专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120173885A1 KEY MANAGEMENT USING TRUSTED PLATFORM MODULES 有权
标题翻译：使用有争议的平台模块进行关键管理
公开(公告)号：US20120173885A1
公开(公告)日：2012-07-05
申请号：US12982235
申请日：2010-12-30
申请人： Tolga Acar , Brian LaMacchia , Henry Jerez Morales , Lan Duy Nguyen , David Robinson , Talha Bin Tariq
发明人： Tolga Acar , Brian LaMacchia , Henry Jerez Morales , Lan Duy Nguyen , David Robinson , Talha Bin Tariq
IPC分类号： G06F12/14 , H04L9/00 , G06F21/00
CPC分类号： H04L9/0877 , G06F21/602
摘要： Described herein are techniques for distributed key management (DKM) in cooperation with Trusted Platform Modules (TPMs). The use of TPMs strengthens the storage and processing security surrounding management of distributed keys. DKM-managed secret keys are not persistently stored in clear form. In effect, the TPMs of participating DKM nodes provide security for DKM keys, and a DKM key, once decrypted with a TPM, is available to be used from memory for ordinary cryptographic operations to encrypt and decrypt user data. TPM public keys can be used to determine the set of trusted nodes to which TPM-encrypted secret keys can be distributed.
摘要翻译：这里描述的是与可信平台模块（TPM）合作的分布式密钥管理（DKM）技术。 TPM的使用加强了分布式密钥管理周围的存储和处理安全性。 DKM管理的秘密密钥不会以清晰的形式持久存储。实际上，参与的DKM节点的TPM为DKM密钥提供安全性，一旦用TPM解密的DKM密钥可用于从存储器中用于普通加密操作以加密和解密用户数据。可以使用TPM公钥来确定可以分发TPM加密的密钥的可信节点集合。

2. 发明授权

US09026805B2 Key management using trusted platform modules 有权
标题翻译：使用可信平台模块进行密钥管理
公开(公告)号：US09026805B2
公开(公告)日：2015-05-05
申请号：US12982235
申请日：2010-12-30
申请人： Tolga Acar , Brian LaMacchia , Henry Jerez Morales , Lan Duy Nguyen , David Robinson , Talha Bin Tariq
发明人： Tolga Acar , Brian LaMacchia , Henry Jerez Morales , Lan Duy Nguyen , David Robinson , Talha Bin Tariq
IPC分类号： H04L9/08 , G06F21/60
CPC分类号： H04L9/0877 , G06F21/602
摘要： Described herein are techniques for distributed key management (DKM) in cooperation with Trusted Platform Modules (TPMs). The use of TPMs strengthens the storage and processing security surrounding management of distributed keys. DKM-managed secret keys are not persistently stored in clear form. In effect, the TPMs of participating DKM nodes provide security for DKM keys, and a DKM key, once decrypted with a TPM, is available to be used from memory for ordinary cryptographic operations to encrypt and decrypt user data. TPM public keys can be used to determine the set of trusted nodes to which TPM-encrypted secret keys can be distributed.
摘要翻译：这里描述的是与可信平台模块（TPM）合作的分布式密钥管理（DKM）技术。 TPM的使用加强了分布式密钥管理周围的存储和处理安全性。 DKM管理的秘密密钥不会以清晰的形式持久存储。实际上，参与的DKM节点的TPM为DKM密钥提供安全性，一旦用TPM解密的DKM密钥可用于从存储器中用于普通加密操作以加密和解密用户数据。可以使用TPM公钥来确定可以分发TPM加密的密钥的可信节点集合。

3. 发明授权

US09008316B2 Role-based distributed key management 有权
标题翻译：基于角色的分布式密钥管理
公开(公告)号：US09008316B2
公开(公告)日：2015-04-14
申请号：US13434737
申请日：2012-03-29
申请人： Tolga Acar , Henry N. Jerez , Lan Duy Nguyen , Thomas Michael Roeder
发明人： Tolga Acar , Henry N. Jerez , Lan Duy Nguyen , Thomas Michael Roeder
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： H04L9/0819 , H04L9/0816 , H04L9/0833 , H04L9/0838 , H04L9/0877 , H04L9/088 , H04L9/0891 , H04L9/0897 , H04L9/30 , H04L9/3247 , H04L2209/24
摘要： Implementations for providing role-based distributed key management (DKM) replication are described. A server node receives a request from a requester node to perform a DKM create or update function. The server node determines the role of the requester node based on a public key of the requester node. The server node determines whether the role of the requester node indicates that the requester node is authorized to request the DKM create or update function. If the requester node's role is authorized to request the DKM create or update function, then the server node performs the requested function. The DKM create or update function may involve a replication function. Public key and trust chains may be derived from physical cryptographic processors, such as TPMs.
摘要翻译：描述了提供基于角色的分布式密钥管理（DKM）复制的实现。服务器节点从请求者节点接收请求以执行DKM创建或更新功能。服务器节点根据请求者节点的公钥来确定请求者节点的角色。服务器节点确定请求者节点的角色是否指示请求者节点被授权请求DKM创建或更新功能。如果请求者节点的角色被授权请求DKM创建或更新功能，则服务器节点执行所请求的功能。 DKM创建或更新功能可能涉及复制功能。公共密钥和信任链可能来自物理密码处理器，如TPM。

4. 发明申请

US20130259234A1 ROLE-BASED DISTRIBUTED KEY MANAGEMENT 有权
公开(公告)号：US20130259234A1
公开(公告)日：2013-10-03
申请号：US13434737
申请日：2012-03-29
申请人： Tolga Acar , Henry N. Jerez , Lan Duy Nguyen , Thomas Michael Roeder
发明人： Tolga Acar , Henry N. Jerez , Lan Duy Nguyen , Thomas Michael Roeder
IPC分类号： H04L9/08
CPC分类号： H04L9/0819 , H04L9/0816 , H04L9/0833 , H04L9/0838 , H04L9/0877 , H04L9/088 , H04L9/0891 , H04L9/0897 , H04L9/30 , H04L9/3247 , H04L2209/24
摘要： Implementations for providing role-based distributed key management (DKM) replication are described. A server node receives a request from a requester node to perform a DKM create or update function. The server node determines the role of the requester node based on a public key of the requester node. The server node determines whether the role of the requester node indicates that the requester node is authorized to request the DKM create or update function. If the requester node's role is authorized to request the DKM create or update function, then the server node performs the requested function. The DKM create or update function may involve a replication function. Public key and trust chains may be derived from physical cryptographic processors, such as TPMs.

5. 发明申请

US20120159577A1 ANONYMOUS PRINCIPALS FOR POLICY LANGUAGES 有权
标题翻译：政治语言的不寻常原则
公开(公告)号：US20120159577A1
公开(公告)日：2012-06-21
申请号：US12970867
申请日：2010-12-16
申请人： Mira Belinkiy , Tolga Acar , Thomas Roeder , Jason Mackay , Brian LaMacchia
发明人： Mira Belinkiy , Tolga Acar , Thomas Roeder , Jason Mackay , Brian LaMacchia
IPC分类号： H04L9/32
CPC分类号： H04L9/3265 , G06F21/6218 , H04L2209/42
摘要： Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity.
摘要翻译：描述允许安全策略语言适应匿名凭据的技术。安全策略语言中的策略语句可以引用匿名凭据。当策略语句被评估以决定是否授予对由策略语句介导的资源的访问时，使用匿名凭证。可以实施策略语言，以允许一个匿名凭据将访问授予权限委派给另一个匿名凭据。此外，匿名凭证可以被重新随机化，以避免匿名凭证的使用之间的联系，这可能危及匿名。

6. 发明授权

US09047477B2 Distributed key encryption in servers 有权
标题翻译：服务器中的分布式密钥加密
公开(公告)号：US09047477B2
公开(公告)日：2015-06-02
申请号：US12471474
申请日：2009-05-26
申请人： Fabian Nunez-Tejerina , Jeffrey B. Kay , Robert C. Fruth , Naveen A. Palavalli , Ramesh Chinta , Tolga Acar
发明人： Fabian Nunez-Tejerina , Jeffrey B. Kay , Robert C. Fruth , Naveen A. Palavalli , Ramesh Chinta , Tolga Acar
IPC分类号： H04L9/00 , G06F21/62 , H04L9/32 , H04L29/06
CPC分类号： G06F21/6209 , H04L9/006 , H04L9/3263 , H04L63/0823
摘要： Architecture that stores specific passwords on behalf of users, and encrypts the passwords using encryption keys managed by a distributed key management system. The encryption keys are stored in a directory service (e.g., hierarchical) in an area that is inaccessible by selected entities (e.g., administrative users) having superior permissions such as supervisory administrators, but accessible to the account components that need to access the unencrypted passwords. The distributed key management system makes the encryption key stored in the directory service available to all hardware/software components that need the key to encrypt or decrypt the passwords.
摘要翻译：代表用户存储特定密码的体系结构，并使用由分布式密钥管理系统管理的加密密钥加密密码。加密密钥存储在具有诸如监督管理员等优越许可的选定实体（例如，管理用户）无法访问的区域中的目录服务（例如，分级）中，但是对于需要访问未加密密码的帐户组件可访问。分布式密钥管理系统使存储在目录服务中的加密密钥可用于需要密钥的所有硬件/软件组件来加密或解密密码。

7. 发明授权

US07930332B2 Weighted entropy pool service 有权
标题翻译：加权熵池服务
公开(公告)号：US07930332B2
公开(公告)日：2011-04-19
申请号：US11690758
申请日：2007-03-23
申请人： Tolga Acar , Daniel B. Shumow , Andrew S. Tucker , Carl M. Ellison
发明人： Tolga Acar , Daniel B. Shumow , Andrew S. Tucker , Carl M. Ellison
IPC分类号： G06F1/02
CPC分类号： G06F7/58
摘要： A weighted entropy pool service system and methods. Weights are associated with entropy sources and are used to estimate a quantity of entropy contained in data from the entropy sources. An interface is optionally provided to facilitate connecting user entropy sources to the entropy pool service. The quantity of entropy contained in the system is tracked as entropy is distributed to entropy consumers. A persistent entropy pool state file stores entropy across system restarts.
摘要翻译：一种加权熵池服务系统及方法。权重与熵源相关联，用于估计来自熵源的数据中包含的熵量。可选地提供接口以便于将用户熵源连接到熵池服务。随着熵被分配给熵消费者，系统中包含的熵量被跟踪。持续熵池状态文件在系统重新启动之间存储熵。

8. 发明授权

US09015489B2 Securing passwords against dictionary attacks 有权
标题翻译：保护密码免受字典攻击
公开(公告)号：US09015489B2
公开(公告)日：2015-04-21
申请号：US12755426
申请日：2010-04-07
申请人： Mira Belenkiy , Tolga Acar , Henry Nelson Jerez Morales , Alptekin Kupcu
发明人： Mira Belenkiy , Tolga Acar , Henry Nelson Jerez Morales , Alptekin Kupcu
IPC分类号： G06F21/00 , G06F7/04 , H04L29/06 , H04L9/08 , H04L9/32
CPC分类号： H04L63/0428 , H04L9/0841 , H04L9/3226 , H04L9/3271 , H04L63/06 , H04L63/083 , H04L63/0853
摘要： Described herein are various technologies pertaining to constructions of a password-based authentication protocol that are configured to allow a user to register with and authenticate to an online service without the online service receiving a password or a deterministic function of the password of the user. When registering with an online service, a client computing device establishes a cryptographically strong random secret and stores an encryption of such secret with a data storage device. The storage device also never receives the password or a deterministic function of the password. When the user wishes to authenticate to the online service, the user employs her password to retrieve the encrypted secret from the storage device, decrypts such secret, and utilizes the decrypted secret to answer a cryptographically strong challenge provided to the user by the online service upon the online service receiving a username pertaining to such user.
摘要翻译：这里描述的是涉及基于密码的认证协议的构造的各种技术，其被配置为允许用户在没有在线服务接收密码或用户的密码的确定性功能的情况下向在线服务注册和认证。当在线服务注册时，客户端计算设备建立密码强的随机秘密，并将这种秘密的加密存储在数据存储设备中。存储设备也从不接收密码或密码的确定性功能。当用户希望对在线服务进行身份验证时，用户使用她的密码从存储设备中取回加密的秘密，解密这样的秘密，并利用解密的秘密来回答由在线服务提供给用户的加密强大的挑战，该在线服务接收与该用户有关的用户名。

9. 发明申请

US20120324233A1 Verifying Requests for Access to a Service Provider Using an Authentication Component 有权
标题翻译：验证使用身份验证组件访问服务提供商的请求
公开(公告)号：US20120324233A1
公开(公告)日：2012-12-20
申请号：US13160831
申请日：2011-06-15
申请人： Duy Lan Nguyen , Tolga Acar
发明人： Duy Lan Nguyen , Tolga Acar
IPC分类号： H04L9/32
CPC分类号： H04L63/0823 , G06Q20/341 , H04L9/0866 , H04L9/3073 , H04L9/3234 , H04L9/3268 , H04L9/3281 , H04L63/0435 , H04L63/0442 , H04L63/061 , H04L63/0853 , H04L2209/84
摘要： The subject disclosure is directed towards processing requests for accessing a service provider. After examining at least one security token, a public key and a portion of attribute information are identified. An authentication component is accessed and applied to the public key. A unique user identifier is employed in generating the public key. The authentication component is generated using information from at least one revoked security token or at least one valid security token. The authentication component is configured to prove validity of the at least one security token.
摘要翻译：主题公开涉及处理访问服务提供商的请求。在检查至少一个安全令牌之后，识别公钥和属性信息的一部分。访问认证组件并将其应用于公钥。在生成公钥时采用唯一的用户标识符。使用来自至少一个撤销的安全令牌或至少一个有效安全令牌的信息生成认证组件。认证组件被配置为证明至少一个安全性令牌的有效性。

10. 发明授权

US08325924B2 Managing group keys 有权
标题翻译：管理组密钥
公开(公告)号：US08325924B2
公开(公告)日：2012-12-04
申请号：US12389217
申请日：2009-02-19
申请人： Tolga Acar , Josh Benaloh , Niels Thomas Ferguson , Carl M. Ellison , Mira Belenkiy , Duy Lan Nguyen
发明人： Tolga Acar , Josh Benaloh , Niels Thomas Ferguson , Carl M. Ellison , Mira Belenkiy , Duy Lan Nguyen
IPC分类号： H04L9/00
CPC分类号： H04L9/0891 , H04L9/0833
摘要： In an example, one or more cryptographic keys may be associated with a group. Any member of the group may use the key to encrypt and decrypt information, thereby allowing members of the group to share encrypted information. Domain controllers (DCs) maintain copies of the group's keys. The DCs may synchronize with each other, so that each DC may have a copy of the group's keys. Keys may have expiration dates, and any client connected to a DC may generate a new key when a key is nearing expiration. The various clients may create new keys at differing amounts of time before expiration on various DCs. DCs that store keys early thus may have time to propagate the newly-created keys through synchronization before other DCs are requested to store keys created by other clients. In this way, the creation of an excessive number of new keys may be avoided.
摘要翻译：在一个示例中，一个或多个加密密钥可以与组相关联。该组的任何成员可以使用密钥来加密和解密信息，从而允许该组的成员共享加密的信息。域控制器（DC）维护组的密钥副本。 DC可以彼此同步，使得每个DC可以具有组的密钥的副本。密钥可能有过期日期，连接到DC的任何客户端可能在密钥接近到期时生成新密钥。各种客户端可以在不同的时间段之前以不同的时间量创建新的密钥。因此，早期存储密钥的DC可能有时间通过同步传播新创建的密钥，而其他DC被请求存储由其他客户端创建的密钥。以这种方式，可以避免创建过多的新密钥。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式