公开(公告)号：US09811646B2

公开(公告)日：2017-11-07

申请号：US13822137

申请日：2011-08-08

申请人： Michael Baentsch ,  Peter Buhler ,  Harold D Dykeman ,  Reto J Hermann ,  Frank Hoering ,  Michael P Kuyper-Hammond ,  Diego Alejandro Ortiz-Yepes ,  Thomas D Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Harold D Dykeman ,  Reto J Hermann ,  Frank Hoering ,  Michael P Kuyper-Hammond ,  Diego Alejandro Ortiz-Yepes ,  Thomas D Weigold

IPC分类号： G06F21/12 ,  G06F21/10 ,  G06F21/62

CPC分类号： G06F21/121 ,  G06F21/10 ,  G06F21/6218

摘要： A method, a secure device and a computer program product for securely managing files. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server via a host, the host connected to the server through a telecommunication network, upon receiving a request for using a file stored on the secure device, processing the request at the secure device according to an updated use permission associated to the file, where the updated use permission is obtained by instructing at the secure device to establish a connection between the secure device and the server via the host and updating at the device the use permission associated to the file, according to permission data sent from the server through the established connection.

公开(公告)号：US20130232584A1

公开(公告)日：2013-09-05

申请号：US13822137

申请日：2011-08-08

申请人： Michael Baentsch ,  Peter Buhler ,  Harold D Dykeman ,  Reto J Hermann ,  Frank Hoering ,  Michael P. Kuyper-Hammond ,  Diego Alejandro Ortiz-Yepes ,  Thomas D Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Harold D Dykeman ,  Reto J Hermann ,  Frank Hoering ,  Michael P. Kuyper-Hammond ,  Diego Alejandro Ortiz-Yepes ,  Thomas D Weigold

IPC分类号： G06F21/12

CPC分类号： G06F21/121 ,  G06F21/10 ,  G06F21/6218

摘要： A method, a secure device and a computer program product for securely managing files. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server via a host, the host connected to the server through a telecommunication network, upon receiving a request for using a file stored on the secure device, processing the request at the secure device according to an updated use permission associated to the file, where the updated use permission is obtained by instructing at the secure device to establish a connection between the secure device and the server via the host and updating at the device the use permission associated to the file, according to permission data sent from the server through the established connection.

摘要翻译： 一种安全管理文件的方法，安全装置和计算机程序产品。 该方法包括提供安全设备，其中安全设备受到设计的保护，防止恶意软件或恶意软件，并且适于经由主机建立到服务器的连接，主机通过电信网络连接到服务器，在接收到请求 使用存储在所述安全设备上的文件，根据与所述文件相关联的更新的使用许可，在所述安全设备处理所述请求，其中通过指示所述安全设备建立所述安全设备与所述安全设备之间的连接来获得所述更新的使用许可， 服务器通过主机，并根据从服务器通过建立的连接发送的许可数据在设备上更新与文件相关联的使用权限。

公开(公告)号：US20110173448A1

公开(公告)日：2011-07-14

申请号：US13063969

申请日：2009-09-17

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  G06F21/33 ,  G06F21/34

摘要： An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

摘要翻译： 用于授权从用户计算机通过数据通信网络请求的远程服务器的操作的授权设备包括被配置为连接到本地用户计算机以便于经由数据通信网络与远程服务器通信的计算机接口，被配置为呈现 信息给用户和控制逻辑。 所述控制逻辑适于使用所述控制逻辑可访问的安全数据，以经由所述本地用户计算机建立用于与所述服务器的加密的端到端通信的相互认证的连接; 从服务器通过连接收集指示通过与服务器的不同连接请求的任何操作的信息，并且需要用户的授权; 并通过用户界面将信息呈现给用户，以提示操作的授权。

公开(公告)号：US08856919B2

公开(公告)日：2014-10-07

申请号：US13557468

申请日：2012-07-25

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

IPC分类号： G06F9/44 ,  H04L29/06 ,  G06F21/33 ,  G06F21/34 ,  H04L29/10

CPC分类号： H04L63/0823 ,  G06F21/33 ,  G06F21/34

摘要： An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

公开(公告)号：US08640255B2

公开(公告)日：2014-01-28

申请号：US13063969

申请日：2009-09-17

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

IPC分类号： H04L12/22 ,  H04L12/12

CPC分类号： H04L63/0823 ,  G06F21/33 ,  G06F21/34

摘要： An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

摘要翻译： 用于授权从用户计算机通过数据通信网络请求的远程服务器的操作的授权设备包括被配置为连接到本地用户计算机以便于经由数据通信网络与远程服务器通信的计算机接口，被配置为呈现 信息给用户和控制逻辑。 所述控制逻辑适于使用所述控制逻辑可访问的安全数据，以经由所述本地用户计算机建立用于与所述服务器的加密的端到端通信的相互认证的连接; 从服务器通过连接收集指示通过与服务器的不同连接请求的任何操作的信息，并且需要用户的授权; 并通过用户界面将信息呈现给用户，以提示操作的授权。

公开(公告)号：US20120291105A1

公开(公告)日：2012-11-15

申请号：US13557468

申请日：2012-07-25

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Reto J. Hermann ,  Frank Hoering ,  Thorsten Kramp ,  Michael P. Kuyper-Hammond ,  Thomas D. Weigold

IPC分类号： G06F21/00

CPC分类号： H04L63/0823 ,  G06F21/33 ,  G06F21/34

摘要： An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

摘要翻译： 用于授权从用户计算机通过数据通信网络请求的远程服务器的操作的授权设备包括被配置为连接到本地用户计算机以便于经由数据通信网络与远程服务器通信的计算机接口，被配置为呈现 信息给用户和控制逻辑。 所述控制逻辑适于使用所述控制逻辑可访问的安全数据，以经由所述本地用户计算机建立用于与所述服务器的加密的端到端通信的相互认证的连接; 从服务器通过连接收集指示通过与服务器的不同连接请求的任何操作的信息，并且需要用户的授权; 并通过用户界面将信息呈现给用户，以提示操作的授权。

公开(公告)号：US07412480B2

公开(公告)日：2008-08-12

申请号：US09894035

申请日：2001-06-28

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

IPC分类号： G06F15/16

CPC分类号： G06F21/51 ,  G06F8/658 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/033 ,  G06F2221/2107 ,  Y10S707/99953

摘要： The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

摘要翻译： 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码，该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合，以生成第二签名代码片段。 为此，第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。

公开(公告)号：US07970821B2

公开(公告)日：2011-06-28

申请号：US12145966

申请日：2008-06-25

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

IPC分类号： G06F15/16

CPC分类号： G06F21/51 ,  G06F8/658 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/033 ,  G06F2221/2107 ,  Y10S707/99953

摘要： The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

摘要翻译： 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码，该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合，以生成第二签名代码片段。 为此，第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。

公开(公告)号：US20100017459A1

公开(公告)日：2010-01-21

申请号：US12145966

申请日：2008-06-25

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Thomas D. Weigold

IPC分类号： G06F15/16

CPC分类号： G06F21/51 ,  G06F8/658 ,  G06F21/105 ,  G06F21/12 ,  G06F2221/033 ,  G06F2221/2107 ,  Y10S707/99953

摘要： The invention is directed to a method for a software provider to enable a software-acquiring entity to arrive from an existent first signed piece of code at a second signed piece of code. Both pieces of code were generated at the software provider by use of a first software archive generator under use of generation instructions. The software provider provides to the software-acquiring entity a difference code that comprises the steps necessary to arrive from the first signed piece of code at the second signed piece of code. The difference code is combinable at the software-acquiring entity with the first signed piece of code by a second software archive generator to generate the second signed piece of code. The second software archive generator is therefor to be fed with those generation instructions that were used by the first software archive generator for the generation of both pieces of code.

摘要翻译： 本发明涉及一种用于软件提供者使得软件获取实体能够以第二签名的代码片段从现有的第一签名代码片段到达的方法。 这两个代码是通过使用生成指令使用的第一个软件归档生成器在软件提供商生成的。 软件提供商向软件获取实体提供差分代码，该差分代码包括在第二签名代码片段从第一签名代码段到达的步骤。 差分代码在软件获取实体上可由第二软件归档发生器用第一签名代码组合，以生成第二签名代码片段。 为此，第二个软件归档发生器将被馈送由第一个软件归档发生器用于生成这两个代码的那些生成指令。

公开(公告)号：US07543159B2

公开(公告)日：2009-06-02

申请号：US10495345

申请日：2002-11-05

申请人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher ,  Thomas D. Weigold

发明人： Michael Baentsch ,  Peter Buhler ,  Thomas Eirich ,  Frank Hoering ,  Marcus Oestreicher ,  Thomas D. Weigold

IPC分类号： G06F12/14

CPC分类号： H04L63/04 ,  G06F21/76 ,  H04L9/003 ,  H04L9/0625 ,  H04L2209/12

摘要： Provides a data processing system comprising a processor and encrypted information in a first persistent memory whose level of information leakage is higher than that of a second persistent memory. The second persistent memory stores a cryptographic key for decrypting the encrypted information, generating therefrom unencrypted information that is usable by the processor for executing an operation. The cryptographic key may be used for encrypting the unencrypted information, generating the encrypted information. Also provided is a method of processing such a data-processing system with an operating system, comprising writing unencrypted information into the first persistent memory, encrypting the unencrypted information under use of the first cryptographic key, creating therefrom encrypted information in the first persistent memory, and setting the data-processing system to a state in which writing into the first persistent memory is controlled by the operating system.

摘要翻译： 提供包括处理器和加密信息的数据处理系统，其中第一持久存储器的信息泄漏级别高于第二持久存储器。 第二持久存储器存储用于对加密信息进行解密的加密密钥，从而生成由处理器可用于执行操作的未加密信息。 加密密钥可以用于加密未加密的信息，生成加密的信息。 还提供了一种处理具有操作系统的这种数据处理系统的方法，包括将未加密的信息写入到第一持久存储器中，对使用第一加密密钥的未加密信息进行加密，从而在第一永久存储器中创建加密信息， 并且将数据处理系统设置为由操作系统控制对第一永久存储器的写入的状态。