专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080270791A1 Method and Apparatus for Remote Administration of Cryptographic Devices 有权
标题翻译：远程管理加密设备的方法和装置
公开(公告)号：US20080270791A1
公开(公告)日：2008-10-30
申请号：US11769855
申请日：2007-06-28
申请人： Magnus Nystrom , William M. Duane , James Townsend
发明人： Magnus Nystrom , William M. Duane , James Townsend
IPC分类号： H04L9/32
CPC分类号： H04L9/3228 , H04L9/0863 , H04L9/0891 , H04L9/3213 , H04L63/0807 , H04L2209/80
摘要： Techniques are disclosed for performing operations in an authentication token or other cryptographic device in a system comprising an authentication server. In one aspect, a code generated by the authentication server is received in the cryptographic device. The code may have associated therewith information specifying at least one operation to be performed by the cryptographic device. The cryptographic device authenticates the code, and responsive to authentication of the code, performs the specified operation. If the code is not authenticated, the operation is not performed. The code may be determined as a function of a one-time password generated by the authentication server. The function may also take as an input an identifier of the operation to be performed.
摘要翻译：公开了用于在包括认证服务器的系统中的认证令牌或其他密码设备中执行操作的技术。在一个方面，认证服务器生成的代码在密码设备中被接收。代码可以与其相关联地指定要由密码设备执行的至少一个操作的信息。加密设备认证代码，并响应代码的认证，执行指定的操作。如果代码未通过验证，则不执行操作。代码可以被确定为由认证服务器生成的一次性密码的函数。该功能还可以作为要执行的操作的标识符作为输入。

2. 发明申请

US20070127719A1 Efficient management of cryptographic key generations 审中-公开
标题翻译：密码密钥世代的有效管理
公开(公告)号：US20070127719A1
公开(公告)日：2007-06-07
申请号：US10575727
申请日：2004-10-13
申请人： Goran Selander , Fredrik Lindholm , Magnus Nystrom
发明人： Goran Selander , Fredrik Lindholm , Magnus Nystrom
IPC分类号： H04L9/00
CPC分类号： H04L9/0861 , H04L9/0891 , H04L2209/38
摘要： The invention generally relates to management of cryptographic key generations in an information environment comprising a key-producing side generating and distributing key information to a key-consuming side. A basic concept of the invention is to define, by means of a predetermined one-way key derivation function, a relationship between generations of keys such that earlier generations of keys efficiently may be derived from later ones but not the other way around. A basic idea according to the invention is therefore to replace, at key update, key information of an older key generation by the key information of the new key generation on the key-consuming side. Whenever necessary, the key-consuming side iteratively applies the predetermined one-way key derivation function to derive key information of at least one older key generation from the key information of the new key generation. In this way, storage requirements on the key-consuming side can be significantly reduced.
摘要翻译：本发明一般涉及在信息环境中密码密钥世代的管理，包括密钥生成侧生成密钥信息到密钥消耗侧。本发明的基本概念是通过预定的单向密钥导出函数来定义密钥的代数之间的关系，使得早期的密钥有效地可以从后来的密钥导出，而不是相反地导出。因此，根据本发明的基本思想是通过关键消费侧的新密钥生成的密钥信息来代替关键更新时的老密钥生成的密钥信息。只要有必要，关键消费方迭代地应用预定的单向密钥导出函数，从新密钥生成的密钥信息中导出至少一个较旧密钥生成的密钥信息。以这种方式，可以显着减少关键消费方面的存储要求。

3. 发明授权

US09984250B2 Rollback protection for login security policy 有权
公开(公告)号：US09984250B2
公开(公告)日：2018-05-29
申请号：US13531481
申请日：2012-06-22
申请人： Benjamin Nick , Magnus Nystrom , Innokentiy Basmov , Peter Novotney , Michael Grass
发明人： Benjamin Nick , Magnus Nystrom , Innokentiy Basmov , Peter Novotney , Michael Grass
IPC分类号： G06F21/00 , G06F21/62 , G06F21/55
CPC分类号： G06F21/6245 , G06F21/554
摘要： In one embodiment, an encryption system may protect user login metadata from hammering attacks. A data storage 140 may store an integrity protected data set 602 for an operating system in a storage location. A processor 120 may register a counter reading from a remote counter 202 in a secure location 204 separate from the storage location. The processor 120 may determine a lockout state of the integrity protected data set 602 based on the counter reading.

4. 发明申请

US20060041759A1 Password-protection module 有权
标题翻译：密码保护模块
公开(公告)号：US20060041759A1
公开(公告)日：2006-02-23
申请号：US11172378
申请日：2005-06-30
申请人： Burton Kaliski , Magnus Nystrom
发明人： Burton Kaliski , Magnus Nystrom
IPC分类号： H04K1/00
CPC分类号： H04L63/0869 , G06F21/31 , G06F21/445 , H04L63/083
摘要： A method of protecting a password being used to establish interaction between a user and an application includes detecting a request for the password from the application by receiving a notification from the user indicating the request. The method further includes combining the password with information identifying the application, so as to produce a protected password, and authenticating to the application using the protected password. The method may also include a mutual authentication capability between user and the application.
摘要翻译：保护用于建立用户和应用之间的交互的密码的方法包括通过从用户接收指示该请求的通知来检测来自应用的密码请求。该方法还包括将密码与识别应用的信息相结合，以产生受保护的密码，并使用受保护的密码对应用进行认证。该方法还可以包括用户和应用之间的相互认证能力。

5. 发明申请

US20130031374A1 FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS 有权
标题翻译：用于ARM处理器架构和TRUSTZONE安全扩展的基于固件的TRUSTED平台模块
公开(公告)号：US20130031374A1
公开(公告)日：2013-01-31
申请号：US13193945
申请日：2011-07-29
申请人： Stefan Thom , Jeremiah Cox , David Linsley , Magnus Nystrom , Himanshu Raj , David Robinson , Stefan Saroiu , Rob Spiger , Alastair Wolman
发明人： Stefan Thom , Jeremiah Cox , David Linsley , Magnus Nystrom , Himanshu Raj , David Robinson , Stefan Saroiu , Rob Spiger , Alastair Wolman
IPC分类号： G06F21/00
CPC分类号： G06F21/552 , G06F21/46 , G06F21/57 , G06F21/572 , G06F21/575 , G06F21/71 , G06F21/74 , G06F2221/034
摘要： A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.
摘要翻译：基于固件的TPM或fTPM确保安全代码执行被隔离，以防止各种潜在的安全漏洞。与传统的基于硬件的可信平台模块（TPM）不同，在不使用专用安全处理器硬件或硅片的情况下实现隔离。通常，通过从系统固件或固件可访问的存储器或存储器读取fTPM并将其放置在设备的只读受保护的存储器中，fTPM首先在前OS引导环境中实例化。一旦实例化，fTPM就能实现执行隔离，以确保执行安全的代码。更具体地说，将fTPM放置到受保护的只读存储器中，以使设备能够使用诸如ARM®架构的TrustZone™扩展和安全原语（或类似的处理器架构）之类的硬件，从而使基于这种架构的设备提供基于固件的TPM中的安全执行隔离，而不需要对现有设备进行硬件修改。

6. 发明申请

US20080313719A1 Methods and Apparatus for Delegated Authentication 有权
标题翻译：委托认证的方法和设备
公开(公告)号：US20080313719A1
公开(公告)日：2008-12-18
申请号：US11930738
申请日：2007-10-31
申请人： Burton S. Kaliski, JR. , Magnus Nystrom
发明人： Burton S. Kaliski, JR. , Magnus Nystrom
IPC分类号： H04L9/32
CPC分类号： H04L63/0815 , H04L63/0838
摘要： An authentication-delegating service implemented in an authentication server or other processing device is configured to receive a request from a relying party for delegated authentication information associated with a particular user, to determine a level of trust associated with the relying party, and to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. The delegated authentication information has the property that the user can be presently authenticated based on such information. The delegated authentication information may comprise, for example, at least one value derived from a one-time password or other authentication credential of the particular user. The authentication-delegating service may be graded to provide different types of delegated authentication information based on respective levels of trust that may be associated with relying parties.
摘要翻译：在认证服务器或其他处理设备中实现的认证委托服务被配置为从依赖方接收与特定用户相关联的委托认证信息的请求，以确定与依赖方相关联的信任级别，并且提供如果依赖方具有足够的信任级别，则委托认证信息到依赖方，以便允许依赖方根据委托认证信息认证用户。委托的认证信息具有基于这样的信息可以当前认证用户的属性。委派的认证信息可以包括例如从特定用户的一次性密码或其他认证凭证导出的至少一个值。认证委托服务可以被分级以根据可能与依赖方相关联的相应信任级别来提供不同类型的委托认证信息。

7. 发明申请

US20070113294A1 Password Presentation for Multimedia Devices 有权
标题翻译：多媒体设备密码表示
公开(公告)号：US20070113294A1
公开(公告)日：2007-05-17
申请号：US11556506
申请日：2006-11-03
申请人： John Field , Burton Kaliski , Magnus Nystrom , James Townsend
发明人： John Field , Burton Kaliski , Magnus Nystrom , James Townsend
IPC分类号： H04L9/32
CPC分类号： H04L63/083
摘要： A multimedia device or other type of processing device comprises a memory, a processor coupled to the memory, and playback circuitry coupled to the processor. In one aspect, the processor is operative to control the storage in the memory of at least one multimedia file containing a one-time password or other type of password, where the password is generated externally to the processing device, and to control the playback of the multimedia file via the playback circuitry to make the password apparent to or otherwise accessible to an associated user or other entity. The multimedia file may comprise, for example, an audio file, with the password being presented to the user in an audible form upon playback of the audio file. As another example, the multimedia file may comprise a video file, with the password being presented to the user in a visible form upon playback of the video file.
摘要翻译：多媒体设备或其他类型的处理设备包括存储器，耦合到存储器的处理器以及耦合到处理器的回放电路。在一个方面，处理器可操作以控制存储器中的至少一个多媒体文件的存储，所述至少一个多媒体文件包含一次性密码或其他类型的密码，其中密码在处理设备外部产生，并且控制播放所述多媒体文件经由所述重放电路使得所述密码对相关联的用户或其他实体显而易见或以其他方式可访问。多媒体文件可以包括例如音频文件，其中在回放音频文件时以可听形式向用户呈现密码。作为另一示例，多媒体文件可以包括视频文件，其中在回放视频文件时以可见形式向用户呈现密码。

8. 发明申请

US20060177056A1 Secure seed generation protocol 有权
标题翻译：安全的种子生成协议
公开(公告)号：US20060177056A1
公开(公告)日：2006-08-10
申请号：US10549542
申请日：2004-07-09
申请人： Peter Rostin , Magnus Nystrom , William Duane
发明人： Peter Rostin , Magnus Nystrom , William Duane
IPC分类号： H04L9/28 , H04L9/00 , H04K1/00
CPC分类号： H04L9/3234 , H04L9/06 , H04L9/0869 , H04L9/3242 , H04L9/3271 , H04L63/061 , H04L63/0823 , H04L63/0853 , H04L2209/20 , H04L2209/56 , H04L2209/80
摘要： Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at leas the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string an the second string.
摘要翻译：利用由种子生成客户端（110c）和种子生成服务器（110s）执行的种子生成协议，用于安全地生成用于执行一个或多个密码操作的种子的技术。种子生成服务器（110s）向种子生成客户端（110c）提供第一串。种子生成客户端（110c）生成第二串，利用密钥（216）加密第二串，并将加密的第二串发送到种子生成服务器（110s）。种子生成客户端（110c）根据第一串和第二串的函数产生种子。种子生成服务器（110s）对加密的第二串（222）进行解密，并且独立地生成作为第二串的至少第一串的函数的种子。

9. 发明申请

US20130346757A1 ROLLBACK PROTECTION FOR LOGIN SECURITY POLICY 有权
标题翻译：滚动保护登录安全策略
公开(公告)号：US20130346757A1
公开(公告)日：2013-12-26
申请号：US13531481
申请日：2012-06-22
申请人： Benjamin Nick , Magnus Nystrom , Innokentiy Basmov , Peter Novotney , Micheal Grass
发明人： Benjamin Nick , Magnus Nystrom , Innokentiy Basmov , Peter Novotney , Micheal Grass
IPC分类号： G06F21/00
CPC分类号： G06F21/6245 , G06F21/554
摘要： In one embodiment, an encryption system may protect user login metadata from hammering attacks. A data storage 140 may store an integrity protected data set 602 for an operating system in a storage location. A processor 120 may register a counter reading from a remote counter 202 in a secure location 204 separate from the storage location. The processor 120 may determine a lockout state of the integrity protected data set 602 based on the counter reading.
摘要翻译：在一个实施例中，加密系统可以保护用户登录元数据免受锤击攻击。数据存储器140可以将存储位置中的操作系统的完整性保护数据集602存储。处理器120可以从与存储位置分开的安全位置204中的远程计数器202注册计数器读取。处理器120可以基于计数器读数来确定完整性保护数据集602的锁定状态。

10. 发明授权

US08375221B1 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions 有权
标题翻译：基于固件的信任平台模块，用于ARM处理器架构和信任域安全扩展
公开(公告)号：US08375221B1
公开(公告)日：2013-02-12
申请号：US13193945
申请日：2011-07-29
申请人： Stefan Thom , Jeremiah Cox , David Linsley , Magnus Nystrom , Himanshu Raj , David Robinson , Stefan Saroiu , Rob Spiger , Alastair Wolman
发明人： Stefan Thom , Jeremiah Cox , David Linsley , Magnus Nystrom , Himanshu Raj , David Robinson , Stefan Saroiu , Rob Spiger , Alastair Wolman
IPC分类号： G06F11/30 , G06F7/04
CPC分类号： G06F21/552 , G06F21/46 , G06F21/57 , G06F21/572 , G06F21/575 , G06F21/71 , G06F21/74 , G06F2221/034
摘要： A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.
摘要翻译：基于固件的TPM或fTPM确保安全代码执行被隔离，以防止各种潜在的安全漏洞。与传统的基于硬件的可信平台模块（TPM）不同，在不使用专用安全处理器硬件或硅片的情况下实现隔离。通常，通过从系统固件或固件可访问的存储器或存储器读取fTPM并将其放置在设备的只读受保护的存储器中，fTPM首先在前OS引导环境中实例化。一旦实例化，fTPM就能实现执行隔离，以确保执行安全的代码。更具体地说，将fTPM放置到受保护的只读存储器中，以使设备能够使用诸如ARM®架构的TrustZone™扩展和安全原语（或类似的处理器架构）之类的硬件，从而使基于这种架构的设备提供基于固件的TPM中的安全执行隔离，而不需要对现有设备进行硬件修改。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式