利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

58 条记录 (耗时 0.033 秒)

    Key certification in one round trip
    1.
    发明授权
    Key certification in one round trip 有权
    重要认证一次往返

    公开(公告)号:US08700893B2

    公开(公告)日:2014-04-15

    申请号:US12607937

    申请日:2009-10-28

    申请人: Stefan Thom Scott D. Anderson Erik L. Holt

    发明人: Stefan Thom Scott D. Anderson Erik L. Holt

    IPC分类号: H04L9/00 H04L9/32

    CPC分类号: H04L9/3247 G06F21/72 H04L9/0825 H04L9/0877 H04L9/3234 H04L9/3263 H04L2209/127

    摘要: Certification of a key, which a Trusted Platform Module (TPM) has attested as being non-migratable, can be performed in a single round trip between the certificate authority (CA) and the client that requests the certificate. The client creates a certificate request, and then has the TPM create an attestation identity key (AIK) that is bound to the certificate request. The client then asks the TPM to sign the new key as an attestation of non-migratability. The client then sends the certificate request, along with the attestation of non-migratability to the CA. The CA examines the certificate request and attestation of non-migratability. However, since the CA does not know whether the attestation has been made by a trusted TPM, it certifies the key but includes, in the certificate, an encrypted signature that can only be decrypted using the endorsement key of the trusted TPM.

    摘要翻译: 可信平台模块(TPM)已经证明为不可迁移的密钥的认证可以在认证机构(CA)和请求证书的客户端之间的单次往返中执行。 客户端创建证书请求,然后TPM创建绑定到证书请求的认证身份密钥(AIK)。 然后,客户要求TPM签署新的密钥,作为不可迁移性的证明。 然后,客户端将证书请求以及不可迁移性的证明发送到CA。 CA检查证书请求并证明非迁移性。 然而,由于CA不知道认证是否由受信任的TPM进行,所以它证明密钥,但是在证书中包括只能使用可信TPM的认可密钥进行解密的加密签名。

    KEY CERTIFICATION IN ONE ROUND TRIP
    2.
    发明申请
    KEY CERTIFICATION IN ONE ROUND TRIP 有权
    一次性重要认证

    公开(公告)号:US20110099367A1

    公开(公告)日:2011-04-28

    申请号:US12607937

    申请日:2009-10-28

    申请人: Stefan Thom Scott D. Anderson Erik L. Holt

    发明人: Stefan Thom Scott D. Anderson Erik L. Holt

    IPC分类号: H04L9/00 H04L9/32

    CPC分类号: H04L9/3247 G06F21/72 H04L9/0825 H04L9/0877 H04L9/3234 H04L9/3263 H04L2209/127

    摘要: Certification of a key, which a Trusted Platform Module (TPM) has attested as being non-migratable, can be performed in a single round trip between the certificate authority (CA) and the client that requests the certificate. The client creates a certificate request, and then has the TPM create an attestation identity key (AIK) that is bound to the certificate request. The client then asks the TPM to sign the new key as an attestation of non-migratability. The client then sends the certificate request, along with the attestation of non-migratability to the CA. The CA examines the certificate request and attestation of non-migratability. However, since the CA does not know whether the attestation has been made by a trusted TPM, it certifies the key but includes, in the certificate, an encrypted signature that can only be decrypted using the endorsement key of the trusted TPM.

    摘要翻译: 可信平台模块(TPM)已经证明为不可迁移的密钥的认证可以在认证机构(CA)和请求证书的客户端之间的单次往返中执行。 客户端创建证书请求,然后TPM创建绑定到证书请求的认证身份密钥(AIK)。 然后,客户要求TPM签署新的密钥,作为不可迁移性的证明。 然后,客户端将证书请求以及不可迁移性的证明发送到CA。 CA检查证书请求并证明非迁移性。 然而,由于CA不知道认证是否由受信任的TPM进行,所以它证明密钥,但是在证书中包括只能使用可信TPM的认可密钥进行解密的加密签名。

    REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE
    7.
    发明申请
    REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE 有权
    使用关于便携式存储驱动器的主机的信息进行调节访问

    公开(公告)号:US20130145440A1

    公开(公告)日:2013-06-06

    申请号:US13327013

    申请日:2011-12-15

    申请人: Preston Derek Adam Sai Vinayak Octavian T. Ureche Stefan Thom Himanshu Soni Nicolae Voicu

    发明人: Preston Derek Adam Sai Vinayak Octavian T. Ureche Stefan Thom Himanshu Soni Nicolae Voicu

    IPC分类号: H04L9/32 G06F21/20

    CPC分类号: G06F21/78 G06F21/40 G06F21/72 G06F21/73 G06F2221/2107 G06F2221/2129 G06F2221/2141 H04L9/0897 H04L9/32

    摘要: Described herein are techniques for regulating access to a remote resource using two-factor authentication based on information regarding a host machine of a portable storage drive that stores an operating system that is booted by the host machine. The information regarding the host machine of a portable storage drive may be used as a second factor in a two-factor authentication. Such information regarding the host machine may include, in some embodiments, information retrieved from a secure storage of the host machine, such as from a cryptoprocessor of the host machine. The information may include an identifier for the host machine or may be a user credential pre-provisioned to the host machine to be used in two-factor authentication.

    摘要翻译: 这里描述的是基于关于存储由主机引导的操作系统的便携式存储驱动器的主机的信息来使用双因素认证来调节对远程资源的访问的技术。 关于便携式存储驱动器的主机的信息可以用作双因素认证中的第二个因素。 在一些实施例中,关于主机的这种信息可以包括从主机的安全存储器(例如来自主机的密码处理器)检索的信息。 该信息可以包括主机的标识符,或者可以是预先提供给主机以在双因素认证中使用的用户凭证。

    REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE
    8.
    发明申请
    REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE 有权
    使用关于便携式存储驱动器的主机的信息进行调节访问

    公开(公告)号:US20130145139A1

    公开(公告)日:2013-06-06

    申请号:US13309204

    申请日:2011-12-01

    申请人: Preston Derek Adam Sai Vinayak Octavian T. Ureche Stefan Thom Himanshu Soni Nicolae Voicu

    发明人: Preston Derek Adam Sai Vinayak Octavian T. Ureche Stefan Thom Himanshu Soni Nicolae Voicu

    IPC分类号: G06F12/14 G06F21/00 H04L9/32 G06F9/00

    CPC分类号: G06F21/78 G06F21/40 G06F21/72 G06F21/73 G06F2221/2107 G06F2221/2129 G06F2221/2141 H04L9/0897 H04L9/32

    摘要: Described herein are techniques for regulating access to a portable storage drive, that stores an operating system securely, using information regarding a host machine. In accordance with some of the techniques described herein, when a portable storage drive that stores an operating system securely is to be accessed by a host machine, information regarding the host machine, such as information regarding the hardware of the host machine, may be retrieved and evaluated to determine whether to grant access to the host machine. When the host machine is granted access, the host machine may access secured data stored on the portable storage drive in any suitable manner. In some cases, accessing the secured data may include decrypting the secured data and transferring decrypted data to another storage of the host machine. The decrypted information may include an operating system that is booted by the host machine.

    摘要翻译: 这里描述的是使用关于主机的信息来调节对便携式存储驱动器的访问的技术,其存储操作系统。 根据这里描述的一些技术,当主机机器访问存储操作系统的便携式存储驱动器时,可以检索关于主机的信息,例如关于主机的硬件的信息 并进行评估以确定是否授予对主机的访问权限。 当主机被授权访问时,主机可以以任何合适的方式访问存储在便携式存储驱动器上的安全数据。 在某些情况下,访问安全数据可能包括解密安全数据并将解密的数据传送到主机的另一个存储器。 解密的信息可以包括由主机引导的操作系统。

    Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
    9.
    发明授权
    Firmware-based trusted platform module for arm processor architectures and trustzone security extensions 有权
    基于固件的信任平台模块,用于ARM处理器架构和信任域安全扩展

    公开(公告)号:US08375221B1

    公开(公告)日:2013-02-12

    申请号:US13193945

    申请日:2011-07-29

    申请人: Stefan Thom Jeremiah Cox David Linsley Magnus Nystrom Himanshu Raj David Robinson Stefan Saroiu Rob Spiger Alastair Wolman

    发明人: Stefan Thom Jeremiah Cox David Linsley Magnus Nystrom Himanshu Raj David Robinson Stefan Saroiu Rob Spiger Alastair Wolman

    IPC分类号: G06F11/30 G06F7/04

    CPC分类号: G06F21/552 G06F21/46 G06F21/57 G06F21/572 G06F21/575 G06F21/71 G06F21/74 G06F2221/034

    摘要: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

    摘要翻译: 基于固件的TPM或fTPM确保安全代码执行被隔离,以防止各种潜在的安全漏洞。 与传统的基于硬件的可信平台模块(TPM)不同,在不使用专用安全处理器硬件或硅片的情况下实现隔离。 通常,通过从系统固件或固件可访问的存储器或存储器读取fTPM并将其放置在设备的只读受保护的存储器中,fTPM首先在前OS引导环境中实例化。 一旦实例化,fTPM就能实现执行隔离,以确保执行安全的代码。 更具体地说,将fTPM放置到受保护的只读存储器中,以使设备能够使用诸如ARM®架构的TrustZone™扩展和安全原语(或类似的处理器架构)之类的硬件,从而使基于这种架构的设备提供 基于固件的TPM中的安全执行隔离,而不需要对现有设备进行硬件修改。

    TRUSTED PLATFORM MODULE SUPPORTED ONE TIME PASSWORDS
    10.
    发明申请
    TRUSTED PLATFORM MODULE SUPPORTED ONE TIME PASSWORDS 有权
    支持的一次性平台模块

    公开(公告)号:US20110099625A1

    公开(公告)日:2011-04-28

    申请号:US12606414

    申请日:2009-10-27

    申请人: Stefan Thom Erik Holt

    发明人: Stefan Thom Erik Holt

    IPC分类号: G06F21/00

    CPC分类号: G06F21/34

    摘要: A Trusted Platform Module (TPM) can be utilized to implement One Time Password (OTP) mechanisms. One or more delegation blobs can be created by the TPM and the delegation authentication values of the delegation blobs can be based on the version number of the delegation blobs. A data blob with a protected secret can comprise a pointer to the delegation table of the TPM. The version number can be provided to an authority from which an OTP (a delegation authentication value) can be received. The OTP can be utilized to gain access to the secret and an authentication value of the key blob, which can be utilized to increase the version number of all associated delegation blobs. Policy limitations can be associated with the delegation blobs and can be enforced by policy enforcement mechanisms that can reference the TPM tick counter to enforce temporal policy restrictions.

    摘要翻译: 可信平台模块(TPM)可用于实施一次性密码(OTP)机制。 TPM可以创建一个或多个委托库,委托库的委派验证值可以基于委托库的版本号。 具有受保护秘密的数据库可以包括指向TPM的委托表的指针。 版本号可以提供给可以从其接收OTP(授权认证值)的机构。 可以利用OTP来访问密钥,并且可以利用该密钥的认证值来增加所有关联的委托库的版本号。 政策限制可以与授权blob相关联,并且可以通过策略执行机制来实施,该机制可以引用TPM tick计数器来执行时间策略限制。