-
公开(公告)号:US10511441B2
公开(公告)日:2019-12-17
申请号:US15312661
申请日:2016-01-18
摘要: A client provides a hash value that provides for a time-stamp for data upon verification, by deriving a one-time signing key, OTSK, of a OTSK hash chain by applying a time fraction hash tree splitting a time slot corresponding to an index into time fractions such that the time slot is divided into fractions according to the number of leafs of the time fraction hash tree, forming a signing request by applying the OTSK for the fraction for the data to calculate hash values, and transmitting the signing request comprising the hash values to a server of a signing authority. The server receives the signing request from the client, derives a time stamp for the data including a hash path of the time fraction hash tree as a sub-tree of hash tree of the OTSK, and transmits the time stamp for the data.
-
公开(公告)号:US20190207764A1
公开(公告)日:2019-07-04
申请号:US16333901
申请日:2016-09-22
CPC分类号: H04L9/321 , G06F8/71 , G06F9/45558 , G06F21/575 , G06F21/602 , G06F2009/45575 , G06F2221/033 , H04L9/0643 , H04L9/0861 , H04L9/3263
摘要: A method performed by a virtual trusted platform module, vTPM on an execution platform, comprises the steps of obtaining (S11) encrypted information (encvTPMContext) and a first identifier (Salt), both associated with a virtual machine, VM to be executed; retrieving (S14), using the identifier from a trusted launch authority, TLA, at least a first secret portion (SlaKeystart), the first secret portion (SlaKeystart) being dynamically linked to the VM and dependant on at least a property of the VM; and decrypting (S16) the encrypted information (encvTPMContext) with a decryption key (EncKeystart) derived from at least the first secret portion (SlaKeystart) and a first measurement result (VmDigeststart) of at least the VM.
-
公开(公告)号:US11416605B2
公开(公告)日:2022-08-16
申请号:US17040625
申请日:2018-03-27
发明人: Alexander Maximov , Bernard Smeets , Lina Pålsson
摘要: There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to a volatile part of the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i. The method comprises enabling the new instance to keep running only when successfully reading a first value representing no currently run instance of the trusted execution environment from the register at the index i or if the register at the given index i has its status set to “undefined” when checking the status. The method comprises writing a second value representing one currently run instance of the trusted execution environment to the register at the given index i.
-
公开(公告)号:US10389534B2
公开(公告)日:2019-08-20
申请号:US15312651
申请日:2016-01-18
摘要: A server receives a client's signing request comprising a hash value of data, the hash value being formed using a time-forwarded one-time signing key that comprises a time-forwarded index The server queues the signing request, pushes the hash value to a signature infrastructure entity at the time-forwarded time, and receives a time stamp in return. A client obtains a time stamp for each piece of a stream of pieces of data by collecting the pieces of data and deriving one-time signing keys of a one-time signing key hash chain, forming a stream of signing requests for the pieces of data by applying the one-time signing keys with time-forwarded indices for the respective piece of data to calculate hash values of the respective pieces of data, and transmitting the stream of signing requests comprising the hash values to a server for deriving time stamps for the pieces of data, respectively.
-
公开(公告)号:US20180314859A1
公开(公告)日:2018-11-01
申请号:US16030207
申请日:2018-07-09
CPC分类号: G06F21/64 , H04L9/3239
摘要: There is provided mechanisms for determining a verification path for each leaf of a tree. A method is performed by a tree manager processor. The method comprises acquiring leaf values of leaves of a tree. The method comprises determining a root value from a leaf to the root value of the leaves. The method comprises determining a verification path for each of the leaves. The verification path for each of the leaves is determined such that the size of each verification path is independent from the number of leaves. Each verification path comprises a partial result and a function that enables determination of said root value from its leaf value and said partial result. The partial result for the verification path for leaf is determined as a one-way function depending only on other leaves such that the verification path for leaf prohibits re-computation of any other leaf value from said partial result
-
公开(公告)号:US11704442B2
公开(公告)日:2023-07-18
申请号:US17040970
申请日:2018-03-27
发明人: Alexander Maximov , Bernard Smeets , Lina Pålsson
CPC分类号: G06F21/629 , G06F21/53 , G06F21/572 , G06F21/602 , G06F21/72 , G06F2221/0751
摘要: There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i, and wherein, when the register at the given index i has its status set to “undefined”, an internal status value is set to a first value, and else, when a value is read from the register at the given index i, the internal status value is set to a second value based on the read value. The method comprises writing the internal status value to the register at the given index i. The method comprises running the new instance. The method comprises, whilst running the new instance, reading a current value from the register at the given index i. The method comprises enabling the new instance to keep running only when the current value equals the internal status value.
-
公开(公告)号:US20210117534A1
公开(公告)日:2021-04-22
申请号:US17040625
申请日:2018-03-27
发明人: Alexander Maximov , Bernard Smeets , Lina Pålsson
摘要: There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to a volatile part of the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i. The method comprises enabling the new instance to keep running only when successfully reading a first value representing no currently run instance of the trusted execution environment from the register at the index i or if the register at the given index i has its status set to “undefined” when checking the status. The method comprises writing a second value representing one currently run instance of the trusted execution environment to the register at the given index i.
-
公开(公告)号:US10511440B2
公开(公告)日:2019-12-17
申请号:US15312639
申请日:2016-01-18
摘要: A device provides a one-time proof of knowledge about a one-time signing key to a server without revealing the one-time signing key by computing a hash as a hash function from the one-time signing key, and transmitting, to the server, the computed hash, an identity associated with the electronic device and a hash path of the hash. The server receives the message from the device and checks whether the hash corresponds to a one-time signing key for a root hash included in a public certificate associated with the identity, checks whether an index corresponding to the hash path from the one-time signing key to the root hash corresponds to a correct time slot, and determines it to be proven that the device is in possession of the correct one-time signing key when the checks are fulfilled.
-
公开(公告)号:US10511434B2
公开(公告)日:2019-12-17
申请号:US15578597
申请日:2015-06-02
发明人: Christine Jost , Ha Lam , Alexander Maximov
摘要: A method and encryption node (300) for providing encryption of a message m according to a selected encryption scheme. A set of k noise factors are pre-compiled (3:1) from random numbers and predefined integer parameters of the selected encryption scheme by the encryption node (300) in advance. The k noise factors are saved (300a) to be used for encrypting the message m when later requested (3:2) by a client (302). A subset of/noise factors are then selected (3:3) out of the pre-computed set of k noise factors and used as input to the encryption scheme when encrypting (3:5) the message m by computing a cipher text c which is delivered (3:6) as an encrypted message, e.g. to the client (302). Thereby, less time needs to be spent for computing the necessary noise factors after receiving the encryption request and higher throughput can thus be achieved for messages to be encrypted. In particular, the solution may be used to increase the throughput for a stream of messages.
-
10.发明申请公开(公告)号:US20170249464A1
公开(公告)日:2017-08-31
申请号:US14653259
申请日:2015-05-28
发明人: Alexander Maximov
摘要: This disclosure provides a method for enabling or supporting simultaneous control of a plurality of TPMs. The plurality of TPMs comprises a first TPM and a second TPM. The method comprises obtaining from an application program an interface instance reference to an interface instance associated with the first TPM. The method comprises obtaining from the application program an application request. The application request comprises application request parameters and/or a function to be requested to the first TPM. The application request parameters comprise setup parameters indicative of the first TPM. The method comprises determining a type of the obtained application request. The type comprises a context initialization request or a function request. When it is determined that the type of the obtained application request corresponds to a context initialization request, the method comprises obtaining an instance context of the interface instance indicated by the interface instance reference and a trusted computing component, TCC, context associated with the application program; and transmitting the instance context and the trusted computing component context to the application program. When it is determined that the type of the obtained application request corresponds to a function request, the method comprises requesting, via the interface instance, the first TPM to perform the function, and/or computing an application response based on the application request parameters. The method comprises transmitting the application response to the application program.
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.022 秒)
