-
公开(公告)号:US20110302400A1
公开(公告)日:2011-12-08
申请号:US12795466
申请日:2010-06-07
CPC分类号: G06F21/575 , G06F21/72 , H04L9/0825 , H04L9/0897
摘要: Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.
摘要翻译: 描述了在不受信任的云基础架构中安全地引导和执行虚拟机(VM)映像的技术。 多核处理器可以被配置为附加的硬件组件 - 被称为信任锚。 信任锚可以配置私钥/公钥对,这允许多核CPU将其自身认证为能够在不受信任的云基础设施中安全地引导和执行虚拟机(VM)映像。
-
公开(公告)号:US08856504B2
公开(公告)日:2014-10-07
申请号:US12795466
申请日:2010-06-07
CPC分类号: G06F21/575 , G06F21/72 , H04L9/0825 , H04L9/0897
摘要: Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.
摘要翻译: 描述了在不受信任的云基础架构中安全地引导和执行虚拟机(VM)映像的技术。 多核处理器可以被配置为附加的硬件组件 - 被称为信任锚。 信任锚可以配置私钥/公钥对,这允许多核CPU将其自身认证为能够在不受信任的云基础设施中安全地引导和执行虚拟机(VM)映像。
-
3.发明申请SYSTEM AND METHOD FOR EXECUTING ENCRYPTED BINARIES IN A CRYPTOGRAPHIC PROCESSOR 有权在加工者中执行加密加工的系统和方法公开(公告)号:US20120054499A1
公开(公告)日:2012-03-01
申请号:US12868394
申请日:2010-08-25
申请人: Mark W. Eklund , Jared B. Pendleton , Richard Brian Livingston , Robert T. Bell , Steven Joseph Rich
发明人: Mark W. Eklund , Jared B. Pendleton , Richard Brian Livingston , Robert T. Bell , Steven Joseph Rich
IPC分类号: G06F21/00
摘要: An example method is provided and includes providing an encrypted image to a central processing unit of an integrated circuit and decrypting the encrypted image using a cryptographic key element. The cryptographic key element is embedded within the integrated circuit. The method also includes evaluating the decrypted image in order to verify its authenticity, and executing the decrypted image if the decrypted image is successfully verified. In more particular embodiments, the verification includes utilizing an executable and linkable format (ELF) to signify that encryption has been enabled for at least a portion of the encrypted image. A processor within the integrated circuit can be provided with the cryptographic key element that corresponds to a product family of devices. The method can also include providing a corresponding image of the decrypted image to an external memory of the integrated circuit.
摘要翻译: 提供了一种示例性方法,并且包括将加密图像提供给集成电路的中央处理单元,并使用加密密钥元素解密加密图像。 加密密钥元件嵌入在集成电路中。 该方法还包括评估解密的图像以验证其真实性,并且如果解密的图像被成功验证,则执行解密的图像。 在更具体的实施例中,验证包括利用可执行和可链接的格式(ELF)来表示对加密图像的至少一部分已经启用加密。 集成电路内的处理器可以具有对应于产品系列的装置的加密密钥元件。 该方法还可以包括将解密图像的相应图像提供给集成电路的外部存储器。
-
4.发明授权System and method for executing encrypted binaries in a cryptographic processor 有权在加密处理器中执行加密二进制文件的系统和方法公开(公告)号:US08774407B2
公开(公告)日:2014-07-08
申请号:US12868394
申请日:2010-08-25
申请人: Mark W. Eklund , Jared B. Pendleton , Richard Brian Livingston , Robert T. Bell , Steven Joseph Rich
发明人: Mark W. Eklund , Jared B. Pendleton , Richard Brian Livingston , Robert T. Bell , Steven Joseph Rich
摘要: An example method is provided and includes providing an encrypted image to a central processing unit of an integrated circuit and decrypting the encrypted image using a cryptographic key element. The cryptographic key element is embedded within the integrated circuit. The method also includes evaluating the decrypted image in order to verify its authenticity, and executing the decrypted image if the decrypted image is successfully verified. In more particular embodiments, the verification includes utilizing an executable and linkable format (ELF) to signify that encryption has been enabled for at least a portion of the encrypted image. A processor within the integrated circuit can be provided with the cryptographic key element that corresponds to a product family of devices. The method can also include providing a corresponding image of the decrypted image to an external memory of the integrated circuit.
摘要翻译: 提供了一种示例性方法,并且包括将加密图像提供给集成电路的中央处理单元,并使用加密密钥元素解密加密图像。 加密密钥元件嵌入在集成电路中。 该方法还包括评估解密的图像以验证其真实性,并且如果解密的图像被成功验证,则执行解密的图像。 在更具体的实施例中,验证包括利用可执行和可链接的格式(ELF)来表示对加密图像的至少一部分已经启用加密。 集成电路内的处理器可以具有对应于产品系列的装置的加密密钥元件。 该方法还可以包括将解密图像的相应图像提供给集成电路的外部存储器。
-
公开(公告)号:US09363108B2
公开(公告)日:2016-06-07
申请号:US12133955
申请日:2008-06-05
IPC分类号: H04L12/66
CPC分类号: H04W76/021 , H04L12/66 , H04L63/0823 , H04L63/0853 , H04M3/56 , H04W4/80 , H04W8/005 , H04W8/205 , H04W12/04 , H04W76/11 , H04W76/14 , H04W84/18
摘要: In one embodiment, an apparatus may include a memory and a processor. The processor may be operable to create a wireless connection to a wireless device. The processor may be operable to form a pairing with the wireless device based on a unique identifier of the wireless device. The unique identifier may be received from the wireless device. The unique identifier may identify the wireless device in the pairing. The processor may be operable to receive user data associated with the unique identifier from a database. The processor may be operable to initiate configuration of an IP telephony service, where the configuration based, at least in part, on the user data.
摘要翻译: 在一个实施例中,装置可以包括存储器和处理器。 处理器可以可操作以创建到无线设备的无线连接。 处理器可以可操作以基于无线设备的唯一标识符与无线设备形成配对。 可以从无线设备接收唯一标识符。 唯一标识符可以识别配对中的无线设备。 处理器可以可操作以从数据库接收与唯一标识符相关联的用户数据。 处理器可以可操作以发起IP电话服务的配置,其中,至少部分地基于用户数据进行配置。
-
6.发明授权Utilizing physically unclonable functions to derive device specific keying material for protection of information 有权利用物理上不可克隆的功能来获得用于保护信息的特定于设备的密钥材料公开(公告)号:US08700916B2
公开(公告)日:2014-04-15
申请号:US13310419
申请日:2011-12-02
CPC分类号: H04L9/0866 , H04L9/0877 , H04L9/3278
摘要: A device specific key is generated within an electronic device by providing a challenge to a physically unclonable function (PUF) structure integrated within the electronic device, where the PUF structure outputs a specific response based upon a specific challenge provided to the PUF structure. The PUF response is provided to a cryptographic module integrated within the electronic device, and a device specific key is generated by the cryptographic module utilizing a cryptographic key generation algorithm. The device specific key is generated based upon a combination of input data including the PUF response and data that is specific to the electronic device.
摘要翻译: 通过向集成在电子设备内的物理不可克隆功能(PUF)结构提出挑战,在电子设备内生成设备专用密钥,其中PUF结构基于提供给PUF结构的特定挑战来输出特定响应。 将PUF响应提供给集成在电子设备内的加密模块,并且使用密码密钥生成算法由加密模块生成设备专用密钥。 基于包括PUF响应的输入数据和特定于电子设备的数据的组合来生成设备专用密钥。
-
7.发明授权System and method for establishing a secure association between a dedicated appliance and a computing platform 有权用于在专用设备和计算平台之间建立安全关联的系统和方法公开(公告)号:US08117452B2
公开(公告)日:2012-02-14
申请号:US10983008
申请日:2004-11-03
申请人: Robert T. Bell , Graham G. Gudgin
发明人: Robert T. Bell , Graham G. Gudgin
IPC分类号: H04L9/00
CPC分类号: H04L9/0869 , H04L9/3263 , H04L63/06 , H04L63/0823 , H04L63/18
摘要: An apparatus is provided that includes a dedicated appliance operable to interface with a computing platform. A provisioning process may be initiated such that the dedicated appliance responds by monitoring a port for a connection request from the computing platform. Upon receiving the connection request the dedicated appliance completing a connection and generates a random numeric or an alphanumeric string, the dedicated appliance calculating a key derived from the random numeric string or the alphanumeric string using a key derivation process. The dedicated appliance waits for the credential packet from the computing platform before establishing a secure connection between the dedicated appliance and the computing platform.
摘要翻译: 提供了一种设备,其包括可操作以与计算平台接口的专用设备。 可以启动供应过程,使得专用设备通过监视来自计算平台的连接请求的端口进行响应。 在接收到专用设备完成连接并生成随机数字或字母数字串的连接请求时,专用设备使用密钥导出过程来计算从随机数字串或字母数字串导出的密钥。 专用设备在建立专用设备和计算平台之间的安全连接之前,会等待来自计算平台的凭据数据包。
-
公开(公告)号:US07848510B2
公开(公告)日:2010-12-07
申请号:US11187423
申请日:2005-07-22
申请人: Shmuel Shaffer , Labhesh Patel , Robert T. Bell , Shantanu Sarkar
发明人: Shmuel Shaffer , Labhesh Patel , Robert T. Bell , Shantanu Sarkar
IPC分类号: H04M3/02
CPC分类号: H04M3/523 , H04M3/382 , H04M3/42221
摘要: A method for recording automatic call distributor calls includes receiving from a caller a call for distribution to one of a plurality of agents and distributing the call to a first agent of the plurality of agents for handling. The method includes creating a call signature associated with the call for recording verification and recording communications of the call to a recording file. The method also includes embedding the call signature in the recording file.
摘要翻译: 用于记录自动呼叫分配器呼叫的方法包括从呼叫者接收分配给多个代理之一的呼叫并将该呼叫分发到多个代理的第一代理进行处理。 该方法包括创建与用于记录验证的呼叫相关联的呼叫签名并将呼叫的通信记录到记录文件。 该方法还包括将呼叫签名嵌入到记录文件中。
-
公开(公告)号:US07171552B1
公开(公告)日:2007-01-30
申请号:US10739494
申请日:2003-12-18
申请人: Robert T. Bell
发明人: Robert T. Bell
IPC分类号: G06F1/24
CPC分类号: H04L9/0662 , H04L9/088 , H04L9/0891 , H04L9/12 , H04L2209/04
摘要: According to one embodiment, an end station is provided for coupling to a communications network and participation in a communications session with another end station using the network. The end station includes encryption circuitry including a first linear feedback shift register (LFSR) and an associated first interconnect mask. The encryption circuitry is operable to generate an output sequence using the first LFSR and the first interconnect mask. A first table contains a plurality of polynomials each corresponding to an available interconnect mask. The end station is operable to receive a key specifying the first interconnect mask and to use the output sequence of the encryption circuitry to encrypt an information stream.
摘要翻译: 根据一个实施例,提供终端站用于耦合到通信网络并且参与与使用网络的另一个终端站的通信会话。 终端站包括包括第一线性反馈移位寄存器(LFSR)和相关联的第一互连掩模的加密电路。 加密电路可操作以使用第一LFSR和第一互连掩模生成输出序列。 第一表包含多个多项式,每个多项式对应于可用的互连掩模。 终端可操作以接收指定第一互连掩模的密钥,并使用加密电路的输出序列来加密信息流。
-
公开(公告)号:US6044081A
公开(公告)日:2000-03-28
申请号:US783216
申请日:1997-01-14
申请人: Robert T. Bell , Richard J. Platt
发明人: Robert T. Bell , Richard J. Platt
CPC分类号: H04Q11/0457 , H04L12/413 , H04L12/66 , H04L29/06 , H04M7/1245 , H04L2212/00 , H04Q2213/13107 , H04Q2213/13166 , H04Q2213/13174 , H04Q2213/13176 , H04Q2213/13204 , H04Q2213/13209 , H04Q2213/13215 , H04Q2213/13216 , H04Q2213/13248 , H04Q2213/1329 , H04Q2213/13337 , H04Q2213/13389 , H04Q2213/13396
摘要: A subsystem for communicating a private network signalling message over a packet network and bridges for communicating a Media Access Control (MAC) layer frame over an isochronous channel and for communicating an isochronous signalling frame over a nonisochronous network. The subsystem comprises: (1) an encapsulation circuit, coupled to a transmitting user station, capable of receiving the private network signalling message from the transmitting user station, the encapsulating circuit encapsulating the signalling message within, and adding source and destination addresses to, a routable protocol frame, the source and destination addresses corresponding to addresses of the transmitting user station and a particular receiving user station, the encapsulation circuit queuing the routable protocol frame for transmission over the packet network and (2) a de-encapsulation circuit, coupled to the particular receiving user station, capable of receiving the routable protocol frame, the de-encapsulation circuit extracting the signalling message from the routable protocol frame, the packet network thereby simulating a point-to-point connection between the transmitting and particular receiving user stations to effect node-to-node private network signalling therebetween.
-
-
-
-
-
-
-
-
-
搜索结果
55 条记录 (耗时 0.034 秒)
