-
公开(公告)号:US20060015751A1
公开(公告)日:2006-01-19
申请号:US10891699
申请日:2004-07-14
IPC分类号: G06F12/14
CPC分类号: G06F21/73
摘要: Secure storage and retrieval of a unique value associated with a device to/from a memory of a processing system. In at least one embodiment, the device needs to be able to access the unique value across processing system resets, and the device does not have sufficient non-volatile storage to store the unique value itself. Instead, the unique value is stored in the processing system memory in such a way that the stored unique value does not create a unique identifier for the processing system or the device. A pseudo-randomly or randomly generated initialization vector may be used to vary an encrypted data structure used to store the unique value in the memory.
-
2.发明申请Method of delivering direct proof private keys to devices using a distribution CD 有权使用分发CD向设备提供直接验证私钥的方法公开(公告)号:US20060013399A1
公开(公告)日:2006-01-19
申请号:US10892265
申请日:2004-07-14
申请人: Ernie Brickell , James Sutton , Clifford Hall , David Grawrock
发明人: Ernie Brickell , James Sutton , Clifford Hall , David Grawrock
IPC分类号: H04L9/00
CPC分类号: H04L63/062 , G06F21/57 , G06F21/73 , H04L9/0841 , H04L63/0853 , H04L2209/125
摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting-encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.
摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在可移动存储介质(例如CD)上,并分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果不是,系统从可移动存储介质中获得相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构,以获得直接证明私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。
-
3.发明申请Method of delivering Direct Proof private keys to devices using an on-line service 失效使用在线服务将Direct Proof私钥交付给设备的方法公开(公告)号:US20060013402A1
公开(公告)日:2006-01-19
申请号:US10892256
申请日:2004-07-14
申请人: James Sutton , Ernie Brickell , Clifford Hall , David Grawrock
发明人: James Sutton , Ernie Brickell , Clifford Hall , David Grawrock
IPC分类号: H04L9/00
CPC分类号: H04L9/0844 , H04L2209/127
摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.
摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果没有,系统将使用安全协议从受保护的在线服务器获取相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构,以获得直接证明私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。
-
4.发明申请Method of delivering direct proof private keys in signed groups to devices using a distribution CD 失效将使用分发CD的签名组中的直接证明私钥的方法传递给设备公开(公告)号:US20060013400A1
公开(公告)日:2006-01-19
申请号:US10892280
申请日:2004-07-14
申请人: James Sutton , Clifford Hall , Ernie Brickell , David Grawrock
发明人: James Sutton , Clifford Hall , Ernie Brickell , David Grawrock
IPC分类号: H04L9/00
CPC分类号: H04L63/083 , G06F9/4843 , G06F12/1036 , G06F21/57 , G06F21/73 , H04L9/0897 , H04L9/3218 , H04L9/3236 , H04L63/04
摘要: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.
摘要翻译: 在安装在客户端计算机系统中的设备中的签名密钥组中提供直接证明私钥可以以安全的方式实现,而不需要设备中的重要的非易失性存储。 在制造时生成并存储与设备中的组号一起存储唯一的伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构被存储在可移动存储介质(例如CD或DVD)上的签名组密钥(例如,签名组记录)中,并且分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果没有,系统从可移动存储介质中获得加密数据结构的关联签名组记录,并验证签名组记录。 该设备使用从其存储的伪随机值重新生成的对称密钥来解密加密的数据结构,以便当组记录有效时获得Direct Proof私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。
-
公开(公告)号:US20050081065A1
公开(公告)日:2005-04-14
申请号:US10686343
申请日:2003-10-14
申请人: Ernie Brickell , David Grawrock , James Sutton
发明人: Ernie Brickell , David Grawrock , James Sutton
摘要: Managing authorization tokens within a computer system may be accomplished by creating a master owner token indicating full ownership of a resource within the computer system by a management environment, creating at least one delegate owner token for a environment, communicating the delegate owner token to the environment and to the resource, and allowing access to the resource by the environment when the environment presents a valid delegate owner token to the resource. In one embodiment, the resource comprises a trusted platform module (TPM).
摘要翻译: 管理计算机系统中的授权令牌可以通过创建主管理器令牌来实现,该主人拥有者标记由管理环境指示计算机系统内的资源的完全所有权,为环境创建至少一个委托所有者令牌,将委托所有者令牌传达给环境 和资源,并且当环境向资源呈现有效的代理所有者令牌时,允许环境访问资源。 在一个实施例中,资源包括可信平台模块(TPM)。
-
6.发明申请公开(公告)号:US20050135618A1
公开(公告)日:2005-06-23
申请号:US10745424
申请日:2003-12-22
申请人: Adeel Aslam , Alberto Martinez , Ernie Brickell
发明人: Adeel Aslam , Alberto Martinez , Ernie Brickell
CPC分类号: H04N21/44055 , H04N7/1675 , H04N21/23424 , H04N21/23476 , H04N21/26613 , H04N21/44016 , H04N21/4623 , H04N21/835
摘要: Methods and apparatus for mixing encrypted data with unencrypted data are disclosed. A disclosed system receives data from a first media source, such as DVD-Audio content, and encrypts the data from the first media source using a key stream to form an encrypted data stream. The disclosed system may separate the encrypted data stream into a plurality of encrypted data streams and may combine the plurality of encrypted data streams with an unencrypted data stream associated with a second media source to form a mixed data stream. The mixed data stream is formed without decrypting the plurality of encrypted data streams and is transmitted to hardware or a hardware driver.
摘要翻译: 公开了加密数据与未加密数据混合的方法和装置。 所公开的系统从诸如DVD音频内容的第一媒体源接收数据,并且使用密钥流来加密来自第一媒体源的数据以形成加密的数据流。 所公开的系统可以将加密的数据流分离成多个加密数据流,并且可以将多个加密数据流与与第二媒体源相关联的未加密数据流组合以形成混合数据流。 形成混合数据流,而不对多个加密数据流进行解密,并将其传输到硬件或硬件驱动器。
-
公开(公告)号:US20050149722A1
公开(公告)日:2005-07-07
申请号:US10748773
申请日:2003-12-30
申请人: Willard Wiseman , David Grawrock , Ernie Brickell , Matthew Wood , Joseph Cihula
发明人: Willard Wiseman , David Grawrock , Ernie Brickell , Matthew Wood , Joseph Cihula
CPC分类号: H04L63/061 , H04L9/321 , H04L9/3263 , H04L63/067 , H04L63/0823 , H04L2209/127 , H04L2209/56
摘要: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.
摘要翻译: 根据本发明的实施例,描述了用于会话密钥交换的方法和装置。 一种方法的实施例包括请求一个平台的服务; 证明使用该服务的平台的一个或多个可接受的配置; 以及接收所述服务的会话的会话密钥,所述服务被限制为所述平台的所述一个或多个可接受的配置。
-
公开(公告)号:US20060021029A1
公开(公告)日:2006-01-26
申请号:US10881602
申请日:2004-06-29
申请人: Ernie Brickell , Clifford Hall , Joseph Cihula , Richard Uhlig
发明人: Ernie Brickell , Clifford Hall , Joseph Cihula , Richard Uhlig
IPC分类号: G06F11/30
CPC分类号: G06F21/53 , G06F21/51 , G06F21/566 , G06F2221/2145
摘要: Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.
摘要翻译: 可以通过在沙盒虚拟机中执行和访问可疑文件中的至少一个来实现提高处理系统的安全性。
-
9.发明申请Method, apparatus and system for improving security in a virtual machine host 有权用于提高虚拟机主机安全性的方法,装置和系统公开(公告)号:US20060136910A1
公开(公告)日:2006-06-22
申请号:US11016653
申请日:2004-12-17
申请人: Ernie Brickell , Clifford Hall , Joseph Cihula , Richard Uhlig
发明人: Ernie Brickell , Clifford Hall , Joseph Cihula , Richard Uhlig
IPC分类号: G06F9/455
摘要: A method, apparatus and system for improving security on a virtual machines host is described. A shared file system on the host may include annotations usable by a service module to access files across VMs and to enforce security policies. The service module may additionally enable a unified user interface to improve usability of the host.
摘要翻译: 描述了一种用于提高虚拟机主机上的安全性的方法,装置和系统。 主机上的共享文件系统可以包括服务模块可用于访问跨VM的文件并执行安全策略的注释。 服务模块还可以使统一的用户界面提高主机的可用性。
-
公开(公告)号:US09544141B2
公开(公告)日:2017-01-10
申请号:US13996544
申请日:2011-12-29
申请人: Jiangtao Li , Anand Rajan , Roel Maes , Sanu K Mathew , Ram Krishnamurthy , Ernie Brickell
发明人: Jiangtao Li , Anand Rajan , Roel Maes , Sanu K Mathew , Ram Krishnamurthy , Ernie Brickell
CPC分类号: H04L9/0891 , G09C1/00 , H04L9/0822 , H04L9/0861 , H04L9/0866 , H04L9/0894 , H04L2209/12
摘要: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor.
摘要翻译: 本文公开的一些实施例提供了用于向集成电路/处理器供应密钥的技术和布置。 处理器可以包括物理上不可克隆的功能组件,其可以至少基于处理器的至少一个物理特性来生成唯一的硬件密钥。 硬件密钥可用于加密诸如秘密密钥的密钥。 加密密钥可以存储在处理器的存储器中。 可以验证加密的密钥。 可以通过通信地隔离处理器的至少一个组件来保护密钥的完整性。
-
-
-
-
-
-
-
-
-
搜索结果
56 条记录 (耗时 0.025 秒)
