公开(公告)号：US08532303B2

公开(公告)日：2013-09-10

申请号：US11957184

申请日：2007-12-14

申请人： Divya Naidu Kolar Sunder ,  Prashant Dewan ,  Men Long

发明人： Divya Naidu Kolar Sunder ,  Prashant Dewan ,  Men Long

IPC分类号： H04L9/08

CPC分类号： H04L63/0435 ,  H04L9/083 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/20

摘要： A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.

摘要翻译： 公开了一种方法，装置和系统。 在一个实施例中，该方法包括从密钥分发服务器上的客户端接收测量的健康信息。 一旦接收到测量的健康信息，服务器就能够验证测量的健康信息，看它是否可信。 当测量的健康信息被验证时，服务器还能够向客户端发送会话密钥。 当客户端接收会话密钥时，客户端能够使用会话密钥发起与域中的应用服务器的加密和认证连接。

公开(公告)号：US08498420B2

公开(公告)日：2013-07-30

申请号：US11957184

申请日：2007-12-14

申请人： Divya Naidu Kolar Sunder ,  Prashant Dewan ,  Men Long

发明人： Divya Naidu Kolar Sunder ,  Prashant Dewan ,  Men Long

IPC分类号： H04L9/08

摘要： A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.

公开(公告)号：US20080022388A1

公开(公告)日：2008-01-24

申请号：US11478986

申请日：2006-06-30

申请人： Karanvir Grewal ,  David Durham ,  Hormuzd Khosravi ,  Men Long ,  Prashant Dewan

发明人： Karanvir Grewal ,  David Durham ,  Hormuzd Khosravi ,  Men Long ,  Prashant Dewan

IPC分类号： G06F15/16

CPC分类号： H04L63/105

摘要： A method and apparatus to define multiple zones in a data packet for inclusion in processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations to which the zone is subjected. In another embodiment, the list of security operations for a zone includes parameters to be passed when performing the security operations on the zone.

摘要翻译： 一种在数据分组中定义多个区域以包括在安全协议的安全操作的处理中的方法和装置。 在一个实施例中，每个定义的区域具有该区域经受的安全操作的关联列表。 在另一个实施例中，区域的安全操作的列表包括在区域上执行安全操作时要传递的参数。

公开(公告)号：US09319220B2

公开(公告)日：2016-04-19

申请号：US12032618

申请日：2008-02-15

申请人： Karanvir Grewal ,  Men Long ,  Prashant Dewan

发明人： Karanvir Grewal ,  Men Long ,  Prashant Dewan

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/32

CPC分类号： H04L63/061 ,  H04L9/083 ,  H04L9/321 ,  H04L9/3247

摘要： Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.

摘要翻译： 公开了提供网络飞地内的安全性的方法和装置。 在一个实施例中，认证逻辑启动与中央网络授权机构的认证。 分组处理逻辑从中央网络机构接收密钥和标识符。 然后，安全协议逻辑通过包括客户端标识符和加密部分和/或授权签名的通信来建立客户机 - 服务器安全关联，其中由中央网络机构分配的客户机授权密钥可以由服务器再现，除了 所述中央网络机构根据客户端标识符和由中央网络机构提供给服务器的导出密钥来解密加密部分和/或使用授权签名验证通信。 如果需要，服务器还可以使用服务器生成的导出密钥向客户端提供新的会话密钥和/或新的客户端会话标识符，并用客户端授权密钥来保护它们。

公开(公告)号：US09276745B2

公开(公告)日：2016-03-01

申请号：US13976298

申请日：2011-12-15

申请人： David M. Durham ,  Men Long ,  Karanvir S. Grewal ,  Prashant Dewan ,  Xiaozhu Kang

发明人： David M. Durham ,  Men Long ,  Karanvir S. Grewal ,  Prashant Dewan ,  Xiaozhu Kang

IPC分类号： H04L29/06 ,  G06F21/10 ,  H04L9/28 ,  H04L9/06 ,  H04N1/44 ,  G06F21/62 ,  H04N21/2743 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4788 ,  H04N21/81

CPC分类号： H04L9/28 ,  G06F21/6263 ,  G06F2221/2107 ,  H04L9/065 ,  H04L63/0428 ,  H04N1/4486 ,  H04N21/2743 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4788 ,  H04N21/8153

摘要： An apparatus and method for preserving image privacy when manipulated by cloud services includes middleware for receiving an original image, splitting the original image into two sub-images, where the RGB pixel values of the sub-images have a bit value that is less than RGB pixel values of the original image. The sub-images are encrypted by adding a keystream to the RGB pixel values of the sub-images. The sub-image data is transmitted to a cloud service such as a social network or photo-sharing site, which manipulate the images by resizing, cropping, filtering, or the like. The sub-image data is received by the middleware and is successfully decrypted irrespective of the manipulations performed by the cloud services. In an alternative embodiment, the blocks of the original image are permutated when encrypted, and then reverse-permutated when decrypted.

摘要翻译： 一种用于在由云服务操作时保护图像隐私的装置和方法包括用于接收原始图像的中间件，将原始图像分割成两个子图像，其中子图像的RGB像素值具有小于RGB的比特值 原始图像的像素值。 通过向子图像的RGB像素值添加密钥流来加密子图像。 子图像数据被发送到诸如社交网络或照片共享站点的云服务，其通过调整大小，裁剪，过滤等来操纵图像。 子图像数据由中间件接收，并且被成功解密，而与云服务执行的操作无关。 在替代实施例中，原始图像的块在加密时被置换，然后在被解密时反向排列。

公开(公告)号：US20140032924A1

公开(公告)日：2014-01-30

申请号：US13562046

申请日：2012-07-30

申请人： David M. Durham ,  Xiaozhu Kang ,  Prashant Dewan ,  Men Long ,  Karanvir S. Grewal

发明人： David M. Durham ,  Xiaozhu Kang ,  Prashant Dewan ,  Men Long ,  Karanvir S. Grewal

IPC分类号： G06F21/00

CPC分类号： G06F21/10 ,  G06F21/32 ,  H04L9/0866 ,  H04L63/045 ,  H04L63/0861

摘要： Embodiments of techniques and systems for biometric-data-based media encryption are described. In embodiments, an encryption key may be created for a recipient user based at least in part on biometric data of the recipient user. This encryption key may be maintained on a key maintenance component and used by a sharing user to encrypt a media file for access by the recipient user. One or more access policies associated with recipient user may be encrypted in the encrypted media file as well. In embodiments, the media file may be encrypted for use by multiple recipient users. When a recipient user desires to access the encrypted media file, a decryption key may be generated in real time based on contemporaneously captured biometric data and used to provide access to the encrypted media file. Other embodiments may be described and claimed.

摘要翻译： 描述了用于基于生物特征数据的媒体加密的技术和系统的实施例。 在实施例中，可以至少部分地基于接收者用户的生物特征数据为接收者用户创建加密密钥。 该加密密钥可以维护在密钥维护组件上，并由共享用户使用以加密媒体文件以供接收用户访问。 与接收者用户相关联的一个或多个访问策略也可以在加密的媒体文件中被加密。 在实施例中，媒体文件可以被加密以供多个接收者用户使用。 当收件人用户希望访问加密的媒体文件时，可以基于同时捕获的生物特征数据实时地生成解密密钥，并且用于提供对加密的媒体文件的访问。 可以描述和要求保护其他实施例。

公开(公告)号：US08364973B2

公开(公告)日：2013-01-29

申请号：US11967928

申请日：2007-12-31

申请人： Hormuzd Khosravi ,  David Durham ,  Prashant Dewan ,  Ravi Sahita ,  Uday R. Savagaonkar ,  Men Long

发明人： Hormuzd Khosravi ,  David Durham ,  Prashant Dewan ,  Ravi Sahita ,  Uday R. Savagaonkar ,  Men Long

IPC分类号： G06F21/00

CPC分类号： G06F21/64 ,  G06F21/51

摘要： A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered.

摘要翻译： 测量引擎为软件程序生成完整性清单，并使用它来执行主动平台观察。 完整性清单表示程序代码的一部分的完整性检查值。 测量引擎计算内存中程序映像的比较值，并确定比较值是否与预期的完整性校验值相匹配。 如果值不匹配，则确定程序的图像被修改，并且可能触发适当的补救动作。

公开(公告)号：US08266707B2

公开(公告)日：2012-09-11

申请号：US12039456

申请日：2008-02-28

申请人： Uday Savagaonkar ,  Prashant Dewan ,  Men Long

发明人： Uday Savagaonkar ,  Prashant Dewan ,  Men Long

IPC分类号： G06F21/00

CPC分类号： G06F21/10

摘要： An apparatus and system provide a tamper-resistant scheme for portability of DRM-protected digital content. According to embodiments of the invention, a portable crypto unit may be utilized in conjunction with a VT integrity services (VIS) scheme as well as a Virtual Machine Manager (VMM) and a TPM to provide a secure scheme to protect digital content. Additionally, in one embodiment, the digital content may be partitioned into blocks comprising multiple segments to further enhance the security of the scheme.

摘要翻译： 一种装置和系统为DRM保护的数字内容的便携性提供防篡改方案。 根据本发明的实施例，便携式加密单元可以与VT完整性服务（VIS）方案以及虚拟机管理器（VMM）和TPM结合使用，以提供保护数字内容的安全方案。 此外，在一个实施例中，数字内容可以被划分为包括多个段的块，以进一步增强该方案的安全性。

公开(公告)号：US07778166B2

公开(公告)日：2010-08-17

申请号：US11946722

申请日：2007-11-28

申请人： Prashant Dewan ,  Men Long

发明人： Prashant Dewan ,  Men Long

IPC分类号： H04J1/16

CPC分类号： H04L47/10 ,  H04L47/283 ,  H04L47/32 ,  H04L63/06 ,  H04L63/08 ,  H04L63/0846 ,  H04L63/164

摘要： A method and system are disclosed. In one embodiment the method includes a first device sending a stream of packets in a sequence across a network to a second device. In the sequence of packets there are a number of data packets and one or more synchronization packets. The synchronization packets are interspersed throughout the data packets. The method also includes the second device being capable of dropping any of the received data packets in the sequence arriving more than a first delta of time threshold value after the arrival of the most recent synchronization packet.

摘要翻译： 公开了一种方法和系统。 在一个实施例中，该方法包括第一设备，以跨序列的方式将分组流发送到网络到第二设备。 在分组的顺序中，存在多个数据分组和一个或多个同步分组。 同步数据包散布在整个数据包中。 该方法还包括第二设备能够在最近的同步分组到达之后，在到达多于时间阈值的第一增量的序列中丢弃任何接收到的数据分组。

公开(公告)号：US20090220090A1

公开(公告)日：2009-09-03

申请号：US12039456

申请日：2008-02-28

申请人： Uday Savagaonkar ,  Prashant Dewan ,  Men Long

发明人： Uday Savagaonkar ,  Prashant Dewan ,  Men Long

IPC分类号： H04L9/06 ,  H04L9/32

CPC分类号： G06F21/10

摘要： An apparatus and system provide a tamper-resistant scheme for portability of DRM-protected digital content. According to embodiments of the invention, a portable crypto unit may be utilized in conjunction with a VT integrity services (VIS) scheme as well as a Virtual Machine Manager (VMM) and a TPM to provide a secure scheme to protect digital content. Additionally, in one embodiment, the digital content may be partitioned into blocks comprising multiple segments to further enhance the security of the scheme.

摘要翻译： 一种装置和系统为DRM保护的数字内容的便携性提供防篡改方案。 根据本发明的实施例，便携式加密单元可以与VT完整性服务（VIS）方案以及虚拟机管理器（VMM）和TPM结合使用，以提供保护数字内容的安全方案。 此外，在一个实施例中，数字内容可以被划分为包括多个段的块，以进一步增强该方案的安全性。