公开(公告)号：US06633981B1

公开(公告)日：2003-10-14

申请号：US09336009

申请日：1999-06-18

申请人： Derek L. Davis

发明人： Derek L. Davis

IPC分类号： G06F0124

CPC分类号： G06F21/57 ,  G06F2221/2103 ,  G06F2221/2153

摘要： A Basic Input/Output System (BIOS) device is designed to control access to a portion of BIOS code loaded in its internal memory. For example, during a boot process, an internal state machine permits access to the portion of the BIOS code in response to authentication of a portable token in communication with the BIOS device. Otherwise, the BIOS device precludes access to the portion of the BIOS code until the portable token is authenticated.

摘要翻译： 基本输入/输出系统（BIOS）设备旨在控制访问其内部存储器中加载的一部分BIOS代码。 例如，在引导过程中，响应于与BIOS设备通信的便携式令牌的认证，内部状态机允许访问BIOS代码的一部分。 否则，BIOS设备排除对BIOS代码的部分的访问，直到便携式令牌被认证为止。

公开(公告)号：US06393565B1

公开(公告)日：2002-05-21

申请号：US09128321

申请日：1998-08-03

申请人： Roland T. Lockhart ,  Michael J. Wiener

发明人： Roland T. Lockhart ,  Michael J. Wiener

IPC分类号： G06F0124

CPC分类号： G07F7/1008 ,  G06F21/602 ,  G06Q20/341 ,  G06Q20/3576 ,  G07F7/1016 ,  H04L9/0891 ,  H04L9/0894

摘要： A data management system and method for a limited cryptographic storage unit, such as a smartcard or other hardware token, includes a cryptographic data manager that interfaces with the limited capacity cryptographic storage unit and a data overflow memory coupled to the cryptographic data manager. The cryptographic data manager stores cryptographic data, such as decryption private keys or other secret cryptographic data, in the overflow memory from the limited capacity cryptographic storage unit based on a limited capacity storage unit data update condition. The cryptographic data manager may serve as a secondary cryptographic data manager that receives the cryptographic data from an original cryptographic data storage device, or primary storage device such as a server that generates the cryptographic data, that stores a history of the cryptographic data.

摘要翻译： 用于有限密码存储单元（诸如智能卡或其他硬件令牌）的数据管理系统和方法包括与有限容量密码存储单元相连接的加密数据管理器和耦合到密码数据管理器的数据溢出存储器。 加密数据管理器基于有限容量存储单元数据更新条件，从有限容量密码存储单元存储溢出存储器中的解密私钥或其他秘密密码数据等密码数据。 加密数据管理器可以用作从原始密码数据存储设备或存储密码数据的历史的生成加密数据的主服务器的主存储设备接收加密数据的二级加密数据管理器。

公开(公告)号：US06707914B1

公开(公告)日：2004-03-16

申请号：US09450861

申请日：1999-11-29

申请人： Robert T. Bell

发明人： Robert T. Bell

IPC分类号： G06F0124

CPC分类号： H04L9/0662 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/12 ,  H04L2209/04

摘要： Within a communications system, first and second end stations coupled to a network participate in a communications session with one another using the network. Each end station includes an encryptor having at least a first linear feedback shift register (LFSR) and at least an associated first interconnect mask of a length not longer than the length of the first LFSR. At a particular one of the end stations, the encryptor generates an output sequence using the first LFSR and the first interconnect mask. An interconnect mask table contains polynomials that each correspond to an available interconnect mask. The end station receives a session key specifying the first interconnect mask. The end station uses the output sequence of the encryptor to encrypt an information stream during the session. In one particular embodiment, the network includes a local area network (LAN) that supports Internet Protocol (IP) and the end stations use real time protocol (RTP) to communicate audio information streams.

摘要翻译： 在通信系统内，耦合到网络的第一和第二终端站使用网络参与彼此的通信会话。 每个终端站包括具有至少第一线性反馈移位寄存器（LFSR）和至少相关联的第一互连掩模的加密器，其长度不长于第一LFSR的长度。 在特定一个终端站处，加密器使用第一LFSR和第一互连掩码生成输出序列。 互连掩模表包含各自对应于可用的互连掩模的多项式。 终端站接收指定第一互连掩码的会话密钥。 终端使用加密器的输出序列来加密会话期间的信息流。 在一个特定实施例中，网络包括支持因特网协议（IP）的局域网（LAN），并且终端站使用实时协议（RTP）来传送音频信息流。

公开(公告)号：US06604198B1

公开(公告)日：2003-08-05

申请号：US10137911

申请日：2002-05-03

申请人： Brian C. Beckman ,  Anthony D. Andrews ,  Alexander A. Armanasu

发明人： Brian C. Beckman ,  Anthony D. Andrews ,  Alexander A. Armanasu

IPC分类号： G06F0124

CPC分类号： G06F21/629 ,  G06F2221/2101 ,  G06F2221/2141 ,  G06F2221/2145

摘要： An object-based security framework provides automatic caller chain building to track the identity of upstream callers. An application developer can define impersonation settings declaratively using a graphical interface. At runtime, logic outside the application objects handles the caller chain and impersonation, relieving the developer from having to incorporate impersonation logic into the application. A group of special identities are permitted to provide identities of others without themselves being recorded in the chain when the chain traverses a method invocation queue. The framework supports a copy style for the chain to support various caller scenarios. Additionally, a minimum authentication level can be enforced throughout the chain. The caller chain can be used in conjunction with roles, and objects may consult the chain programmatically to enforce a custom security scheme.

公开(公告)号：US06341350B1

公开(公告)日：2002-01-22

申请号：US09144855

申请日：1998-09-01

申请人： Nobuyoshi Miyahara ,  Yoichi Yagasaki

发明人： Nobuyoshi Miyahara ,  Yoichi Yagasaki

IPC分类号： G06F0124

CPC分类号： G06T1/005 ,  G06T2201/0065 ,  H04N19/467 ,  H04N21/8358

摘要： A device and method for processing image data, a transmitting medium, and a recording medium are disclosed. More particularly, in image data processing by which accompanying information is embedded as a watermark into coded image data, a position in a block as a unit of coding the coded image data is detected, a blocked watermark pattern is provided, an area in which an operation relative to a first level value is performed and an area in which an operation relative to a second level value is performed are offered, and a watermark is appended to the coded image data in accordance with the blocked watermark pattern. It is thus possible to easily append a watermark that can be certainly detected.

摘要翻译： 公开了一种用于处理图像数据的装置和方法，发送介质和记录介质。 更具体地，在将伴随信息作为水印嵌入到图像数据的图像数据处理中，检测作为对编码图像数据进行编码的单元的块中的位置，提供阻塞的水印图案，其中， 执行相对于第一电平值的操作，并且提供执行相对于第二电平值的操作的区域，并且根据阻塞的水印图案将水印附加到编码图像数据。 因此，可以容易地附加可以肯定地检测到的水印。

公开(公告)号：US06282648B1

公开(公告)日：2001-08-28

申请号：US09706646

申请日：2000-11-06

申请人： Jay S. Walker ,  Bruce Schneier ,  James A. Jorasch

发明人： Jay S. Walker ,  Bruce Schneier ,  James A. Jorasch

IPC分类号： G06F0124

CPC分类号： H04L63/08 ,  G06Q50/06 ,  H04L9/3231 ,  H04L9/3271 ,  H04L9/3297 ,  H04L63/12 ,  H04L2209/38 ,  H04L2209/805 ,  Y02P90/845

摘要： The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.

摘要翻译： 本发明涉及用于获取物理测量的方法和装置，以及用于创建该测量的加密认证，使得其值和时间可以由不一定存在于测量中的一方来验证。认证测量还可以包括 将实际物理测量过程与认证测量相关联的佐证信息。 这样的佐证信息可以反映测量认证设备的内部或外部状态，以及可能存在于测量获取和认证中的任何人的见证标识符。认证可以包括用于从卫星接收定时信号的信号接收器 或其他外部来源。 外部定时信号可以用于产生包括在认证测量中的时间，或者可以用于确定测量认证设备的位置以包括在认证测量中。

公开(公告)号：US06223287B1

公开(公告)日：2001-04-24

申请号：US09122220

申请日：1998-07-24

申请人： Daniel G. Douglas ,  Stewart J. Edelman

发明人： Daniel G. Douglas ,  Stewart J. Edelman

IPC分类号： G06F0124

CPC分类号： H04L63/0428 ,  H04L63/0807 ,  H04L67/14 ,  H04L67/34 ,  H04L67/42 ,  H04L69/329

摘要： A method for establishing a secured communication channel between a client and a server is disclosed where a program and a set of encryption information for establishing the secured communication channel are delivered from the server to the client. The set of encryption information is compact and can be used to quickly and efficiently encipher and decipher data. In particular, the client requests a program from the server via a first secured communication channel that can be established by a web browser under the HTTPS (Hypertext Transfer Protocol with SSL) protocol. The server in response dynamically generates a set of encryption information and a token identifying this particular set of encryption information. This information is then sent with the requested program. While the program can be written in any language, the language of choice is a platform-independent language such as Java. When the program executes on the client and performs its programmed tasks, one of the tasks is to establish a separate, secured communication channel with the server using the encryption information from the server.

摘要翻译： 公开了一种用于在客户机和服务器之间建立安全通信信道的方法，其中用于建立安全通信信道的程序和一组加密信息从服务器传送到客户端。 该组加密信息紧凑，可用于快速有效地加密和解密数据。 特别地，客户机通过可以由HTTPS（具有SSL的超文本传输​​协议）协议的Web浏览器建立的第一安全通信信道从服务器请求程序。 响应的服务器动态地产生一组加密信息和标识该特定加密信息集的令牌。 然后，该信息将与所请求的程序一起发送。 虽然程序可以用任何语言编写，但选择的语言是一种与平台无关的语言，如Java。 当程序在客户机上执行并执行其编程任务时，其中一个任务是使用来自服务器的加密信息与服务器建立单独的安全通信通道。

公开(公告)号：US06505300B2

公开(公告)日：2003-01-07

申请号：US09097218

申请日：1998-06-12

申请人： Shannon Chan ,  Gregory Jensenworth ,  Mario C. Goertzel ,  Bharat Shah ,  Michael M. Swift ,  Richard B. Ward

发明人： Shannon Chan ,  Gregory Jensenworth ,  Mario C. Goertzel ,  Bharat Shah ,  Michael M. Swift ,  Richard B. Ward

IPC分类号： G06F0124

CPC分类号： G06F21/6218 ,  G06F21/53 ,  G06F2221/2101 ,  G06F2221/2141 ,  G06F2221/2145 ,  G06F2221/2149

摘要： Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.

摘要翻译： 为不受信任的内容提供限制的执行上下文，例如计算机代码或从网站下载的其他数据，电子邮件消息及其任何附件，以及在服务器上运行的脚本或客户端进程。 为不受信任的内容设置了限制的过程，并且内容尝试的任何操作都受到过程的限制，这可能基于各种标准。 每当进程尝试访问资源时，将与该进程关联的令牌与该资源的安全信息进行比较，以确定是否允许访问类型。 因此，每个资源的安全信息决定了受限制的过程以及不可信内容的访问程度。 一般来说，用于为每个不受信任的内容过程设置限制的标准是指示内容可能受信任或不受信任的信息。

公开(公告)号：US06505299B1

公开(公告)日：2003-01-07

申请号：US09260193

申请日：1999-03-01

申请人： Wenjun Zeng ,  Shaw-Min Lei

发明人： Wenjun Zeng ,  Shaw-Min Lei

IPC分类号： G06F0124

CPC分类号： H04N7/1675 ,  H04N19/51 ,  H04N19/517 ,  H04N19/60 ,  H04N19/645 ,  H04N19/88 ,  H04N21/23476

摘要： Methods and apparatus for encryption and decryption of digital images are disclosed. A preferred embodiment operates on an image frame after that frame has undergone a space-frequency transform operation, such as a block DCT or wavelet transform, and before the frame is passed to a bitstream coder for entropy coding. The transform coefficient map is subjected to one or more encryption operations that render a subsequently decoded (but not decrypted) image incomprehensible. These operations are designed to operate with low computational overhead and with only minor effects on compressed bit rate. They also allow secure transcoding at intermediate routers of the transmission channels without the cryptographic key. In one operation, the sign bits of transform coefficients are scrambled. In another operation, two dimensional blocks of coefficients from a common subband are shuffled and/or rotated to pseudorandom locations and orientations. In yet another operation, coefficients occupying a common “subband”, but taken from different DCT blocks, are shuffled. Still another operation shuffles motion vectors and/or scrambles sign bits for motion vector coefficients. These operations perturb the data as it will appear visually, without greatly perturbing the entropy of the data as presented to an entropy coder.

摘要翻译： 公开了用于数字图像的加密和解密的方法和装置。 优选实施例在帧经历了诸如块DCT或小波变换之类的空间频率变换操作之后，以及在帧被传送到用于熵编码的比特流编码器之前，对图像帧进行操作。 对变换系数映射进行一个或多个使后续解码（但不解密）图像不可理解的加密操作。 这些操作被设计为以低计算开销运行，并且对压缩比特率只有较小的影响。 它们还允许在传输信道的中间路由器处进行安全的代码转换，而没有加密密钥。在一个操作中，变换系数的符号位被加扰。 在另一个操作中，来自公共子带的二维系数块被混洗和/或旋转到伪随机位置和取向。 在另一个操作中，占用共同的“子带”但是从不同DCT块获取的系数被混洗。 另一个操作将运动矢量和/或加扰运动矢量系数的符号位混洗。 这些操作会扰乱数据，因为它将在视觉上出现，而不会大大扰乱呈现给熵编码器的数据的熵。

公开(公告)号：US06304967B1

公开(公告)日：2001-10-16

申请号：US09596631

申请日：2000-06-19

申请人： Ricky Gene Braddy

发明人： Ricky Gene Braddy

IPC分类号： G06F0124

CPC分类号： G06F9/5044 ,  G06F2209/509

摘要： A system and method are disclosed for distributing, monitoring and managing information requests on a computer network including one or more client computer systems, a first server computer system, and one or more secondary server computer systems. Information requests from the client computer systems to the first server computer system are intercepted and examined by a request broker software system implemented on the first server computer system. The request broker software system examines information regarding the capabilities and resources available on the first server computer system and the secondary server computer systems to determine whether to process the information request locally on the first server computer system or to process the information request remotely on one of the secondary server computer systems. The request broker software system will off-load or distribute the information requests to the secondary server computer systems so as to load-balance the information requests among the secondary server computer systems. The request broker software system will also monitor the processing of information requests and initiate recovery actions in the event a fault or error occurs during the processing of the request. If the information request is to be processed remotely on one of the secondary server computer systems, the request broker software system establishes an authenticated communication channel with the selected secondary server computer system to transmit the information request to the selected server computer system. The secondary server computer system processes the information request and sends the results back to the request broker software system on the first server computer system. The request broker software then sends the results of the information request that was processed either locally or remotely back to the client computer system that originated the information request.