公开(公告)号：US11310227B2

公开(公告)日：2022-04-19

申请号：US16804555

申请日：2020-02-28

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L67/60 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33 ,  H04W12/30 ,  H04W12/0431

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US09571472B2

公开(公告)日：2017-02-14

申请号：US14535191

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Denis Alexandrovich Pochuev ,  Yogesh Swami ,  Daniel O'Loughlin

IPC: H04L29/06 ,  H04L9/14 ,  G06F21/57 ,  H04W12/04 ,  H04L12/24

CPC classification number: H04L63/0442 ,  G06F21/57 ,  H04L9/14 ,  H04L41/0806 ,  H04L2209/24 ,  H04W12/04

Abstract: The embodiments described herein describe technologies for a device definition process to establish a unique identity and a root of trust of a cryptographic manager (CM) device, the CM device to be deployed in a CM system. The device definition process can take place in a device definition phase of a manufacturing lifecycle of the CM device. One implementation includes a non-transitory storage medium to store an initialization application that, when executed by a CM device, causes the CM device to perform a device definition process to generate a device definition request to establish the unique identity and the root of trust. In response to the device definition request, the initialization application obtains device identity and device credentials of the CM device and stores the device definition request in storage space of a removable storage device. The initialization application imports a device definition response containing provisioning information generated by a provisioning device of a cryptographic manager system in response to the device definition request.

Abstract translation: 本文描述的实施例描述了用于建立密码管理器（CM）设备的唯一身份和信任根的设备定义过程的技术，CM部署在CM系统中的CM设备。 设备定义过程可以在CM设备的制造生命周期的设备定义阶段中进行。 一种实现方式包括存储初始化应用程序的非暂时性存储介质，所述初始化应用程序在由CM设备执行时使CM设备执行设备定义过程以生成设备定义请求以建立唯一身份和信任根。 响应于设备定义请求，初始化应用获得CM设备的设备身份和设备凭证，并将设备定义请求存储在可移动存储设备的存储空间中。 初始化应用程序响应于设备定义请求导入包含由加密管理器系统的供应设备生成的供应信息的设备定义响应。

公开(公告)号：US09544304B2

公开(公告)日：2017-01-10

申请号：US14535202

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev ,  Ambuj Kumar

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

公开(公告)号：US20150326567A1

公开(公告)日：2015-11-12

申请号：US14535194

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04W12/06

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.

Abstract translation: 本文描述的实施例描述了用于模块管理的技术，包括在加密管理器（CM）环境中的目标设备的制造生命周期的操作阶段中的模块创建和模块部署到目标设备。 一个实现包括根授权（RA）设备，其接收创建模块的命令并执行模块模板以响应于该命令生成模块。 模块部署到设备设备。 当由设备设备执行时，该模块的一组指令导致一系列操作的安全构造，以将数据资产安全地提供给目标设备。 设备设备被配置为将数据资产分发到目标设备的加密管理器（CM）核心。

公开(公告)号：US20150326543A1

公开(公告)日：2015-11-12

申请号：US14535191

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Denis Alexandrovich Pochuev ,  Yogesh Swami ,  Daniel O'Loughlin

IPC: H04L29/06 ,  H04L9/14

CPC classification number: H04L63/0442 ,  G06F21/57 ,  H04L9/14 ,  H04L41/0806 ,  H04L2209/24 ,  H04W12/04

Abstract: The embodiments described herein describe technologies for a device definition process to establish a unique identity and a root of trust of a cryptographic manager (CM) device, the CM device to be deployed in a CM system. The device definition process can take place in a device definition phase of a manufacturing lifecycle of the CM device. One implementation includes a non-transitory storage medium to store an initialization application that, when executed by a CM device, causes the CM device to perform a device definition process to generate a device definition request to establish the unique identity and the root of trust. In response to the device definition request, the initialization application obtains device identity and device credentials of the CM device and stores the device definition request in storage space of a removable storage device. The initialization application imports a device definition response containing provisioning information generated by a provisioning device of a cryptographic manager system in response to the device definition request.

Abstract translation: 本文描述的实施例描述了用于建立密码管理器（CM）设备的唯一身份和信任根的设备定义过程的技术，CM部署在CM系统中的CM设备。 设备定义过程可以在CM设备的制造生命周期的设备定义阶段中进行。 一种实现方式包括存储初始化应用程序的非暂时性存储介质，所述初始化应用程序在由CM设备执行时使CM设备执行设备定义过程以生成设备定义请求以建立唯一身份和信任根。 响应于设备定义请求，初始化应用获得CM设备的设备身份和设备凭证，并将设备定义请求存储在可移动存储设备的存储空间中。 初始化应用程序响应于设备定义请求导入包含由加密管理器系统的供应设备生成的供应信息的设备定义响应。

公开(公告)号：US20150326541A1

公开(公告)日：2015-11-12

申请号：US14535202

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev ,  Ambuj Kumar

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

Abstract translation: 这里描述的实施例描述了在诸如预先计算（PCD）资产的数据资产的消费和供应中使用的票务系统的技术。 票可以是数字文件或数据，其能够执行使用计数限制和唯一性发放矿石连续发放目标设备参数。 实施时包括通过网络从服务设备接收模块和故障单的密码管理器（CM）系统的电器设备。 该模块是在目标设备的制造生命周期的操作阶段中将数据资产安全地提供给目标设备的应用程序。 该票是允许电器设备执行模块的数字数据。 电器设备验证机票以执行模块。 该模块在执行时会导致一系列操作的安全构造，以将数据资产安全地提供给目标设备。

公开(公告)号：US20220329587A1

公开(公告)日：2022-10-13

申请号：US17722226

申请日：2022-04-15

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L9/40 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33 ,  H04W12/30 ,  H04W12/0431 ,  H04L67/60

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US20200267142A1

公开(公告)日：2020-08-20

申请号：US16804555

申请日：2020-02-28

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/00 ,  G06F21/33 ,  G06F21/73 ,  G06F21/72 ,  G06F21/62 ,  G06F21/60 ,  H04W12/06 ,  H04L29/08

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US10581838B2

公开(公告)日：2020-03-03

申请号：US16004715

申请日：2018-06-11

Applicant: Cryptography Research, Inc.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

公开(公告)号：US10015164B2

公开(公告)日：2018-07-03

申请号：US14535194

申请日：2014-11-06

Applicant: CRYPTOGRAPHY RESEARCH, INC.

Inventor： Michael Hamburg ,  Benjamin Che-Ming Jun ,  Paul C. Kocher ,  Daniel O'Loughlin ,  Denis Alexandrovich Pochuev

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/72 ,  G06F21/73 ,  G06F21/33

CPC classification number: H04L63/0853 ,  G06F21/335 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/72 ,  G06F21/73 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2145 ,  G06F2221/2149 ,  G06F2221/2153 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/123 ,  H04L67/32 ,  H04W12/0023 ,  H04W12/04031 ,  H04W12/06

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.