-
公开(公告)号:US08195959B2
公开(公告)日:2012-06-05
申请号:US10995004
申请日:2004-11-22
申请人: Alan D. Eldridge , David S. Kern
发明人: Alan D. Eldridge , David S. Kern
IPC分类号: G06F12/14
CPC分类号: G06F21/6218 , G06F21/33
摘要: The present invention is a method, system and apparatus for the encryption of a credential store by using a lockbox mechanism. In a credential store encryption method, a lockbox for a credential store can be retrieved and an encryption key can be selected from among a list of encryption keys in the lockbox. The lockbox can be a local lockbox and the local lockbox can be retrieved from an unencrypted region of the credential store. In any case, subsequent to the retrieval of the lockbox, the credential store can be decrypted with the selected encryption key.
摘要翻译: 本发明是一种通过使用锁箱机制来加密凭证存储的方法,系统和装置。 在证书存储加密方法中,可以检索凭证存储的锁箱,并且可以从锁箱中的加密密钥列表中选择一个加密密钥。 锁箱可以是本地锁箱,并且可以从凭证存储的未加密区域检索本地锁箱。 在任何情况下,在检索锁箱之后,凭证存储可以用所选择的加密密钥解密。
-
公开(公告)号:US08296827B2
公开(公告)日:2012-10-23
申请号:US11323986
申请日:2005-12-29
申请人: Robert J. Paganetti , David S. Kern
发明人: Robert J. Paganetti , David S. Kern
IPC分类号: H04L29/06
CPC分类号: G06F21/31 , G06F2221/2131
摘要: A method is provided for a enabling a user to initiate a password protected backup copy of the user's credentials. The method includes providing a user with a credential store containing information relating to the user's identity, generating a different recovery password of any length for each recovery authority, encrypting the recovery password for each recovery authority, storing the encrypted recovery passwords in the credential store, and sending a copy of the information by the user from the credential store to a central repository.
摘要翻译: 提供了一种用于使用户能够启动用户凭据的受密码保护的备份副本的方法。 该方法包括向用户提供包含与用户身份相关的信息的凭证存储,为每个恢复机构生成任何长度的不同恢复密码,加密每个恢复授权机构的恢复密码,将加密的恢复密码存储在凭证存储器中, 并将用户信息的副本从凭证存储区发送到中央存储库。
-
公开(公告)号:US690357A
公开(公告)日:1901-12-31
申请号:US1901068532
申请日:1901-07-16
申请人: DAVID S KERN , CHARLES M REED , WILLIAM H DESHLER
发明人: BURKHALTER CHARLES
CPC分类号: C14C1/06
-
公开(公告)号:US20120151204A1
公开(公告)日:2012-06-14
申请号:US12962949
申请日:2010-12-08
IPC分类号: G06F15/173 , H04L9/00
CPC分类号: H04L63/0815 , H04L63/0281 , H04L67/2819
摘要: Efficient routing for a client-server session or connection is provided in an application layer of multi-layered systems interconnect stack by caching a plurality of application-specific information at an intermediary network point; using the application specific information to route messages for an application connection; and indexing the application-specific information with a key provided by the application. Optionally, a second key may be used to retrieve the application-specific information if the first key is not provided in an application connection request, where the second key is optionally opaque to the application program. The intermediary network point may be an edge of network Internet Protocol (IP) switch, and the application layer in which the routing is performed may be layer seven of the Open Systems Interconnection model.
摘要翻译: 通过在中间网络点缓存多个特定于应用的信息,在多层系统互连堆栈的应用层中提供用于客户机 - 服务器会话或连接的有效路由; 使用应用程序特定信息来路由应用程序连接的消息; 并使用应用程序提供的密钥对应用程序特定信息进行索引。 可选地,如果在应用程序连接请求中未提供第一密钥,则第二密钥可用于检索应用程序特定信息,其中第二密钥对应用程序可选地不透明。 中间网络点可以是网络因特网协议(IP)交换机的边缘,并且其中执行路由的应用层可以是开放系统互连模型的第七层。
-
公开(公告)号:US20100115261A1
公开(公告)日:2010-05-06
申请号:US12266470
申请日:2008-11-06
IPC分类号: H04L9/00
CPC分类号: H04L9/0861
摘要: Embodiments of the present invention address deficiencies of the art in respect to seal list management in decrypting encrypted data and provide a method, system and computer program product for extensible seal management for encrypted data. In an embodiment of the invention, a method for extensible seal management for encrypted data can include identifying multiple different seal hints of different seal hint formats for different seals in a seal list associated with encrypted data and selecting from amongst the multiple different seal hints, seal hints of a recognizable seal hint format. The method also can include filtering the seals in the seal list according to the selected seal hints and attempting decryption of the filtered seals with a decryption key specified by the selected seal hints to decrypt one of the filtered seals in order to reveal a bulk key. Finally, the method can include decrypting the encrypted data with the bulk key.
摘要翻译: 本发明的实施例解决了在解密加密数据时密封列表管理方面的技术缺陷,并提供了用于加密数据的可扩展密封管理的方法,系统和计算机程序产品。 在本发明的一个实施例中,用于加密数据的可扩展密封管理的方法可以包括识别与加密数据相关联的密封列表中的不同密封件的不同密封提示格式的多个不同的密封提示,并从多个不同的密封提示中选择密封 一个可识别的密封提示格式的提示。 该方法还可以包括根据所选择的密封提示过滤密封件列表中的密封件,并用由所选择的密封件提示指定的解密密钥尝试解密过滤的密封件,以解密过滤的密封件中的一个,以便显示批量密钥。 最后,该方法可以包括使用批量密钥解密加密的数据。
-
公开(公告)号:US20080019530A1
公开(公告)日:2008-01-24
申请号:US11420986
申请日:2006-05-30
申请人: Alan D. Eldridge , David S. Kern
发明人: Alan D. Eldridge , David S. Kern
IPC分类号: H04L9/00
CPC分类号: H04L9/16 , H04L63/0464
摘要: Embodiments of the present invention address deficiencies of the art in respect to encrypted message management in an archival environment, and provide a novel and non-obvious method, system and computer program product for message archival assurance. In one embodiment of the invention, a message archival assurance method can be provided that can include receiving an encrypted message designated for receipt by a messaging client; determining whether the encrypted message is decryptable using one of a set of a bulk keys accessible by the messaging system; and, archiving and forwarding the encrypted message to the messaging client only if the encrypted message is decryptable using one of a set of bulk keys accessible by the messaging system and otherwise discarding the encrypted message.
摘要翻译: 本发明的实施例解决了存档环境中加密消息管理方面的技术缺陷,并且提供了一种用于消息归档保证的新颖且非显而易见的方法,系统和计算机程序产品。 在本发明的一个实施例中,可以提供消息归档保证方法,该方法可以包括:接收指定用于由消息接发客户端接收的加密消息; 使用所述消息收发系统可访问的一组批量密钥来确定所述加密消息是否可解密; 并且仅当使用消息系统可访问的一组批量密钥中的一个可解密加密的消息,并且否则丢弃加密的消息时,将加密的消息归档并转发到消息收发客户端。
-
7.发明授权Method and system for automating the recovery of a credential store when a user has forgotten their password using a temporary key pair created based on a new password provided by the user 有权当用户使用由用户提供的新密码创建的临时密钥对来忘记密码时,自动恢复凭证存储的方法和系统公开(公告)号:US09094194B2
公开(公告)日:2015-07-28
申请号:US11379088
申请日:2006-04-18
申请人: David S. Kern , Shiu F. Poon , Robert J. Paganetti
发明人: David S. Kern , Shiu F. Poon , Robert J. Paganetti
CPC分类号: H04L9/0894
摘要: A system for automating the recovery of a credential store, in which client software generates a temporary key pair based on a new password, and sends client information including the user's name, the public half of the temporary key pair, and the host name of the client computer system to a server system, from which the client information is passed to a recovery process. The client software process displays a prompt indicating that the user should call a help desk. A help desk administrator verifies the user's identity and approves the user's request by causing an approval message to be sent to the recovery process. The recovery process obtains recovery information consisting of either the decryption key(s) for the credential store, or a decrypted copy of the credential store, and encrypts the recovery information using the temporary public key. The client process downloads the recovery information from the server, and decrypts it using private key of the temporary key pair. The credential store can then be decrypted using the recovery information if necessary, then re-encrypted based on the new password. The encrypted recovery information is stored on the server and re-used for a certain period of time, after which it is deleted, thus allowing multiple copies of the credential store to be conveniently recovered.
摘要翻译: 一种用于自动恢复凭证存储的系统,其中客户端软件基于新密码生成临时密钥对,并且发送包括用户名,临时密钥对的公开一半以及临时密钥对的主机名的客户端信息 客户端计算机系统到服务器系统,客户端信息从该系统传递到恢复过程。 客户端软件进程显示一个提示,指示用户应该呼叫帮助台。 帮助台管理员通过将批准消息发送到恢复过程来验证用户的身份并批准用户的请求。 恢复过程获得由用于证书存储的解密密钥或证书存储的解密密钥组成的恢复信息,并且使用临时公钥加密恢复信息。 客户端进程从服务器下载恢复信息,并使用临时密钥对的私钥对其进行解密。 然后可以使用恢复信息来解密凭证存储,如果需要,然后基于新密码重新加密。 加密的恢复信息存储在服务器上并重新使用一段时间,之后被删除,从而可以方便地恢复凭证存储的多个副本。
-
公开(公告)号:US08995653B2
公开(公告)日:2015-03-31
申请号:US11179189
申请日:2005-07-12
申请人: Alan D. Eldridge , David S. Kern
发明人: Alan D. Eldridge , David S. Kern
CPC分类号: G06F21/72 , H04L9/0869
摘要: Embodiments of the present invention address deficiencies of the art in respect to symmetric key generation and provide a method, system and computer program product for symmetric key generation using an asymmetric private key. In one embodiment, a symmetric key generation data processing system can include a symmetric key generator configured with a programmatic interface including an input parameter for a seed, an input parameter for an asymmetric private key, and an output parameter for a symmetric key. The symmetric key generator can include program code enabled to generate the symmetric key by encrypting the seed with the asymmetric private key.
摘要翻译: 本发明的实施例解决了对称密钥生成方面的缺陷,并且提供了一种使用非对称私钥的对称密钥生成的方法,系统和计算机程序产品。 在一个实施例中,对称密钥生成数据处理系统可以包括配置有包括种子的输入参数,用于非对称私钥的输入参数和对称密钥的输出参数的编程接口的对称密钥生成器。 对称密钥生成器可以包括通过使用非对称私钥加密种子而能够生成对称密钥的程序代码。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.012 秒)
