公开(公告)号：US12063306B2

公开(公告)日：2024-08-13

申请号：US18468910

申请日：2023-09-18

Applicant: F-Secure Corporation

Inventor： Marc William Rogers ,  Brian James Buck

IPC: H04L9/32 ,  G06F21/57 ,  G09C1/00 ,  H04L9/08 ,  H04W12/12 ,  H04W12/126

CPC classification number: H04L9/3234 ,  G06F21/575 ,  G09C1/00 ,  H04L9/088 ,  H04W12/12 ,  H04W12/126 ,  H04L2209/127 ,  H04L2209/80

Abstract: A method for locating a mobile device which is not in possession of the owner using an owner verification server. A mobile network operator server sends a message to the owner verification server requesting verification of ownership. The owner verification server retrieves ownership status and transmits a request to the mobile network operator server to transmit location tracking data when the ownership status indicates that the device is not in the owner's possession. The owner verification server forwards the location tracking data to the device owner.

公开(公告)号：US12010248B2

公开(公告)日：2024-06-11

申请号：US18216992

申请日：2023-06-30

Applicant: Stripe, Inc.

Inventor： Carl Jackson ,  Bryan Berg ,  David Terrence Bartley ,  Evan Broder

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/40

CPC classification number: H04L9/3263 ,  H04L9/14 ,  H04L9/3247 ,  H04L9/3268 ,  H04L9/3271 ,  H04L63/0428 ,  H04L63/083 ,  H04L2209/127

Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

公开(公告)号：US11966461B2

公开(公告)日：2024-04-23

申请号：US17662869

申请日：2022-05-11

Applicant: Microsoft Technology Licensing, LLC

Inventor： Tushar Suresh Sugandhi ,  Amber Tianqi Guo ,  Balaji Balasubramanyan ,  Abhijat Singh ,  Ahmed Saruhan Karademir ,  Benjamin M. Schultz ,  Hari R. Pulapaka ,  Gupta Shubham ,  Chase Thomas ,  Carlos Ernesto Peza Ramirez

IPC: G06F21/51 ,  G06F9/455 ,  G06F21/57 ,  H04L9/32

CPC classification number: G06F21/51 ,  G06F9/45558 ,  G06F21/57 ,  H04L9/3236 ,  H04L9/3263 ,  G06F2009/4557 ,  H04L2209/127

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

公开(公告)号：US11943368B2

公开(公告)日：2024-03-26

申请号：US15803574

申请日：2017-11-03

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mark Fishel Novak ,  Benjamin Seth Moore

IPC: H04L9/00 ,  G06F21/53 ,  G06F21/74 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3247 ,  G06F21/53 ,  G06F21/74 ,  H04L9/14 ,  H04L9/30 ,  H04L63/061 ,  H04L2209/127

Abstract: Techniques are described herein that are capable of provisioning a trusted execution environment (TEE) based on (e.g., based at least in part on) a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information.

公开(公告)号：US11943366B2

公开(公告)日：2024-03-26

申请号：US18084372

申请日：2022-12-19

Applicant: Okta, Inc.

Inventor： Chandra Shirashyad ,  Ildar Abdullin ,  Umang Shah ,  Naveen Kumar Keerthy ,  Cedric Beust

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04W4/80

CPC classification number: H04L9/3234 ,  H04L9/0825 ,  H04L9/3228 ,  H04L9/3231 ,  H04W4/80 ,  H04L2209/127 ,  H04L2209/80

Abstract: An authentication system facilitates a transfer of enrollment in authentication services between client devices. The authentication system enrolls a client device in authentication services to enable the client device to be used for authenticating requests to access one or more services. As part of enrolling the client device, the authentication system receives authentication enrollment information for the client device that is associated with one or more authentication credentials securely stored on the client device (e.g., a multi-factor authentication (MFA) certificate). The authentication system facilitates one or more processes for transferring the enrollment from an enrolled client device to a non-enrolled client device that limit the number and complexity of actions performed by the user. In particular, the authentication system facilitates transfer of enrollment based on receiving enrollment transfer requests authorized by the enrolled client device using one or more authentication credentials associated with the enrollment of the enrolled client device.

公开(公告)号：US20240039729A1

公开(公告)日：2024-02-01

申请号：US18481965

申请日：2023-10-05

Applicant: OKTA, INC.

Inventor： Chandra Shirashyad ,  lldar Abdullin ,  Umang Shah ,  Naveen Kumar Keerthy ,  Cedric Beust

IPC: H04L9/32 ,  H04L9/08 ,  H04W4/80

CPC classification number: H04L9/3234 ,  H04L9/0825 ,  H04L9/3228 ,  H04W4/80 ,  H04L9/3231 ,  H04L2209/80 ,  H04L2209/127

Abstract: An authentication system facilitates a transfer of enrollment in authentication services between client devices. The authentication system enrolls a client device in authentication services to enable the client device to be used for authenticating requests to access one or more services. As part of enrolling the client device, the authentication system receives authentication enrollment information for the client device that is associated with one or more authentication credentials securely stored on the client device (e.g., a multi-factor authentication (MFA) certificate). The authentication system facilitates one or more processes for transferring the enrollment from an enrolled client device to a non-enrolled client device that limit the number and complexity of actions performed by the user. In particular, the authentication system facilitates transfer of enrollment based on receiving enrollment transfer requests authorized by the enrolled client device using one or more authentication credentials associated with the enrollment of the enrolled client device.

公开(公告)号：US20240039714A1

公开(公告)日：2024-02-01

申请号：US18447083

申请日：2023-08-09

Applicant: Apple Inc.

Inventor： Wade Benson ,  Libor Sykora ,  Vratislav Kuzela ,  Michael Brouwer ,  Andrew R. Whalley ,  Jerrold V. Hauck ,  David Finkelstein ,  Thomas Mensch

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F21/32 ,  H04L9/14 ,  G06F21/74 ,  G06F21/72 ,  G06F21/78 ,  H04L9/40

CPC classification number: H04L9/0861 ,  H04L9/3268 ,  H04L9/006 ,  H04L9/3249 ,  G06F21/32 ,  H04L9/3239 ,  H04L9/14 ,  G06F21/74 ,  H04L9/0877 ,  H04L9/3231 ,  H04L9/3234 ,  G06F21/72 ,  G06F21/78 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/0861 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/127 ,  G06F13/28

Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

公开(公告)号：US20180293390A1

公开(公告)日：2018-10-11

申请号：US15483576

申请日：2017-04-10

Applicant: Wind River Systems, Inc.

Inventor： Arlen BAKER

IPC: G06F21/60 ,  G06F21/62 ,  G06F21/86 ,  H04L9/08

CPC classification number: G06F21/602 ,  G06F21/57 ,  G06F21/6218 ,  G06F21/86 ,  H04L9/0897 ,  H04L2209/127

Abstract: A device, system, and method protects cryptographic keying material. The method is performed at an electronic device including a plurality of components housed in an enclosure. The method includes determining a tamper state of the enclosure, the tamper state being one of a secure state in which the enclosure has not been physically tampered or an unsecure state in which the enclosure has been physically tampered. When the tamper state is the secure state, the method includes associating a first value with the application. When the tamper state is the unsecure state, the method includes associating a second value with the application. The first value is configured to enable access to the data in the data storage unit. The second value prevents access to the data in the data storage unit.

公开(公告)号：US20180114039A1

公开(公告)日：2018-04-26

申请号：US15553344

申请日：2015-12-28

Applicant: PRIVATE MACHINES INC.

Inventor： Radu Sion

IPC: G06F21/87 ,  G06F21/62 ,  G06F21/60 ,  G06F21/72

CPC classification number: G06F21/87 ,  G06F21/602 ,  G06F21/6245 ,  G06F21/72 ,  G09C1/00 ,  H01L23/57 ,  H04L9/002 ,  H04L2209/127 ,  H04L2209/805 ,  H05K1/0275

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, a cryptography module, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

公开(公告)号：US09864608B2

公开(公告)日：2018-01-09

申请号：US15063145

申请日：2016-03-07

Applicant: Microsoft Technology Licensing, LLC

Inventor： Christopher McCarron ,  Varugis Kurien

IPC: G06F21/00 ,  G06F9/44 ,  G06F21/30 ,  H04L9/32 ,  H04L29/06 ,  G06F3/06 ,  G06F12/14 ,  H04L9/30 ,  H04L29/08

CPC classification number: G06F9/4416 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/067 ,  G06F12/1408 ,  G06F21/30 ,  G06F21/305 ,  G06F2212/1052 ,  H04L9/30 ,  H04L9/32 ,  H04L9/3215 ,  H04L9/3271 ,  H04L63/0428 ,  H04L63/0869 ,  H04L67/10 ,  H04L2209/127 ,  H04L2209/80

Abstract: A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.