-
公开(公告)号:US20080075284A1
公开(公告)日:2008-03-27
申请号:US11923635
申请日:2007-10-24
申请人: Carl Ellison , C. Brendan Traw , Michael Ripley , Gary Graunke
发明人: Carl Ellison , C. Brendan Traw , Michael Ripley , Gary Graunke
CPC分类号: G11B20/0021 , G11B20/00086 , G11B20/00188 , G11B20/00224 , G11B20/00253 , G11B20/00362 , G11B20/00492 , G11B20/00528 , H04L9/0825 , H04L9/0897 , H04L2209/60
摘要: Protected content distribution is accomplished by a first entity generating a set of asymmetric key pairs, creating a plurality of sets of private keys by selecting a combination of private keys from the set of asymmetric key pairs for each created set, and distributing the sets of private keys to playback devices. A second entity produces protected content including encrypted content and a public key media key block, encrypts a symmetric content key with each public key in the set of asymmetric key pairs to form the public key media key block and encrypts a content title with the symmetric content key to form the encrypted content. A playback device stores one set of private keys, receives the protected content, and decrypts and plays the content title stored in the protected content when a selected one of the set of private keys stored by the playback device successfully decrypts the encrypted symmetric content key stored in the public key media key block of the received protected content.
摘要翻译: 受保护的内容分发由生成一组非对称密钥对的第一实体完成,通过从每个创建的集合的非对称密钥对集合中选择私钥的组合来创建多组私钥,并且分发私有密钥集合 播放设备的键。 第二实体产生包括加密内容和公共密钥媒体密钥块的受保护内容,使用非对称密钥对集合中的每个公开密钥对对称内容密钥进行加密,以形成公共密钥媒体密钥块,并加密具有对称内容的内容标题 密钥来形成加密的内容。 回放设备存储一组专用密钥,接收受保护的内容,并且当由重放设备存储的一组专用密钥中的所选择的一个成功地解密存储的加密的对称内容密钥时,解密并播放存储在受保护内容中的内容标题 在接收到的受保护内容的公钥媒体密钥块中。
-
公开(公告)号:US20070220134A1
公开(公告)日:2007-09-20
申请号:US11276798
申请日:2006-03-15
申请人: Kim Cameron , Arun Nanda , Christian Huitema , Carl Ellison
发明人: Kim Cameron , Arun Nanda , Christian Huitema , Carl Ellison
IPC分类号: G06F15/173
CPC分类号: H04L63/1441 , G06F21/31 , G06F2221/2119 , H04L63/126 , H04L63/1483 , H04L67/02
摘要: A computer system is configured to verify a connection to a web site. The computer system includes a user interface programmed to receive a uniform resource locator and a call sign associated with the web site. The computer system also includes a validator module programmed to calculate a hash value based on the uniform resource locator, a public key associated with the web site, and a salt, and the validator being programmed to compare the hash value to the call sign to verify the connection to the web site.
摘要翻译: 计算机系统被配置为验证到网站的连接。 计算机系统包括被编程为接收统一资源定位符的用户界面和与该网站相关联的呼号。 该计算机系统还包括一个验证器模块,该验证器模块被编程为基于统一资源定位器计算散列值,与该网站相关联的公共密钥和一个盐,并且该验证器被编程为将散列值与呼号进行比较以验证 与网站的连接。
-
公开(公告)号:US20070101010A1
公开(公告)日:2007-05-03
申请号:US11264369
申请日:2005-11-01
申请人: Carl Ellison , Elissa Murphy
发明人: Carl Ellison , Elissa Murphy
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: H04L63/08 , G06F21/36 , G06F2221/2103 , H04L51/12 , H04L51/14
摘要: A method and system for authenticating that a user responding to a HIP challenge is the user that was issued the challenge is provided. Upon receiving information from a sender purporting to be a particular user, the authentication system generates a HIP challenge requesting information based on the user's identity. Upon receiving a response to the challenge, the authentication system compares the response with the correct response previously stored for that user. If the two responses match, the authentication system identifies the user as the true source of the information.
摘要翻译: 用于认证响应HIP挑战的用户被提供给发出挑战的用户的方法和系统。 一旦接收到来自发送者是特定用户的信息,认证系统根据用户的身份生成请求信息的HIP质询。 在接收到对挑战的响应时,认证系统将响应与先前为该用户存储的正确响应进行比较。 如果两个响应匹配,则认证系统将该用户识别为该信息的真实来源。
-
公开(公告)号:US20060200680A1
公开(公告)日:2006-09-07
申请号:US09672602
申请日:2001-02-26
申请人: Carl Ellison , Roger Golliver , Howard Herbert , Derrick Lin , Francis McKeen , Gilbert Neiger , Ken Reneris , James Sutton , Shreekant Thakkar , Millind Mittal
发明人: Carl Ellison , Roger Golliver , Howard Herbert , Derrick Lin , Francis McKeen , Gilbert Neiger , Ken Reneris , James Sutton , Shreekant Thakkar , Millind Mittal
IPC分类号: G06F12/14
CPC分类号: G06F12/1491 , G06F21/57 , G06F2221/2105
摘要: In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.
摘要翻译: 在本发明的实施例中,提供了用于远程证明的技术。 接口将设备通过总线映射到安全环境中的芯片组的地址空间,用于隔离执行模式。 安全环境与由至少一个处理器可访问的隔离存储器区域相关联。 所述至少一个处理器以正常执行模式和隔离执行模式之一进行操作。 对应于地址空间的通信存储器允许设备在远程证明中以隔离执行模式与至少一个处理器交换安全信息。
-
公开(公告)号:US20060015719A1
公开(公告)日:2006-01-19
申请号:US11203538
申请日:2005-08-12
申请人: Howard Herbert , David Grawrock , Carl Ellison , Roger Golliver , Derrick Lin , Francis McKeen , Gilbert Neiger , Ken Reneris , James Sutton , Shreekant Thakkar , Millind Mittal
发明人: Howard Herbert , David Grawrock , Carl Ellison , Roger Golliver , Derrick Lin , Francis McKeen , Gilbert Neiger , Ken Reneris , James Sutton , Shreekant Thakkar , Millind Mittal
IPC分类号: H04L9/00
CPC分类号: G06F21/305 , G06F9/30189 , G06F12/1491 , G06F21/35 , G06F21/53 , G06F21/57 , G06F21/575 , G06F21/64 , G06F21/74 , G06F2221/2101 , G06F2221/2103 , G06F2221/2105 , G06F2221/2149
摘要: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.
-
公开(公告)号:US20060206943A1
公开(公告)日:2006-09-14
申请号:US11386269
申请日:2006-03-21
申请人: Carl Ellison , Roger Golliver , Howard Herbert , Derrick Lin , Francis McKeen , Gilbert Neiger , Ken Reneris , James Sutton , Shreekant Thakkar , Millind Mittal
发明人: Carl Ellison , Roger Golliver , Howard Herbert , Derrick Lin , Francis McKeen , Gilbert Neiger , Ken Reneris , James Sutton , Shreekant Thakkar , Millind Mittal
IPC分类号: H04N7/16
CPC分类号: G06F21/53 , G06F9/468 , G06F21/562 , G06F21/57 , G06F21/74 , G06F2221/2105
摘要: A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.
摘要翻译: 处理系统具有处理器,该处理器可以在正常环0操作模式和高于正常环0操作模式的一个或多个较高环操作模式下操作。 此外,处理器可以在隔离的执行模式下操作。 处理系统中的存储器可以包括可以从正常环0操作模式访问的普通存储器区域以及可以从隔离执行模式而不是从正常环0操作模式访问的隔离存储器区域。 处理系统还可以包括操作系统(OS)nub以及密钥生成器。 密钥生成器可以至少部分地基于OS nub的标识和平台的主绑定密钥(BK 0)来生成OS nub密钥(OSNK)。 描述和要求保护其他实施例。
-
公开(公告)号:US20060080528A1
公开(公告)日:2006-04-13
申请号:US11289747
申请日:2005-11-29
申请人: Carl Ellison , James Sutton
发明人: Carl Ellison , James Sutton
IPC分类号: H04L9/00
CPC分类号: H04L9/3265 , H04L9/3271 , H04L2209/42
摘要: In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.
-
公开(公告)号:US20050076217A1
公开(公告)日:2005-04-07
申请号:US10678745
申请日:2003-10-03
申请人: Christopher Lord , Carl Ellison , David Bowler
发明人: Christopher Lord , Carl Ellison , David Bowler
CPC分类号: H04L63/061 , H04L9/3236 , H04L9/3247 , H04L63/0869 , H04L63/126
摘要: A method of integrating a device into a secure network. The method includes establishing a tunnel between an authenticator, which has a first public key and a first secret, and a device, which has a second secret and a second public key. The method also includes hashing the first secret at the authenticator using the first public key, the second public key and a random number generated from the tunnel protocol to produce a hash of the first secret. The method further includes establishing an authenticated session between the device and the authenticator when the hash of the first secret matches a hash of the second secret.
摘要翻译: 将设备集成到安全网络中的方法。 该方法包括在具有第一公钥和第一秘密的认证器和具有第二密钥和第二公钥的设备之间建立隧道。 该方法还包括使用第一公共密钥,第二公钥和从隧道协议生成的随机数来在认证器处散列第一秘密以产生第一秘密的散列。 该方法还包括当第一秘密的散列与第二秘密的散列匹配时,在设备和认证器之间建立认证会话。
-
公开(公告)号:US20050021737A1
公开(公告)日:2005-01-27
申请号:US10690096
申请日:2003-10-21
申请人: Carl Ellison , Maarten Bodlaender , Jarno Guidi
发明人: Carl Ellison , Maarten Bodlaender , Jarno Guidi
IPC分类号: H04L29/06 , H04L29/08 , G06F15/173
CPC分类号: H04L67/22 , H04L69/16 , H04L69/164 , H04L69/329
摘要: A network includes a connected device and a connected client. The device includes a receiver to receive ping messages, a counter to count the ping messages received, and a transmitter to transmit a reply message that includes a ping load value that is responsive to the count value. The client includes a timer to measure a delay time, a transmitter to transmit a ping message to the device after the delay time has elapsed since transmitting a previous ping message to the device, a receiver to receive the reply message, and a controller to adjust the delay time responsive to the device ping load.
摘要翻译: 网络包括连接的设备和连接的客户端。 该设备包括用于接收ping消息的接收器,用于对接收到的ping消息进行计数的计数器,以及发送器,用于发送响应于该计数值的响应消息,该响应消息包括ping负载值。 客户端包括用于测量延迟时间的定时器,发送器在从先前的ping消息发送到设备经过延迟时间之后向设备发送ping消息,接收器接收回复消息,以及控制器调整 响应设备ping负载的延迟时间。
-
公开(公告)号:US20070277242A1
公开(公告)日:2007-11-29
申请号:US11441508
申请日:2006-05-26
IPC分类号: G06F11/00
CPC分类号: H04L63/1441 , G06F21/554 , H04L63/1408
摘要: A system and method for distributed peer attack alerting is disclosed. The method includes accessing a peer community wherein the peer community comprises a plurality of nodes comprising a network and wherein at least one of the plurality of nodes comprises an attack identifier. The method further includes identifying an attack at one of the plurality of nodes. In addition, the method includes transmitting an alert to the plurality of nodes, the alert comprising information associated with the attack and automatically configuring at least one attack identifier associated with one of the plurality of nodes in response to the alert.
摘要翻译: 公开了一种用于分布式对等攻击警报的系统和方法。 该方法包括访问对等社区,其中对等社区包括包括网络的多个节点,并且其中该多个节点中的至少一个包括攻击标识符。 该方法还包括识别多个节点之一上的攻击。 此外,该方法包括向多个节点发送警报,所述警报包括与所述攻击相关联的信息,并且响应于所述警报自动地配置与所述多个节点之一相关联的至少一个攻击标识符。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.022 秒)