专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08863256B1 System and method for enabling secure transactions using flexible identity management in a vehicular environment 有权
标题翻译：用于在车辆环境中使用灵活身份管理实现安全交易的系统和方法
公开(公告)号：US08863256B1
公开(公告)日：2014-10-14
申请号：US13014605
申请日：2011-01-26
申请人： Sateesh K. Addepalli , Fabio R. Maino , Flavio Bonomi , Lillian Lei Dai , Vina Ermagan , Alexander Loukissas , Erick D. Lee , Landon Curt Noll
发明人： Sateesh K. Addepalli , Fabio R. Maino , Flavio Bonomi , Lillian Lei Dai , Vina Ermagan , Alexander Loukissas , Erick D. Lee , Landon Curt Noll
IPC分类号： G06F7/04 , H04L29/06 , H04W12/08
CPC分类号： H04W4/046 , B60R16/023 , B60W50/10 , G06F3/017 , G06F3/167 , G06F9/542 , G06F21/45 , H04L1/008 , H04L29/06578 , H04L43/0811 , H04L43/0858 , H04L43/0876 , H04L45/12 , H04L51/02 , H04L61/2592 , H04L63/08 , H04L63/107 , H04L67/12 , H04L67/32 , H04L69/18 , H04Q9/00 , H04W4/00 , H04W4/10 , H04W8/06 , H04W8/08 , H04W8/26 , H04W12/02 , H04W12/04 , H04W12/06 , H04W12/08 , H04W28/0215 , H04W28/06 , H04W36/08 , H04W40/02 , H04W40/20 , H04W48/02 , H04W48/06 , H04W48/16 , H04W48/18 , H04W52/12 , H04W52/143 , H04W52/225 , H04W52/241 , H04W52/346 , H04W72/0406 , H04W72/042 , H04W72/0493 , H04W76/45 , H04W80/02 , H04W84/005 , H04W84/12 , H04W92/18 , Y02A30/60
摘要： A method in one embodiment includes detecting an event for a transaction on an on-board unit (OBU) of a vehicle, where the event has a trigger associated with an agent. The method also includes determining whether the transaction is authorized, identifying network credentials in an identity profile that corresponds to the agent, providing network credentials to a transaction application corresponding to the transaction, and accessing a remote network using the network credentials. Certain embodiments include selecting the network credentials from a plurality of available network credentials corresponding to the agent. In more specific embodiments, the network credentials include one or more virtual subscriber identity modules (VSIMs) of a plurality of VSIMs provisioned on the OBU. In specific embodiments, the network credentials are mapped to a combination of two or more of the agent, the transaction application, and a predefined current location of the vehicle.
摘要翻译：一个实施例中的方法包括检测车辆的车载单元（OBU）上的事务的事件，其中事件具有与代理相关联的触发。该方法还包括确定事务是否被授权，识别与代理相对应的身份简档中的网络凭证，向与事务相对应的事务应用提供网络凭证，以及使用网络凭证访问远程网络。某些实施例包括从与代理相对应的多个可用网络证书中选择网络凭证。在更具体的实施例中，网络证书包括在OBU上提供的多个VSIM的一个或多个虚拟用户识别模块（VSIM）。在具体实施例中，网络凭证被映射到代理，交易应用和车辆的预定义的当前位置中的两个或更多个的组合。

2. 发明申请

US20110302400A1 SECURE VIRTUAL MACHINE BOOTSTRAP IN UNTRUSTED CLOUD INFRASTRUCTURES 有权
标题翻译：安全的虚拟机引擎在无人值守的基础设施中
公开(公告)号：US20110302400A1
公开(公告)日：2011-12-08
申请号：US12795466
申请日：2010-06-07
申请人： FABIO R. MAINO , Pere Monclus , David A. McGrew , Robert T. Bell , Steven Joseph Rich
发明人： FABIO R. MAINO , Pere Monclus , David A. McGrew , Robert T. Bell , Steven Joseph Rich
IPC分类号： G06F12/14 , G06F9/24
CPC分类号： G06F21/575 , G06F21/72 , H04L9/0825 , H04L9/0897
摘要： Techniques are described for securely booting and executing a virtual machine (VM) image in an untrusted cloud infrastructure. A multi-core processor may be configured with additional hardware components—referred to as a trust anchor. The trust anchor may be provisioned with a private/public key pair, which allows the multi-core CPU to authenticate itself as being able to securely boot and execute a virtual machine (VM) image in an untrusted cloud infrastructure.
摘要翻译：描述了在不受信任的云基础架构中安全地引导和执行虚拟机（VM）映像的技术。多核处理器可以被配置为附加的硬件组件 - 被称为信任锚。信任锚可以配置私钥/公钥对，这允许多核CPU将其自身认证为能够在不受信任的云基础设施中安全地引导和执行虚拟机（VM）映像。

3. 发明授权

US07333612B2 Methods and apparatus for confidentiality protection for Fibre Channel Common Transport 有权
标题翻译：光纤通道共同运输机密保护方法与装置
公开(公告)号：US07333612B2
公开(公告)日：2008-02-19
申请号：US10805111
申请日：2004-03-19
申请人： Fabio R. Maino , Claudio DeSanti
发明人： Fabio R. Maino , Claudio DeSanti
IPC分类号： H04K1/00 , H04L9/00
CPC分类号： H04L63/0435 , H04L63/061 , H04L63/123 , H04L63/126
摘要： Methods and apparatus are provided for improving message-based security in a Fibre Channel network. More specifically, the present invention relates to methods and apparatus for providing confidentiality for Fibre Channel control messages encapsulated within Common Transport Information Units. Control messages transported with the Fibre Channel Common Transport protocol, and passed between Fibre Channel network entities, can be encrypted providing confidentiality combined with data origin authentication, integrity and anti-replay protection provided by existing Fibre Channel security mechanisms.
摘要翻译：提供了用于在光纤通道网络中改进基于消息的安全性的方法和装置。更具体地，本发明涉及用于为公共传输信息单元中封装的光纤通道控制消息提供保密性的方法和装置。通过光纤通道公共传输协议传输的光纤通道公共传输协议传输的控制消息可以通过光纤通道网络实体进行加密，从而提供机密性，并结合现有光纤通道安全机制提供的数据源认证，完整性和防重放保护。

4. 发明授权

US08990582B2 Virtual machine memory compartmentalization in multi-core architectures 有权
标题翻译：多核架构虚拟机内存分区
公开(公告)号：US08990582B2
公开(公告)日：2015-03-24
申请号：US12789207
申请日：2010-05-27
申请人： Fabio R. Maino , Pere Monclus , David A. McGrew
发明人： Fabio R. Maino , Pere Monclus , David A. McGrew
IPC分类号： G06F21/00 , G06F12/14 , G06F21/12 , G06F12/08
CPC分类号： G06F12/1408 , G06F12/0811 , G06F12/084 , G06F12/0848 , G06F21/123
摘要： Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.
摘要翻译：描述了用于多核处理架构上的虚拟机（VM）的可信执行的用于存储器区分的技术。可以通过使用在执行VM的处理核心的信任边界内的给定VM的控制下的密钥来加密层3（L3）高速缓存线来实现内存区分。此外，本文描述的实施例提供了一种用于存储和处理与针对L3高速缓存行执行的每个加密/解密操作相关联的加密相关元数据的有效方法。

5. 发明授权

US08914858B2 Methods and apparatus for security over fibre channel 有权
标题翻译：光纤通道安全的方法和装置
公开(公告)号：US08914858B2
公开(公告)日：2014-12-16
申请号：US13107521
申请日：2011-05-13
申请人： Fabio R. Maino , Marco Di Benedetto , Claudio Desanti
发明人： Fabio R. Maino , Marco Di Benedetto , Claudio Desanti
IPC分类号： H04L9/00 , H04L9/08 , H04L9/32 , H04L29/06
CPC分类号： H04L63/123 , H04L9/0838 , H04L9/3239 , H04L63/12
摘要： Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
摘要翻译：提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中，或者通过已经初始化的通信信道交换的特定消息。可以使用认证和密钥交换服务来激活每消息认证和加密机制。在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。可以实现诸如每消息认证，机密性，完整性保护和反重放保护等安全服务。

6. 发明授权

US08151318B1 Method and apparatus for reliably and asymmetrically distributing security information within a fibre channel fabric 有权
标题翻译：用于在光纤通道结构内可靠和不对称地分布安全信息的方法和装置
公开(公告)号：US08151318B1
公开(公告)日：2012-04-03
申请号：US10374490
申请日：2003-02-25
申请人： Claudio DeSanti , Silvano Gai , Fabio R. Maino , Maurilio Cometto , Sachin Jain
发明人： Claudio DeSanti , Silvano Gai , Fabio R. Maino , Maurilio Cometto , Sachin Jain
IPC分类号： G06F17/30 , H04L12/56
CPC分类号： H04L49/357 , H04L63/102
摘要： A reliable asymmetric method for distributing security information within a Fiber Channel Fabric. The Switching Fabric includes a set of security servers, which maintain among themselves a replicated copy of the Fabric security databases using the currently defined Merge and Change protocols. The other Switches of the Fabric are configured as client-Switches. They maintain only the subset of the authorization and authentication information required for their correct operation. A client-Switch queries the security server when a new end-device is connected to it, or when it is connected to the Fabric. When the security configuration of the Fabric changes by an administrative action, a security server solicits the client-Switches to update their information. In an alternative embodiment, the end-devices may query directly the security server, usually for authentication purposes. A Fabric with a plurality of security servers balances among them the load of inquiries from clients, and is more reliable because it continues to operate in the event of failure of one or more servers. Reliability is achieved in a stateless manner through the FSPF protocol, the Fiber Channel routing protocol. Each security server announces itself to the Fabric by advertising an adjacency to a predefined virtual Domain_ID in its FSPF LSRs. Clients access servers by directing queries to this virtual Domain_ID.
摘要翻译：一种用于在光纤通道结构中分发安全信息的可靠的非对称方法。交换结构包括一组安全服务器，它们使用当前定义的合并和更改协议在其中维护Fabric安全数据库的复制副本。 Fabric的其他交换机配置为客户端交换机。它们仅维护其正确操作所需的授权和认证信息的子集。客户端 - 交换机在新的终端设备连接到安全服务器或连接到Fabric时查询安全服务器。当Fabric的安全配置更改为管理操作时，安全服务器请求客户端 - 交换机更新其信息。在替代实施例中，终端设备可以直接查询安全服务器，通常用于认证目的。具有多个安全服务器的Fabric在其中平衡了客户端的查询负载，并且由于在一个或多个服务器发生故障的情况下继续运行而更加可靠。通过FSPF协议（光纤通道路由协议）以无状态的方式实现可靠性。每个安全服务器通过向其FSPF LSR中的预定义虚拟Domain_ID发布邻接关系，向Fabric发布自身。客户端通过将查询引导到此虚拟Domain_ID来访问服务器。

7. 发明授权

US08037514B2 Method and apparatus for securely disseminating security server contact information in a network 有权
标题翻译：用于在网络中安全地传播安全服务器联系信息的方法和装置
公开(公告)号：US08037514B2
公开(公告)日：2011-10-11
申请号：US11069857
申请日：2005-03-01
申请人： Irene H. Kuffel , Wilson Kok , Michael Fine , Fabio R. Maino , Jed Lin Lau
发明人： Irene H. Kuffel , Wilson Kok , Michael Fine , Fabio R. Maino , Jed Lin Lau
IPC分类号： G06F15/16 , H04L29/06 , H04L9/32
CPC分类号： H04L9/321 , H04L9/3247 , H04L9/3263 , H04L9/3271 , H04L63/08 , H04L2209/76
摘要： Various systems and method are disclosed for disseminating security server contact information in a network. For example, one method (e.g., performed by a security server) involves determining that a network device is a secure network device, in response to participating in a security exchange with the network device; and then sending a server list to the network device. The server list includes the network address of at least one security server. Another method (e.g., performed by a network device) involves initiating an authentication exchange; receiving a server list, which includes the network address of a security server, as part of the authentication exchange; and communicating with the security server by sending a packet to the network address included in the server list.
摘要翻译：公开了用于在网络中传播安全服务器联系信息的各种系统和方法。例如，响应于参与与网络设备的安全交换，一种方法（例如由安全服务器执行）涉及确定网络设备是安全网络设备; 然后将服务器列表发送到网络设备。服务器列表包括至少一个安全服务器的网络地址。另一种方法（例如，由网络设备执行）涉及启动认证交换; 作为认证交换的一部分，接收包括安全服务器的网络地址的服务器列表; 并通过向包括在服务器列表中的网络地址发送分组来与安全服务器通信。

8. 发明申请

US20110219438A1 METHODS AND APPARATUS FOR SECURITY OVER FIBRE CHANNEL 审中-公开
标题翻译：用于光纤通道安全的方法和装置
公开(公告)号：US20110219438A1
公开(公告)日：2011-09-08
申请号：US13107521
申请日：2011-05-13
申请人： Fabio R. Maino , Marco Di Benedetto , Claudio Desanti
发明人： Fabio R. Maino , Marco Di Benedetto , Claudio Desanti
IPC分类号： G06F21/20
CPC分类号： H04L63/123 , H04L9/0838 , H04L9/3239 , H04L63/12
摘要： Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
摘要翻译：提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中，或者通过已经初始化的通信信道交换的特定消息。可以使用认证和密钥交换服务来激活每消息认证和加密机制。在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。可以实现诸如每消息认证，机密性，完整性保护和反重放保护等安全服务。

9. 发明申请

US20100169645A1 KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY 有权
标题翻译：关键运输在认证或CRYPTOGRAPHY
公开(公告)号：US20100169645A1
公开(公告)日：2010-07-01
申请号：US12604221
申请日：2009-10-22
申请人： David A. McGrew , Brian E. Weis , Fabio R. Maino
发明人： David A. McGrew , Brian E. Weis , Fabio R. Maino
IPC分类号： H04L9/32 , H04L9/06 , H04L9/28
CPC分类号： H04L9/0637 , H04L9/0822 , H04L9/0833 , H04L9/3242
摘要： A computer system for authenticating, encrypting, and transmitting a secret communication, where the encryption key is transmitted along with the encrypted message, is disclosed. In an embodiment, a first transmitting processor encrypts a plaintext message to a ciphertext message using a data key, encrypts the data key using a key encrypting key, and sends a communication comprising the encrypted data key and the ciphertext message. A second receiving processor receives the communication and then decrypts the encrypted data key using the key encrypting key and decrypts the ciphertext message using the data key to recover the plaintext message.
摘要翻译：公开了一种用于认证，加密和发送秘密通信的计算机系统，其中加密密钥与加密消息一起发送。在一个实施例中，第一发送处理器使用数据密钥将明文消息加密为密文消息，使用密钥加密密钥加密数据密钥，并发送包括加密数据密钥和密文消息的通信。第二接收处理器接收通信，然后使用密钥加密密钥解密加密的数据密钥，并使用数据密钥解密密文消息以恢复明文消息。

10. 发明授权

US08903593B1 System and method for analyzing vehicular behavior in a network environment 有权
标题翻译：用于分析网络环境中车辆行为的系统和方法
公开(公告)号：US08903593B1
公开(公告)日：2014-12-02
申请号：US13117860
申请日：2011-05-27
申请人： Sateesh K. Addepalli , Lillian Lei Dai , Ashok K. Moghe , Flavio Bonomi , Rodolfo A. Milito , Vina Ermagan , Fabio R. Maino , Pere Monclus
发明人： Sateesh K. Addepalli , Lillian Lei Dai , Ashok K. Moghe , Flavio Bonomi , Rodolfo A. Milito , Vina Ermagan , Fabio R. Maino , Pere Monclus
IPC分类号： G01M17/00 , G06F7/00 , G06F11/30 , G06F19/00 , G07C5/00
CPC分类号： H04W4/046 , B60R16/023 , B60W50/10 , G06F3/017 , G06F3/167 , G06F9/542 , G06F21/45 , H04L1/008 , H04L29/06578 , H04L43/0811 , H04L43/0858 , H04L43/0876 , H04L45/12 , H04L51/02 , H04L61/2592 , H04L63/08 , H04L63/107 , H04L67/12 , H04L67/32 , H04L69/18 , H04Q9/00 , H04W4/00 , H04W4/10 , H04W8/06 , H04W8/08 , H04W8/26 , H04W12/02 , H04W12/04 , H04W12/06 , H04W12/08 , H04W28/0215 , H04W28/06 , H04W36/08 , H04W40/02 , H04W40/20 , H04W48/02 , H04W48/06 , H04W48/16 , H04W48/18 , H04W52/12 , H04W52/143 , H04W52/225 , H04W52/241 , H04W52/346 , H04W72/0406 , H04W72/042 , H04W72/0493 , H04W76/45 , H04W80/02 , H04W84/005 , H04W84/12 , H04W92/18 , Y02A30/60
摘要： A method in one example embodiment includes receiving a set of data in real time from a plurality of machine devices associated with at least one vehicle, providing a set of reference data corresponding to a machine device of the plurality of machine devices, comparing the set of data with the set of reference data, and detecting a deviation within the set of data from the set of reference data. The method further includes initiating an operation associated with the deviation. The set of reference data could be a trend of previous data received from the machine device or a common trend based on a previous set of data of the machine device. More specific embodiments include receiving a plurality of data containing the set of data from the plurality of machine devices and identifying a state of the machine device using the set of data.
摘要翻译：一个示例实施例中的方法包括从与至少一个车辆相关联的多个机器设备实时接收一组数据，提供与多个机器设备的机器设备相对应的一组参考数据，具有参考数据集的数据，以及从该组参考数据中检测该组数据内的偏差。该方法还包括启动与偏差相关联的操作。参考数据集可以是从机器装置接收的先前数据的趋势或基于机器装置的先前数据集合的常见趋势。更具体的实施例包括从多个机器设备接收包含该组数据的多个数据，并使用该组数据识别机器设备的状态。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式