-
公开(公告)号:US09690941B2
公开(公告)日:2017-06-27
申请号:US13109685
申请日:2011-05-17
CPC分类号: G06F21/57 , G06F21/602 , G06F21/6209 , H04L2209/127
摘要: One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine.
-
公开(公告)号:US20120297200A1
公开(公告)日:2012-11-22
申请号:US13109685
申请日:2011-05-17
IPC分类号: G06F12/14
CPC分类号: G06F21/57 , G06F21/602 , G06F21/6209 , H04L2209/127
摘要: One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client “roams” to a second machine.
摘要翻译: 提供一个或多个技术和/或系统用于供应加密的密钥块和客户端证书。 也就是说,第一机器上的受信任执行环境可以向密钥服务提供商提供密码加密密钥。 密钥服务提供商可以使用密码加密密钥来加密密钥块,和/或使用一个或多个策略(例如平台策略)来包裹加密的密钥块。 密钥服务提供商可以将加密的密钥blob提供给第一台机器上的客户端。 客户端可以将加密的密钥blob提交到可信执行环境进行验证,以便客户端可以执行关键操作,例如签署电子邮件或加密数据。 由于密钥blob可能是特定的可信任的执行环境和/或机器,所以如果客户端漫游到第二台机器,则密钥服务提供商可以重新包装密钥块。
-
公开(公告)号:US08423774B2
公开(公告)日:2013-04-16
申请号:US13072674
申请日:2011-03-25
CPC分类号: G06F21/34 , G06Q20/341 , G06Q20/388 , G06Q20/40975 , G07F7/1008 , H04L9/0897
摘要: Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
摘要翻译: 用于配置常规智能卡和客户机的系统,方法和技术,以及使用配置的智能卡和客户端执行智能卡授权。 此外,方法的组合提供了客户端对用户的相互认证 - 认证,以及用户对客户端的认证。 认证方法包括向用户呈现足以向用户认证客户端的指定令牌,从而保护用户提供的PIN。 通过使用基于认可的客户端系统配置的完整性密钥来加强安全性。 通过基于用户指定的PIN和修饰符计算PIN'值并使用PIN'值来解锁智能卡来进一步加强安全性。
-
公开(公告)号:US07836309B2
公开(公告)日:2010-11-16
申请号:US11780781
申请日:2007-07-20
IPC分类号: G06F21/00
CPC分类号: G06F21/575 , H04L9/088 , H04L9/0894
摘要: A cryptographic device protocol provides a generic interface allowing pre-OS applications to employ any of a variety of cryptographic devices within the pre-OS environment. The generic interface can be used independent of the specific cryptographic devices and is independent of the cryptographic or hashing algorithms used by each device. Cryptographic functions may be performed in the pre-OS environment by pre-OS applications communicating with cryptographic device drivers using the cryptographic device protocol that is independent of the cryptographic devices. Each cryptographic device may be identified by a unique device identifier and may have a number of keys available to it, with each key being identified by a unique key identifier.
摘要翻译: 加密设备协议提供通用接口,允许前OS应用在前OS环境内采用各种加密设备中的任何一种。 通用接口可以独立于特定的加密设备使用,并且独立于每个设备使用的加密或散列算法。 加密功能可以在前OS环境中通过使用独立于加密设备的加密设备协议与加密设备驱动程序进行通信的前OS应用程序来执行。 每个加密设备可以由唯一的设备标识符标识,并且可以具有可用的密钥数量,每个密钥由唯一的密钥标识符标识。
-
公开(公告)号:US08495374B2
公开(公告)日:2013-07-23
申请号:US13072676
申请日:2011-03-26
IPC分类号: H04L29/06
CPC分类号: G06F21/34 , G06Q20/341 , G06Q20/388 , G06Q20/40975 , G07F7/1008 , H04L9/0897
摘要: Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
摘要翻译: 用于配置常规智能卡和客户机的系统,方法和技术,以及使用配置的智能卡和客户端执行智能卡授权。 此外,方法的组合提供了客户端对用户的相互认证 - 认证,以及用户对客户端的认证。 认证方法包括向用户呈现足以向用户认证客户端的指定令牌,从而保护用户提供的PIN。 通过使用基于认可的客户端系统配置的完整性密钥来加强安全性。 通过基于用户指定的PIN和修饰符计算PIN'值并使用PIN'值来解锁智能卡来进一步加强安全性。
-
公开(公告)号:US20110179282A1
公开(公告)日:2011-07-21
申请号:US13072676
申请日:2011-03-26
IPC分类号: H04L9/32
CPC分类号: G06F21/34 , G06Q20/341 , G06Q20/388 , G06Q20/40975 , G07F7/1008 , H04L9/0897
摘要: Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
摘要翻译: 用于配置常规智能卡和客户机的系统,方法和技术,以及使用配置的智能卡和客户端执行智能卡授权。 此外,方法的组合提供了客户端对用户的相互认证 - 认证,以及用户对客户端的认证。 认证方法包括向用户呈现足以向用户认证客户端的指定令牌,从而保护用户提供的PIN。 通过使用基于认可的客户端系统配置的完整性密钥来加强安全性。 通过基于用户指定的PIN和修饰符计算PIN'值并使用PIN'值来解锁智能卡来进一步加强安全性。
-
公开(公告)号:US20090031408A1
公开(公告)日:2009-01-29
申请号:US11829737
申请日:2007-07-27
IPC分类号: H04L9/00
CPC分类号: G06F21/34 , G06Q20/341 , G06Q20/388 , G06Q20/40975 , G07F7/1008 , H04L9/0897
摘要: Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
摘要翻译: 用于配置常规智能卡和客户机的系统,方法和技术,以及使用配置的智能卡和客户端执行智能卡授权。 此外,方法的组合提供了客户端对用户的相互认证 - 认证,以及用户对客户端的认证。 认证方法包括向用户呈现足以向用户认证客户端的指定令牌,从而保护用户提供的PIN。 通过使用基于认可的客户端系统配置的完整性密钥来加强安全性。 通过基于用户指定的PIN和修饰符计算PIN'值并使用PIN'值来解锁智能卡来进一步加强安全性。
-
公开(公告)号:US08504838B2
公开(公告)日:2013-08-06
申请号:US13072677
申请日:2011-03-26
IPC分类号: H04L29/06
CPC分类号: G06F21/34 , G06Q20/341 , G06Q20/388 , G06Q20/40975 , G07F7/1008 , H04L9/0897
摘要: Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
-
公开(公告)号:US20110179283A1
公开(公告)日:2011-07-21
申请号:US13072674
申请日:2011-03-25
IPC分类号: H04L9/32
CPC分类号: G06F21/34 , G06Q20/341 , G06Q20/388 , G06Q20/40975 , G07F7/1008 , H04L9/0897
摘要: Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
-
公开(公告)号:US20110176682A1
公开(公告)日:2011-07-21
申请号:US13072677
申请日:2011-03-26
IPC分类号: H04L9/08
CPC分类号: G06F21/34 , G06Q20/341 , G06Q20/388 , G06Q20/40975 , G07F7/1008 , H04L9/0897
摘要: Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card.
-
-
-
-
-
-
-
-
-
搜索结果
58 条记录 (耗时 0.023 秒)