-
公开(公告)号:US20130129087A1
公开(公告)日:2013-05-23
申请号:US13523801
申请日:2012-06-14
IPC分类号: H04L9/00
CPC分类号: G06F21/602 , G06F2221/0755 , H04L9/0869 , H04L9/3247 , H04L9/3263
摘要: Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key.
摘要翻译: 提供了安全密钥生成的方法和系统。 在实施例中,在制造过程期间,设备为设备生成主种子并将种子存储在设备内。 设备将设备主键导出到安全制造商服务器。 安全制造商服务器为设备生成公/私根密钥,并从证书颁发机构请求设备的公钥密钥证书。 具有存储的主种子的设备被集成到最终用户系统中。 一旦出现条件,设备在集成到最终用户系统之后就会在该字段中生成公/私根密钥。 该系统还接收并安装公共密钥的证书。
-
公开(公告)号:US07600122B2
公开(公告)日:2009-10-06
申请号:US11593102
申请日:2006-11-06
申请人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
发明人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
IPC分类号: G06F9/00
CPC分类号: H04L9/0838
摘要: Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.
摘要翻译: 为诸如CPU的实体提供方法和装置,以有效地调用加密加速器来执行加密操作。 函数调用使密码加速器以针对特定处理步骤的方式执行多个加密操作,例如在安全会话的握手阶段期间的步骤。 这些技术提供了硬件处理资源,数据接口和存储器接口的有效利用。
-
公开(公告)号:US20060085640A1
公开(公告)日:2006-04-20
申请号:US11286111
申请日:2005-11-23
申请人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
发明人: Joseph Tardo , Mark Buer , Jianjun Luo , Don Matthews , Zheng Qi , Ronald Squires
IPC分类号: H04L9/00
CPC分类号: H04L9/0838
摘要: Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.
-
公开(公告)号:US08953790B2
公开(公告)日:2015-02-10
申请号:US13523801
申请日:2012-06-14
CPC分类号: G06F21/602 , G06F2221/0755 , H04L9/0869 , H04L9/3247 , H04L9/3263
摘要: Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key.
摘要翻译: 提供了安全密钥生成的方法和系统。 在实施例中,在制造过程期间,设备为设备生成主种子并将种子存储在设备内。 设备将设备主键导出到安全制造商服务器。 安全制造商服务器为设备生成公/私根密钥,并从证书颁发机构请求设备的公钥根证书。 具有存储的主种子的设备被集成到最终用户系统中。 一旦出现条件,设备在集成到最终用户系统之后就会在该字段中生成公/私根密钥。 该系统还接收并安装公共密钥的证书。
-
公开(公告)号:US08411867B2
公开(公告)日:2013-04-02
申请号:US12418967
申请日:2009-04-06
CPC分类号: H04L63/0428 , G06F21/602 , H04L9/0822 , H04L9/083 , H04L9/3228 , H04L9/3234 , H04L63/061
摘要: A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE.
摘要翻译: 本文描述了用于数据的密码处理的用于安全和可扩展的密钥管理的方法和系统。 在该方法中,通用密码引擎(GPE)通过密钥服务器的安全通道接收密钥资料,并将接收到的密钥加密密钥(KEK)和/或纯文本密钥存储在安全密钥缓存中。 当从主机接收到加密处理数据块的请求时,请求实体使用包含在请求中的认证标签进行认证。 如果认证成功,则GPE检索明文密钥或使用KEK生成明文密文,使用明文密钥对数据进行加密处理,并发送处理后的数据。 该系统包括安全地向主机提供加密密钥和/或密钥句柄的密钥服务器以及GPE的密钥加密密钥和/或明文密钥。
-
6.发明授权Method and system for securing a network utilizing IPsec and MACsec protocols 有权使用IPsec和MACsec协议来保护网络的方法和系统公开(公告)号:US07853691B2
公开(公告)日:2010-12-14
申请号:US11934257
申请日:2007-11-02
申请人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
发明人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
IPC分类号: G06F15/173 , G06F15/16 , G06F7/04 , H04L9/08
CPC分类号: H04L63/0464 , H04L63/162 , H04L63/164 , H04L69/08
摘要: Aspects of a method and system for securing a network utilizing IPsec and MACsec protocols are provided. In one or more network nodes, aspects of the invention may enable conversion between Ethernet packets comprising payloads secured utilizing IPsec protocols and Ethernet packets secured utilizing MACsec protocols. For example, IPsec connections may be terminated at an ingress network node and IPsec connections may be regenerated at an egress network node. Packets secured utilizing MACsec protocols may be detected based on an Ethertype. Packets comprising payloads secured utilizing IPsec protocols may be detected based on a protocol field or a next header field. The conversion may be based on a data structure stored by and/or accessible to the network nodes. Aspects of the invention may enable securing data utilizing MACsec protocols when tunneling IPsec secured data through non-IPsec enabled nodes.
摘要翻译: 提供了使用IPsec和MACsec协议来保护网络的方法和系统的方面。 在一个或多个网络节点中,本发明的方面可以实现包括使用IPsec协议保护的有效载荷的以太网分组和利用MACsec协议来保护的以太网分组之间的转换。 例如,可以在入口网络节点处终止IPsec连接,并且可以在出口网络节点处重新生成IPsec连接。 使用MACsec协议保护的数据包可以基于以太网类型进行检测。 可以基于协议字段或下一个报头字段来检测包括利用IPsec协议保护的有效载荷的分组。 该转换可以基于由网络节点存储和/或可访问的数据结构。 当通过非启用IPsec的节点隧道化IPsec安全数据时,本发明的各方面可以实现利用MACsec协议来保护数据。
-
7.发明申请PRESERVING SECURITY ASSOCATION IN MACSEC PROTECTED NETWORK THROUGH VLAN MAPPING 有权通过VLAN映射保护MACSEC保护网络中的安全性协议公开(公告)号:US20090307751A1
公开(公告)日:2009-12-10
申请号:US12463204
申请日:2009-05-08
申请人: Meg Lin , Mark Buer , Nicholas IIlyadis , Zheng Qi
发明人: Meg Lin , Mark Buer , Nicholas IIlyadis , Zheng Qi
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L63/101 , H04L63/162
摘要: According to one general aspect, a method of using a network device may include receiving, via an ingress port, a data packet that includes a payload portion, a source network address and a destination network address. In various embodiments, the method may also include determining if the data packet includes a security tag that includes a role based authentication tag. In some embodiments, the method may include, if the data packet includes a security tag that includes a role based authentication tag, transmitting, via an egress port, at least the payload portion and the role based authentication tag towards, in a topological sense, the destination network address.
摘要翻译: 根据一个一般方面,使用网络设备的方法可以包括经由入口端口接收包括有效载荷部分,源网络地址和目的地网络地址的数据分组。 在各种实施例中,该方法还可以包括确定数据分组是否包括包括基于角色的认证标签的安全标签。 在一些实施例中,如果数据分组包括包括基于角色的认证标签的安全标签,那么该方法可以包括,至少在有效载荷部分和基于角色的认证标签上, 目的网络地址。
-
8.发明授权Methods and apparatus for performing hash operations in a cryptography accelerator 有权用于在加密加速器中执行散列操作的方法和装置公开(公告)号:US07400722B2
公开(公告)日:2008-07-15
申请号:US10330694
申请日:2002-12-24
申请人: Zheng Qi , Ronald Squires , Mark Buer , David K. Chin
发明人: Zheng Qi , Ronald Squires , Mark Buer , David K. Chin
IPC分类号: H04L9/00
CPC分类号: G06F9/3879 , G06F9/30007 , H04L9/0643
摘要: Methods and apparatus are provided for implementing a cryptography accelerator for performing operations such as hash operations. The cryptography accelerator recognizes characteristics associated with input data and retrieves an instruction set for processing the input data. The instruction set is used to configure or control components such as MD5 and SHA-1 hash cores, XOR components, memory, etc. By providing a cryptography accelerator with access to multiple instruction sets, a variety of hash operations can be performed in a configurable cryptographic accelerator.
摘要翻译: 提供了用于实现用于执行诸如散列操作的操作的加密加速器的方法和装置。 加密加速器识别与输入数据相关联的特征,并检索用于处理输入数据的指令集。 该指令集用于配置或控制诸如MD5和SHA-1散列核心,XOR组件,存储器等组件。通过提供对多个指令集的访问的加密加速器,可以在可配置的 加密加速器
-
9.发明申请METHOD AND SYSTEM FOR SECURING A NETWORK UTILIZING IPSEC and MACSEC PROTOCOLS 有权用于保护使用IPSEC和MACSEC协议的网络的方法和系统公开(公告)号:US20080126559A1
公开(公告)日:2008-05-29
申请号:US11934257
申请日:2007-11-02
申请人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
发明人: Uri Elzur , Bora Akyol , Zheng Qi , Mark Buer , Ford Tamer , Yongbum Kim
IPC分类号: G06F15/16
CPC分类号: H04L63/0464 , H04L63/162 , H04L63/164 , H04L69/08
摘要: Aspects of a method and system for securing a network utilizing IPsec and MACsec protocols are provided. In one or more network nodes, aspects of the invention may enable conversion between Ethernet packets comprising payloads secured utilizing IPsec protocols and Ethernet packets secured utilizing MACsec protocols. For example, IPsec connections may be terminated at an ingress network node and IPsec connections may be regenerated at an egress network node. Packets secured utilizing MACsec protocols may be detected based on an Ethertype. Packets comprising payloads secured utilizing IPsec protocols may be detected based on a protocol field or a next header field. The conversion may be based on a data structure stored by and/or accessible to the network nodes. Aspects of the invention may enable securing data utilizing MACsec protocols when tunneling IPsec secured data through non-IPsec enabled nodes.
摘要翻译: 提供了使用IPsec和MACsec协议来保护网络的方法和系统的方面。 在一个或多个网络节点中,本发明的方面可以实现包括使用IPsec协议保护的有效载荷的以太网分组和利用MACsec协议来保护的以太网分组之间的转换。 例如,可以在入口网络节点处终止IPsec连接,并且可以在出口网络节点处重新生成IPsec连接。 使用MACsec协议保护的数据包可以基于以太网类型进行检测。 可以基于协议字段或下一个报头字段来检测包括利用IPsec协议保护的有效载荷的分组。 该转换可以基于由网络节点存储和/或可访问的数据结构。 当通过非启用IPsec的节点隧道化IPsec安全数据时,本发明的各方面可以实现利用MACsec协议来保护数据。
-
公开(公告)号:US07366300B2
公开(公告)日:2008-04-29
申请号:US09892242
申请日:2001-06-26
CPC分类号: H04L9/0625 , H04L2209/125 , H04L2209/24
摘要: Methods and apparatus are provided for implementing a cryptography engine for cryptography processing. A variety of techniques are described. A cryptography engine such as a DES engine can be decoupled from surrounding logic by using asynchronous buffers. Bit-sliced design can be implemented by moving expansion and permutation logic out of the timing critical data path. An XOR function can be decomposed into functions that can be implemented more efficiently. A two-level multiplexer can be used to preserve a clock cycle during cryptography processing. Key scheduling can be pipelined to allow efficient round key generation.
摘要翻译: 提供了用于实现用于密码处理的加密引擎的方法和装置。 描述了各种技术。 诸如DES引擎的加密引擎可以通过使用异步缓冲器与周围的逻辑解耦。 可以通过将时间关键数据路径上的扩展和置换逻辑移动来实现位片设计。 XOR函数可以分解为可以更有效地实现的函数。 双级多路复用器可用于在加密处理期间保留时钟周期。 密钥调度可以流水线化,以实现有效的一轮密钥生成。
-
-
-
-
-
-
-
-
-
搜索结果
33 条记录 (耗时 0.032 秒)
