利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

25 条记录 (耗时 0.013 秒)

    Method of producing a response
    1.
    发明授权
    Method of producing a response 有权
    产生回应的方法

    公开(公告)号:US07107616B2

    公开(公告)日:2006-09-12

    申请号:US10047193

    申请日:2002-01-15

    申请人: Lauri Paatero

    发明人: Lauri Paatero

    IPC分类号: H04L9/32

    CPC分类号: H04L9/3271 G06Q20/367 G06Q20/3674 G06Q20/3829 G06Q20/4012

    摘要: The present invention relates to a device (1) comprising an input for receiving an input; calculation means (P) for producing a response (OUTPUT) in response to the input (INPUT) and a secret key (A) by utilizing a first predetermined function (f), and an output (3) for feeding said response (OUTPUT) further. In order for an attacker not be able to find out the secret key, the device further comprises a memory (M) in which the key-specific number (RND) is stored, and means for retrieving the key-specific number (RND) from the memory (M) and for feeding it to the calculation means (P′) for carrying out predetermined calculation operations (f2) on the basis of the key-specific number (RND) when producing said response (OUTPUT).

    摘要翻译: 本发明涉及一种装置(1),包括用于接收输入的输入端; 用于通过利用第一预定功能(f)产生响应于输入(INPUT)和秘密密钥(A)的响应(OUTPUT)的计算装置(P)和用于馈送所述响应(OUTPUT)的输出(3) 进一步。 为了使攻击者不能找到秘密密钥,该设备还包括其中存储密钥特定号码(RND)的存储器(M),以及用于从密钥特定号码(RND)中检索密钥特定号码 存储器(M),并且用于在产生所述响应(OUTPUT)时将其馈送到计算装置(P'),用于基于密钥特定号码(RND)执行预定的计算操作(f 2)。

    Revoking a permission for a program
    2.
    发明申请
    Revoking a permission for a program 审中-公开
    撤销程序的权限

    公开(公告)号:US20060137007A1

    公开(公告)日:2006-06-22

    申请号:US11015099

    申请日:2004-12-16

    申请人: Lauri Paatero Antti Hayrynen Liiisa Peltonen Vesa Tervo

    发明人: Lauri Paatero Antti Hayrynen Liiisa Peltonen Vesa Tervo

    IPC分类号: G06F12/14

    CPC分类号: G06F21/629

    摘要: A device and a method for revoking a permission of an access controlled program are provided. The method includes executing an access controlled program by a processor at a device, determining if a permission of the access controlled program at the device needs to be revoked, and requesting a new permission for the access controlled program at the device if the permission is determined to need revocation. For example, revocation of the permission may result when a specified time interval has elapsed during execution of the access controlled program. As another example, revocation of the permission may result when the number of access control program instructions executed by a processor exceeds a predetermined use threshold. The access controlled program may be a Mobile Information Device Profile program also known as a MIDlet.

    摘要翻译: 提供了一种用于撤销访问控制程序的许可的装置和方法。 该方法包括由设备处理器执行访问控制的程序,确定是否需要撤消在设备处的访问控制程序的许可,如果确定了许可,则请求在设备处的访问受控程序的新许可 需要撤销。 例如,当在访问控制程序的执行期间经过指定的时间间隔时,可能会导致许可的撤销。 作为另一示例,当由处理器执行的访问控制程序指令的数量超过预定使用阈值时,可能导致许可的撤销。 访问控制程序可以是也称为MIDlet的移动信息设备简档程序。

    Secure execution architecture
    3.
    发明申请
    Secure execution architecture 有权
    安全执行架构

    公开(公告)号:US20050033969A1

    公开(公告)日:2005-02-10

    申请号:US10634734

    申请日:2003-08-04

    申请人: Antti Kiiveri Lauri Paatero

    发明人: Antti Kiiveri Lauri Paatero

    IPC分类号: G06F1/00 G06F9/455 G06F21/57 G06F12/14

    CPC分类号: G06F21/57

    摘要: The present invention relates to circuitry and a method for providing data security, which circuitry contains at least one processor and at least one storage circuit. The invention is based on the idea that circuitry is provided in which a processor is operable in at least two different modes, one first secure operating mode and one second unsecure operating mode. In the secure mode, the processor has access to security related data located in various memories located within the circuitry. The access to these security data and the processing of them need to be restricted, since an intruder with access to security data could manipulate the circuitry. When testing and/or debugging the circuitry, access to security information is not allowed. For this reason, the processor is placed in the unsecure operating mode, in which mode it is no longer given access to the protected data.

    摘要翻译: 本发明涉及用于提供数据安全性的电路和方法,该电路包含至少一个处理器和至少一个存储电路。 本发明基于以下思想:提供电路,其中处理器可以以至少两种不同模式操作,一种第一安全操作模式和一种第二不安全操作模式。 在安全模式中,处理器可以访问位于电路内的各种存储器中的安全相关数据。 需要限制对这些安全数据的访问和处理,因为访问安全数据的入侵者可以操纵电路。 当测试和/或调试电路时,不允许访问安全信息。 因此,处理器处于不安全的操作模式,在哪种模式下,它不再被访问受保护的数据。

    Practical and secure storage encryption
    5.
    发明授权
    Practical and secure storage encryption 有权
    实用和安全的存储加密

    公开(公告)号:US08028164B2

    公开(公告)日:2011-09-27

    申请号:US10804852

    申请日:2004-03-19

    申请人: Lauri Paatero

    发明人: Lauri Paatero

    IPC分类号: H04L29/06

    CPC分类号: G06F21/72 G06F21/74

    摘要: The present invention relates to an electronic device (301) in which acceleration of data processing operations is provided, the device comprising a secure execution environment to which access is controlled. A basic idea of the present invention is to provide a device (311) for acceleration of data processing operations (an “accelerator”). In particular, the accelerator is used to accelerate cryptographic data operations such that it performs cryptographic operations on data provided to it via a first logical interface. The cryptographic operations are performed by means of encryption/decryption keys provided to the accelerator via a secure second logical interface which may share a same physical interface (312) with the first logical interface or which may use a distinct physical interface (414) from that of a distinct physical interface (412) used as the first logical interface.

    摘要翻译: 本发明涉及提供数据处理操作加速的电子设备(301),该设备包括对其进行访问控制的安全执行环境。 本发明的基本思想是提供一种用于加速数据处理操作的装置(311)(“加速器”)。 特别地,加速器用于加速加密数据操作,使得其对经由第一逻辑接口提供给它的数据执行加密操作。 加密操作通过经由安全的第二逻辑接口提供给加速器的加密/解密密钥来执行,所述安全第二逻辑接口可以与第一逻辑接口共享相同的物理接口(312),或者可以使用与该第一逻辑接口不同的物理接口(414) 用作第一逻辑接口的不同物理接口(412)。

    Architecture for encrypted application installation
    6.
    发明授权
    Architecture for encrypted application installation 有权
    加密应用程序安装架构

    公开(公告)号:US07930537B2

    公开(公告)日:2011-04-19

    申请号:US10771836

    申请日:2004-02-03

    申请人: Lauri Paatero

    发明人: Lauri Paatero

    IPC分类号: H04L29/06 G06F11/30 G06F12/14 H04K1/00 H04L9/08

    CPC分类号: G06F21/10 G06F2221/2149

    摘要: Methods and systems are arranged to control the decryption of an encrypted application in a device executing the application, the device arranged with a secure environment to which access is strictly controlled by a device processor. The application is divided into an installation part that establishes proper set up of the application and a protected part which is to be executed in the secure environment. An advantage with the invention is that the application provider has the freedom to control the decryption of the application software. Since it is performed in the secure environment, the owner of the device is unable to access the application and thereby copy, read or manipulate it. Moreover, the application provider handles the installation of the encrypted application and the key for decrypting the application, and is thus given the possibility to handle the encryption/decryption schemes and the key management.

    摘要翻译: 方法和系统被布置为控制在执行应用的设备中的加密应用的解密,该设备被布置有安全环境,访问被设备处理器严格控制。 应用程序分为安装部分,建立应用程序的正确设置和要在安全环境中执行的受保护部分。 本发明的优点在于,应用提供者具有控制应用软件解密的自由度。 由于它是在安全环境中执行的,因此设备的所有者无法访问应用程序,从而复制,读取或操作该应用程序。 此外,应用提供者处理加密应用程序的安装和用于解密应用程序的密钥,因此可以处理加密/解密方案和密钥管理。

    Secure mode controlled memory
    7.
    发明申请
    Secure mode controlled memory 有权
    安全模式控制内存

    公开(公告)号:US20050210287A1

    公开(公告)日:2005-09-22

    申请号:US10804855

    申请日:2004-03-19

    申请人: Lauri Paatero

    发明人: Lauri Paatero

    IPC分类号: G06F1/00 G06F21/00 H04L9/32

    CPC分类号: G06F21/14 G06F21/51 G06F21/575 G06F21/72 G06F21/78 G06F21/85 G06F2221/2105

    摘要: The present invention relates to a method of, and a system for, enhancing data security, which data is to be executed in an electronic device (101) comprising a secure execution environment (104) to which access is restricted. A basic idea of the present invention is that, at device boot, data in the form of e.g. program code is copied from permanent memory (112) to temporary memory (110). The integrity of this program code must be verified to ensure that the program code has not been altered during the transmission between the memories. Further, a new secret key is generated in the secure execution environment. This new secret key is used by a device processor (103) to encrypt the program code to be stored in the temporary memory in order to ensure that the program code is kept secret during transmission. The device processor thereafter writes the encrypted program code into the temporary memory.

    摘要翻译: 本发明涉及一种用于增强数据安全性的方法和系统,所述数据安全性将在包括访问被限制的安全执行环境(104)的电子设备(101)中执行。 本发明的基本思想是,在设备启动时,以例如形式的数据。 程序代码从永久存储器(112)复制到临时存储器(110)。 必须验证此程序代码的完整性,以确保在存储器之间的传输期间程序代码未被更改。 此外,在安全执行环境中生成新的秘密密钥。 该新的秘密密钥由设备处理器(103)用来加密要存储在临时存储器中的程序代码,以便确保程序代码在传输期间保密。 然后,设备处理器将加密的程序代码写入临时存储器。

    Key storage administration
    8.
    发明授权
    Key storage administration 有权
    密钥存储管理

    公开(公告)号:US08301911B2

    公开(公告)日:2012-10-30

    申请号:US10887474

    申请日:2004-07-06

    申请人: Lauri Paatero Piotr Cofta

    发明人: Lauri Paatero Piotr Cofta

    IPC分类号: G06F12/14

    CPC分类号: G06F21/78 G06F21/62 G06F21/74 G06F2221/2105

    摘要: The present invention relates to a method and a system for allowing multiple applications to manage their respective data in a device (100, 200) having a secure environment (104, 204, 211) to which access is strictly controlled. The idea of the invention is that a storage area is allocated (301) within the secure environment (104, 204, 211) of a device (100, 200). The storage area is associated (302) with an identity of an application, the associated identity is stored (303) in the secure environment (104, 204, 211) and access to the storage area is controlled (304) by verifying correspondence between the associated identity and the identity of an accessing application. This is advantageous, since it is possible for the accessing application to read, write and modify objects, such as cryptographic keys, intermediate cryptographic calculation results and passwords, in the allocated storage area.

    摘要翻译: 本发明涉及一种用于允许多个应用在具有严格控制访问的安全环境(104,204,211)的设备(100,200)中管理其各自数据的方法和系统。 本发明的思想是在设备(100,200)的安全环境(104,204,211)内分配(301)存储区域。 存储区域与应用程序的身份相关联(302),相关联的身份(303)存储在安全环境(104,204,211)中,并通过验证访问存储区域的方式来控制对存储区域的访问(304) 关联身份和访问应用程序的身份。 这是有利的,因为访问应用可以在所分配的存储区域中读取,写入和修改诸如加密密钥,中间密码计算结果和密码的对象。

    Rollback-Resistant Code-Signing
    9.
    发明申请
    Rollback-Resistant Code-Signing 审中-公开
    防回卷代码签名

    公开(公告)号:US20080195868A1

    公开(公告)日:2008-08-14

    申请号:US11673722

    申请日:2007-02-12

    申请人: Nadarajah Asokan Lauri Paatero

    发明人: Nadarajah Asokan Lauri Paatero

    IPC分类号: H04L9/00

    CPC分类号: H04L9/3247 G06F21/64 H04L9/3236 H04L2209/80

    摘要: A code signature methodology that allows recovery from incorrectly signed software while preventing rollbacks is described herein. When software is signed, the code signature is based not only on the current version of executable code and information corresponding to the current version of executable code, but also includes a history value based on a previous version of the executable code. Each history value is unknown until each version of the software is validly signed. Thus, the code signature technique allows a signing entity to continue using the same signing key even after recovering from an attack, can be used with and without pre-configured trust roots, and allows a device to upgrade from one version of software to another version of the software while skipping intermediate versions.

    摘要翻译: 这里描述了允许从错误签名的软件恢复而防止回滚的代码签名方法。 当软件签名时,代码签名不仅基于可执行代码的当前版本和对应于当前版本的可执行代码的信息,还包括基于先前版本的可执行代码的历史值。 每个历史值是未知的,直到每个版本的软件被有效签名。 因此,代码签名技术允许签名实体即使在从攻击恢复之后继续使用相同的签名密钥,也可以使用和不使用预先配置的信任根,并允许设备从一个版本的软件升级到另一个版本 的软件,同时跳过中间版本。