利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

142 条记录 (耗时 0.018 秒)

    Method and apparatus for secure processing of cryptographic keys
    61.
    发明授权
    Method and apparatus for secure processing of cryptographic keys 失效
    用于加密密钥的安全处理的方法和装置

    公开(公告)号:US06557104B2

    公开(公告)日:2003-04-29

    申请号:US08848963

    申请日:1997-05-02

    申请人: Son Trung Vu Quang Phan

    发明人: Son Trung Vu Quang Phan

    IPC分类号: H04L932

    CPC分类号: G06F21/34 G06F2211/007 G06F2211/1097

    摘要: A method and apparatus for secure processing of cryptographic keys, wherein a cryptographic key stored on a token is processed in a secure processor mode using a secure memory. A main system processor is initialized into a secure processing mode, which cannot be interrupted by other interrupts, during a power-on sequence. A user enters a Personal Identification Number (PIN) to unlock the cryptographic key stored on the token. The cryptographic key and associated cryptographic program are then loaded into the secure memory. The secure memory is locked to prevent access to the stored data from any other processes. The user is then prompted to remove the token and the processor exits the secure mode and the system continues normal boot-up operations. When an application requests security processing, the cryptographic program is executed by the processor in the secure mode such that no other programs or processes can observe the execution of the program. Two-factor authentication is thus obtained without the need for any additional hardware.

    摘要翻译: 一种用于密码密钥的安全处理的方法和装置,其中使用安全存储器以安全处理器模式处理存储在令牌上的密码密钥。 主系统处理器被初始化为安全处理模式,其在上电序列期间不能被其他中断中断。 用户输入个人识别码(PIN)以解锁存储在令牌上的加密密钥。 然后将加密密钥和相关密码程序加载到安全存储器中。 锁定安全内存以防止从任何其他进程访问存储的数据。 然后提示用户删除令牌,并且处理器退出安全模式,并且系统继续正常的启动操作。 当应用程序请求安全处理时,密码程序由处理器以安全模式执行,使得没有其他程序或进程可以观察程序的执行。 因此获得双因素认证,而不需要任何额外的硬件。

    Trusted workstation in a networked client/server computing system
    62.
    发明授权
    Trusted workstation in a networked client/server computing system 有权
    网络客户端/服务器计算系统中的可信任工作站

    公开(公告)号:US06314520B1

    公开(公告)日:2001-11-06

    申请号:US09252588

    申请日:1999-02-18

    申请人: Roger R. Schell Douglas Lavell Hale Willard Monten Wiseman James P. Anderson

    发明人: Roger R. Schell Douglas Lavell Hale Willard Monten Wiseman James P. Anderson

    IPC分类号: G06F1214

    CPC分类号: H04L63/0428 G06F21/82 G06F2211/009 G06F2211/1097 H04L29/12009 H04L29/12783 H04L29/12839 H04L61/35 H04L61/6022 H04L63/083 H04L2463/062

    摘要: A trusted workstation includes a network interface card (NIC) with trusted computing base (TCB) extensions that provide for securely booting the workstation and performing subsequent receive and transmit packet filtering in support of a network's system architecture requirements. The NIC includes a send address confirm circuit which includes a trusted source address (e.g., a MAC address) uniquely associated with the trusted workstation. For each packet to be transmitted from the trusted workstation over the network, the NIC first checks the source address inserted in the packet by the NIC driver running the user session to be sure that the driver inserted source address is equal to the trusted address resident. Thus, if untrusted software on the workstation attempts mischiefly transmit a forged packet with a source address other than the trusted source address, the NIC prohibits transmission of the packet with the forged source address. This prevents the trusted workstation from forging its packets with another client's source address. The NIC also includes a receive address confirmation circuit which ensures that the trusted workstation only receives packets from authorized servers.

    摘要翻译: 受信任的工作站包括具有可信计算基础(TCB)扩展的网络接口卡(NIC),其提供安全地引导工作站并执行随后的接收和发送分组过滤以支持网络的系统架构要求。 NIC包括发送地址确认电路,其包括与可信任工作站唯一相关联的可信源地址(例如,MAC地址)。 对于要通过网络从受信任的工作站发送的每个数据包,NIC首先检查运行用户会话的NIC驱动程序插入数据包中的源地址,以确保驱动程序插入的源地址等于可信任地址驻留。 因此,如果工作站上的不信任软件尝试恶作剧发送具有不可信源地址以外的源地址的伪造数据包,则NIC禁止用伪造的源地址传输数据包。 这样可以防止受信任的工作站用另一个客户端的源地址来伪造数据包。 NIC还包括接收地址确认电路,其确保可信任工作站仅从授权的服务器接收分组。

    Electronic location tag
    63.
    发明授权
    Electronic location tag 失效
    电子位置标签

    公开(公告)号:US06288645B1

    公开(公告)日:2001-09-11

    申请号:US09634397

    申请日:2000-08-09

    申请人: Colin David McCall Frank Martin Orr Gavin Munro Cameron

    发明人: Colin David McCall Frank Martin Orr Gavin Munro Cameron

    IPC分类号: G08B1314

    CPC分类号: G08B13/1409 G06F21/34 G06F21/88 G06F2211/1097

    摘要: An electronic location tag comprises stored data which includes a identifier. The data is transmitted to an attached data processing system through an interface. The attached data processing system is adapted to initiate a security action responsive to receiving the identifier. The electronic location tag is adapted to be physically attached to the environment surrounding the tag.

    摘要翻译: 电子位置标签包括包括标识符的存储数据。 数据通过接口传输到附属数据处理系统。 附加的数据处理系统适于响应于接收标识符发起安全动作。 电子位置标签适于物理地附接到标签周围的环境。

    METHOD AND APPARATUS FOR SECURE PROCESSING OF CRYPTOGRAPHIC KEYS
    64.
    发明申请
    METHOD AND APPARATUS FOR SECURE PROCESSING OF CRYPTOGRAPHIC KEYS 失效
    方法和装置用于安全加工克氏针

    公开(公告)号:US20010008015A1

    公开(公告)日:2001-07-12

    申请号:US08848963

    申请日:1997-05-02

    发明人: SON TRUNG VU QUANG PHAN

    IPC分类号: H04L009/32 G06F012/14

    CPC分类号: G06F21/34 G06F2211/007 G06F2211/1097

    摘要: A method and apparatus for secure processing of cryptographic keys, wherein a cryptographic key stored on a token is processed in a secure processor mode using a secure memory. A main system processor is initialized into a secure processing mode, which cannot be interrupted by other interrupts, during a power-on sequence. A user enters a Personal Identification Number (PIN) to unlock the cryptographic key stored on the token. The cryptographic key and associated cryptographic program are then loaded into the secure memory. The secure memory is locked to prevent access to the stored data from any other processes. The user is then prompted to remove the token and the processor exits the secure mode and the system continues normal boot-up operations. When an application requests security processing, the cryptographic program is executed by the processor in the secure mode such that no other programs or processes can observe the execution of the program. Two-factor authentication is thus obtained without the need for any additional hardware.

    摘要翻译: 一种用于密码密钥的安全处理的方法和装置,其中使用安全存储器以安全处理器模式处理存储在令牌上的密码密钥。 主系统处理器被初始化为安全处理模式,其在上电序列期间不能被其他中断中断。 用户输入个人识别码(PIN)以解锁存储在令牌上的加密密钥。 然后将加密密钥和相关密码程序加载到安全存储器中。 锁定安全内存以防止从任何其他进程访问存储的数据。 然后提示用户删除令牌,并且处理器退出安全模式,并且系统继续正常的启动操作。 当应用程序请求安全处理时,密码程序由处理器以安全模式执行,使得没有其他程序或进程可以观察程序的执行。 因此获得双因素认证,而不需要任何额外的硬件。

    Method and apparatus for increasing security against unauthorized write access to a protected memory
    65.
    发明授权
    Method and apparatus for increasing security against unauthorized write access to a protected memory 失效
    用于提高对受保护存储器的非授权写入访问的安全性的方法和装置

    公开(公告)号:US06249872B1

    公开(公告)日:2001-06-19

    申请号:US09002776

    申请日:1998-01-05

    申请人: Frank L. Wildgrube Mark Albrecht

    发明人: Frank L. Wildgrube Mark Albrecht

    IPC分类号: G06F1214

    CPC分类号: G06F21/79 G06F12/1408 G06F12/1466 G06F21/572 G06F21/75 G06F2211/008 G06F2211/1097

    摘要: A system and method for protecting a non-volatile storage element of an electronic system from an unauthorized write access is described. The method features the operational steps of entering a mode of operation in which an authentication process is performed, placing a security circuit of the electronic system in a first predetermined state of operation before leaving the mode of operation, checking the current state of the security circuit, and halting further operations of the electronic system if the security circuit exists in a state of operation other than the first predetermined state of operation.

    摘要翻译: 描述了一种用于保护电子系统的非易失性存储元件免受未授权写入访问的系统和方法。 该方法具有进入其中执行认证处理的操作模式的操作步骤,在离开操作模式之前将电子系统的安全电路置于第一预定操作状态,检查安全电路的当前状态 并且如果安全电路存在于除了第一预定操作状态之外的操作状态中,则停止电子系统的进一步操作。

    Multiprocessor system for enabling shared access to a memory
    66.
    发明授权
    Multiprocessor system for enabling shared access to a memory 失效
    用于启用对存储器的共享访问的多处理器系统

    公开(公告)号:US06161162A

    公开(公告)日:2000-12-12

    申请号:US480047

    申请日:1995-06-06

    申请人: David T. DeRoo Mark D. Nicol David J. DeLisle Richard D. Ball Saifuddin Fakhruddin Lloyd W. Gauthier Robert A. Kohtz Jimmy D. Smith

    发明人: David T. DeRoo Mark D. Nicol David J. DeLisle Richard D. Ball Saifuddin Fakhruddin Lloyd W. Gauthier Robert A. Kohtz Jimmy D. Smith

    IPC分类号: G06F1/00 G06F9/30 G06F9/445 G06F12/14 G06F21/00 G06F13/18

    CPC分类号: G06F21/79 G06F9/30101 G06F9/4401 G06F12/1433 G06F2211/1097

    摘要: A multiprocessing computer system and method providing multiplexed address and data paths from multiple CPUs to a single storage device. These paths are controlled by an arbitration circuit which allows one CPU to always have the highest priority. The primary CPU may or may not be the highest priority CPU in the arbitration scheme. The arbitration circuit is combined with a controlling mechanism which interfaces to the memory device. This controller operates at a clock rate fast enough to allow the highest priority CPU to access the memory at it's highest data rate and, yet, guarantees a maximum idle period for the lower priority CPU to wait for it's interleaved memory access to complete. A single memory device provides cost and space savings. A controller is responsive to these processors to multiplex their information signals for selectively conveying information present at their address and data ports. A common memory device is addressable by the processors, and responsive to the controller to share addressing of the common memory device.

    摘要翻译: 一种多处理计算机系统和方法,其将多个地址和数据路径从多个CPU提供给单个存储设备。 这些路径由仲裁电路控制,仲裁电路允许一个CPU始终具有最高优先级。 主CPU可能是也可能不是仲裁方案中最高优先级的CPU。 仲裁电路与与存储器件接口的控制机构组合。 该控制器的时钟速率足够快,允许最高优先级的CPU以最高数据速率访问存储器,而且保证较低优先级CPU等待其交错存储器访问完成的最大空闲时间。 单个存储器件节省了成本和空间。 控制器响应于这些处理器来复用其信息信号,以选择性地传送存在于其地址和数据端口的信息。 公共存储器件可由处理器寻址,并响应于控制器共享公用存储器件的寻址。

    Channel configuration program server architecture
    67.
    发明授权
    Channel configuration program server architecture 失效
    渠道配置程序服务器架构

    公开(公告)号:US6092189A

    公开(公告)日:2000-07-18

    申请号:US70589

    申请日:1998-04-30

    申请人: Jerald C. Fisher Lien Dai Nguyen James Young Gunnar P. Seaburg Galen W. Hedlund Richard S. Katz

    发明人: Jerald C. Fisher Lien Dai Nguyen James Young Gunnar P. Seaburg Galen W. Hedlund Richard S. Katz

    IPC分类号: G06F1/00 G06F9/44 G06F9/445 G06F9/45 G06F11/00

    CPC分类号: G06F8/71 G06F2211/1097

    摘要: A process for the mass production of computers where software is automatically installed according to configure-to-order requirements. Additionally, the process captures the as-built hardware and software components of each computer for the vendor service and support program. Furthermore, the process provides a software installation environment which is secure from any undetectable alteration and offers control and auditing of subcontractors who produce systems according to manufacturer's specifications. Finally, the process automates the tracking and reporting of royalty payments to the appropriate recipient.

    摘要翻译: 大规模生产计算机的过程,其中软件根据配置到订单的要求自动安装。 此外,该过程捕获供应商服务和支持程序的每台计算机的建立的硬件和软件组件。 此外,该过程提供了一个安全的软件安装环境,无法检测到任何变更,并根据制造商的规范提供对生产系统的分包商的控制和审核。 最后,该过程自动跟踪和报告给适当收件人的特许权使用费。

    Method of detaching a security device from a personal computer
    69.
    发明授权
    Method of detaching a security device from a personal computer 失效
    从个人计算机分离安全装置的方法

    公开(公告)号:US5983352A

    公开(公告)日:1999-11-09

    申请号:US56826

    申请日:1998-04-08

    申请人: Won-keun Kong

    发明人: Won-keun Kong

    IPC分类号: G06F1/00 G06F21/57 G06F21/62 G06F21/80 G06F7/00 H04L9/00

    CPC分类号: G06F21/80 G06F21/575 G06F21/6209 G06F2211/007 G06F2211/1097 G06F2221/2147

    摘要: A method of detaching a security device in a personal computer wherein original booting data of the boot sector of a hard disk is stored in a special file. A user's authorization is verified using a password, and if the user is authorized, the user may restore original booting data to the booting sector of the hard disk, to enable the computer to be booted without a security device.

    摘要翻译: 一种分离个人计算机中的安全设备的方法,其中硬盘的引导扇区的原始引导数据被存储在特殊文件中。 使用密码验证用户的授权,并且如果用户被授权,则用户可以将原始引导数据恢复到硬盘的引导扇区,以使得计算机能够在没有安全设备的情况下被引导。