公开(公告)号：US08533855B2

公开(公告)日：2013-09-10

申请号：US13088824

申请日：2011-04-18

申请人： Fred Hewitt Smith ,  Benjamin Hewitt Smith ,  Cynthia Smith

发明人： Fred Hewitt Smith ,  Benjamin Hewitt Smith ,  Cynthia Smith

IPC分类号： G06F7/04

CPC分类号： H04L63/0428 ,  G06F21/31 ,  G06F21/313 ,  G06F21/32 ,  H04L67/12

摘要： A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node.

公开(公告)号：US07475428B2

公开(公告)日：2009-01-06

申请号：US10600738

申请日：2003-06-20

申请人： Fred Hewitt Smith ,  Benjamin Hewitt Smith ,  Cynthia Smith

发明人： Fred Hewitt Smith ,  Benjamin Hewitt Smith ,  Cynthia Smith

IPC分类号： G06F7/04

CPC分类号： H04L63/0428 ,  G06F21/31 ,  G06F21/313 ,  G06F21/32 ,  H04L67/12

摘要： A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node.

摘要翻译： 安全检测网络系统包括多个远程节点，每个远程节点包括一组检测器接口，其被配置为耦合到一组检测器，所述一组检测器被设置为检测运输容器内非法资产的存在; 至少一个服务器节点被配置为对所述多个远程节点中的每个远程节点进行初始化，安装和验证，包括向每个远程节点递送代理模块，所述代理模块包括用于每个远程节点的所述代理模块，所述节点特定配置文件定义一组 远程节点可以通信的节点和对应于该组节点中的每个节点的不同的加密装置; 以及耦合所述多个远程节点和所述至少一个服务器节点的通信路径。

公开(公告)号：US20120005730A1

公开(公告)日：2012-01-05

申请号：US13088824

申请日：2011-04-18

申请人： Fred Hewitt Smith ,  Benjamin Hewitt Smith ,  Cynthia Smith

发明人： Fred Hewitt Smith ,  Benjamin Hewitt Smith ,  Cynthia Smith

IPC分类号： G06F21/20

CPC分类号： H04L63/0428 ,  G06F21/31 ,  G06F21/313 ,  G06F21/32 ,  H04L67/12

摘要： A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node.

摘要翻译： 安全检测网络系统包括多个远程节点，每个远程节点包括一组检测器接口，其被配置为耦合到一组检测器，所述一组检测器被设置为检测运输容器内非法资产的存在; 至少一个服务器节点被配置为对所述多个远程节点中的每个远程节点进行初始化，安装和验证，包括向每个远程节点递送代理模块，所述代理模块包括用于每个远程节点的所述代理模块，所述节点特定配置文件定义一组 远程节点可以通信的节点和对应于该组节点中的每个节点的不同的加密装置; 以及耦合所述多个远程节点和所述至少一个服务器节点的通信路径。

公开(公告)号：US6067582A

公开(公告)日：2000-05-23

申请号：US689767

申请日：1996-08-13

申请人： Benjamin Hewitt Smith ,  Fred Hewitt Smith

发明人： Benjamin Hewitt Smith ,  Fred Hewitt Smith

IPC分类号： G06F1/00 ,  G06F9/445 ,  G06F21/00 ,  H04L29/06 ,  G06F15/16

CPC分类号： H04L63/20 ,  G06F21/10 ,  G06F8/65 ,  H04L2463/101 ,  H04L67/42

摘要： A system and method is disclosed for distributing, registering and purchasing software application and other digital information over a network. Each software application is embedded with an agent module which communicates with a remote server module in a server attached to the network. The server module interacts with the user that is requesting installation of the software application and upon verification of billing or other constraints, the server module enables the agent module to proceed with installation. Subsequent to installation, the agent module monitors the server module and informs the user if an update to the software application is available.

摘要翻译： 公开了一种用于通过网络分发，注册和购买软件应用程序和其他数字信息的系统和方法。 每个软件应用程序都嵌入一个与连接到网络的服务器中的远程服务器模块通信的代理模块。 服务器模块与正在请求安装软件应用程序的用户交互，并且在验证计费或其他限制时，服务器模块使代理模块能够进行安装。 在安装之后，代理模块监视服务器模块，并通知用户软件应用程序的更新是否可用。

公开(公告)号：US06918038B1

公开(公告)日：2005-07-12

申请号：US09441403

申请日：1999-11-16

申请人： Benjamin Hewitt Smith ,  Fred Hewitt Smith

发明人： Benjamin Hewitt Smith ,  Fred Hewitt Smith

IPC分类号： G06F1/00 ,  G06F9/445 ,  G06F21/00 ,  H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0442 ,  G06F8/65 ,  G06F21/10 ,  G06F21/105 ,  H04L29/06 ,  H04L63/083 ,  H04L67/42 ,  H04L2463/101

摘要： A system and method for generating and remotely installing a private secure and auditable network is provided. Node identification, link, and application information is input into a template. A generator generates components using the information in the template and the components are remotely installed using an installation server. The components include agent modules which are each installed at predetermined target site and establish communication with the installation server to facilitate the download of other components, including application software and configuration files. Each node can only be installed once and is specific to a predetermined target site. For each link, a unique pair of keys is generated in a form which is not human readable, each key corresponds to a different direction of communication over the link. Data transmitted between nodes is encrypted using public-private key pairs. At least one monitor node manages the security of the network, strobes keys, and may take nodes out of the network in the event of a security violation. In such a case, one or more nodes, or the entire network, may be regenerated and installed anew. Throughout the generation and installation a plurality of verifications, authorizations, and password entries may be required by independent groups to arrive at the network. Preferably, the installation is audited by several groups, and the overall operation may be audited by a second monitor node to detect the presence of an interposed “pirate” node.

摘要翻译： 提供了一种用于生成和远程安装专用安全可审计网络的系统和方法。 节点标识，链接和应用信息被输入到模板中。 生成器使用模板中的信息生成组件，并使用安装服务器远程安装组件。 组件包括代理模块，每个代理模块都安装在预定的目标站点，并建立与安装服务器的通信，以便于下载包括应用软件和配置文件在内的其他组件。 每个节点只能安装一次，并且特定于预定的目标站点。 对于每个链接，唯一的一对密钥以不是人类可读的形式生成，每个密钥对应于链路上不同的通信方向。 在节点之间传输的数据使用公私密钥对进行加密。 至少一个监视器节点管理网络的安全性，选通密钥，并且可能在出现安全违规的情况下将节点从网络中取出。 在这种情况下，可以重新生成并安装一个或多个节点或整个网络。 在整个生成和安装过程中，独立组可能需要多个验证，授权和密码输入到达网络。 优选地，安装被多个组审核，并且整体操作可以由第二监视器节点审核以检测插入的“盗版”节点的存在。

公开(公告)号：US06532543B1

公开(公告)日：2003-03-11

申请号：US09500883

申请日：2000-02-09

申请人： Benjamin Hewitt Smith ,  Fred Hewitt Smith

发明人： Benjamin Hewitt Smith ,  Fred Hewitt Smith

IPC分类号： H04L900

CPC分类号： H04L63/0442 ,  G06F8/65 ,  G06F21/10 ,  G06F21/105 ,  G06F2221/2101 ,  H04L29/06 ,  H04L63/068 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/1466 ,  H04L63/18 ,  H04L2463/101

摘要： A system and method for generating and remotely installing a private secure and auditable network is provided. Node identification, link, and application information is input into a template. A generator generates components using the information in the template and the components are remotely installed using an installation server. The components include agent modules which are each installed at predetermined target site and establish communication with the installation server to facilitate the download of other components, including application software and configuration files. Each node can only be installed once and is specific to a predetermined target site. For each link, a unique pair of keys is generated in a form which is not human readable, each key corresponds to a different direction of communication over the link. Data transmitted between nodes is encrypted using public-private key pairs. At least one monitor node manages the security of the network, strobes keys, and may take nodes out of the network in the event of a security violation. In such a case, one or more nodes, or the entire network, may be regenerated and installed anew. Throughout the generation and installation a plurality of verifications, authorizations, and password entries may be required by independent groups to arrive at the network. Preferably, the installation is audited by several groups, and the overall operation may be audited by a second monitor node to detect the presence of an interposed “pirate” node. In the case of a large network including a plurality of subnetworks having hub nodes, strobing between linked hub nodes may also be accomplished.

摘要翻译： 提供了一种用于生成和远程安装专用安全可审计网络的系统和方法。 节点标识，链接和应用信息被输入到模板中。 生成器使用模板中的信息生成组件，并使用安装服务器远程安装组件。 组件包括代理模块，每个代理模块都安装在预定的目标站点，并建立与安装服务器的通信，以便于下载包括应用软件和配置文件在内的其他组件。 每个节点只能安装一次，并且特定于预定的目标站点。 对于每个链接，唯一的一对密钥以不是人类可读的形式生成，每个密钥对应于链路上不同的通信方向。 在节点之间传输的数据使用公私密钥对进行加密。 至少一个监视器节点管理网络的安全性，选通密钥，并且可能在出现安全违规的情况下将节点从网络中取出。 在这种情况下，可以重新生成并安装一个或多个节点或整个网络。 在整个生成和安装过程中，独立组可能需要多个验证，授权和密码输入到达网络。 优选地，安装被多个组审核，并且整体操作可以由第二监视器节点审核以检测插入的“盗版”节点的存在。 在包括具有集线器节点的多个子网络的大型网络的情况下，也可以实现链接的集线器节点之间的选通。

公开(公告)号：US07930761B2

公开(公告)日：2011-04-19

申请号：US12277100

申请日：2008-11-24

申请人： Fred Hewitt Smith ,  Benjamin H Smith ,  Cynthia Smith

发明人： Fred Hewitt Smith ,  Benjamin H Smith ,  Cynthia Smith

IPC分类号： G06F7/04

CPC分类号： H04L63/0428 ,  G06F21/31 ,  G06F21/313 ,  G06F21/32 ,  H04L67/12

摘要： A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node.

摘要翻译： 安全检测网络系统包括多个远程节点，每个远程节点包括一组检测器接口，其被配置为耦合到一组检测器，所述一组检测器被设置为检测运输容器内非法资产的存在; 至少一个服务器节点被配置为对所述多个远程节点中的每个远程节点进行初始化，安装和验证，包括向每个远程节点递送代理模块，所述代理模块针对每个远程节点，所述代理模块包括定义一组 远程节点可以通信的节点和对应于该组节点中的每个节点的不同的加密装置; 以及耦合所述多个远程节点和所述至少一个服务器节点的通信路径。

公开(公告)号：US08930717B2

公开(公告)日：2015-01-06

申请号：US13410204

申请日：2012-03-01

申请人： Fred Hewitt Smith

发明人： Fred Hewitt Smith

IPC分类号： G06F11/273 ,  G06F21/30 ,  H01L21/66 ,  G06F21/57 ,  G06F21/76 ,  H04L29/06 ,  G06F21/56 ,  G06F9/02

CPC分类号： G06F21/76 ,  G06F21/305 ,  G06F21/56 ,  G06F21/57 ,  G06F2221/2115 ,  H01L22/20 ,  H04L63/126

摘要： Described herein are devices and techniques related to implementation of a trustworthy electronic processing module. During fabrication, a manufacturer is provided with partial technical specifications that intentionally exclude at least one critical design feature. Fabrication of the electronic processing module is monitored from a trusted remote location; wherefrom, the intentionally excluded at least one critical design feature is implemented, thereby completing manufacture of the trustworthy electronic processing module. At least one of the acts of monitoring and implementing can be accomplished by instantiating executable software remotely from a trusted remote location and immediately prior to execution. It is the executable software that enables at least one of the acts of monitoring and implementing. Further, the instantiated executable software is removed or otherwise rendered inoperable immediately subsequent to execution. In some embodiments the critical design feature can be implemented within a configurable element, such as a field programmable gate array (FPGA).

摘要翻译： 这里描述的是与可靠的电子处理模块的实现有关的设备和技术。 在制造过程中，向制造商提供有意排除至少一个关键设计特征的部分技术规范。 从可信赖的远程位置监测电子处理模块的制造; 从而有意地排除了至少一个关键设计特征，从而完成可信赖的电子处理模块的制造。 监控和实施中的至少一个可以通过从可信赖的远程位置远程实施可执行软件并在执行之前立即完成。 它是可执行的软件，可以实现至少一个监视和实现的行为。 此外，实例化的可执行软件在执行后立即被移除或以其他方式呈现为不可操作的。 在一些实施例中，关键设计特征可以在诸如现场可编程门阵列（FPGA）的可配置元件内实现。

公开(公告)号：US20120070002A1

公开(公告)日：2012-03-22

申请号：US12837540

申请日：2010-07-16

申请人： Fred Hewitt Smith

发明人： Fred Hewitt Smith

IPC分类号： G06F12/14 ,  G06F21/06 ,  H04L9/06

CPC分类号： H04L9/085 ,  H04L9/0894 ,  H04L9/16 ,  H04L2209/805

摘要： The technology described herein for protecting secure information includes a method. The method includes storing, by a plurality of data store devices, the secure information. Each of the data store devices stores at least one part of the secure information. The method further includes receiving, by at least one of a plurality of embedded sensors, a notification associated with a compromise of at least one part of the secure information. The method further includes destroying one or more parts of the secure information based on the notification. The method further includes processing, by a plurality of intelligent agent modules, one or more parts of the secure information received from one or more of the data store devices if no parts of the one or more parts of the secure information are destroyed.

摘要翻译： 本文所述的用于保护安全信息的技术包括一种方法。 该方法包括由多个数据存储设备存储安全信息。 每个数据存储设备存储安全信息的至少一部分。 所述方法还包括由多个嵌入式传感器中的至少一个接收与所述安全信息的至少一部分的妥协相关联的通知。 该方法还包括基于通知来销毁安全信息的一个或多个部分。 该方法还包括如果没有安全信息的一个或多个部分的任何部分被销毁，则由多个智能代理模块处理从一个或多个数据存储设备接收的安全信息的一个或多个部分。

公开(公告)号：US09058482B2

公开(公告)日：2015-06-16

申请号：US13410287

申请日：2012-03-01

申请人： Fred Hewitt Smith

发明人： Fred Hewitt Smith

IPC分类号： G06F21/00 ,  G06F21/42 ,  H04L29/06 ,  H04L9/32

CPC分类号： G06F21/35 ,  G06F21/31 ,  G06F21/42 ,  H04L9/3231 ,  H04L63/107

摘要： Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.

摘要翻译： 这里描述了用于远程控制用户对受限计算机资源的访问的设备和技术。 该过程包括预先确定受限计算机资源和计算机资源近端环境信息的关联。 从用户请求访问受限计算机资源的用户接收到用户近端环境信息的标记。 将用户近端环境信息的接收标记与相关的计算机资源近端环境信息进行比较。 选择性地授予对受限计算机资源的用户访问，这有利于用户近端环境信息与计算机资源近端环境信息充分相似的有利比较。 在至少一些实施例中，该过程还包括比较用户提供的生物测量测量并将其与授权用户的至少一个生物测量度量的预定关联进行比较。 对有限的计算机资源进行访问是为了有利的比较。