-
公开(公告)号:US20110144969A1
公开(公告)日:2011-06-16
申请号:US12635830
申请日:2009-12-11
申请人: John C. Dayka , Tamas Visegrady
发明人: John C. Dayka , Tamas Visegrady
摘要: A method for creating entropy in a virtualized computing environment includes waking one or more samplers, each sampler having a sampling frequency; sampling a sample source with each of the one or more samplers; placing each of the samplers in an inactive state when not sampling; determining a difference between an expected value and a sampled value at each sampler; and providing a function of the difference from each of the one or more samplers to an aggregator.
摘要翻译: 用于在虚拟化计算环境中创建熵的方法包括唤醒一个或多个采样器,每个采样器具有采样频率; 用一个或多个采样器中的每一个采样样品源; 当不采样时,将每个采样器置于非活动状态; 确定每个采样器的期望值和采样值之间的差; 并且向所述聚合器提供与所述一个或多个采样器中的每一个的差异的功能。
-
2.发明授权Scalable, highly available, dynamically reconfigurable cryptographic provider with quality-of-service control built from commodity backend providers 有权可扩展的,高可用性的动态可重配置加密提供商,具有从商品后端提供商构建的服务质量控制公开(公告)号:US09251337B2
公开(公告)日:2016-02-02
申请号:US13095471
申请日:2011-04-27
CPC分类号: G06F21/53
摘要: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.
摘要翻译: 用于将以主机为中心的应用编程接口的子集重新映射到商品服务提供商的系统包括被配置为接收商品服务提供商对象的处理器,用手柄嵌入商品服务提供商对象,将该句柄转换成硬件安全性可读的串行化对象 模块,从变换的句柄生成虚拟化句柄,根据序列化对象的特征选择目标硬件安全模块,并将虚拟化句柄映射到目标硬件安全模块。
-
3.发明申请SCALABLE, HIGHLY AVAILABLE, DYNAMICALLY RECONFIGURABLE CRYPTOGRAPHIC PROVIDER WITH QUALITY-OF-SERVICE CONTROL BUILT FROM COMMODITY BACKEND PROVIDERS 有权可扩展的,高可用性的可重构的可重新制造的提供商,具有从商品后端供应商提供的服务质量控制公开(公告)号:US20120278820A1
公开(公告)日:2012-11-01
申请号:US13095471
申请日:2011-04-27
IPC分类号: G06F9/46
CPC分类号: G06F21/53
摘要: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.
摘要翻译: 用于将以主机为中心的应用编程接口的子集重新映射到商品服务提供商的系统包括被配置为接收商品服务提供商对象的处理器,用手柄嵌入商品服务提供商对象,将该句柄转换成硬件安全性可读的串行化对象 模块,从变换的句柄生成虚拟化句柄,根据序列化对象的特征选择目标硬件安全模块,并将虚拟化句柄映射到目标硬件安全模块。
-
4.发明申请SECURE TRANSPORT OF DOMAIN-SPECIFIC CRYPTOGRAPHIC STRUCTURES OVER GENERAL PURPOSE APPLICATION PROGRAM INTERFACES 审中-公开通用应用程序接口上的特定格式结构的安全运输公开(公告)号:US20120177202A1
公开(公告)日:2012-07-12
申请号:US12986517
申请日:2011-01-07
IPC分类号: H04L9/08
CPC分类号: H04L9/08 , H04L9/0822 , H04L9/0827 , H04L9/088
摘要: A method of distributing cryptographic keys includes determining functional keys of domain-specific cryptographic service provider (DCSP); providing the functional keys to a fused cryptographic API (FCAPI) provided on a first computing device; encoding the functional keys with key encoding keys to produced encoded keys, the encoded keys including wrap or unwrap restrictions; receiving the encoded keys at a second computing device; unwrapping each encoded key until a first functional key is discovered, the first functional key having not including a wrap template; and providing the first functional key to the DCSP on at the computing device.
摘要翻译: 分发加密密钥的方法包括:确定域专用加密服务提供商(DCSP)的功能密钥; 向在第一计算设备上提供的融合加密API(FCAPI)提供功能密钥; 使用密钥编码密钥对功能密钥进行编码以产生编码密钥,编码的密钥包括卷积或展开限制; 在第二计算设备处接收所述编码密钥; 展开每个编码的密钥,直到发现第一功能密钥,所述第一功能密钥不包括包装模板; 以及在计算设备上向DCSP提供第一功能密钥。
-
5.发明授权Authenticated identity propagation and translation within a multiple computing unit environment 有权在多个计算单元环境中的经过身份验证的身份传播和翻译公开(公告)号:US07822980B2
公开(公告)日:2010-10-26
申请号:US11468139
申请日:2006-08-29
申请人: Patrick S. Botz , John C. Dayka , Donna N. Dillenberger , Richard H. Guski , Timothy J. Hahn , Margaret K. LaBelle , Mark A. Nelson
发明人: Patrick S. Botz , John C. Dayka , Donna N. Dillenberger , Richard H. Guski , Timothy J. Hahn , Margaret K. LaBelle , Mark A. Nelson
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/31 , G06F2221/2151
摘要: An authenticated identity propagation and translation technique is provided based on a trust relationship between multiple user identification and authentication services resident on different computing components of a multi-component transaction processing computing environment including distributed and mainframe computing components. The technique includes, in one embodiment, forwarding, in association with transaction requests, identified and authenticated user identification and authentication information from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate run-time security context.
摘要翻译: 基于多个用户识别和驻留在包括分布式和大型计算组件的多组件事务处理计算环境的不同计算组件的认证服务之间的信任关系来提供认证身份传播和翻译技术。 在一个实施例中,该技术包括与事务请求相关联地将已识别和认证的用户标识和认证信息从分布式组件转发到主机组件,便于选择适当的主机用户身份,用于执行主机部分的主机部分 事务,并创建适当的运行时安全上下文。
-
公开(公告)号:US20120308011A1
公开(公告)日:2012-12-06
申请号:US13150420
申请日:2011-06-01
申请人: Edward W. Chencinski , James R. Coon , John C. Dayka , Steven G. Glassen , Richard J. Gusefski , Michael J. Jordan , Marco Kraemer , Thomas B. Mathias , Peter K. Szwed , Garry J. Sullivan , Klaus Werner
发明人: Edward W. Chencinski , James R. Coon , John C. Dayka , Steven G. Glassen , Richard J. Gusefski , Michael J. Jordan , Marco Kraemer , Thomas B. Mathias , Peter K. Szwed , Garry J. Sullivan , Klaus Werner
CPC分类号: H04L9/0822 , H04L9/0825 , H04L9/0877 , H04L9/0894
摘要: A computer program product for integrated key serving is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes using a smart card of two or more smart cards with a support element of two or more support elements to create an encryption key and storing the encryption key in an encrypted file that can only be decrypted by the smart card and the support element used to create the encryption key.
摘要翻译: 提供一种用于集成密钥服务的计算机程序产品。 计算机程序产品包括可由处理电路读取的有形存储介质,并且存储由处理电路执行以执行方法的指令。 该方法包括使用具有两个或更多个支持元件的支持元件的两个或多个智能卡的智能卡来创建加密密钥,并将加密密钥存储在只能由智能卡和支持元素解密的加密文件中 用于创建加密密钥。
-
公开(公告)号:US07143285B2
公开(公告)日:2006-11-28
申请号:US09862797
申请日:2001-05-22
IPC分类号: H04L9/00
CPC分类号: G06F21/33
摘要: A method for creating a proof of possession confirmation for inclusion by a certification authority into a digital certificate, the digital certificate for use by an end user, is disclosed. In an exemplary embodiment of the invention, the method includes receiving from the certification authority, in response to a certificate request by the end user, a plurality of data fields corresponding to a target host system, the end user, and a form of proof of identity possession by the end user. The content of the plurality of data fields is analyzed and the accuracy thereof is verified. If the plurality of data fields is verified as accurate, then a signed object is sent to the certification authority, the signed object comprising the proof of possession confirmation.
-
公开(公告)号:US20100037065A1
公开(公告)日:2010-02-11
申请号:US12186198
申请日:2008-08-05
IPC分类号: G06F11/30
CPC分类号: G06F21/445 , G06F21/57
摘要: A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution. Otherwise, the application program terminates without initiating normal execution.
摘要翻译: 一种在信息处理系统中用于程序验证的方法,装置和程序存储装置,其中应用程序在具有用于验证应用程序的数字签名的签名验证功能的操作系统上运行。 在加载应用程序时,操作系统的签名验证功能验证应用程序的数字签名,并且如果数字签名被验证,则启动应用程序的执行。 在开始执行应用程序时,与应用程序相关联的验证测试功能通过向其呈现指定的真假签名模式的测试数字签名序列来测试操作系统的签名验证功能。 如果对操作系统的签名验证功能的测试成功,应用程序启动正常执行。 否则,应用程序终止而不启动正常执行。
-
公开(公告)号:US20080123863A1
公开(公告)日:2008-05-29
申请号:US11557776
申请日:2006-11-08
CPC分类号: G06F21/6209 , G06F2221/2107
摘要: Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.
摘要翻译: 在诸如计算机磁带的可移动计算机介质上的加密数据的访问通过介质上的唯一结构化的报头来控制,所述报头具有由非对称加密以及与非对称加密相关联的公钥所包围的对称密钥。 介质上的数据使用对称密钥进行加密。 在读取器自动读取数据之前,向包括公开密钥的主机系统发出挑战,并且优选地是随机数值。 主机通过使用与公钥相关联的私有密钥签名该随机数来进行响应,以证明其具有解密数据的权限。 使用私钥解密对称密钥,最后使用解开的对称密钥来解密介质上的数据,从而允许自动读取磁带数据,而无需两个管理员共享对称密钥值的风险。
-
10.发明授权Implementation and use of a PII data access control facility employing personally identifying information labels and purpose serving functions sets 有权实施和使用使用个人识别信息标签和目的服务功能集的PII数据访问控制设施公开(公告)号:US07302569B2
公开(公告)日:2007-11-27
申请号:US10643798
申请日:2003-08-19
申请人: Linda Betz , John C. Dayka , Walter B. Farrell , Richard H. Guski , Guenter Karjoth , Mark A. Nelson , Birgit M. Pfitzmann , Matthias Schunter , Michael P. Waidner
发明人: Linda Betz , John C. Dayka , Walter B. Farrell , Richard H. Guski , Guenter Karjoth , Mark A. Nelson , Birgit M. Pfitzmann , Matthias Schunter , Michael P. Waidner
IPC分类号: H04L29/00
CPC分类号: G06F21/629 , G06F21/6245 , G06F2221/2101 , G06F2221/2113 , G06F2221/2141 , G06F2221/2149
摘要: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.
摘要翻译: 通过将个人识别信息(PII)分类标签分配给PII数据对象来实现数据访问控制设施,每个PII数据对象分配有一个PII分类标签。 控制设备还包括至少一个PII目的服务功能集(PSFS),其包括读或写PII数据对象的应用功能列表。 每个PII PSFS也被分配了一个PII分类标签。 PII数据对象可通过具有与PII对象的PII分类标签相同或占优势的PII分类标签的PII PSFS的应用功能来访问。 控制设备的用户被分配有PII间隙组,其包含至少一个PII分类标签的列表,该列表用于确定用户是否有权访问特定功能。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.022 秒)