公开(公告)号：US20090094150A1

公开(公告)日：2009-04-09

申请号：US12287191

申请日：2008-10-07

申请人： Rongfeng Feng ,  Chunmei Liu ,  Yi Zhang ,  Min Hu

发明人： Rongfeng Feng ,  Chunmei Liu ,  Yi Zhang ,  Min Hu

IPC分类号： G06Q40/00

CPC分类号： G06F21/51 ,  G06F21/52 ,  G06F2221/2105 ,  G06Q20/12 ,  G06Q20/382 ,  G06Q40/00

摘要： The invention discloses a method for implementing an online secure payment, which comprises steps of: transmitting to a dedicated operating system a secure payment request page for goods which is generated in a general operating system; and completing a payment operation in the secure payment request page of the dedicated operating system, after switching from the general operating system to the dedicated operating system. The invention further comprises a client system for implementing an online secure payment. In the invention, the general operating system for general operations is distinguished from the dedicated operating system for secure payment operations, and the security for the network payment is further enhanced by configuring the firewall and monitoring processes in the dedicated operating system. Furthermore, it is not necessary to make any modification on the existed network transaction system when the technical solution of the present invention is applied, the cost may be reduced and the technical solution of the present invention is facilitated to be deployed and spread.

摘要翻译： 本发明公开了一种实现在线安全支付的方法，包括以下步骤：向专用操作系统发送在一般操作系统中产生的商品的安全支付请求页; 并且在从一般操作系统切换到专用操作系统之后，在专用操作系统的安全支付请求页面中完成支付操作。 本发明还包括用于实现在线安全支付的客户端系统。 在本发明中，一般操作的一般操作系统与用于安全支付操作的专用操作系统不同，并且通过在专用操作系统中配置防火墙和监视进程来进一步增强网络支付的安全性。 此外，当应用本发明的技术方案时，不需要对存在的网络交易系统进行任何修改，可以降低成本，并且有助于部署和扩展本发明的技术方案。

公开(公告)号：US08261086B2

公开(公告)日：2012-09-04

申请号：US12315979

申请日：2008-12-09

申请人： Zhigang Li ,  Min Hu ,  Rongfeng Feng ,  Yi Zhang

发明人： Zhigang Li ,  Min Hu ,  Rongfeng Feng ,  Yi Zhang

IPC分类号： G06F21/00

CPC分类号： H04L63/083 ,  G06F21/33 ,  G06F21/46 ,  H04L63/1441

摘要： The present invention provides a computer and a method of sending security information for authentication, which relate to transmission of data information in computers. The present invention solves the vulnerability of information when a user conducts network transaction activities by a terminal. The computer of the present invention comprises: a virtual system platform; a first guest operating system installed on the virtual system platform, which is for installing a service application module, wherein the service application module generates a security information input interface when it is being executed; a second guest operating system installed on the virtual system platform; the second guest operating system comprises: a dynamic password generation module for generating security information, the security information is input into the security information input interface and is sent to a network server for authentication. The security of network activities conducted by users can be enhanced.

摘要翻译： 本发明提供了一种用于发送用于认证的安全信息的计算机和方法，其涉及计算机中的数据信息的传输。 本发明解决了当用户通过终端进行网络交易活动时的信息的脆弱性。 本发明的计算机包括：虚拟系统平台; 安装在所述虚拟系统平台上的用于安装服务应用模块的第一客户机操作系统，其中所述服务应用模块在执行时生成安全信息输入接口; 安装在虚拟系统平台上的第二个客户操作系统; 第二客户操作系统包括：用于生成安全信息的动态密码生成模块，将安全信息输入到安全信息输入接口中，并发送到网络服务器进行认证。 用户进行网络活动的安全性可以得到提高。

公开(公告)号：US20090150678A1

公开(公告)日：2009-06-11

申请号：US12315979

申请日：2008-12-09

申请人： Zhigang Li ,  Min Hu ,  Rongfeng Feng ,  Yi Zhang

发明人： Zhigang Li ,  Min Hu ,  Rongfeng Feng ,  Yi Zhang

IPC分类号： H04L9/32 ,  G06F9/455

CPC分类号： H04L63/083 ,  G06F21/33 ,  G06F21/46 ,  H04L63/1441

摘要： The present invention provides a computer and a method of sending security information for authentication, which relate to transmission of data information in computers. The present invention solves the vulnerability of information when a user conducts network transaction activities by a terminal. The computer of the present invention comprises: a virtual system platform; a first guest operating system installed on the virtual system platform, which is for installing a service application module, wherein the service application module generates a security information input interface when it is being executed; a second guest operating system installed on the virtual system platform; the second guest operating system comprises: a dynamic password generation module for generating security information, the security information is input into the security information input interface and is sent to a network server for authentication. The security of network activities conducted by users can be enhanced.

摘要翻译： 本发明提供了一种用于发送用于认证的安全信息的计算机和方法，其涉及计算机中的数据信息的传输。 本发明解决了当用户通过终端进行网络交易活动时的信息的脆弱性。 本发明的计算机包括：虚拟系统平台; 安装在所述虚拟系统平台上的用于安装服务应用模块的第一客户机操作系统，其中所述服务应用模块在执行时生成安全信息输入接口; 安装在虚拟系统平台上的第二个客户操作系统; 第二客户操作系统包括：用于生成安全信息的动态密码生成模块，将安全信息输入到安全信息输入接口中，并发送到网络服务器进行认证。 用户进行网络活动的安全性可以得到提高。

公开(公告)号：US20090019437A1

公开(公告)日：2009-01-15

申请号：US12215783

申请日：2008-06-30

申请人： Rongfeng Feng ,  Yang Lin ,  Min Hu ,  Kai Wang

发明人： Rongfeng Feng ,  Yang Lin ,  Min Hu ,  Kai Wang

IPC分类号： G06F9/455

CPC分类号： G06F21/53

摘要： The invention discloses an application management and execution system and a method thereof. The application management and execution system comprises a virtual machine monitor for managing at least one virtual machine; the at least one virtual machine for processing at least one application, and storing, separately and respectively, application data used by each application and platform data required by the virtual machine for processing the application in one or more storage disk (persistent storage), and reading the application data and the platform data from the one or more storage devices respectively. The at least one application executing on the virtual machine may share the platform data in the one or more storage devices. When the virtual machine executes the at least one application, it may modify the application data in the storage devices.

摘要翻译： 本发明公开了一种应用管理和执行系统及其方法。 应用管理和执行系统包括用于管理至少一个虚拟机的虚拟机监视器; 用于处理至少一个应用的至少一个虚拟机，以及分别和分别地存储每个应用使用的应用数据和虚拟机所需的用于在一个或多个存储盘（持久存储器）中处理应用）所需的平台数据;以及 分别从一个或多个存储设备读取应用数据和平台数据。 在虚拟机上执行的至少一个应用程序可以在一个或多个存储设备中共享平台数据。 当虚拟机执行至少一个应用程序时，它可以修改存储设备中的应用程序数据。

公开(公告)号：US08132257B2

公开(公告)日：2012-03-06

申请号：US12159334

申请日：2006-03-23

申请人： Jun Li ,  Kai Wang ,  Rongfeng Feng ,  Na Xu

发明人： Jun Li ,  Kai Wang ,  Rongfeng Feng ,  Na Xu

IPC分类号： G06F11/00

CPC分类号： G06F21/575 ,  G06F21/567

摘要： An anti-virus method based on a security chip according to the present invention is provided. The method comprises the following steps: a hash value obtained by a hashing operation for a computer key file and a system control program are stored in a memory of the security chip, and a backup file of the computer key file is stored in a backup storage area. When power up, the integrity of the system control program is verified by using the hash value of the system control program stored in the memory of the security chip. If the system control program is integral, a control is executed by the system control program, and the system control program verifies the integrity of the computer key file using the hash value of the computer key file stored in the memory of the security chip. If all the computer key files are integral, the operating system is started; on the contrary, if any of the computer key file is not integral, it will be restored using the backup file of the computer key file stored in the backup storage area.

摘要翻译： 提供了一种基于本发明的安全芯片的防病毒方法。 该方法包括以下步骤：通过用于计算机密钥文件和系统控制程序的散列操作获得的散列值被存储在安全芯片的存储器中，计算机密钥文件的备份文件被存储在备份存储器 区。 上电时，通过使用存储在安全芯片的存储器中的系统控制程序的散列值来验证系统控制程序的完整性。 如果系统控制程序是整体的，则由系统控制程序执行控制，并且系统控制程序使用存储在安全芯片的存储器中的计算机密钥文件的散列值来验证计算机密钥文件的完整性。 如果所有的计算机密钥文件是一体的，则操作系统启动; 相反，如果计算机密钥文件中的任何一个不是整体的，则将使用存储在备份存储区域中的计算机密钥文件的备份文件进行恢复。

公开(公告)号：US08055911B2

公开(公告)日：2011-11-08

申请号：US11886344

申请日：2005-12-07

申请人： Rongfeng Feng ,  Ping Yin ,  Qiuxin Wu

发明人： Rongfeng Feng ,  Ping Yin ,  Qiuxin Wu

IPC分类号： H04L9/32 ,  H04L9/08 ,  G06F21/00 ,  G06F11/30 ,  G06F12/14 ,  G06F15/16 ,  G06F15/167

CPC分类号： H04L9/0894

摘要： The present invention allows creation of a backup key for backing up an encryption key inside a source trusted chip, encrypting the encryption key with the backup key, exporting the encrypted encryption key from the source trusted chip and storing it in a storage device, encrypting the backup key for transmission to a trusted third party. If the encrypted encryption key needs to be restored inside a destination trusted chip, the backup key and the encryption key encrypted with the backup key are imported to the destination trusted chip, where the encrypted encryption key is decrypted with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.

摘要翻译： 本发明允许创建用于备份源可信芯片内的加密密钥的备份密钥，用备份密钥加密加密密钥，从源可信芯片导出加密的加密密钥并将其存储在存储设备中，加密 用于传输到可信第三方的备份密钥。 如果需要在目的地信任芯片内恢复加密的加密密钥，则备份密钥和用备份密钥加密的加密密钥被导入到目的地信任芯片，其中加密的加密密钥用目的地信任的备份密钥解密 芯片获得源信赖芯片的加密密钥。

公开(公告)号：US20090144582A1

公开(公告)日：2009-06-04

申请号：US12159334

申请日：2006-03-23

申请人： Jun Li ,  Kai Wang ,  Rongfeng Feng ,  Na Xu

发明人： Jun Li ,  Kai Wang ,  Rongfeng Feng ,  Na Xu

IPC分类号： G06F11/00

CPC分类号： G06F21/575 ,  G06F21/567

摘要： An anti-virus method based on a security chip according to the present invention is provided. The method comprises the following steps: a hash value obtained by a hashing operation for a computer key file and a system control program are stored in a memory of the security chip, and a backup file of the computer key file is stored in a backup storage area. When power up, the integrity of the system control program is verified by using the hash value of the system control program stored in the memory of the security chip. If the system control program is integral, a control is executed by the system control program, and the system control program verifies the integrity of the computer key file using the hash value of the computer key file stored in the memory of the security chip. If all the computer key files are integral, the operating system is started; on the contrary, if any of the computer key file is not integral, it will be restored using the backup file of the computer key file stored in the backup storage area.

摘要翻译： 提供了一种基于本发明的安全芯片的防病毒方法。 该方法包括以下步骤：通过用于计算机密钥文件和系统控制程序的散列操作获得的散列值被存储在安全芯片的存储器中，计算机密钥文件的备份文件被存储在备份存储器 区。 上电时，通过使用存储在安全芯片的存储器中的系统控制程序的散列值来验证系统控制程序的完整性。 如果系统控制程序是整体的，则由系统控制程序执行控制，并且系统控制程序使用存储在安全芯片的存储器中的计算机密钥文件的散列值来验证计算机密钥文件的完整性。 如果所有的计算机密钥文件是一体的，则操作系统启动; 相反，如果计算机密钥文件中的任何一个不是整体的，则将使用存储在备份存储区域中的计算机密钥文件的备份文件进行恢复。

公开(公告)号：US20080192940A1

公开(公告)日：2008-08-14

申请号：US11886344

申请日：2005-12-07

申请人： Rongfeng Feng ,  Ping Yin ,  Qiuxin Wu

发明人： Rongfeng Feng ,  Ping Yin ,  Qiuxin Wu

IPC分类号： H04L9/00

CPC分类号： H04L9/0894

摘要： The present invention allows creation of a backup key for backing up an encryption key inside a source trusted chip, encrypting the encryption key with the backup key, exporting the encrypted encryption key from the source trusted chip and storing it in a storage device, encrypting the backup key for transmission to a trusted third party. If the encrypted encryption key needs to be restored inside a destination trusted chip, the backup key and the encryption key encrypted with the backup key are imported to the destination trusted chip, where the encrypted encryption key is decrypted with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.

摘要翻译： 本发明允许创建用于备份源可信芯片内的加密密钥的备份密钥，用备份密钥加密加密密钥，从源可信芯片导出加密的加密密钥并将其存储在存储设备中，加密 用于传输到可信第三方的备份密钥。 如果需要在目的地信任芯片内恢复加密的加密密钥，则备份密钥和用备份密钥加密的加密密钥被导入到目的地信任芯片，其中加密的加密密钥用目的地信任的备份密钥解密 芯片获得源信赖芯片的加密密钥。