专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07817802B2 Cryptographic key management in a communication network 有权
标题翻译：通信网络中的加密密钥管理
公开(公告)号：US07817802B2
公开(公告)日：2010-10-19
申请号：US11625993
申请日：2007-01-23
申请人： Paul Thomas Kitaj , Mary Eleanor Trengove , Douglas Allan Hardy
发明人： Paul Thomas Kitaj , Mary Eleanor Trengove , Douglas Allan Hardy
IPC分类号： H04L9/16 , H04L9/08 , H04L9/32
CPC分类号： H04L9/0822 , H04L9/083 , H04L63/06 , H04L2209/80
摘要： A communication network (22) includes a central node (30) loaded with a trusted key (26) and key material (56) corresponding to an asymmetric key agreement protocol (48). The network (22) further includes vulnerable nodes (32) loaded with key material (69) corresponding to the protocol (48). Successive secure connections (68, 70) are established between the central node (30) and the vulnerable nodes (32) using the key material (56, 69) to generate a distinct session key (52) for each of the secure connections (68, 70). The trusted key (26) and one of the session keys (52) are utilized to produce a mission key (39). The mission key (39) is transferred from the central node (30) to each of the vulnerable nodes (32) via each of the secure connections (68, 70) using the corresponding current session key (52). The mission key (39) functions for secure communication within the communication network (22).
摘要翻译：通信网络（22）包括加载有对应于非对称密钥协议协议（48）的可信密钥（26）和密钥材料（56）的中心节点（30）。网络（22）还包括装载有与协议（48）对应的密钥材料（69）的易受攻击的节点（32）。使用密钥材料（56,69）在中央节点（30）和弱势节点（32）之间建立连续的安全连接（68,70），以为每个安全连接（68）生成不同的会话密钥（52），70）。可信密钥（26）和其中一个会话密钥（52）用于产生任务密钥（39）。任务密钥（39）通过使用相应的当前会话密钥（52）经由每个安全连接（68,70）从中央节点（30）传送到每个易受攻击的节点（32）。任务密钥（39）用于通信网络（22）内的安全通信。

2. 发明授权

US6112229A Secure terminal and method of communicating messages among processing systems internal thereto 失效
标题翻译：在其内部的处理系统之间传递消息的安全终端和方法
公开(公告)号：US6112229A
公开(公告)日：2000-08-29
申请号：US71184
申请日：1998-05-01
申请人： Douglas Allan Hardy , Craig Robert Fossey
发明人： Douglas Allan Hardy , Craig Robert Fossey
IPC分类号： G06F21/00 , G06F13/00
CPC分类号： G06F21/85 , G06F2211/002
摘要： A secure terminal includes a host (105) and slaves (125) which send and receive messages via a peripheral component interconnect (PCI) bus (130). The host allows slaves to receive messages from the host and send messages to the host. The host prevents slave-to-slave communication of messages. The host and each slave include interface logic (120) coupled to the PCI bus and a memory (200) for coupling a processor (110) to the interface logic (120). Each dual-port RAM (200) includes a first memory portion for receiving messages from a sender and a second memory portion for storing messages to be transmitted to a receiver.
摘要翻译：安全终端包括通过外围组件互连（PCI）总线（130）发送和接收消息的主机（105）和从站（125）。主机允许从站从主机接收消息并向主机发送消息。主机防止消息的从属到从属通信。主机和每个从机包括耦合到PCI总线的接口逻辑（120）和用于将处理器（110）耦合到接口逻辑（120）的存储器（200）。每个双端口RAM（200）包括用于从发送器接收消息的第一存储器部分和用于存储要发送到接收器的消息的第二存储器部分。

3. 发明授权

US08060751B2 Access-control method for software module and programmable electronic device therefor 有权
标题翻译：软件模块和可编程电子设备的访问控制方法
公开(公告)号：US08060751B2
公开(公告)日：2011-11-15
申请号：US11857501
申请日：2007-09-19
申请人： Paul Thomas Kitaj , Sherman W. Paskett , Douglas Allan Hardy , Frank Edward Seeker , Steve Robert Tuggenberg
发明人： Paul Thomas Kitaj , Sherman W. Paskett , Douglas Allan Hardy , Frank Edward Seeker , Steve Robert Tuggenberg
IPC分类号： G06F21/00
CPC分类号： G06F21/6218 , G06F2221/2107 , G06F2221/2153 , H04L9/3234 , H04L2209/603
摘要： A programmable electronic device (10) stores a number of cipher-text software modules (14) to which access is granted after evaluating a user's token (55, 80, 82), a software-restriction class (58) for a requested software module (14), and/or a currently active access-control model (60). Access-control models (60) span a range from uncontrolled to highly restrictive. Models (60) become automatically activated and deactivated as users are added to and deleted from the device (10). A virtual internal user proxy that does not require users to provide tokens (80, 82) is used to enable access to modules (16) classified in a global software-restriction class (62) or when an uncontrolled-access-control model (68) is active. Both licensed modules (76) and unlicensed modules (18,78) may be loaded in the device (10). However, no keys are provided to enable decryption of unlicensed modules (18,78).
摘要翻译：可编程电子设备（10）存储在评估用户令牌（55,80,82）之后被许可的许多密文软件模块（14），用于所请求的软件模块的软件限制类（58）（14）和/或当前活动的访问控制模型（60）。访问控制模型（60）跨越从不受控制到高度限制的范围。随着用户被添加到设备（10）并从设备中删除，模型（60）会自动激活和停用。不需要用户提供令牌（80,82）的虚拟内部用户代理用于启用对分类在全局软件限制类（62）中的模块（16）的访问，或者当不受控制的访问控制模型（68））活跃。许可模块（76）和未许可模块（18,78）都可以被加载到设备（10）中。然而，没有提供密钥来启用未许可模块的解密（18,78）。

4. 发明授权

US07290144B1 Access-control method for software modules and programmable electronic device therefor 有权
标题翻译：软件模块和可编程电子设备的访问控制方法
公开(公告)号：US07290144B1
公开(公告)日：2007-10-30
申请号：US10177555
申请日：2002-06-21
申请人： Paul Thomas Kitaj , Sherman W. Paskett , Douglas Allan Hardy , Frank Edward Seeker , Steve Robert Tugenberg
发明人： Paul Thomas Kitaj , Sherman W. Paskett , Douglas Allan Hardy , Frank Edward Seeker , Steve Robert Tugenberg
IPC分类号： H04K1/00 , H04N7/16
CPC分类号： G06F21/6218 , G06F2221/2107 , G06F2221/2153 , H04L9/3234 , H04L2209/603
摘要： A programmable electronic device (10) stores a number of cipher-text software modules (14) to which access is granted after evaluating a user's token (55, 80, 82), a software-restriction class (58) for a requested software module (14), and/or a currently active access-control model (60). Access-control models (60) span a range from uncontrolled to highly restrictive. Models (60) become automatically activated and deactivated as users are added to and deleted from the device (10). A virtual internal user proxy that does not require users to provide tokens (80, 82) is used to enable access to modules (16) classified in a global software-restriction class (62) or when an uncontrolled-access-control model (68) is active. Both licensed modules (76) and unlicensed modules (18,78) may be loaded in the device (10). However, no keys are provided to enable decryption of unlicensed modules (18,78).
摘要翻译：可编程电子设备（10）存储在评估用户令牌（55,80,82）之后被许可的许多密文软件模块（14），用于所请求的软件模块的软件限制类（58）（14）和/或当前活动的访问控制模型（60）。访问控制模型（60）跨越从不受控制到高度限制的范围。随着用户被添加到设备（10）并从设备中删除，模型（60）会自动激活和停用。不需要用户提供令牌（80,82）的虚拟内部用户代理用于启用对分类在全局软件限制类（62）中的模块（16）的访问，或者当不受控制的访问控制模型（68））活跃。许可模块（76）和未许可模块（18,78）都可以被加载到设备（10）中。然而，没有提供密钥来启用未许可模块的解密（18,78）。

5. 发明授权

US06370251B1 Traffic key access method and terminal for secure communication without key escrow facility 失效
标题翻译：交通密钥接入方式和终端安全通信，无密钥托管设施
公开(公告)号：US06370251B1
公开(公告)日：2002-04-09
申请号：US09093083
申请日：1998-06-08
申请人： Douglas Allan Hardy , Douglas Matthew East
发明人： Douglas Allan Hardy , Douglas Matthew East
IPC分类号： H04L100
CPC分类号： H04L9/0897
摘要： Key escrow is achieved without a key escrow facility. An escrow key pair is generated and stored in the terminal. A key escrow field that includes a traffic key encrypted with the escrow key is provided before encrypted traffic is communicated. When access to the traffic key is authorized, the escrow key is extracted from the terminal and used to decrypt the traffic key. The private portion of the escrow key is covered in the terminal with an escrow key access number. The escrow key access number is preferably generated by the terminal manufacturer with a secret algorithm using the terminal serial number. Alternatively, the escrow key is stored within a user token, rather than the terminal.
摘要翻译：密钥托管是在没有密钥托管设施的情况下实现的。生成一个代管密钥对并存储在终端中。在传送加密流量之前，提供包含使用代管密钥加密的流量密钥的密钥托管字段。授权访问流量密钥时，从终端提取代管密钥，用于解密流量密钥。代管钥匙的私人部分用终端密码存入号码。托管密钥访问号码优选地由具有使用终端序列号的秘密算法的终端制造商生成。或者，代管密钥存储在用户令牌内，而不是终端。

6. 发明授权

US5995628A Failsafe security system and method 失效
标题翻译：安全防范系统和方法
公开(公告)号：US5995628A
公开(公告)日：1999-11-30
申请号：US835000
申请日：1997-04-07
申请人： Paul Thomas Kitaj , Douglas Allan Hardy , Francis Gregory Sydnor
发明人： Paul Thomas Kitaj , Douglas Allan Hardy , Francis Gregory Sydnor
IPC分类号： G06F21/00 , H04K1/00 , H04L9/00
CPC分类号： G06F21/74 , H04L9/06 , H04L9/32
摘要： Controllable functions (210, 220, 230) and controllable connection managers (212, 222, 216, 226) are used to provide a fail-safe security system implemented on a single processor (200). Red subsystems, black subsystems and clear bypass subsystems ensure separation between red data and black data. Connection managers (212, 222, 216, 226) are used to isolate and control red data ports (214), black data ports (224), red crypto ports (218), and black crypto ports (228). Subsystems are configured to control data flow, provide data separation, access control and prevent single failures from compromising security system (200). Each subsystem is managed separately, and each subsystem has unique access protection provided by controller (202). Within security system (200), the subsystems are kept separate. Functional separation of the red data memory and black data memory is maintained to provide fail-safe data isolation.
摘要翻译：可控功能（210,220,230）和可控连接管理器（212,222,216,226）用于提供在单个处理器（200）上实现的故障安全安全系统。红色子系统，黑色子系统和清除旁路子系统确保红色数据与黑色数据之间的分离。连接管理器（212,222,216,226）用于隔离和控制红色数据端口（214），黑色数据端口（224），红色加密端口（218）和黑色加密端口（228）。子系统被配置为控制数据流，提供数据分离，访问控制和防止单个故障危及安全系统（200）。每个子系统分开管理，每个子系统具有由控制器（202）提供的唯一的访问保护。在安全系统（200）内，子系统保持分开。保持红色数据存储器和黑色数据存储器的功能分离，以提供故障安全数据隔离。

7. 发明授权

US06356638B1 Radio wireline interface and method for secure communication 失效
标题翻译：无线电线接口和安全通信方法
公开(公告)号：US06356638B1
公开(公告)日：2002-03-12
申请号：US09124719
申请日：1998-07-30
申请人： Douglas Allan Hardy , Peter J. Armbruster
发明人： Douglas Allan Hardy , Peter J. Armbruster
IPC分类号： H04L0900
CPC分类号： H04K1/00
摘要： An interface between a digital communication system and a PSTN establishes a user configurable secure encrypted link to a digital subscriber unit through the digital communication system, and provides clear (unencrypted) voice to telephone sets through the PSTN. The interface includes a security module for encrypting and decrypting information with user specific algorithms and keys, a transcoder for converting modulated voice to digital voice and a modem for modulating and demodulating data and encrypted voice. Accordingly, the wireline interface allows for user specified security over a digital wireless portion of an end-to-end communication channel. The interface also provides for the communication of unencrypted voice followed by secure voice or secure data.
摘要翻译：数字通信系统和PSTN之间的接口通过数字通信系统建立到数字用户单元的用户可配置的安全加密链路，并通过PSTN向电话机提供清晰（未加密的）语音。该接口包括用于用用户特定算法和密钥加密和解密信息的安全模块，用于将调制语音转换成数字语音的代码转换器和用于调制和解调数据和加密语音的调制解调器。因此，有线接口允许通过端到端通信信道的数字无线部分的用户指定的安全性。该接口还提供未加密语音的通信，然后是安全语音或安全数据。

8. 发明授权

US06219420B1 High assurance encryption system and method 有权
标题翻译：高保密加密系统和方法
公开(公告)号：US06219420B1
公开(公告)日：2001-04-17
申请号：US09146065
申请日：1998-09-02
申请人： Douglas Allan Hardy , Steven Robert Tugenberg
发明人： Douglas Allan Hardy , Steven Robert Tugenberg
IPC分类号： H04L906
CPC分类号： H04L63/0485 , H04L9/0618 , H04L2209/12 , H04L2209/26
摘要： A processor (22) of an encryption system (20) receives plain text (24) and operates an encryption algorithm to convert the plain text (24) to cipher text (26). A state monitor (30) confirms a conversion sequence within each of a plurality of conversion cycles performed by the encryption algorithm. The state monitor (30) produces a first enablement signal (38) when the conversion sequence is confirmed. An encryption activity monitor (34) determines a number of blocks of cipher text (24) that are not encrypted. The encryption activity monitor (34) produces a second enablement signal (42) when the number of unencrypted blocks of cipher text (26) is less than a predetermined failure threshold (86). A monitor gate (36) enables output of the cipher text (26) in response to the first and second enablement signals (38, 42).
摘要翻译：加密系统（20）的处理器（22）接收纯文本（24）并且操作加密算法以将明文（24）转换为密文（26）。状态监视器（30）在由加密算法执行的多个转换周期内确认转换序列。当确认转换顺序时，状态监视器（30）产生第一使能信号（38）。加密活动监视器（34）确定未被加密的密文块（24）的数量。当加密文件（26）的未加密块的数量小于预定的故障阈值（86）时，加密活动监视器（34）产生第二启用信号（42）。监视器门（36）能够响应于第一和第二使能信号（38,42）输出密文（26）。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式