-
公开(公告)号:US09690598B2
公开(公告)日:2017-06-27
申请号:US13855713
申请日:2013-04-03
CPC分类号: G06F9/4421 , G06F9/448 , H04L63/123 , H04L63/1441
摘要: This invention includes apparatus, systems, and methods for repairing a corrupted device still in the field by sending the corrupted device a known-good configuration derived from the majority group of devices in the field. First, an initial inventory and content scan of the device's hardware and software stack is taken. The attestation server uses the collection of results to determine a statistically known-good configuration for each type of device. The attestation server groups the known good devices by devices and ideally all of the devices of the same type are configured mostly the same. The attestation server sends an alert to the device that the device is configured differently than the plurality of existing devices. Finally, the attestation server will request a known-good configuration from one of the devices in the plurality of existing devices to repair the corrupted device in the field.
-
公开(公告)号:US09088538B2
公开(公告)日:2015-07-21
申请号:US13838024
申请日:2013-03-15
申请人: Ty Brendan Lindteigen , John Curtis
发明人: Ty Brendan Lindteigen , John Curtis
CPC分类号: H04L63/0428 , G06F21/00 , G06F21/6218 , H04L9/006 , H04L9/0816 , H04L63/00 , H04L63/0272 , H04L63/0442 , H04L63/107 , H04L2209/24
摘要: This invention includes a synchronized storage server enabled to send the end-point device a notification including the root folder list. The end-point device compares the sent root folder list to a previously stored root folder list in the end-point devices' memory. If the end-point device detects either a new root folder on the synchronized storage server, a change in an existing folder, or deleted content in a folder the end-point device will determine that a change is required to the stored data. Next the end-point device will synchronize with the synchronized storage server and create a new storage list. Finally, the synchronized storage server will send the end-point device a new encrypted folder encryption key which includes the encrypted file contents along with identifying information such as the server name and revision information.
摘要翻译: 本发明包括能够向端点设备发送包括根文件夹列表的通知的同步存储服务器。 端点设备将发送的根文件夹列表与端点设备内存中之前存储的根文件夹列表进行比较。 如果终点设备检测到同步存储服务器上的新根文件夹,则现有文件夹中的更改或文件夹中已删除的内容将终止设备将确定对存储的数据进行更改。 接下来,终端设备将与同步存储服务器同步并创建新的存储列表。 最后,同步存储服务器将向端点设备发送一个新的加密文件夹加密密钥,其中包括加密的文件内容以及诸如服务器名称和修订信息之类的标识信息。
-
公开(公告)号:US20140108785A1
公开(公告)日:2014-04-17
申请号:US13928400
申请日:2013-06-27
IPC分类号: H04L29/06
CPC分类号: H04L9/3263 , H04L9/083 , H04L9/0861 , H04L9/14 , H04L9/30 , H04L63/062 , H04L63/0823
摘要: This invention includes a solution to enable a digital authentication solution comprising a network. Next, a first device is coupled to the network. The first device may include an authentication key generator that is able to generate both public and private keys in electronic formats. Next, the first device is coupled to a certificate authority gateway. The certificate authority gateway includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. Next, the certificate authority gateway is coupled to a certificate authority server. The certificate authority server includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. The certificate authority server is also contained in a secure area such as a locked room, or a safe. The secure area includes features that allow the non-electronically formatted public key to be passed across the boundary of the secure area. Finally, a second device is coupled to the network.
摘要翻译: 本发明包括能够实现包括网络的数字认证解决方案的解决方案。 接下来,第一设备耦合到网络。 第一设备可以包括认证密钥生成器,其能够以电子格式生成公钥和私钥。 接下来,第一设备耦合到认证机构网关。 认证机构网关包括能够将电子格式化的公钥转换为非电子格式的设备,反之亦然。 接下来,认证机构网关被连接到认证机构服务器。 认证机构服务器包括能够将电子格式化的公钥转换为非电子格式的装置,反之亦然。 证书颁发机构服务器也包含在诸如锁定的房间或保险柜之类的安全区域中。 安全区域包括允许非电子格式化的公钥通过安全区域的边界的特征。 最后,第二设备耦合到网络。
-
公开(公告)号:US20140195793A1
公开(公告)日:2014-07-10
申请号:US13855713
申请日:2013-04-03
IPC分类号: G06F9/44
CPC分类号: G06F9/4421 , G06F9/448 , H04L63/123 , H04L63/1441
摘要: This invention includes apparatus, systems, and methods for repairing a corrupted device still in the field by sending the corrupted device a known-good configuration derived from the majority group of devices in the field. First, an initial inventory and content scan of the device's hardware and software stack is taken. The attestation server uses the collection of results to determine a statistically known-good configuration for each type of device. The attestation server groups the known good devices by devices and ideally all of the devices of the same type are configured mostly the same. The attestation server sends an alert to the device that the device is configured differently than the plurality of existing devices. Finally, the attestation server will request a known-good configuration from one of the devices in the plurality of existing devices to repair the corrupted device in the field.
摘要翻译: 本发明包括用于通过将已损坏的设备从现场的多数设备派生的已知好的配置发送来修复仍在现场的损坏设备的装置,系统和方法。 首先,对设备的硬件和软件堆栈进行初始清单和内容扫描。 认证服务器使用结果的集合来确定每种类型的设备的统计上已知的良好配置。 认证服务器通过设备对已知的良好设备进行分组,理想情况下,所有相同类型的设备大部分配置相同。 认证服务器向设备发送与多个现有设备不同的设备的警报。 最后,认证服务器将从多个现有设备中的一个设备请求已知的良好配置来修复现场的损坏的设备。
-
公开(公告)号:US20140112472A1
公开(公告)日:2014-04-24
申请号:US13656231
申请日:2012-10-19
IPC分类号: H04W12/06
CPC分类号: H04L63/0428 , H04L9/0872 , H04L63/107 , H04W4/021 , H04W12/06 , H04W84/12
摘要: The invention includes methods for cryptographically authenticating access between devices when the devices are within a geospatial boundary comprising the first step of keeping track of the physical position of the devices using both low and, or high fidelity geospatial positioning techniques. Next, a first device determines whether any nearby mobile devices have entered the geospatial boundary. Next, the first device determines if any of the mobile devices are peers eligible for cryptographic authentication. After the first device authenticates that the other device within the geospatial boundary is a trusted peer, the devices may perform various data and, or dynamic policy operations.
摘要翻译: 本发明包括当设备在地理空间边界内时在设备之间进行加密认证的方法,包括使用低和或高保真地理空间定位技术跟踪设备的物理位置的第一步骤。 接下来,第一设备确定任何附近的移动设备是否已经进入地理空间边界。 接下来,第一设备确定任何移动设备是否符合加密认证的对等体。 在第一个设备认证地理空间边界中的其他设备是可信对等体之后,设备可以执行各种数据和动态策略操作。
-
公开(公告)号:US20130340067A1
公开(公告)日:2013-12-19
申请号:US13850282
申请日:2013-03-25
IPC分类号: H04L29/06
CPC分类号: H04L63/0272 , H04L63/0478 , H04L63/162 , H04L63/168
摘要: The invention includes a system for transmitting multi-wrapped VPN enabled-data across a communication network from a device to another destination device within a remote protected network. The device comprises a software stack, hardware layer, application-layer VPN software, link-layer VPN software, and user-based application software. Next, the device is coupled to a communication network. Next, the system includes a link-layer VPN aggregator and an application-layer VPN aggregator. Finally, the system includes a protected network that includes the destination device. The invention includes embodiments for configuring a device to transmit multi-wrapped VPN enabled-data and processes for transmitting multi-wrapped VPN enabled-data across a communication network from a device to another destination device within a remote protected network. Finally, the invention includes inverse processes so the destination device can transmit data back through the communication network and to the device.
摘要翻译: 本发明包括一种用于在通过远程受保护网络中的设备到另一目的地设备的通信网络上传输多重封装VPN启用数据的系统。 该设备包括软件堆栈,硬件层,应用层VPN软件,链路层VPN软件和基于用户的应用软件。 接下来,该设备耦合到通信网络。 接下来,系统包括链路层VPN聚合器和应用层VPN聚合器。 最后,系统包括一个包含目标设备的受保护网络。 本发明包括用于配置设备以传输多封包VPN启用数据的实施例,以及用于在通过远程受保护网络中的设备到另一目的设备的通信网络之间传输多重封装VPN启用数据的过程。 最后,本发明包括逆过程,因此目的设备可以通过通信网络和设备发回数据。
-
公开(公告)号:US09380048B2
公开(公告)日:2016-06-28
申请号:US13928400
申请日:2013-06-27
IPC分类号: H04L29/06
CPC分类号: H04L9/3263 , H04L9/083 , H04L9/0861 , H04L9/14 , H04L9/30 , H04L63/062 , H04L63/0823
摘要: This invention includes a solution to enable a digital authentication solution comprising a network. Next, a first device is coupled to the network. The first device may include an authentication key generator that is able to generate both public and private keys in electronic formats. Next, the first device is coupled to a certificate authority gateway. The certificate authority gateway includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. Next, the certificate authority gateway is coupled to a certificate authority server. The certificate authority server includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. The certificate authority server is also contained in a secure area such as a locked room, or a safe. The secure area includes features that allow the non-electronically formatted public key to be passed across the boundary of the secure area. Finally, a second device is coupled to the network.
摘要翻译: 本发明包括能够实现包括网络的数字认证解决方案的解决方案。 接下来,第一设备耦合到网络。 第一设备可以包括认证密钥生成器,其能够以电子格式生成公钥和私钥。 接下来,第一设备耦合到认证机构网关。 认证机构网关包括能够将电子格式化的公钥转换为非电子格式的设备,反之亦然。 接下来,认证机构网关被连接到认证机构服务器。 认证机构服务器包括能够将电子格式化的公钥转换为非电子格式的装置,反之亦然。 证书颁发机构服务器也包含在诸如锁定的房间或保险柜之类的安全区域中。 安全区域包括允许非电子格式化的公钥通过安全区域的边界的特征。 最后,第二设备耦合到网络。
-
公开(公告)号:US09124574B2
公开(公告)日:2015-09-01
申请号:US13969544
申请日:2013-08-17
CPC分类号: H04L63/08 , H04L63/02 , H04L63/0435 , H04L63/0815 , H04L63/083 , H04L63/0869 , H04L67/24
摘要: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.
摘要翻译: 本发明包括一种使设备能够通过安全通信网络确定另一设备的存在信息的系统和方法。 首先,设备和存在服务器建立安全连接。 接下来,当建立与存在服务器的初始安全连接时,设备生成随机创建的令牌并将其提供给呈现服务器。 令牌由设备和存在服务器用作共享密钥,以通过非安全连接保护未来存在通信。 接下来,不需要再次输入密码或与存在服务器建立安全连接,设备使用共享秘密通过任意连接对存在服务器进行签名,加密和传送存在信息。 最后,存在服务器可以与另一设备共享第一设备的存在信息。
-
公开(公告)号:US09055440B2
公开(公告)日:2015-06-09
申请号:US13656231
申请日:2012-10-19
CPC分类号: H04L63/0428 , H04L9/0872 , H04L63/107 , H04W4/021 , H04W12/06 , H04W84/12
摘要: The invention includes methods for cryptographically authenticating access between devices when the devices are within a geospatial boundary comprising the first step of keeping track of the physical position of the devices using both low and, or high fidelity geospatial positioning techniques. Next, a first device determines whether any nearby mobile devices have entered the geospatial boundary. Next, the first device determines if any of the mobile devices are peers eligible for cryptographic authentication. After the first device authenticates that the other device within the geospatial boundary is a trusted peer, the devices may perform various data and, or dynamic policy operations.
摘要翻译: 本发明包括当设备在地理空间边界内时在设备之间进行加密认证的方法,包括使用低和或高保真地理空间定位技术跟踪设备的物理位置的第一步骤。 接下来,第一设备确定任何附近的移动设备是否已经进入地理空间边界。 接下来,第一设备确定任何移动设备是否符合加密认证的对等体。 在第一个设备认证地理空间边界中的其他设备是可信对等体之后,设备可以执行各种数据和动态策略操作。
-
公开(公告)号:US20140053255A1
公开(公告)日:2014-02-20
申请号:US13969544
申请日:2013-08-17
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/02 , H04L63/0435 , H04L63/0815 , H04L63/083 , H04L63/0869 , H04L67/24
摘要: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.
摘要翻译: 本发明包括一种使设备能够通过安全通信网络确定另一设备的存在信息的系统和方法。 首先,设备和存在服务器建立安全连接。 接下来,当建立与存在服务器的初始安全连接时,设备生成随机创建的令牌并将其提供给呈现服务器。 令牌由设备和存在服务器用作共享密钥,以通过非安全连接保护未来存在通信。 接下来,不需要再次输入密码或与存在服务器建立安全连接,设备使用共享秘密通过任意连接对存在服务器进行签名,加密和传送存在信息。 最后,存在服务器可以与另一设备共享第一设备的存在信息。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.015 秒)
