专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2011006997A1 SYSTEM AND METHOD FOR PROVIDING SECURE VIRTUAL MACHINES 审中-公开
标题翻译：用于提供安全虚拟机的系统和方法
公开(公告)号：WO2011006997A1
公开(公告)日：2011-01-20
申请号：PCT/EP2010/060341
申请日：2010-07-16
申请人： ALCATEL LUCENT , BOSCH, Peter , KOLESNIKOV, Vladimir , MULLENDER, Sape , McKIE, Jim , DOBBELAERE, Philippe , McLELLAN, Hubert
发明人： BOSCH, Peter , KOLESNIKOV, Vladimir , MULLENDER, Sape , McKIE, Jim , DOBBELAERE, Philippe , McLELLAN, Hubert
IPC分类号： G06F21/00
CPC分类号： G06F21/53 , G06F21/572
摘要： The present invention provides improved security in a virtual machine. By extending the capabilities of modern secure processors, privacy of computation is provided from both the owner of the equipment and other users executing on the processor, which is an advantageous feature for rentable, secure computers. In addition to the hardware extensions required to secure a virtualizable computer, an infrastructure for the deployment of such processors is also provided. Furthermore, a signaling flow to establish the various relationships between the owner, user and manufacturer of the equipment is disclosed.
摘要翻译：本发明提供了虚拟机中的改进的安全性。通过扩展现代安全处理器的能力，计算的隐私由设备的所有者和在处理器上执行的其他用户提供，这是可出租，安全的计算机的有利特征。除了安装可虚拟化计算机所需的硬件扩展之外，还提供了用于部署这种处理器的基础设施。此外，公开了建立设备的所有者，用户和制造商之间的各种关系的信令流。

2. 发明申请

WO2011067139A1 SYSTEM AND METHOD FOR ACCESSING PRIVATE DIGITAL CONTENT 审中-公开
标题翻译：用于访问私有数字内容的系统和方法
公开(公告)号：WO2011067139A1
公开(公告)日：2011-06-09
申请号：PCT/EP2010/068027
申请日：2010-11-23
申请人： ALCATEL LUCENT , BOSCH, Peter , KOLESNIKOV, Vladimir , MULLENDER, Sape , DAENEN, Koen
发明人： BOSCH, Peter , KOLESNIKOV, Vladimir , MULLENDER, Sape , DAENEN, Koen
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L63/06 , H04L9/0838 , H04L9/3215 , H04L9/3263 , H04L63/0823 , H04L63/166 , H04L2209/60
摘要： Method for providing access to private digital content installed on a content server C (s), wherein a content manager server C (a) has a number of clients potentially interested in the private content; the method comprising the following steps performed at the content management server C (a) : establishing a first communication channel with a client C (b) of the number of clients; receiving a query for private digital content from the client C (b) and sending an appropriate response, causing the client to establish a second communication channel with the content server; establishing a secure session with the content server C (s) over the first and second communication channel; establishing a new session key for the secure session and transmitting said new session key to the client C (b), so that the client can obtain the queried private digital content from the content server as if the client is the content management server.
摘要翻译：用于提供对安装在内容服务器C上的私人数字内容的访问的方法，其中内容管理器服务器C（a）具有可能对私人内容感兴趣的客户端数量; 该方法包括在内容管理服务器C（a）执行的以下步骤：与客户端数量的客户端C（b）建立第一通信信道; 从客户端C（b）接收私人数字内容的查询并发送适当的响应，使客户端与内容服务器建立第二通信信道; 在所述第一和第二通信信道上建立与所述内容服务器C的安全会话; 建立用于安全会话的新会话密钥并将所述新的会话密钥发送到客户端C（b），使得客户端可以从内容服务器获得查询的私人数字内容，就像客户端是内容管理服务器一样。

3. 发明申请

WO2010024874A2 MESSAGE AUTHENTICATION CODE PRE-COMPUTATION WITH APPLICATIONS TO SECURE MEMORY 审中-公开
标题翻译：消息认证码使用应用程序预先计算以确保存储器安全
公开(公告)号：WO2010024874A2
公开(公告)日：2010-03-04
申请号：PCT/US2009/004820
申请日：2009-08-25
申请人： ALCATEL-LUCENT USA INC. , GARAY, Juan, A. , KOLESNIKOV, Vladimir , MCLELLAN, Hubert, Rae
发明人： GARAY, Juan, A. , KOLESNIKOV, Vladimir , MCLELLAN, Hubert, Rae
IPC分类号： H04L9/32
CPC分类号： G06F21/71 , H04L9/0631 , H04L9/0643 , H04L9/3242
摘要： A method comprising the steps of creating a random permutation of data from a data input by executing at least one of a Pseudo-Random Permutation (PRP) and a Pseudo-Random Function (PRF), creating a first data block by combining the random permutation of data with a received second data block and executing an ε-differentially uniform function on the result of the combination, XORing the result of the ε-DU function evaluation with a secret key, and reducing the first data block to a first message authentication code.
摘要翻译：包括以下步骤的方法：通过执行伪随机置换（PRP）和伪随机函数（PRF）中的至少一个来从数据输入创建数据的随机置换;创建通过将数据的随机置换与接收到的第二数据块进行组合，并对组合的结果执行ε-差分均匀函数，将ε-DU函数估计的结果与秘密密钥进行异或，以及将第一数据块的第一数据块添加到第一个消息认证码。

4. 发明申请

WO2010138473A1 A METHOD OF EFFICIENT SECURE FUNCTION EVALUATION USING RESETTABLE TAMPER-RESISTANT HARDWARE TOKENS 审中-公开
标题翻译：一种使用可复位的抗摔机硬件功能的高效安全功能评估方法
公开(公告)号：WO2010138473A1
公开(公告)日：2010-12-02
申请号：PCT/US2010/036009
申请日：2010-05-25
申请人： ALCATEL-LUCENT USA INC. , KOLESNIKOV, Vladimir
发明人： KOLESNIKOV, Vladimir
IPC分类号： G06F21/00
CPC分类号： G06F21/606 , H04L9/0662 , H04L9/0897 , H04L9/3234 , H04L9/3271 , H04L2209/50
摘要： An embodiment of the present invention provides a computer implemented method for the transfer of private information of one user to another user — a primitive known as Oblivious Transfer. An output from a strong pseudorandom function generation (SPRFG) is calculated by a first user's computing module based on first and second parameters: the first parameter specifying one of two secret keys; the second parameter being a value selected within the domain of the SPRFG by the first user. The first user is prevented from reading or learning the stored two secret keys. The output is transmitted to a computer of a second user which generates first and second encrypted values that are each based on an inverse SPRFG calculation using the first and second secret keys, respectively, and corresponding private values of the second user. The encrypted values are sent to a first computer of the first user that calculates one of the private values using a mathematical computation based on the second parameter and the one of the first and second encrypted values that corresponds to the one of the first and second key used.
摘要翻译：本发明的一个实施例提供了一种用于将一个用户的私人信息传送给另一用户的计算机实现的方法 - 被称为“生存转移”的原语。来自强伪随机函数生成（SPRFG）的输出由第一用户的计算模块基于第一和第二参数计算：第一参数指定两个秘密密钥之一; 第二参数是由第一用户在SPRFG的域内选择的值。阻止第一用户阅读或学习所存储的两个秘密密钥。输出被发送到第二用户的计算机，其产生分别基于使用第一和第二秘密密钥的反向SPRFG计算以及第二用户的对应私有值的第一和第二加密值。将加密的值发送到第一用户的第一计算机，该第一计算机使用基于第二参数的数学计算和与第一和第二密钥中的一个对应的第一和第二加密值中的一个来计算私有值之一用过的。

5. 发明申请

WO2013015910A1 SOFTWARE RUN-TIME PROVENANCE 审中-公开
标题翻译：软件运行时间
公开(公告)号：WO2013015910A1
公开(公告)日：2013-01-31
申请号：PCT/US2012/043064
申请日：2012-06-19
申请人： ALCATEL LUCENT , MC LELLAN, Hubert, R. , KOLESNIKOV, Vladimir
发明人： MC LELLAN, Hubert, R. , KOLESNIKOV, Vladimir
IPC分类号： G06F21/00
CPC分类号： G06F21/575
摘要： An executing first computing module verifies the run-time provenance of an unverified second computing module. A signed certificate identifying an author of the second computing module is received at the first computing module. An association between the signed certificate and the second computing module is verified. A first provenance certificate and associated private key signed by the first computing module and identifying a runtime provenance of the second computing module is then generated, and the first provenance certificate is published to the second computing module. A chain of signed certificates, including provenance certificates and a static identification certificates, can be published. Each provenance certificate in the chain verifies the integrity of a layer of execution, and the plurality of static identification certificates identifies a respective author of the computing module associated with each layer of software. The provenance of the second computing module can be recursively traced through the published chain of certificates.
摘要翻译：执行的第一计算模块验证未验证的第二计算模块的运行时间来源。在第一计算模块处接收识别第二计算模块的作者的签名证书。验证签名证书和第二计算模块之间的关联。然后生成由第一计算模块签名并识别第二计算模块的运行时源的第一来源证书和相关联的私钥，并且将第一来源证书发布到第二计算模块。可以发布一系列签名证书，包括出货凭证和静态认证证书。链中的每个来源证书验证执行层的完整性，并且多个静态识别证书识别与每层软件相关联的计算模块的相应作者。第二个计算模块的来源可以通过发布的证书链递归地追踪。

6. 发明申请

WO2011068719A1 EMBEDDED SFE: OFFLOADING SERVER AND NETWORK USING HARDWARE TOKEN 审中-公开
标题翻译：嵌入式SFE：使用硬件TOKEN卸载服务器和网络
公开(公告)号：WO2011068719A1
公开(公告)日：2011-06-09
申请号：PCT/US2010/057769
申请日：2010-11-23
申请人： ALCATEL-LUCENT USA INC. , KOLESNIKOV, Vladimir
发明人： KOLESNIKOV, Vladimir
IPC分类号： H04L9/08
CPC分类号： G09C1/00 , H04L9/0838 , H04L9/0877 , H04L9/3234 , H04L2209/12 , H04L2209/56
摘要： An improved secure transaction system for facilitating secure transactions between devices in a network is set forth. The system includes a first device. A secure agent, adapted for encrypting and delivering a message on behalf of the first device, is provided. The secure agent has a secret key drawn at random from a large domain embedded in the agent by the first device. A second device, adapted to obtain the message, based on a session ID, from the secure agent, is provided. The second device can selectively test the truth of a corresponding message from the agent, based on querying of the first device. The testing is unknown and unpredictable to the secure agent during the transaction. In this manner, the first device and agent are kept separate to deter cheating.
摘要翻译：阐述了一种改进的安全交易系统，用于促进网络中设备之间的安全交易。该系统包括第一设备。提供了适于代表第一设备加密和传递消息的安全代理。安全代理具有由第一设备从代理中嵌入的大域中随机绘制的秘密密钥。提供了一种适于从安全代理获得基于会话ID的消息的第二设备。第二设备可以基于对第一设备的查询来选择性地测试来自代理的对应消息的真实性。在交易过程中，安全代理程序的测试是未知的和不可预知的。以这种方式，第一设备和代理被保持分开以阻止作弊。

7. 发明申请

WO2011005569A2 EFFICIENT KEY MANAGEMENT SYSTEM AND METHOD 审中-公开
标题翻译：有效的密钥管理系统和方法
公开(公告)号：WO2011005569A2
公开(公告)日：2011-01-13
申请号：PCT/US2010/039647
申请日：2010-06-23
申请人： ALCATEL-LUCENT USA INC. , KOLESNIKOV, Vladimir , GURBANI, Vijay
发明人： KOLESNIKOV, Vladimir , GURBANI, Vijay
IPC分类号： H04L29/06
CPC分类号： H04L63/061 , H04L9/083 , H04L63/18 , H04L65/1006 , H04L65/105 , H04L2209/76
摘要： A system for providing cost effective, secure key exchange from at least one first device to at least one second device through at least one proxy server is provided. The system includes a first key exchange message from the at least one first device to the at least one second device via the at least one proxy server. A second key exchange message from the at least one second device to the at least one first device via a media stream of the Internet is required to complete the computation of the session key. A method of securing a communication system is also set forth. The method includes the steps of providing a routing device for identifying a subscriber, and providing a master key exchange session, the master key exchange session including a key k to find a subscriber and a nonce r to answer a query to the subscriber, wherein the master key exchange session includes both the key k and the nonce r.
摘要翻译：提供了一种用于通过至少一个代理服务器从至少一个第一设备向至少一个第二设备提供成本有效的安全密钥交换的系统。该系统包括经由至少一个代理服务器从至少一个第一设备到至少一个第二设备的第一密钥交换消息。需要经由互联网的媒体流从至少一个第二设备到至少一个第一设备的第二密钥交换消息来完成对话密钥的计算。还提出了一种保护通信系统的方法。该方法包括以下步骤：提供用于识别订户的路由设备，以及提供主密钥交换会话，所述主密钥交换会话包括密钥k以找到订户并且随机地向订户回答查询，其中所述主密钥交换会话包括密钥k和随机数r。

8. 发明申请

WO2003032133A2 DISTRIBUTED SECURITY ARCHITECTURE FOR STORAGE AREA NETWORKS (SAN) 审中-公开
标题翻译：存储区域网络的分布式安全体系结构（SAN）
公开(公告)号：WO2003032133A2
公开(公告)日：2003-04-17
申请号：PCT/CA2002/001518
申请日：2002-10-11
申请人： KASTEN CHASE APPLIED RESEARCH LTD. , MURTY, Kumar , KOLESNIKOV, Vladimir , THANOS, Daniel
发明人： MURTY, Kumar , KOLESNIKOV, Vladimir , THANOS, Daniel
IPC分类号： G06F1/00
CPC分类号： H04L63/0428 , H04L9/0894 , H04L63/0823
摘要： The invention relates to a method of transferring data between a host computer server and a secure network storage system via a data transfer architecture. The secure network storage system has a plurality of storage devices for storage of the data. The method comprises (a) authenticating the host computer server with a security system associated with the secure network storage system; (b) obtaining a storage key from the security system after authentication; and (c) performing an encryption/decryption operation comprising at least one of (i) encrypting and storing data on the secure network storage system, and (ii) retrieving and decrypting data stored on the secure network storage system.
摘要翻译：本发明涉及一种通过数据传输体系结构在主计算机服务器和安全网络存储系统之间传输数据的方法。安全网络存储系统具有用于存储数据的多个存储设备。该方法包括（a）用与安全网络存储系统相关联的安全系统认证主机服务器; （b）在认证之后从安全系统获得存储密钥; 和（c）执行加密/解密操作，该加密/解密操作包括以下中的至少一个：（i）在所述安全网络存储系统上加密和存储数据，以及（ii）检索和解密存储在所述安全网络存储系统上的数据。

9. 发明申请

WO2014105568A1 CAPABILITY-BASED COMMUNICATIONS 审中-公开
标题翻译：基于能力的通信
公开(公告)号：WO2014105568A1
公开(公告)日：2014-07-03
申请号：PCT/US2013/076150
申请日：2013-12-18
申请人： ALCATEL LUCENT
发明人： BRUNS, Glenn, R. , KOLESNIKOV, Vladimir
IPC分类号： H04L12/58 , H04L29/06
CPC分类号： H04L51/12 , H04L51/28 , H04L63/02 , H04L63/0263
摘要： A capability-based communication mechanism is provided for controlling delivery of messages. A capability-based address is an address having one or more capability parameters associated therewith, where the one or more capability parameters associated with the capability-based address may be used to control delivery of messages to the capability-based address. A user or entity requests a capability-based address from a communication service provider. The communication service provider provides a capability-based address to the user or entity. The user or entity provides the capability-based address to one or more other users or entities. The delivery of messages to the user or entity with which the capability-based address is associated is controlled based on the one or more capability parameters associated with the capability-based address of the user or entity.
摘要翻译：提供基于能力的通信机制来控制消息的传递。基于能力的地址是具有与其相关联的一个或多个能力参数的地址，其中与基于能力的地址相关联的一个或多个能力参数可以用于控制消息到基于能力的地址的传递。用户或实体从通信服务提供商请求基于能力的地址。通信服务提供商向用户或实体提供基于能力的地址。用户或实体向一个或多个其他用户或实体提供基于能力的地址。基于与用户或实体的基于能力的地址相关联的一个或多个能力参数来控制向与该基于能力的地址相关联的用户或实体的消息的传送。

10. 发明申请

WO2014107222A2 METHOD AND APPARATUS FOR RESILIENT END-TO-END MASSAGE PROTECTION FOR LARGE-SCALE CYBER-PHYSICAL SYSTEM COMMUNICATIONS 审中-公开
标题翻译：用于大规模的体格系统通信的终端按摩保护的方法和装置
公开(公告)号：WO2014107222A2
公开(公告)日：2014-07-10
申请号：PCT/US2013/067372
申请日：2013-10-30
申请人： ALCATEL LUCENT
发明人： KIM, Young, Jin , KOLESNIKOV, Vladimir , THOTTAN, Marina, K.
IPC分类号： H04L9/08
CPC分类号： H04L9/0869 , H04L9/32 , H04L9/3213 , H04L9/3236 , H04L9/3297 , H04L63/065 , H04L63/0807 , H04L63/0884 , H04L63/126 , H04L2463/061
摘要： To address the security requirements for cyber-physical systems, embodiments of the present invention include a resilient end-to-end message protection framework, termed Resilient End- to End Message Protection or REMP, exploiting the notion of the long-term key that is given on per node basis. This long term key is assigned during the node authentication phase and is subsequently used to derive encryption keys from a random number per-message sent. Compared with conventional schemes, REMP improves privacy, message authentication, and key exposure, and without compromising scalability and end-to-end security. The tradeoff is a slight increase in computation time for message decryption and message authentication.
摘要翻译：为了解决网络物理系统的安全要求，本发明的实施例包括弹性的端对端消息保护框架，称为弹性端到端消息保护或REMP，利用长期密钥的概念以每个节点为基础。这个长期密钥在节点认证阶段被分配，随后用于从发送的每个消息的随机数中导出加密密钥。与常规方案相比，REMP可以改善隐私，消息身份验证和密钥曝光，并且不会影响可扩展性和端到端的安全性。权衡是消息解密和消息认证的计算时间略有增加。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式