-
1.发明授权Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware 有权使用防篡改硬件的安全信任锚配置和保护的设备,方法和系统公开(公告)号:US08954735B2
公开(公告)日:2015-02-10
申请号:US13631562
申请日:2012-09-28
申请人: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
发明人: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
IPC分类号: H04L29/06
CPC分类号: H04L63/061 , H04L9/0822 , H04L9/0866 , H04L9/3231 , H04L63/0861 , H04L2209/127
摘要: A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.
摘要翻译: 用于安全地配置信任锚的方法和设备包括生成作为计算设备硬件的函数的数据库包装密钥。 数据库包装器密钥在密钥数据库不被可信执行环境使用时加密,并且可以使用物理不可克隆功能(PUF)生成密钥数据库。 本地计算设备与远程计算设备建立安全连接和安全协议。 在建立安全连接时,本地计算设备和远程计算设备可以交换和/或验证密码密钥,包括增强型隐私标识(EPID)密钥,并建立会话密钥和设备标识符。 根据单方面,双边或多边信托是否建立了一个或多个信托基金。 本地计算设备可以充当组或域控制器来建立多边信任。 任何设备也可能要求验证用户存在。
-
2.发明申请DEVICE, METHOD, AND SYSTEM FOR SECURE TRUST ANCHOR PROVISIONING AND PROTECTION USING TAMPER-RESISTANT HARDWARE 有权使用防潮硬件安全信赖锚定器和保护的装置,方法和系统公开(公告)号:US20140095867A1
公开(公告)日:2014-04-03
申请号:US13631562
申请日:2012-09-28
申请人: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
发明人: Ned M. Smith , David Johnston , George W. Cox , Adi Shaliv
CPC分类号: H04L63/061 , H04L9/0822 , H04L9/0866 , H04L9/3231 , H04L63/0861 , H04L2209/127
摘要: A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.
摘要翻译: 用于安全地配置信任锚的方法和设备包括生成作为计算设备硬件的函数的数据库包装密钥。 数据库包装器密钥在密钥数据库不被可信执行环境使用时加密,并且可以使用物理不可克隆功能(PUF)生成密钥数据库。 本地计算设备与远程计算设备建立安全连接和安全协议。 在建立安全连接时,本地计算设备和远程计算设备可以交换和/或验证密码密钥,包括增强型隐私标识(EPID)密钥,并建立会话密钥和设备标识符。 根据单方面,双边或多边信托是否建立了一个或多个信托基金。 本地计算设备可以充当组或域控制器来建立多边信任。 任何设备也可能要求验证用户存在。
-
公开(公告)号:US10079678B2
公开(公告)日:2018-09-18
申请号:US13557079
申请日:2012-07-24
申请人: Ned M. Smith , George W. Cox , David Johnston
发明人: Ned M. Smith , George W. Cox , David Johnston
CPC分类号: H04L9/0866 , G06F21/31 , G06F21/6209 , G06F21/74 , G06F2221/2107 , H04L9/0822 , H04L9/3226
摘要: Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed.
-
公开(公告)号:US20140032933A1
公开(公告)日:2014-01-30
申请号:US13557079
申请日:2012-07-24
申请人: Ned M. Smith , George W. Cox , David Johnston
发明人: Ned M. Smith , George W. Cox , David Johnston
IPC分类号: G06F21/24
CPC分类号: H04L9/0866 , G06F21/31 , G06F21/6209 , G06F21/74 , G06F2221/2107 , H04L9/0822 , H04L9/3226
摘要: Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed.
摘要翻译: 这里公开了与为授权用户提供对加密数据的访问相关联的方法,系统和存储介质的实施例。 在一个实例中,该方法可以包括基于认证用户的用户个性化数据获得经认证的用户的导出值,并且基于导出的值生成用户特定加密密钥。 导出值可能具有超过预定水平的熵。 用户专用加密密钥可以使经认证的用户能够访问存储在存储设备上的加密数据。 可以描述和/或要求保护其他实施例。
-
公开(公告)号:US20150079933A1
公开(公告)日:2015-03-19
申请号:US14119493
申请日:2013-09-19
申请人: Ned M. Smith , Adi Shaliv
发明人: Ned M. Smith , Adi Shaliv
CPC分类号: H04W4/02 , G01C21/206 , G01S5/02 , H04L63/0869 , H04L63/0876 , H04W4/029 , H04W4/043 , H04W12/06 , H04W84/12
摘要: Systems and techniques for securely managed location-and-tracking service (LTS) access are described herein. A trusted execution environment (TEE) may establish a connection to an LTS. The TEE may provide verification to the LTS that the connection origination from the TEE. The TEE may request an LTS location for the mobile device from the LTS using the connection. The TEE may provide the LTS location to applications of the mobile device.
摘要翻译: 本文描述了用于安全管理的位置和跟踪服务(LTS)访问的系统和技术。 可信执行环境(TEE)可以建立到LTS的连接。 TEE可以向LTS提供来自TEE的连接的验证。 TEE可以使用连接从LTS请求移动设备的LTS位置。 TEE可以向移动设备的应用提供LTS位置。
-
公开(公告)号:US20220224776A1
公开(公告)日:2022-07-14
申请号:US17711742
申请日:2022-04-01
IPC分类号: H04L67/5681 , H04L43/0852 , G06F12/0897 , G06F12/0891
摘要: The present disclosure is related to managing a caching system based on object fetch costs, where the fetch cost are based on the access latency, cache misses, and time to reuse of individual objects. The caching system may be a multi-tiered caching system that includes multiple storage tiers, where an object management system determines whether to retain or evict an object from a cache of a particular storage tier based on the object's fetch cost. Additionally, eviction can include moving objects from a current storage tier to another storage tier based on the current storage tier and fetch costs.
-
公开(公告)号:US20220222359A1
公开(公告)日:2022-07-14
申请号:US17711542
申请日:2022-04-01
IPC分类号: G06F21/60
摘要: System and techniques for fault tolerant telemetry of distributed devices are described herein. A node includes a hardware component that receives telemetry from an entity resident on the node. The hardware component signs the telemetry with a cryptographic key to create signed telemetry and stores the signed telemetry in memory of the hardware component. Then, upon request from a remote entity, the hardware component provides the signed telemetry.
-
公开(公告)号:US20220114055A1
公开(公告)日:2022-04-14
申请号:US17559877
申请日:2021-12-22
申请人: Kshitij Arun Doshi , Francesc Guim Bernat , Christian Maciocco , Ned M. Smith , S M Iftekharul Alam , Satish Chandra Jha , Vesh Raj Sharma Banjade , Alexander Bachmutsky
发明人: Kshitij Arun Doshi , Francesc Guim Bernat , Christian Maciocco , Ned M. Smith , S M Iftekharul Alam , Satish Chandra Jha , Vesh Raj Sharma Banjade , Alexander Bachmutsky
摘要: Systems and techniques for transparent dynamic reassembly of computing resource compositions are described herein. An indication may be obtained of an error state of a component of a computing system. An offload command may be transmitted to component management software of the computing system. An indication may be received that workloads to be executed using the component have been suspended. An administrative mode command may be transmitted to the component. The administrative mode command may place the component in partial shutdown to prevent the component from receiving non-administrative workloads. Data of the component may be synchronized with a backup component. Workloads from the component may be transferred to the backup component. An offload release command may be transmitted to the software of the computing system.
-
公开(公告)号:US20220014466A1
公开(公告)日:2022-01-13
申请号:US17484125
申请日:2021-09-24
IPC分类号: H04L12/747 , H04L29/08 , H04L29/06
摘要: System and techniques for information centric network tunneling are described herein. At an ICN router, a data handle for data—that includes an indication of security metadata—is received. The security metadata is obtained based on the data handle and the data is cached based on the security metadata. An ICN node at an interface of the ICN router is tested for compatibility with the security metadata and a version of the data is transmitted to the ICN node based on the compatibility of the ICN node with the security metadata.
-
公开(公告)号:US20210328783A1
公开(公告)日:2021-10-21
申请号:US17358474
申请日:2021-06-25
IPC分类号: H04L9/08
摘要: System and techniques for decentralized key generation and management are described herein. An information centric network (ICN) node receives a first ICN interest packet for public encryption parameters of an identity based encryption (IBE) key generation center (KGC). Public encryption parameters for the KGC are received in a first ICN data packet in response to the first ICN interest packet. The public encryption parameters are cached and used to respond a second ICN interest packet for the public parameters. A third ICN data packet may be received from the KGC in response to a key generation request. Here, the third data packet includes an indication that the third ICN data packet is part of a one-time session. Then, the third ICN data packet is transmitted without caching the third ICN data packet content based on the indication.
-
-
-
-
-
-
-
-
-
搜索结果
200 条记录 (耗时 0.036 秒)