专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US08588421B2 Cryptographic key containers on a USB token 有权
标题翻译： USB令牌上的加密密钥容器
公开(公告)号：US08588421B2
公开(公告)日：2013-11-19
申请号：US11627466
申请日：2007-01-26
申请人： Tolga Acar , Carl M. Ellison
发明人： Tolga Acar , Carl M. Ellison
IPC分类号： G06F21/00
CPC分类号： G06F21/6209 , G06F21/79 , H04L9/0897
摘要： A Universal Serial Bus (USB) compatible storage device is utilized as a security token for storage of cryptographic keys. A cryptographic subsystem of a processor accesses cryptographic keys in containers on the USB compatible storage device. Accessing includes storing and/or retrieving. The processor does not include an infrastructure dedicated to the USB compatible storage device. Cryptographic key storage is redirected from an in-processor container to the USB compatible storage device. No password or PIN is required to access the cryptographic keys, yet enhanced security is provided. Utilizing a USB compatible storage device for a cryptographic key container provides a convenient, portable, mechanism for carrying the cryptographic key, and additional security is provided via physical possession of the device.
摘要翻译：通用串行总线（USB）兼容存储设备被用作存储加密密钥的安全令牌。处理器的加密子系统访问USB兼容存储设备上的容器中的加密密钥。访问包括存储和/或检索。处理器不包括专用于USB兼容存储设备的基础设施。加密密钥存储从处理器内容器重定向到USB兼容的存储设备。不需要密码或密码来访问加密密钥，但提供了增强的安全性。利用用于加密密钥容器的USB兼容存储设备提供用于携带加密密钥的便利的便携式机制，并且通过物理拥有该设备来提供额外的安全性。

22. 发明授权

US08364984B2 Portable secure data files 有权
标题翻译：便携式安全数据文件
公开(公告)号：US08364984B2
公开(公告)日：2013-01-29
申请号：US12404007
申请日：2009-03-13
申请人： Charles G. Jeffries , Vijay G. Bharadwaj , Michael J. Grass , Matthew C. Setzer , Gaurav Sinha , Carl M. Ellison
发明人： Charles G. Jeffries , Vijay G. Bharadwaj , Michael J. Grass , Matthew C. Setzer , Gaurav Sinha , Carl M. Ellison
IPC分类号： G06F12/14 , G06F21/00 , G06F11/30
CPC分类号： G06F21/6209 , G06F2221/2107 , G06F2221/2115 , G06F2221/2151
摘要： A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion.
摘要翻译：便携式安全数据文件包括加密数据部分和元数据部分。当接收到与用于访问便携式安全数据文件的设备的当前用户相关联的请求时，访问元数据部分中的一个或多个记录以确定当前用户是否被允许访问加密数据部分中的文件数据。如果记录指示用户被允许访问文件数据，则使用该记录中的内容加密密钥对加密的数据部分进行解密。

23. 发明申请

US20110093939A1 RESOURCE ACCESS BASED ON MULTIPLE CREDENTIALS 有权
标题翻译：基于多个证书的资源访问
公开(公告)号：US20110093939A1
公开(公告)日：2011-04-21
申请号：US12582185
申请日：2009-10-20
申请人： Marc R. Barbour , Carl M. Ellison , Kristjan E. Hatlelid , Janet L. Schneider , Pieter R. Kasselman
发明人： Marc R. Barbour , Carl M. Ellison , Kristjan E. Hatlelid , Janet L. Schneider , Pieter R. Kasselman
IPC分类号： H04L9/32
CPC分类号： H04L63/10 , G06F21/40 , H04L63/08 , H04L63/0853 , H04L63/0861 , H04L63/105
摘要： A collection of multiple user credentials each associated with one of multiple different users is obtained at a device, and one or more of the multiple user credentials are verified. The collection of multiple user credentials is also compared to a threshold combination of user credentials to be satisfied to access the resource, and a determination is made, based on the comparing and the verifying, as to whether access to the resource is permitted. An indication of whether access to the resource by a requesting user is permitted is returned or provided to another device.
摘要翻译：在设备处获得与多个不同用户之一相关联的多个用户凭证的集合，并且验证多个用户凭证中的一个或多个。还将多个用户凭证的收集与用于访问资源的用户凭证的阈值组合进行比较，并且基于对允许对资源的访问的比较和验证进行确定。指示是否允许请求用户访问资源的指示返回或提供给另一设备。

24. 发明申请

US20110047545A1 Entropy Pools for Virtual Machines 有权
标题翻译：虚拟机的熵池
公开(公告)号：US20110047545A1
公开(公告)日：2011-02-24
申请号：US12546167
申请日：2009-08-24
申请人： Carl M. Ellison , Scott A. Field , Brandon S. Baker
发明人： Carl M. Ellison , Scott A. Field , Brandon S. Baker
IPC分类号： G06F9/455
CPC分类号： G06F9/45558 , G06F7/58 , G06F7/584 , G06F7/588 , G06F2009/45579
摘要： In the host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. The guest operating system maintains a guest operating system entropy pool based on the data from the entropy pool provided by the host operating system. The guest operating system accesses the guest operating system entropy pool and uses the guest operating system entropy pool as a basis for generating values including random numbers.
摘要翻译：在计算设备的主机操作系统中，至少部分地基于计算设备的一个或多个硬件组件中的每个收集熵数据。至少部分地基于收集的熵数据来更新熵池，并且将来自熵池的数据提供给作为计算设备的虚拟机运行的客户操作系统。客户操作系统基于主机操作系统提供的熵池的数据维护客户机操作系统熵池。访客操作系统访问客户操作系统熵池，并使用客户机操作系统熵池作为生成包括随机数的值的基础。

25. 发明申请

US20110019820A1 COMMUNICATION CHANNEL CLAIM DEPENDENT SECURITY PRECAUTIONS 有权
标题翻译：通信渠道索赔相关安全注意事项
公开(公告)号：US20110019820A1
公开(公告)日：2011-01-27
申请号：US12506568
申请日：2009-07-21
申请人： Octavian T. Ureche , Alex M. Semenko , Sai Vinayak , Carl M. Ellison
发明人： Octavian T. Ureche , Alex M. Semenko , Sai Vinayak , Carl M. Ellison
IPC分类号： H04L9/00 , G06F12/14
CPC分类号： H04L63/205 , G06F21/606 , H04L9/3247 , H04L2209/80
摘要： A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.
摘要翻译：获得一组用于通信信道的安全权利要求，该组安全权利要求包括一个或多个安全权利要求，每个安全权利要求各自标识通信信道的安全特性。存储安全声明，以及由实体在该组安全声明上生成的数字签名。随后当计算设备将数据传送到通信信道和/或从通信信道传送数据时，随后访问安全声明和数字签名。将该组安全声明与计算设备的安全策略进行比较，并且识别对该组安全声明进行数字签名的实体。至少部分地基于所述比较和对所述一组安全权利要求进行数字签名的实体来确定所述计算设备将用于向所述通信信道传送数据和/或从所述通信信道传送数据的一个或多个安全预防措施。

26. 发明授权

US07591002B2 Conditional activation of security policies 有权
标题翻译：有条件地激活安全策略
公开(公告)号：US07591002B2
公开(公告)日：2009-09-15
申请号：US11150819
申请日：2005-06-09
申请人： Art Shelest , Carl M. Ellison
发明人： Art Shelest , Carl M. Ellison
IPC分类号： G06F17/00
CPC分类号： G06F21/6218
摘要： A conditional activation system distributes a security policy to the computer systems of an enterprise. Upon receiving a security policy at a computer system, the computer system may install the received security policy without activation. When a security policy is installed without activation, it is loaded onto a computer system but is not used to process security enforcement events. The computer system may then determine whether a security policy activation criterion has been satisfied and, if so, activate the security policy.
摘要翻译：条件激活系统将安全策略分配给企业的计算机系统。在计算机系统接收到安全策略时，计算机系统可以安装所接收的安全策略而不激活。安装策略在没有激活的情况下安装时，它被加载到计算机系统上，但不用于处理安全强制事件。计算机系统然后可以确定是否已经满足安全策略激活标准，如果是，则激活安全策略。

27. 发明授权

US07516330B2 Platform and method for establishing provable identities while maintaining privacy 有权
标题翻译：在保持隐私的同时建立可证明身份的平台和方法
公开(公告)号：US07516330B2
公开(公告)日：2009-04-07
申请号：US11289747
申请日：2005-11-29
申请人： Carl M. Ellison , James A. Sutton
发明人： Carl M. Ellison , James A. Sutton
IPC分类号： H04L9/00
CPC分类号： H04L9/3265 , H04L9/3271 , H04L2209/42
摘要： In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.
摘要翻译：在一个实施例中，描述了一种利用假名来保护平台及其用户的身份的方法。该方法包括产生包含公共假名密钥的假名。公共假名密钥被放置在证书模板中。在证书模板上执行散列操作以产生从平台转换的证书哈希值。此后，将签名结果返回到平台。签名结果是转换的证书哈希值的数字签名。在执行签名结果的逆变换时，恢复证书哈希值的数字签名。该数字签名可以用于使用假名的后续通信的数据完整性检查。

28. 发明授权

US07246235B2 Time varying presentation of items based on a key hash 有权
标题翻译：基于密钥散列的时间变化表示项目
公开(公告)号：US07246235B2
公开(公告)日：2007-07-17
申请号：US09896088
申请日：2001-06-28
申请人： Carl M. Ellison , Stephen H. Dohrmann
发明人： Carl M. Ellison , Stephen H. Dohrmann
IPC分类号： H04L9/32 , H04L9/00
CPC分类号： H04L9/3297 , H04L2209/043 , H04L2209/80
摘要： A method for key verification through time varying item presentation based on a key hash result comprises generating a key hash result partially based on both a global identifier provided from a source and an estimated current time at that source. After generating the key hash result, a first time-varying item is produced using the key hash result as an index for a table lookup or generated based on Certain bit patterns forming the key hash result. Thereafter, the first time-varying item is presented for comparison with a second time-varying item being contemporaneously presented at the source. These computations are repeated, giving the impression of two views or instances of the same time-varying item. An attacker might be able to match one small portion of such a time sequence of presentations, by luck, but not any large portion of the sequence.
摘要翻译：基于密钥散列结果的通过时变项目呈现的密钥验证的方法包括部分地基于从源提供的全局标识符和在该源处的估计当前时间两者来产生密钥散列结果。在产生密钥散列结果之后，使用密钥哈希结果作为表查找的索引或基于形成密钥哈希结果的某些位模式生成的第一时变项目。此后，提供第一时变项目以与在源处同时呈现的第二时变项目进行比较。这些计算被重复，给出了两个视图或同一时间变化项目的实例的印象。攻击者可能能够匹配这样一个时间序列的一小部分，通过运气，但不是序列的任何大部分。

29. 发明授权

US07243231B2 Sensory verification of shared data 有权
标题翻译：共享数据的感官验证
公开(公告)号：US07243231B2
公开(公告)日：2007-07-10
申请号：US10210341
申请日：2002-07-31
申请人： Carl M. Ellison , Stephen H. Dohrmann , Edward C. Epp
发明人： Carl M. Ellison , Stephen H. Dohrmann , Edward C. Epp
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , H04L63/0861
摘要： In one embodiment, a method for sensory verification comprises exchanging at least one data item with a computing unit and selecting a sequence number. Such selection may be accomplished by generation of the sequence number or manual entry by the user. Thereafter, a transformation is periodically performed on the data item, the sequence number and optionally a random value to produce a sequence of values, each value being used to produce a perceivable sensory element for comparison with another sensory element produced by another computing unit.
摘要翻译：在一个实施例中，用于感觉验证的方法包括与计算单元交换至少一个数据项并选择序列号。这种选择可以通过生成用户的序列号或手动输入来实现。此后，对数据项，序列号和可选的随机值周期性地执行变换以产生值序列，每个值用于产生用于与由另一计算单元产生的另一感觉元素进行比较的可感知感觉元素。

30. 发明授权

US07190787B1 Stream cipher having a combiner function with storage based shuffle unit 有权
标题翻译：具有组合器功能的流密码与基于存储的洗牌单元
公开(公告)号：US07190787B1
公开(公告)日：2007-03-13
申请号：US09452329
申请日：1999-11-30
申请人： Gary L. Graunke , Carl M. Ellison
发明人： Gary L. Graunke , Carl M. Ellison
IPC分类号： H04L9/00 , H04K1/00
CPC分类号： H04L9/0662 , H04L2209/20
摘要： A stream cipher is provided with a first and a second data bit generators to generate in parallel a first and a second stream of data bits. The stream cipher is further provided with a combiner function having a shuffling unit including a storage structure to generate a pseudo random sequence, by combining the first stream of data bits with at least stochastically generated past values of the first streams of data bits, generated by using the second stream of data bits to stochastically operate the storage structure of the shuffle unit to memorize and reproduce the data bits of the first stream.
摘要翻译：流密码器具有第一和第二数据位发生器，用于并行生成第一和第二数据位流。流密码还被提供有组合器功能，其具有包括存储结构的混洗单元以产生伪随机序列，通过将第一数据位流与至少随机生成的第一数据位流的过去值组合，由使用第二数据比特流来随机地操作混洗单元的存储结构来存储和再现第一流的数据位。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式