-
公开(公告)号:US09171187B2
公开(公告)日:2015-10-27
申请号:US11128676
申请日:2005-05-13
申请人: Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
发明人: Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
CPC分类号: H04L63/0428 , G06F21/606 , G06F21/62 , G06F21/71 , G06F21/78 , G06F21/79 , G06Q20/341 , G06Q20/3576 , G06Q20/40975 , G07F7/1008 , H04L9/0833 , H04L9/0838 , H04L9/0891 , H04L67/1097 , H04L2209/12 , H04L2209/603 , H04L2209/80
摘要: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.
摘要翻译: 为包括包括安全处理器的第一集成电路的设备提供内部但未集成的安全令牌。 安全令牌由与第一电路分开的第二集成电路提供。 第二集成电路包括安全的非易失性存储器。 安全处理器以安全的方式将信息传送到第二电路,以将安全信息安全地存储在安全的非易失性存储器中,并且第二集成电路将存储在其安全非易失性存储器中的信息传送到安全处理器 安全的方式。 通信是通过密码保护的。 第一集成电路和第二集成电路是器件的内部部件。 还公开了一种用于分发要在电路之间共享并将用于密码学中的安全密钥的初始化方法。
-
2.发明授权Method, system and computer program product for a trusted counter in an external security element for securing a personal communication device 有权用于固定个人通信设备的外部安全元件中的可信计数器的方法,系统和计算机程序产品公开(公告)号:US07178041B2
公开(公告)日:2007-02-13
申请号:US10046274
申请日:2002-01-16
申请人: Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
发明人: Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
CPC分类号: G07F7/1008 , G06Q20/04 , G06Q20/045 , G06Q20/1235 , G06Q20/341 , G06Q20/346 , G06Q20/35765 , G06Q20/3823 , G07F7/082 , G07F7/0826 , G07F7/1083 , H04M2250/14
摘要: Method, system and computer program product for implementing a trusted counter in a personal communication device. In particular, the method, system and computer program product utilizes cryptography and an external, read-write storage device that stores important state information that cannot be modified without detection. Using the present invention, the counter can be implemented in a personal even if state information is stored in an insecure storage device.
摘要翻译: 用于在个人通信设备中实现可信计数器的方法,系统和计算机程序产品。 特别地,方法,系统和计算机程序产品利用密码学和外部读写存储设备,其存储在没有检测的情况下不能修改的重要状态信息。 使用本发明,即使将状态信息存储在不安全的存储设备中,也可以以个人身份实现计数器。
-
公开(公告)号:US20060259790A1
公开(公告)日:2006-11-16
申请号:US11128676
申请日:2005-05-13
申请人: Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
发明人: Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
IPC分类号: G06F12/14
CPC分类号: H04L63/0428 , G06F21/606 , G06F21/62 , G06F21/71 , G06F21/78 , G06F21/79 , G06Q20/341 , G06Q20/3576 , G06Q20/40975 , G07F7/1008 , H04L9/0833 , H04L9/0838 , H04L9/0891 , H04L67/1097 , H04L2209/12 , H04L2209/603 , H04L2209/80
摘要: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.
-
公开(公告)号:US20060259789A1
公开(公告)日:2006-11-16
申请号:US11128670
申请日:2005-05-13
申请人: Jan-Erik Ekberg , Nadarajah Asokan , Lauri Paatero
发明人: Jan-Erik Ekberg , Nadarajah Asokan , Lauri Paatero
IPC分类号: G06F12/14
CPC分类号: G06F21/79 , G06F12/1458 , G06F2212/2022 , Y02D10/13
摘要: State information necessary to maintain securely is saved on a probabilistic basis onto a flash memory of protected memory chip. The protected memory chip has a communication logics that prevents access to the flash memory unless appropriate cryptographically protected instructions are given. By saving data on a probabilistic basis, the aging of the flash memory can be reduced so as to inhibit malicious destruction of the flash memory. The communication logics can also address different parts of the flash memory selectively so that any time the state information changes, something is written to the flash memory. To yet avoid premature aging of the whole flash memory, a dedicated disposable portion can be used for normal writing so that the remainder of the flash memory remains operable. Corresponding security circuitry, assembly module and computer programs are also described.
摘要翻译: 将可靠地维护所需的状态信息以概率方式保存到受保护的存储器芯片的闪速存储器中。 受保护的存储器芯片具有防止访问闪速存储器的通信逻辑,除非给出适当的加密保护指令。 通过以概率的方式保存数据,可以减少闪速存储器的老化,从而抑制闪存的恶意破坏。 通信逻辑还可以选择性地对闪速存储器的不同部分进行寻址,使得任何时候状态信息改变,一些东西被写入闪速存储器。 为了避免整个闪存的过早老化,专用的一次性部分可以用于正常写入,使得闪存的其余部分保持可操作。 还描述了相应的安全电路,组装模块和计算机程序。
-
公开(公告)号:US10374799B2
公开(公告)日:2019-08-06
申请号:US14111007
申请日:2011-04-13
摘要: A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.
-
公开(公告)号:US20140298016A1
公开(公告)日:2014-10-02
申请号:US14111007
申请日:2011-04-13
CPC分类号: H04L9/14 , G06F21/335 , G06Q20/0457 , G06Q20/3278 , G06Q20/38215 , G06Q20/40975 , G07B15/02 , H04L9/30 , H04L2209/24
摘要: A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.
摘要翻译: 一种装置存储用户特定凭证的方法,装置,系统和计算机程序,经由通信接口从证书机构接收证书并将证书存储在存储器中。 该设备还将私有密钥和公共密钥存储在存储器中,并尝试通过发送一个或多个消息来向售票机读取器认证该设备以访问服务,其中消息包含认证器,该认证器具有至少一个 以下:证书或其加密衍生物; 由证书或其加密派生物包含的一个或多个数据项。 消息准备好使得公钥不能从认证者的外面恢复。
-
公开(公告)号:US20100266128A1
公开(公告)日:2010-10-21
申请号:US12738616
申请日:2007-10-16
IPC分类号: H04L9/08
CPC分类号: H04L63/0853 , H04L9/0833 , H04L9/3271 , H04L63/06 , H04W12/04
摘要: Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (2-2); using the family key for securing credential data; submitting said secured credential data to the security element (2-4); using the family key for binding an application to the family; and submitting said binding to the security element (2-5). Also a method in a related security element and related apparatuses, systems and computer programs are disclosed.
摘要翻译: 公开了一种供应装置中的方法。 该方法包括获得家庭密钥,定义家庭的家庭密钥; 以安全的方式将家庭密钥提交给安全要素(2-2); 使用家庭密钥来确保凭证数据; 将所述安全凭证数据提交给安全元件(2-4); 使用家庭密钥将申请绑定到家庭; 并将所述绑定提交给安全元件(2-5)。 还公开了相关安全元件和相关装置,系统和计算机程序中的方法。
-
8.发明授权公开(公告)号:US07529929B2
公开(公告)日:2009-05-05
申请号:US10161082
申请日:2002-05-30
CPC分类号: H04L63/08 , G06F21/10 , G06Q20/3674 , H04L63/102 , H04L2463/101
摘要: A system and method for enforcing digital rights management (DRM) rules in a terminal, even when the requesting rendering application is already operating. Content, which may be encrypted, is received at the terminal and securely stored. On-demand authorization is effected for the rendering application that is requesting access to the content, using secure communications between a DRM engine within the terminal and an operating system within the terminal that is augmented with a security manager adapted to engage in such secure communications. If the rendering application is found to be authorized, the DRM rules are applied to determine whether the rendering application may access the content, and if so, the content is made available to the rendering application.
摘要翻译: 一种用于在终端中执行数字权限管理(DRM)规则的系统和方法,即使当请求的呈现应用程序已经在运行时。 可以加密的内容在终端处被接收并被安全地存储。 对正在请求访问内容的呈现应用程序进行按需授权,使用终端内的DRM引擎与终端内的操作系统之间的安全通信,所述操作系统用适于参与这种安全通信的安全管理器来增强。 如果发现渲染应用程序被授权,则应用DRM规则来确定呈现应用程序是否可以访问该内容,如果是,那么该内容可用于呈现应用程序。
-
9.发明申请Method and Apparatus to Reset Platform Configuration Register in Mobile Trusted Module 有权移动可信任模块中重置平台配置寄存器的方法和装置公开(公告)号:US20120311315A1
公开(公告)日:2012-12-06
申请号:US13578955
申请日:2011-02-14
IPC分类号: G06F15/177
CPC分类号: G06F21/57
摘要: In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting (2) a value of a platform configuration register identified by a reference integrity metric to reflect a measurement value provided by the reference integrity metric, and responding to an attestation request (0) with an attestation response (5) including dynamic information from the platform configuration register that was reset and system state information from a non-resettable platform configuration register.
摘要翻译: 根据本发明的示例性实施例,至少有一种计算机指令的方法,装置和可执行程序,用于执行建立和初始化一组平台配置寄存器的操作,其中平台配置寄存器的第一子集被定义为 不可复位,并且平台配置寄存器的第二子集被定义为可重置,将初始启动系统状态信息存储在一个或多个不可重置的平台配置寄存器中,动态地重置(2)平台配置寄存器的值 由参考完整性度量标识,以反映由参考完整性度量提供的测量值,以及响应具有认证响应(5)的认证请求(5),该证明响应(5)包括来自重置的平台配置寄存器的动态信息,以及来自 一个不可重置的平台配置寄存器。
-
10.发明申请METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION 有权用于启动设备和用户认证的方法,设备和计算机程序产品公开(公告)号:US20110093938A1
公开(公告)日:2011-04-21
申请号:US12123135
申请日:2008-05-19
申请人: Nadarajah Asokan , Jan-Erik Ekberg , Antti Kiiveri , Olli Muukka
发明人: Nadarajah Asokan , Jan-Erik Ekberg , Antti Kiiveri , Olli Muukka
IPC分类号: H04L9/32
CPC分类号: H04L63/061 , G06F21/31 , H04L9/3263 , H04L63/0815 , H04L63/0823 , H04L2209/80
摘要: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device
摘要翻译: 设备可以包括处理器,其被配置为从包括远程设备的公开密钥的远程设备接收安全证书请求,以及基于远程设备的遗留认证机制的认证证书。 处理器还可以被配置为根据传统认证机制来验证所接收的认证证书。 处理器可以被额外地配置为生成用于公钥的安全证书。 处理器可以被进一步配置为向远程设备提供生成的安全证书
-
-
-
-
-
-
-
-
-
搜索结果
91 条记录 (耗时 0.021 秒)
