专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080148388A1 Platform authentication via a transparent second factor 有权
标题翻译：平台认证通过透明的第二个因素
公开(公告)号：US20080148388A1
公开(公告)日：2008-06-19
申请号：US11586283
申请日：2006-10-25
申请人： David R. Wooten , Erik Holt , Stefan Thom , Tony Ureche , Dan Sledz , Douglas M. Maclver
发明人： David R. Wooten , Erik Holt , Stefan Thom , Tony Ureche , Dan Sledz , Douglas M. Maclver
IPC分类号： G06F21/00 , G06F12/14
CPC分类号： G07F7/1008 , G06F21/34 , G06F21/575 , G06Q20/3415 , G06Q20/3563 , G06Q20/388 , G06Q20/40 , G06Q20/409
摘要： Firmware of a system is configured to allow secondary devices, such as a smart card, to be used for authentication. In an example embodiment, the secondary device is a CCID smart card in compliance with the ISO 7816 specification. The smart card is inserted into a card reader coupled to the system prior to booting the system. The firmware comprises an emulator and driver configured to allow authentication information from the smart card to be utilized to allow execution of the boot process. In an example embodiment, the smart card comprises external keys for use with BITLOCKER™. The secondary device is compatible with systems implementing a BIOS and with systems implementing EFI. Authentication also can be accomplished via devices that do not provide data storage, such as a biometric device or the like.
摘要翻译：系统的固件被配置为允许诸如智能卡的辅助设备用于认证。在示例实施例中，辅助设备是符合ISO 7816规范的CCID智能卡。在引导系统之前，将智能卡插入耦合到系统的读卡器。固件包括仿真器和驱动器，其被配置为允许来自智能卡的认证信息被用于允许执行引导过程。在示例实施例中，智能卡包括用于与BITLOCKER TM一起使用的外部键。辅助设备与实施BIOS的系统以及实施EFI的系统兼容。认证也可以通过不提供数据存储的设备来实现，例如生物测定设备等。

2. 发明授权

US08296841B2 Trusted platform module supported one time passwords 有权
标题翻译：可信平台模块支持一次密码
公开(公告)号：US08296841B2
公开(公告)日：2012-10-23
申请号：US12606414
申请日：2009-10-27
申请人： Stefan Thom , Erik Holt
发明人： Stefan Thom , Erik Holt
IPC分类号： G06F21/00
CPC分类号： G06F21/34
摘要： A Trusted Platform Module (TPM) can be utilized to implement One Time Password (OTP) mechanisms. One or more delegation blobs can be created by the TPM and the delegation authentication values of the delegation blobs can be based on the version number of the delegation blobs. A data blob with a protected secret can comprise a pointer to the delegation table of the TPM. The version number can be provided to an authority from which an OTP (a delegation authentication value) can be received. The OTP can be utilized to gain access to the secret and an authentication value of the key blob, which can be utilized to increase the version number of all associated delegation blobs. Policy limitations can be associated with the delegation blobs and can be enforced by policy enforcement mechanisms that can reference the TPM tick counter to enforce temporal policy restrictions.
摘要翻译：可信平台模块（TPM）可用于实施一次性密码（OTP）机制。 TPM可以创建一个或多个委托库，委托库的委派验证值可以基于委托库的版本号。具有受保护秘密的数据库可以包括指向TPM的委托表的指针。版本号可以提供给可以从其接收OTP（授权认证值）的机构。可以利用OTP来访问密钥，并且可以利用该密钥的认证值来增加所有关联的委托库的版本号。政策限制可以与授权blob相关联，并且可以通过策略执行机制来实施，该机制可以引用TPM tick计数器来执行时间策略限制。

3. 发明授权

US08418259B2 TPM-based license activation and validation 有权
标题翻译：基于TPM的许可证激活和验证
公开(公告)号：US08418259B2
公开(公告)日：2013-04-09
申请号：US12652094
申请日：2010-01-05
申请人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
发明人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
IPC分类号： G06F7/04
CPC分类号： G06F21/10 , G06F2221/0704
摘要： A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.
摘要翻译：可信激活许可证（TAL）可以由可信平台模块（TPM）特有的密钥组成，并且识别与具有该TPM的计算设备捆绑的软件应用的信息。为了激活软件应用程序，可以将TAL中的识别信息与正在激活的软件应用程序的识别信息进行比较，并将TAL中唯一的TPM密钥与激活正在进行的计算设备上的TPM密钥进行比较地点。随后的验证可以基于TAL和认证身份密钥（AIK）之间的保护关联，该密钥可以由TPM作为激活步骤的一部分生成。可选地，可以在验证期间周期性地改变TPM的平台配置寄存器（PCR），以防止使用一个TPM来在多个计算设备上进行验证。

4. 发明申请

US20100082987A1 TRANSPARENT TRUST VALIDATION OF AN UNKNOWN PLATFORM 有权
标题翻译：不明确的平台的透明信任验证
公开(公告)号：US20100082987A1
公开(公告)日：2010-04-01
申请号：US12241496
申请日：2008-09-30
申请人： Stefan Thom , Shon Eizenhoefer , Erik Holt , Yash Ashok Kumar Gandhi
发明人： Stefan Thom , Shon Eizenhoefer , Erik Holt , Yash Ashok Kumar Gandhi
IPC分类号： H04L9/32
CPC分类号： G06F21/34 , G06F2221/2129
摘要： A transparent trust validation of an unknown platform can be performed by communicationally coupling it to a trusted device, such as a portable peripheral device carried by a user, or one or more remote computing devices. Information from the unknown platform can be obtained by boot code copied to it from the trusted device and such information can be validated by the trusted device. The trusted device can then provide an encrypted version of decryption key to the boot code which can request the Trusted Platform Module (TPM) of the unknown platform to decrypt and return the decryption key. If the information originally obtained from the unknown platform and validated by the trusted device was authentic, the TPM will be able to provide the decryption key to the boot code, enabling it to decrypt an encrypted volume comprising applications, operating systems or other components.
摘要翻译：可以通过将其通信地耦合到诸如用户携带的便携式外围设备或一个或多个远程计算设备的可信设备来执行未知平台的透明信任验证。来自未知平台的信息可以通过从可信设备复制到其中的引导代码获得，并且这样的信息可以由受信任的设备验证。可信设备然后可以向引导代码提供解密密钥的加密版本，该引导代码可以请求未知平台的可信平台模块（TPM）来解密并返回解密密钥。如果最初从未知平台获得并由可信设备验证的信息是真实的，则TPM将能够向引导代码提供解密密钥，使其能够解密包括应用，操作系统或其他组件的加密卷。

5. 发明申请

US20110099625A1 TRUSTED PLATFORM MODULE SUPPORTED ONE TIME PASSWORDS 有权
标题翻译：支持的一次性平台模块
公开(公告)号：US20110099625A1
公开(公告)日：2011-04-28
申请号：US12606414
申请日：2009-10-27
申请人： Stefan Thom , Erik Holt
发明人： Stefan Thom , Erik Holt
IPC分类号： G06F21/00
CPC分类号： G06F21/34
摘要： A Trusted Platform Module (TPM) can be utilized to implement One Time Password (OTP) mechanisms. One or more delegation blobs can be created by the TPM and the delegation authentication values of the delegation blobs can be based on the version number of the delegation blobs. A data blob with a protected secret can comprise a pointer to the delegation table of the TPM. The version number can be provided to an authority from which an OTP (a delegation authentication value) can be received. The OTP can be utilized to gain access to the secret and an authentication value of the key blob, which can be utilized to increase the version number of all associated delegation blobs. Policy limitations can be associated with the delegation blobs and can be enforced by policy enforcement mechanisms that can reference the TPM tick counter to enforce temporal policy restrictions.
摘要翻译：可信平台模块（TPM）可用于实施一次性密码（OTP）机制。 TPM可以创建一个或多个委托库，委托库的委派验证值可以基于委托库的版本号。具有受保护秘密的数据库可以包括指向TPM的委托表的指针。版本号可以提供给可以从其接收OTP（授权认证值）的机构。可以利用OTP来访问密钥，并且可以利用该密钥的认证值来增加所有关联的委托库的版本号。政策限制可以与授权blob相关联，并且可以通过策略执行机制来实施，该机制可以引用TPM tick计数器来执行时间策略限制。

6. 发明授权

US08127146B2 Transparent trust validation of an unknown platform 有权
标题翻译：对未知平台的透明信任验证
公开(公告)号：US08127146B2
公开(公告)日：2012-02-28
申请号：US12241496
申请日：2008-09-30
申请人： Stefan Thom , Shon Eizenhoefer , Erik Holt , Yash Ashok Kumar Gandhi
发明人： Stefan Thom , Shon Eizenhoefer , Erik Holt , Yash Ashok Kumar Gandhi
IPC分类号： H04L9/00
CPC分类号： G06F21/34 , G06F2221/2129
摘要： A transparent trust validation of an unknown platform can be performed by communicationally coupling it to a trusted device, such as a portable peripheral device carried by a user, or one or more remote computing devices. Information from the unknown platform can be obtained by boot code copied to it from the trusted device and such information can be validated by the trusted device. The trusted device can then provide an encrypted version of decryption key to the boot code which can request the Trusted Platform Module (TPM) of the unknown platform to decrypt and return the decryption key. If the information originally obtained from the unknown platform and validated by the trusted device was authentic, the TPM will be able to provide the decryption key to the boot code, enabling it to decrypt an encrypted volume comprising applications, operating systems or other components.
摘要翻译：可以通过将其通信地耦合到诸如用户携带的便携式外围设备或一个或多个远程计算设备的可信设备来执行未知平台的透明信任验证。来自未知平台的信息可以通过从可信设备复制到其中的引导代码获得，并且这样的信息可以由受信任的设备验证。可信设备然后可以向引导代码提供解密密钥的加密版本，该引导代码可以请求未知平台的可信平台模块（TPM）来解密并返回解密密钥。如果最初从未知平台获得并由可信设备验证的信息是真实的，则TPM将能够向引导代码提供解密密钥，使其能够解密包括应用，操作系统或其他组件的加密卷。

7. 发明申请

US20110167503A1 TPM-BASED LICENSE ACTIVATION AND VALIDATION 有权
标题翻译：基于TPM的许可证激活和验证
公开(公告)号：US20110167503A1
公开(公告)日：2011-07-07
申请号：US12652094
申请日：2010-01-05
申请人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
发明人： Mikael Horal , Hakki Tunc Bostanci , Vandana Gunupudi , Ning Zhang , Scott Daniel Anderson , Stefan Thom , Erik Holt
IPC分类号： G06F21/22
CPC分类号： G06F21/10 , G06F2221/0704
摘要： A Trusted Activation License (TAL) can be comprised of a key unique to a Trusted Platform Module (TPM) and identifying information of the software applications bundled with the computing device having that TPM. To activate the software applications, the identifying information in the TAL can be compared against that of the software applications being activated, and the unique TPM key in the TAL can be compared against that of the TPM on the computing device on which the activation is taking place. Subsequent validations can be based on a protected association between the TAL and an Attestation Identity Key (AIK) that can be generated by the TPM as part of the activation step. Optionally, Platform Configuration Registers (PCRs) of the TPM can be periodically changed during validation to protect against useage of one TPM for validations on multiple computing devices.
摘要翻译：可信激活许可证（TAL）可以由可信平台模块（TPM）特有的密钥组成，并且识别与具有该TPM的计算设备捆绑的软件应用的信息。为了激活软件应用程序，可以将TAL中的识别信息与正在激活的软件应用程序的识别信息进行比较，并将TAL中唯一的TPM密钥与激活正在进行的计算设备上的TPM密钥进行比较地点。随后的验证可以基于TAL和认证身份密钥（AIK）之间的保护关联，该密钥可以由TPM作为激活步骤的一部分生成。可选地，可以在验证期间周期性地改变TPM的平台配置寄存器（PCR），以防止使用一个TPM来在多个计算设备上进行验证。

8. 发明授权

US07836309B2 Generic extensible pre-operating system cryptographic infrastructure 有权
标题翻译：通用可扩展的操作前系统加密基础设施
公开(公告)号：US07836309B2
公开(公告)日：2010-11-16
申请号：US11780781
申请日：2007-07-20
申请人： Erik Holt , Stefan Thom , Shivaram H. Mysore , Valerie Kathleen Bays , Carl Ellison
发明人： Erik Holt , Stefan Thom , Shivaram H. Mysore , Valerie Kathleen Bays , Carl Ellison
IPC分类号： G06F21/00
CPC分类号： G06F21/575 , H04L9/088 , H04L9/0894
摘要： A cryptographic device protocol provides a generic interface allowing pre-OS applications to employ any of a variety of cryptographic devices within the pre-OS environment. The generic interface can be used independent of the specific cryptographic devices and is independent of the cryptographic or hashing algorithms used by each device. Cryptographic functions may be performed in the pre-OS environment by pre-OS applications communicating with cryptographic device drivers using the cryptographic device protocol that is independent of the cryptographic devices. Each cryptographic device may be identified by a unique device identifier and may have a number of keys available to it, with each key being identified by a unique key identifier.
摘要翻译：加密设备协议提供通用接口，允许前OS应用在前OS环境内采用各种加密设备中的任何一种。通用接口可以独立于特定的加密设备使用，并且独立于每个设备使用的加密或散列算法。加密功能可以在前OS环境中通过使用独立于加密设备的加密设备协议与加密设备驱动程序进行通信的前OS应用程序来执行。每个加密设备可以由唯一的设备标识符标识，并且可以具有可用的密钥数量，每个密钥由唯一的密钥标识符标识。

9. 发明申请

US20160188868A1 TECHNOLOGIES FOR PROVIDING HARDWARE SUBSCRIPTION MODELS USING PRE-BOOT UPDATE MECHANISM 审中-公开
标题翻译：使用预引导更新机制提供硬件认购模型的技术
公开(公告)号：US20160188868A1
公开(公告)日：2016-06-30
申请号：US14583656
申请日：2014-12-27
申请人： Sudhakar Otturu , Krishna Kumar Ganesan , Erik Holt
发明人： Sudhakar Otturu , Krishna Kumar Ganesan , Erik Holt
IPC分类号： G06F21/44 , G06F9/445 , H04L12/24
CPC分类号： G06F21/44 , G06F8/654 , G06F9/4416 , G06F9/44505 , G06F21/575 , G06F2221/2149 , H04L41/0813
摘要： Technologies to enable, disable and control hardware subscription features. Computing devices communicate over a network to a subscription server to provide hardware platform information for each of the computing devices. As the subscription server receives hardware platform information, the subscription server determines the hardware features that are enabled, and further determines what hardware subscription options are available for each of the computing devices. When a hardware subscription option is selected/purchased by a computing device, subscription server provides a pre-boot update mechanism, such as a Unified Extensible Firmware Interface (UEFI) capsule, to act as a boot level program that enables hardware features on the computing device. Hardware subscription features are also securely protected using cryptographic engine modules.
摘要翻译：启用，禁用和控制硬件订阅功能的技术。计算设备通过网络通信到订阅服务器以为每个计算设备提供硬件平台信息。当订阅服务器接收硬件平台信息时，订阅服务器确定启用的硬件特征，并进一步确定哪些硬件订阅选项可用于每个计算设备。当计算设备选择/购买硬件订阅选项时，订阅服务器提供诸如统一可扩展固件接口（UEFI）胶囊之类的预引导更新机制，以起到启动级别程序的作用，从而使计算机上的硬件功能设备。硬件订阅功能也使用加密引擎模块进行安全保护。

10. 发明申请

US20060206717A1 Image or pictographic based computer login systems and methods 有权
标题翻译：基于图像或图像的计算机登录系统和方法
公开(公告)号：US20060206717A1
公开(公告)日：2006-09-14
申请号：US11073742
申请日：2005-03-08
申请人： Erik Holt , Matthew Kowalczyk , Russell Humphries
发明人： Erik Holt , Matthew Kowalczyk , Russell Humphries
IPC分类号： G06F12/14 , H04L9/00 , G06F12/00 , G06F17/30 , H04K1/00 , G06F13/00 , G06F7/04 , G06F7/58 , G06K19/00 , G11C7/00 , H04L9/32
CPC分类号： G06F21/36
摘要： Image based login procedures for computer systems include: (a) displaying a first image on a computer screen; (b) receiving user input indicating a portion of the first image; (c) determining if the user input corresponds to a first acceptable user input for user authentication; and (d) proceeding with the authentication procedure when this user input corresponds to the first acceptable user input for user authentication. Additionally or optionally, when proceeding with this authentication procedure, the systems and methods further may include: displaying a second image on the screen; receiving new user input indicating a portion of the second image; and determining if this new input corresponds to a second acceptable user input for user authentication.
摘要翻译：用于计算机系统的基于图像的登录过程包括：（a）在计算机屏幕上显示第一图像; （b）接收指示第一图像的一部分的用户输入; （c）确定用户输入是否对应于用于用户认证的第一可接受用户输入; 和（d）当该用户输入对应于用于用户认证的第一可接受的用户输入时，进行认证过程。另外或可选地，当进行该认证过程时，系统和方法还可以包括：在屏幕上显示第二图像; 接收指示所述第二图像的一部分的新用户输入; 以及确定该新输入是否对应于用于用户认证的第二可接受用户输入。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式