-
公开(公告)号:US6023509A
公开(公告)日:2000-02-08
申请号:US720444
申请日:1996-09-30
申请人: Howard C. Herbert , Derek L. Davis
发明人: Howard C. Herbert , Derek L. Davis
CPC分类号: G06Q20/04 , G06Q20/3821 , G06Q20/3825 , G07F7/1016 , H04L9/3236 , H04L9/3247 , H04L2209/38 , H04L2209/56 , H04L2209/60
摘要: A method and apparatus for encoding a purpose into a digital signature, where purpose and digital signature bound into an extended digital signature. The extended digital signature capability binds a purpose description identifying the purpose for the digital signature so that when affixed to a digital signature, the digital signature cannot be employed for improper purposes. A hash function is used to generate a hash value from the purpose description. The hash value is used in a digital signature function to bind the purpose to a digital signature. The extended digital signature can be verified for validity by comparing it to a hash value. In an electronic transaction, the extended digital signature can allow a purpose to be bound with the digital signature so that improper or unauthorized transactions are detected and disallowed.
摘要翻译: 一种用于将目的编码为数字签名的方法和装置,其中目的和数字签名绑定到扩展数字签名中。 扩展的数字签名能力绑定了识别数字签名的目的的目的描述,使得当附加到数字签名时,数字签名不能用于不正当的目的。 哈希函数用于从目的描述生成哈希值。 哈希值用于数字签名功能以将目的绑定到数字签名。 通过将扩展的数字签名与散列值进行比较,可以验证扩展的数字签名的有效性。 在电子交易中,扩展的数字签名可以允许将目的与数字签名绑定,从而检测和不允许不正当或未经授权的交易。
-
公开(公告)号:US06708274B2
公开(公告)日:2004-03-16
申请号:US09071374
申请日:1998-04-30
申请人: Howard C. Herbert , Derek L. Davis
发明人: Howard C. Herbert , Derek L. Davis
IPC分类号: H04L906
CPC分类号: G06F21/79 , G06F12/08 , G06F12/1408 , G06F21/64 , G06F21/86 , G06F2212/251 , G06F2212/253 , G06F2221/2107 , H04L9/3236 , H04L9/3247
摘要: A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.
摘要翻译: 一种用于维护从物理安全环境分页到外部存储单元的页面的完整性和机密性的方法和系统。 选择一个传出页面将从物理安全环境导出到不安全的环境。 为出站页面生成并存储完整性检查值。 在一个实施例中,这采取使用公知的单向散列函数来获取页面的单向散列的形式。 然后使用密码较强的加密算法对输出页进行加密。 在本发明的一个实施例中可以使用的算法中有IDEA和DES。 然后将加密的传出页面导出到外部存储。 凭借加密和完整性检查,出站页面上的数据的安全性保持在不安全的环境中。
-
公开(公告)号:US06629244B2
公开(公告)日:2003-09-30
申请号:US09995994
申请日:2001-11-16
申请人: Derek L. Davis , Howard C. Herbert
发明人: Derek L. Davis , Howard C. Herbert
IPC分类号: G06F1130
CPC分类号: G06F21/10 , G06F21/602 , G06F21/64 , G06F21/72 , G06F2221/2115
摘要: A cryptographic device comprising a processing logic and memory associated with the processing logic. The memory is loaded with a first segment of code to control execution of cryptographic functions and hash functions, and a second segment of code to perform cryptographic functions on behalf of a third party having no physical control of hardware employing the cryptographic device.
-
公开(公告)号:US06199053B1
公开(公告)日:2001-03-06
申请号:US09287782
申请日:1999-04-08
申请人: Howard C. Herbert , Derek L. Davis
发明人: Howard C. Herbert , Derek L. Davis
IPC分类号: H04L900
CPC分类号: G06Q20/04 , G06Q20/3821 , G06Q20/3825 , G07F7/1016 , H04L9/3236 , H04L9/3247 , H04L2209/38 , H04L2209/56 , H04L2209/60
摘要: A method and apparatus for encoding a purpose into a digital signature, where purpose and digital signature bound into an extended digital signature. The extended digital signature capability binds a purpose description identifying the purpose for the digital signature so that when affixed to a digital signature, the digital signature cannot be employed for improper purposes. A hash function is used to generate a hash value from the purpose description. The hash value is used in a digital signature function to bind the purpose to a digital signature. The extended digital signature can be verified for validity by comparing it to a hash value. In an electronic transaction, the extended digital signature can allow a purpose to be bound with the digital signature so that improper or unauthorized transactions are detected and disallowed.
摘要翻译: 一种用于将目的编码为数字签名的方法和装置,其中目的和数字签名绑定到扩展数字签名中。 扩展的数字签名能力绑定了识别数字签名的目的的目的描述,使得当附加到数字签名时,数字签名不能用于不正当的目的。 哈希函数用于从目的描述生成哈希值。 哈希值用于数字签名功能以将目的绑定到数字签名。 通过将扩展的数字签名与散列值进行比较,可以验证扩展的数字签名的有效性。 在电子交易中,扩展的数字签名可以允许将目的与数字签名绑定,从而检测和不允许不正当或未经授权的交易。
-
5.发明授权公开(公告)号:US06389537B1
公开(公告)日:2002-05-14
申请号:US09298360
申请日:1999-04-23
申请人: Derek L. Davis , Howard C. Herbert
发明人: Derek L. Davis , Howard C. Herbert
IPC分类号: H04L932
CPC分类号: G06F21/10 , G06F21/602 , G06F21/64 , G06F21/72 , G06F2221/2115
摘要: A cryptographic device comprising a processing logic and memory associated with the processing logic. The memory is loaded with a first segment of code to control execution of cryptographic functions and hash functions, and a second segment of code to perform cryptographic functions on behalf of a third party having no physical control of hardware employing the cryptographic device.
摘要翻译: 一种加密设备,包括与所述处理逻辑相关联的处理逻辑和存储器。 存储器被加载有代码的第一段以控制加密函数和散列函数的执行,以及第二代码段代表不使用加密设备的硬件的物理控制的第三方执行加密功能。
-
公开(公告)号:US5757919A
公开(公告)日:1998-05-26
申请号:US764154
申请日:1996-12-12
申请人: Howard C. Herbert , Derek L. Davis
发明人: Howard C. Herbert , Derek L. Davis
IPC分类号: G06F12/10 , G06F1/00 , G06F12/14 , G06F21/00 , G06F21/22 , G06F21/24 , G09C1/00 , H04L9/00 , H04L9/10 , H04L9/32
CPC分类号: G06F21/86 , G06F12/1408 , G06F21/602 , G06F21/606 , G06F21/64 , G06F21/71 , G06F21/72 , G06F21/79 , G06F21/85 , H04L9/3236 , H04L9/3247
摘要: A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.
摘要翻译: 一种用于维护从物理安全环境分页到外部存储单元的页面的完整性和机密性的方法和系统。 选择一个传出页面将从物理安全环境导出到不安全的环境。 为出站页面生成并存储完整性检查值。 在一个实施例中,这采取使用公知的单向散列函数来获取页面的单向散列的形式。 然后使用密码较强的加密算法对输出页进行加密。 在本发明的一个实施例中可以使用的算法中有IDEA和DES。 然后将加密的传出页面导出到外部存储。 凭借加密和完整性检查,出站页面上的数据的安全性保持在不安全的环境中。
-
公开(公告)号:US07149901B2
公开(公告)日:2006-12-12
申请号:US10768902
申请日:2004-01-29
申请人: Howard C. Herbert , Derek L. Davis
发明人: Howard C. Herbert , Derek L. Davis
IPC分类号: H04L9/00
CPC分类号: G06F21/79 , G06F12/08 , G06F12/1408 , G06F21/64 , G06F21/86 , G06F2212/251 , G06F2212/253 , G06F2221/2107 , H04L9/3236 , H04L9/3247
摘要: A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.
摘要翻译: 一种用于维护从物理安全环境分页到外部存储单元的页面的完整性和机密性的方法和系统。 选择一个传出页面将从物理安全环境导出到不安全的环境。 为出站页面生成并存储完整性检查值。 在一个实施例中,这采取使用公知的单向散列函数来获取页面的单向散列的形式。 然后使用密码较强的加密算法对输出页进行加密。 在本发明的一个实施例中可以使用的算法中有IDEA和DES。 然后将加密的传出页面导出到外部存储。 凭借加密和完整性检查,出站页面上的数据的安全性保持在不安全的环境中。
-
8.发明授权Method for secure distribution and configuration of asymmetric keying material into semiconductor devices 有权将非对称键控材料安全分配和配置成半导体器件的方法公开(公告)号:US06882730B1
公开(公告)日:2005-04-19
申请号:US09607412
申请日:2000-06-29
申请人: Howard C. Herbert , Derek L. Davis
发明人: Howard C. Herbert , Derek L. Davis
CPC分类号: G06F21/72 , H04L9/0833 , H04L9/0897 , H04L9/14 , H04L9/3236 , H04L9/3247 , H04L9/3265
摘要: In one embodiment, a method is described to secure transfer data from one location to another for storage in an electronic component. The transfer occurs with part of the data routed to a first destination and the remaining data routed to a second destination. The data routed to the first destination is for securely loading a current sort encrypted key (SEK) and a next SEK into memory of the electronic component. The data routed to the second destination includes a private key which is recovered using the current SEK and the next SEK.
摘要翻译: 在一个实施例中,描述了一种方法来确保将数据从一个位置转移到另一个位置以便存储在电子部件中。 转移发生在路由到第一目的地的数据的一部分并且剩余的数据被路由到第二目的地。 路由到第一目的地的数据用于将当前排序加密密钥(SEK)和下一个SEK安全加载到电子组件的存储器中。 路由到第二目的地的数据包括使用当前SEK和下一SEK恢复的私钥。
-
9.发明授权Methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control 有权用于动态评估和授权网络访问控制的方法,设备和系统公开(公告)号:US08752132B2
公开(公告)日:2014-06-10
申请号:US12901349
申请日:2010-10-08
申请人: Ned M. Smith , Howard C. Herbert , Karanvir Grewal
发明人: Ned M. Smith , Howard C. Herbert , Karanvir Grewal
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/105 , H04L63/1408
摘要: Embodiments of the inventions are generally directed to methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control. In an embodiment, a platform includes a switch to control a network connection and an endpoint enforcement engine coupled with the switch. The endpoint enforcement engine may be capable of dynamically switching among a number of network access control modes responsive to an instruction received from the network connection.
摘要翻译: 本发明的实施例一般涉及用于动态评估和授权网络访问控制的方法,装置和系统。 在一个实施例中,平台包括用于控制网络连接的开关和与开关耦合的端点执行引擎。 端点执行引擎可以响应于从网络连接接收的指令而能够在多个网络访问控制模式之间动态切换。
-
10.发明申请METHODS, APPARATUSES, AND SYSTEMS FOR THE DYNAMIC EVALUATION AND DELEGATION OF NETWORK ACCESS CONTROL 有权动态评估和网络访问控制代码的方法,设备和系统公开(公告)号:US20130276052A1
公开(公告)日:2013-10-17
申请号:US12901349
申请日:2010-10-08
申请人: Howard C. Herbert , Karanvir Grewal , Ned M. Smith
发明人: Howard C. Herbert , Karanvir Grewal , Ned M. Smith
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/105 , H04L63/1408
摘要: Embodiments of the inventions are generally directed to methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control. In an embodiment, a platform includes a switch to control a network connection and an endpoint enforcement engine coupled with the switch. The endpoint enforcement engine may be capable of dynamically switching among a number of network access control modes responsive to an instruction received from the network connection.
摘要翻译: 本发明的实施例一般涉及用于动态评估和授权网络访问控制的方法,装置和系统。 在一个实施例中,平台包括用于控制网络连接的开关和与开关耦合的端点执行引擎。 端点执行引擎可以响应于从网络连接接收的指令而能够在多个网络访问控制模式之间动态切换。
-
-
-
-
-
-
-
-
-
搜索结果
46 条记录 (耗时 0.018 秒)
