专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11310227B2 Securely provisioning a target device 有权
公开(公告)号：US11310227B2
公开(公告)日：2022-04-19
申请号：US16804555
申请日：2020-02-28
申请人： Cryptography Research, Inc.
发明人： Michael Hamburg , Benjamin Che-Ming Jun , Paul C. Kocher , Daniel O'Loughlin , Denis Alexandrovich Pochuev
IPC分类号： H04L29/06 , H04L67/60 , H04W12/06 , G06F21/60 , G06F21/62 , G06F21/72 , G06F21/73 , G06F21/33 , H04W12/30 , H04W12/0431
摘要： The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

2. 发明申请

US20220085999A1 SYSTEM AND METHOD TO OPTIMIZE DECRYPTION OPERATIONS IN CRYPTOGRAPHIC APPLICATIONS 有权
公开(公告)号：US20220085999A1
公开(公告)日：2022-03-17
申请号：US17447129
申请日：2021-09-08
申请人： Cryptography Research, Inc.
发明人： Michael Alexander Hamburg , Michael Tunstall , Denis Alexandrovich Pochuev
IPC分类号： H04L9/30
摘要： Aspects of the present disclosure involve a method, a system and a computer readable memory to optimize performance of cryptographic operations by avoiding computations of inverse values during decryption of encrypted messages.

3. 发明授权

US09571472B2 Establishing an initial root of trust for individual components of a distributed security infrastructure 有权
标题翻译：为分布式安全基础架构的各个组件建立信任的初始根
公开(公告)号：US09571472B2
公开(公告)日：2017-02-14
申请号：US14535191
申请日：2014-11-06
申请人： CRYPTOGRAPHY RESEARCH, INC.
发明人： Denis Alexandrovich Pochuev , Yogesh Swami , Daniel O'Loughlin
IPC分类号： H04L29/06 , H04L9/14 , G06F21/57 , H04W12/04 , H04L12/24
CPC分类号： H04L63/0442 , G06F21/57 , H04L9/14 , H04L41/0806 , H04L2209/24 , H04W12/04
摘要： The embodiments described herein describe technologies for a device definition process to establish a unique identity and a root of trust of a cryptographic manager (CM) device, the CM device to be deployed in a CM system. The device definition process can take place in a device definition phase of a manufacturing lifecycle of the CM device. One implementation includes a non-transitory storage medium to store an initialization application that, when executed by a CM device, causes the CM device to perform a device definition process to generate a device definition request to establish the unique identity and the root of trust. In response to the device definition request, the initialization application obtains device identity and device credentials of the CM device and stores the device definition request in storage space of a removable storage device. The initialization application imports a device definition response containing provisioning information generated by a provisioning device of a cryptographic manager system in response to the device definition request.
摘要翻译：本文描述的实施例描述了用于建立密码管理器（CM）设备的唯一身份和信任根的设备定义过程的技术，CM部署在CM系统中的CM设备。设备定义过程可以在CM设备的制造生命周期的设备定义阶段中进行。一种实现方式包括存储初始化应用程序的非暂时性存储介质，所述初始化应用程序在由CM设备执行时使CM设备执行设备定义过程以生成设备定义请求以建立唯一身份和信任根。响应于设备定义请求，初始化应用获得CM设备的设备身份和设备凭证，并将设备定义请求存储在可移动存储设备的存储空间中。初始化应用程序响应于设备定义请求导入包含由加密管理器系统的供应设备生成的供应信息的设备定义响应。

4. 发明授权

US09544304B2 Auditing and permission provisioning mechanisms in a distributed secure asset-management infrastructure 有权
公开(公告)号：US09544304B2
公开(公告)日：2017-01-10
申请号：US14535202
申请日：2014-11-06
申请人： CRYPTOGRAPHY RESEARCH, INC.
发明人： Michael Hamburg , Benjamin Che-Ming Jun , Paul C. Kocher , Daniel O'Loughlin , Denis Alexandrovich Pochuev , Ambuj Kumar
IPC分类号： H04L9/32 , H04L29/06 , H04L29/08 , H04W12/06 , G06F21/60 , G06F21/62 , G06F21/72 , G06F21/73 , G06F21/33
摘要： The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

5. 发明申请

US20150326567A1 MODULES TO SECURELY PROVISION AN ASSET TO A TARGET DEVICE 有权
标题翻译：向目标设备安全提供资产的模块
公开(公告)号：US20150326567A1
公开(公告)日：2015-11-12
申请号：US14535194
申请日：2014-11-06
申请人： CRYPTOGRAPHY RESEARCH, INC.
发明人： Michael Hamburg , Benjamin Che-Ming Jun , Paul C. Kocher , Daniel O'Loughlin , Denis Alexandrovich Pochuev
IPC分类号： H04L29/06 , H04W12/06
CPC分类号： H04L63/0853 , G06F21/335 , G06F21/602 , G06F21/6209 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2135 , G06F2221/2145 , G06F2221/2149 , G06F2221/2153 , H04L63/0428 , H04L63/062 , H04L63/123 , H04L67/32 , H04W12/06
摘要： The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.
摘要翻译：本文描述的实施例描述了用于模块管理的技术，包括在加密管理器（CM）环境中的目标设备的制造生命周期的操作阶段中的模块创建和模块部署到目标设备。一个实现包括根授权（RA）设备，其接收创建模块的命令并执行模块模板以响应于该命令生成模块。模块部署到设备设备。当由设备设备执行时，该模块的一组指令导致一系列操作的安全构造，以将数据资产安全地提供给目标设备。设备设备被配置为将数据资产分发到目标设备的加密管理器（CM）核心。

6. 发明申请

US20220066891A1 MAINTAINING SECURE SESSION STATE WITH FAILOVER DURING ENDPOINT PROVISIONING 有权
公开(公告)号：US20220066891A1
公开(公告)日：2022-03-03
申请号：US17410195
申请日：2021-08-24
申请人： Cryptography Research, Inc.
发明人： Denis Alexandrovich Pochuev
IPC分类号： G06F11/20 , G06F21/71
摘要： The embodiments described herein describe technologies to maintaining a secure session state with failover during endpoint provisioning. A cluster of hardware devices can be used for provisioning endpoint devices with secrecy, integrity, access controller, high availability, minimal transaction time, and interactive transactions with multiple requests and response within a session. The embodiments are directed to a first computing device being elected as a leader and sharing context information of a session with other computing devices as followers in the cluster such that a follower can resume the session if the leader fails.

7. 发明授权

US10417453B2 Preemption of a container in a secure computation environment 有权
公开(公告)号：US10417453B2
公开(公告)日：2019-09-17
申请号：US15372307
申请日：2016-12-07
申请人： Cryptography Research, Inc.
发明人： Ambuj Kumar , William Craig Rawlings , Ronald Perez , Denis Alexandrovich Pochuev , Michael Alexander Hamburg , Paul Kocher
IPC分类号： G06F9/4401 , G06F21/62 , G06F21/45 , G06F21/60 , G06F21/52
摘要： A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

8. 发明申请

US20150326543A1 ESTABLISHING AN INITIAL ROOT OF TRUST FOR INDIVIDUAL COMPONENTS OF A DISTRIBUTED SECURITY INFRASTRUCTURE 有权
标题翻译：为分布式安全基础设施的个人组成部分设立信任基础
公开(公告)号：US20150326543A1
公开(公告)日：2015-11-12
申请号：US14535191
申请日：2014-11-06
申请人： CRYPTOGRAPHY RESEARCH, INC.
发明人： Denis Alexandrovich Pochuev , Yogesh Swami , Daniel O'Loughlin
IPC分类号： H04L29/06 , H04L9/14
CPC分类号： H04L63/0442 , G06F21/57 , H04L9/14 , H04L41/0806 , H04L2209/24 , H04W12/04
摘要： The embodiments described herein describe technologies for a device definition process to establish a unique identity and a root of trust of a cryptographic manager (CM) device, the CM device to be deployed in a CM system. The device definition process can take place in a device definition phase of a manufacturing lifecycle of the CM device. One implementation includes a non-transitory storage medium to store an initialization application that, when executed by a CM device, causes the CM device to perform a device definition process to generate a device definition request to establish the unique identity and the root of trust. In response to the device definition request, the initialization application obtains device identity and device credentials of the CM device and stores the device definition request in storage space of a removable storage device. The initialization application imports a device definition response containing provisioning information generated by a provisioning device of a cryptographic manager system in response to the device definition request.
摘要翻译：本文描述的实施例描述了用于建立密码管理器（CM）设备的唯一身份和信任根的设备定义过程的技术，CM部署在CM系统中的CM设备。设备定义过程可以在CM设备的制造生命周期的设备定义阶段中进行。一种实现方式包括存储初始化应用程序的非暂时性存储介质，所述初始化应用程序在由CM设备执行时使CM设备执行设备定义过程以生成设备定义请求以建立唯一身份和信任根。响应于设备定义请求，初始化应用获得CM设备的设备身份和设备凭证，并将设备定义请求存储在可移动存储设备的存储空间中。初始化应用程序响应于设备定义请求导入包含由加密管理器系统的供应设备生成的供应信息的设备定义响应。

9. 发明申请

US20150326541A1 AUDITING AND PERMISSION PROVISIONING MECHANISMS IN A DISTRIBUTED SECURE ASSET-MANAGEMENT INFRASTRUCTURE 有权
标题翻译：分布式安全资产管理基础设施的审计和许可提供机制
公开(公告)号：US20150326541A1
公开(公告)日：2015-11-12
申请号：US14535202
申请日：2014-11-06
申请人： CRYPTOGRAPHY RESEARCH, INC.
发明人： Michael Hamburg , Benjamin Che-Ming Jun , Paul C. Kocher , Daniel O'Loughlin , Denis Alexandrovich Pochuev , Ambuj Kumar
IPC分类号： H04L29/06 , H04L29/08
CPC分类号： H04L63/0853 , G06F21/335 , G06F21/602 , G06F21/6209 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2135 , G06F2221/2145 , G06F2221/2149 , G06F2221/2153 , H04L63/0428 , H04L63/062 , H04L63/123 , H04L67/32 , H04W12/06
摘要： The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.
摘要翻译：这里描述的实施例描述了在诸如预先计算（PCD）资产的数据资产的消费和供应中使用的票务系统的技术。票可以是数字文件或数据，其能够执行使用计数限制和唯一性发放矿石连续发放目标设备参数。实施时包括通过网络从服务设备接收模块和故障单的密码管理器（CM）系统的电器设备。该模块是在目标设备的制造生命周期的操作阶段中将数据资产安全地提供给目标设备的应用程序。该票是允许电器设备执行模块的数字数据。电器设备验证机票以执行模块。该模块在执行时会导致一系列操作的安全构造，以将数据资产安全地提供给目标设备。

10. 发明申请

US20220182216A1 DPA-RESISTANT KEY DERIVATION FUNCTION 有权
公开(公告)号：US20220182216A1
公开(公告)日：2022-06-09
申请号：US17606434
申请日：2020-04-30
申请人： CRYPTOGRAPHY RESEARCH, INC.
发明人： Michael Alexander Hamburg , Denis Alexandrovich Pochuev
IPC分类号： H04L9/00 , H04L9/08
摘要： Aspects of the present disclosure involve a method and a system to support execution of the method to obtain a first N cryptographic key, receive a key diversification information comprising a first plurality of bits, obtain an expanded key diversification information (EKDI) comprising a second plurality of bits, wherein a number of bits in the second plurality of bits is greater than a number of bits in the first plurality of bits, and wherein a value of each bit of the second plurality of bits is deterministically obtained in view of values of the first plurality of bits, and apply, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式