Method of delivering direct proof private keys to devices using an on-line service
    1.
    发明授权
    Method of delivering direct proof private keys to devices using an on-line service 有权
    使用在线服务向设备提供直接验证私钥的方法

    公开(公告)号:US08660266B2

    公开(公告)日:2014-02-25

    申请号:US12710439

    申请日:2010-02-23

    IPC分类号: G06F21/00

    CPC分类号: H04L9/0844 H04L2209/127

    摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.

    摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所生成的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。

    Method of delivering direct proof private keys to devices using a distribution CD
    2.
    发明授权
    Method of delivering direct proof private keys to devices using a distribution CD 有权
    使用分发CD向设备提供直接验证私钥的方法

    公开(公告)号:US07792303B2

    公开(公告)日:2010-09-07

    申请号:US10892265

    申请日:2004-07-14

    IPC分类号: H04L9/00 H04L9/06 H04L9/32

    摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting-encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

    摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在可移动存储介质(例如CD)上,并分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果不是,系统从可移动存储介质中获得相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构,以获得直接证明私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。

    Method of Delivering Direct Proof Private Keys to Devices Using an On-Line Service
    3.
    发明申请
    Method of Delivering Direct Proof Private Keys to Devices Using an On-Line Service 有权
    使用在线服务向设备提供直接证明私钥的方法

    公开(公告)号:US20100150351A1

    公开(公告)日:2010-06-17

    申请号:US12710439

    申请日:2010-02-23

    CPC分类号: H04L9/0844 H04L2209/127

    摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

    摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果没有,系统将使用安全协议从受保护的在线服务器获取相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构,以获得直接证明私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。

    Method of delivering direct proof private keys in signed groups to devices using a distribution CD
    4.
    发明授权
    Method of delivering direct proof private keys in signed groups to devices using a distribution CD 失效
    将使用分发CD的签名组中的直接证明私钥的方法传递给设备

    公开(公告)号:US07693286B2

    公开(公告)日:2010-04-06

    申请号:US10892280

    申请日:2004-07-14

    IPC分类号: H04L9/08 H04L9/00 H04L9/32

    摘要: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

    摘要翻译: 在安装在客户端计算机系统中的设备中的签名密钥组中提供直接证明私钥可以以安全的方式实现,而不需要设备中的重要的非易失性存储。 在制造时生成并存储与设备中的组号一起存储唯一的伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构被存储在可移动存储介质(例如CD或DVD)上的签名组密钥(例如,签名组记录)中,并且分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果没有,系统从可移动存储介质中获得加密数据结构的关联签名组记录,并验证签名组记录。 该设备使用从其存储的伪随机值重新生成的对称密钥来解密加密的数据结构,以便当组记录有效时获得Direct Proof私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。

    Method of storing unique constant values
    5.
    发明授权
    Method of storing unique constant values 失效
    存储唯一常数值的方法

    公开(公告)号:US07571329B2

    公开(公告)日:2009-08-04

    申请号:US10891699

    申请日:2004-07-14

    IPC分类号: G06F12/14 G06F11/30

    CPC分类号: G06F21/73

    摘要: Secure storage and retrieval of a unique value associated with a device to/from a memory of a processing system. In at least one embodiment, the device needs to be able to access the unique value across processing system resets, and the device does not have sufficient non-volatile storage to store the unique value itself. Instead, the unique value is stored in the processing system memory in such a way that the stored unique value does not create a unique identifier for the processing system or the device. A pseudo-randomly or randomly generated initialization vector may be used to vary an encrypted data structure used to store the unique value in the memory.

    摘要翻译: 安全地存储和检索与/从处理系统的存储器中的设备相关联的唯一值。 在至少一个实施例中,设备需要能够跨越处理系统复位来访问唯一值,并且设备没有足够的非易失性存储来存储唯一值本身。 相反,唯一的值被存储在处理系统存储器中,使得存储的唯一值不会为处理系统或设备创建唯一的标识符。 可以使用伪随机或随机生成的初始化向量来改变用于在存储器中存储唯一值的加密数据结构。

    Method of delivering Direct Proof private keys to devices using an on-line service
    6.
    发明授权
    Method of delivering Direct Proof private keys to devices using an on-line service 失效
    使用在线服务将Direct Proof私钥交付给设备的方法

    公开(公告)号:US07697691B2

    公开(公告)日:2010-04-13

    申请号:US10892256

    申请日:2004-07-14

    CPC分类号: H04L9/0844 H04L2209/127

    摘要: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

    摘要翻译: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现,而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。 当在客户端计算机系统上初始化设备时,系统会检查系统中是否存在本地化的加密数据结构。 如果没有,系统将使用安全协议从受保护的在线服务器获取相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构,以获得直接证明私钥。 如果私钥有效,则其可以用于客户端计算机系统中的设备的后续认证处理。