公开(公告)号：US09032186B2

公开(公告)日：2015-05-12

申请号：US13178961

申请日：2011-07-08

申请人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

发明人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

IPC分类号： G06F21/72 ,  G06F9/22 ,  G06F17/30 ,  H04W12/12

CPC分类号： G06F21/72 ,  G06F9/22 ,  G06F17/30477 ,  G06F21/73 ,  G06F21/88 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04W12/12

摘要： Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a message from a service, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, extended functionality may be realized.

摘要翻译： 扩展处理器硬件包含一个微码解释器。 当加密的微码被包括在来自服务的消息中时，微码可以传递给微码解释器。 基于在处理器硬件处发生的微代码的解密和执行，可以实现扩展功能。

公开(公告)号：US20120011345A1

公开(公告)日：2012-01-12

申请号：US13178961

申请日：2011-07-08

申请人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

发明人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

IPC分类号： G06F15/76 ,  G06F9/06

CPC分类号： G06F21/72 ,  G06F9/22 ,  G06F17/30477 ,  G06F21/73 ,  G06F21/88 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04W12/12

摘要： Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a message from a service, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, extended functionality may be realized.

摘要翻译： 扩展处理器硬件包含一个微码解释器。 当加密的微码被包括在来自服务的消息中时，微码可以传递给微码解释器。 基于在处理器硬件处发生的微代码的解密和执行，可以实现扩展功能。

公开(公告)号：US20120011346A1

公开(公告)日：2012-01-12

申请号：US13179137

申请日：2011-07-08

申请人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

发明人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

IPC分类号： G06F15/76 ,  G06F9/06

CPC分类号： G06F9/30178 ,  G06F9/223 ,  G06F21/30 ,  G06F21/44 ,  G06F21/57 ,  H04L63/08

摘要： Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a challenge from a service requiring authentication, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, tampering by potentially abusive device software may be avoided.

摘要翻译： 扩展处理器硬件包含一个微码解释器。 当加密的微码被包含在需要认证的服务的挑战中时，微码可以传递给微码解释器。 基于在处理器硬件处发生的微代码的解密和执行，可以避免潜在滥用设备软件的篡改。

公开(公告)号：US09361107B2

公开(公告)日：2016-06-07

申请号：US13179137

申请日：2011-07-08

申请人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

发明人： Ian Robertson ,  Roger Paul Bowman ,  Robert Henderson Wood

IPC分类号： G06F9/30 ,  G06F9/22 ,  G06F21/30 ,  H04L29/06

CPC分类号： G06F9/30178 ,  G06F9/223 ,  G06F21/30 ,  G06F21/44 ,  G06F21/57 ,  H04L63/08

摘要： Augmented processor hardware contains a microcode interpreter. When encrypted microcode is included in a challenge from a service requiring authentication, the microcode may be passed to the microcode interpreter. Based on decryption and execution of the microcode taking place at the processor hardware, tampering by potentially abusive device software may be avoided.

摘要翻译： 扩展处理器硬件包含一个微码解释器。 当加密的微码被包含在需要认证的服务的挑战中时，微码可以传递给微码解释器。 基于在处理器硬件处发生的微代码的解密和执行，可以避免潜在滥用设备软件的篡改。

公开(公告)号：US09117083B2

公开(公告)日：2015-08-25

申请号：US13026968

申请日：2011-02-14

申请人： Robert Henderson Wood ,  Roger Paul Bowman ,  Oliver Whitehouse

发明人： Robert Henderson Wood ,  Roger Paul Bowman ,  Oliver Whitehouse

IPC分类号： G06F11/30 ,  G06F21/57

CPC分类号： G06F21/575 ,  G06F2221/033 ,  G06F2221/2105

摘要： Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a “factory mode” for the device. The “factory mode” allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the “factory mode”. In contrast to the “factory mode”, the secure mode of the device is referred to herein as a “product mode”. There develops a need to manage, in a secure manner, transitions between the “product mode” and the “factory mode”.

摘要翻译： 通常，在制造时，可以通过加密已被加密签名的操作系统来为正在制造的设备提供安全性。 本申请公开了该设备的“工厂模式”。 “工厂模式”允许设备执行不受信任的操作系统代码，例如未签名的操作系统代码和已签名的操作系统代码，但证书颁发机构不受信任。 为了以安全的方式支持不可信操作系统代码的执行，该设备可以适于防止在设备处于“工厂模式”时预定类型的数据被加载到设备上。 与“工厂模式”相反，设备的安全模式在这里被称为“产品模式”。 需要以安全的方式管理“产品模式”和“工厂模式”之间的过渡。

公开(公告)号：US20120331287A1

公开(公告)日：2012-12-27

申请号：US13528900

申请日：2012-06-21

申请人： Roger Paul Bowman ,  Robert Henderson Wood ,  Nicolaas Santoso Handojo ,  John Michael Agar ,  Brian Paul Neill

发明人： Roger Paul Bowman ,  Robert Henderson Wood ,  Nicolaas Santoso Handojo ,  John Michael Agar ,  Brian Paul Neill

IPC分类号： H04L9/32 ,  H04L9/28

CPC分类号： H04L9/3273 ,  H04L9/0844 ,  H04L9/3066 ,  H04L12/04 ,  H04L12/06 ,  H04L2209/60 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

摘要： Systems and methods are provided for computing a secret shared with a portable electronic device and service entity. The service entity has a public key G and a private key g. A message comprising the public key G is broadcast to the portable electronic device. A public key B of the portable electronic device is obtained from a manufacturing server and used together with the private key g to compute the shared secret. The portable electronic device receives the broadcast message and computes the shared secret as a function of the public key G and the portable electronic device's private key b. The shared secret can be used to establish a trusted relationship between the portable electronic device and the service entity, to activate a service on the portable electronic device, and to generate certificates.

摘要翻译： 提供了用于计算与便携式电子设备和服务实体共享的秘密的系统和方法。 服务实体具有公钥G和私钥g。 包含公钥G的消息被广播到便携式电子设备。 便携式电子设备的公开密钥B从制造服务器获得并与私钥g一起用于计算共享秘密。 便携式电子设备接收广播消息并根据公开密钥G和便携式电子设备的私有密钥b来计算共享秘密。 可以使用共享秘密来建立便携式电子设备和服务实体之间的可信关系，以激活便携式电子设备上的服务并生成证书。

公开(公告)号：US20120210113A1

公开(公告)日：2012-08-16

申请号：US13026968

申请日：2011-02-14

申请人： Robert Henderson Wood ,  Roger Paul Bowman ,  Oliver Whitehouse

发明人： Robert Henderson Wood ,  Roger Paul Bowman ,  Oliver Whitehouse

IPC分类号： G06F9/00

CPC分类号： G06F21/575 ,  G06F2221/033 ,  G06F2221/2105

摘要： Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a “factory mode” for the device. The “factory mode” allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the “factory mode”. In contrast to the “factory mode”, the secure mode of the device is referred to herein as a “product mode”. There develops a need to manage, in a secure manner, transitions between the “product mode” and the “factory mode”.

摘要翻译： 通常，在制造时，可以通过加密已被加密签名的操作系统来为正在制造的设备提供安全性。 本申请公开了该设备的“工厂模式”。 “工厂模式”允许设备执行不受信任的操作系统代码，例如未签名的操作系统代码和已签名的操作系统代码，但证书颁发机构不受信任。 为了以安全的方式支持不可信操作系统代码的执行，该设备可以适于防止在设备处于“工厂模式”时预定类型的数据被加载到设备上。 与“工厂模式”相反，设备的安全模式在这里被称为“产品模式”。 需要以安全的方式管理“产品模式”和“工厂模式”之间的过渡。

公开(公告)号：US08645699B2

公开(公告)日：2014-02-04

申请号：US12723926

申请日：2010-03-15

申请人： Robert Henderson Wood ,  Roger Paul Bowman ,  Christopher Lyle Bender ,  Ian Michael Robertson ,  Casey Jonathan Vandeputte

发明人： Robert Henderson Wood ,  Roger Paul Bowman ,  Christopher Lyle Bender ,  Ian Michael Robertson ,  Casey Jonathan Vandeputte

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  H04L63/0823 ,  H04W12/06

摘要： A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

摘要翻译： 提出了具有认证该设备本身的数字证书的移动通信设备。 还公开了用于认证设备的服务器和认证设备的方法。 该装置包括发射器，处理器，存储器和计算机可读介质。 存储器包括证明移动通信设备的真实性的证书，该证书包括设备专用数据和由具有移动通信设备的真实性的控制权限的机构签名的数字签名。 计算机可读介质具有存储在其上的计算机可读指令，当执行时，响应于向服务提供商认证移动通信设备的请求，配置处理器以指示发送器将证书的副本发送给服务提供商。

公开(公告)号：US09209980B2

公开(公告)日：2015-12-08

申请号：US13528900

申请日：2012-06-21

申请人： Roger Paul Bowman ,  Robert Henderson Wood ,  Nicolaas Santoso Handojo ,  John Michael Agar ,  Brian Paul Neill

发明人： Roger Paul Bowman ,  Robert Henderson Wood ,  Nicolaas Santoso Handojo ,  John Michael Agar ,  Brian Paul Neill

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04L9/30 ,  H04L12/04 ,  H04L12/06

CPC分类号： H04L9/3273 ,  H04L9/0844 ,  H04L9/3066 ,  H04L12/04 ,  H04L12/06 ,  H04L2209/60 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

摘要： Systems and methods are provided for computing a secret shared with a portable electronic device and service entity. The service entity has a public key G and a private key g. A message comprising the public key G is broadcast to the portable electronic device. A public key B of the portable electronic device is obtained from a manufacturing server and used together with the private key g to compute the shared secret. The portable electronic device receives the broadcast message and computes the shared secret as a function of the public key G and the portable electronic device's private key b. The shared secret can be used to establish a trusted relationship between the portable electronic device and the service entity, to activate a service on the portable electronic device, and to generate certificates.

摘要翻译： 提供了用于计算与便携式电子设备和服务实体共享的秘密的系统和方法。 服务实体具有公钥G和私钥g。 包含公钥G的消息被广播到便携式电子设备。 便携式电子设备的公开密钥B从制造服务器获得并与私钥g一起用于计算共享秘密。 便携式电子设备接收广播消息并根据公开密钥G和便携式电子设备的私有密钥b来计算共享秘密。 可以使用共享秘密来建立便携式电子设备和服务实体之间的可信关系，以激活便携式电子设备上的服务并生成证书。

公开(公告)号：US20110225427A1

公开(公告)日：2011-09-15

申请号：US12723926

申请日：2010-03-15

申请人： Robert Henderson Wood ,  Christopher Lyle Bender ,  Ian Michael Robertson ,  Casey Jonathan Vandeputte ,  Roger Paul Bowman

发明人： Robert Henderson Wood ,  Christopher Lyle Bender ,  Ian Michael Robertson ,  Casey Jonathan Vandeputte ,  Roger Paul Bowman

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  H04L63/0823 ,  H04W12/06

摘要： A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

摘要翻译： 提出了具有认证该设备本身的数字证书的移动通信设备。 还公开了用于认证设备的服务器和认证设备的方法。 该装置包括发射器，处理器，存储器和计算机可读介质。 存储器包括证明移动通信设备的真实性的证书，该证书包括设备专用数据和由具有移动通信设备的真实性的控制权限的机构签名的数字签名。 计算机可读介质具有存储在其上的计算机可读指令，当执行时，响应于向服务提供商认证移动通信设备的请求，配置处理器以指示发送器将证书的副本发送给服务提供商。