-
公开(公告)号:US20080028235A1
公开(公告)日:2008-01-31
申请号:US11779651
申请日:2007-07-18
申请人: Keelan Smith , Scott Vanstone , Daniel Brown , Darryl Parisien , Ashok Vadekar , Brian Neill
发明人: Keelan Smith , Scott Vanstone , Daniel Brown , Darryl Parisien , Ashok Vadekar , Brian Neill
IPC分类号: H04L9/14
CPC分类号: G06F21/575 , G06F21/73 , G06F2221/2109 , G07F17/32 , G07F17/323 , G07F17/3241 , H04L9/3247 , H04L63/0428 , H04L63/0823 , H04L2209/60 , H04L2463/101
摘要: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.
摘要翻译: 提供了一种方法和系统,用于使用安全引导过程和完整的非易失性存储器加密处理来验证和保护嵌入式设备,所述完整非易失性存储器加密处理在个性化BIOS和主引导记录上实现具有消息恢复的椭圆曲线Pinstov-Vanstone签名(ECPV)方案 。 签名包括恢复的代码,以解锁一个依次用于解密非易失性存储器的密钥。 使用ECPVS提供了硬件绑定到BIOS的隐含验证,因为加密的内存是无用的,除非使用适当的密钥进行正确的解密。
-
公开(公告)号:US08510570B2
公开(公告)日:2013-08-13
申请号:US13357411
申请日:2012-01-24
申请人: Keelan Smith , Scott A. Vanstone , Daniel R. Brown , Darryl L. Parisien , Ashok Vadekar , Brian Neill
发明人: Keelan Smith , Scott A. Vanstone , Daniel R. Brown , Darryl L. Parisien , Ashok Vadekar , Brian Neill
CPC分类号: G06F21/575 , G06F21/73 , G06F2221/2109 , G07F17/32 , G07F17/323 , G07F17/3241 , H04L9/3247 , H04L63/0428 , H04L63/0823 , H04L2209/60 , H04L2463/101
摘要: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.
摘要翻译: 提供了一种方法和系统,用于使用安全引导过程和完整的非易失性存储器加密处理来验证和保护嵌入式设备,所述完整非易失性存储器加密处理在个性化BIOS和主引导记录上实现具有消息恢复的椭圆曲线Pinstov-Vanstone签名(ECPV)方案 。 签名包括恢复的代码,以便解锁一个依次用于解密非易失性存储器的密钥。 使用ECPVS提供了硬件绑定到BIOS的隐含验证,因为加密的内存是无用的,除非使用适当的密钥进行正确的解密。
-
公开(公告)号:US20120131322A1
公开(公告)日:2012-05-24
申请号:US13357411
申请日:2012-01-24
申请人: Keelan Smith , Scott A. Vanstone , Daniel R. Brown , Darryl L. Parisien , Ashok Vadekar , Brian Neill
发明人: Keelan Smith , Scott A. Vanstone , Daniel R. Brown , Darryl L. Parisien , Ashok Vadekar , Brian Neill
CPC分类号: G06F21/575 , G06F21/73 , G06F2221/2109 , G07F17/32 , G07F17/323 , G07F17/3241 , H04L9/3247 , H04L63/0428 , H04L63/0823 , H04L2209/60 , H04L2463/101
摘要: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.
摘要翻译: 提供了一种方法和系统,用于使用安全引导过程和完整的非易失性存储器加密处理来验证和保护嵌入式设备,所述完整非易失性存储器加密处理在个性化BIOS和主引导记录上实现具有消息恢复的椭圆曲线Pinstov-Vanstone签名(ECPV)方案 。 签名包括恢复的代码,以便解锁一个依次用于解密非易失性存储器的密钥。 使用ECPVS提供了硬件绑定到BIOS的隐含验证,因为加密的内存是无用的,除非使用适当的密钥进行正确的解密。
-
公开(公告)号:US08166308B2
公开(公告)日:2012-04-24
申请号:US11779651
申请日:2007-07-18
申请人: Keelan Smith , Scott A. Vanstone , Daniel R. Brown , Darryl L. Parisien , Ashok Vadekar , Brian Neill
发明人: Keelan Smith , Scott A. Vanstone , Daniel R. Brown , Darryl L. Parisien , Ashok Vadekar , Brian Neill
CPC分类号: G06F21/575 , G06F21/73 , G06F2221/2109 , G07F17/32 , G07F17/323 , G07F17/3241 , H04L9/3247 , H04L63/0428 , H04L63/0823 , H04L2209/60 , H04L2463/101
摘要: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.
摘要翻译: 提供了一种方法和系统,用于使用安全引导过程和完整的非易失性存储器加密处理来验证和保护嵌入式设备,所述完整非易失性存储器加密处理在个性化BIOS和主引导记录上实现具有消息恢复的椭圆曲线Pinstov-Vanstone签名(ECPV)方案 。 签名包括恢复的代码,以解锁一个依次用于解密非易失性存储器的密钥。 使用ECPVS提供了硬件绑定到BIOS的隐含验证,因为加密的内存是无用的,除非使用适当的密钥进行正确的解密。
-
5.发明申请公开(公告)号:US20080164976A1
公开(公告)日:2008-07-10
申请号:US11898181
申请日:2007-09-10
申请人: Michael Griffiths-Harvey , Brian Neill , Keelan Smith , Tony Rosati , Walt Davis
发明人: Michael Griffiths-Harvey , Brian Neill , Keelan Smith , Tony Rosati , Walt Davis
IPC分类号: H04Q5/22
CPC分类号: H04L9/3066 , H04L9/3252 , H04L2209/805
摘要: An authenticated RFID system is provided that uses elliptic curve cryptography (ECC) to reduce the signature size and read/write times when compared to traditional public key implementations such as RSA. Either ECDSA or ECPVS can be used to reduce the signature size and ECPVS can be used to hide a portion of the RFID tag that contains sensitive product identifying information. As a result, smaller tags can be used or multiple signatures can be written at different stages in a manufacturing or supply chain. A key management system is used to distribute the verification keys and aggregate signature schemes are also provided for adding multiple signatures to the RFID tags, for example in a supply chain.
摘要翻译: 提供了一种经过认证的RFID系统,与传统的公共密钥实现(如RSA)相比,使用椭圆曲线密码术(ECC)来减少签名大小和读/写时间。 ECDSA或ECPVS可以用于减小签名大小,并且ECPVS可用于隐藏包含敏感产品标识信息的RFID标签的一部分。 因此,可以使用较小的标签,或者可以在制造或供应链中的不同阶段写入多个签名。 密钥管理系统用于分发验证密钥,并且聚合签名方案也被提供用于向RFID标签添加多个签名,例如在供应链中。
-
6.发明授权公开(公告)号:US09013266B2
公开(公告)日:2015-04-21
申请号:US11898181
申请日:2007-09-10
申请人: Michael Griffiths-Harvey , Brian Neill , Keelan Smith , Tony Rosati , Walt Davis
发明人: Michael Griffiths-Harvey , Brian Neill , Keelan Smith , Tony Rosati , Walt Davis
CPC分类号: H04L9/3066 , H04L9/3252 , H04L2209/805
摘要: An authenticated RFID system is provided that uses elliptic curve cryptography (ECC) to reduce the signature size and read/write times when compared to traditional public key implementations such as RSA. Either ECDSA or ECPVS can be used to reduce the signature size and ECPVS can be used to hide a portion of the RFID tag that contains sensitive product identifying information. As a result, smaller tags can be used or multiple signatures can be written at different stages in a manufacturing or supply chain. A key management system is used to distribute the verification keys and aggregate signature schemes are also provided for adding multiple signatures to the RFID tags, for example in a supply chain.
摘要翻译: 提供了一种经过认证的RFID系统,与传统的公共密钥实现(如RSA)相比,使用椭圆曲线密码术(ECC)来减少签名大小和读/写时间。 ECDSA或ECPVS可以用于减小签名大小,并且ECPVS可用于隐藏包含敏感产品标识信息的RFID标签的一部分。 因此,可以使用较小的标签,或者可以在制造或供应链中的不同阶段写入多个签名。 密钥管理系统用于分发验证密钥,并且聚合签名方案也被提供用于向RFID标签添加多个签名,例如在供应链中。
-
公开(公告)号:US20110010770A1
公开(公告)日:2011-01-13
申请号:US12834652
申请日:2010-07-12
申请人: Keelan Smith , Brian Paul Neill , Eugene Chin
发明人: Keelan Smith , Brian Paul Neill , Eugene Chin
IPC分类号: G06F21/22
CPC分类号: G06F21/71 , G06F21/73 , H04L9/083 , H04L9/3066 , H04L9/3213 , H04L9/3271 , H04L2209/60
摘要: A key injection service module for an asset management system is provided for a secure means of injecting keys into products. To provide this service, a controller is used to define one or more key types defining the format of the keys in a file. The controller is then used to define a product model, and then to bind each key type to the product models.
摘要翻译: 提供了一种用于资产管理系统的关键注入服务模块,用于将密钥注入产品的安全手段。 为了提供此服务,控制器用于定义定义文件中的键格式的一个或多个键类型。 然后,控制器用于定义产品模型,然后将每个键类型绑定到产品型号。
-
公开(公告)号:US09111098B2
公开(公告)日:2015-08-18
申请号:US12834804
申请日:2010-07-12
CPC分类号: G06F11/3688 , G06F8/70 , G06F9/54 , G06F21/00 , G06F21/57 , G06Q10/06 , G06Q50/04 , Y02P90/30
摘要: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.
摘要翻译: 提供了一种资产管理系统,其包括一个或多个控制器,其作为主服务器操作,并且可以位于电子设备制造商的总部,以在任何全球位置远程控制其操作。 控制器可以通过互联网或其他网络进行远程通信,以控制一个或多个辅助或远程服务器,这里称为设备。 电器可以位于不同的制造,测试或分销现场。 控制器和设备包括执行敏感和高可靠性计算的硬件安全模块(HSM),存储诸如私钥的敏感信息,执行其他加密操作,以及在组件之间建立安全连接。 HSM用于在控制器和设备之间以及设备与嵌入在设备中的资产控制核心的安全信任点之间创建安全端点。
-
公开(公告)号:US08631247B2
公开(公告)日:2014-01-14
申请号:US13131019
申请日:2009-11-24
申请人: Daniel O'Loughlin , Keelan Smith , Jay Scott Fuller , Joseph Ku , William Lattin , Marinus Struik , Yuri Poeluev , Matthew J. Campagna , Thomas Stiemerling
发明人: Daniel O'Loughlin , Keelan Smith , Jay Scott Fuller , Joseph Ku , William Lattin , Marinus Struik , Yuri Poeluev , Matthew J. Campagna , Thomas Stiemerling
CPC分类号: G06F12/1408 , G06F21/123 , G06F21/57 , G06F21/606 , G06F21/72 , G06F21/73 , G06F21/76 , G06F21/80 , G06F2212/1052 , G06F2221/2101 , H04L9/0877 , H04L9/3066 , H04L9/3252 , H04L9/3263 , H04L9/3273 , H04L2209/24
摘要: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.
摘要翻译: 提供资产管理系统,其中包括作为资产控制核心运行的硬件模块。 资产控制核心通常包括嵌入在目标片上系统中的小型硬件核心,其在硅芯片上建立基于硬件的信任点。 资产控制核心可以作为消费者设备的信任根源,具有使其难以篡改的特征。 资产控制核心能够为一个设备生成唯一的标识符,并通过与设备的安全通信通道参与设备的跟踪和配置。 该设备通常包括一个安全模块,它将配置数据高速缓存并分配给连接到资产控制核心的许多代理之一,例如, 在生产线上或在售后市场的程序设计会议。
-
公开(公告)号:US20100241848A1
公开(公告)日:2010-09-23
申请号:US12714189
申请日:2010-02-26
IPC分类号: H04L9/00
CPC分类号: H04L63/0442 , G01D4/004 , H04L9/083 , H04L9/0891 , H04L9/3247 , H04L63/126 , H04L67/12 , Y02B90/242 , Y04S20/322
摘要: An infrastructure for securely communicating with electronic meters is described, which enables secure communication between a utility and a meter located at a customer, over a communication link or connection such as via a network. This enables messages to be sent from the utility to the meter and vice versa in a secure manner. The network provides a communication medium for communicating via the C12.22 protocol for secure metering. A cryptographic backend is used to cryptographically process messages to be sent to the meter and to similarly cryptographically process messages sent from the meter. By providing appropriate cryptographic measures such as key management, confidentiality and authentication, the meter can only interpret and process messages from a legitimate utility and the utility can ensure that the messages it receives are from a legitimate meter and contain legitimate information.
摘要翻译: 描述了用于与电子计量表进行安全通信的基础设施,其通过诸如经由网络的通信链路或连接来实现公用事业和位于客户的计量表之间的安全通信。 这使得能够以安全的方式将消息从实用程序发送到仪表,反之亦然。 该网络提供用于通过C12.22协议进行通信的通信介质,用于安全测量。 加密后端用于加密地处理要发送到仪表的消息,并且类似地加密处理从仪表发送的消息。 通过提供密码管理,机密性和身份验证等适当的加密措施,仪表只能解读和处理来自合法实用程序的消息,并且实用程序可以确保其收到的消息来自合法的仪表并包含合法信息。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.041 秒)
