-
公开(公告)号:US09276745B2
公开(公告)日:2016-03-01
申请号:US13976298
申请日:2011-12-15
申请人: David M. Durham , Men Long , Karanvir S. Grewal , Prashant Dewan , Xiaozhu Kang
发明人: David M. Durham , Men Long , Karanvir S. Grewal , Prashant Dewan , Xiaozhu Kang
IPC分类号: H04L29/06 , G06F21/10 , H04L9/28 , H04L9/06 , H04N1/44 , G06F21/62 , H04N21/2743 , H04N21/4405 , H04N21/4408 , H04N21/4788 , H04N21/81
CPC分类号: H04L9/28 , G06F21/6263 , G06F2221/2107 , H04L9/065 , H04L63/0428 , H04N1/4486 , H04N21/2743 , H04N21/4405 , H04N21/4408 , H04N21/4788 , H04N21/8153
摘要: An apparatus and method for preserving image privacy when manipulated by cloud services includes middleware for receiving an original image, splitting the original image into two sub-images, where the RGB pixel values of the sub-images have a bit value that is less than RGB pixel values of the original image. The sub-images are encrypted by adding a keystream to the RGB pixel values of the sub-images. The sub-image data is transmitted to a cloud service such as a social network or photo-sharing site, which manipulate the images by resizing, cropping, filtering, or the like. The sub-image data is received by the middleware and is successfully decrypted irrespective of the manipulations performed by the cloud services. In an alternative embodiment, the blocks of the original image are permutated when encrypted, and then reverse-permutated when decrypted.
摘要翻译: 一种用于在由云服务操作时保护图像隐私的装置和方法包括用于接收原始图像的中间件,将原始图像分割成两个子图像,其中子图像的RGB像素值具有小于RGB的比特值 原始图像的像素值。 通过向子图像的RGB像素值添加密钥流来加密子图像。 子图像数据被发送到诸如社交网络或照片共享站点的云服务,其通过调整大小,裁剪,过滤等来操纵图像。 子图像数据由中间件接收,并且被成功解密,而与云服务执行的操作无关。 在替代实施例中,原始图像的块在加密时被置换,然后在被解密时反向排列。
-
2.发明申请LOW-OVERHEAD CRYPTOGRAPHIC METHOD AND APPARATUS FOR PROVIDING MEMORY CONFIDENTIALITY, INTEGRITY AND REPLAY PROTECTION 有权用于提供记忆保密性,完整性和重复保护的低成本克隆方法和设备公开(公告)号:US20140040632A1
公开(公告)日:2014-02-06
申请号:US13976930
申请日:2011-12-28
申请人: Siddhartha Chhabra , Uday R. Savagaonkar , Carlos V. Rozas , Alpa T. Narendra Trivedi , Men Long , David M. Durham
发明人: Siddhartha Chhabra , Uday R. Savagaonkar , Carlos V. Rozas , Alpa T. Narendra Trivedi , Men Long , David M. Durham
IPC分类号: G06F21/64
CPC分类号: G06F21/64 , G06F12/1408 , G06F21/00 , G06F21/77
摘要: A method and system to provide a low-overhead cryptographic scheme that affords memory confidentiality, integrity and replay-protection by removing the critical read-after-write dependency between the various levels of the cryptographic tree. In one embodiment of the invention, the cryptographic processing of a child node can be pipelined with that of the parent nodes. This parallelization provided by the invention results in an efficient utilization of the cryptographic pipeline, enabling significantly lower performance overheads.
摘要翻译: 一种提供低开销加密方案的方法和系统,其通过去除加密树的各个级别之间的关键读后依赖关系来提供内存机密性,完整性和重放保护。 在本发明的一个实施例中,子节点的密码处理可以与母节点的密码处理流水线化。 由本发明提供的这种并行化导致密码流水线的有效利用,能够显着降低性能开销。
-
公开(公告)号:US20140032924A1
公开(公告)日:2014-01-30
申请号:US13562046
申请日:2012-07-30
申请人: David M. Durham , Xiaozhu Kang , Prashant Dewan , Men Long , Karanvir S. Grewal
发明人: David M. Durham , Xiaozhu Kang , Prashant Dewan , Men Long , Karanvir S. Grewal
IPC分类号: G06F21/00
CPC分类号: G06F21/10 , G06F21/32 , H04L9/0866 , H04L63/045 , H04L63/0861
摘要: Embodiments of techniques and systems for biometric-data-based media encryption are described. In embodiments, an encryption key may be created for a recipient user based at least in part on biometric data of the recipient user. This encryption key may be maintained on a key maintenance component and used by a sharing user to encrypt a media file for access by the recipient user. One or more access policies associated with recipient user may be encrypted in the encrypted media file as well. In embodiments, the media file may be encrypted for use by multiple recipient users. When a recipient user desires to access the encrypted media file, a decryption key may be generated in real time based on contemporaneously captured biometric data and used to provide access to the encrypted media file. Other embodiments may be described and claimed.
摘要翻译: 描述了用于基于生物特征数据的媒体加密的技术和系统的实施例。 在实施例中,可以至少部分地基于接收者用户的生物特征数据为接收者用户创建加密密钥。 该加密密钥可以维护在密钥维护组件上,并由共享用户使用以加密媒体文件以供接收用户访问。 与接收者用户相关联的一个或多个访问策略也可以在加密的媒体文件中被加密。 在实施例中,媒体文件可以被加密以供多个接收者用户使用。 当收件人用户希望访问加密的媒体文件时,可以基于同时捕获的生物特征数据实时地生成解密密钥,并且用于提供对加密的媒体文件的访问。 可以描述和要求保护其他实施例。
-
4.发明申请GENERATION AND/OR RECEPTION, AT LEAST IN PART, OF PACKET INCLUDING ENCRYPTED PAYLOAD 有权生成和/或接收,至少包括加密付费的分组公开(公告)号:US20100223457A1
公开(公告)日:2010-09-02
申请号:US12396125
申请日:2009-03-02
申请人: David M. Durham , Men Long , Karanvir S. Grewal
发明人: David M. Durham , Men Long , Karanvir S. Grewal
CPC分类号: H04L63/0428 , H04L9/0827
摘要: An embodiment may include circuitry to generate, at least in part, and/or receive, at least in part, a packet. The packet may include at least one field and an encrypted payload. The at least one field may include, at least in part, a first key and/or at least one value. The first key and at least one value, as included in the at least one field, may be encrypted by a second key. The encrypted payload may be capable of being decrypted, at least in part, based, at least in part, upon the first key and/or the at least one value to yield an unencrypted payload. The unencrypted payload may include at least a portion of application layer data that is to be communicated in a secure session.
摘要翻译: 一个实施例可以包括至少部分地和至少部分地生成分组的电路。 分组可以包括至少一个字段和加密的有效载荷。 至少一个场可以至少部分地包括第一密钥和/或至少一个值。 包括在至少一个字段中的第一密钥和至少一个值可以由第二密钥加密。 加密的有效载荷至少部分地可以至少部分地基于第一密钥和/或至少一个值来解密,以产生未加密的有效载荷。 未加密的有效载荷可以包括要在安全会话中通信的应用层数据的至少一部分。
-
公开(公告)号:US09092644B2
公开(公告)日:2015-07-28
申请号:US13976935
申请日:2011-12-28
申请人: Alpa T. Narendra Trivedi , David M. Durham , Men Long , Siddhartha Chhabra , Uday R. Savagaonkar , Carlos V. Rozas
发明人: Alpa T. Narendra Trivedi , David M. Durham , Men Long , Siddhartha Chhabra , Uday R. Savagaonkar , Carlos V. Rozas
CPC分类号: G06F21/64 , G06F12/1408 , G06F21/78 , G06F21/79 , H04L9/0643 , H04L2209/12
摘要: A method and system to provide an effective, scalable and yet low-cost solution for Confidentiality, Integrity and Replay protection for sensitive information stored in a memory and prevent an attacker from observing and/or modifying the state of the system. In one embodiment of the invention, the system has strong hardware protection for its memory contents via XTS-tweak mode of encryption where the tweak is derived based on “Global and Local Counters”. This scheme offers to enable die-area efficient Replay protection for any sized memory by allowing multiple counter levels and facilitates using small counter-sizes to derive the “tweak” used in the XTS encryption without sacrificing cryptographic strength.
摘要翻译: 一种方法和系统,为存储在存储器中的敏感信息提供有效,可扩展且低成本的保密性,完整性和重放保护解决方案,并防止攻击者观察和/或修改系统的状态。 在本发明的一个实施例中,系统通过经由XTS调整加密模式对其存储器内容具有强大的硬件保护,其中基于“全局和本地计数器”导出调整。 该方案提供了通过允许多个计数器级别为任何大小的存储器提供芯片区域高效的重放保护,并有助于使用小型计数器来导出XTS加密中使用的“调整”,而不会牺牲加密强度。
-
6.发明申请公开(公告)号:US20140101461A1
公开(公告)日:2014-04-10
申请号:US13646105
申请日:2012-10-05
申请人: Siddhartha Chhabra , Uday R. Savagaonkar , David M. Durham , Niranjan L. Cooray , Men Long , Carlos V. Rozas , Alpa T. Narendra Trivedi
发明人: Siddhartha Chhabra , Uday R. Savagaonkar , David M. Durham , Niranjan L. Cooray , Men Long , Carlos V. Rozas , Alpa T. Narendra Trivedi
IPC分类号: G06F12/14
CPC分类号: G06F12/1408 , G06F21/71
摘要: A processor includes a memory encryption engine that provides replay and confidentiality protections to a memory region. The memory encryption engine performs low-overhead parallelized tree walks along a counter tree structure. The memory encryption engine upon receiving an incoming read request for the protected memory region, performs a dependency check operation to identify dependency between the incoming read request and an in-process request and to remove the dependency when the in-process request is a read request that is not currently suspended.
摘要翻译: 处理器包括为存储器区域提供重放和保密性保护的存储器加密引擎。 存储器加密引擎沿着计数器树结构执行低架构并行化的树行走。 存储器加密引擎在接收到对受保护的存储器区域的传入读取请求时,执行依赖性检查操作以识别传入的读取请求与进程内请求之间的依赖关系,并且当进程内请求是读取请求时,去除依赖关系 目前尚未暂停。
-
公开(公告)号:US20160283750A1
公开(公告)日:2016-09-29
申请号:US14669235
申请日:2015-03-26
CPC分类号: G06F21/79 , G06F12/1408 , G06F21/71 , G06F2212/1052 , H04L9/0891 , H04L9/3242
摘要: In an embodiment, a processor includes: at least one core to execute instructions; a cache memory coupled to the at least one core to store data; and a tracker cache memory coupled to the at least one core. The tracker cache memory includes entries to store an integrity value associated with a data block to be written to a memory coupled to the processor. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器包括:执行指令的至少一个核心; 耦合到所述至少一个核心以存储数据的高速缓存存储器; 以及耦合到所述至少一个核的跟踪器缓存存储器。 跟踪器缓存存储器包括用于存储与要写入耦合到处理器的存储器的数据块相关联的完整性值的条目。 描述和要求保护其他实施例。
-
8.发明授权Generation and/or reception, at least in part, of packet including encrypted payload 有权至少部分地生成和/或接收包括加密有效载荷的分组公开(公告)号:US08281122B2
公开(公告)日:2012-10-02
申请号:US12396125
申请日:2009-03-02
申请人: David M. Durham , Men Long , Karanvir S. Grewal
发明人: David M. Durham , Men Long , Karanvir S. Grewal
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , H04L9/0827
摘要: An embodiment may include circuitry to generate, at least in part, and/or receive, at least in part, a packet. The packet may include at least one field and an encrypted payload. The at least one field may include, at least in part, a first key and/or at least one value. The first key and at least one value, as included in the at least one field, may be encrypted by a second key. The encrypted payload may be capable of being decrypted, at least in part, based, at least in part, upon the first key and/or the at least one value to yield an unencrypted payload. The unencrypted payload may include at least a portion of application layer data that is to be communicated in a secure session.
摘要翻译: 一个实施例可以包括至少部分地和至少部分地生成分组的电路。 分组可以包括至少一个字段和加密的有效载荷。 至少一个场可以至少部分地包括第一密钥和/或至少一个值。 包括在至少一个字段中的第一密钥和至少一个值可以由第二密钥加密。 加密的有效载荷至少部分地可以至少部分地基于第一密钥和/或至少一个值来解密,以产生未加密的有效载荷。 未加密的有效载荷可以包括要在安全会话中通信的应用层数据的至少一部分。
-
9.发明申请SECURE WIRELESS PAIRING OF DIGITAL TV SHORT-RANGE TRANSMITTER AND RECEIVER 审中-公开数字电视短距离发射机和接收机的安全无线配对公开(公告)号:US20110099591A1
公开(公告)日:2011-04-28
申请号:US12607894
申请日:2009-10-28
申请人: Men Long , David M. Durham
发明人: Men Long , David M. Durham
CPC分类号: H04N7/1675 , H04L9/0825 , H04L63/0442 , H04L2209/60 , H04L2209/80 , H04N21/4122 , H04N21/43637 , H04N21/4367 , H04N21/443 , H04W12/00504 , H04W12/00522 , H04W12/04
摘要: Embodiments of wireless display of digital content include transmission using a television transmission standard, such as a set of standards defined by the Advanced Television Systems Committee (ATSC) for digital television (TV) transmissions. The digital content is transmitted in a short range wireless network. In some embodiments, an encryption technique is applied to add security allowing decryption by a digital television using a firmware update, allowing retrofitting of security to devices currently deployed.
摘要翻译: 数字内容的无线显示的实施例包括使用诸如由用于数字电视(TV)传输的高级电视系统委员会(ATSC)定义的一组标准的电视传输标准的传输。 数字内容在短距离无线网络中传输。 在一些实施例中,应用加密技术来增加允许使用固件更新的数字电视进行解密的安全性,允许将当前部署的设备改装为安全性。
-
10.发明申请公开(公告)号:US20160378687A1
公开(公告)日:2016-12-29
申请号:US14750664
申请日:2015-06-25
CPC分类号: G06F12/1408 , G06F12/0864 , G06F12/0875 , G06F21/602 , G06F21/64 , G06F2212/1052 , G06F2212/402 , G06F2212/60 , H04L9/0637 , H04L9/0643 , H04L9/3242 , H04L9/3247
摘要: Technologies for memory encryption include a computing device to generate a keyed hash of a data line based on a statistical counter value and a memory address to which to write the data line and to store the keyed hash to a cache line. The statistical counter value has a reference probability of incrementing at each write operation. The cache line includes a plurality of keyed hashes and each of the keyed hashes corresponds with a different data line. The computing device further encrypts the data line based on the keyed hash, the memory address, and the statistical counter value.
摘要翻译: 用于存储器加密的技术包括计算设备,用于基于统计计数器值和存储器地址生成数据线的密钥哈希,用于写入数据线并将密钥散列存储到高速缓存行。 统计计数器值在每次写入操作时具有递增的参考概率。 高速缓存线包括多个键控哈希,并且每个键控哈希对应于不同的数据线。 计算设备还基于密钥哈希,存储器地址和统计计数器值对数据线进行加密。
-
-
-
-
-
-
-
-
-
搜索结果
105 条记录 (耗时 0.021 秒)
