-
公开(公告)号:US20080101596A1
公开(公告)日:2008-05-01
申请号:US11555605
申请日:2006-11-01
CPC分类号: H04L9/0891 , G06F21/602 , H04L9/085 , H04L2209/60
摘要: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
摘要翻译: 用于保护安全系统中的数据的系统生成并编码用于编码长寿命秘密的备份密钥。 系统生成分配计划,用于根据地理和组织多样性将所编码备份密钥的加密分裂分发给选定的人员。 分配计划指定要生成的密码分割数M,以及恢复备份密钥所需的密码分割数N。 系统过程利用包括系统参数和状态文件的初始化文件,每个文件包括在事务之后反映安全系统的状态的参数。 任何状态文件可用于任何系统进程。 状态文件和init文件由备份密钥编码,从而保护长命的秘密。
-
公开(公告)号:US08280043B2
公开(公告)日:2012-10-02
申请号:US12133658
申请日:2008-06-05
CPC分类号: H04L9/0891 , G06F21/602 , H04L9/085 , H04L2209/60
摘要: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
摘要翻译: 用于保护安全系统中的数据的系统生成并编码用于编码长寿命秘密的备份密钥。 系统生成分配计划,用于根据地理和组织多样性将所编码备份密钥的加密分裂分发给选定的人员。 分配计划指定要生成的密码分割数M,以及恢复备份密钥所需的密码分割数N。 系统过程利用包括系统参数和状态文件的初始化文件,每个文件包括在事务之后反映安全系统的状态的参数。 任何状态文件可用于任何系统进程。 状态文件和init文件由备份密钥编码,从而保护长命的秘密。
-
3.发明申请Systems, Methods, and Media for Adding an Additional Level of Indirection to Title Key Encryption 有权用于向标题密钥加密添加附加级别间接的系统,方法和介质公开(公告)号:US20090028342A1
公开(公告)日:2009-01-29
申请号:US12056626
申请日:2008-03-27
CPC分类号: H04L9/0841 , H04L9/0891 , H04L2209/60
摘要: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.
摘要翻译: 公开了用于加密和解密内容文件的系统,方法和介质。 更具体地,公开了用于向标题密钥加密方案添加附加级别的间接的硬件和/或软件。 实施例可以包括由密码系统基于绑定信息生成绑定密钥。 实施例还可以包括通过密码系统加密具有绑定密钥的秘密密钥并生成与至少一个内容文件相关联的标题密钥。 实施例还可以包括通过密码系统加密具有秘密密钥的标题密钥和具有标题密钥的至少一个内容文件。 另外的实施例可以包括接收绑定信息已经改变的指示,基于新改变的绑定信息生成新的绑定密钥,并用新的绑定密钥重新加密秘密密钥。
-
公开(公告)号:US08353017B2
公开(公告)日:2013-01-08
申请号:US12133776
申请日:2008-06-05
IPC分类号: H04L29/00
摘要: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.
摘要翻译: 公开了一种用于保护分配给用户的密码的系统和方法,所述方法包括:提供具有虚拟键盘的密码输入屏幕,所述虚拟键盘包括以非QWERTY格式布置的多个字符键; 如果访问密码输入屏幕的用户提交的密码与从密码数据库检索的用户密码匹配,则认证用户; 如果提交的密码与检索到的用户密码不符,则拒绝对用户的访问。 该系统包括用于执行该方法的存储模块和计算机程序。
-
公开(公告)号:US07864953B2
公开(公告)日:2011-01-04
申请号:US12056626
申请日:2008-03-27
IPC分类号: H04L9/00
CPC分类号: H04L9/0841 , H04L9/0891 , H04L2209/60
摘要: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.
摘要翻译: 公开了用于加密和解密内容文件的系统,方法和介质。 更具体地,公开了用于向标题密钥加密方案添加附加级别的间接的硬件和/或软件。 实施例可以包括由密码系统基于绑定信息生成绑定密钥。 实施例还可以包括通过密码系统加密具有绑定密钥的秘密密钥并生成与至少一个内容文件相关联的标题密钥。 实施例还可以包括通过密码系统加密具有秘密密钥的标题密钥和具有标题密钥的至少一个内容文件。 另外的实施例可以包括接收绑定信息已经改变的指示,基于新改变的绑定信息生成新的绑定密钥,并用新的绑定密钥重新加密秘密密钥。
-
公开(公告)号:US07860246B2
公开(公告)日:2010-12-28
申请号:US11555605
申请日:2006-11-01
CPC分类号: H04L9/0891 , G06F21/602 , H04L9/085 , H04L2209/60
摘要: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
摘要翻译: 用于保护安全系统中的数据的系统生成并编码用于编码长寿命秘密的备份密钥。 系统生成分配计划,用于根据地理和组织多样性将所编码备份密钥的加密分裂分发给选定的人员。 分配计划指定要生成的密码分割数M,以及恢复备份密钥所需的密码分割数N。 系统过程利用包括系统参数和状态文件的初始化文件,每个文件包括在事务之后反映安全系统的状态的参数。 任何状态文件可用于任何系统进程。 状态文件和init文件由备份密钥编码,从而保护长命的秘密。
-
7.发明授权公开(公告)号:US07778417B2
公开(公告)日:2010-08-17
申请号:US11130546
申请日:2005-05-17
IPC分类号: H04N7/167
CPC分类号: H04L9/083 , G06F21/10 , G06F2221/0706 , H04L9/0822 , H04L2209/60
摘要: The present invention provides a means for managing title keys by establishing logical partitions of title keys encrypted with the same binding information. The invention supports delayed and background processing of title keys when binding information changes. This invention supports proper accounting for devices required to recover rebinding processing when devices fail or go offline unexpectedly during processing. The invention uses binding context which represents a set of data that can be used to determine if the binding information used to encrypt a set of title keys is outdated and allow for rebinding to the current cluster binding information level.
摘要翻译: 本发明提供了一种用于通过建立用相同绑定信息加密的标题密钥的逻辑分区来管理标题密钥的装置。 当绑定信息变化时,本发明支持标题密钥的延迟和后台处理。 本发明支持在处理期间设备故障或意外脱机时恢复重新绑定处理所需的设备的正确计费。 本发明使用表示可用于确定用于加密一组标题密钥的绑定信息是否过期并允许重新绑定到当前集群绑定信息级别的一组数据的绑定上下文。
-
公开(公告)号:US07921454B2
公开(公告)日:2011-04-05
申请号:US11876416
申请日:2007-10-22
IPC分类号: H04L29/00
摘要: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.
摘要翻译: 公开了一种用于保护分配给用户的密码的系统和方法,所述方法包括:提供具有虚拟键盘的密码输入屏幕,所述虚拟键盘包括以非QWERTY格式布置的多个字符键; 如果访问密码输入屏幕的用户提交的密码与从密码数据库检索的用户密码匹配,则认证用户; 如果提交的密码与检索到的用户密码不符,则拒绝对用户的访问。 该系统包括用于执行该方法的存储模块和计算机程序。
-
公开(公告)号:US20090323970A1
公开(公告)日:2009-12-31
申请号:US12133658
申请日:2008-06-05
CPC分类号: H04L9/0891 , G06F21/602 , H04L9/085 , H04L2209/60
摘要: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
摘要翻译: 用于保护安全系统中的数据的系统生成并编码用于编码长寿命秘密的备份密钥。 系统生成分配计划,用于根据地理和组织多样性将所编码备份密钥的加密分裂分发给选定的人员。 分配计划指定要生成的密码分割数M,以及恢复备份密钥所需的密码分割数N。 系统过程利用包括系统参数和状态文件的初始化文件,每个文件包括在事务之后反映安全系统的状态的参数。 任何状态文件可用于任何系统进程。 状态文件和init文件由备份密钥编码,从而保护长命的秘密。
-
公开(公告)号:US20090106827A1
公开(公告)日:2009-04-23
申请号:US12133776
申请日:2008-06-05
IPC分类号: H04L9/32
摘要: A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.012 秒)