-
公开(公告)号:US07386726B2
公开(公告)日:2008-06-10
申请号:US10161567
申请日:2002-05-31
IPC分类号: H04L9/00
CPC分类号: H04L63/062 , H04L9/3263 , H04L63/0823 , H04L2209/80
摘要: A method for public key certification in a local network environment, wherein a personal certification authority associated with the local network environment is connected with a first device needing to be certified. Responsive to the connection, a certificate is provided to the device to be certified from the personal certification authority. The devices receiving a certificate may then use the certificate to carry out secure information exchange within the local network environment with other devices having a similar certificate.
摘要翻译: 一种在本地网络环境中进行公钥认证的方法,其中与本地网络环境相关联的个人认证机构与需要认证的第一设备连接。 响应于该连接,将向从个人认证机构认证的设备提供证书。 接收证书的设备然后可以使用证书在具有相似证书的其他设备的本地网络环境内执行安全信息交换。
-
公开(公告)号:US20080133929A1
公开(公告)日:2008-06-05
申请号:US11577084
申请日:2005-09-07
申请人: Christian Gehrmann , Bernard Smeets
发明人: Christian Gehrmann , Bernard Smeets
IPC分类号: H04L9/32
CPC分类号: G06F21/51
摘要: Disclosed is a method of loading data into a data processing device. The method comprises receiving a payload data item by the data processing device; performing a cryptographic authentication process to ensure the authenticity of the payload data item; storing the authenticated received payload data item in the data processing device; and integrity protecting the stored payload data item. The cryptographic authentication process comprises calculating an audit hash value of at least the received data item. Integrity protecting further comprises calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.
摘要翻译: 公开了一种将数据加载到数据处理设备中的方法。 该方法包括:由数据处理装置接收有效载荷数据项; 执行加密认证处理以确保有效载荷数据项的真实性; 将经认证的接收到的有效载荷数据项存储在数据处理装置中; 并保护存储的有效载荷数据项的完整性。 密码验证过程包括计算至少接收的数据项的审计哈希值。 完整性保护还包括使用存储在数据处理设备中的秘密密钥作为输入来计算至少审核散列值的参考消息认证码值。
-
公开(公告)号:US20060064458A1
公开(公告)日:2006-03-23
申请号:US10527397
申请日:2003-08-26
申请人: Christian Gehrmann
发明人: Christian Gehrmann
IPC分类号: G06F15/16
CPC分类号: H04L63/12 , G06Q30/02 , H04W12/003 , H04W12/0052 , H04W12/06 , H04W12/08 , H04W88/02
摘要: A method of providing to a client communications device access to a subscription module of a server communications device, the method comprising the steps of establishing a communications link between the client communications device and the server communications device; and communicating a number of messages comprising data related to the subscription module between the server communications device and the client communications device via the communications link. The method further comprises the step of providing integrity protection of the messages communicated between the server communications device and the client communications device via the communications link.
摘要翻译: 一种向客户端通信设备提供对服务器通信设备的订阅模块的访问的方法,所述方法包括以下步骤:在所述客户端通信设备和所述服务器通信设备之间建立通信链路; 以及经由所述通信链路在所述服务器通信设备和所述客户端通信设备之间传送包括与所述订阅模块相关的数据的多个消息。 该方法还包括通过通信链路提供在服务器通信设备和客户端通信设备之间传送的消息的完整性保护的步骤。
-
公开(公告)号:US06912657B2
公开(公告)日:2005-06-28
申请号:US09789230
申请日:2001-02-20
申请人: Christian Gehrmann
发明人: Christian Gehrmann
CPC分类号: H04L63/0823 , H04L9/3236 , H04L2209/56 , H04L2209/80 , H04W12/06 , H04W84/18
摘要: The present invention relates to the problem of establishing of security that arises within an ad hoc networkThe problem is solved by using an optical device at a first device to read a public key that is encoded to a graphical string at a second device, which key is required for establishing security.
摘要翻译: 本发明涉及建立自组织网络中出现的安全性的问题。问题是通过在第一设备处使用光学设备来读取在第二设备处编码为图形串的公钥来解决的,该密钥 是建立安全性所必需的。
-
公开(公告)号:US20150195261A1
公开(公告)日:2015-07-09
申请号:US14413276
申请日:2012-07-27
申请人: Christian Gehrmann , Oscar Ohlsson , Ludwig Seitz
发明人: Christian Gehrmann , Oscar Ohlsson , Ludwig Seitz
CPC分类号: H04L63/062 , H04L9/0833 , H04L9/3263 , H04L12/1822 , H04L63/065 , H04L63/0823 , H04L67/141 , H04L2463/062
摘要: Methods (500) of a network node (111) for creating and joining secure sessions for members (111-114) of a group of network nodes are provided. The methods comprise receiving an identity certificate and an assertion for the network node as well as a secret group key for the group. The method for creating a session further comprises creating (501) a session identifier and a secret session key for the session, and sending (502) an encrypted and authenticated broadcast message comprising the session identifier. The method for joining a session further comprises sending an encrypted and authenticated discovery message comprising the identity certificate and the assertion, and receiving an encrypted and authenticated discovery response message from another network node which is a member of the group. The disclosed combined symmetric key and public key scheme is based on the availability of three credentials at each node, i.e., the identity certificate, the assertion, and the secret group key, which are received from a trusted entity. Further, a computer program, a computer program product, and a network node are provided.
摘要翻译: 提供了用于创建和加入一组网络节点的成员(111-114)的安全会话的网络节点(111)的方法(500)。 这些方法包括接收身份证书和网络节点的断言以及该组的秘密组密钥。 用于创建会话的方法还包括:创建(501)该会话的会话标识符和秘密会话密钥,以及发送(502)包括会话标识符的加密和认证的广播消息。 用于加入会话的方法还包括发送包括身份证书和断言的加密和认证的发现消息,以及从作为该组的成员的另一个网络节点接收加密和认证的发现响应消息。 所公开的组合对称密钥和公钥方案基于从可信实体接收的每个节点上的三个凭证的可用性,即身份证书,断言和秘密组密钥。 此外,提供了计算机程序,计算机程序产品和网络节点。
-
公开(公告)号:US09055427B2
公开(公告)日:2015-06-09
申请号:US11718947
申请日:2005-10-12
申请人: Christian Gehrmann , Ben Smeets
发明人: Christian Gehrmann , Ben Smeets
CPC分类号: H04W8/245 , H04L63/0442 , H04L63/126 , H04W12/04 , H04W12/06 , H04W88/02
摘要: A method of updating/recovering a configuration parameter of a mobile terminal having stored thereon a public key of a public-key cryptosystem and a current terminal identifier, the method comprising determining an updated configuration parameter by an update/recovery server in response to a received current terminal identifier from the mobile terminal; generating an update/recovery data package by a central signing server, the update/recovery data package including the current terminal identifier, the updated configuration parameter, and a digital signature based on a private key, where the digital signature is verifiable by said public key; storing the current terminal identifier and the updated configuration parameter by the central signing server; sending the update/recovery data package by the update/recovery server to the mobile terminal causing the mobile terminal to verify the received update/recovery data package and to store the! updated configuration parameter of the verified update/recovery data package in the mobile terminal.
摘要翻译: 一种更新/恢复其上存储有公钥密码系统的公开密钥和当前终端标识符的移动终端的配置参数的方法,所述方法包括响应于接收到的更新/恢复服务器来确定更新的配置参数 来自移动终端的当前终端标识符; 由中央签名服务器生成更新/恢复数据包,所述更新/恢复数据包包括当前终端标识符,更新的配置参数和基于私钥的数字签名,其中所述数字签名可由所述公共密钥 ; 通过中央签名服务器存储当前终端标识符和更新的配置参数; 由所述更新/恢复服务器将所述更新/恢复数据包发送到所述移动终端,使得所述移动终端验证所接收的更新/恢复数据包并存储所述! 在移动终端中验证的更新/恢复数据包的更新配置参数。
-
公开(公告)号:US08776183B2
公开(公告)日:2014-07-08
申请号:US10580297
申请日:2004-11-05
申请人: Pubudu Chandrasiri , Bulent Ozgur Gurleyen , Mats Naslund , Annika Jonsson , Christian Gehrmann
发明人: Pubudu Chandrasiri , Bulent Ozgur Gurleyen , Mats Naslund , Annika Jonsson , Christian Gehrmann
IPC分类号: H04L29/06
CPC分类号: H04L63/0272 , H04L29/06027 , H04L29/12009 , H04L29/12367 , H04L61/2514 , H04L63/0428 , H04L63/065 , H04L63/0823 , H04L63/104 , H04L63/164 , H04L65/1016 , H04W4/06 , H04W8/26 , H04W12/08 , H04W84/10
摘要: A Personal Area Network Security Domain (PSD) is formed between devices (142, 150, 152, 154 and 156). The PSD allows the sharing of data and/or resources between the devices within the PSD. The devices within the PSD are located remotely from one another. For example, communication between device (150 and 156) will be performed via mobile or cellular telephone network (120), the Internet (140) and mobile or cellular telephone network (126). Each network (120, 126) is provided with a PSD Hub, which enables an IPsec secure connection between the devices (150 and 156) to be established.
摘要翻译: 在设备(142,150,152,154和156)之间形成个人区域网络安全域(PSD)。 PSD允许在PSD内的设备之间共享数据和/或资源。 PSD内的设备彼此远离。 例如,设备(150和156)之间的通信将通过移动或蜂窝电话网络(120),因特网(140)和移动或蜂窝电话网络(126)来执行。 每个网络(120,126)设置有PSD集线器,其能够建立设备(150和156)之间的IPsec安全连接。
-
38.发明授权Method for switching between virtualized and non-virtualized system operation 有权在虚拟化和非虚拟化系统操作之间切换的方法公开(公告)号:US08713567B2
公开(公告)日:2014-04-29
申请号:US13070958
申请日:2011-03-24
申请人: Christian Gehrmann
发明人: Christian Gehrmann
IPC分类号: G06F9/455
CPC分类号: G06F9/441 , G06F9/4401 , G06F9/445 , G06F9/45533 , G06F9/45545 , G06F9/45558 , G06F21/53 , G06F21/54 , G06F2009/45587 , G06F2221/2105
摘要: A method performed by an embedded system controlled by a CPU and capable of operating as a virtualized system under supervision of a hypervisor or as a non-virtualized system under supervision of an operating system, is provided. The embedded system is executed in a normal mode if no execution of any security critical function is required by the embedded system, where the normal mode execution is performed under supervision of the operating system. If a security critical function execution is required by the embedded system, where protected mode execution is performed under supervision of the hypervisor, the operating system is switching execution of the embedded system from normal mode to protected mode, by handing over the execution of the embedded system from the operating system to the hypervisor, and when execution of the security critical function is no longer required by the embedded system is switched from protected mode to normal mode, under supervision of the hypervisor.
摘要翻译: 提供了一种由CPU控制并能够在管理程序监视下作为虚拟化系统运行的嵌入式系统或在操作系统的监督下作为非虚拟化系统执行的方法。 如果嵌入式系统不需要执行任何安全关键功能,则在正常模式下执行嵌入式系统,其中在操作系统的监视下执行正常模式执行。 如果嵌入式系统需要执行安全关键功能,在管理程序的监督下执行保护模式执行,则操作系统将嵌入式系统的执行从正常模式切换到保护模式,通过移交嵌入式 系统从操作系统到管理程序,并且当管理程序的监督下,嵌入式系统不再需要执行安全关键功能时,从保护模式切换到正常模式。
-
公开(公告)号:US08307214B2
公开(公告)日:2012-11-06
申请号:US12821746
申请日:2010-06-23
IPC分类号: H04L29/06
CPC分类号: H04N7/185 , G06F21/83 , G06F2221/2107 , H04L9/0819 , H04L9/0891 , H04L9/3273 , H04L9/3297 , H04L63/0272 , H04L63/0407 , H04L63/0435 , H04L63/06 , H04L63/08 , H04L63/164 , H04L63/166 , H04L65/4084
摘要: A method for restricting access to media data generated by a camera comprising: setting a non-public initial user key, KICU, in the camera, providing a user client with the initial user key, KICU, establishing an authenticated relation between the user client and the camera by sending an authentication message including information based on the initial user key, KICU, from the user client to the camera, checking if an operational user key (KOCU) is set in the camera, and performing, in response to the act of checking if the operational user key (KOCU) is set in the camera, the acts a)-d) only if the operational user key (KOCU) is not set: a) acquiring an operational user key (KOCU), b) setting the operational user key (KOCU) in the camera, c) sending the operational user key (KOCU) to the user client, and d) indicating in the camera that the operational user key (KOCU) is set.
摘要翻译: 一种用于限制对由摄像机生成的媒体数据的访问的方法,包括:在相机中设置非公开初始用户密钥KICU,向用户客户端提供初始用户密钥KICU,在用户客户端与用户客户端之间建立认证关系 通过发送包括基于初始用户密钥KICU的信息的认证消息从用户客户端发送到相机,检查在相机中是否设置操作用户密钥(KOCU),并且响应于 检查在相机中是否设置了操作用户密钥(KOCU),仅当未设置操作用户密钥(KOCU)时,行为a)-d):a)获取操作用户密钥(KOCU),b)设置 相机中的操作用户密钥(KOCU),c)向用户客户端发送操作用户密钥(KOCU),以及d)在相机中指示设置了操作用户密钥(KOCU)。
-
公开(公告)号:US08135945B2
公开(公告)日:2012-03-13
申请号:US12281960
申请日:2007-02-19
申请人: Christian Gehrmann
发明人: Christian Gehrmann
IPC分类号: G06F15/177
CPC分类号: G06F15/177 , G06F9/4405
摘要: A method for booting a processing device, the processing device comprising a first and a second processing unit, the method comprising: detecting by the first processing unit, whether at least one boot configuration parameter is accessible from a non-volatile storage medium of the processing device, the at least one configuration parameter being indicative of a boot interface; if said at least one configuration parameter is available, forwarding at least a part of the detected at least one configuration parameter by the first processing unit to the second processing unit; otherwise detecting by at least one of the first and second processing units whether a boot interface is available to the processing device; booting at least the second processing unit from the indicated or detected boot interface.
摘要翻译: 一种用于引导处理设备的方法,所述处理设备包括第一和第二处理单元,所述方法包括:由所述第一处理单元检测至少一个引导配置参数是否可从所述处理的非易失性存储介质访问 所述至少一个配置参数指示引导接口; 如果所述至少一个配置参数可用,则将所述第一处理单元检测到的至少一个配置参数的至少一部分转发给所述第二处理单元; 否则由第一和第二处理单元中的至少一个检测引导接口是否可用于处理设备; 至少从指示或检测到的引导界面引导第二处理单元。
-
-
-
-
-
-
-
-
-
搜索结果
58 条记录 (耗时 0.021 秒)
