-
公开(公告)号:US20120324218A1
公开(公告)日:2012-12-20
申请号:US13163086
申请日:2011-06-17
CPC分类号: H04L9/0827 , H04L9/0825 , H04L9/083 , H04L9/0891 , H04L9/321
摘要: A unique, strong, shared, symmetric network-wide key (or a limited number of group-wide keys) is generated by a central authority and initially provisioned to nodes in a network, which use it for ensuing traffic encryption. Nodes establish trust by sending each other authentication messages encrypted with the shared secret key, and thereupon adding each other to their respective trust lists. Also, an optional rekeying scheme whereby an existing shared secret key can be replaced by a new secret key that is introduced by the central authority and automatically propagated from node to node through the network.
摘要翻译: 一个独特的,强大的,共享的,对称的全网络密钥(或有限数量的群组密钥)由中央机构生成,并且最初被提供给网络中的节点,其用于随后的流量加密。 节点通过发送用共享秘密密钥加密的彼此认证消息来建立信任,并且随后将它们添加到它们各自的信任列表中。 另外,可选的密钥密钥方案可以由现有的共享秘密密钥替换为由中央管理机构引入并通过网络从节点自动传播的新密钥。
-
公开(公告)号:US20120030459A1
公开(公告)日:2012-02-02
申请号:US12845738
申请日:2010-07-29
申请人: Hal A. Aldridge , Keith R. Thal
发明人: Hal A. Aldridge , Keith R. Thal
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/0485
摘要: A network extension device comprising a CPU, memory, protected I/O connectable to local controls and peripherals, external communications port, a trusted device connected to the CPU such that it can provide attestation of the network extension device's trusted operation to a connected known external network, and a protected interface connected to at least one network extension module that includes a local network communications port. Optionally, a traffic encryption module may be provided, and the trusted device's attestation may include a check of its operation. Also, a method comprising connecting the network extension device to an external network, performing an operating mode check, causing the network extension device to operate in a mode and perform a security check that correspond to the result, causing the trusted device to attest trusted operation to the external network and thereafter causing the CPU to function fully and permitting access to the external network.
摘要翻译: 一种网络扩展设备,包括CPU,存储器,可连接到本地控制和外围设备的受保护I / O,外部通信端口,连接到CPU的可信设备,使得其可以将网络扩展设备的可信操作的认证提供给连接的已知外部 网络以及连接到包括本地网络通信端口的至少一个网络扩展模块的受保护接口。 可选地,可以提供业务加密模块,并且可信设备的认证可以包括其操作的检查。 另外,一种方法包括将网络扩展装置连接到外部网络,执行操作模式检查,使得网络扩展装置以模式运行,并执行与该结果相对应的安全检查,使可信装置证实信任操作 到外部网络,然后使CPU完全运行并允许访问外部网络。
-
公开(公告)号:US08285984B2
公开(公告)日:2012-10-09
申请号:US12845738
申请日:2010-07-29
申请人: Hal A. Aldridge , Keith R. Thal
发明人: Hal A. Aldridge , Keith R. Thal
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/0485
摘要: A network extension device comprising a CPU, memory, protected I/O connectable to local controls and peripherals, external communications port, a trusted device connected to the CPU such that it can provide attestation of the network extension device's trusted operation to a connected known external network, and a protected interface connected to at least one network extension module that includes a local network communications port. Optionally, a traffic encryption module may be provided, and the trusted device's attestation may include a check of its operation. Also, a method comprising connecting the network extension device to an external network, performing an operating mode check, causing the network extension device to operate in a mode and perform a security check that correspond to the result, causing the trusted device to attest trusted operation to the external network and thereafter causing the CPU to function fully and permitting access to the external network.
摘要翻译: 一种网络扩展设备,包括CPU,存储器,可连接到本地控制和外围设备的受保护I / O,外部通信端口,连接到CPU的可信设备,使得其可以将网络扩展设备的可信操作的认证提供给连接的已知外部 网络以及连接到包括本地网络通信端口的至少一个网络扩展模块的受保护接口。 可选地,可以提供业务加密模块,并且可信设备的认证可以包括其操作的检查。 另外,一种方法包括将网络扩展装置连接到外部网络,执行操作模式检查,使得网络扩展装置以模式运行,并执行与该结果相对应的安全检查,使可信装置证实信任操作 到外部网络,然后使CPU完全运行并允许访问外部网络。
-
-
搜索结果
3 条记录 (耗时 0.011 秒)
