会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • Trusted computing platform
    • 可信计算平台
    • US20060031790A1
    • 2006-02-09
    • US11249820
    • 2005-10-12
    • Graeme ProudlerDipankar GuptaLiqun ChenSiani PearsonBoris BalacheffBruno Van WilderDavid Chan
    • Graeme ProudlerDipankar GuptaLiqun ChenSiani PearsonBoris BalacheffBruno Van WilderDavid Chan
    • G06F17/50
    • G06F21/445G06F21/34G06F21/57G06F21/606G06F21/64G06F21/85G06F2207/7219G06F2211/009G06F2221/2103
    • In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal. Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
    • 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
    • 2. 发明申请
    • SYSTEM FOR PROVIDING A TRUSTWORTHY USER INTERFACE
    • 提供信任用户界面的系统
    • US20080022128A1
    • 2008-01-24
    • US11861127
    • 2007-09-25
    • Graeme ProudlerBoris BalacheffLiqun ChenDavid Chan
    • Graeme ProudlerBoris BalacheffLiqun ChenDavid Chan
    • G06F12/14
    • H04L9/3234G06F21/84G06F2211/009G09C5/00H04L9/3247H04L9/3273H04L2209/38H04L2209/56
    • The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (266) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
    • 本发明的优选实施例包括使用可信显示处理器(260)的计算机系统,该可信显示处理器(260)具有物理和功能上不同于处理器和存储器的可信处理器(300)和可信存储器(305,315,335,345) 计算机系统。 受信任的显示处理器(260)不受未经授权的修改或内部数据的检查。 防止伪造,防篡改,防止伪造,具有密码功能(340)可远距离安全通信是物理的。 可信赖的显示处理器(266)与用户的智能卡(122)交互以提取和显示可信图像,或者密封(1000),生成文档图像的位图的数字签名并控制视频存储器(315) 使得计算机系统的其他进程在签名过程中不能颠覆图像。 用户通过可信交换机(135)与受信任的显示处理器进行交互。
    • 3. 发明授权
    • System for providing a trustworthy user interface
    • 提供可靠的用户界面的系统
    • US07904730B2
    • 2011-03-08
    • US11861127
    • 2007-09-25
    • Graeme John ProudlerBoris BalacheffLiqun ChenDavid Chan
    • Graeme John ProudlerBoris BalacheffLiqun ChenDavid Chan
    • G06F12/14
    • H04L9/3234G06F21/84G06F2211/009G09C5/00H04L9/3247H04L9/3273H04L2209/38H04L2209/56
    • The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
    • 本发明的优选实施例包括使用可信显示处理器(260)的计算机系统,该可信显示处理器(260)具有物理和功能上不同于处理器和存储器的可信处理器(300)和可信存储器(305,315,335,345) 计算机系统。 受信任的显示处理器(260)不受未经授权的修改或内部数据的检查。 防止伪造,防篡改,防止伪造,具有密码功能(340)可远距离安全通信是物理的。 可信赖的显示处理器(260)与用户的智能卡(122)交互以提取和显示可信图像,或者密封(1000),生成文档图像的位图的数字签名并控制视频存储器(315) 使得计算机系统的其他进程在签名过程中不能颠覆图像。 用户通过可信交换机(135)与受信任的显示处理器进行交互。
    • 4. 发明授权
    • System for providing a trustworthy user interface
    • 提供可靠的用户界面的系统
    • US07302585B1
    • 2007-11-27
    • US09979905
    • 2000-05-25
    • Graeme John ProudlerBoris BalacheffLiqun ChenDavid Chan
    • Graeme John ProudlerBoris BalacheffLiqun ChenDavid Chan
    • G06F12/14H04L9/32G06K19/00
    • H04L9/3234G06F21/84G06F2211/009G09C5/00H04L9/3247H04L9/3273H04L2209/38H04L2209/56
    • The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
    • 本发明的优选实施例包括使用可信显示处理器(260)的计算机系统,该可信显示处理器(260)具有物理和功能上不同于处理器和存储器的可信处理器(300)和可信存储器(305,315,335,345) 计算机系统。 受信任的显示处理器(260)不受未经授权的修改或内部数据的检查。 防止伪造,防篡改,防止伪造,具有密码功能(340)可远距离安全通信是物理的。 可信赖的显示处理器(260)与用户的智能卡(122)交互以提取和显示可信图像,或者密封(1000),生成文档图像的位图的数字签名并控制视频存储器(315) 使得计算机系统的其他进程在签名过程中不能颠覆图像。 用户通过可信交换机(135)与受信任的显示处理器进行交互。
    • 5. 发明授权
    • Trusted computing platform using a trusted device assembly
    • 使用可信设备组件的可信计算平台
    • US06988250B1
    • 2006-01-17
    • US09913452
    • 2000-02-15
    • Graeme John ProudlerDipankar GuptaLiqun ChenSiani Lynne PearsonBoris BalacheffBruno Edgard Van WilderDavid Chan
    • Graeme John ProudlerDipankar GuptaLiqun ChenSiani Lynne PearsonBoris BalacheffBruno Edgard Van WilderDavid Chan
    • G06F17/50
    • G06F21/445G06F21/34G06F21/57G06F21/606G06F21/64G06F21/85G06F2207/7219G06F2211/009G06F2221/2103
    • In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
    • 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
    • 6. 发明授权
    • Trusted computing platform
    • 可信计算平台
    • US07444601B2
    • 2008-10-28
    • US11249820
    • 2005-10-12
    • Graeme John ProudlerDipankar GuptaLiqun ChenSiani Lynne PearsonBoris BalacheffBruno Edgard Van WilderDavid Chan
    • Graeme John ProudlerDipankar GuptaLiqun ChenSiani Lynne PearsonBoris BalacheffBruno Edgard Van WilderDavid Chan
    • G06F17/50
    • G06F21/445G06F21/34G06F21/57G06F21/606G06F21/64G06F21/85G06F2207/7219G06F2211/009G06F2221/2103
    • In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications.In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’. The trusted hardware device (24) is configured to receive memory read signals from the main processing unit (21) and, in response, return instructions, in the native language of the main processing unit (21), that instruct the main processing unit to establish the hash and return the value to be stored by the trusted hardware device (24). Since the hash is calculated in advance of any other system operations, this is a relatively strong method of verifying the integrity of the system. Once the hash has been returned, the final instruction calls the BIOS program and the system boot procedure continues as normal.Whenever a user wishes to interact with the computing platform, he first requests the integrity metric, which he compares with an authentic integrity metric that was measured by a trusted party. If the metrics are the same, the platform is verified and interactions can continue. Otherwise, interaction halts on the basis that the operation of the platform may have been subverted.
    • 在计算平台中,将可信硬件设备(24)添加到主板(20)。 可信硬件设备(24)被配置为获取计算平台的完整性度量,例如BIOS存储器(29)的散列。 受信任的硬件设备(24)是防篡改的,难以伪造并且不能访问平台的其他功能。 该哈希可以用于说服用户,平台(硬件或软件)的操作没有以某种方式颠覆,并且可以安全地与本地或远程应用程序进行交互。 更详细地说,计算平台的主处理单元(21)在从“复位”释放之后被引导以在BIOS存储器之前对可信硬件设备(24)进行寻址。 可信硬件设备(24)被配置为从主处理单元(21)接收存储器读取信号,并响应于主处理单元(21)的母语的返回指令,其指示主处理单元 建立散列并返回由可信硬件设备(24)存储的值。 由于散列是在任何其他系统操作之前计算出来的,所以这是验证系统完整性的相对较强的方法。 一旦散列已经返回,最后的指令调用BIOS程序,并且系统引导过程正常进行。 每当用户希望与计算平台进行交互时,他首先请求完整性度量,其与被可信方测量的真实完整性度量进行比较。 如果指标相同,则会验证平台并继续进行交互。 否则,交互停止,基于平台的操作可能已被颠覆。
    • 7. 发明授权
    • Electronic commerce system
    • 电子商务系统
    • US07096204B1
    • 2006-08-22
    • US10110280
    • 2000-10-06
    • Liqun ChenBoris BalacheffRoelf du ToitSiani Lynne PearsonDavid Chan
    • Liqun ChenBoris BalacheffRoelf du ToitSiani Lynne PearsonDavid Chan
    • G06Q99/00
    • G06Q30/06G06Q20/02G06Q20/04G06Q20/105G06Q20/12G06Q20/20G06Q20/367G06Q20/3674G06Q20/383G06Q20/385
    • A method of brokering a transaction between a consumer and a vendor by a broker, wherein the consumer, the broker and the vendor are all attached to a public network, the consumer having a secure token containing a true consumer identity. The method comprising the steps of: the consumer obtaining a temporary identity from the broker by using the true consumer identity from the secure token; the consumer selecting a purchase to be made from the vendor; the consumer requesting the purchase from the vendor and providing the temporary identity to the vendor; the vendor requesting transaction authorisation from the broker by forwarding the request and the temporary identity to the broker; the broker matching the temporary identity to a current list of temporary identities, and obtaining the true consumer identity; the broker providing authorisation for the transaction based on transaction details and true consumer identity.
    • 由经纪人代理消费者和供应商之间的交易的方法,其中消费者,经纪商和供应商都连接到公共网络,消费者具有包含真实消费者身份的安全令牌。 该方法包括以下步骤:消费者通过使用来自安全令牌的真实消费者身份从代理获取临时身份; 消费者选择从供应商进行的购买; 消费者请求从供应商购买并向供应商提供临时身份; 供应商通过将请求和临时身份转发给经纪人从代理商请求交易授权; 经纪人将临时身份与当前的临时身份列表进行匹配,并获得真实的消费者身份; 经纪人根据交易细节和真实的消费者身份为交易提供授权。
    • 10. 发明授权
    • Computing apparatus and methods using secure authentication arrangements
    • 使用安全认证安排的计算设备和方法
    • US07069439B1
    • 2006-06-27
    • US09936132
    • 2000-03-03
    • Liqun ChenHoi-Kwong LoDavid Chan
    • Liqun ChenHoi-Kwong LoDavid Chan
    • H04L9/00
    • G06F21/34G06F21/445G06F21/57G06F2211/009G06F2221/2103
    • Computing apparatus comprises a memory means storing the instructions of a secure process and an authentication process; a processing means arranged to control the operation of the computing apparatus including by executing the secure process and the authentication process; a user interface means arranged to receive user input and return to the user input; and an interface means for receiving a removable primary token and communication with the token. The token comprises a body supporting a token interface for communicating with the interface means, a token processor; and a token memory adapted to store token data including information for identifying the token and auxiliary token information identifying one or more authorized auxiliary tokens. The processing means is arranged to receive the identity information and the auxiliary token information from the primary token, to authenticate the toke using the authentication process and, if the token is successfully authenticated, permit a user to interact with the secure process via the user interface means. The processing means is arranged to repeatedly authenticate the primary toke and cause the computing platform to suspend interaction between the secure process and the user if authentication is not possible as a result of the removal of the primary token unless the primary token is replaced by an authorized auxiliary token.
    • 计算装置包括存储安全处理和认证处理指令的存储装置; 被配置为通过执行安全处理和认证处理来控制计算装置的操作的处理装置; 布置成接收用户输入并返回到用户输入的用户界面装置; 以及用于接收可移动主令牌并与令牌通信的接口装置。 令牌包括支持用于与接口装置通信的令牌接口的主体,令牌处理器; 以及令牌存储器,其适于存储包括用于识别令牌的信息和识别一个或多个授权辅助令牌的辅助令牌信息的令牌数据。 处理装置被设置为从主令牌接收身份信息和辅助令牌信息,以使用身份认证过程认证托克,并且如果令牌被成功认证,允许用户经由用户界面与安全过程进行交互 手段。 处理装置被设置为重复地认证主要托管,并导致计算平台挂起安全处理和用户之间的交互,如果由于删除主令牌而不可能进行认证,除非主令牌被授权代替 辅助令牌