-
公开(公告)号:US06988250B1
公开(公告)日:2006-01-17
申请号:US09913452
申请日:2000-02-15
申请人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
发明人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
IPC分类号: G06F17/50
CPC分类号: G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译: 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
-
公开(公告)号:US07526785B1
公开(公告)日:2009-04-28
申请号:US10088258
申请日:2000-09-25
申请人: Siani Lynne Pearson , Liqun Chen
发明人: Siani Lynne Pearson , Liqun Chen
IPC分类号: H04N7/167
CPC分类号: G06F21/84 , G06F21/57 , G06F21/85 , G06F2211/009 , G06F2221/2103 , G06F2221/2153
摘要: A client/server system has a client platform adapted to provide restricted use of data provided by a serve. The client platform comprises a display, secure communications means, and a memory containing image receiving code for receiving data from a server by the secure communication means and for display of such data. The client platform is adapted such that the data received from a server is used for display of the data and not for an unauthorised purpose. A server adapted to provide data to a client platform for restricted use by the client platform comprises a memory containing image sending code for providing an image of data executed on the server, and secure communications means for secure communication of images of data to a client platform. The server is adapted to determine that a client platform is adapted to ensure restricted use of the data before it is sent by the image sending code.
摘要翻译: 客户机/服务器系统具有适于提供对服务提供的数据的有限使用的客户端平台。 客户平台包括显示器,安全通信装置和包含图像接收代码的存储器,用于通过安全通信装置从服务器接收数据并显示这些数据。 适应客户端平台,使得从服务器接收的数据用于显示数据,而不是用于未经授权的目的。 适于向客户端平台提供数据以供客户端平台限制使用的服务器包括:包含图像发送代码的存储器,用于提供在服务器上执行的数据的图像;以及安全通信装置,用于将数据图像安全地传送到客户端平台 。 服务器适于确定客户端平台适于在数据被图像发送代码发送之前确保其受到有限的使用。
-
公开(公告)号:US07275160B2
公开(公告)日:2007-09-25
申请号:US09932476
申请日:2001-08-17
申请人: Siani Lynne Pearson , Liqun Chen
发明人: Siani Lynne Pearson , Liqun Chen
IPC分类号: G06F21/00
CPC分类号: G07F7/1008 , G06Q20/20 , G06Q20/341 , G06Q20/4097 , G06Q40/00 , G07F7/005
摘要: A method for allowing a financial transaction to be performed using a electronic system, the method comprising interrogating an electronic transaction terminal with an electronic security device to obtain an integrity metric for the electronic financial transaction terminal; determining if the transaction terminal is a trusted terminal based upon the integrity metric; allowing financial transaction data to be input into the transaction terminal if the transaction terminal is identified as a trusted terminal.
摘要翻译: 一种允许使用电子系统执行金融交易的方法,所述方法包括用电子安全装置询问电子交易终端以获得电子金融交易终端的完整性度量; 基于所述完整性度量确定所述交易终端是否为信任终端; 如果交易终端被识别为可信终端,则允许将金融交易数据输入到交易终端。
-
公开(公告)号:US07437568B2
公开(公告)日:2008-10-14
申请号:US09931526
申请日:2001-08-16
CPC分类号: G06F21/57 , G06F21/552 , G06F21/6218 , G06F2211/009 , G06F2221/2103 , G06F2221/2151 , G06F2221/2153
摘要: Computer apparatus comprising a receiver for receiving an integrity metric for a computer entity via a trusted device associated with the computer entity, the integrity metric having values for a plurality of characteristics associated with the computer entity; a controller for assigning a trust level to the computer entity from a plurality of trust levels, wherein the assigned trust level is based upon the value of at least one of the characteristics of the received integrity metric.
摘要翻译: 计算机设备包括:接收机,用于经由与计算机实体相关联的可信设备接收用于计算机实体的完整性度量,所述完整性度量具有与所述计算机实体相关联的多个特征的值; 用于从多个信任级别向所述计算机实体分配信任级别的控制器,其中,所分配的信任级别基于所接收的完整性度量的所述特性中的至少一个的值。
-
公开(公告)号:US07444601B2
公开(公告)日:2008-10-28
申请号:US11249820
申请日:2005-10-12
申请人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
发明人: Graeme John Proudler , Dipankar Gupta , Liqun Chen , Siani Lynne Pearson , Boris Balacheff , Bruno Edgard Van Wilder , David Chan
IPC分类号: G06F17/50
CPC分类号: G06F21/445 , G06F21/34 , G06F21/57 , G06F21/606 , G06F21/64 , G06F21/85 , G06F2207/7219 , G06F2211/009 , G06F2221/2103
摘要: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
摘要翻译: 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
-
公开(公告)号:US07096204B1
公开(公告)日:2006-08-22
申请号:US10110280
申请日:2000-10-06
申请人: Liqun Chen , Boris Balacheff , Roelf du Toit , Siani Lynne Pearson , David Chan
发明人: Liqun Chen , Boris Balacheff , Roelf du Toit , Siani Lynne Pearson , David Chan
IPC分类号: G06Q99/00
CPC分类号: G06Q30/06 , G06Q20/02 , G06Q20/04 , G06Q20/105 , G06Q20/12 , G06Q20/20 , G06Q20/367 , G06Q20/3674 , G06Q20/383 , G06Q20/385
摘要: A method of brokering a transaction between a consumer and a vendor by a broker, wherein the consumer, the broker and the vendor are all attached to a public network, the consumer having a secure token containing a true consumer identity. The method comprising the steps of: the consumer obtaining a temporary identity from the broker by using the true consumer identity from the secure token; the consumer selecting a purchase to be made from the vendor; the consumer requesting the purchase from the vendor and providing the temporary identity to the vendor; the vendor requesting transaction authorisation from the broker by forwarding the request and the temporary identity to the broker; the broker matching the temporary identity to a current list of temporary identities, and obtaining the true consumer identity; the broker providing authorisation for the transaction based on transaction details and true consumer identity.
摘要翻译: 由经纪人代理消费者和供应商之间的交易的方法,其中消费者,经纪商和供应商都连接到公共网络,消费者具有包含真实消费者身份的安全令牌。 该方法包括以下步骤:消费者通过使用来自安全令牌的真实消费者身份从代理获取临时身份; 消费者选择从供应商进行的购买; 消费者请求从供应商购买并向供应商提供临时身份; 供应商通过将请求和临时身份转发给经纪人从代理商请求交易授权; 经纪人将临时身份与当前的临时身份列表进行匹配,并获得真实的消费者身份; 经纪人根据交易细节和真实的消费者身份为交易提供授权。
-
公开(公告)号:US20130212391A1
公开(公告)日:2013-08-15
申请号:US13370190
申请日:2012-02-09
申请人: Liqun Chen , Graeme John Proudler
发明人: Liqun Chen , Graeme John Proudler
IPC分类号: H04L9/32
CPC分类号: H04L9/3252 , H04L2209/127 , H04L2209/42
摘要: A method includes generating a randomized base point and causing the randomized base point and a private key to be loaded into a signature engine device. The method also includes signing a message using the randomized base point and the private key as a base point as well as the private key in an elliptic curve cryptographic (ECC) signature.
摘要翻译: 一种方法包括生成随机化的基点并使随机化的基点和私钥被加载到签名引擎设备中。 该方法还包括使用随机化基点和私钥作为基点以及椭圆曲线密码(ECC)签名中的私钥签署消息。
-
公开(公告)号:US20130198524A1
公开(公告)日:2013-08-01
申请号:US13361850
申请日:2012-01-30
申请人: Helen Y. Balinsky , Liqun Chen , Steven J. Simske
发明人: Helen Y. Balinsky , Liqun Chen , Steven J. Simske
IPC分类号: G06F12/14
CPC分类号: H04L9/3073 , G06F21/6209 , G06F2221/2107 , H04L9/0825 , H04L9/0866 , H04L9/3297
摘要: A workflow order is created for the object. Public parameters are received from a key generation center at a computer associated with an object master. A public key is generated at the computer system based on a user identifier and the public parameters, wherein the user identifier is comprised of user related information. The object is encrypted using the public key such that the object cannot be opened without the a private key, wherein the object is a composite document comprising multiple elements of documents of different formats, and wherein the private key is generated in response to a request from an authenticated user using the user identifier at the key generation center. Access to the multiple elements of the object is controlled based on workflow order.
摘要翻译: 为对象创建工作流顺序。 从与对象主机相关联的计算机的密钥生成中心接收公共参数。 基于用户标识符和公共参数在计算机系统上生成公钥,其中用户标识符由用户相关信息组成。 使用公开密钥对对象进行加密,使得该对象不能在没有私钥的情况下被打开,其中对象是包括不同格式的多个文档元素的复合文档,并且其中响应于来自 在密钥生成中心使用用户标识符的认证用户。 基于工作流顺序控制对象的多个元素的访问。
-
公开(公告)号:US08364729B2
公开(公告)日:2013-01-29
申请号:US13050888
申请日:2011-03-17
申请人: Helen Balinsky , Liqun Chen , Steven J. Simske
发明人: Helen Balinsky , Liqun Chen , Steven J. Simske
IPC分类号: G06F21/00
CPC分类号: G06F17/2229 , G06F21/6227 , H04L9/14 , H04L2209/60
摘要: A document management system includes a document. One or more of a plurality of map-files of the document correspond(s) with a step of a multi-step workflow associated with the document. A random nonce is generated for each of the steps of the multi-step workflow except for an initial step of the multi-step workflow. Each of the random nonces i) is incorporated as a map-file entry into a respective one of the plurality of map-files corresponding with a step of the multi-step workflow that directly precedes the step of the multi-step workflow for which the random nonce is generated and ii) is used to perform a nonce-based initiating operation a respective one of the plurality of map-files corresponding with the step of the multi-step workflow for which the random nonce is generated.
摘要翻译: 文件管理系统包括文件。 文档的多个地图文件中的一个或多个对应于具有与文档相关联的多步工作流的步骤。 为多步骤工作流程的每个步骤生成随机随机数,除了多步骤工作流程的初始步骤。 随机随机i)中的每一个被并入作为地图文件条目到与多步骤工作流的步骤相对应的多个地图文件中的相应一个,其直接在多步骤工作流的步骤之前,其中 生成随机随机数,并且ii)用于执行对应于生成随机随机数的多步骤工作流的步骤的多个映射文件中的相应一个映射文件的基于事件的发起操作。
-
公开(公告)号:US08341429B2
公开(公告)日:2012-12-25
申请号:US12239806
申请日:2008-09-28
CPC分类号: G11B20/00086 , G06F21/606 , G06F21/80 , G06F2221/2107 , G11B20/0021 , G11B20/00507 , G11B20/1201 , G11B2220/90 , G11B2220/913 , G11B2220/916 , G11B2220/956
摘要: A data transfer device for transferring data to a removable data storage item. The data transfer device receives content data to be stored to the removable data storage item, encrypts the content data using an encryption key, and transforms at least one of predetermined reference data and the encryption key. The data transfer device also encrypts the transformed predetermined reference data using the encryption key or encrypts the predetermined reference data using the transformed encryption key, and then stores the encrypted content data and the encrypted transformed/predetermined reference data to the removable data storage item.
摘要翻译: 一种用于将数据传送到可移动数据存储项目的数据传送装置。 数据传送装置接收要存储到可移动数据存储项目的内容数据,使用加密密钥加密内容数据,并转换预定参考数据和加密密钥中的至少一个。 数据传送装置还使用加密密钥对转换的预定参考数据进行加密,或者使用变换后的加密密钥来加密预定的参考数据,然后将加密的内容数据和加密的变换/预定参考数据存储到可移动数据存储项目。
-
-
-
-
-
-
-
-
-
搜索结果
118 条记录 (耗时 0.019 秒)
