-
公开(公告)号:US20050198536A1
公开(公告)日:2005-09-08
申请号:US11122893
申请日:2005-05-04
申请人: Ernie Brickell , Wesley Deklotz
发明人: Ernie Brickell , Wesley Deklotz
CPC分类号: G06Q10/10 , G06Q20/206 , G06Q20/3821 , G06Q20/40 , G06Q30/02
摘要: An credential verification service (CVS) authenticates digital credentials, such as, digital certificates, at the request of online service providers. The CVS stores the authentication results and transaction information in a central activity log. The transaction information can include a size of the transaction, the online service requesting the authentication, an internet protocol (IP) address of a computing device originating the transaction and the goods or services involved in the transaction. The CVS generates an activity report from the activity log that lists the authentication results and the transaction information. A fraud detection module within the CVS analyzes the activity log to identify any unusual patterns in order to identify fraudulent activities or general misuse of the digital credential.
摘要翻译: 凭证验证服务(CVS)可以根据在线服务提供商的要求对数字证书(如数字证书)进行认证。 CVS将认证结果和交易信息存储在中央活动日志中。 交易信息可以包括交易的大小,请求认证的在线服务,发起交易的计算设备的因特网协议(IP)地址以及交易中涉及的商品或服务。 CVS从活动日志生成一个列出身份验证结果和交易信息的活动报告。 CVS中的欺诈检测模块分析活动日志以识别任何不寻常的模式,以识别欺诈活动或普遍滥用数字凭证。
-
公开(公告)号:US09544141B2
公开(公告)日:2017-01-10
申请号:US13996544
申请日:2011-12-29
申请人: Jiangtao Li , Anand Rajan , Roel Maes , Sanu K Mathew , Ram Krishnamurthy , Ernie Brickell
发明人: Jiangtao Li , Anand Rajan , Roel Maes , Sanu K Mathew , Ram Krishnamurthy , Ernie Brickell
CPC分类号: H04L9/0891 , G09C1/00 , H04L9/0822 , H04L9/0861 , H04L9/0866 , H04L9/0894 , H04L2209/12
摘要: Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor.
摘要翻译: 本文公开的一些实施例提供了用于向集成电路/处理器供应密钥的技术和布置。 处理器可以包括物理上不可克隆的功能组件,其可以至少基于处理器的至少一个物理特性来生成唯一的硬件密钥。 硬件密钥可用于加密诸如秘密密钥的密钥。 加密密钥可以存储在处理器的存储器中。 可以验证加密的密钥。 可以通过通信地隔离处理器的至少一个组件来保护密钥的完整性。
-
公开(公告)号:US20110161672A1
公开(公告)日:2011-06-30
申请号:US12655579
申请日:2009-12-31
IPC分类号: H04L9/32 , G06F15/177 , H04L9/00 , G06F21/00
CPC分类号: H04L63/08 , G06F21/57 , H04L9/3249 , H04L63/06 , H04L2209/56
摘要: In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,创建了用于改变硬件配置的安全许可证请求。 安全许可请求被发送到远程位置,并且接收到响应于许可请求从远程位置发送的许可证。 硬件配置根据接收到的许可证而改变。 描述和要求保护其他实施例。
-
公开(公告)号:US20100299479A1
公开(公告)日:2010-11-25
申请号:US12562041
申请日:2009-09-17
申请人: Mark Buxton , Ernie Brickell , Quinn A. Jacobson , Hong Wang , Baiju Patel
发明人: Mark Buxton , Ernie Brickell , Quinn A. Jacobson , Hong Wang , Baiju Patel
IPC分类号: G06F12/08
CPC分类号: G06F12/0842 , G06F9/30047 , G06F12/1458 , G06F21/52 , G06F21/78
摘要: For each memory location in a set of memory locations associated with a thread, setting an indication associated with the memory location to request a signal if data from the memory location is evicted from a cache; and in response to the signal, reloading the set of memory locations into the cache.
摘要翻译: 对于与线程相关联的一组存储器位置中的每个存储器位置,设置与存储器位置相关联的指示,以便如果来自存储器位置的数据被从高速缓存中移出,则请求信号; 并且响应于该信号,将该组存储器位置重新加载到高速缓存中。
-
公开(公告)号:US20090172639A1
公开(公告)日:2009-07-02
申请号:US11965295
申请日:2007-12-27
申请人: Mahesh Natu , Sham Datta , Ernie Brickell
发明人: Mahesh Natu , Sham Datta , Ernie Brickell
IPC分类号: G06F9/44
CPC分类号: G06F21/57
摘要: In some embodiments, the integrity of firmware stored in a non-volatile memory is verified prior to initiation of a firmware reset vector. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,在启动固件复位向量之前验证存储在非易失性存储器中的固件的完整性。 描述和要求保护其他实施例。
-
公开(公告)号:US20080163331A1
公开(公告)日:2008-07-03
申请号:US11618649
申请日:2006-12-29
CPC分类号: G06F21/57
摘要: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.
摘要翻译: 公开了用于重新配置安全系统的装置,方法和系统。 在一个实施例中,装置包括配置存储位置,锁定和锁定超驰逻辑。 配置存储位置是存储信息以配置设备。 该锁是为了防止写入配置存储位置。 锁定覆盖逻辑是允许从子操作模式代码执行的指令覆盖锁定。
-
7.
公开(公告)号:US20070113077A1
公开(公告)日:2007-05-17
申请号:US11622391
申请日:2007-01-11
申请人: Ernie Brickell
发明人: Ernie Brickell
IPC分类号: H04L9/00
CPC分类号: H04L9/3221 , H04L9/3247 , H04L9/3271 , H04L2209/127
摘要: One aspect of an embodiment of the invention provides a method, system, and device to prove to a challenger that a prover device has a signature from a device manufacturer without revealing the signature to the challenger. According to one implementation, a challenger is provided with the result of a one-way function of a secret held by a prover device. An interactive proof is employed, between the prover device and the challenger, to prove to the challenger that the secret used in the one-way function has been signed by a device signature without revealing the secret or the device signature or the prover device's identity to the challenger.
摘要翻译: 本发明的实施例的一个方面提供了一种方法,系统和设备,用于向挑战者证明证明者设备具有来自设备制造商的签名,而不向挑战者显示签名。 根据一个实施方案,挑战者被提供了由证明者设备保存的秘密的单向功能的结果。 在证明者设备和挑战者之间采用交互式证明,向挑战者证明,单向功能中使用的秘密已经通过设备签名签名,而不会泄露秘密或设备签名或证明者设备的身份 挑战者。
-
8.
公开(公告)号:US20060239461A1
公开(公告)日:2006-10-26
申请号:US11112817
申请日:2005-04-21
申请人: Ernie Brickell , Rachael Parker
发明人: Ernie Brickell , Rachael Parker
IPC分类号: H04L9/00
CPC分类号: H04L9/0662 , H04L9/0869
摘要: A method and system for creating random cryptographic keys in hardware is described. One or more bits are generated via one or more random bit circuits. Each random bit circuit includes a sensing device coupled to a first device and a second device to compare the first device against the second device and to generate a random bit from a random state value. The generated bits from the random bit circuits are read, and a cryptographic key may then be computed based on the generated bits.
摘要翻译: 描述了一种用于在硬件中创建随机加密密钥的方法和系统。 经由一个或多个随机位电路产生一个或多个位。 每个随机位电路包括耦合到第一设备的感测设备和用于将第一设备与第二设备进行比较并从随机状态值生成随机位的第二设备。 读取来自随机位电路的生成位,然后可以基于所生成的位来计算加密密钥。
-
公开(公告)号:US20060218649A1
公开(公告)日:2006-09-28
申请号:US11088548
申请日:2005-03-22
申请人: Ernie Brickell , Matthew Wood
发明人: Ernie Brickell , Matthew Wood
IPC分类号: H04L9/32
CPC分类号: G06F21/572 , G06F21/73 , G06F21/79 , H04L9/0894
摘要: Providing conditional access to a unique device identifier (ID) stored in a device in a processing system may be accomplished by determining if a platform state (such as firmware and/or data) is present in a non-volatile storage of the processing system; when the platform state is not present, loading the device ID into a volatile storage of the processing system, receiving a request from an external entity to obtain the device ID, sending the device ID to the external entity, and rejecting all subsequent requests to obtain the device ID; and when the platform state is present, rejecting all requests to obtain the device ID.
摘要翻译: 对存储在处理系统中的设备中的唯一设备标识符(ID)提供条件访问可以通过确定处理系统的非易失性存储器中是否存在平台状态(诸如固件和/或数据)来实现; 当不存在平台状态时,将设备ID加载到处理系统的易失性存储器中,接收来自外部实体的请求以获得设备ID,将设备ID发送到外部实体,并拒绝所有后续请求以获得 设备ID; 并且当平台状态存在时,拒绝获得设备ID的所有请求。
-
公开(公告)号:US20060021029A1
公开(公告)日:2006-01-26
申请号:US10881602
申请日:2004-06-29
申请人: Ernie Brickell , Clifford Hall , Joseph Cihula , Richard Uhlig
发明人: Ernie Brickell , Clifford Hall , Joseph Cihula , Richard Uhlig
IPC分类号: G06F11/30
CPC分类号: G06F21/53 , G06F21/51 , G06F21/566 , G06F2221/2145
摘要: Improving security of a processing system may be accomplished by at least one of executing and accessing a suspect file in a sandbox virtual machine.
摘要翻译: 可以通过在沙盒虚拟机中执行和访问可疑文件中的至少一个来实现提高处理系统的安全性。
-
-
-
-
-
-
-
-
-