公开(公告)号：WO2016168926A1

公开(公告)日：2016-10-27

申请号：PCT/CA2016/050451

申请日：2016-04-20

Applicant: CERTICOM CORP.

Inventor： BROWN, Daniel Richard L.

IPC: G09C5/00 ,  G06F7/58 ,  G06F7/72 ,  H04L9/00

CPC classification number: H04L9/0662 ,  G09C5/00 ,  H04L9/0869 ,  H04L9/3006 ,  H04L9/3066 ,  H04L63/0442 ,  H04L63/126

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, a solution to a puzzle is obtained. A pseudorandom generator is seeded based on the solution. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated. The parameter is generated from the output from the pseudorandom generator.

Abstract translation: 描述用于生成加密功能参数的方法，系统和计算机程序。 在一些示例中，获得难题的解决方案。 基于该解决方案接种伪随机发生器。 在伪随机发生器接种之后，获得来自伪随机发生器的输出。 生成加密功能的参数。 该参数是从伪随机发生器的输出生成的。

公开(公告)号：WO2014005211A1

公开(公告)日：2014-01-09

申请号：PCT/CA2012/050465

申请日：2012-07-09

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP. ,  CORMIER, Jean-Philippe Paul ,  HOLE, David Philip ,  RUSSELL, Nicholas James ,  O'LOUGHLIN, Daniel Francis

Inventor： CORMIER, Jean-Philippe Paul ,  HOLE, David Philip ,  RUSSELL, Nicholas James ,  O'LOUGHLIN, Daniel Francis

IPC: H04W8/20

CPC classification number: H04W8/205 ,  H04L9/3268 ,  H04L63/0823 ,  H04L2209/80 ,  H04W8/183 ,  H04W12/06 ,  H04W88/02

Abstract: Techniques for use in transferring an assignment of a secure chip of a wireless device from a current subscription manager (SM) of a current mobile network operator (MNO) to a new SM of a new MNO are described. In one illustrative example, the current SM receives a request for transferring the assignment and produces transfer permission data in response. The transfer permission data includes an identifier of the secure chip, an identifier of the current SM, and a digital signature of the current SM. The current SM then sends to the secure chip a transfer permission message which includes the transfer permission data. The transfer permission data indicates a permission for the secure chip to transfer the assignment from the current SM to the new SM. Additional techniques are performed by the secure chip, and the new SM, as described.

Abstract translation: 描述了用于将无线设备的安全芯片的分配从当前移动网络运营商（MNO）的当前订阅管理器（SM）传送到新的MNO的新SM的技术。 在一个说明性示例中，当前SM接收到传送分配的请求，并作为响应产生传送许可数据。 传输许可数据包括安全芯片的标识符，当前SM的标识符和当前SM的数字签名。 当前的SM然后向安全芯片发送包括传输许可数据的传输许可消息。 传输许可数据指示安全芯片允许从当前SM传送分配到新的SM。 附加技术由安全芯片和新SM执行，如所述。

公开(公告)号：WO2014004688A1

公开(公告)日：2014-01-03

申请号：PCT/US2013/047921

申请日：2013-06-26

Applicant: CERTICOM CORP. ,  BROWN, Daniel Richard, L. ,  CAMPAGNA, Matthew, John ,  EBEID, Nevine Maurice, Nassif

Inventor： BROWN, Daniel Richard, L. ,  CAMPAGNA, Matthew, John ,  EBEID, Nevine Maurice, Nassif

IPC: H04L9/08

CPC classification number: H04L9/0819 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3271 ,  H04L63/123 ,  H04L2209/24 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/02 ,  H04W12/04 ,  H04W12/10

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract translation: 描述用于在通信系统中执行密钥协商操作的方法，系统和计算机程序。 在一些方面，无线网络运营商接收移动设备标识符并访问与移动设备相关联的秘密密钥。 基于秘密密钥来评估消息认证码功能以产生输出值。 基于输出值获得会话密钥和质询值。 在一些方面，响应于从无线网络运营商接收到挑战值，移动设备访问秘密密钥。 基于秘密密钥来评估消息认证码功能以产生输出值。 基于输出值获得响应值和会话密钥。 响应值被发送到无线网络运营商。

公开(公告)号：WO2013127014A1

公开(公告)日：2013-09-06

申请号：PCT/CA2013/050150

申请日：2013-02-28

Applicant: CERTICOM CORP.

Inventor： CAMPAGNA, Matthew John ,  BROWN, Daniel Richard L. ,  ZAVERUCHA, Gregory Marc

IPC: H04L12/12 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/0847 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/08 ,  H04L63/126 ,  H04L63/166 ,  H04L63/18 ,  H04L67/14

Abstract: A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation.

Abstract translation: 提供了一种用于使客户端设备能够连接到网络的系统和方法。 该方法包括：经由与网络不同的通信信道获得授权码，与客户端设备对应的授权码; 并且在检测到客户端设备发起安全协商协议之后，在至少一个安全协商操作中使用授权码。

公开(公告)号：WO2013044088A1

公开(公告)日：2013-03-28

申请号：PCT/US2012/056653

申请日：2012-09-21

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP.

Inventor： PECEN, Mark, E. ,  ANDERSEN, Niels Peter Skov ,  PERIYALWAR, Shalini Suresh ,  CAMPAGNA, Matthew John

IPC: H04W28/16

CPC classification number: H04W48/08 ,  H04L47/745 ,  H04L47/803 ,  H04L47/824 ,  H04L63/0823 ,  H04L63/123 ,  H04W4/50 ,  H04W4/60 ,  H04W12/08

Abstract: Methods, systems, and computer programs for managing mobile device applications are described. In some aspects, a mobile device application is prevented from accessing resources of a wireless network. For example, a wireless network operator system can determine that one or more mobile device applications are disapproved for use in the wireless network. In some implementations, the wireless network operator denies the disapproved mobile device applications access to the wireless network resources. In some implementations, mobile devices disable access to the wireless network by the disapproved mobile device applications.

Abstract translation: 描述了用于管理移动设备应用的方法，系统和计算机程序。 在一些方面，防止移动设备应用访问无线网络的资源。 例如，无线网络运营商系统可以确定一个或多个移动设备应用被拒绝在无线网络中使用。 在一些实现中，无线网络运营商拒绝被拒绝的移动设备应用访问无线网络资源。 在一些实施方式中，移动设备通过拒绝的移动设备应用来禁止对无线网络的访问。

公开(公告)号：WO2013009288A1

公开(公告)日：2013-01-17

申请号：PCT/US2011/043538

申请日：2011-07-11

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP. ,  LAZARIDIS, Mihal ,  PECEN, Mark E. ,  VANSTONE, Scott Alexander ,  CAMPAGNA, Matthew John ,  ROSATI, Anthony

Inventor： LAZARIDIS, Mihal ,  PECEN, Mark E. ,  VANSTONE, Scott Alexander ,  CAMPAGNA, Matthew John ,  ROSATI, Anthony

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/10 ,  H04L63/0492 ,  H04L63/0823 ,  H04L63/126 ,  H04W4/80 ,  H04W12/06 ,  H04W92/18

Abstract: Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, information is wirelessly transmitted from a first mobile device to a second mobile device. The information permits the second mobile device to detect proximity of the first mobile device. In some implementations, the information can be wirelessly transmitted by a proximity- activated wireless interface, such as, for example, a Near Field Communication (NFC) interface. In response to the information, the first mobile device receives a message and a first authentication value wirelessly transmitted from the second mobile device to the first mobile device. A second authentication value is generated at the first mobile device based on the message and the shared secret value. Integrity of the message is verified based on comparing the first authentication value and the second authentication value.

Abstract translation: 描述了用于移动设备之间的可信通信的方法，系统和计算机程序。 在一些方面，信息从第一移动设备无线传输到第二移动设备。 该信息允许第二移动设备检测第一移动设备的接近度。 在一些实现中，信息可以由接近激活的无线接口（例如近场通信（NFC））接口无线地发送。 响应于该信息，第一移动设备接收从第二移动设备无线发送到第一移动设备的消息和第一认证值。 基于消息和共享秘密值在第一移动设备处生成第二认证值。 通过比较第一认证值和第二认证值来验证消息的完整性。

公开(公告)号：WO2010057312A1

公开(公告)日：2010-05-27

申请号：PCT/CA2009/001686

申请日：2009-11-24

Applicant: CERTICOM CORP. ,  O'LOUGHLIN, Daniel ,  SMITH, Keelan ,  FULLER, Jay, Scott ,  KU, Joseph ,  LATTIN, William ,  STRUIK, Marinus ,  POELUEV, Yuri ,  CAMPAGNA, Matthew, J. ,  STIEMERLING, Thomas

Inventor： O'LOUGHLIN, Daniel ,  SMITH, Keelan ,  FULLER, Jay, Scott ,  KU, Joseph ,  LATTIN, William ,  STRUIK, Marinus ,  POELUEV, Yuri ,  CAMPAGNA, Matthew, J. ,  STIEMERLING, Thomas

IPC: G06F21/00 ,  G06F9/445 ,  H04L9/30

CPC classification number: G06F12/1408 ,  G06F21/123 ,  G06F21/57 ,  G06F21/606 ,  G06F21/72 ,  G06F21/73 ,  G06F21/76 ,  G06F21/80 ,  G06F2212/1052 ,  G06F2221/2101 ,  H04L9/0877 ,  H04L9/3066 ,  H04L9/3252 ,  H04L9/3263 ,  H04L9/3273 ,  H04L2209/24

Abstract: An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session.

Abstract translation: 提供资产管理系统，其中包括作为资产控制核心运行的硬件模块。 资产控制核心通常包括嵌入在目标片上系统中的小型硬件核心，其在硅芯片上建立基于硬件的信任点。 资产控制核心可以作为消费者设备的信任根源，具有使其难以篡改的特征。 资产控制核心能够为一个设备生成唯一的标识符，并通过与设备的安全通信通道参与设备的跟踪和配置。 该设备通常包括一个安全模块，它将配置数据高速缓存并分配给连接到资产控制核心的许多代理之一，例如， 在生产线上或在售后市场的程序设计会议。

公开(公告)号：WO2010048721A1

公开(公告)日：2010-05-06

申请号：PCT/CA2009/001559

申请日：2009-10-30

Applicant: CERTICOM CORP. ,  BROWN, Daniel R.L. ,  CAMPAGNA, Matthew, J. ,  STRUIK, Marinus

Inventor： BROWN, Daniel R.L. ,  CAMPAGNA, Matthew, J. ,  STRUIK, Marinus

IPC: G09C5/00 ,  G06F7/00 ,  H04L9/28

CPC classification number: H04L9/0643 ,  H04L9/3066 ,  H04L2209/20

Abstract: Elliptic curve hash functions are provided which do not require a pre-existing hash function, such as that required by the MuHash. The elliptic curve hash functions can be built from scratch and are collision free and can be incremental. In one embodiment, rather than a pre-existing hash function, the identity function with padding is used; and in another embodiment, rather than a pre-existing hash function, a block cipher with a fixed non-secret key is used.

Abstract translation: 提供了椭圆曲线散列函数，它不需要预先存在的哈希函数，如MuHash所要求的哈希函数。 椭圆曲线哈希函数可以从头开始构建，并且是无冲突的并且可以是增量的。 在一个实施例中，使用具有填充的身份函数，而不是预先存在的散列函数; 并且在另一个实施例中，使用具有固定非秘密密钥的块密码而不是预先存在的散列函数。

公开(公告)号：WO2010048720A1

公开(公告)日：2010-05-06

申请号：PCT/CA2009/001558

申请日：2009-10-30

Applicant: CERTICOM CORP. ,  FULLER, Jay Scott

Inventor： FULLER, Jay Scott

IPC: H03K19/007

CPC classification number: H03K17/20 ,  G06F1/24 ,  H03K5/19 ,  H03K17/223

Abstract: There is disclosed a system for detecting the assertion of a reset signal. A plurality of circuit elements are configurable by a reset signal to output a string of data values in a predetermined pattern. A comparator receives the string of data values and determines whether the string of data values matches the predetermined pattern. If so, the comparator generates an output signal indicative of a reset. In one embodiment, the output signal of the comparator can be used to automatically trigger a reset if the reset signal has not been asserted.

Abstract translation: 公开了一种用于检测复位信号的断言的系统。 多个电路元件可由复位信号配置，以预定模式输出一串数据值。 比较器接收数据值串，并确定数据值串是否符合预定模式。 如果是，则比较器产生指示复位的输出信号。 在一个实施例中，如果复位信号尚未被断言，比较器的输出信号可用于自动触发复位。

公开(公告)号：WO2009073969A1

公开(公告)日：2009-06-18

申请号：PCT/CA2008/002143

申请日：2008-12-11

Applicant: CERTICOM CORP. ,  DASKALOPOULOS, Michael ,  VADEKAR, Ashok ,  WONG, David ,  LATTIN, William ,  O'LOUGHLIN, Daniel ,  SEQUINO, David R.

Inventor： DASKALOPOULOS, Michael ,  VADEKAR, Ashok ,  WONG, David ,  LATTIN, William ,  O'LOUGHLIN, Daniel ,  SEQUINO, David R.

IPC: H04L9/00 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L63/0428 ,  G06F21/10 ,  G06F21/57 ,  G06F2221/0742 ,  G06F2221/2135 ,  H04L63/061 ,  H04L67/125

Abstract: Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.

Abstract translation: 建立参与升级或启用/禁用进程的实体之间的信任，并且为了便于远程和安全地使用正在生产的系统中的高度防篡改的信任点。 这一信任点使得能够使用更有效率的分配系统。 通过供应过程或在稍后的阶段，即在安装，制造，组装，销售等之后; 在被修改的设备或系统上体现为特征控制器的信任点被给予特征集（或更新的特征集），其在被验证时被用于启用或禁用整个特征或激活特征的部分。