会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Cryptographic key management in a communication network
    • 通信网络中的加密密钥管理
    • US07817802B2
    • 2010-10-19
    • US11625993
    • 2007-01-23
    • Paul Thomas KitajMary Eleanor TrengoveDouglas Allan Hardy
    • Paul Thomas KitajMary Eleanor TrengoveDouglas Allan Hardy
    • H04L9/16H04L9/08H04L9/32
    • H04L9/0822H04L9/083H04L63/06H04L2209/80
    • A communication network (22) includes a central node (30) loaded with a trusted key (26) and key material (56) corresponding to an asymmetric key agreement protocol (48). The network (22) further includes vulnerable nodes (32) loaded with key material (69) corresponding to the protocol (48). Successive secure connections (68, 70) are established between the central node (30) and the vulnerable nodes (32) using the key material (56, 69) to generate a distinct session key (52) for each of the secure connections (68, 70). The trusted key (26) and one of the session keys (52) are utilized to produce a mission key (39). The mission key (39) is transferred from the central node (30) to each of the vulnerable nodes (32) via each of the secure connections (68, 70) using the corresponding current session key (52). The mission key (39) functions for secure communication within the communication network (22).
    • 通信网络(22)包括加载有对应于非对称密钥协议协议(48)的可信密钥(26)和密钥材料(56)的中心节点(30)。 网络(22)还包括装载有与协议(48)对应的密钥材料(69)的易受攻击的节点(32)。 使用密钥材料(56,69)在中央节点(30)和弱势节点(32)之间建立连续的安全连接(68,70),以为每个安全连接(68)生成不同的会话密钥(52) ,70)。 可信密钥(26)和其中一个会话密钥(52)用于产生任务密钥(39)。 任务密钥(39)通过使用相应的当前会话密钥(52)经由每个安全连接(68,70)从中央节点(30)传送到每个易受攻击的节点(32)。 任务密钥(39)用于通信网络(22)内的安全通信。
    • 4. 发明授权
    • Failsafe security system and method
    • 安全防范系统和方法
    • US5995628A
    • 1999-11-30
    • US835000
    • 1997-04-07
    • Paul Thomas KitajDouglas Allan HardyFrancis Gregory Sydnor
    • Paul Thomas KitajDouglas Allan HardyFrancis Gregory Sydnor
    • G06F21/00H04K1/00H04L9/00
    • G06F21/74H04L9/06H04L9/32
    • Controllable functions (210, 220, 230) and controllable connection managers (212, 222, 216, 226) are used to provide a fail-safe security system implemented on a single processor (200). Red subsystems, black subsystems and clear bypass subsystems ensure separation between red data and black data. Connection managers (212, 222, 216, 226) are used to isolate and control red data ports (214), black data ports (224), red crypto ports (218), and black crypto ports (228). Subsystems are configured to control data flow, provide data separation, access control and prevent single failures from compromising security system (200). Each subsystem is managed separately, and each subsystem has unique access protection provided by controller (202). Within security system (200), the subsystems are kept separate. Functional separation of the red data memory and black data memory is maintained to provide fail-safe data isolation.
    • 可控功能(210,220,230)和可控连接管理器(212,222,216,226)用于提供在单个处理器(200)上实现的故障安全安全系统。 红色子系统,黑色子系统和清除旁路子系统确保红色数据与黑色数据之间的分离。 连接管理器(212,222,216,226)用于隔离和控制红色数据端口(214),黑色数据端口(224),红色加密端口(218)和黑色加密端口(228)。 子系统被配置为控制数据流,提供数据分离,访问控制和防止单个故障危及安全系统(200)。 每个子系统分开管理,每个子系统具有由控制器(202)提供的唯一的访问保护。 在安全系统(200)内,子系统保持分开。 保持红色数据存储器和黑色数据存储器的功能分离,以提供故障安全数据隔离。
    • 6. 发明授权
    • Radio wireline interface and method for secure communication
    • 无线电线接口和安全通信方法
    • US06356638B1
    • 2002-03-12
    • US09124719
    • 1998-07-30
    • Douglas Allan HardyPeter J. Armbruster
    • Douglas Allan HardyPeter J. Armbruster
    • H04L0900
    • H04K1/00
    • An interface between a digital communication system and a PSTN establishes a user configurable secure encrypted link to a digital subscriber unit through the digital communication system, and provides clear (unencrypted) voice to telephone sets through the PSTN. The interface includes a security module for encrypting and decrypting information with user specific algorithms and keys, a transcoder for converting modulated voice to digital voice and a modem for modulating and demodulating data and encrypted voice. Accordingly, the wireline interface allows for user specified security over a digital wireless portion of an end-to-end communication channel. The interface also provides for the communication of unencrypted voice followed by secure voice or secure data.
    • 数字通信系统和PSTN之间的接口通过数字通信系统建立到数字用户单元的用户可配置的安全加密链路,并通过PSTN向电话机提供清晰(未加密的)语音。 该接口包括用于用用户特定算法和密钥加密和解密信息的安全模块,用于将调制语音转换成数字语音的代码转换器和用于调制和解调数据和加密语音的调制解调器。 因此,有线接口允许通过端到端通信信道的数字无线部分的用户指定的安全性。 该接口还提供未加密语音的通信,然后是安全语音或安全数据。
    • 7. 发明授权
    • High assurance encryption system and method
    • 高保密加密系统和方法
    • US06219420B1
    • 2001-04-17
    • US09146065
    • 1998-09-02
    • Douglas Allan HardySteven Robert Tugenberg
    • Douglas Allan HardySteven Robert Tugenberg
    • H04L906
    • H04L63/0485H04L9/0618H04L2209/12H04L2209/26
    • A processor (22) of an encryption system (20) receives plain text (24) and operates an encryption algorithm to convert the plain text (24) to cipher text (26). A state monitor (30) confirms a conversion sequence within each of a plurality of conversion cycles performed by the encryption algorithm. The state monitor (30) produces a first enablement signal (38) when the conversion sequence is confirmed. An encryption activity monitor (34) determines a number of blocks of cipher text (24) that are not encrypted. The encryption activity monitor (34) produces a second enablement signal (42) when the number of unencrypted blocks of cipher text (26) is less than a predetermined failure threshold (86). A monitor gate (36) enables output of the cipher text (26) in response to the first and second enablement signals (38, 42).
    • 加密系统(20)的处理器(22)接收纯文本(24)并且操作加密算法以将明文(24)转换为密文(26)。 状态监视器(30)在由加密算法执行的多个转换周期内确认转换序列。 当确认转换顺序时,状态监视器(30)产生第一使能信号(38)。 加密活动监视器(34)确定未被加密的密文块(24)的数量。 当加密文件(26)的未加密块的数量小于预定的故障阈值(86)时,加密活动监视器(34)产生第二启用信号(42)。 监视器门(36)能够响应于第一和第二使能信号(38,42)输出密文(26)。
    • 8. 发明授权
    • Traffic key access method and terminal for secure communication without key escrow facility
    • 交通密钥接入方式和终端安全通信,无密钥托管设施
    • US06370251B1
    • 2002-04-09
    • US09093083
    • 1998-06-08
    • Douglas Allan HardyDouglas Matthew East
    • Douglas Allan HardyDouglas Matthew East
    • H04L100
    • H04L9/0897
    • Key escrow is achieved without a key escrow facility. An escrow key pair is generated and stored in the terminal. A key escrow field that includes a traffic key encrypted with the escrow key is provided before encrypted traffic is communicated. When access to the traffic key is authorized, the escrow key is extracted from the terminal and used to decrypt the traffic key. The private portion of the escrow key is covered in the terminal with an escrow key access number. The escrow key access number is preferably generated by the terminal manufacturer with a secret algorithm using the terminal serial number. Alternatively, the escrow key is stored within a user token, rather than the terminal.
    • 密钥托管是在没有密钥托管设施的情况下实现的。 生成一个代管密钥对并存储在终端中。 在传送加密流量之前,提供包含使用代管密钥加密的流量密钥的密钥托管字段。 授权访问流量密钥时,从终端提取代管密钥,用于解密流量密钥。 代管钥匙的私人部分用终端密码存入号码。 托管密钥访问号码优选地由具有使用终端序列号的秘密算法的终端制造商生成。 或者,代管密钥存储在用户令牌内,而不是终端。