专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20110314279A1 Single-Use Authentication Methods for Accessing Encrypted Data 有权
标题翻译：访问加密数据的一次性验证方法
公开(公告)号：US20110314279A1
公开(公告)日：2011-12-22
申请号：US12819883
申请日：2010-06-21
申请人： Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
发明人： Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
IPC分类号： H04L9/32 , G06F12/14 , H04L29/06
CPC分类号： H04L63/08 , G06F21/31 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2131 , H04L9/3228 , H04L9/3234 , H04L63/067
摘要： Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.
摘要翻译：描述用于访问存储在计算机的受保护卷上的加密数据的一次验证方法，其中对加密数据的访问涉及解密存储在计算机上的密钥保护器，其保存解密受保护卷所需的特定于卷的加密密钥。这种一次性认证方法依赖于提供只能使用一次的密钥保护器和/或需要每次使用的新的访问凭证。在某些实施例中，质询 - 响应过程也被用作认证方法的一部分，以将密钥保护器的发行和/或访问凭证与可以唯一地标识用户的特定信息片段相关联。

2. 发明授权

US08745386B2 Single-use authentication methods for accessing encrypted data 有权
标题翻译：用于访问加密数据的一次性认证方法
公开(公告)号：US08745386B2
公开(公告)日：2014-06-03
申请号：US12819883
申请日：2010-06-21
申请人： Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
发明人： Octavian T. Ureche , Nils Dussart , Charles G. Jeffries , Cristian M. Ilac , Vijay G. Bharadwaj , Innokentiy Basmov , Stefan Thom , Son VoBa
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , G06F21/31 , G06F21/57 , G06F21/6218 , G06F2221/2103 , G06F2221/2131 , H04L9/3228 , H04L9/3234 , H04L63/067
摘要： Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user.
摘要翻译：描述用于访问存储在计算机的受保护卷上的加密数据的一次验证方法，其中对加密数据的访问涉及解密存储在计算机上的密钥保护器，其保存解密受保护卷所需的特定于卷的加密密钥。这种一次性认证方法依赖于提供只能使用一次的密钥保护器和/或需要每次使用的新的访问凭证。在某些实施例中，质询 - 响应过程也被用作认证方法的一部分，以将密钥保护器的发行和/或访问凭证与可以唯一地标识用户的特定信息片段相关联。

3. 发明申请

US20120275596A1 CRYPTOGRAPHIC KEY ATTACK MITIGATION 有权
标题翻译： CRYPTOGRAPHIC KEY攻击缓解
公开(公告)号：US20120275596A1
公开(公告)日：2012-11-01
申请号：US13097035
申请日：2011-04-28
申请人： Octavian T. Ureche , Innokentiy Basmov , Grigory B. Lyakhovitskiy , Stefan Thom
发明人： Octavian T. Ureche , Innokentiy Basmov , Grigory B. Lyakhovitskiy , Stefan Thom
IPC分类号： H04L9/14
CPC分类号： G06F21/60 , H04L9/002 , H04L9/0822 , H04L9/0877 , H04L9/0897
摘要： Cryptographic keys and, subsequently, the data they are intended to protect, are safeguarded from unwarranted attacks utilizing various systems and methodologies designed to minimize the time period in which meaningful versions of cryptographic keys exist in accessible memory, and therefore, are vulnerable. Cryptographic keys, and consequently the data they are intended to protect, can alternatively, or also, be protected from attackers utilizing systems and a methodology that employs a removable storage device for providing authentication factors used in the encryption and decryption processing. Cryptographic keys and protected data can alternatively, or also, be protected with a system and methodology that supports data separation on the storage device(s) of a computing device. Cryptographic keys and the data they are intended to protect can alternatively, or also, be protected employing a system and methodology of virtual compartmentalization that effectively segregates key management from protected data.
摘要翻译：使用各种系统和方法来保护加密密钥以及随后保护的数据免受无理的攻击，这些系统和方法旨在最小化可访问存储器中存在有意义的密码密钥版本的时间段，因此易受攻击。加密密钥以及因此它们旨在保护的数据可以替代地或也可以利用系统和使用可移动存储设备提供加密和解密处理中使用的认证因子的方法来防止攻击者。加密密钥和受保护数据可以替代地或者也可以通过支持计算设备的存储设备上的数据分离的系统和方法进行保护。可以使用虚拟分区的系统和方法来保护加密密钥及其旨在保护的数据，或者也可以使用有效地将密钥管理与受保护数据隔离的虚拟分区的方法进行保护。

4. 发明授权

US09507964B2 Regulating access using information regarding a host machine of a portable storage drive 有权
标题翻译：使用关于便携式存储驱动器的主机的信息调节访问
公开(公告)号：US09507964B2
公开(公告)日：2016-11-29
申请号：US13327013
申请日：2011-12-15
申请人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
发明人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
IPC分类号： H04L9/32 , G06F21/78 , G06F21/40 , G06F21/72 , G06F21/73 , H04L9/08
CPC分类号： G06F21/78 , G06F21/40 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2129 , G06F2221/2141 , H04L9/0897 , H04L9/32
摘要： Described herein are techniques for regulating access to a remote resource using two-factor authentication based on information regarding a host machine of a portable storage drive that stores an operating system that is booted by the host machine. The information regarding the host machine of a portable storage drive may be used as a second factor in a two-factor authentication. Such information regarding the host machine may include, in some embodiments, information retrieved from a secure storage of the host machine, such as from a cryptoprocessor of the host machine. The information may include an identifier for the host machine or may be a user credential pre-provisioned to the host machine to be used in two-factor authentication.
摘要翻译：这里描述的是基于关于存储由主机引导的操作系统的便携式存储驱动器的主机的信息来使用双因素认证来调节对远程资源的访问的技术。关于便携式存储驱动器的主机的信息可以用作双因素认证中的第二个因素。在一些实施例中，关于主机的这种信息可以包括从主机的安全存储器（例如来自主机的密码处理器）检索的信息。该信息可以包括主机的标识符，或者可以是预先提供给主机以在双因素认证中使用的用户凭证。

5. 发明申请

US20130145440A1 REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE 有权
标题翻译：使用关于便携式存储驱动器的主机的信息进行调节访问
公开(公告)号：US20130145440A1
公开(公告)日：2013-06-06
申请号：US13327013
申请日：2011-12-15
申请人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
发明人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
IPC分类号： H04L9/32 , G06F21/20
CPC分类号： G06F21/78 , G06F21/40 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2129 , G06F2221/2141 , H04L9/0897 , H04L9/32
摘要： Described herein are techniques for regulating access to a remote resource using two-factor authentication based on information regarding a host machine of a portable storage drive that stores an operating system that is booted by the host machine. The information regarding the host machine of a portable storage drive may be used as a second factor in a two-factor authentication. Such information regarding the host machine may include, in some embodiments, information retrieved from a secure storage of the host machine, such as from a cryptoprocessor of the host machine. The information may include an identifier for the host machine or may be a user credential pre-provisioned to the host machine to be used in two-factor authentication.
摘要翻译：这里描述的是基于关于存储由主机引导的操作系统的便携式存储驱动器的主机的信息来使用双因素认证来调节对远程资源的访问的技术。关于便携式存储驱动器的主机的信息可以用作双因素认证中的第二个因素。在一些实施例中，关于主机的这种信息可以包括从主机的安全存储器（例如来自主机的密码处理器）检索的信息。该信息可以包括主机的标识符，或者可以是预先提供给主机以在双因素认证中使用的用户凭证。

6. 发明申请

US20130145139A1 REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE 有权
标题翻译：使用关于便携式存储驱动器的主机的信息进行调节访问
公开(公告)号：US20130145139A1
公开(公告)日：2013-06-06
申请号：US13309204
申请日：2011-12-01
申请人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
发明人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
IPC分类号： G06F12/14 , G06F21/00 , H04L9/32 , G06F9/00
CPC分类号： G06F21/78 , G06F21/40 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2129 , G06F2221/2141 , H04L9/0897 , H04L9/32
摘要： Described herein are techniques for regulating access to a portable storage drive, that stores an operating system securely, using information regarding a host machine. In accordance with some of the techniques described herein, when a portable storage drive that stores an operating system securely is to be accessed by a host machine, information regarding the host machine, such as information regarding the hardware of the host machine, may be retrieved and evaluated to determine whether to grant access to the host machine. When the host machine is granted access, the host machine may access secured data stored on the portable storage drive in any suitable manner. In some cases, accessing the secured data may include decrypting the secured data and transferring decrypted data to another storage of the host machine. The decrypted information may include an operating system that is booted by the host machine.
摘要翻译：这里描述的是使用关于主机的信息来调节对便携式存储驱动器的访问的技术，其存储操作系统。根据这里描述的一些技术，当主机机器访问存储操作系统的便携式存储驱动器时，可以检索关于主机的信息，例如关于主机的硬件的信息并进行评估以确定是否授予对主机的访问权限。当主机被授权访问时，主机可以以任何合适的方式访问存储在便携式存储驱动器上的安全数据。在某些情况下，访问安全数据可能包括解密安全数据并将解密的数据传送到主机的另一个存储器。解密的信息可以包括由主机引导的操作系统。

7. 发明授权

US09183415B2 Regulating access using information regarding a host machine of a portable storage drive 有权
标题翻译：使用关于便携式存储驱动器的主机的信息调节访问
公开(公告)号：US09183415B2
公开(公告)日：2015-11-10
申请号：US13309204
申请日：2011-12-01
申请人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
发明人： Preston Derek Adam , Sai Vinayak , Octavian T. Ureche , Stefan Thom , Himanshu Soni , Nicolae Voicu
IPC分类号： G06F15/177 , G06F1/24 , H04L29/06 , G06F21/00 , G06F7/04 , G06F17/30 , H04N7/16 , G06F12/00 , G06F21/78 , G06F21/40 , G06F21/72 , G06F21/73 , H04L9/08
CPC分类号： G06F21/78 , G06F21/40 , G06F21/72 , G06F21/73 , G06F2221/2107 , G06F2221/2129 , G06F2221/2141 , H04L9/0897 , H04L9/32
摘要： Described herein are techniques for regulating access to a portable storage drive, that stores an operating system securely, using information regarding a host machine. In accordance with some of the techniques described herein, when a portable storage drive that stores an operating system securely is to be accessed by a host machine, information regarding the host machine, such as information regarding the hardware of the host machine, may be retrieved and evaluated to determine whether to grant access to the host machine. When the host machine is granted access, the host machine may access secured data stored on the portable storage drive in any suitable manner. In some cases, accessing the secured data may include decrypting the secured data and transferring decrypted data to another storage of the host machine. The decrypted information may include an operating system that is booted by the host machine.
摘要翻译：这里描述的是使用关于主机的信息来调节对便携式存储驱动器的访问的技术，其存储操作系统。根据这里描述的一些技术，当主机机器访问存储操作系统的便携式存储驱动器时，可以检索关于主机的信息，例如关于主机的硬件的信息并进行评估以确定是否授予对主机的访问权限。当主机被授权访问时，主机可以以任何合适的方式访问存储在便携式存储驱动器上的安全数据。在某些情况下，访问安全数据可能包括解密安全数据并将解密的数据传送到主机的另一个存储器。解密的信息可以包括由主机引导的操作系统。

8. 发明授权

US08700893B2 Key certification in one round trip 有权
标题翻译：重要认证一次往返
公开(公告)号：US08700893B2
公开(公告)日：2014-04-15
申请号：US12607937
申请日：2009-10-28
申请人： Stefan Thom , Scott D. Anderson , Erik L. Holt
发明人： Stefan Thom , Scott D. Anderson , Erik L. Holt
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L9/3247 , G06F21/72 , H04L9/0825 , H04L9/0877 , H04L9/3234 , H04L9/3263 , H04L2209/127
摘要： Certification of a key, which a Trusted Platform Module (TPM) has attested as being non-migratable, can be performed in a single round trip between the certificate authority (CA) and the client that requests the certificate. The client creates a certificate request, and then has the TPM create an attestation identity key (AIK) that is bound to the certificate request. The client then asks the TPM to sign the new key as an attestation of non-migratability. The client then sends the certificate request, along with the attestation of non-migratability to the CA. The CA examines the certificate request and attestation of non-migratability. However, since the CA does not know whether the attestation has been made by a trusted TPM, it certifies the key but includes, in the certificate, an encrypted signature that can only be decrypted using the endorsement key of the trusted TPM.
摘要翻译：可信平台模块（TPM）已经证明为不可迁移的密钥的认证可以在认证机构（CA）和请求证书的客户端之间的单次往返中执行。客户端创建证书请求，然后TPM创建绑定到证书请求的认证身份密钥（AIK）。然后，客户要求TPM签署新的密钥，作为不可迁移性的证明。然后，客户端将证书请求以及不可迁移性的证明发送到CA。 CA检查证书请求并证明非迁移性。然而，由于CA不知道认证是否由受信任的TPM进行，所以它证明密钥，但是在证书中包括只能使用可信TPM的认可密钥进行解密的加密签名。

9. 发明授权

US08375221B1 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions 有权
标题翻译：基于固件的信任平台模块，用于ARM处理器架构和信任域安全扩展
公开(公告)号：US08375221B1
公开(公告)日：2013-02-12
申请号：US13193945
申请日：2011-07-29
申请人： Stefan Thom , Jeremiah Cox , David Linsley , Magnus Nystrom , Himanshu Raj , David Robinson , Stefan Saroiu , Rob Spiger , Alastair Wolman
发明人： Stefan Thom , Jeremiah Cox , David Linsley , Magnus Nystrom , Himanshu Raj , David Robinson , Stefan Saroiu , Rob Spiger , Alastair Wolman
IPC分类号： G06F11/30 , G06F7/04
CPC分类号： G06F21/552 , G06F21/46 , G06F21/57 , G06F21/572 , G06F21/575 , G06F21/71 , G06F21/74 , G06F2221/034
摘要： A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.
摘要翻译：基于固件的TPM或fTPM确保安全代码执行被隔离，以防止各种潜在的安全漏洞。与传统的基于硬件的可信平台模块（TPM）不同，在不使用专用安全处理器硬件或硅片的情况下实现隔离。通常，通过从系统固件或固件可访问的存储器或存储器读取fTPM并将其放置在设备的只读受保护的存储器中，fTPM首先在前OS引导环境中实例化。一旦实例化，fTPM就能实现执行隔离，以确保执行安全的代码。更具体地说，将fTPM放置到受保护的只读存储器中，以使设备能够使用诸如ARM®架构的TrustZone™扩展和安全原语（或类似的处理器架构）之类的硬件，从而使基于这种架构的设备提供基于固件的TPM中的安全执行隔离，而不需要对现有设备进行硬件修改。

10. 发明申请

US20110099625A1 TRUSTED PLATFORM MODULE SUPPORTED ONE TIME PASSWORDS 有权
标题翻译：支持的一次性平台模块
公开(公告)号：US20110099625A1
公开(公告)日：2011-04-28
申请号：US12606414
申请日：2009-10-27
申请人： Stefan Thom , Erik Holt
发明人： Stefan Thom , Erik Holt
IPC分类号： G06F21/00
CPC分类号： G06F21/34
摘要： A Trusted Platform Module (TPM) can be utilized to implement One Time Password (OTP) mechanisms. One or more delegation blobs can be created by the TPM and the delegation authentication values of the delegation blobs can be based on the version number of the delegation blobs. A data blob with a protected secret can comprise a pointer to the delegation table of the TPM. The version number can be provided to an authority from which an OTP (a delegation authentication value) can be received. The OTP can be utilized to gain access to the secret and an authentication value of the key blob, which can be utilized to increase the version number of all associated delegation blobs. Policy limitations can be associated with the delegation blobs and can be enforced by policy enforcement mechanisms that can reference the TPM tick counter to enforce temporal policy restrictions.
摘要翻译：可信平台模块（TPM）可用于实施一次性密码（OTP）机制。 TPM可以创建一个或多个委托库，委托库的委派验证值可以基于委托库的版本号。具有受保护秘密的数据库可以包括指向TPM的委托表的指针。版本号可以提供给可以从其接收OTP（授权认证值）的机构。可以利用OTP来访问密钥，并且可以利用该密钥的认证值来增加所有关联的委托库的版本号。政策限制可以与授权blob相关联，并且可以通过策略执行机制来实施，该机制可以引用TPM tick计数器来执行时间策略限制。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式