-
公开(公告)号:US08990912B2
公开(公告)日:2015-03-24
申请号:US12425805
申请日:2009-04-17
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Thorsten Kramp , Michael Peter Kuyper-Hammond , Michael Charles Osborne , Tamas Visegrady
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Thorsten Kramp , Michael Peter Kuyper-Hammond , Michael Charles Osborne , Tamas Visegrady
摘要: Methods and apparatus are provided for authenticating communications between a user computer and a server via a data communications network. A security device has memory containing security data, and security logic to use the security data to generate an authentication response to an authentication message received from the server in use. An interface device communicates with the security device. The interface device has a receiver for receiving from the user computer an authentication output containing the authentication message sent by the server to the user computer in use, and interface logic adapted to extract the authentication message from the authentication output and to send the authentication message to the security device. Includes a communications interface for connecting to the server via a communications channel bypassing the user computer. Either the security device or interface device sends the authentication response to the server via the communications channel bypassing the user computer.
摘要翻译: 提供了用于通过数据通信网络认证用户计算机和服务器之间的通信的方法和装置。 安全设备具有包含安全数据的存储器,以及安全逻辑,用于使用安全数据来生成对从正在使用的服务器接收的认证消息的认证响应。 接口设备与安全设备通信。 接口装置具有用于从用户计算机接收包含由服务器发送到使用中的用户计算机的认证消息的认证输出,以及适于从认证输出提取认证消息并将认证消息发送到 安全设备。 包括用于通过绕过用户计算机的通信通道连接到服务器的通信接口。 安全设备或接口设备通过绕过用户计算机的通信信道向服务器发送认证响应。
-
公开(公告)号:US20120291105A1
公开(公告)日:2012-11-15
申请号:US13557468
申请日:2012-07-25
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Reto J. Hermann , Frank Hoering , Thorsten Kramp , Michael P. Kuyper-Hammond , Thomas D. Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Reto J. Hermann , Frank Hoering , Thorsten Kramp , Michael P. Kuyper-Hammond , Thomas D. Weigold
IPC分类号: G06F21/00
CPC分类号: H04L63/0823 , G06F21/33 , G06F21/34
摘要: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.
摘要翻译: 用于授权从用户计算机通过数据通信网络请求的远程服务器的操作的授权设备包括被配置为连接到本地用户计算机以便于经由数据通信网络与远程服务器通信的计算机接口,被配置为呈现 信息给用户和控制逻辑。 所述控制逻辑适于使用所述控制逻辑可访问的安全数据,以经由所述本地用户计算机建立用于与所述服务器的加密的端到端通信的相互认证的连接; 从服务器通过连接收集指示通过与服务器的不同连接请求的任何操作的信息,并且需要用户的授权; 并通过用户界面将信息呈现给用户,以提示操作的授权。
-
公开(公告)号:US08302173B2
公开(公告)日:2012-10-30
申请号:US12125247
申请日:2008-05-22
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Thorsten Kramp , Marcus Oestreicher , Michael Osborne , Thomas D. Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Thorsten Kramp , Marcus Oestreicher , Michael Osborne , Thomas D. Weigold
CPC分类号: H04L63/061 , H04L29/06 , H04L63/062
摘要: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.
摘要翻译: 一种向用户设备提供一组接入码的方法,包括在用户设备中存储加密密钥和识别码,以及经由通信网络向服务器发送包含识别码的消息。 在服务器中,对应于存储在用户设备中的密钥存储加密密钥,在从用户设备接收到识别码时分配一组接入码。 基于在消息中接收到的识别码执行查找功能,以从存储中检索密钥。 使用检索到的密钥对访问代码集进行加密以产生加密集。 包含加密集的消息经由网络发送到用户设备。 在用户装置中,使用存储器中的密钥对从服务器接收到的加密集进行解密,并且存储解密的一组访问码以供用户装置的用户使用。
-
公开(公告)号:US20100125729A1
公开(公告)日:2010-05-20
申请号:US12402772
申请日:2009-03-12
申请人: Michael Baentsch , Reto Hermann , Thorsten Kramp , Thomas D. Weigold , Peter Buhler , Thomas Eirich , Tamas Visegrady
发明人: Michael Baentsch , Reto Hermann , Thorsten Kramp , Thomas D. Weigold , Peter Buhler , Thomas Eirich , Tamas Visegrady
CPC分类号: H04L63/0869 , G06Q20/08 , G06Q20/42 , H04L63/0471 , H04L63/0823 , H04L63/0853 , H04L63/166 , H04L67/42 , H04L2463/102
摘要: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.
摘要翻译: 在服务器计算机和客户端计算机之间执行电子交易的系统和方法。 该方法通过网络实现具有加密数据传输和服务器与硬件设备之间的相互认证的通信协议,执行加密服务器响应的解密,将解密的服务器响应从硬件设备转发到客户端计算机,显示解密的服务器 在客户端显示器上的响应,接收从客户端计算机发送到服务器的请求,通过硬件设备解析客户端对预定义交易信息的请求,对客户端请求进行加密和转发,检测到显示预定义的事务信息,转发和加密 如果接收到用户确认,则将包含预定义交易信息的客户端请求发送到服务器,如果没有接收到用户确认,则取消该交易。
-
公开(公告)号:US20090132808A1
公开(公告)日:2009-05-21
申请号:US12274100
申请日:2008-11-19
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Reto Josef Hermann , Thorsten Kramp , Tamas Visegrady , Thomas Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Reto Josef Hermann , Thorsten Kramp , Tamas Visegrady , Thomas Weigold
CPC分类号: H04L63/0869 , G06Q20/08 , G06Q20/42 , H04L63/0471 , H04L63/0823 , H04L63/0853 , H04L63/166 , H04L67/42 , H04L2463/102
摘要: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.
摘要翻译: 在服务器计算机和客户端计算机之间执行电子交易的系统和方法。 该方法通过网络实现具有加密数据传输和服务器与硬件设备之间的相互认证的通信协议,执行加密服务器响应的解密,将解密的服务器响应从硬件设备转发到客户端计算机,显示解密的服务器 在客户端显示器上的响应,接收从客户端计算机发送到服务器的请求,通过硬件设备解析客户端对预定义交易信息的请求,对客户端请求进行加密和转发,检测到显示预定义的事务信息,转发和加密 如果接收到用户确认,则将包含预定义交易信息的客户端请求发送到服务器,如果没有接收到用户确认,则取消该交易。
-
公开(公告)号:US07506175B2
公开(公告)日:2009-03-17
申请号:US09992984
申请日:2001-11-05
申请人: Michael Baentsch , Thomas Eirich , Peter Buhler , Frank Hoering , Marcus Oestreicher , Thomas D. Weigold
发明人: Michael Baentsch , Thomas Eirich , Peter Buhler , Frank Hoering , Marcus Oestreicher , Thomas D. Weigold
IPC分类号: G06F11/30
CPC分类号: G06F9/44589 , G11B20/00086
摘要: A technique for language verification of a Java® card CAP file is provided. The Java® card CAP file is converted from an original Java® code file while conserving its original Java® semantics. The Java® card CAP file is converted into a corresponding converted Java® code file that is semantically identical to the Java® card CAP file. In a language-verification step, the converted Java® code file is then verified if it has been found to comply with a predetermined language specification.
摘要翻译: 提供了一种用于Java(R)卡CAP文件的语言验证的技术。 Java(R)卡CAP文件从原始的Java(R)代码文件转换,同时保留其原始的Java(R)语义。 Java(R)卡CAP文件被转换成与Java(R)卡CAP文件在语义上相同的相应转换的Java(R)代码文件。 在语言验证步骤中,如果已经发现符合预定语言规范,则转换的Java(R)代码文件被验证。
-
公开(公告)号:US20080250244A1
公开(公告)日:2008-10-09
申请号:US12062888
申请日:2008-04-04
IPC分类号: H04L9/00
CPC分类号: H04L9/0827 , H04L9/088 , H04L63/0435 , H04L63/062 , H04L63/18 , H04L2209/08 , H04L2209/56 , H04L2209/80
摘要: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.
摘要翻译: 本发明涉及一种从凭证发行者向证书用户分发一组凭证的方法。 证书用户被提供有用户设备。 第一通道和第二通道被提供用于用户设备和证书发行者之间的通信。 共享密钥通过第二信道在用户设备和证书颁发者之间分配。 生成具有预定的与均匀分布的最大偏差水平的凭证集合的二进制表示。 该凭证集的二进制表示通过共享密钥进行加密。 加密的证书集合经由第一信道从证书颁发者分发到用户设备。 加密的凭证集合由用户设备通过共享密钥解密。
-
公开(公告)号:US20080222427A1
公开(公告)日:2008-09-11
申请号:US12114024
申请日:2008-05-02
申请人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Marcus Oestreicher , Thomas D. Weigold
发明人: Michael Baentsch , Peter Buhler , Thomas Eirich , Frank Hoering , Marcus Oestreicher , Thomas D. Weigold
IPC分类号: H04L9/00
CPC分类号: H04L63/04 , G06F21/76 , H04L9/003 , H04L9/0625 , H04L2209/12
摘要: The invention is directed to a data-processing system comprising a processor and first encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. In the second persistent memory is stored a first cryptographic key for decrypting the first encrypted information, thereby generating therefrom first unencrypted information that is usable by the processor for executing an operation. The same cryptographic key may also be used for encrypting the first unencrypted information, thereby generating the first encrypted information. It is also directed to a method of processing such a data-processing system with an operating system, comprising a writing step for writing first unencrypted information into the first persistent memory, an encryption step for encrypting the first unencrypted information under use of the first cryptographic key, creating therefrom first encrypted information in the first persistent memory, and an access-limitation step for setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system. It also relates to a method of executing an operation on such a data-processing system comprising a decryption step for decrypting the first encrypted information under use of the first cryptographic key, thereby generating therefrom first unencrypted information and an execution step for executing an operation by the processor, using the first unencrypted information.
摘要翻译: 本发明涉及一种数据处理系统,包括处理器和第一持久存储器中的第一加密信息,其信息泄漏级别高于第二持久存储器。 在第二持久存储器中存储用于解密第一加密信息的第一密码密钥,由此产生处理器可用于执行操作的第一未加密信息。 相同的加密密钥也可以用于加密第一未加密信息,从而生成第一加密信息。 还涉及一种使用操作系统处理这种数据处理系统的方法,包括用于将第一未加密信息写入到第一持久存储器中的写入步骤,用于在使用第一密码的情况下加密第一未加密信息的加密步骤 密钥,从第一永久存储器中创建第一加密信息,以及访问限制步骤,用于将数据处理系统设置为由操作系统控制对第一永久存储器的写入的状态。 它还涉及对这种数据处理系统执行操作的方法,包括解密步骤,用于在使用第一加密密钥的情况下对第一加密信息进行解密,由此产生第一未加密信息,以及执行步骤,用于执行操作, 处理器,使用第一个未加密的信息。
-
9.发明授权Method and device for loading instruction codes to a memory and linking said instruction codes 有权用于将指令代码加载到存储器并链接所述指令代码的方法和装置公开(公告)号:US06496910B1
公开(公告)日:2002-12-17
申请号:US09326175
申请日:1999-06-04
IPC分类号: G06F1200
CPC分类号: G07F7/1008 , G06F9/44521 , G06Q20/341 , G06Q20/3552 , G07F7/084
摘要: A method for loading instruction codes to a first memory and linking said instruction codes is proposed, whereby at least one instruction code has as parameter an address which during a loading step is not determined. This address-parametered instruction code has assigned thereto an address place. A relocation information is loaded which during a linking step effects that the address becomes determined using a starting address and a relative address offset. The then determined address is put at the address place. During the loading step, directly after loading each address-parametered instruction code with its address place, the relocation information is loaded and the address is determined in the linking step.
摘要翻译: 提出了一种用于将指令代码加载到第一存储器并链接所述指令代码的方法,由此至少一个指令代码具有在加载步骤期间未被确定的地址的参数。 该地址参数指令码已经分配给地址位置。 加载重定位信息,在链接步骤期间,使用起始地址和相对地址偏移确定地址变为确定。 然后将确定的地址放在地址位置。 在加载步骤期间,在将每个地址参数指令代码加载到其地址之后,直接加载重定位信息,并在链接步骤中确定地址。
-
公开(公告)号:US20100017459A1
公开(公告)日:2010-01-21
申请号:US12145966
申请日:2008-06-25
IPC分类号: G06F15/16
CPC分类号: G06F21/51 , G06F8/658 , G06F21/105 , G06F21/12 , G06F2221/033 , G06F2221/2107 , Y10S707/99953
摘要: The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.
摘要翻译: 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码,该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合,以生成第二签名代码片段。 为此,第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.032 秒)