专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20100180329A1 Authenticated Identity Propagation and Translation within a Multiple Computing Unit Environment 审中-公开
标题翻译：多个计算单元环境中的认证标识传播和翻译
公开(公告)号：US20100180329A1
公开(公告)日：2010-07-15
申请号：US12351291
申请日：2009-01-09
申请人： Richard Henry Guski , Deborah Mapes , William O'Donnell , Ira Steven Ringle
发明人： Richard Henry Guski , Deborah Mapes , William O'Donnell , Ira Steven Ringle
IPC分类号： H04L9/00
CPC分类号： H04L63/0815 , G06F21/31
摘要： An authenticated identity propagation and translation technique is provided in a transaction processing environment including distributed and mainframe computing components. Identified and authenticated user identification and authentication information is forwarded in association with transaction requests from a distributed component to a mainframe component, facilitating the selection of the appropriate mainframe user identity with which to execute the mainframe portion of the transaction, and creating the appropriate runtime security context. The forwarded user identification and authentication information contains a plurality of sections with identifying information about an authenticated client end-user identity as known at the initial authentication component and a mask specifying a subset of the sections. The mainframe component generates a hash from the subset of sections specified by the mask and uses that hash as a lookup key to determine whether a local authenticated runtime security context already exists in a local cache for the client end-user initiating the transaction request.
摘要翻译：在包括分布式和大型机计算组件的事务处理环境中提供经认证的身份传播和翻译技术。识别和认证的用户标识和认证信息与从分布式组件到大型机组件的事务请求相关联地被转发，便于选择用于执行事务的主机部分的适当的主机用户身份，并且创建适当的运行时安全性上下文转发的用户标识和认证信息包含多个部分，其具有关于在初始认证组件处已知的经认证的客户端最终用户身份的标识信息，以及指定该部分的子集的掩码。大型机组件从掩码指定的部分子集中生成散列，并使用该散列作为查找键，以确定本地缓存中是否存在本地高速缓存，用于启动事务请求的客户机最终用户。

2. 发明申请

US20090067633A1 CONFIGURING HOST SETTINGS TO SPECIFY AN ENCRYPTION SETTING AND A KEY LABEL REFERENCING A KEY ENCYRPTION KEY TO USE TO ENCRYPT AN ENCRYPTION KEY PROVIDED TO A STORAGE DRIVE TO USE TO ENCRYPT DATA FROM THE HOST 失效
标题翻译：配置主机设置以指定加密设置和主要标签参考一个主要的加密密钥，用于加密存储驱动器中使用的加密密钥，用于从主机加密数据
公开(公告)号：US20090067633A1
公开(公告)日：2009-03-12
申请号：US11853719
申请日：2007-09-11
申请人： Erika Marianna Dawson , Richard Henry Guski , Michael James Kelly , Cecilia Carranza Lewis , Jon Arthur Lynds , Wayne Erwin Rhoten , Peter Grimm Sutton
发明人： Erika Marianna Dawson , Richard Henry Guski , Michael James Kelly , Cecilia Carranza Lewis , Jon Arthur Lynds , Wayne Erwin Rhoten , Peter Grimm Sutton
IPC分类号： H04L9/08 , G06F12/14
CPC分类号： H04L9/0822 , H04L9/088
摘要： Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data. The data set and a command to encrypt the data set are transmitted to a storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key.
摘要翻译：提供了用于配置主机设置以指定加密的方法，系统和制品，以及引用密钥加密密钥的密钥标签，用于加密提供给存储驱动器以用于从主机加密数据的加密密钥。接收用户设置以配置具有加密设置的数据属性的数据类。数据类与所接收的用户加密设置一起存储。接收到指示存储到可移动存储介质的数据集的作业。确定具有与作业中指示的数据集的数据属性相匹配的数据类属性的数据类。从确定的数据类别确定是否加密数据。响应于确定所确定的数据类别指示加密数据，将数据集和加密数据集的命令发送到存储驱动器，其中加密数据集的命令使得存储驱动器对写入的数据集进行加密使用加密密钥到可移动存储介质。

3. 发明授权

US09141819B2 Encrypted tape access control via challenge-response protocol 有权
标题翻译：通过挑战响应协议加密磁带访问控制
公开(公告)号：US09141819B2
公开(公告)日：2015-09-22
申请号：US11557776
申请日：2006-11-08
申请人： Steven A. Bade , John C. Dayka , Glen Alan Jaquette , Richard Henry Guski
发明人： Steven A. Bade , John C. Dayka , Glen Alan Jaquette , Richard Henry Guski
IPC分类号： H04L9/00 , G06F21/62
CPC分类号： G06F21/6209 , G06F2221/2107
摘要： Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.
摘要翻译：在诸如计算机磁带的可移动计算机介质上的加密数据的访问通过介质上的唯一结构化的报头来控制，所述报头具有由非对称加密以及与非对称加密相关联的公钥所包围的对称密钥。介质上的数据使用对称密钥进行加密。在读取器自动读取数据之前，向包括公开密钥的主机系统发出挑战，并且优选地是随机数值。主机通过使用与公钥相关联的私有密钥签名该随机数来进行响应，以证明其具有解密数据的权限。使用私钥解密对称密钥，最后使用解开的对称密钥来解密介质上的数据，从而允许自动读取磁带数据，而无需两个管理员共享对称密钥值的风险。

4. 发明授权

US09122864B2 Method and apparatus for transitive program verification 有权
标题翻译：用于传递程序验证的方法和装置
公开(公告)号：US09122864B2
公开(公告)日：2015-09-01
申请号：US12186198
申请日：2008-08-05
申请人： John C. Dayka , Walter Barlett Farrell , Richard Henry Guski , James W. Sweeny
发明人： John C. Dayka , Walter Barlett Farrell , Richard Henry Guski , James W. Sweeny
IPC分类号： G06F11/30 , G06F12/14 , G06F21/44 , G06F21/57
CPC分类号： G06F21/445 , G06F21/57
摘要： A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution. Otherwise, the application program terminates without initiating normal execution.
摘要翻译：一种在信息处理系统中用于程序验证的方法，装置和程序存储装置，其中应用程序在具有用于验证应用程序的数字签名的签名验证功能的操作系统上运行。在加载应用程序时，操作系统的签名验证功能验证应用程序的数字签名，并且如果数字签名被验证，则启动应用程序的执行。在开始执行应用程序时，与应用程序相关联的验证测试功能通过向其呈现指定的真假签名模式的测试数字签名序列来测试操作系统的签名验证功能。如果对操作系统的签名验证功能的测试成功，应用程序启动正常执行。否则，应用程序终止而不启动正常执行。

5. 发明申请

US20100037065A1 Method and Apparatus for Transitive Program Verification 有权
标题翻译：传递程序验证的方法和装置
公开(公告)号：US20100037065A1
公开(公告)日：2010-02-11
申请号：US12186198
申请日：2008-08-05
申请人： John C. Dayka , Walter Barlett Farrell , Richard Henry Guski , James W. Sweeny
发明人： John C. Dayka , Walter Barlett Farrell , Richard Henry Guski , James W. Sweeny
IPC分类号： G06F11/30
CPC分类号： G06F21/445 , G06F21/57
摘要： A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution. Otherwise, the application program terminates without initiating normal execution.
摘要翻译：一种在信息处理系统中用于程序验证的方法，装置和程序存储装置，其中应用程序在具有用于验证应用程序的数字签名的签名验证功能的操作系统上运行。在加载应用程序时，操作系统的签名验证功能验证应用程序的数字签名，并且如果数字签名被验证，则启动应用程序的执行。在开始执行应用程序时，与应用程序相关联的验证测试功能通过向其呈现指定的真假签名模式的测试数字签名序列来测试操作系统的签名验证功能。如果对操作系统的签名验证功能的测试成功，应用程序启动正常执行。否则，应用程序终止而不启动正常执行。

6. 发明申请

US20080123863A1 Encrypted Tape Access Control via Challenge-Response Protocol 有权
标题翻译：通过挑战响应协议加密磁带访问控制
公开(公告)号：US20080123863A1
公开(公告)日：2008-05-29
申请号：US11557776
申请日：2006-11-08
申请人： STEVEN A. BADE , John C. Dayka , Glen Alan Jaquette , Richard Henry Guski
发明人： STEVEN A. BADE , John C. Dayka , Glen Alan Jaquette , Richard Henry Guski
IPC分类号： H04L9/08 , H04L9/30
CPC分类号： G06F21/6209 , G06F2221/2107
摘要： Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.
摘要翻译：在诸如计算机磁带的可移动计算机介质上的加密数据的访问通过介质上的唯一结构化的报头来控制，所述报头具有由非对称加密以及与非对称加密相关联的公钥所包围的对称密钥。介质上的数据使用对称密钥进行加密。在读取器自动读取数据之前，向包括公开密钥的主机系统发出挑战，并且优选地是随机数值。主机通过使用与公钥相关联的私有密钥签名该随机数来进行响应，以证明其具有解密数据的权限。使用私钥解密对称密钥，最后使用解开的对称密钥来解密介质上的数据，从而允许自动读取磁带数据，而无需两个管理员共享对称密钥值的风险。

7. 发明授权

US5661807A Authentication system using one-time passwords 失效
标题翻译：验证系统使用一次性密码
公开(公告)号：US5661807A
公开(公告)日：1997-08-26
申请号：US516889
申请日：1995-08-18
申请人： Richard Henry Guski , Raymond Craig Larson , Stephen Michael Matyas, Jr. , Donald Byron Johnson , Don Coppersmith
发明人： Richard Henry Guski , Raymond Craig Larson , Stephen Michael Matyas, Jr. , Donald Byron Johnson , Don Coppersmith
IPC分类号： G09C1/00 , G06F1/00 , G06F21/00 , H04L9/32 , H04L12/22 , H04L29/06 , H04L9/00
CPC分类号： H04L63/0838 , G06F21/31 , H04L12/22 , H04L63/0846 , H04L9/0822 , H04L9/088 , H04L9/0894 , H04L9/3228 , H04L2209/20
摘要： A system for authenticating a user located at a requesting node to a resource such as a host application located at an authenticating node using one-time passwords that change pseudorandomly with each request for authentication. At the requesting node a non-time-dependent value is generated from nonsecret information identifying the user and the host application, using a secret encryption key shared with the authenticating node. The non-time-dependent value is combined with a time-dependent value to generate a composite value that is encrypted to produce an authentication parameter. The authentication parameter is reversibly transformed into an alphanumeric character string that is transmitted as a one-time password to the authenticating node. At the authenticating node the received password is transformed back into the corresponding authentication parameter, which is decrypted to regenerate the composite value. The non-time-dependent value is replicated at the authenticating node using the same nonsecret information and encryption key shared with the requesting node. The locally generated non-time-dependent value is combined with the regenerated composite value to regenerate the time-dependent value. The user is authenticated if the regenerated time-dependent value is within a predetermined range of a time-dependent value that is locally generated at the authenticating node.
摘要翻译：一种用于将位于请求节点处的用户的身份认证给诸如位于认证节点的主机应用的资源的系统，该系统使用与每个认证请求伪随机地改变的一次性密码。在请求节点，使用与认证节点共享的秘密加密密钥，从识别用户和主机应用的非秘密信息生成非时间依赖值。将非时间依赖值与时间相关的值组合以生成被加密以产生认证参数的复合值。验证参数可逆地转换成以一次性密码的形式发送给认证节点的字母数字字符串。在认证节点，将接收到的密码转换回相应的认证参数，对其进行解密，以重新生成复合值。使用与请求节点共享的相同的非秘密信息和加密密钥在认证节点上复制非时间依赖值。将本地生成的非时间依赖值与再生的复合值组合以再生时间依赖值。如果再生的时间依赖值在认证节点处本地生成的与时间有关的值的预定范围内，则认证用户。

8. 发明授权

US08645715B2 Configuring host settings to specify an encryption setting and a key label referencing a key encryption key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host 失效
标题翻译：配置主机设置以指定加密设置和引用密钥加密密钥的密钥标签，用于加密提供给存储驱动器的加密密钥，以用于从主机加密数据
公开(公告)号：US08645715B2
公开(公告)日：2014-02-04
申请号：US11853719
申请日：2007-09-11
申请人： Erika Marianna Dawson , Richard Henry Guski , Michael James Kelly , Cecelia Carranza Lewis , Jon Arthur Lynds , Wayne Erwin Rhoten , Peter Grimm Sutton
发明人： Erika Marianna Dawson , Richard Henry Guski , Michael James Kelly , Cecelia Carranza Lewis , Jon Arthur Lynds , Wayne Erwin Rhoten , Peter Grimm Sutton
IPC分类号： G06F11/30 , G06F12/14 , H04L9/00 , H04L9/08
CPC分类号： H04L9/0822 , H04L9/088
摘要： Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data. The data set and a command to encrypt the data set are transmitted to a storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key.
摘要翻译：提供了用于配置主机设置以指定加密的方法，系统和制品，以及引用密钥加密密钥的密钥标签，用于加密提供给存储驱动器以用于从主机加密数据的加密密钥。接收用户设置以配置具有加密设置的数据属性的数据类。数据类与所接收的用户加密设置一起存储。接收到指示存储到可移动存储介质的数据集的作业。确定具有与作业中指示的数据集的数据属性相匹配的数据类属性的数据类。从确定的数据类别确定是否加密数据。响应于确定所确定的数据类别指示加密数据，将数据集和加密数据集的命令发送到存储驱动器，其中加密数据集的命令使得存储驱动器对写入的数据集进行加密使用加密密钥到可移动存储介质。

9. 发明授权

US06377994B1 Method and apparatus for controlling server access to a resource in a client/server system 失效
标题翻译：用于控制服务器访问客户机/服务器系统中的资源的方法和装置
公开(公告)号：US06377994B1
公开(公告)日：2002-04-23
申请号：US08632251
申请日：1996-04-15
申请人： Donald Fred Ault , John Carr Dayka , Eric Charles Finkelstein , Richard Henry Guski
发明人： Donald Fred Ault , John Carr Dayka , Eric Charles Finkelstein , Richard Henry Guski
IPC分类号： G06F1516
CPC分类号： H04L63/10 , H04L63/1441 , Y10S707/99939 , Y10S707/99945
摘要： In a client/server system, a method and apparatus for handing requests for access to a host resource purportedly on behalf of a client from an untrusted application server that may be capable of operating as a “rogue” server. Upon receiving a service request from a client, an untrusted application server creates a new thread within its address space for the client and obtains from the security server a client security context, which is anchored to the task control block (TCB) for that thread. The client security context specifies the client and indicates whether the client is an authenticated client or an unauthenticated client. When the application server makes a request for access to a host resource purportedly on behalf of the client, the security server examines the security context created for the requesting thread. If the client security context indicates that the client is an authenticated client, the security server grants access to the host resource if the client specified in the client security context is authorized to make the requested access to the host resource. If the client security context indicates that the client is an authenticated client, the security server grants access to the host resource only if both the client specified in the client security context and the application server are authorized to make the requested access to the host resource.
摘要翻译：在客户/服务器系统中，一种方法和装置，用于从可能能够作为“流氓”服务器操作的不信任的应用服务器处理代表客户机的代理访问主机资源的请求。在从客户机接收到服务请求之后，不可信应用服务器在其用于客户端的地址空间内创建一个新线程，并从安全服务器获得锚定到该线程的任务控制块（TCB）的客户端安全上下文。客户机安全上下文指定客户端，并指示客户端是经过身份验证的客户端还是未经身份验证的客户端。当应用程序服务器请求访问代表客户端的主机资源时，安全服务器检查为请求的线程创建的安全上下文。如果客户端安全上下文指示客户端是经过身份验证的客户端，则如果在客户端安全上下文中指定的客户端被授权进行主机资源的请求访问，则安全服务器授予对主机资源的访问权限。如果客户端安全上下文指示客户端是经过身份验证的客户端，则只有当客户端安全上下文中指定的客户端和应用程序服务器都被授权才能请求访问主机资源时，安全服务器就会授予对主机资源的访问权限。

10. 发明授权

US06292896B1 Method and apparatus for entity authentication and session key generation 失效
标题翻译：用于实体认证和会话密钥生成的方法和装置
公开(公告)号：US06292896B1
公开(公告)日：2001-09-18
申请号：US08785939
申请日：1997-01-22
申请人： Richard Henry Guski , John Carr Dayka , Harvey Tildon McGee , Bruce Robert Wells
发明人： Richard Henry Guski , John Carr Dayka , Harvey Tildon McGee , Bruce Robert Wells
IPC分类号： H04L912
CPC分类号： H04L63/0838 , H04L9/0625 , H04L9/0866 , H04L9/088 , H04L9/3228 , H04L9/3242
摘要： A system for authenticating a first entity to a second entity and for simultaneously generating a session key for encrypting communications between the entities. The first entity generates an authentication value by encrypting time-dependent information using a long-lived secret key shared by the entities and transmits the authentication value to the second entity. The first entity independently encrypts other time-dependent information using the long-lived key to generate a session key that cannot be derived from the authentication value without the long-lived key. Upon receiving the transmitted authentication value, the second entity checks the transmitted authentication value using the shared long-lived key to determine whether it is valid. If the authentication value is valid, the second entity authenticates the first entity and generates an identical session key from the same shared secret information and time-dependent information. The encrypted time-dependent information is passed through a key weakening function to generate a weakened key which is used as the session key. The key weakening function includes a one-way function to protect the input value from discovery by an attacker who may have ascertained the weakened session key.
摘要翻译：一种用于将第一实体认证给第二实体并用于同时生成用于加密所述实体之间的通信的会话密钥的系统。第一实体通过使用由实体共享的长寿命秘密密钥加密时间相关信息来生成认证值，并将认证值发送给第二实体。第一实体使用长寿命密钥独立地加密其他与时间相关的信息，以生成不具有长寿命密钥的认证值的会话密钥。在接收到发送的认证值时，第二实体使用共享的长寿命密钥来检查发送的认证值，以确定其是否有效。如果认证值有效，则第二实体认证第一实体，并从相同的共享秘密信息和时间相关信息中生成相同的会话密钥。加密的时间相关信息通过密钥弱化函数传递，以产生用作会话密钥的弱化密钥。关键的弱化功能包括单向功能，以保护输入值免受可能已经确定弱化的会话密钥的攻击者的发现。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式