

摘要翻译： 提供了一种用于Java（R）卡CAP文件的语言验证的技术。 Java（R）卡CAP文件从原始的Java（R）代码文件转换，同时保留其原始的Java（R）语义。 Java（R）卡CAP文件被转换成与Java（R）卡CAP文件在语义上相同的相应转换的Java（R）代码文件。 在语言验证步骤中，如果已经发现符合预定语言规范，则转换的Java（R）代码文件被验证。