公开(公告)号：US20100146275A1

公开(公告)日：2010-06-10

申请号：US12331287

申请日：2008-12-09

Applicant: Royce Slick ,  Don Matsubayashi ,  Kevin Piazza ,  Dariusz Dusberger ,  Neil Iwamoto

Inventor： Royce Slick ,  Don Matsubayashi ,  Kevin Piazza ,  Dariusz Dusberger ,  Neil Iwamoto

IPC: H04L9/32

CPC classification number: H04L9/3271 ,  H04L9/3215 ,  H04L9/3234 ,  H04L63/08 ,  H04L63/166

Abstract: The authentication of a device with a server over a network includes authenticating, by the device, the server so as to establish a secure connection with the server. The device communicates identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device, stores the first authentication token, and transfers the first authentication token to the device using the secure connection, and the device stores the first authentication token. The server authenticates the device using the first authentication token.

Abstract translation: 通过网络对具有服务器的设备的认证包括由设备验证服务器以便建立与服务器的安全连接。 设备将设备的标识信息传送到服务器，其中标识信息将设备唯一地标识给服务器。 服务器使用由设备传送的识别信息来确定设备的可信度。 在服务器确定设备是可信的情况下，服务器为设备创建第一认证令牌，存储第一认证令牌，并使用安全连接将第一认证令牌传送到设备，并且设备存储第一认证令牌 认证令牌。 服务器使用第一个身份验证令牌对设备进行身份验证。

公开(公告)号：US20050289344A1

公开(公告)日：2005-12-29

申请号：US10875240

申请日：2004-06-25

Applicant: Royce Slick ,  Neil Iwamoto ,  Martin Martinez

Inventor： Royce Slick ,  Neil Iwamoto ,  Martin Martinez

IPC: H04L29/06 ,  H04L9/00

CPC classification number: H04L63/1466 ,  G06F21/608 ,  H04L63/126 ,  H04L63/166

Abstract: Security against replay of a message by generating a list of unique message enabling codes (TATs) in a first device and storing the list in a second device. A message generated in the first device, which includes at least one of the unique message enabling codes from the list, is transmitted to the second device. The unique message enabling code of the received message is compared with the list stored in the second device to determine whether or not to enable processing of the message by the second device. If the unique message enabling code received with the message is included in the stored list, processing of the message is enabled and, the corresponding unique message enabling code is deleted from the stored list. If the unique message enabling code received with the message is not included in the stored list, processing of the message is rejected.

Abstract translation: 通过在第一设备中生成唯一消息启用代码（TAT）的列表并将列表存储在第二设备中来保护消息的重放。 在第一设备中生成的包括来自列表的唯一消息启用代码中的至少一个的消息被发送到第二设备。 将接收到的消息的启用代码的唯一消息与存储在第二设备中的列表进行比较，以确定是否允许由第二设备处理消息。 如果使用消息接收到的唯一消息使能码被包括在存储的列表中，则消息的处理被启用，并且从存储的列表中删除相应的唯一消息使能码。 如果使用消息接收的唯一消息使能码不包括在存储的列表中，则消息的处理被拒绝。

公开(公告)号：US08447977B2

公开(公告)日：2013-05-21

申请号：US12331287

申请日：2008-12-09

Applicant: Royce Slick ,  Don Matsubayashi ,  Kevin Piazza ,  Dariusz Dusberger ,  Neil Iwamoto

Inventor： Royce Slick ,  Don Matsubayashi ,  Kevin Piazza ,  Dariusz Dusberger ,  Neil Iwamoto

IPC: H04L9/32 ,  G06F7/04 ,  G06F17/30

CPC classification number: H04L9/3271 ,  H04L9/3215 ,  H04L9/3234 ,  H04L63/08 ,  H04L63/166

Abstract: The authentication of a device with a server over a network includes authenticating, by the device, the server so as to establish a secure connection with the server. The device communicates identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device, stores the first authentication token, and transfers the first authentication token to the device using the secure connection, and the device stores the first authentication token. The server authenticates the device using the first authentication token.

Abstract translation: 通过网络对具有服务器的设备的认证包括由设备验证服务器以便建立与服务器的安全连接。 设备将设备的标识信息传送到服务器，其中标识信息将设备唯一地标识给服务器。 服务器使用由设备传送的识别信息来确定设备的可信度。 在服务器确定设备是可信的情况下，服务器为设备创建第一认证令牌，存储第一认证令牌，并且使用安全连接将第一认证令牌传送到设备，并且设备存储第一认证令牌 认证令牌。 服务器使用第一个身份验证令牌对设备进行身份验证。

公开(公告)号：US20070150420A1

公开(公告)日：2007-06-28

申请号：US11314089

申请日：2005-12-22

Applicant: Neil Iwamoto ,  Royce Slick ,  Craig Mazzagatte ,  Martin Martinez

Inventor： Neil Iwamoto ,  Royce Slick ,  Craig Mazzagatte ,  Martin Martinez

IPC: G06Q99/00

CPC classification number: H04L63/0869 ,  G06F21/608 ,  G06Q20/382 ,  G06Q20/3829 ,  H04L9/3234 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/0853

Abstract: The invention provides for installing encryption keys on a device not having any previous security credentials. An installation authority generates a security token to be used by the device for secure communications, and an installation credential for the device, and stores them in association with one another. A user of the device is provided with the installation credential, whereby the user inputs the installation credential into the device. The device utilizes the installation credential as a temporary security key, establishes a secure communication channel with the installation authority and requests provision of the security token. The installation authority provides the security token associated with the installation credential to the device over the established secure communication channel, and the device installs the security token, after which the device erases the installation credential from the device. The installation authority may also certify the security token and provide a certified token and a root verification certificate to the device.

Abstract translation: 本发明提供在不具有任何先前的安全证书的设备上安装加密密钥。 安装权限生成安全令牌以供设备使用以进行安全通信，以及设备的安装凭证，并将它们彼此关联存储。 设备的用户被提供有安装凭证，由此用户将安装凭证输入到设备中。 该设备使用安装凭证作为临时安全密钥，与安装权限建立安全通信通道，并请求提供安全令牌。 安装权限通过建立的安全通信通道向设备提供与安装凭证相关联的安全令牌，并且设备安装安全令牌，之后设备从设备中删除安装凭证。 安装机构还可以证明安全令牌，并向设备提供经认证的令牌和根验证证书。

公开(公告)号：US20050235145A1

公开(公告)日：2005-10-20

申请号：US11146113

申请日：2005-06-07

Applicant: Royce Slick ,  Neil Iwamoto

Inventor： Royce Slick ,  Neil Iwamoto

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/123 ,  H04L9/0631 ,  H04L9/0643 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/045

Abstract: A file format for a secure file for use with a block cipher or a stream cipher, the secure file having a secure client header and a data block appended to the secure client header. The client header has a client information block comprised of a public information block, a private information block and an initialization vector. At least a portion of the private information block is encrypted, and a client information block integrity check value is appended to the client information block, the client information block integrity check value being obtained by performing an integrity check on the client information block. The data block is preferably encrypted and is comprised of a plurality of encrypted data blocks each appended with its own respective integrity check result value. Each of the plurality of data blocks and their respective integrity check result values are obtained by dividing the encrypted data block into n encrypted data blocks, performing an integrity check on a first one of the n encrypted data blocks and the client information integrity check result value appended to the client information block, so as to obtain a first encrypted data block integrity check result value, appending the first encrypted data block integrity check result value to the first encrypted data block, and repeatedly performing, for each of the subsequent n encrypted data blocks, an integrity check on the subsequent encrypted data block and an integrity check result value appended to a previous one of the n encrypted data blocks, so as to obtain an integrity check result value for the subsequent encrypted data block, and appending the subsequent integrity check result value to the subsequent encrypted data block.

Abstract translation: 用于与块密码或流密码一起使用的安全文件的文件格式，该安全文件具有安全的客户头和附加到安全客户头的数据块。 客户头具有由公共信息块，专用信息块和初始化向量构成的客户端信息块。 对私有信息块的至少一部分进行加密，并且将客户信息块完整性检查值附加到客户端信息块，通过对客户端信息块执行完整性检查来获得客户端信息块完整性检查值。 数据块优选地被加密，并且由多个加密的数据块组成，每个加密的数据块都附加有其各自的完整性检查结果值。 通过将加密的数据块划分为n个加密的数据块，对n个加密数据块中的第1个加密的数据块进行完整性检查和客户信息完整性检查结果值，得到多个数据块及其各自的完整性检查结果值中的每一个 附加到客户端信息块，以获得第一加密数据块完整性检查结果值，将第一加密数据块完整性检查结果值附加到第一加密数据块，并且对于后续的n个加密数据中的每一个重复执行 块，对后续加密数据块的完整性检查和附加到n个加密数据块中的先前加密数据块的完整性检查结果值，以便获得后续加密数据块的完整性检查结果值，并附加后续完整性 检查结果值到后续的加密数据块。