-
1.发明申请公开(公告)号:US20140068258A1
公开(公告)日:2014-03-06
申请号:US13604427
申请日:2012-09-05
申请人: Ching-Yun Chao
发明人: Ching-Yun Chao
IPC分类号: H04L29/06
CPC分类号: H04L63/061 , G06F11/1469 , H04L2463/062
摘要: A cloud deployment appliance includes a key stored internally and that is used during restore to decrypt encrypted backup images. That key is not available to an administrator of the appliance; instead, the administrator receives a “value” that has been generated externally to the appliance and, in particular, by applying a public key of a public key pair to the key. The value is possessed by the administrator, but it does not expose the key. Upon a given occurrence, such as a disk failure in the appliance, the administrator uses the value to obtain” the key, which is then used to restore an encrypted backup image. The key is obtained by having the administrator provide the value to an entity, e.g., the appliance manufacturer, who then recovers the key for the administrator (by applying the private key of the public key pair).
摘要翻译: 云部署设备包括内部存储的密钥,并在还原期间使用密钥来解密加密的备份映像。 该设备的管理员无法使用该密钥; 相反,管理员接收到在设备外部产生的“值”,特别是通过将密钥对的公钥应用于密钥。 该值由管理员拥有,但不会显示密钥。 在给定的情况下,例如设备中的磁盘故障,管理员使用该值获取“密钥,然后用于恢复加密的备份映像。该密钥是通过让管理员向实体提供值来获得的 (例如,家电制造商),然后他们恢复管理员的密钥(通过应用公钥对的私钥)。
-
公开(公告)号:US20140059013A1
公开(公告)日:2014-02-27
申请号:US13593583
申请日:2012-08-24
申请人: Ching-Yun Chao , John Yow-Chun Chang , Bertrand Be-chung Chiu, JR. , Douglas Yellow Shue , Yuhsuke Kaneyasu , Jay William Warfield
发明人: Ching-Yun Chao , John Yow-Chun Chang , Bertrand Be-chung Chiu, JR. , Douglas Yellow Shue , Yuhsuke Kaneyasu , Jay William Warfield
IPC分类号: G06F17/30
CPC分类号: G06F21/64 , G06F11/3476 , G06F21/552 , G06F2221/2143 , G06F2221/2151 , H04L63/0823
摘要: A cloud deployment appliance includes a mechanism to enable permitted users to move event records reliably from an internal event log of the appliance to a data store located external to the appliance while ensuring the integrity of event records. The mechanism ensures that the event records are not tampered with in storage or during download. Further, the approach ensures that no event records can be removed from the appliance internal storage before being successfully downloaded to the external data store.
摘要翻译: 云部署设备包括一种机制,允许允许的用户将事件记录从设备的内部事件日志可靠地移动到设备外部的数据存储,同时确保事件记录的完整性。 该机制确保事件记录在存储或下载过程中不会被篡改。 此外,该方法确保在成功下载到外部数据存储之前不会从设备内部存储中删除事件记录。
-
公开(公告)号:US08572694B2
公开(公告)日:2013-10-29
申请号:US12049139
申请日:2008-03-14
申请人: David Yu Chang , Ching-Yun Chao
发明人: David Yu Chang , Ching-Yun Chao
IPC分类号: H04L29/06
CPC分类号: H04L63/102 , G06F21/6236
摘要: An approach to handling integrated security roles is presented. An upstream application includes one or more role-mapping requirements that correspond to an upstream security role and a downstream security role. The upstream security role is expanded by adding an upstream security role identifier in a downstream application's role-mapping table or by adding upstream user-to-role mappings to a downstream application's role-mapping table. When an upstream security role is expanded, a user assigned to the upstream security role automatically has access to role-mapped downstream applications.
摘要翻译: 介绍了一种处理集成安全角色的方法。 上游应用程序包括一个或多个对应于上游安全角色和下游安全角色的角色映射要求。 通过在下游应用程序的角色映射表中添加上游安全角色标识符,或通过向下游应用程序的角色映射表添加上游用户到角色映射来扩展上游安全角色。 当扩展上游安全角色时,分配给上游安全角色的用户可以自动访问角色映射的下游应用程序。
-
公开(公告)号:US08112628B2
公开(公告)日:2012-02-07
申请号:US12348475
申请日:2009-01-05
申请人: Steven A. Bade , Ching-Yun Chao
发明人: Steven A. Bade , Ching-Yun Chao
IPC分类号: H04L9/00
CPC分类号: G06F21/33 , G06F21/34 , G06F21/445 , H04L9/3265 , H04L9/3273 , H04L2209/56 , H04L2209/805
摘要: A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system.
摘要翻译: 包括第一密码装置的第一数据处理系统与包括第二密码装置的第二数据处理系统通信地耦合。 然后密码设备会自己相互认证。 第一加密设备存储与第二数据处理系统相关联的第一非对称密码密钥对和第二非对称密码密钥对的公钥的私钥。 第二加密设备存储第二非对称密码密钥对的私钥和与第一数据处理系统相关联的第一非对称密码密钥对的公开密钥。 响应于成功地执行两个加密系统之间的相互认证操作,第一数据处理系统能够在第一数据处理系统保持与第二数据处理系统通信耦合的同时在第一密码装置上调用敏感的加密功能。
-
公开(公告)号:US07908492B2
公开(公告)日:2011-03-15
申请号:US12118785
申请日:2008-05-12
申请人: Steven A. Bade , Ching-Yun Chao
发明人: Steven A. Bade , Ching-Yun Chao
CPC分类号: H04L9/3265 , G06F21/33 , G06F21/34 , G06F21/445 , H04L9/0897 , H04L9/3247 , H04L9/3273 , H04L2209/805
摘要: A data processing method accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.
摘要翻译: 数据处理方法接受与数据处理系统中的系统单元电接合的可移动存储介质,之后可移动存储介质和硬件安全单元相互认证自身。 可移动存储介质存储与硬件安全单元相关联的第一非对称加密密钥对和第二非对称密码密钥对的公钥的私钥,并且硬件安全单元存储第二非对称密码密钥的私钥 对和与可移动存储介质相关联的第一非对称加密密钥对的公开密钥。 响应于成功地执行可移动存储介质和硬件安全单元之间的相互认证操作,系统单元能够在可移动存储介质保持与系统单元接合的同时在硬件安全单元上调用加密功能。
-
6.发明授权公开(公告)号:US07849326B2
公开(公告)日:2010-12-07
申请号:US10753818
申请日:2004-01-08
申请人: Ching-Yun Chao
发明人: Ching-Yun Chao
CPC分类号: G06F21/445 , G06F21/602 , G06F2221/2153 , H04L9/3247 , H04L9/3265 , H04L9/3273 , H04L2209/805
摘要: A data processing system accepts a removable hardware device, which becomes electrically engaged with a system unit within the data processing system, after which the removable hardware device and the hardware security unit mutually authenticate themselves. The removable hardware device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable hardware device. In response to successfully performing the mutual authentication operation between the removable hardware device and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit.
摘要翻译: 数据处理系统接受与数据处理系统内的系统单元电接合的可移动硬件设备,之后可拆卸硬件设备和硬件安全单元相互认证自身。 可拆卸硬件设备存储与硬件安全单元相关联的第一非对称加密密钥对和第二非对称密码密钥对的公钥的私钥,并且硬件安全单元存储第二非对称密码密钥的私钥 对和与可移除硬件设备相关联的第一非对称加密密钥对的公开密钥。 响应于成功地执行可移动硬件设备和硬件安全单元之间的相互认证操作,系统单元能够在硬件安全单元处调用密码功能,同时可拆卸硬件设备保持与系统单元电气接合。
-
7.发明授权公开(公告)号:US07822206B2
公开(公告)日:2010-10-26
申请号:US11553276
申请日:2006-10-26
申请人: Peter D. Birk , Keys D. Botzum , Ching-Yun Chao , Hyen V. Chung , Alaine DeMyers , Ut Van Lee , James L. Lentz , Mickella A. Rosiles
发明人: Peter D. Birk , Keys D. Botzum , Ching-Yun Chao , Hyen V. Chung , Alaine DeMyers , Ut Van Lee , James L. Lentz , Mickella A. Rosiles
IPC分类号: H04L9/08
CPC分类号: H04L9/0891 , H04L9/16 , H04L2209/24
摘要: Systems, methods and media for managing and generating encryption keys are disclosed. In one embodiment, a processor executes encryption key processing computer code to receive requests for keys from an application program. The processor determines whether the requesting application program executes on a node or server that is within the scope of machines authorized to receive the requested keys. If authorized, the processor produces a key map and sends the key map to the application program, enabling the application program to access one or more keys in the key map. The keys are updated automatically according to a specifiable schedule.
摘要翻译: 公开了用于管理和生成加密密钥的系统,方法和媒体。 在一个实施例中,处理器执行加密密钥处理计算机代码以从应用程序接收对密钥的请求。 处理器确定请求应用程序是否在被授权接收所请求的密钥的机器范围内的节点或服务器上执行。 如果授权,处理器产生一个关键图,并将该关键图发送到该应用程序,使该应用程序能够访问该关键图中的一个或多个键。 按照可指定的时间表自动更新密钥。
-
8.发明授权公开(公告)号:US07810132B2
公开(公告)日:2010-10-05
申请号:US12123693
申请日:2008-05-20
申请人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
发明人: Peter Daniel Birk , Ching-Yun Chao , Hyen Vui Chung , Carlton Keith Mason , Ajaykumar Karkala Reddy , Vishwanath Venkataramappa
CPC分类号: G06F21/31
摘要: Objects on application servers are distributed to one or more application servers; a user is allowed to declare in a list which objects residing on each application server are to be protected; the list is read by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“CORBA”) compliant Interoperable Object Reference (“IOR”) for a listed object, the interceptor associates one or more application server security flags with interfaces to the listed objects by tagging components of the IOR with one or more security flags; and one or more security operations are performed by an application server according to the security flags tagged to the IOR when a client accesses an application server-stored object, the security operations including an operation besides establishing secure communications between the client process and the server-stored object.
摘要翻译: 应用程序服务器上的对象分发到一个或多个应用程序服务器; 允许用户在列表中声明哪些驻留在每个应用服务器上的对象将被保护; 列表由拦截器读取; 响应于为列出的对象导出通用对象请求代理体系结构(“CORBA”)兼容的可互操作对象引用(“IOR”),拦截器通过标记所列对象的组件将一个或多个应用程序服务器安全标志与列出的对象的接口相关联 IOR带有一个或多个安全标志; 并且当客户端访问应用服务器存储的对象时,应用服务器根据标记为IOR的安全标志执行一个或多个安全操作,该安全操作包括除客户端进程和服务器端之间建立安全通信之外的操作, 存储对象。
-
公开(公告)号:US07756830B1
公开(公告)日:2010-07-13
申请号:US09282907
申请日:1999-03-31
申请人: Ching-Yun Chao , Roger Eldred Hough , Rodolfo Augusto Mancisidor-Landa , Javashree Ramanathan , Amal Ahmed Shaheen
发明人: Ching-Yun Chao , Roger Eldred Hough , Rodolfo Augusto Mancisidor-Landa , Javashree Ramanathan , Amal Ahmed Shaheen
IPC分类号: G06F17/30
CPC分类号: G06F11/187 , G06F11/1425 , G06F11/182 , G06F17/30575
摘要: A method and apparatus for providing a recent set of replicas for a cluster data resource within a cluster having a plurality of nodes. Each of the nodes having a group services client with membership and voting services. The method of the present invention concerns broadcasting a data resource open request to the nodes of the cluster, determining a recent replica of the cluster data resource among the nodes, and distributing the recent replica to the nodes of the cluster. The apparatus of the present invention is for providing a recent set of replicas for a cluster data resource. The apparatus has a cluster having a plurality of nodes in a peer relationship, each node has an electronic memory for storing a local replica of the cluster data resource. A group services client, which is executable by each node of the cluster, has cluster broadcasting and cluster voting capability. A database conflict resolution protocol (“DCRP”), which is executable by each node of the cluster, interacts with the group services clients such that the DCRP broadcasts to the nodes a data resource modification request having a data resource identifier and a timestamp. The DCRP determines a recent replica of the cluster data resource among the nodes with respect to the timestamp of the broadcast data resource modification request relative to a local timestamp associated with the data resource identifier, and distributes the recent replica of the cluster data resource to each node of the plurality of nodes.
摘要翻译: 一种用于在具有多个节点的集群内为集群数据资源提供最近的一组副本的方法和装置。 每个节点具有具有成员资格和投票服务的组服务客户端。 本发明的方法涉及向簇的节点广播数据资源打开请求,确定节点之间的集群数据资源的最近副本,并将最近的副本分发到集群的节点。 本发明的装置用于提供用于集群数据资源的一组最新的副本。 该设备具有具有对等关系的多个节点的集群,每个节点具有用于存储集群数据资源的本地副本的电子存储器。 由群集的每个节点执行的组服务客户端具有集群广播和集群投票功能。 由集群的每个节点执行的数据库冲突解决协议(“DCRP”)与组服务客户端交互,使得DCRP向节点广播具有数据资源标识符和时间戳的数据资源修改请求。 相对于与数据资源标识符相关联的本地时间戳相对于广播数据资源修改请求的时间戳,DCRP确定节点之间的集群数据资源的最近副本,并且将最近的集群数据资源副本分发给每个 节点。
-
10.发明授权Method and system for establishing a trust framework based on smart key devices 有权基于智能钥匙器件建立信任框架的方法和系统公开(公告)号:US07711951B2
公开(公告)日:2010-05-04
申请号:US10753820
申请日:2004-01-08
申请人: Ching-Yun Chao
发明人: Ching-Yun Chao
IPC分类号: H04L29/06
CPC分类号: G06F21/445 , G06F21/602 , G06F2221/2149 , G06F2221/2153
摘要: A mechanism is provided for securing cryptographic functionality within a host system such that it may only be used when a system administrator physically allows it via a hardware security token. In addition, a hardware security unit is integrated into a data processing system, and the hardware security unit acts as a hardware certificate authority. The hardware security unit may be viewed as supporting a trust hierarchy or trust framework within a distributed data processing system. The hardware security unit can sign software that is installed on the machine that contains the hardware security unit. Server processes that use the signed software that is run on the machine can establish mutual trust relationships with the hardware security unit and amongst the other server processes based on their common trust of the hardware security unit.
摘要翻译: 提供了一种用于保护主机系统内的加密功能的机制,使得仅当系统管理员经由硬件安全令牌物理地允许密码功能时才能使用该机制。 此外,硬件安全单元被集成到数据处理系统中,硬件安全单元充当硬件认证机构。 可以将硬件安全单元视为在分布式数据处理系统内支持信任层级或信任框架。 硬件安全单元可以签署安装在包含硬件安全单元的机器上的软件。 使用在机器上运行的签名软件的服务器进程可以基于硬件安全单元的共同信任,建立与硬件安全单元和其他服务器进程之间的相互信任关系。
-
-
-
-
-
-
-
-
-
搜索结果
72 条记录 (耗时 0.028 秒)
