专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07529929B2 System and method for dynamically enforcing digital rights management rules 有权
标题翻译：动态执行数字版权管理规则的系统和方法
公开(公告)号：US07529929B2
公开(公告)日：2009-05-05
申请号：US10161082
申请日：2002-05-30
申请人： Nadarajah Asokan , Jan-Erik Ekberg , Jorma Stenman , Jaakko Teinila
发明人： Nadarajah Asokan , Jan-Erik Ekberg , Jorma Stenman , Jaakko Teinila
IPC分类号： H04L9/00 , H04L29/00 , H04L29/08 , H04L29/12
CPC分类号： H04L63/08 , G06F21/10 , G06Q20/3674 , H04L63/102 , H04L2463/101
摘要： A system and method for enforcing digital rights management (DRM) rules in a terminal, even when the requesting rendering application is already operating. Content, which may be encrypted, is received at the terminal and securely stored. On-demand authorization is effected for the rendering application that is requesting access to the content, using secure communications between a DRM engine within the terminal and an operating system within the terminal that is augmented with a security manager adapted to engage in such secure communications. If the rendering application is found to be authorized, the DRM rules are applied to determine whether the rendering application may access the content, and if so, the content is made available to the rendering application.
摘要翻译：一种用于在终端中执行数字权限管理（DRM）规则的系统和方法，即使当请求的呈现应用程序已经在运行时。可以加密的内容在终端处被接收并被安全地存储。对正在请求访问内容的呈现应用程序进行按需授权，使用终端内的DRM引擎与终端内的操作系统之间的安全通信，所述操作系统用适于参与这种安全通信的安全管理器来增强。如果发现渲染应用程序被授权，则应用DRM规则来确定呈现应用程序是否可以访问该内容，如果是，那么该内容可用于呈现应用程序。

2. 发明授权

US06940869B1 Apparatus, and associated method, for integrating operation of packet radio communication systems 有权
标题翻译：装置及相关方法，用于集成无线电通信系统的操作
公开(公告)号：US06940869B1
公开(公告)日：2005-09-06
申请号：US09599136
申请日：2000-06-22
申请人： Jianhua Wang , Arto Karppanen , Marko Suoknuuti , Jaakko Teinila , Jan-Erik Ekberg
发明人： Jianhua Wang , Arto Karppanen , Marko Suoknuuti , Jaakko Teinila , Jan-Erik Ekberg
IPC分类号： H04L12/28 , H04L12/56 , H04L29/08 , H04L29/12 , H04W4/06 , H04W74/02 , H04W80/00 , H04W84/04 , H04W84/12 , H04W88/06 , H04W88/10 , H04J3/22
CPC分类号： H04L29/12018 , H04L29/12009 , H04L61/10 , H04L69/324 , H04W80/00 , H04W88/06 , H04W92/02
摘要： Apparatus, and an associated method, forms an integrated packet radio communication system. An integrated system is formed of portions of a GPRS system as well as portions of a WLAN system, such as that defined in the IEEE 802.11 standard. A WIP (WLAN Integrated Protocol) layer is defined, functionally positioned between upper-level, GPRS layers and lower-level, WLAN layers. Advantages of a GPRS system as well as advantages of the WLAN system are maintained in the integrated system.
摘要翻译：装置和相关联的方法形成集成分组无线电通信系统。集成系统由GPRS系统的部分以及诸如IEEE 802.11标准中定义的WLAN系统的部分组成。定义WIP（WLAN集成协议）层，功能上位于上层，GPRS层和下层WLAN层之间。集成系统中保持GPRS系统的优点以及WLAN系统的优点。

3. 发明授权

US10374799B2 Method and apparatus for identity based ticketing 有权
公开(公告)号：US10374799B2
公开(公告)日：2019-08-06
申请号：US14111007
申请日：2011-04-13
申请人： Sandeep Tamrakar , Jan-Erik Ekberg , Jukka Virtanen , Nadarajah Asokan
发明人： Sandeep Tamrakar , Jan-Erik Ekberg , Jukka Virtanen , Nadarajah Asokan
IPC分类号： G06Q20/38 , H04L9/14 , G06F21/33 , G06Q20/04 , G06Q20/32 , G06Q20/40 , G07B15/02 , H04L9/30
摘要： A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.

4. 发明授权

US09171187B2 Implementation of an integrity-protected secure storage 有权
标题翻译：实施完整性保护的安全存储
公开(公告)号：US09171187B2
公开(公告)日：2015-10-27
申请号：US11128676
申请日：2005-05-13
申请人： Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
发明人： Nadarajah Asokan , Jan-Erik Ekberg , Lauri Paatero
IPC分类号： G06F21/78 , G06F21/71 , G06F21/62
CPC分类号： H04L63/0428 , G06F21/606 , G06F21/62 , G06F21/71 , G06F21/78 , G06F21/79 , G06Q20/341 , G06Q20/3576 , G06Q20/40975 , G07F7/1008 , H04L9/0833 , H04L9/0838 , H04L9/0891 , H04L67/1097 , H04L2209/12 , H04L2209/603 , H04L2209/80
摘要： An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.
摘要翻译：为包括包括安全处理器的第一集成电路的设备提供内部但未集成的安全令牌。安全令牌由与第一电路分开的第二集成电路提供。第二集成电路包括安全的非易失性存储器。安全处理器以安全的方式将信息传送到第二电路，以将安全信息安全地存储在安全的非易失性存储器中，并且第二集成电路将存储在其安全非易失性存储器中的信息传送到安全处理器安全的方式。通信是通过密码保护的。第一集成电路和第二集成电路是器件的内部部件。还公开了一种用于分发要在电路之间共享并将用于密码学中的安全密钥的初始化方法。

5. 发明申请

US20120311315A1 Method and Apparatus to Reset Platform Configuration Register in Mobile Trusted Module 有权
标题翻译：移动可信任模块中重置平台配置寄存器的方法和装置
公开(公告)号：US20120311315A1
公开(公告)日：2012-12-06
申请号：US13578955
申请日：2011-02-14
申请人： Jan-Erik Ekberg , Nadarajah Asokan , Kari Kostiainen
发明人： Jan-Erik Ekberg , Nadarajah Asokan , Kari Kostiainen
IPC分类号： G06F15/177
CPC分类号： G06F21/57
摘要： In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting (2) a value of a platform configuration register identified by a reference integrity metric to reflect a measurement value provided by the reference integrity metric, and responding to an attestation request (0) with an attestation response (5) including dynamic information from the platform configuration register that was reset and system state information from a non-resettable platform configuration register.
摘要翻译：根据本发明的示例性实施例，至少有一种计算机指令的方法，装置和可执行程序，用于执行建立和初始化一组平台配置寄存器的操作，其中平台配置寄存器的第一子集被定义为不可复位，并且平台配置寄存器的第二子集被定义为可重置，将初始启动系统状态信息存储在一个或多个不可重置的平台配置寄存器中，动态地重置（2）平台配置寄存器的值由参考完整性度量标识，以反映由参考完整性度量提供的测量值，以及响应具有认证响应（5）的认证请求（5），该证明响应（5）包括来自重置的平台配置寄存器的动态信息，以及来自一个不可重置的平台配置寄存器。

6. 发明申请

US20110093938A1 METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION 有权
标题翻译：用于启动设备和用户认证的方法，设备和计算机程序产品
公开(公告)号：US20110093938A1
公开(公告)日：2011-04-21
申请号：US12123135
申请日：2008-05-19
申请人： Nadarajah Asokan , Jan-Erik Ekberg , Antti Kiiveri , Olli Muukka
发明人： Nadarajah Asokan , Jan-Erik Ekberg , Antti Kiiveri , Olli Muukka
IPC分类号： H04L9/32
CPC分类号： H04L63/061 , G06F21/31 , H04L9/3263 , H04L63/0815 , H04L63/0823 , H04L2209/80
摘要： An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device
摘要翻译：设备可以包括处理器，其被配置为从包括远程设备的公开密钥的远程设备接收安全证书请求，以及基于远程设备的遗留认证机制的认证证书。处理器还可以被配置为根据传统认证机制来验证所接收的认证证书。处理器可以被额外地配置为生成用于公钥的安全证书。处理器可以被进一步配置为向远程设备提供生成的安全证书

7. 发明申请

US20140298016A1 METHOD AND APPARATUS FOR IDENTITY BASED TICKETING 审中-公开
标题翻译：基于身份识别的方法和装置
公开(公告)号：US20140298016A1
公开(公告)日：2014-10-02
申请号：US14111007
申请日：2011-04-13
申请人： Jan-Erik Ekberg , Sandeep Tamrakar , Jukka Virtanen , Nadarajah Asokan
发明人： Jan-Erik Ekberg , Sandeep Tamrakar , Jukka Virtanen , Nadarajah Asokan
IPC分类号： H04L9/14 , H04L9/30
CPC分类号： H04L9/14 , G06F21/335 , G06Q20/0457 , G06Q20/3278 , G06Q20/38215 , G06Q20/40975 , G07B15/02 , H04L9/30 , H04L2209/24
摘要： A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.
摘要翻译：一种装置存储用户特定凭证的方法，装置，系统和计算机程序，经由通信接口从证书机构接收证书并将证书存储在存储器中。该设备还将私有密钥和公共密钥存储在存储器中，并尝试通过发送一个或多个消息来向售票机读取器认证该设备以访问服务，其中消息包含认证器，该认证器具有至少一个以下：证书或其加密衍生物; 由证书或其加密派生物包含的一个或多个数据项。消息准备好使得公钥不能从认证者的外面恢复。

8. 发明申请

US20100266128A1 CREDENTIAL PROVISIONING 有权
标题翻译：资格认证
公开(公告)号：US20100266128A1
公开(公告)日：2010-10-21
申请号：US12738616
申请日：2007-10-16
申请人： Nadarajah Asokan , Jan-Erik Ekberg , Aarne Rantala , Markku Kylanpaa
发明人： Nadarajah Asokan , Jan-Erik Ekberg , Aarne Rantala , Markku Kylanpaa
IPC分类号： H04L9/08
CPC分类号： H04L63/0853 , H04L9/0833 , H04L9/3271 , H04L63/06 , H04W12/04
摘要： Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (2-2); using the family key for securing credential data; submitting said secured credential data to the security element (2-4); using the family key for binding an application to the family; and submitting said binding to the security element (2-5). Also a method in a related security element and related apparatuses, systems and computer programs are disclosed.
摘要翻译：公开了一种供应装置中的方法。该方法包括获得家庭密钥，定义家庭的家庭密钥; 以安全的方式将家庭密钥提交给安全要素（2-2）; 使用家庭密钥来确保凭证数据; 将所述安全凭证数据提交给安全元件（2-4）; 使用家庭密钥将申请绑定到家庭; 并将所述绑定提交给安全元件（2-5）。还公开了相关安全元件和相关装置，系统和计算机程序中的方法。

9. 发明授权

US08532304B2 Administration of wireless local area networks 有权
标题翻译：无线局域网管理
公开(公告)号：US08532304B2
公开(公告)日：2013-09-10
申请号：US11169328
申请日：2005-06-29
申请人： Nadarajah Asokan , Philip Ginzboorg , Seamus Moloney , Kari Ti. Kostiainen , Sampo Sovio , Jan-Erik Ekberg , Jari Takala
发明人： Nadarajah Asokan , Philip Ginzboorg , Seamus Moloney , Kari Ti. Kostiainen , Sampo Sovio , Jan-Erik Ekberg , Jari Takala
IPC分类号： H04L29/06
CPC分类号： H04W12/04 , H04L9/0838 , H04L9/3215 , H04L63/065 , H04L63/18 , H04L2209/80 , H04W12/06 , H04W48/20 , H04W84/12 , H04W88/08
摘要： Methods and systems for managing access to a wireless local area network are provided. A wireless access point (AP) may use a unified approach that utilizes an out-of-band channel to communicate authentication key and network address information to a guest device, and utilizes an in-band channel to establish communications with the guest device, and also provides support for in-band setup on all devices. The ability to use out-of-band where possible provides for an increase to security and usability, and the possibility of delegating access from one device to another. The unified approach thereby also provides easy management of guest access to the WLAN.
摘要翻译：提供了用于管理对无线局域网的访问的方法和系统。无线接入点（AP）可以使用利用带外信道将认证密钥和网络地址信息传送到来宾设备的统一方法，并且利用带内信道来建立与来宾设备的通信，以及还支持所有设备上的带内设置。在可能的情况下使用带外的能力提高了安全性和可用性，以及将访问权限从一个设备委派给另一个设备的可能性。因此，统一的方法也可以方便地管理访客访问WLAN。

10. 发明申请

US20120324214A1 Method and Apparatus to Provide Attestation with PCR Reuse and Existing Infrastructure 审中-公开
标题翻译：提供PCR再利用和现有基础设施认证的方法和设备
公开(公告)号：US20120324214A1
公开(公告)日：2012-12-20
申请号：US13579013
申请日：2011-02-16
申请人： Nadarajah Asokan , Jan-Erik Ekberg , Kari Timo Juhani Kostiainen
发明人： Nadarajah Asokan , Jan-Erik Ekberg , Kari Timo Juhani Kostiainen
IPC分类号： G06F21/00
CPC分类号： G06F21/57 , H04L9/3234 , H04L9/3247 , H04L9/3271
摘要： The exemplary embodiments or the invention provide at least a method, apparatus, and program of computer instructions to perform operations including receiving a challenge from a prover device, reading and saving an old value of a selected platform configuration register, obtaining at least one measurement or property and forming a new platform configuration register value, where the forming includes calculating a cryptographic hash over the old value of the platform configuration register and the obtained at least one measurement or property, triggering, with the trusted software, an attestation by sending a challenge to a trusted platform module/mobile platform module, and sending by the prover device a device certificate, attestation, at least one measurement or property, and old platform configuration register value to the verifier. Further, the exemplary embodiments or the invention teach sending a challenge to a trusted software of a prover device, and receiving by the verifier device a device certificate, attestation, at least one measurement or property, and an old platform configuration register value from the prover device, checking by the verifier device that extending the old platform configuration register value with the at least one measurement or property results in a new platform configuration register value that has been attested, and using the new platform configuration register value in attestation of the prover device.
摘要翻译：示例性实施例或本发明提供至少一种计算机指令的方法，装置和程序，以执行操作，包括从证明者设备接收挑战，读取和保存所选择的平台配置寄存器的旧值，获得至少一个测量或属性并形成新的平台配置寄存器值，其中形成包括计算平台配置寄存器的旧值和所获得的至少一个测量或属性的加密散列，通过发送挑战触发与可信软件的认证到可信任的平台模块/移动平台模块，并且由验证者设备向验证者发送设备证书，认证，至少一个测量或属性以及旧平台配置寄存器值。此外，示例性实施例或本发明教导了向验证器设备的可信软件发送挑战，并且由验证器设备从验证器接收设备证书，认证，至少一个测量或属性以及旧平台配置寄存器值设备，由验证者设备检查扩展旧的平台配置寄存器值与至少一个测量或属性导致已经被证明的新的平台配置寄存器值，并且使用新的平台配置寄存器值来证明证明器设备。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式