会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 6. 发明授权
    • Method and apparatus for providing interoperability between key recovery and non-key recovery systems
    • US06535607B1
    • 2003-03-18
    • US09184002
    • 1998-11-02
    • Coimbatore S. ChandersekaranRosario GennaroSarbari GuptaStephen M. Matyas, Jr.David R. SaffordNevenko Zunic
    • Coimbatore S. ChandersekaranRosario GennaroSarbari GuptaStephen M. Matyas, Jr.David R. SaffordNevenko Zunic
    • H04L900
    • H04L9/0841H04L9/0894
    • A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key K′ and a key recovery block KRB generated on the first key K′. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key K′ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key K′. A third key X, generated as a one-way function of the first key K′ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys K′, K. The key recovery block KRB, the encrypted XOR product e(X, Y) and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the third key X from the first key K′ and the key recovery block KRB, decrypting the XOR product Y using the regenerated third key X, and recombining the XOR product Y with the first key K″ to regenerate the second key K. In a third embodiment, an integrity value is computed on a key K and its key recovery block KRB. The integrity value and the key K are encrypted to form an encrypted portion of a key exchange block KEB, while the key recovery block KRB is put in an unencrypted portion of the key exchange block KEB, which is sent along with the encrypted data e(K, data) to the receiver. The receiver decrypts the encrypted portion, recomputes the integrity value and compares it with the received integrity value. Only if the two integrity values compare is the key K extracted and used to decrypt the data.
    • 9. 发明授权
    • Method and system for bootstrapping a trusted server having redundant trusted platform modules
    • 用于引导具有冗余可信平台模块的可信服务器的方法和系统
    • US08055912B2
    • 2011-11-08
    • US12621524
    • 2009-11-19
    • Steven A. BadeLinda Nancy BetzAndrew Gregory KegelDavid R. SaffordLeendert Peter Van Doorn
    • Steven A. BadeLinda Nancy BetzAndrew Gregory KegelDavid R. SaffordLeendert Peter Van Doorn
    • G06F11/30
    • G06F21/575
    • Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.
    • 以冗余的方式使用数据处理系统内的多个可信任的平台模块,其提供用于安全地存储用于引导系统可信平台模块的休息处的秘密数据的可靠机制。 管理程序请求每个可信平台模块加密秘密数据的副本,从而生成加密的秘密数据值的多个版本,然后存储在可信平台内的非易失性存储器中。 在稍后的时间点,加密的秘密数据值由执行先前加密的可信任平台模块进行解密,然后进行比较。 如果解密值中的任何一个与比较操作中的值的数量不匹配,则用于非匹配解密值的相应的可信平台模块被指定为有缺陷的,因为它不能正确解密之前加密的值 。