-
公开(公告)号:US07398393B2
公开(公告)日:2008-07-08
申请号:US10767868
申请日:2004-01-28
IPC分类号: H04L9/32
CPC分类号: H04L63/0435 , H04L9/083 , H04L9/3073 , H04L63/062 , H04L2209/56 , H04L2209/68 , H04L2209/76
摘要: When sending personal data to a recipient, the data owner encrypts the data using both a public data item provided by a trusted party and an encryption key string formed using at least policy data indicative of conditions to be satisfied before access is given to the personal data. The encryption key string is typically also provided to the recipient along with the encrypted personal data. To decrypt the personal data, the recipient sends the encryption key string to the trusted party with a request for the decryption key. The trusted party determines the required decryption key using the encryption key string and private data used in deriving its public data, and provides it to the requesting recipient. However, the decryption key is either not determined or not made available until the trusted party is satisfied that the associated policy conditions have been met by the recipient.
摘要翻译: 当向收件人发送个人数据时,数据所有者使用由受信任方提供的公共数据项和至少指示要在个人数据访问之前要满足的条件的策略数据形成的加密密钥串来加密数据 。 加密密钥字符串通常也与加密的个人数据一起提供给接收者。 为了解密个人数据,接收方通过请求解密密钥将加密密钥字符串发送给信任方。 可信方使用加密密钥串和用于导出其公共数据的私有数据来确定所需的解密密钥,并将其提供给请求的接收者。 然而,解密密钥在被信任方满足接收者已经满足相关联的策略条件之前,未被确定或不被提供。
-
公开(公告)号:US09137113B2
公开(公告)日:2015-09-15
申请号:US11335877
申请日:2006-01-20
CPC分类号: H04L63/0407 , H04L9/083 , H04L41/0893 , H04L63/0428 , H04L63/10 , H04L63/102 , H04L67/32
摘要: A computer network has a number of resources. One or more trusted localization provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localization provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.
摘要翻译: 计算机网络具有许多资源。 一个或多个受信任的本地化提供商证明资源的位置。 加密数据与定义用于选择的数据和元数据的隐私策略的策略包密切相关。 值得信赖的隐私服务强制执行隐私政策。 信任的隐私服务被设置为向资源提供密钥以允许该资源处理数据,如果可信赖的隐私服务从可信定位提供者确定认证该资源的位置和其他上下文信息,该隐私策略允许处理数据 在该位置的资源上。
-
公开(公告)号:US07634656B2
公开(公告)日:2009-12-15
申请号:US10241894
申请日:2002-09-12
申请人: Siani Lynne Pearson
发明人: Siani Lynne Pearson
IPC分类号: H04L9/32
CPC分类号: H04L63/0442 , H04L29/06027 , H04L63/0407 , H04L63/08 , H04L63/0823 , H04L65/1006 , H04M1/2535 , H04M1/57 , H04M1/571 , H04M3/42042 , H04M7/006 , H04M2242/22
摘要: A voice call system and a method and apparatus for identifying a voice caller are disclosed. The system includes a call originator apparatus 10 and a called party apparatus 20. At least one trusted user identity is formed at the call originator apparatus 10, ideally in a trusted platform module 12 configured according to a Trusted Computing Platform Alliance (TCPA) specification. The called party apparatus 20 checks the trusted user identity when establishing a new voice call. Advantageously, an identity of the voice caller using the call originator apparatus is confirmed in a reliable and trustworthy manner, even when the voice call is transported over an inherently insecure medium, e.g. an open computing system like the internet 30. Preferred embodiments of the invention use IP telephony, such as SIP (session initiation protocol) or H.323 standard voice telephony.
摘要翻译: 公开了用于识别语音呼叫者的语音呼叫系统和方法和装置。 该系统包括呼叫发起者装置10和被叫方装置20.在呼叫发起者装置10中形成至少一个可信用户身份,理想地在根据可信计算平台联盟(TCPA)规范配置的信任平台模块12中。 被叫方装置20在建立新的语音呼叫时检查可信用户身份。 有利的是,即使当语音呼叫通过固有不安全的介质传输时,也可以以可靠和可靠的方式确认语音呼叫者使用呼叫发起者装置的身份。 诸如互联网的开放式计算系统30.本发明的优选实施例使用IP电话,例如SIP(会话发起协议)或H.323标准语音电话。
-
公开(公告)号:US07353531B2
公开(公告)日:2008-04-01
申请号:US10080477
申请日:2002-02-22
IPC分类号: H04L9/00
CPC分类号: H04L63/105 , G06F21/552 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2153 , H04L63/126
摘要: A trusted computing environment 100, wherein each computing device 112 to 118 holds a policy specifying the degree to which it can trust the other devices in the environment 100. The policies are updated by an assessor 110 which receives reports from trusted components 120 in the computing devices 112 to 118 which identify the trustworthiness of the computing devices 112 to 118.
摘要翻译: 可信计算环境100,其中每个计算设备112至118保存指定其可以信任环境100中的其他设备的程度的策略。 由评估者110更新策略,评估者110从计算设备112至118中的可信组件120接收报告,其识别计算设备112至118的可信赖性。
-
公开(公告)号:US07194623B1
公开(公告)日:2007-03-20
申请号:US09979902
申请日:2000-05-25
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F21/552 , G06F2211/009 , G06F2221/2101 , G06F2221/2103 , H04L63/0853 , H04L63/1425
摘要: There is disclosed a computer entity having a trusted component which compiles an event log for events occurring on a computer platform. The event log contains event data of types which are pre-specified by a user by inputting details through a dialogue display generated by the trusted component. Items which can be monitored include data files, applications drivers and the like. The trusted component operates through a monitoring agent which may be launched onto the computer platform. The monitoring agent may be periodically interrogated to make sure that it is operating correctly and responding to interrogations by the trusted component.
摘要翻译: 公开了一种具有可信组件的计算机实体,该信任组件针对在计算机平台上发生的事件编译事件日志。 事件日志包含由用户通过由可信组件生成的对话显示输入细节而预先指定的类型的事件数据。 可以监视的项目包括数据文件,应用驱动程序等。 受信任的组件通过可以发送到计算机平台上的监视代理来操作。 可以定期询问监视代理以确保其正常工作并响应可信部件的询问。
-
公开(公告)号:US06988250B1
公开(公告)日:2006-01-17
申请号:US09913452
申请日:2000-02-15
申请人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
发明人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
IPC分类号: G06F17/50
CPC分类号: G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译: 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
-
公开(公告)号:US07526785B1
公开(公告)日:2009-04-28
申请号:US10088258
申请日:2000-09-25
申请人: Siani Lynne Pearson , Liqun Chen
发明人: Siani Lynne Pearson , Liqun Chen
IPC分类号: H04N7/167
CPC分类号: G06F21/84 , G06F21/57 , G06F21/85 , G06F2211/009 , G06F2221/2103 , G06F2221/2153
摘要: A client/server system has a client platform adapted to provide restricted use of data provided by a serve. The client platform comprises a display, secure communications means, and a memory containing image receiving code for receiving data from a server by the secure communication means and for display of such data. The client platform is adapted such that the data received from a server is used for display of the data and not for an unauthorised purpose. A server adapted to provide data to a client platform for restricted use by the client platform comprises a memory containing image sending code for providing an image of data executed on the server, and secure communications means for secure communication of images of data to a client platform. The server is adapted to determine that a client platform is adapted to ensure restricted use of the data before it is sent by the image sending code.
摘要翻译: 客户机/服务器系统具有适于提供对服务提供的数据的有限使用的客户端平台。 客户平台包括显示器,安全通信装置和包含图像接收代码的存储器,用于通过安全通信装置从服务器接收数据并显示这些数据。 适应客户端平台,使得从服务器接收的数据用于显示数据,而不是用于未经授权的目的。 适于向客户端平台提供数据以供客户端平台限制使用的服务器包括:包含图像发送代码的存储器,用于提供在服务器上执行的数据的图像;以及安全通信装置,用于将数据图像安全地传送到客户端平台 。 服务器适于确定客户端平台适于在数据被图像发送代码发送之前确保其受到有限的使用。
-
公开(公告)号:US07461249B1
公开(公告)日:2008-12-02
申请号:US10049211
申请日:2000-08-11
申请人: Siani Lynne Pearson , David Chan
发明人: Siani Lynne Pearson , David Chan
CPC分类号: G06F21/445 , G06F21/10 , G06F21/123 , G06F21/57 , G06F2211/009 , G06F2221/0797 , G06F2221/2105
摘要: A computer platform (100) uses a tamper-proof component (120), or “trusted module”, of a computer platform in conjunction with software, preferably running within the tamper-proof component, that controls the uploading and usage of data on the platform as a generic dongle for that platform. Licensing checks can occur within a trusted environment (in other words, an environment which can be trusted to behave as the user expects); this can be enforced by integrity checking of the uploading and license-checking software. Metering records can be stored in the tamper-proof device and reported back to administrators as required. There can be an associated clearinghouse mechanism to enable registration and payment for data.
摘要翻译: 计算机平台(100)使用计算机平台的防篡改组件(120)或“可信模块”,其结合软件,优选地在防窜改组件内运行,其控制数据的上传和使用 平台作为该平台的通用加密狗。 授权检查可以在受信任的环境中发生(换句话说,可以信任的环境可以像用户期望的那样运行); 这可以通过上传和许可证检查软件的完整性检查来实施。 计量记录可以存储在防篡改设备中,并根据需要向管理员报告。 可以有一个相关的交换所机制来启用数据的注册和支付。
-
公开(公告)号:US07275160B2
公开(公告)日:2007-09-25
申请号:US09932476
申请日:2001-08-17
申请人: Siani Lynne Pearson , Liqun Chen
发明人: Siani Lynne Pearson , Liqun Chen
IPC分类号: G06F21/00
CPC分类号: G07F7/1008 , G06Q20/20 , G06Q20/341 , G06Q20/4097 , G06Q40/00 , G07F7/005
摘要: A method for allowing a financial transaction to be performed using a electronic system, the method comprising interrogating an electronic transaction terminal with an electronic security device to obtain an integrity metric for the electronic financial transaction terminal; determining if the transaction terminal is a trusted terminal based upon the integrity metric; allowing financial transaction data to be input into the transaction terminal if the transaction terminal is identified as a trusted terminal.
摘要翻译: 一种允许使用电子系统执行金融交易的方法,所述方法包括用电子安全装置询问电子交易终端以获得电子金融交易终端的完整性度量; 基于所述完整性度量确定所述交易终端是否为信任终端; 如果交易终端被识别为可信终端,则允许将金融交易数据输入到交易终端。
-
公开(公告)号:US08225222B2
公开(公告)日:2012-07-17
申请号:US09931657
申请日:2001-08-16
CPC分类号: G06F21/56 , G06F21/57 , G06F21/604
摘要: An apparatus and methods for modifying the security status of a computer component are disclosed. The apparatus represents a plurality of computer components; represents interactions among the plurality of computer components; and allows modification of a security setting associated with at least one of the computer components. The methods disclosed teach depicting a plurality of computer components; depicting interactions among the plurality of computer components; and modification of a security setting associated with at least one of the computer components.
摘要翻译: 公开了一种用于修改计算机组件的安全状态的装置和方法。 该装置表示多个计算机部件; 表示多个计算机组件之间的相互作用; 并且允许修改与至少一个计算机组件相关联的安全设置。 所公开的方法示出了描绘多个计算机组件; 描绘多个计算机部件之间的相互作用; 以及修改与至少一个计算机组件相关联的安全设置。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.018 秒)
